Browsers have made great strides when it comes to being secure by default. Most apply updates automatically by default, and contain various features designed to detect phishing scams, and avoid insecure websites. Privacy is another matter entirely, though.
To understand the conflict, just examine the debate over the Do-Not-Track initiative. Many companies and browser vendors support Do-Not-Track in theory, but when Microsoft proposed enabling it by default many companies objected. They’re willing to make it an option, but they want it to be off by default, and put the burden on the user to both know the feature exists, and how to enable it.
I wrote about Shema’s RSA presentation in this blog post:
The Web browser is one of the most commonly used applications no matter what operating system or device you choose. It is a means to access services, applications, and information. However, it may also be secretly spying on you and helping companies to monitor and track your online behavior. Browser security and browser privacy are two entirely different things.
Mike Shema presented a session at the 2014 RSA Security Conference titled “Is Your Browser a User Agent or a Double Agent?” He noted that browsers have made significant strides toward being secure by default, but still have a long way to go before they’re private by default.
The major browsers all have automatic update capabilities at this point, so users have the most current, most secure version without having to do anything. Browsers also have controls and features designed to prevent exploits, and use protocols like SSL to protect Web traffic.
Web browsers generally have access to a wide range of sensitive data and user behavior—things that most users don’t want to share, especially without their knowledge and consent. You enter usernames and passwords, credit card details, and other sensitive information, any or all of which may be cached or captured by the browser, or monitored via third-party cookies within the browser.
Most of the privacy concerns related to Web browsers are related to targeting and customizing content like advertising. Rather than just displaying ads that may or may not appeal to you, companies can use information gleaned from your browser history and online behavior to target ads that are more likely to pique your interest.
Click here to read the full post: Browser Security: Make Sure Your Browser Doesn’t Betray Your Privacy.