Data privacy laws are still a work in progress, but one major improvement is coming: Global Privacy Control, which — assuming everything works out — will let you automatically opt out of having your data sold or shared at every website you visit. For now, it doesn’t do much, but it is available if you want to add it to your browser. If nothing else, the recent launch of the new specification is a great opportunity to check out your browser’s privacy options — and your browser options in general.
Trackers hidden on the vast majority of websites collect as much information about us as possible and try to link that data to our actions online as well as off, typically to send us targeted ads. The idea behind Global Privacy Control would be to place a setting on your browser that tells every site you visit that you don’t want your data to be sold or shared with anyone else, and websites would have to respect your wishes. While some browsers have built-in tools (or available extensions) meant to stop tracking in the first place, they aren’t always effective, and they can’t do anything once your data is collected. And while laws like the California Consumer Privacy Act (CCPA) give users the right to request that businesses not sell their data, those users have to make that request of every site they visit, a process that is too time-consuming for most people. With Global Privacy Control, that request would be automatic, relayed as soon as you visit the site, and, if you’re in a location where it’s legally required — like California — websites would have to abide by your request.
If a browser extension that tells websites your privacy preferences sounds familiar, that’s because something like this has been tried before. Do Not Track, introduced in 2010, was an attempt by the Federal Trade Commission (FTC) to institute a sort of digital equivalent to the Do Not Call list: a browser extension or setting that tells websites you visit that you don’t want to be tracked. The problem with Do Not Track was that websites weren’t legally required to comply with it, so very few of them did.
Ashkan Soltani was part of the Do Not Track effort back in 2010 as a staff technologist at the FTC and has spent most of his career researching and investigating internet privacy and tracking. He’s the co-author of CCPA and an upcoming ballot measure in California called Proposition 24 that would amend it. Unsurprisingly, then, he’s also behind Global Privacy Control.
Soltani told Recode that he’s pretty optimistic that Global Privacy Control will be able to do what Do Not Track couldn’t. CCPA includes a provision for browser “global privacy controls” regarding data selling and sharing, and a requirement that websites follow them. Do Not Track couldn’t be used for this because “track” means more than just the sale or sharing of data; it’s too broad. Global Privacy Control, however, is more specific and limited to what the law requires.
“It would have been ideal if the [California attorney general] had adopted Do Not Track as the mechanism, but unfortunately their opinion was that couldn’t be used,” Soltani told Recode. “Hence, Global Privacy Control.”
The trick now is getting California to approve Global Privacy Control as the global privacy control called for in the law, at which point websites will be legally bound to follow it. In the meantime, a few websites have already agreed to do so voluntarily, including the New York Times and the Washington Post.
Global Privacy Control may not do much now, but if you want to get it for yourself, it’s available on DuckDuckGo’s mobile browser now and in the process of being added to the Brave’s browser. Or you can get it through the Privacy Badger extension available for most browsers. But, as Wired points out, it could be several years before Global Privacy Control fully goes into effect, and there’s still no guarantee that it will.
In the meantime, why not take advantage of the web browser privacy options you do have? Some are better than others, as you’ll see, and even the best browser from a privacy standpoint has its downsides. And you should never assume that your web browsing is 100 percent private because data companies come up with new ways to follow you around the internet all the time. With that in mind, here’s a rundown on what’s out there.
Google Chrome: Popular but not very private
The most popular browser by far is Google’s Chrome, so it’s likely what you’re using to read this article right now. But it’s not the most private. In fact, it’s widely considered to be one of the worst. And no, Incognito Mode will not save you. The fact is, Google isn’t all that inclined to limit tracking on its services: The company has a massive ad business, part of which relies on the data it collects from users, and that data includes what those users do on its browser, including data acquired through the many trackers Google puts on websites. And, if you have a Google account and stay logged in while using Chrome, that will be linked to your account on Google’s other platforms, like Gmail and YouTube.
Having all of your accounts linked to one company in this way might be part of Chrome’s appeal for you and worth whatever privacy trade-offs you have to make. If you want to keep using Chrome, there are a few things you can do to reduce tracking. Chrome’s privacy settings let you block third-party cookies, and, in the settings for your Google account, you can turn off ad personalization and use activity controls to turn off things like web activity tracking and location history. You can also add browser extensions like Privacy Badger, DuckDuckGo, and Ghostery that block trackers. But why add a bunch of extensions when you can get a browser that already does the job?
Microsoft Edge: The new and improved Internet Explorer?
Microsoft used to dominate the browser market with its problematic Internet Explorer. That’s still around, but it’s quickly being replaced by the company’s recently revamped Edge browser, and Microsoft’s web browser market share is growing. Your default privacy settings block some trackers, and ad personalization should be turned off by default. You can log into your Microsoft account to link Edge with whatever other Microsoft platforms you use, but if the goal here is privacy, that might not be the best idea. If you must, Microsoft does have a privacy dashboard that you can use to control privacy settings across your account, including turning off personalized ads.
A recent study said Edge was one of the worst browsers for privacy — worse than Chrome, even — because it sent an identifier back to Microsoft’s servers. Because the identifier was linked to the device’s hardware, it couldn’t be changed or reset. That should no longer be the case, but it’s something to keep in mind.
Safari: Only for Apple and rather private
Safari is Apple’s native browser, which means it’s also only available for Apple devices (a Windows version is no longer supported). Privacy has long been a selling point for Apple, and it is for Safari as well. Many privacy protections, like blocking third-party cookies, are on by default. Safari also limits the amount of data collected from you and stops trackers from following your activity around the internet, and you can easily find out which trackers are trying to follow you across websites (just click on the little shield icon in the toolbar). It’s always enlightening to give privacy reports like that a read, just to get a sense of who is tracking you, how often, and where.
Firefox: A browser not built by a major tech company
Firefox comes from Mozilla, another company that has made privacy part of its business model — it’s actually part of Mozilla’s manifesto and its nonprofit foundation’s new “Unfck the Internet” campaign — and which continues to roll out improved privacy protections to keep up with the evolving tracking technology ecosystem. It blocks trackers, third-party cookies are off by default, and Mozilla is working on ways to block fingerprinting, which can track you even if you have cookies blocked.
Browsers built for privacy
Even more private is Brave, which was built specifically to be a private browsing experience as well as a faster one: it blocks ads by default, along with other trackers. Brave also lets you use Tor in its “private window” feature — more on Tor later. There’s also DuckDuckGo, which is best known as a privacy-first search engine but now offers a mobile browser. Ghostery, which began life as a browser extension that blocked trackers, has also gotten into the mobile browser game.
And then there’s Tor
Tor is as private as it gets. Your traffic is encrypted and routed through several nodes before it reaches its final destination, so not even your ISP will know where you go. And you’re in private (or incognito) mode by default, which means all cookies and site data from your session are deleted as soon as you close the browser. That’s why Tor is known as the browser of choice for people who want to do illegal things on the dark web. But privacy is for everyone, not just criminals. The big trade-off with Tor is that all that encrypted routing means pages take longer to load, and some sites block traffic from the Tor network entirely.
If you’ve never thought much about any of this before, Tor might seem like a pretty extreme step to take. Fortunately, there are other options out there that will improve your privacy without sacrificing your web browsing experience. And while we wait for privacy laws and tools like Global Privacy Control to become available, they’re a good way to keep your data out of someone else’s hands.
Open Sourced is made possible by Omidyar Network. All Open Sourced content is editorially independent and produced by our journalists.