[kictanet] When it comes to privacy by default, settings matter!
Kentice Tikolo
ktikolo at gmail.com
Wed Jun 12 05:56:17 EAT 2019
Thank you, Patrick.
Any insights on Safari?
Best regards,
Kentice.
Sent from my iPhone
> On 7 Jun 2019, at 06:42, Barrack Otieno via kictanet <kictanet at lists.kictanet.or.ke> wrote:
>
> Good analysis Patrick,
>
> Provides interesting perspectives.
>
> Best Regards
>
> On 6/5/19, Patrick A. M. Maina via kictanet
> <kictanet at lists.kictanet.or.ke> wrote:
>> I recently did a side-by-side comparison of several mainstream (and some
>> emerging browsers e.g. Brave) and found Firefox to be the least intrusive of
>> the better browsers.
>> Using a network traffic monitor, I peeked under the hood to see what the
>> browsers were secretly doing in the "background" and lo-and-behold, Chrome
>> was so aggressive that it looked like a data-harvesting malware, even with
>> add-ons and extensions disabled. I did some research on it and noted that
>> users who had raised similar issues (several years earlier) had apparently
>> been stonewalled for some reason. This led to a prompt and permanent
>> uninstall of Chrome on that device.
>> Surreptitious data harvesting is problematic because it enhances online
>> risks (e.g. risk of "spear phishing" attacks, as well as theft of business
>> trade secrets - including theft by inference). This should be of concern to
>> emloyees, enterpreneurs and government workers. So why aren't users
>> switching in droves to less intrusive browsers?
>> I have two hypotheses about this:
>> 1. Privacy awareness campaigns don't appear to be strategically
>> contextualized and/or targeted. For example, the word "privacy" has a
>> personal activity context connotation and may not trigger alarm bells in
>> official contexts. I think words like "spying" or "snooping" or "stealing"
>> need to be used a lot more as they convey, with far greater clarity, the
>> idea of surreptitious activity and/or motives, while instilling a sense of
>> urgent need for action.
>> 2. Alternative browsers have to overcome network effects (and build their
>> own). This requires long-game strategies that, on casual inspection, don't
>> appear connected to browser adoption / lock-in. The strategy has to align
>> with (and leverage) anthropological insights as well.
>> Let's use Chrome as an example:
>> Chrome users are locked-in to Google's strong network effects, which exist
>> at the Android ecosystem level (developers, tech support, advertisers and
>> end-users).
>> Google works hard to grow/maintain its dev community by offering a vast
>> array of tools as well as monetization opportunities. Google's secret value
>> proposition across all their products is... wait for it... "success".
>> Once onboarded, cool, proprietary (but apparently inconsequential) features
>> tempt devs to tailor their webapps towards Chrome as the "main" browser and,
>> slowly but surely, dev lock-in creeps in. The difference between Google and
>> Microsoft in terms of dev lock-in strategy is that Google's approach is more
>> subtle: it doesn't cause hard breaks in functionality on different browsers
>> (which would be a big no-no for devs - it only degrades it.. quietly passing
>> the UX pain to end users as "punishment" for using the "wrong" browser).
>> This leads to "works best on Chrome" advisories on millions of help pages /
>> documentation, which in turn *heavily* influences end-user (and tech
>> support's) preferences and more importantly, perceptions about quality and
>> performance advantage. It's like a massively viral reverse ad campaign where
>> the advertisers pay you to advertise *your* product.
>> Humans are creatures of habit and consistency. So the browser you use more
>> frequently (or at work) is likely the one you'll want to use on your
>> personal devices. Soon the user starts "advising" others on which browser is
>> "best" (more free marketing). This reinforces the user's own perception of
>> preferences, boosting perceived loyalty and making it even harder to switch
>> even when the browser has issues the user doesn't like (cognitive
>> dissonance).
>> I noticed this effect on myself when switching from IE (after almost two
>> decades) to Chrome, and a few years later, from Chrome to Firefox. Switching
>> is hard.
>> To get users to change their browser habits, it makes sense to target the
>> dev & support ecosystem agressively with a different value proposition (i.e.
>> "success"). This could mean being more flexible and pragmatic on certain
>> core philosophies like FOSS, which pushes poor/hungry/enterpreneurial
>> developers into the arms of monetized platforms. Food is no longer FOSS
>> (unfortunately)... people need money to eat, and bills have to be paid. FOSS
>> values are noble and important, but they become elitist when implemented as
>> universal dogma without regard to economic context (e.g. for devs in low
>> income countries).
>> Legal and policy tools have to be leveraged as well. Google rode on
>> antitrust regulations, for example, to penetrate Microsoft's IE moat and
>> give chrome a chance on the PC (they then cheekily went on to do what
>> Microsoft had been penalized for doing, with their inbuilt OS integrated
>> apps).
>> Slightly off-topic, but might be of interest to some.
>> Good day & brgds,
>> Patrick.
>> Patrick A. M. Maina[Cross-domain Innovator | Public Policy Analyst -
>> Indigenous Innovations]
>>
>>
>> On Wednesday, June 5, 2019, 5:40:42 AM GMT+3, Alice Munyua via kictanet
>> <kictanet at lists.kictanet.or.ke> wrote:
>>
>>
>> https://blog.mozilla.org/blog/2019/06/04/when-it-comes-to-privacy-default-settings-matter/
>>
>>
>>
>> What if I told you that on nearly every single website you visit, data about
>> you was transmitted to dozens or even hundreds of companies, all so that the
>> website could earn an additional $0.00008 per ad! This is a key finding from
>> a new study on behaviorally targeted advertisements from Carnegie Mellon
>> University and it should be a wake-up call to all of us. The status quo of
>> pervasive data collection in service of ad targeting is untenable. That is
>> why we’re announcing some key changes to Firefox.
>>
>> Today marks an important milestone in the history of Firefox and the web. As
>> of today, for new users who download and install Firefox for the first time,
>> Enhanced Tracking Protection will automatically be set on by default,
>> protecting our users from the pervasive tracking and collection of personal
>> data by ad networks and tech companies.
>>
>> It seems that each week a new tech company decides to decree that privacy is
>> a human right. They tout how their products provide people with “choices” to
>> change the settings if they wish to opt into a greater level of privacy
>> protection to exemplify how they are putting privacy first. That begs the
>> question — do people really want more complex settings to understand and
>> fiddle with or do they simply want products that respect their privacy and
>> align with their expectations to begin with?
>>
>> Privacy shouldn’t be relegated to optional settings
>>
>> When thinking about consumer privacy online, I’m reminded of the behavioral
>> economics studies which led to 401K plans (US retirement savings plans)
>> moving from voluntary enrollment to auto-enrollment. Not too long ago most
>> defined contribution retirement savings plans in the US required employees
>> to sign-up and volunteer to start participating. Participation rates were
>> very low. Why was that? Was it because people didn’t care about saving for
>> retirement? Not at all! There were simply too many barriers to aligning with
>> people’s expectations and desires and the benefits of saving for retirement
>> aren’t felt immediately.
>>
>> We are in a similar position with respect to software privacy settings.
>> Pervasive tracking is too opaque and potential privacy harms are never felt
>> immediately. The general argument from tech companies is that consumers can
>> always decide to dive into their browser settings and modify the defaults.
>> The reality is that most people will never do that. Yet, we know that people
>> are broadly opposed to the status quo of pervasive cross-site tracking and
>> data collection, particularly when they learn the details on how tracking
>> actually works.
>>
>> We also know that traditional privacy features such as Chrome’s Incognito
>> mode are failing to live up to consumer expectations. The feature might keep
>> your spouse from knowing what you’re thinking about getting them for your
>> anniversary by erasing your history, but it does not prevent third-party
>> tracking. Our research shows that Firefox users are seeking out privacy
>> protection, particularly through the use of Firefox’s Private Browsing mode.
>> In fact, nearly 25% of web page loads in Firefox take place in a Private
>> Browsing window. The good news for these users is that Firefox’s Private
>> Browsing mode has long put users first by blocking tracking. The bad news is
>> that this generally isn’t true for many popular browsers, which allow
>> tracking even in private browsing/incognito mode. A recent study found that
>> users don’t understand this and think their data is being protected, when it
>> is actually not.
>>
>> As was the case with retirement savings plans, what this shows us is that
>> the burden needs to shift from the consumers to the companies whereby the
>> complexity of privacy settings shouldn’t be placed on users to figure out.
>> The product defaults should simply align with consumer expectations. That is
>> the approach we are taking in Firefox.
>>
>> Enhanced Tracking Protection by Default
>>
>> As stated above, new Firefox users will have strong privacy protection from
>> the moment they install. We also expect to deliver the same functionality to
>> existing users over the coming months. Because we are modifying the
>> fundamental way in which cookies and browser storage operate, we’ve been
>> very rigorous in our testing and roll-out plans to ensure our users are not
>> experiencing unforeseen usability issues. If you’re already using Firefox
>> and can’t wait, you can turn this feature on by clicking on the menu icon
>> marked by three horizontal lines at the top right of your browser, then
>> Content Blocking. Go to your privacy preferences and click on the Custom
>> option on the right side. Mark the Cookies checkbox and make sure that
>> “Third-party trackers” is selected. To learn more about our privacy and
>> security settings and get more detail on what each section — Standard,
>> Strict, and Custom — includes, visit here.
>>
>> For existing users, go to your privacy preferences and click on the Custom
>> option, ark the Cookies checkbox
>>
>> If you are new to Firefox, we’d love for you to give it a try. Download the
>> latest version here.
>>
>> When it comes to privacy, default settings matter! We hope that the actions
>> we are taking can ultimately compel change in the industry. Afterall,
>> consumers deserve better.
>>
>> _______________________________________________
>> kictanet mailing list
>> kictanet at lists.kictanet.or.ke
>> https://lists.kictanet.or.ke/mailman/listinfo/kictanet
>> Twitter: http://twitter.com/kictanet
>> Facebook: https://www.facebook.com/KICTANet/
>>
>> Unsubscribe or change your options at
>> https://lists.kictanet.or.ke/mailman/options/kictanet/pmaina2000%40yahoo.com
>>
>> The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for
>> people and institutions interested and involved in ICT policy and
>> regulation. The network aims to act as a catalyst for reform in the ICT
>> sector in support of the national aim of ICT enabled growth and
>> development.
>>
>> KICTANetiquette : Adhere to the same standards of acceptable behaviors
>> online that you follow in real life: respect people's times and bandwidth,
>> share knowledge, don't flame or abuse or personalize, respect privacy, do
>> not spam, do not market your wares or qualifications.
>>
>
>
> --
> Barrack O. Otieno
> +254721325277
> +254733206359
> Skype: barrack.otieno
> PGP ID: 0x2611D86A
>
> _______________________________________________
> kictanet mailing list
> kictanet at lists.kictanet.or.ke
> https://lists.kictanet.or.ke/mailman/listinfo/kictanet
> Twitter: http://twitter.com/kictanet
> Facebook: https://www.facebook.com/KICTANet/
>
> Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/ktikolo%40gmail.com
>
> The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
>
> KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
More information about the KICTANet
mailing list