There are widespread web tracking practices that undermine users’ human rights. However, safeguards against web tracking can and are being deployed by various service providers. ARTICLE 19 supports these initiatives to protect user privacy and anonymity as part of a wider shift toward a more rights-respecting sector.
Web browsers are our guide across the internet. We use them to connect with others around the globe, orient ourselves, and find what we need or want online. The resulting trail of data that we generate of our preferences and actions has been exploited by the increasingly interdependent business models of the online advertising industry and web browsers. As advertising publishers, agencies, and service providers aim to maximise profit from advertisers by delivering increasingly personalised content to users, web browsers have strong incentives to collect as much data as possible about what each user searches, visits, and clicks on to feed into these targeted advertising models.
These practices not only threaten users’ right to privacy, but can also undermine other fundamental rights, such as freedom of expression and access to information and non-discrimination.
How we are tracked online
A number of mechanisms used by web browsers for ad targeting and tracking can also be used to cross-reference and track users, block access to websites, or discriminate among users based on profiles generated about them from their online activities and physical location. These mechanisms include:
- Web usage mining, where the underlying data, such as pages visited and time spent on each page, is collected as clickstreams;
- Fingerprinting, where information such as a user’s OS version, browser version, language, time zone, and screen settings are collected to identify the device;
- Beacons, which are graphic images placed on a website or email to monitor the behaviour of the user and their remote device; and
- Cookies, which are small files holding client and website data that can remain in browsers for long periods of time and are often used by third parties.
Being subject to these practices should not be the non-negotiable price of using the internet. An increasing number of service providers are developing and implementing privacy-oriented approaches to serve as alternatives – or even the new default – in web browsing. These changes range from stronger, more ubiquitous encryption of data to the configuration and use of trusted servers for different tasks. These safeguards may be deployed as entirely new architectures and protocols by browsers and applications, and are being deployed at different layers of the internet architecture.
Encrypting the Domain Name System (DNS)
One advancement has been the development and deployment of internet protocols that support greater and stronger encryption of the data generated by users when they visit websites, redressing historical vulnerabilities in the Domain Name System (DNS). Encrypted Server Name Indication (eSNI) encrypts each domain’s identifiers when multiple domains are hosted by a single IP address, so that it is more difficult for Internet Service Providers (ISPs) and eavesdroppers to pinpoint which sites a user visits. DNS-over-HTTPS (DoH) sends encrypted DNS traffic over the Hypertext Transfer Protocol Secure (HTTPS) port and looks up encrypted queries made in the browser using the servers of a trusted DNS provider. These protocols make it difficult to detect, track, and block users’ DNS queries and therefore introduce needed privacy and security features to web browsing.
Privacy-oriented web browsers
Another shift is in the architectures and advertising models of web browsers themselves. Increasingly popular privacy browsers such as Tor and Brave help protect user data and identity. Tor encrypts and anonymises users’ traffic by routing it through the Tor network while Brave anonymises user authentication by using the Privacy Pass protocol, which allows users to prove that they are trusted without revealing identifying information to the browser. Brave’s efforts to develop a privacy-centric model for web advertising, including a protocol that confirms when a user observes an ad without revealing who they are and an anonymised, blockchain-based system to compensate publishers, have been closely followed by Apple and Google, which aim to standardise their own web architectures including Apple Webkit’s ad click attribution technology and Google Chrome’s Conversion Measurement API.
Although there are some differences, Brave’s, Apple’s, and Google’s advertising models all include mechanisms to limit the amount of data passed between parties and the amount of time this data is kept in their systems, disallow data such as cookies for reporting purposes, delay reports randomly to prevent identifiability through timestamp cross-referencing, and prevent arbitrary third parties from registering user data. As such, they not only protect users’ privacy and anonymity, but also prevent cross-site tracking and user profiling.
Despite protocols such as eSNI and DoH and recent privacy advances in web browser advertising models and architectures, tracking of online activities continues to be the norm. For this reason, service providers that are working toward industry change are advocating for the widespread adoption of secure protocols and the standardisation of web browsing privacy models to redress existing vulnerabilities that have been exploited to monetise users’ data without their knowledge, monitor and profile them, and restrict the availability of content.
If privacy-oriented protocols and privacy-respecting web browsing models are standardised and widely adopted by the sector, respect for privacy will become an essential parameter for competition among not only web browsers, but also ISPs and DNS servers. This change can stimulate innovation and provide users with the choice between more and better services that guarantee their fundamental rights.
Challenges for privacy-enhancing initiatives
While these protocols and models have been welcomed by a number of stakeholders, they have also been challenged. Critics claim that these measures make it more difficult, if not impossible, to perform internet blocking and filtering. They claim that, as a result, privacy models undermine features such as parental controls and thwart the ability of ISPs and governments to identify malware traffic and malicious actors. These challenges rest on the assumption that there is a natural trade-off between the power of parties who retain control of the internet and the privacy of individual users.
In reality, however, technological advancement constantly occurs as a whole; updated models lead to updated tools and mechanisms. Take DoH and its impact on parental controls as an example. DoH encrypts DNS queries, rendering most current DNS-filtering mechanisms used for parental controls obsolete; these mechanisms rely on DNS packet inspection that cannot be done on encrypted data without intercepting and decrypting the stream first. In response, both browsers and DNS servers are developing new technologies and services. Mozilla launched its “Canary Domains” mechanism, where queries for ISP-restricted domains are flagged and trigger DoH to be disabled. DoH-compatible DNS server providers like cleanbrowsing.org implement their own filtering policies at the resolver level. While these responses do not mitigate the need to ensure users’ privacy and access to information rights through strong legal and regulatory protections, accountability and transparency of service providers to users, and meaningful user choice, they demonstrate that the real benefits of browser privacy and security measures should not be thwarted on the basis of perceived threats to the status quo.
Leadership opportunity for the EU
In the European Union, the adoption of the General Data Protection Regulation (GDPR) has obliged all stakeholders in the debate to recognise and comply with data protection and privacy-by-design principles. Moreover, the Body of European Electronic Communication Regulators, whose main task is to contribute to the development and better functioning of the EU internal market for electronic communications networks and services, has identified users’ empowerment among its priorities. These dynamics create an opportunity for EU actors to advance global leadership in efforts toward a privacy-oriented internet infrastructure.
ARTICLE 19 strongly supports initiatives to advance browser privacy, including the implementation of protocols such as eSNI and DoH that facilitate stronger, more ubiquitous encryption of the Domain Name System and privacy-centric web advertising models for browsers. We believe these initiatives will lead to greater respect for privacy and human rights across the sector. In particular, we recommend that:
- ISPs must help decentralize the encrypted DNS model by deploying their own DoH-compatible servers and encrypted services, taking advantage of the relatively low number of devices currently using DoH and the easy adoption curve it implies;
- Browsers and DNS service providers should not override users’ configurations regarding when to enable or disable encryption services and which DNS service provider to use. Meaningful user choice should be facilitated by clear terms of service and accessible and clearly defined default, opt-in, and opt-out settings and options;
- Browsers must additionally ensure that, even as they build privacy-friendly revenue generation schemes and move away from targeted ad models, all of these practices are transparent and clearly defined for users, both in the terms of service and codebase;
- Internet standards bodies should encourage the inclusion of strong privacy and accountability considerations in the design of protocol specifications themselves, acknowledging the effects of these protocols in real-life testing and deployment; and
- Civil society must promote the widespread adoption of secure tools, designs, and protocols through information dissemination to help educate the community and empower users’ choices;
Finally, we urge internet users to support the development and application of privacy-based tools that do not monetise their data by demanding products from their service providers that better protect their privacy.