In a listicle world where even the trivial is quantified, judged, and graded, let’s rank something important for a change: Which web browsers are best for protecting your security and privacy?

Thank you, Patrick.

Any insights on Safari?

Best regards,

Kentice.

Sent from my iPhone

On 7 Jun 2019, at 06:42, Barrack Otieno via kictanet <kictanet@lists.kictanet.or.ke> wrote:

Good analysis Patrick,

Provides interesting perspectives.

Best Regards

On 6/5/19, Patrick A. M. Maina via kictanet

<kictanet@lists.kictanet.or.ke> wrote:

I recently did a side-by-side comparison of several mainstream (and some

emerging browsers e.g. Brave) and found Firefox to be the least intrusive of

the better browsers.

Using a network traffic monitor, I peeked under the hood to see what the

browsers were secretly doing in the "background" and lo-and-behold, Chrome

was so aggressive that it looked like a data-harvesting malware, even with

add-ons and extensions disabled. I did some research on it and noted that

users who had raised similar issues (several years earlier) had apparently

been stonewalled for some reason. This led to a prompt and permanent

uninstall of Chrome on that device.

Surreptitious data harvesting is problematic because it enhances online

risks (e.g. risk of "spear phishing" attacks, as well as theft of business

trade secrets - including theft by inference). This should be of concern to

emloyees, enterpreneurs and government workers. So why aren't users

switching in droves to less intrusive browsers?

I have two hypotheses about this:

1. Privacy awareness campaigns don't appear to be strategically

contextualized and/or targeted. For example, the word "privacy" has a

personal activity context connotation and may not trigger alarm bells in

official contexts. I think words like "spying" or "snooping" or "stealing"

need to be used a lot more as they convey, with far greater clarity, the

idea of surreptitious activity and/or motives, while instilling a sense of

urgent need for action.

2. Alternative browsers have to overcome network effects (and build their

own). This requires long-game strategies that, on casual inspection, don't

appear connected to browser adoption / lock-in. The strategy has to align

with (and leverage) anthropological insights as well.

Let's use Chrome as an example:

Chrome users are locked-in to Google's strong network effects, which exist

at the Android ecosystem level (developers, tech support, advertisers and

end-users).

Google works hard to grow/maintain its dev community by offering a vast

array of tools as well as monetization opportunities. Google's secret value

proposition across all their products is... wait for it... "success".

Once onboarded, cool, proprietary (but apparently inconsequential) features

tempt devs to tailor their webapps towards Chrome as the "main" browser and,

slowly but surely, dev lock-in creeps in. The difference between Google and

Microsoft in terms of dev lock-in strategy is that Google's approach is more

subtle: it doesn't cause hard breaks in functionality on different browsers

(which would be a big no-no for devs - it only degrades it.. quietly passing

the UX pain to end users as "punishment" for using the "wrong" browser).

This leads to "works best on Chrome" advisories on millions of help pages /

documentation, which in turn *heavily* influences end-user (and tech

support's) preferences and more importantly, perceptions about quality and

performance advantage. It's like a massively viral reverse ad campaign where

the advertisers pay you to advertise *your* product.

Humans are creatures of habit and consistency. So the browser you use more

frequently (or at work) is likely the one you'll want to use on your

personal devices. Soon the user starts "advising" others on which browser is

"best" (more free marketing). This reinforces the user's own perception of

preferences, boosting perceived loyalty and making it even harder to switch

even when the browser has issues the user doesn't like (cognitive

dissonance).

I noticed this effect on myself when switching from IE (after almost two

decades) to Chrome, and a few years later, from Chrome to Firefox. Switching

is hard.

To get users to change their browser habits, it makes sense to target the

dev & support ecosystem agressively with a different value proposition (i.e.

"success"). This could mean being more flexible and pragmatic on certain

core philosophies like FOSS, which pushes poor/hungry/enterpreneurial

developers into the arms of monetized platforms. Food is no longer FOSS

(unfortunately)... people need money to eat, and bills have to be paid. FOSS

values are noble and important, but they become elitist when implemented as

universal dogma without regard to economic context (e.g. for devs in low

income countries).

Legal and policy tools have to be leveraged as well. Google rode on

antitrust regulations, for example, to penetrate Microsoft's IE moat and

give chrome a chance on the PC (they then cheekily went on to do what

Microsoft had been penalized for doing, with their inbuilt OS integrated

apps).

Slightly off-topic, but might be of interest to some.

Good day & brgds,

Patrick.

Patrick A. M. Maina[Cross-domain Innovator | Public Policy Analyst -

Indigenous Innovations]

  On Wednesday, June 5, 2019, 5:40:42 AM GMT+3, Alice Munyua via kictanet

<kictanet@lists.kictanet.or.ke> wrote:

https://blog.mozilla.org/blog/2019/06/04/when-it-comes-to-privacy-default-settings-matter/

What if I told you that on nearly every single website you visit, data about

you was transmitted to dozens or even hundreds of companies, all so that the

website could earn an additional $0.00008 per ad! This is a key finding from

a new study on behaviorally targeted advertisements from Carnegie Mellon

University and it should be a wake-up call to all of us. The status quo of

pervasive data collection in service of ad targeting is untenable. That is

why we’re announcing some key changes to Firefox.

Today marks an important milestone in the history of Firefox and the web. As

of today, for new users who download and install Firefox for the first time,

Enhanced Tracking Protection will automatically be set on by default,

protecting our users from the pervasive tracking and collection of personal

data by ad networks and tech companies.

It seems that each week a new tech company decides to decree that privacy is

a human right. They tout how their products provide people with “choices” to

change the settings if they wish to opt into a greater level of privacy

protection to exemplify how they are putting privacy first. That begs the

question — do people really want more complex settings to understand and

fiddle with or do they simply want products that respect their privacy and

align with their expectations to begin with?

Privacy shouldn’t be relegated to optional settings

When thinking about consumer privacy online, I’m reminded of the behavioral

economics studies which led to 401K plans (US retirement savings plans)

moving from voluntary enrollment to auto-enrollment. Not too long ago most

defined contribution retirement savings plans in the US required employees

to sign-up and volunteer to start participating. Participation rates were

very low. Why was that? Was it because people didn’t care about saving for

retirement? Not at all! There were simply too many barriers to aligning with

people’s expectations and desires and the benefits of saving for retirement

aren’t felt immediately.

We are in a similar position with respect to software privacy settings.

Pervasive tracking is too opaque and potential privacy harms are never felt

immediately. The general argument from tech companies is that consumers can

always decide to dive into their browser settings and modify the defaults.

The reality is that most people will never do that. Yet, we know that people

are broadly opposed to the status quo of pervasive cross-site tracking and

data collection, particularly when they learn the details on how tracking

actually works.

We also know that traditional privacy features such as Chrome’s Incognito

mode are failing to live up to consumer expectations. The feature might keep

your spouse from knowing what you’re thinking about getting them for your

anniversary by erasing your history, but it does not prevent third-party

tracking. Our research shows that Firefox users are seeking out privacy

protection, particularly through the use of Firefox’s Private Browsing mode.

In fact, nearly 25% of web page loads in Firefox take place in a Private

Browsing window. The good news for these users is that Firefox’s Private

Browsing mode has long put users first by blocking tracking. The bad news is

that this generally isn’t true for many popular browsers, which allow

tracking even in private browsing/incognito mode. A recent study found that

users don’t understand this and think their data is being protected, when it

is actually not.

As was the case with retirement savings plans, what this shows us is that

the burden needs to shift from the consumers to the companies whereby the

complexity of privacy settings shouldn’t be placed on users to figure out.

The product defaults should simply align with consumer expectations. That is

the approach we are taking in Firefox.

Enhanced Tracking Protection by Default

As stated above, new Firefox users will have strong privacy protection from

the moment they install. We also expect to deliver the same functionality to

existing users over the coming months. Because we are modifying the

fundamental way in which cookies and browser storage operate, we’ve been

very rigorous in our testing and roll-out plans to ensure our users are not

experiencing unforeseen usability issues. If you’re already using Firefox

and can’t wait, you can turn this feature on by clicking on the menu icon

marked by three horizontal lines at the top right of your browser, then

Content Blocking. Go to your privacy preferences and click on the Custom

option on the right side. Mark the Cookies checkbox and make sure that

“Third-party trackers” is selected. To learn more about our privacy and

security settings and get more detail on what each section — Standard,

Strict, and Custom — includes, visit here.

For existing users, go to your privacy preferences and click on the Custom

option, ark the Cookies checkbox

If you are new to Firefox, we’d love for you to give it a try. Download the

latest version here.

When it comes to privacy, default settings matter! We hope that the actions

we are taking can ultimately compel change in the industry. Afterall,

consumers deserve better.

_______________________________________________

kictanet mailing list

kictanet@lists.kictanet.or.ke

https://lists.kictanet.or.ke/mailman/listinfo/kictanet

Twitter: http://twitter.com/kictanet

Facebook: https://www.facebook.com/KICTANet/

Unsubscribe or change your options at

https://lists.kictanet.or.ke/mailman/options/kictanet/pmaina2000%40yahoo.com

The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for

people and institutions interested and involved in ICT policy and

regulation. The network aims to act as a catalyst for reform in the ICT

sector in support of the national aim of ICT enabled growth and

development.

KICTANetiquette : Adhere to the same standards of acceptable behaviors

online that you follow in real life: respect people's times and bandwidth,

share knowledge, don't flame or abuse or personalize, respect privacy, do

not spam, do not market your wares or qualifications.

--

Barrack O. Otieno

+254721325277

+254733206359

Skype: barrack.otieno

PGP ID: 0x2611D86A

_______________________________________________

kictanet mailing list

kictanet@lists.kictanet.or.ke

https://lists.kictanet.or.ke/mailman/listinfo/kictanet

Twitter: http://twitter.com/kictanet

Facebook: https://www.facebook.com/KICTANet/

Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/ktikolo%40gmail.com

The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.

KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.

_______________________________________________
kictanet mailing list
kictanet@lists.kictanet.or.ke
https://lists.kictanet.or.ke/mailman/listinfo/kictanet
Twitter: http://twitter.com/kictanet
Facebook: https://www.facebook.com/KICTANet/

Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/info%40campusciti.com

The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.

KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.