SAN FRANCISCO–As useful as it is, the web also can be a manifestly frustrating and unsafe place for many people. While the last 10 years have seen significant improvements in online security, the privacy side of things has not caught up yet, and changing that requires the attention of not just technology companies and browser makers, but also of policymakers and regulators.
“We’ve dug a pretty deep privacy hole on the Internet and we’re trying to dig out of it. But we can’t do it alone. Browser vendors need to work together, and legislators and regulators need to step up as well,” Tanvi Vyas, principal engineer at Mozilla, said during a panel on browser privacy at the Enigma conference here Tuesday.
“For us, our highest priority is privacy. We need a combination of technology and policy to protect privacy on the web.”
The concept of online privacy has always been an amorphous one, and different people have different definitions for it, depending upon their vantage point, background, and threat model. For some it may mean the freedom to move around the web unobserved by their government, while for others it may mean the ability to protect themselves from unwanted tracking by advertisers, platform providers, and other parties. It’s a broad spectrum and it’s not easy for even the most sophisticated users to navigate.
For browser vendors, privacy is an especially difficult challenge that requires careful thought about not just users, but also state and federal laws and technical considerations. Most of the major providers have made broad improvements to their browsers in recent years to give people more privacy protections by default, such as blocking third-party cookies and other trackers, or making HTTPS the default mode of transport.
But those changes only go so far, as ad tech companies constantly adapt and shift tactics, too. Advertisers want the user data they’re paying for, and it is still quite difficult to prevent or even minimize web-scale tracking for most people.
“For all of the good that the web has brought, it’s also come at a significant cost. Too much data is being exchanged and it isn’t a good thing. Today it’s happening at a scope and scale that nobody could ever predict,” said Justin Schuh, engineering director on the Chrome trust and safety team at Google.
“The rise of covert tracking is about connecting your data across devices and platforms. But it’s also about bypassing anti-tracking mechanisms.”
For meaningful improvements to privacy to take hold, the burden must be shared among the technology providers, policymakers, and legislators, a mix that hasn’t always gone well in the past. The United States currently doesn’t have a broad data privacy law akin to the General Data Protection Regulation (GDPR) in Europe, so individual states have had to take up the slack. That’s worked to a point, but developing and implementing legislation and regulation are long processes that don’t work at the speed of technological change.
“If you build a technical mechanism that relies on the law to enforce, it’s going to take a long time to have an effect. We need a hybrid approach,” said Eric Lawrence, a program manager on the Edge team at Microsoft. “We need collaboration among the browsers, because if we don’t have that, we have outliers.”
“If you build a technical mechanism that relies on the law to enforce, it’s going to take a long time to have an effect.”