A Guide to Protecting Privacy in the 21st Century

Posted September 4th, 2019 in Security. Tagged: , .

The dismal state of privacy – how did we get here?

Let’s be honest: we are facing big problems surrounding privacy online today.

It has come to light over the past couple of years how the adtech industry harvest and abuse user data to construct eerily detailed profiles on individuals, in order to sell these in real time bidding auctions to online advertisers, who out-bid each other for the opportunity to serve users individualized marketing in the micromoments, they visit a website.

privacy

This is a dominant advertisement model of the Internet today: the gathering and selling of personal information and data about its users.

The mainstream reaction to these revelations (the most widely reported has been the Cambridge Analytica/Facebook scandal of 2018 that saw the leak and subsequent abuse of 87 million people’s personal information, and which has been deemed a real threat to our democracy) has been coined “the Great Privacy Awakening”, and is now, one year later, widely viewed as a watershed moment in public understanding of online privacy.

The public uproar has been loud and clear: people are appalled by seeing their private information and personal data being mined and abused, and the users of the Internet want real solutions; ones they can trust to protect their private, inner lives.

Privacy is whose responsibility?

But how do you protect privacy without breaking the Internet and the user experience? And who is supposed to shoulder the responsibility of protecting privacy: users or websites?

To answer these questions, Cookiebot team has comprised a guide to the tools for privacy protection at the end of the second decade of the 21st century.

In this guide, we’ll have a look at what solutions are available on the market today and what exactly they do, how they are different and, perhaps most importantly, the three main issues surrounding them.

These three main issues – 1) the issue of free services powered by advertisement, 2) the issue of crippled user experience, and 3) the issue of not being GDPR compliant – are vital to take into account, when discussing what privacy tools, we should use.

By the end of this blogpost, we will – in full disclosure – argue why we think a consent solution like ours is the most sustainable privacy protection for a free future on the Internet.

1) Privacy-enhancing technologies: privacy-friendly browsers

Privacy-friendly browsers are web browser that attempt to protect user privacy as an in-built function, such as anonymizing users’ web traffic, masking their physical geolocation and blocking cookies and trackers by default. They are not the same as “privacy browsing modes” and “incognito modes” that normal web browsers also offer – which are not completely anonymous and give users a false sense of security.

Tor

Tor Browser

The Tor Browser works, basically, by making a users’ behavior online anonymous.

It does so by sending their traffic through three layers of proxy servers (i.e. random networks masking a user’s location, making it seem like they are somewhere else than where they actually are – like a VPN network, which we’ll get into below). This, however, slows down connection speeds and might cripple user experience in comparison with less privacy-heavy browsers, such as Safari and Firefox.

Epic

Epic Browser

The Epic Browser has a default privacy setting that blocks all third-party cookies, ad networks, web analytics systems and also doesn’t allow plug-ins or browser extensions.

After every session, when a user closes Epic, it automatically deletes browsing history, log-in data, visited links and databases. It also keeps user IP addresses encrypted and anonymous. This means that preference settings, such as password and log-in saves that most users are accustomed to, does not work in Epic.

Firefox

Firefox

Mozilla’s Firefox launched in 2004 and is one of the most popular web browsers in the world today.

In 2019, they teamed up with the VPN-based privacy application Disconnect (which we will look at below) to create the Enhanced Tracking Protection that is activated upon installation and blocks third-party trackers according to a filter list made by Disconnect.

Firefox lets users choose between three settings on content blocking: a strict setting will block all cookies that Firefox detects and “may cause some sites to break”, while the custom setting lets users choose between “third-party trackers”, “all third-party trackers” and “all cookies”, without further discrimination and nuance as to what third-party trackers they allow and who they block.

The issue here, which we will get into in a minute, is the lack of distinction between cookies and trackers – the block-all-cookies tactics of privacy browsers such as Firefox (and Safari’s latest ITP2.2 update) do not discriminate between benign cookies (that are often first-party and necessary cookies for the basic functions of websites) and malignant, abusive trackers.

Brave

Brave Browser

A new player in the privacy browser game is Brave out of San Francisco, launched in 2016 and founded by the inventor of JavaScript.

This privacy browser is gaining traction fast and is at the moment ranked by Slant as the third most preferred web browser. When it comes to privacy protection, Brave blogs all third-party and ad trackers by default. Users can disable the blockers on each individual site they visit, however they do not have the choice to turn some off rather than others; it’s either everything blocked, or everything activated.

Brave is different from both Tor and Epic. In April 2019, Brave launched their own in-house ad network that cuts out the real time bidding system in-between users and companies wishing to advertise, and instead pays users to watch ads, they themselves choose based on interest.

2) Privacy-enhancing technologies: browser extensions, VPNs & ad blockers

Another option, rather than having users change to a completely new web browser, is for users to use browser extensions on their preferred browsers, such as Chrome or Safari.

Browser extensions are programs downloaded, installed and integrated with your preferred web browser. They run parallel to the browser in order to execute various tasks, in this context such as blocking cookies and advertisement online.

VPNs are also programs that users must download and install, which will then run in the background of their browsing. VPN stands for virtual private network and, in theory, it means that a user’s IP address is encrypted and masked as being different altogether, in order to make tracking of personal data more difficult. If you browse the Internet from the UK, using a VPN masks your IP address location as being e.g. from Amsterdam or New Jersey.

VPNs and browser extensions vary a lot in functionality, and users need to know what to look for and how to implement correctly, before optimal use can be guaranteed. For example, some VPNs and browser extensions don’t work, if other VPNs or browser extensions are installed, and some must be the most recently installed to work at all.

Ghostery

Ghostery

Ghostery is a free browser extension that a user integrates on their preferred web browser.

After specifying which categories, the user would like Ghostery to block (such as Analytics, Beacons and Ads), when a user then visits a website, Ghostery blocks these cookies based.

In general, this kind of browser extension is sometimes also referred to as an ad blocker, and one of the main issues surrounding these in general are the compromise in user experience that follows. In fact, some websites refuse to load at all if they detect an ad blocker in use.

Other, highly problematic issues concerning some ad blockers are the fact that these whitelist certain trackers in exchange for money, i.e. you can buy to bypass the ad block. Some ad blockers have also been criticized for collecting user data themselves, though this is still a dispute and not proven.

Disconnect

Disconnect VPN

Disconnect is essentially a VPN that users download and install on their computer or device, which then functions as a browser extension, which blocks third party cookies, that Disconnect has identified and deemed as “trackers.”

Disconnect functions both as solely a browser extension, blocking third-party cookies, and as VPN service, although it only encrypts HTTP traffic. This means that is does not protect a user’s IP address from trackers or browser fingerprinting, nor does it prevent geo-targeting. The paid premium version functions as both a blocker and a traditional VPN that encrypts all user Internet activity.

A third privacy solution on the market today is the consent-based solution, such as our Cookiebot.

This kind of solution is a different approach altogether to the privacy problem: instead of the users relying on digital self-defense, this solution puts the responsibility on the shoulders of website owners and operators.

Cookiebot

Cookiebot

Cookiebot functions as a software-as-a-service (SaaS) that is implemented by a website owner/operator directly from the cloud onto their domain.

Our scanning technology then maps out all – every single one – of the cookies and tracking technology present on a website and its subpages, stops them (i.e. prevents activation of the cookies), while presenting the user with a cookie consent banner (below you see one of our most popular, customizable banners). The user then chooses the specifics of their consent themselves, after which the cookies consented to are activated.

Why do we think this is a better way of protecting privacy?

Every website is different. Every user is different. Rather than a one-size fits all solution, such as ad blockers and privacy browsers, the Cookiebot solution is particular and unique to every website – based on that specific websites make-up and configuration, and different in their use of cookies and tracking – as well as particular and unique to every user – handing over control for clear and simple consent that takes no more than a second or two.

Cookiebot distinguishes between benign and malignant trackers. Exactly because of this, we also don’t break the Internet, neither functionality or user experience.

The main difference is really: whose responsibility is it to protect user privacy, the users themselves or the websites? We’ve made our expert opinion very clear: the users should not rely on digital self-defense that most people don’t have the time or the skills to do properly anyway.

The Three Major Issues Around User Digital Self-Defense

While all of the above, from Tor through Disconnect, have the right intentions – the protection of users from abuse – the following four issues cannot be understated in this pivotal moment of the Internet, where the fight for privacy is coming to a head.

The issue of free services powered by advertisement

The very cornerstones of the Internet as we know is free information and free services. These have defined our ideas and dreams about our digital infrastructures since their beginning, but they have also been almost exclusively financed by advertisement.

Websites, big and small, can provide free services and free information because they are able to obtain revenues from advertisement on their platforms.

The first big issue to address in the grand overview of tools for privacy protection today, is exactly this: most privacy browser, ad blockers, browser extensions and VPNs do not discriminate between privacy-intrusive tracking and the benign trackers that are not based on identifiable personal data from users, but merely function to serve non-behaviorally targeted advertisement – a main source of revenue for free services.

Instead, the privacy settings of these solutions simply block all ads and thereby pull the carpet out, i.e. the financial foundation, from under the websites who provide the free information and free services to their users: the very cornerstone of the free Internet as we know it.

The end result of adblockers, VPNs, browser extensions that crudely block everything without nuance could very well be the breaking up of the Internet in to tiered and uneven spaces dominated by entities willing and able to pay for both access and speed. An Internet of privilege and wealth.

The issue of crippled user experience

Another issue to be reckoned with here is that of user experience. Sometimes, ad blockers block even first-party cookies that are totally benign and function to optimize user experience of a website (such as session preferences and log-in details). This means that users will experience browsing as a less fluent and smooth experience, e.g. when they have to type log-in and password details every time, because their browser won’t save their details anymore, or can’t visit certain sites because they either don’t function optimally or won’t load at all because of ad blockers.

The future of the Internet can’t be a step back in user experience. It has to be a step forward towards a balance between privacy and functionality.

The consequence of this persistent and increasingly stricter browser-side blocking is an arms race between the solutions and the tracking giants that develop workarounds every time they’re met with a new block. The victims in this arms race? The users. It is simply not in their interest to constantly be caught up in an escalating fight between rigorous ad blocking and persistent workarounds.

Leaving the protection of their privacy up to the users themselves also creates an uneven field: the technically savvy will have the know-how to find, download, install, integrate and make sure their browser extension or plugins or VPNs run as they should, while people without the know-how, the time, or the interest won’t – most people all in the latter category, is our guess.

The issue of not being compliant with the GDPR

The last issue is perhaps the clearest of all: the law actually has an opinion on this.

When we say law, we mean the European General Data Protection Regulation, effective since May of 2018. This law is uniformly binding in all 28 EU member states but has global reach since it dictates that any website that provide services to EU citizens, regardless of where in the world it is owned and operated from, must abide by the GDPR.

According to the GDPR, the responsibility of protecting user privacy rests on the shoulders of website owners and operators. A website owner must be able to, detailed and specifically, inform the user of the cookies and tracking technology operating on their website. They also have to be able to document the consents of their users to authorities if requested to do so. This is not possible if the protection of user privacy is left in the hands of the users themselves.

Privacy browser, VPNs and ad blockers are a somewhat useful tool in the personal fight for privacy, but it is but a band-aid on a bigger structural problem, to which the GDPR mandates larger, consent-based solutions (among several other legal areas it addresses).

Cookiebot solution helps website owners and operators achieve total GDPR compliance.

The future state of privacy – where do we go from here?

Look, the Internet is not what we dreamed of it being in the blue-eyed beginnings of the early 90s. It has turned into a complicated landscape of peaks and valley, one-way mirrors and paywalls. It follows that protecting privacy is a complicated mission as well.

Solutions that promise to simply “block all and job done” are suspiciously simple for a reason. It is simply not as simple as that. Every website is different, as every user is.

The most sustainable solutions for securing a private Internet – one that is free and democratic for future generations – are solutions that are nuanced, specific and doesn’t put the heavy burden of protecting privacy on the shoulders of the users. Global privacy laws have acknowledged this within the last few years and more are on the way. We have put our weight behind this idea too.

The most sustainable solutions will be the ones that secure funding for the free services and information that define the idea of our Internet, at the same time as respecting people’s right to privacy.


About the Author

Christian Tranberg

Christian Tranberg is a writer at Cybot, the company behind the consent management solution Cookiebot. Cookiebot scans and holds back all cookies and tracking on websites until user consent is obtained, enabling true compliance and protection of privacy.

Comments are closed.

  • Follow us

  • Browse Categories



  • Super Monitoring

    Superhero-powered monitoring
    of website or web application
    availability & performance


    Try it out for free

    or learn more about website monitoring
  • Superhero-powered monitoring
    of website or web application
    availability & performance
    Super Monitoring
    or learn more about
    website monitoring