The web browser is a powerful tool. It is basically the software application for accessing information on the World Wide Web. Whenever surfing the web, a user leaves a record of the websites they visit, along with each and every thing they click. Depending on the (default) settings, the web browser stores pieces of these records, such as browsing history, login credentials, site preferences, credit card data and much more, to increase usability. Many websites are also tracking these records by saving a small segment of data to the user’s web browser, commonly known as cookies. In addition to cookies, many websites are using user accounts to track browsing activity. Furthermore, other techniques like social media trackers, fingerprinting or cryptominers are used to track users while surfing the web. Some of these are even used for tracking user behavior over long periods of time.
As you may have already guessed, the information stored in your web browser can be used for creating extensively accurate profiles of you. This can be very valuable information, both for targeting you but also for malicious activities. Web browsers are also popular targets for hackers. Hackers may exploit security holes to steal sensitive information, destroy files, and other malicious acts. Security patches and regular updates are key to, at least, reduce such security risks.
Lately, many browser vendors have invested in developing privacy settings and features to protect the user’s privacy by default or at least by choice. Privacy by design is becoming an increasingly common practice among web browser vendors. Where this isn’t the case, there are several browser extensions available, which support the user to protect their privacy,
blocking ads and trackers coming along with ads, or tracking blockers like Adblock Plus for example.
But even if blocking everything and completely preventing data collection seems to be a smart idea at first glance, this is not the case. Not all trackers are bad. For example, session cookies are used to keep you signed in, to keep items in your shopping cart, and to remember settings. Keeping your browsing history allows you to find and/or open websites you have already visited faster. Storing login credentials increases usability and convenience. Hence, just turning off any kind of data processing and tracking can’t be a global solution and won’t be welcomed by all users.
This is where the difference between privacy by design and privacy by default comes into play. Whereas privacy by design is of utmost importance to provide the user with the toolkit to protect his/her privacy, it is privacy by default, where the actual choices can be made. In theory, it should be the user who is responsible for making the choices to protect their privacy. But as not every user has the knowledge to do so, the European legislator wants the browser provider to preselect privacy friendly standard settings for the user and calls that “privacy by default” (GDPR Art. 25(2)).
Privacy by default is basically a compromise between full privacy protection, usability and the actual risks for user’s rights and freedom by data processing and tracking. As always when it comes to law, there is ample space for interpretation. On the flip side, this also means that browser vendors not only provide different levels of privacy by design but also have very different standard default privacy settings.
Looking at the variety of options for privacy by design and default settings, and the different levels of knowledge on an end user level, there is no “one fits all” browser. But in general, browsers with strong privacy by design features are recommendable for all kinds of users. The less experience users have with browser configurations and privacy and security risks, the more they should rely on browsers with strong default privacy settings. More experienced users can adjust their browser to their needs by utilizing built in privacy features and/or adding extensions.