Security Cloud Privacy Tech
Web Browser Privacy

Web Browser Privacy

Mornings With Mark no. 0186

Watch the episode on YouTube

Join the discussion on LinkedIn

Share on Twitter

Bad Robot Transcript

Morning, everybody. How you doing today on this episode of the show. We’re going to talk about your web browser and privacy don’t a recent episode of recode decode with Kara Swisher. She spoke to Gabe Weinberg. He’s the CEO and founder of DuckDuckGo a very popular privacy-focused search engine and the topic of their conversation.

What is online search on my privacy social networks? They kind of just went all over the place but really focusing around privacy, and I thought it was really really interesting. There was a few terms that popped up in this conversation that I’ve heard in common usage around that I’m not quite sure people truly actually understand and I wanted to cover those here because they’re directly related to cyber security and privacy and I think even just in general users is really important that people are extremely clear on what these things mean.

So the first term of the game and Care are talking about is opt-in vs. Opt out. I hope everybody already gets but I want to cover it just to make sure so opting into something means actively making a choice to enable something. So in the in the context of privacy and web browsing, it’s actively enabling location features, right opting out is the exact opposite.

Something is actually make a choice or find a preference or flip a switch to get out of it. So great example is location by default location sits in between. Both of these things sites can ask for your location on Safari on Mac OS Mojave, but you have to confirm that you’re going to be able to Grant it.

So by default the service is on but each website you need to opt-in for for 24 hours. That’s a a line decision. Where is both often and out that which is an interesting in Tampa on the reason why I brought it up. I brought it up because you can actually go into your settings in Safari and turn off location services.

Miss a nut there off you can’t enable by default the features on and then each individual site you need to opt in for that’s a reasonable balance have the capability is there and sites can individually prompt you and Buddy might not be the right balance for you. So knowing that that’s there is absolutely critical a really bad example of a common example that I feel is negative is probably a better way to say it I’m is the vast majority of insurance contracts have opting at least here in Canada have that your default get sent out of your information by default get sent to the US for processing a and it’s basically offshoring you’re dating is a whole bunch of other things that you agree to buy unless you Opt at 8 to find that in your contract you need to then actually jump through the Hoops to opt out of these things.

That’s bad because there’s no that hate something wouldn’t want this Behavior, but they are going to make it hard to get there. I’m so that the concept of opting in an octagon. Is it on by default and people have to remove themselves or is it off by default in people have to explicitly opt-in when it comes to privacy.

That’s a critical critical difference in my feeling is the general rule is that you should be opting into things that touch your privacy. So anything or to be sharing information about you need to be opting in and there should be rules around how often you can actually pot, you know, ask people and prompt them and basically Magnum to opt-in if they’re choosing not to but I think that’s absolute vs.

Opt out. Another one is the do not track feature in your web browser and most web browsers have this feature. It’s a simple checkboxes his do not track me with other websites the most people believe that once you turn this on your no longer tracking the difference is that has no teeth zero nothing not a does does not basically all do not track does is sends an extra bit of information with your ride request that says, I’d prefer not to be tracked, please.

It’s you raising your hand and it get depending on what browser you are using. This is either opted-in or opted out. It’s on by default or it’s off by default. But even if it’s on it really it’s a feature that bothers me because it’s one that should be A great feature, but it really because it has no teeth that just gives you the idea that you’ve done something.

I’ve done something what have I done? I’ve made sure that I’m not tracked. I’ve said do not track me and the reality is You’re simply raising her hand and say I’d prefer not to be tracked in and it’s the websites responsibility to respect that had her and for every user that has that option A and has raised their hand to actually not track them.

So again do not track doesn’t actually really do anything don’t rely on it for your privacy and ad blocker or just an outbound firewall that prevents any access to a bunch of these I’m tracking site is far more effective and the last area I wanted to talk about that came up in this recode decode episode, which you should really check out because it’s a great conversation between Gabe and Kara is Incognito or private browsing mode.

I cannot tell you the number of times that I’ve talked to people are like, I don’t know I just brows with private and it’s great and nobody can see what I’m doing. That is not how Private browsing Works private browsing incognito mode within your browser allows you to open up a new window even on mobile.

This works at 8 opens up a new window and normally coded differently colored differently. So you can understand that you’re in a different mode and what it does is it doesn’t cash anything locally including cookies and it doesn’t keep a history. So there’s no local browser history. So a lot of the time, you know, you’ll see that joker logo better go clear my browser history private mode doesn’t keep a browser history that does nothing to hide the activity from the server side.

So the server still sees your IP request time. It’s still see some browser metrics and they can still you know, someone track activity. They won’t be able to cookie you and track you across and but it’s not foolproof. It is more of a local the fact there’s a lot of holes is better than nothing.

But again, there’s a lot of holes in private or incognito mode browsing. It’s not what people assume we’re just like, oh I turn this on and nobody knows what I’m doing. It will prevent local. Facts for the most part but if you download files, they’re still downloaded it just going to prevent Those Behind the Scenes cashing a cookie.

So three major Concepts years are ramping up do not track doesn’t really do anything Incognito in private mode just stops a history really from being built and everything else is still on for tracking on the website and opt-in vs. Opt out which is by far the most critical concept, but these three things popped up in this conversation.

I thought I was really important just to kind of reiterate them here so that everybody is reminded of what they actually truly mean and if you are Building Technology, please make it opted in for the most part of anything touches privacy definitely should be off to in opt out for other things so common.

I just did to hit the nail on the head yet again a very common thing that I see on apps is that by default? It sounds very detailed usage metrics back to the application creator. Those should be opt-in and they should not be opt out and simply because that information can be pretty sensitive sometimes.

Aggregate data on that really makes privacy a challenging, but it’s also something that’s definitely worth spending your time on as a user as well as a builder of technology. So what do you think? Let me know. Hit me up online. I’m at Mark NCAA in the comments Down Below on his Always by email me at Mark n.

C a I hope you are set up for a fantastic day. Look forward to talking about this online and we’ll see you on the next episode of the show. Morning, everybody. How you doing today on this episode of the show. We’re going to talk about your web browser and privacy don’t a recent episode of recode decode with Kara Swisher.

She spoke to Gabe Weinberg. He’s the CEO and founder of DuckDuckGo a very popular privacy-focused search engine and the topic of their conversation. What is online search on my privacy social networks? They kind of just went all over the place but really focusing around privacy, and I thought it was really really interesting.

There was a few terms that popped up in this conversation that I’ve heard in common usage around that I’m not quite sure people truly actually understand and I wanted to cover those here because they’re directly related to cyber security and privacy and I think even just in general users is really important that people are extremely clear on what these things mean.

So the first term of the game and Care are talking about is opt-in vs. Opt out. I hope everybody already gets but I want to cover it just to make sure so opting into something means actively making a choice to enable something. So in the in the context of privacy and web browsing, it’s actively enabling location features, right opting out is the exact opposite.

Something is actually make a choice or find a preference or flip a switch to get out of it. So great example is location by default location sits in between. Both of these things sites can ask for your location on Safari on Mac OS Mojave, but you have to confirm that you’re going to be able to Grant it.

So by default the service is on but each website you need to opt-in for for 24 hours. That’s a a line decision. Where is both often and out that which is an interesting in Tampa on the reason why I brought it up. I brought it up because you can actually go into your settings in Safari and turn off location services.

Miss a nut there off you can’t enable by default the features on and then each individual site you need to opt in for that’s a reasonable balance have the capability is there and sites can individually prompt you and Buddy might not be the right balance for you. So knowing that that’s there is absolutely critical a really bad example of a common example that I feel is negative is probably a better way to say it I’m is the vast majority of insurance contracts have opting at least here in Canada have that your default get sent out of your information by default get sent to the US for processing a and it’s basically offshoring you’re dating is a whole bunch of other things that you agree to buy unless you Opt at 8 to find that in your contract you need to then actually jump through the Hoops to opt out of these things.

That’s bad because there’s no that hate something wouldn’t want this Behavior, but they are going to make it hard to get there. I’m so that the concept of opting in an octagon. Is it on by default and people have to remove themselves or is it off by default in people have to explicitly opt-in when it comes to privacy.

That’s a critical critical difference in my feeling is the general rule is that you should be opting into things that touch your privacy. So anything or to be sharing information about you need to be opting in and there should be rules around how often you can actually pot, you know, ask people and prompt them and basically Magnum to opt-in if they’re choosing not to but I think that’s absolute vs.

Opt out. Another one is the do not track feature in your web browser and most web browsers have this feature. It’s a simple checkboxes his do not track me with other websites the most people believe that once you turn this on your no longer tracking the difference is that has no teeth zero nothing not a does does not basically all do not track does is sends an extra bit of information with your ride request that says, I’d prefer not to be tracked, please.

It’s you raising your hand and it get depending on what browser you are using. This is either opted-in or opted out. It’s on by default or it’s off by default. But even if it’s on it really it’s a feature that bothers me because it’s one that should be A great feature, but it really because it has no teeth that just gives you the idea that you’ve done something.

I’ve done something what have I done? I’ve made sure that I’m not tracked. I’ve said do not track me and the reality is You’re simply raising her hand and say I’d prefer not to be tracked in and it’s the websites responsibility to respect that had her and for every user that has that option A and has raised their hand to actually not track them.

So again do not track doesn’t actually really do anything don’t rely on it for your privacy and ad blocker or just an outbound firewall that prevents any access to a bunch of these I’m tracking site is far more effective and the last area I wanted to talk about that came up in this recode decode episode, which you should really check out because it’s a great conversation between Gabe and Kara is Incognito or private browsing mode.

I cannot tell you the number of times that I’ve talked to people are like, I don’t know I just brows with private and it’s great and nobody can see what I’m doing. That is not how Private browsing Works private browsing incognito mode within your browser allows you to open up a new window even on mobile.

This works at 8 opens up a new window and normally coded differently colored differently. So you can understand that you’re in a different mode and what it does is it doesn’t cash anything locally including cookies and it doesn’t keep a history. So there’s no local browser history. So a lot of the time, you know, you’ll see that joker logo better go clear my browser history private mode doesn’t keep a browser history that does nothing to hide the activity from the server side.

So the server still sees your IP request time. It’s still see some browser metrics and they can still you know, someone track activity. They won’t be able to cookie you and track you across and but it’s not foolproof. It is more of a local the fact there’s a lot of holes is better than nothing.

But again, there’s a lot of holes in private or incognito mode browsing. It’s not what people assume we’re just like, oh I turn this on and nobody knows what I’m doing. It will prevent local. Facts for the most part but if you download files, they’re still downloaded it just going to prevent Those Behind the Scenes cashing a cookie.

So three major Concepts years are ramping up do not track doesn’t really do anything Incognito in private mode just stops a history really from being built and everything else is still on for tracking on the website and opt-in vs. Opt out which is by far the most critical concept, but these three things popped up in this conversation.

I thought I was really important just to kind of reiterate them here so that everybody is reminded of what they actually truly mean and if you are Building Technology, please make it opted in for the most part of anything touches privacy definitely should be off to in opt out for other things so common.

I just did to hit the nail on the head yet again a very common thing that I see on apps is that by default? It sounds very detailed usage metrics back to the application creator. Those should be opt-in and they should not be opt out and simply because that information can be pretty sensitive sometimes.

Aggregate data on that really makes privacy a challenging, but it’s also something that’s definitely worth spending your time on as a user as well as a builder of technology. So what do you think? Let me know. Hit me up online. I’m at Mark NCAA in the comments Down Below on his Always by email me at Mark n.

C a I hope you are set up for a fantastic day. Look forward to talking about this online and we’ll see you on the next episode of the show.

More Content