You Are The Product: How Your Web Browser Makes Money

Tuesday, 5 November 2019
Bob Leggitt
You're treading a line between convenience and privacy. But web browsers are fighting a battle of their own.
Money and mouse
Image by Bob Leggitt - @PlanetBotch

Have you ever wondered how web browsers such as Firefox and Chrome can possibly be free? I mean, not only is highly skilled human labour required to build these marvels of technology – it's also required to keep them constantly updated and fully tested, on an endless basis. That scale of development and maintenance is incredibly labour-intensive.

While some browsers are derived from open-source development projects, they do still require a lot of funding. So, if you’re not paying that cost, who is?

Browsers are financially supported by business deals, data-leverage and/or public donations. They may not look like they’re showing you ads, but they have a big influence over your behaviour. They can use their elevated position in your daily tech toolkit to entice you, trick you, or even force you into giving big tech what it wants.

The address bar, URL bar or "Omnibox" of your browser is most likely to be a piece of unmitigated spyware.

The browser’s two primary money-spinners are…

  • Facilitating the mining of your data.
  • Keeping brands within your field of vision.

The latter can come in the form of preset bookmarks, “speed dial” displays on new tabs, built-in RSS feeds, etc. Anything that puts the name of a third party in front of the user is an ad. But what about the former?…

BUILT IN APPS

Browsers are clawing in money from far more than ads. The next step up is the “built-in service”. The idea with this is that a third party service provider pays the browser manufacturer to actually integrate their service into the browser so that it’s live by default. The third party service then mines and financially leverages users’ data. This is extremely insidious, as many, or even most users assume all functions within a browser are provided by the browser developer. People will therefore not think twice about using them.

In a well documented case, privacy advocates complained when Firefox hardwired the third party app Pocket into its browser in 2015. There were many facets to the complaint, including the fact that no one without tech knowledge could disable the feature. Firefox responded with weasel words. And where there are weasel words, there’s money.

Firefox and Chrome are held to high standards, and Tor is held to even higher standards still. But down in the more obscure echelons of browserdom you’ll find products with all sorts of junk pre-loaded in them. Lunascape, for example, has a bookmarks bar full of online shopping links, and streams headlines from various news sites along the top bar. It’s like being on a portal before you even load a page. These relatively obscure browsers make the cleaner-interfaced biggies look trustworthy. They’re not – they’re just more conscious of their image.

Browsers love you to think that they’re your ally in the war against aggressive data-mining. But in truth they're fighting a battle of their own, which trades off their need for your allegiance, against their need to secure funding from the data creeps.

THE URL BAR OR "OMNIBOX"

The address bar, URL bar or "Omnibox" of your browser is most likely to be a piece of unmitigated spyware. That’s certainly the case with Firefox and Chrome – even if you’re surfing with a brand new computer, on which you’ve done absolutely nothing at all apart from download the browser itself. Let me work up to that via a short diversion…

All well known browsers will have a default search engine. The provider of that default search engine will pay a major browser for inclusion – unless, as in the case of Chrome, the default search provider is also the provider of the browser.

The default search engine may be designated as the browser’s homepage, so you go to the search provider’s actual website when you open the browser. Of course, you can easily change the homepage, and many people do. Far too many for the search providers’ liking.

So the default search engine may also appear as a “quick search” box built into the browser’s toolbar. Often, this box is difficult or impossible to remove, and whilst there are usually selectable search engine options, you probably can’t delete them all. In some cases, ordinary users won’t be able to delete any of the search options, or add their own choice(s).

So, that’ll be enough to keep users using the default search engines, right? Oh no. The default search engine doesn’t just want to be permanently available to you. It wants your data even when you have no intention whatsoever of using a search engine…

Firefox, Chrome and other browsers release with live monitoring of the address/URL bar. Try typing in a word or phrase that isn’t a URL. Do you see search suggestions? When you’ve typed in your phrase, hit return/enter and see what happens. Did the browser perform a search on that word/phrase? If so, the URL bar, or “omnibox”, is being live monitored. It’s “listening” to everything you type in, then sending it all to the default search engine for collection. Most of the time, that applies whether or not you actually hit enter. And data, remember, is money.

Worse, even supposedly friendly browsers make this function incredibly difficult to completely switch off. On both Firefox and Chrome you have to go into the hidden developer-level settings to stop the URL bar acting as a data-mining tool.

LAX PRIVACY BY DESIGN

On the free Internet, there’s a direct trade-off between privacy and service use. So the fuller an extent to which you want to utilise the free Internet, the more your privacy is going to be invaded. Privacy obsessives are well used to foregoing access to many sites, because the sites simply won’t accept their privacy settings.

The default search engine doesn’t just want to be permanently available to you. It wants your data even when you have no intention whatsoever of using a search engine…

Browsers love you to think that they’re your ally in the war against aggressive data-mining. But in truth they're fighting a battle of their own, which trades off their need for your allegiance, against their need to secure funding from the data creeps, or leverage your data themselves.

So they lull you into a sense of security by giving you a set of privacy tools, which allow you to balance your privacy against your need for online services.

But whilst the most commonly used browsers to some extent have the capability to block out the data creeps, by default they don't. Unless you're using Tor, your browser will probably come as standard with poor privacy settings. It’ll accept native cookies from all sites, allow JavaScript spyware to run unchecked, and track you directly with built-in mechanisms such as the URL bar… And these are just the obvious issues. Delve deeper into those settings and you'll find stuff that even privacy advocates often miss…

HIDDEN DATA CREEPS: USE A WEB SERVICE TO…

Have you ever wondered why all those “Use a web service to…” checkboxes come under the Privacy heading in your browser’s settings? Stuff like the navigation error-defender, the prediction service and such. Well, that’ll be because these 'services' compromise your privacy – and they’re normally set active by default. Uncheck all of those boxes and see if it makes a scrap of difference to anything. It won’t. The only people these deep undercover 'services' are really serving is themselves – with your browsing data. I mean, you’re not even told who they are. There’s only one reason this stuff is buried, and referred to anonymously as "a web service". The browser manufacturer knows YOU DON’T WANT IT.

C’EST LA VIE

Ultimately, we have to accept that if we’re not paying or labouring to use a costly tech tool, we’re going to be the product. And that applies with browsers just as it does with social media. Keeping the Internet free to use is always going to involve techware doing stuff we don’t like, and perhaps being quite substantially coy about the worst of its activities.

And everyone has different privacy tolerances. While I might by force of habit use The Onion Router and a false postcode to get a price comparison quote, my next door neighbours may be quite happy to let Facebook put a camera and listening device in their lounge. Mark Zuckerberg, as we know, thinks they’re “dumb fucks”. But they probably have an easier life than I do with my constant anonymising processes.

We have to choose which matters more. Privacy? Or convenience? But it’s still important that we know what our tech tools are doing. Knowledge is power. Ignorance is vulnerability.