Internet privacy is on the minds of many people including those who normally don’t pay much attention to technology. No one wants to think they’re being watched without consent or being boiled down to numbers in a database. Yet two of the main companies offering popular web browsers, Google and Microsoft, sit on the wrong side of the privacy issue. Both have an interest in what you do online and Google in particular is often unapologetic about its collection of data.
Fortunately there’s a browser that does care about your privacy; Firefox. Developed by Mozilla, which is an independent non-profit, Firefox is the only “big three” browser developed by an organization with zero interest in collecting, cataloguing and possibly distributing user data. Most readers will agree that’s great, but what does it really mean for users?
Firefox Isn’t Trying To Hook You To An Ecosystem
One of the first things you’ll see when you install Chrome is a page asking you to enter your Google account information. This is not required to use the browser, but the page that appears doesn’t explicitly make that clear, so users who don’t know any better may assume it’s mandatory. Microsoft pulls no such shenanigans with Internet Explorer, but only because it already pulled the same trick when you installed Windows 8/8.1 or first turned on your new Windows 8/8.1 computer. Again, signing up for a Microsoft is not mandatory, but Windows goes out of its way to make that seem the case.
Both Google and Microsoft prompt users to sign up for seemingly mandatory accounts because their business models revolve around getting users to join their ecosystems. In both cases you end up paying for their ostensively free service with your digital freedom. Want to stop using Google’s services after you’ve spent a year or two with them? Have fun forwarding all your emails! Want to stop using Windows after you’ve synced all your documents in OneDrive? Have fun spending hours transferring data and confirming backups!
Firefox Doesn’t Make Money Off You
Google Chrome, the last of the big three browsers to support Do Not Track, hides the feature deep with the Advanced Settings section of the browser. Clicking on it delivers a long message that essentially states Do Not Track may or may not change website behavior, which is true. There’s no legal enforcement of the idea. And clicking on “learn more” reveals exactly why Do Not Track hasn’t caught on. Google does not change its behavior when it receives a Do Not Track request and probably never will.
The reason is obvious; Google makes money from your data by using it for advertising. A lot of money. Anyone who uses Google must accept that they’ll have their search history catalogued, even if browsing while logged out of a Google account (the company will associate your habits with an anonymous profile instead). If you do use Chrome, though, there’s a long list of additional information sent to Google’s servers. The most worrying from a privacy standpoint is a set of unique identifiers could be used to create a very precise profile of your usage. Google claims these are “short lived,” but doesn’t clarify exactly how long they remain valid, so you just have to take the company’s word for it.
Mozilla does not sell advertising, so it has no interest in collecting or storing such data beyond improving the browser itself. As such the company receives far less data from users and is more specific about how long it retains what it does receive (180 days for most data). You can learn what’s sent by reading the Firefox Browser Privacy Notice.
Firefox Treats Your Passwords With More Respect
All of the big three browsers have a password manager. In theory this feature provides a major boast to security because it allows the use of more complex passwords (the kind you normally would have trouble remembering) without the inconvenience of writing them down, an approach with its own problems. Chrome and Internet Explorer run into problems, however, because they don’t do much to protect the passwords you’ve entered. Chrome is particularly bad because it only encrypts your password with your local Windows account password. Anyone with access to your Windows machine can see the passwords if they know where to look.
Firefox’s approach is better, and emblematic of its more serious stance on security. Users can sign up for a scheme similar to Chrome, entering passwords for each site and without the use of another cipher to encrypt them. This makes passwords as easy to find in Firefox as they are in Chrome. However, those who are serious about privacy can enable a master password that is used to encrypt all other passwords. Mozilla does not track this password and no stored password data can be viewed or edited without it.
Strangely, Google’s less secure implementation is intentional. An employee of Google named Justin Schuh got into a bit of a slap-fight with critics of Chrome on Hacker News back in 2013. His contention was that a password manager which does not make passwords easily readable creates a false sense of security because anyone with physical access to your computer could theoretically retrieve the passwords if they are stored locally.
If you stand on your head and close one eye it’s possible to see where he’s coming from, but this logic is narrow. Are we to believe there’s a significant overlap between “people who know how to crack encrypted passwords” and “people who steal computers?” Google employees always operate on the assumption that everyone is a computer engineer – which is why the company often seems out of touch with reality.
Firefox Cares Most About Privacy
I think it’s clear that Firefox is the superior option for people concerned about their privacy. It’s not perfect, and more importantly just one part of a larger ecosystem. Protecting your privacy to the fullest extent possible will mean using proxy services and special security add-ons. Simply switching to Firefox will at least improve the security of you browser stored passwords, though, and decrease the amount of data fed to Google and Microsoft.
What do you think of Firefox’s privacy stance? Is it useful, or does it make people feel more anonymous than they really are? Have your say in the comments!