[kictanet] When it comes to privacy by default, settings matter!

[Kentice Tikolo]

Thank you, Patrick.

Any insights on Safari?

Best regards,

Kentice.

Sent from my iPhone

> On 7 Jun 2019, at 06:42, Barrack Otieno via kictanet <kictanet at lists.kictanet.or.ke> wrote:
> 
> Good analysis Patrick,
> 
> Provides interesting perspectives.
> 
> Best Regards
> 
> On 6/5/19, Patrick A. M. Maina via kictanet
> <kictanet at lists.kictanet.or.ke> wrote:
>> I recently did a side-by-side comparison of several mainstream (and some
>> emerging browsers e.g. Brave) and found Firefox to be the least intrusive of
>> the better browsers.
>> Using a network traffic monitor, I peeked under the hood to see what the
>> browsers were secretly doing in the "background" and lo-and-behold, Chrome
>> was so aggressive that it looked like a data-harvesting malware, even with
>> add-ons and extensions disabled. I did some research on it and noted that
>> users who had raised similar issues (several years earlier) had apparently
>> been stonewalled for some reason. This led to a prompt and permanent
>> uninstall of Chrome on that device.
>> Surreptitious data harvesting is problematic because it enhances online
>> risks (e.g. risk of "spear phishing" attacks, as well as theft of business
>> trade secrets - including theft by inference). This should be of concern to
>> emloyees, enterpreneurs and government workers. So why aren't users
>> switching in droves to less intrusive browsers?
>> I have two hypotheses about this:
>> 1. Privacy awareness campaigns don't appear to be strategically
>> contextualized and/or targeted. For example, the word "privacy" has a
>> personal activity context connotation and may not trigger alarm bells in
>> official contexts. I think words like "spying" or "snooping" or "stealing"
>> need to be used a lot more as they convey, with far greater clarity, the
>> idea of surreptitious activity and/or motives, while instilling a sense of
>> urgent need for action.
>> 2. Alternative browsers have to overcome network effects (and build their
>> own). This requires long-game strategies that, on casual inspection, don't
>> appear connected to browser adoption / lock-in. The strategy has to align
>> with (and leverage) anthropological insights as well.
>> Let's use Chrome as an example:
>> Chrome users are locked-in to Google's strong network effects, which exist
>> at the Android ecosystem level (developers, tech support, advertisers and
>> end-users).
>> Google works hard to grow/maintain its dev community by offering a vast
>> array of tools as well as monetization opportunities. Google's secret value
>> proposition across all their products is... wait for it... "success".
>> Once onboarded, cool, proprietary (but apparently inconsequential) features
>> tempt devs to tailor their webapps towards Chrome as the "main" browser and,
>> slowly but surely, dev lock-in creeps in. The difference between Google and
>> Microsoft in terms of dev lock-in strategy is that Google's approach is more
>> subtle: it doesn't cause hard breaks in functionality on different browsers
>> (which would be a big no-no for devs - it only degrades it.. quietly passing
>> the UX pain to end users as "punishment" for using the "wrong" browser).
>> This leads to "works best on Chrome" advisories on millions of help pages /
>> documentation, which in turn *heavily* influences end-user (and tech
>> support's) preferences and more importantly, perceptions about quality and
>> performance advantage. It's like a massively viral reverse ad campaign where
>> the advertisers pay you to advertise *your* product.
>> Humans are creatures of habit and consistency. So the browser you use more
>> frequently (or at work) is likely the one you'll want to use on your
>> personal devices. Soon the user starts "advising" others on which browser is
>> "best" (more free marketing). This reinforces the user's own perception of
>> preferences, boosting perceived loyalty and making it even harder to switch
>> even when the browser has issues the user doesn't like (cognitive
>> dissonance).
>> I noticed this effect on myself when switching from IE (after almost two
>> decades) to Chrome, and a few years later, from Chrome to Firefox. Switching
>> is hard.
>> To get users to change their browser habits, it makes sense to target the
>> dev & support ecosystem agressively with a different value proposition (i.e.
>> "success"). This could mean being more flexible and pragmatic on certain
>> core philosophies like FOSS, which pushes poor/hungry/enterpreneurial
>> developers into the arms of monetized platforms. Food is no longer FOSS
>> (unfortunately)... people need money to eat, and bills have to be paid. FOSS
>> values are noble and important, but they become elitist when implemented as
>> universal dogma without regard to economic context (e.g. for devs in low
>> income countries).
>> Legal and policy tools have to be leveraged as well. Google rode on
>> antitrust regulations, for example, to penetrate Microsoft's IE moat and
>> give chrome a chance on the PC (they then cheekily went on to do what
>> Microsoft had been penalized for doing, with their inbuilt OS integrated
>> apps).
>> Slightly off-topic, but might be of interest to some.
>> Good day & brgds,
>> Patrick.
>> Patrick A. M. Maina[Cross-domain Innovator | Public Policy Analyst -
>> Indigenous Innovations]
>> 
>> 
>>    On Wednesday, June 5, 2019, 5:40:42 AM GMT+3, Alice Munyua via kictanet
>> <kictanet at lists.kictanet.or.ke> wrote:
>> 
>> 
>> https://blog.mozilla.org/blog/2019/06/04/when-it-comes-to-privacy-default-settings-matter/
>> 
>> 
>> 
>> What if I told you that on nearly every single website you visit, data about
>> you was transmitted to dozens or even hundreds of companies, all so that the
>> website could earn an additional $0.00008 per ad! This is a key finding from
>> a new study on behaviorally targeted advertisements from Carnegie Mellon
>> University and it should be a wake-up call to all of us. The status quo of
>> pervasive data collection in service of ad targeting is untenable. That is
>> why we’re announcing some key changes to Firefox.
>> 
>> Today marks an important milestone in the history of Firefox and the web. As
>> of today, for new users who download and install Firefox for the first time,
>> Enhanced Tracking Protection will automatically be set on by default,
>> protecting our users from the pervasive tracking and collection of personal
>> data by ad networks and tech companies.
>> 
>> It seems that each week a new tech company decides to decree that privacy is
>> a human right. They tout how their products provide people with “choices” to
>> change the settings if they wish to opt into a greater level of privacy
>> protection to exemplify how they are putting privacy first. That begs the
>> question — do people really want more complex settings to understand and
>> fiddle with or do they simply want products that respect their privacy and
>> align with their expectations to begin with?
>> 
>> Privacy shouldn’t be relegated to optional settings
>> 
>> When thinking about consumer privacy online, I’m reminded of the behavioral
>> economics studies which led to 401K plans (US retirement savings plans)
>> moving from voluntary enrollment to auto-enrollment. Not too long ago most
>> defined contribution retirement savings plans in the US required employees
>> to sign-up and volunteer to start participating. Participation rates were
>> very low. Why was that? Was it because people didn’t care about saving for
>> retirement? Not at all! There were simply too many barriers to aligning with
>> people’s expectations and desires and the benefits of saving for retirement
>> aren’t felt immediately.
>> 
>> We are in a similar position with respect to software privacy settings.
>> Pervasive tracking is too opaque and potential privacy harms are never felt
>> immediately. The general argument from tech companies is that consumers can
>> always decide to dive into their browser settings and modify the defaults.
>> The reality is that most people will never do that. Yet, we know that people
>> are broadly opposed to the status quo of pervasive cross-site tracking and
>> data collection, particularly when they learn the details on how tracking
>> actually works.
>> 
>> We also know that traditional privacy features such as Chrome’s Incognito
>> mode are failing to live up to consumer expectations. The feature might keep
>> your spouse from knowing what you’re thinking about getting them for your
>> anniversary by erasing your history, but it does not prevent third-party
>> tracking. Our research shows that Firefox users are seeking out privacy
>> protection, particularly through the use of Firefox’s Private Browsing mode.
>> In fact, nearly 25% of web page loads in Firefox take place in a Private
>> Browsing window. The good news for these users is that Firefox’s Private
>> Browsing mode has long put users first by blocking tracking. The bad news is
>> that this generally isn’t true for many popular browsers, which allow
>> tracking even in private browsing/incognito mode. A recent study found that
>> users don’t understand this and think their data is being protected, when it
>> is actually not.
>> 
>> As was the case with retirement savings plans, what this shows us is that
>> the burden needs to shift from the consumers to the companies whereby the
>> complexity of privacy settings shouldn’t be placed on users to figure out.
>> The product defaults should simply align with consumer expectations. That is
>> the approach we are taking in Firefox.
>> 
>> Enhanced Tracking Protection by Default
>> 
>> As stated above, new Firefox users will have strong privacy protection from
>> the moment they install. We also expect to deliver the same functionality to
>> existing users over the coming months. Because we are modifying the
>> fundamental way in which cookies and browser storage operate, we’ve been
>> very rigorous in our testing and roll-out plans to ensure our users are not
>> experiencing unforeseen usability issues. If you’re already using Firefox
>> and can’t wait, you can turn this feature on by clicking on the menu icon
>> marked by three horizontal lines at the top right of your browser, then
>> Content Blocking. Go to your privacy preferences and click on the Custom
>> option on the right side. Mark the Cookies checkbox and make sure that
>> “Third-party trackers” is selected. To learn more about our privacy and
>> security settings and get more detail on what each section — Standard,
>> Strict, and Custom — includes, visit here.
>> 
>> For existing users, go to your privacy preferences and click on the Custom
>> option, ark the Cookies checkbox
>> 
>> If you are new to Firefox, we’d love for you to give it a try. Download the
>> latest version here.
>> 
>> When it comes to privacy, default settings matter! We hope that the actions
>> we are taking can ultimately compel change in the industry. Afterall,
>> consumers deserve better.
>> 
>> _______________________________________________
>> kictanet mailing list
>> kictanet at lists.kictanet.or.ke
>> https://lists.kictanet.or.ke/mailman/listinfo/kictanet
>> Twitter: http://twitter.com/kictanet
>> Facebook: https://www.facebook.com/KICTANet/
>> 
>> Unsubscribe or change your options at
>> https://lists.kictanet.or.ke/mailman/options/kictanet/pmaina2000%40yahoo.com
>> 
>> The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for
>> people and institutions interested and involved in ICT policy and
>> regulation. The network aims to act as a catalyst for reform in the ICT
>> sector in support of the national aim of ICT enabled growth and
>> development.
>> 
>> KICTANetiquette : Adhere to the same standards of acceptable behaviors
>> online that you follow in real life: respect people's times and bandwidth,
>> share knowledge, don't flame or abuse or personalize, respect privacy, do
>> not spam, do not market your wares or qualifications.
>> 
> 
> 
> -- 
> Barrack O. Otieno
> +254721325277
> +254733206359
> Skype: barrack.otieno
> PGP ID: 0x2611D86A
> 
> _______________________________________________
> kictanet mailing list
> kictanet at lists.kictanet.or.ke
> https://lists.kictanet.or.ke/mailman/listinfo/kictanet
> Twitter: http://twitter.com/kictanet
> Facebook: https://www.facebook.com/KICTANet/
> 
> Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/ktikolo%40gmail.com
> 
> The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
> 
> KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.