Watch this episode on YouTube.
Reasonably Accurate 馃馃 Transcript
Morning everybody. How are you doing today? On this episode of the show, we're gonna talk about your web browser and privacy. Now, on a recent episode of Recode, Decode with Kara Swisher, she spoke to Gabe Weinberg. He's the CEO and founder of Duck Duck go, a very popular privacy focused search engine.
And the topic of their conversation was online search, online privacy, um social networks. They kind of just went all over the place but really focusing around privacy. And I thought it was really, really interesting. There was a few terms that popped up uh in this comment conversation that I've heard in common usage around that.
I'm not quite sure people truly actually understand and I wanted to cover those here because they're directly related to cybersecurity and to privacy. And I think even just general users, it's really important that people are extremely clear on what these things mean. So the first term that Gabe and Kara are talking about is opt in versus opt out.
Now, this one, I hope everybody already gets, but I want to cover it just to make sure. So opting into something means actively making a choice to enable something. So in the in the context of privacy and uh web browsing, it's actively enabling location features, right?
Uh opting out is the exact opposite something is on by default and you need to actively make a choice or find a preference or flip a switch to get out of it. So great example is location by default, location sits in between both of these things.
Sites can ask for your location on safari on Mac Os Mojave, but you have to confirm that you're going to be able to grant it. So by default, the service is on, but each website you need to opt in for, for 24 hours.
That's uh a line decision where it's both opt in and opt out, which is an interesting example and the reason why I brought it up, I brought it up because you can actually go into your settings in a safari and turn off location services period and just say no, they're off, you can't enable them.
Um But by default, the feature is on and then each individual site you need to opt in for and that's a reasonable balance. The capability is there and sites can individually prompt you, but it might not be the right balance for you.
So knowing that that's there is absolutely critical um a really bad example or a common example that I feel is negative is probably a better way to say it is the vast majority of um insurance contracts have opting, at least here in Canada have that.
Your default, gets sent, your information by default, gets sent to the US for processing and it's basically offshoring your data and there's a whole bunch of other things that you agree to by default. Unless you opt out. Now you have to find that in your contract, you need to then actually jump through the hoops to opt out of these things and that's bad because they know that some people might want this behavior, but they are gonna make it hard to get there.
Um So that's the concept of opting in and opting out. Is it on by default? And people have to remove themselves or is it off by default? And people have to explicitly opt in when it comes to privacy. That's a critical, critical difference.
My feeling is the general rule is that you should be opting into things that touch your privacy. So anything where it's going to be sharing your information out, you need to be opting in and there should be rules around how often you can actually, you know, ask people and prompt them and basically nag them to opt in if they're choosing not to.
But I think that's absolutely incredible opt in versus opt out. Now, another one is the do not track feature in your web browser and most web browsers have this feature. It's a simple check box that says do not track me with other websites.
And most people believe that once you turn this on, you're no longer tracked. The difference is it has no teeth zero. Nothing not a does does nothing. Basically, all do not track does is sends an extra bit of information with your web request that says I'd prefer not to be tracked, please.
It's you raising your hand and again, depending on what browser you're using, this is either opted in or opted out it's on by default or it's off by default. But even if it's on it really, it's a feature that bothers me because it's one that should be a great feature, but it really, because it has no teeth, it just gives you the idea that you've done something, I've done something.
What have I done? I've made sure that I'm not tracked. I've said do not track me. Um The reality is, is you're simply raising your hand and say I prefer not to be tracked and then it's the website's responsibility to respect that header and for every user that has that option uh and has raised their hand to actually not track them.
So again, do not track, doesn't actually really do anything, don't rely on it for your privacy, an ad blocker um or just an outbound firewall that prevents any access to a bunch of these um tracking sites is far more effective. And the last area I wanted to talk about that came up in this recode, decode episode, which you should really check out because it's a great conversation between Gabe and Kara is um incognito or private browsing mode.
I cannot tell you the number of times that I've talked to people who are like, yeah, no, I just browse with private and it's great. Nobody can see what I'm doing. That is not how private browsing works. Private browsing or incognito mode uh within your browser allows you to open up a new window even on mobile.
This works. It opens up a new window and normally code it differently colored differently. So you can understand that you're in a different mode and what it does is it doesn't cache anything locally including cookies. Um And it doesn't keep a history.
So there's no local browser history. So a lot of the time, you know, you'll see that joke where like, oh, I better go clear my browser history, private mode doesn't keep a browser history that does nothing to hide the activity from the server side.
So the server still sees your IP request. Um It still sees some browser metrics. Um They can still uh you know, somewhat track activity. They won't be able to cookie you and track you across, but it's not foolproof. It is more of a local defense.
There's a lot of holes, it's better than nothing. But again, there's a lot of holes in private or incognito mode browsing. It's not what people assume, which is like, oh, I turn this on and nobody knows what I'm doing. It will prevent local uh artifacts for the most part.
Um But if you download files they're still downloaded, um, it's just gonna prevent those behind the scenes, caching and cookies. So three major concepts here sort of ramping up, do not track, doesn't really do anything incognito and private mode just stops the history really from being built.
Um Everything else is still on for tracking on the website. Um And opt in versus opt out, which is by far the most critical concept, but these three things popped up in this conversation and I thought it was really important just to kind of reiterate them here so that everybody is reminded of what they actually truly mean.
And if you are building technology, please make it opt in for the most part. If anything touches privacy, it definitely should be opt in opt out for other things. So a common just to hit this nail on the head. Yet again, a very common thing that I see on apps is that by default, it sends very detailed usage metrics back to the application creator.
Those should be in um they should not be opt out um Simply because that information can be pretty sensitive sometimes and it's aggregate data um that really makes privacy a challenging. Um But it's also something that's definitely worth spending your time on as a user as well as a builder.
Of technology. So what do you think? Let me know, hit me up online um at Mark NC A uh in the comments down below. And as always by email me at Mark N dot ca, I hope you are set up for a fantastic day.
Look forward to talking to you about this uh online and we'll see you in the next episode of the show.
