CDT Browser Report 2010 - Browser Privacy Features: A Work in Progress
This report reviews the privacy features available for the latest versions of Mozilla Firefox, Microsoft Internet Explorer, Google Chrome, Apple's Safari, and Opera’s Web browser. We find that features have improved so that consumers can reduce the amount of personal information they transmit online or leave behind on their computers, but at the same time both the complexity of the controls and the diversity of online tracking methods leave consumers little better off. This is an update to version 2.0 of this report, which was released in August 2009.
The browser is the gateway to the Internet for most consumers. Providing browser privacy controls that are robust, easy to find, and simple to use is crucial to empowering consumers to maintain their privacy online. Improvements in browser controls cannot replace the need for a comprehensive national privacy law, but they can go a long way towards helping consumers exercise some control of their own data.
In the last six months, all of the major browser makers have released versions of their products with new privacy features. That these companies are competing to provide better privacy protections is great news for Internet users. The browser makers are in an excellent position to further develop their existing controls and provide new features aimed at giving Internet users greater control over their privacy as they surf the Web. CDT will continue to revisit the browser space to assess whether companies continue to improve the strength, simplicity and accessibility of browser privacy controls.
In this report, we examine the privacy features1 available in five Web browsers – Chrome 7, Firefox 3.6 and 4.0 beta 6, Internet Explorer 8 and 9 Beta2, Opera 10.6, and Safari 5. In the charts below, we compare the features offered by each browser in five areas: general privacy controls, privacy modes, cookie controls, object controls, and geolocation controls. All of the browsers were tested on Windows 7, except for Safari, which was tested on Mac OS X, where it is predominantly used. We provided a draft of this document to Apple, Google, Microsoft, Mozilla, and Opera several weeks in advance to allow them to verify the accuracy of the claims made in the report about their browser software. Where appropriate, we have revised the report in response to the feedback we received from those companies.
Summary: No one browser stands out as the clear privacy leader. All have relative strengths and all have relative weaknesses; depending on how you use the Web (e.g. for location-enabled services or for “private browsing” mode), a different browser may be the most privacy protective for you. In general, all five browsers now offer more user controls for privacy than they did when CDT last issued this report in August of 2009. At the same time, however, browsers also present more ways for consumers to transmit personal information, for example by offering precise location-based services and local storage that allow consumers to be tracked in new ways. The fact that this report has expanded from 10 pages in its last version to its current 19 pages is a blessing and a curse for consumers: there are more controls but more exposure as well, and it is becoming increasingly difficult for consumers to shut down all potential avenues for unwanted sharing on the Internet.
One potential solution to the complexity of user choices would be the implementation through the browser of a “Do Not Track” mechanism that would allow consumers to set persistent and global tracking preferences. If done correctly, the incorporation of a “Do Not Track” feature in the browsers could represent an improvement for consumers who wish to exercise more control over their information sharing online. CDT first proposed the idea of “Do Not Track” in 2007 along with a group of other public interest organizations. The information ecosystem has become radically more complicated since that time, and the concept of “Do Not Track” has attracted new attention recently. The online advertising industry has been discussing ways to create such controls through self-regulation, and Congress is considering whether “Do Not Track” should be included as a part of a general baseline privacy law. Both Microsoft and Mozilla have announced promising efforts in recent days to eventually offer these sorts of global opt-out options to consumers. However implemented, “Do Not Track” is not a replacement for baseline privacy legislation, which is needed to address the full range of privacy issues, not just Web-based behavioral advertising.
One further thing to note: the report only looks at what information browsers store about a user or allow to be transmitted to third parties. It does not address the issue of browser security, nor does it address what information the browser maker itself may receive about a user's web activity.
The browser report is divided into five general sections:
General Privacy Controls: When an Internet user visits a webpage, her browser sends information to the entities involved in delivering the content that constitutes the webpage. The entities to which information is disclosed include the website that the user navigates to, but may also include third parties that provide content, Web beacons, or other components to the webpage. At the same time, in the normal course of Web surfing, browsers record and retain information about browsing activity locally on users’ computers. This includes a history of visited websites, downloaded files, and search terms. Browsers can also save the data typed into online forms (including passwords) and cached versions of files. General privacy controls allow the user to proactively clear information that the browser has collected during the course of Web browsing. The controls may also prevent the browser from sending certain information, such as the referring URL, to websites. All of the browsers provide controls to automatically clear some stored information, although the information that can be cleared is different for each browser.
Privacy Mode: The main motivations behind a browser privacy mode are to allow users to browse without leaving data trails on their computers and to limit the information given to remote parties. The privacy modes in each of the browsers reduce the local storage of these kinds of information, thereby providing increased privacy on shared computers. All of the browsers now provide a privacy mode, although their functionality varies slightly.
Cookie Controls: Some kinds of cookies facilitate the tracking of Internet users or store identifying information (or both). Cookie controls allow users to decide which cookies can be stored on their computers.
Object Controls: Cookies are not the only tracking mechanism available to websites and services. Browsers receive and transmit content of many different types – everything from basic text and images to style sheets, scripts, local shared objects (sometimes called “flash cookies”), and more. These kinds of data may also be used to log and profile the user’s Web activities when repeatedly transmitted to or from a user’s browser across different sites. In this report we use the term “object controls” to describe all other browser mechanisms that allow users to decide what content to block or allow on their computers.
Geolocation Controls: Websites are increasingly providing services that use information about the location of a computer. Geolocation controls indicate when geolocation information is being provided to a site and enable users to manage when their geolocation is provided. Geolocation controls are an area where browser controls markedly differ.
For more information
Director, Consumer Privacy Project
1Only settings that are available to an end-user through the browser’s interface are addressed by this report. Although sophisticated controls, such as the ability to always start in privacy mode or to disable DOM storage, may be configurable by an advanced user through low level or command line configuration settings, if the controls are not directly exposed through the end-user interface, they are generally not addressed.
2Firefox 3.6 and 4.0 beta 6 are listed together, as are Internet Explorer 8 and 9 Beta, because there was no difference between the beta version and the current release in terms of the privacy controls that they provided at the time of writing.