Ghostery’s Annual Privacy Review (2024)
Privacy has emerged as a major concern due to the expansion of questionable data collection practices and high-profile data breaches.
With technology integrated into nearly every aspect of our lives, our personal information is more vulnerable than ever. More data protection regulations are needed.
We’ve reviewed the privacy protections offered by three web browsers where Ghostery operates (Apple Safari, Google Chrome, Mozilla Firefox), a social media company (Meta’s Facebook), and an AI company (ChatGPT’s OpenAI), and compared how their safeguards measure up.
Apple has marketed itself as a privacy-focused company, with CEO Tim Cook declaring privacy a “fundamental human right.”
Apple's philosophy is to collect as little user data as possible. Its business model relies on hardware sales rather than targeted advertising, giving it less incentive to monetize user data.
The company has focused increasingly on services to add value to devices and drive recurring revenues. Key services now include Apple Music, Apple TV+, Apple Arcade, Apple News+, and iCloud storage. Apple leverages its over 2 billion active Macs, iPhones, and iPads to cross-sell these digital services.
As device sales growth has flattened, Apple's services segment has become its fastest growing revenue stream. By integrating hardware, software, and services, Apple aims to provide a seamless experience and additional value to customers.
Safari Tracking Prevention
One of Apple's key privacy features is Tracking Prevention in Safari, offering a wide range of benefits. It uses on-device machine learning (algorithm) to identify and restrict invasive cross-site tracking capabilities. This prevents advertisers from building detailed records of your browsing behavior.
In 2023, Safari 17 brought new privacy features, such as locked private browsing when not in use and an option for a separate private search engine.
Apple has other privacy features that we’ve explored here. These tools make it harder for companies to follow what you do across different websites.
Some companies track people across sites to show targeted ads and collect data. They can also “fingerprint” devices by looking at small details about your phone or computer to identify you. Apple's tools stop some of these tracking methods from working.
Apple's tools also make fingerprinting more difficult by hiding or removing access to certain details about your device that companies could use to identify you. For example, they may restrict access to device sensors, fonts, plugins, and other small details.
One way Apple protects privacy is by blocking third-party cookies from being set on your device without asking you first.
By default, Apple blocks these third-party cookies so those companies can't use them to track you.
Websites can plant hidden trackers that follow you as you browse other sites. However, Apple's Safari browser blocks trackers and isolates each website you visit into its own sandbox.
Site isolation keeps each website siloed, unable to monitor your digital footprint across the internet through the sites you’ve visited. This prevents trackers on one site from communicating with trackers on another site to build profiles of your browsing history.
This preserves privacy by preventing unsolicited surveillance of your browsing behavior by third-party sites.
Advanced Tracking and Fingerprinting Protection
This year, Apple unveiled a new setting called Advanced Tracking and Fingerprinting Protection.
Apple's new Advanced Tracking and Fingerprinting Protection prevents the invasion of your privacy while browsing. Marketing agencies have increasingly used techniques like cross-site cookies and unique IDs embedded in links to track your activity across websites.
Safari now strips these identifying parameters from URLs as you navigate or copy links. It analyzes each URL and removes tracking IDs while leaving the rest intact so pages still function normally. Additionally, Safari blocks known fingerprinting and tracking resources from loading when you visit webpages.
Link Tracking Protection extends beyond your browser as well — it works on links shared via Mail and Messages too.
Advanced Tracking and Fingerprinting Protection is on by default for Private Browsing, but users can enable it for regular browsing, too. With just a quick setup, you can enable it and browse more privately.
While Apple talks a big game on privacy, some critics argue there are still potential loopholes.
For instance, iPhones collect a large amount of user data like location, WiFi usage, and internet activity that is sent to Apple servers, allowing for detailed tracking even when the device is inactive.
The iPhone is a gluttonous collector of user information. The devices beam location data as well as information about Wi-Fi usage and internet usage to Apple’s servers, even when we think the devices are slumbering. That type of data opens up iPhone owners to alarmingly accurate tracking by third parties, including their whereabouts, political leanings, job and family status, ethnicity and net worth.— Greg Bensinger
Moreover, Apple introduced a privacy feature in iOS 14 that was supposed to hide users’ unique Wi-Fi MAC addresses when connecting to networks and replace it with a private address unique to each network. However, researchers have now discovered the feature never worked as intended — iPhones continued exposing users’ real MAC addresses. Apple only acknowledged removing vulnerable code in the iOS 17.1 fix without explaining how the major issue went unnoticed for so long.
Outside of Safari, apps can still track users via fingerprinting techniques. Apple's “do not track” option for limiting app tracking did not fully solve privacy issues, as fingerprinting techniques can still be used to identify and track users. Users need a network-level solution like Pi-hole or NextDNS to stop this method of tracking.
Overall though, Apple offers the strongest privacy protections of the big tech companies. The California-based company boasts many privacy protections throughout its ecosystem.
Google's business model centers around targeted advertising, requiring extensive tracking and profiling of users for ad personalization. The Google privacy terms creates an inherent conflict with user privacy. The company states that it aims to balance privacy needs with business objectives, but its actions often undermine that.
Google has faced controversy for its privacy practices, especially for its use of user data for advertising purposes. Google's main source of revenue is from selling ads that are tailored to users’ interests and preferences, based on the data it collects from their online activities.
One of the ways that Google tries to address these concerns is by offering a feature called Privacy Sandbox in Chrome. It is designed to protect users from online tracking by restricting the ability of trackers to access user data and browser resources.
Chrome Privacy Sandbox
The Google Privacy Sandbox is an initiative led by Google to create web standards that allow websites to access user information for advertising purposes without compromising privacy.
Its main goal is to replace third-party cookies and device tracking with new technologies that keep user data private while still enabling relevant ads. Some of the key technologies include Topics API, Fenced Frames, and Attribution Reporting.
Privacy Sandbox is part of Google's broader privacy strategy, which aims to balance the needs and interests of users, publishers, and advertisers.
Google claims that Privacy Sandbox will enable a more sustainable web ecosystem, where users can enjoy free and diverse content and services, publishers can generate revenue and reach audiences, and advertisers can deliver relevant and effective ads, all while respecting user privacy and choice.
The Privacy Sandbox fits into Google's broader push towards privacy-focused advertising strategies. The goal is to improve user privacy while maintaining an ad-supported web.
Google’s Privacy Sandbox aims to replace third-party cookies while still enabling personalized advertising. And while limiting cookie tracking seems beneficial, there are many other tracking vectors that remain unaddressed like fingerprinting.
The changes require advertisers to use Google as a middleman for ad targeting. Google will likely amass more user data through new tracking techniques rather than meaningfully protect privacy. This will reduce competition in online advertising while expanding Google’s market dominance.
The feature fits into Google’s broader pattern of prioritizing profits over consumer privacy protections. Google stands to gain greater control over web tracking, user data, and ad targeting.
The Privacy Sandbox shows Google’s attempt to blend user privacy and web advertising. On its surface, this kind of Google data policy reduces invasive tracking by external companies — a positive step. However, it will further concentrate user data and tracking power within Google.
The new initiative risks decreasing consumer choice, increasing Google's data collection, and weakening privacy protections in Chrome.
To disable Privacy Sandbox in Chrome, navigate to
chrome://settings/adPrivacy in the URL bar and disable each category.
Microsoft is one of the world's leading technology companies, with a wide range of products and services that millions of people use every day. As such, Microsoft has a huge responsibility to protect the privacy of its users and customers, and to uphold their trust and confidence.
One of the ways that Microsoft demonstrates its commitment to privacy is by offering a tracking prevention in its Edge browser. This feature is designed to protect users from online tracking by restricting the ability of trackers to access browser-based storage and the network.
Edge Tracking Prevention
Tracking Prevention in Edge is a feature that blocks potentially harmful or unwanted trackers from collecting data about your browsing behavior.
Trackers are snippets of code that can track what sites you visit, what links you click, your location, device information, and more. This data can be used to fuel targeted advertising and to build detailed profiles about you. Some trackers can even compromise your security by using techniques like fingerprinting and cryptomining.
Edge offers users three levels of tracking prevention: Basic, Balanced, and Strict. Users can choose the level that suits their preferences and needs, and adjust it at any time. The levels differ in how they block trackers from sites that users never engage with, and how they affect site functionality and personalized ads.
By default, Edge only prevents some access to advertising and social trackers. Analytics are not blocked at all, and bumping up prevention to Strict causes some websites to break.
Edge blocks malicious trackers such as fingerprinters and cryptominers (found in Disconnect lists), regardless of the level chosen.
Users can see how many trackers Edge prevented on a page by clicking the padlock icon in the URL bar and selecting Trackers.
Like Google, Microsoft has faced antitrust and privacy controversies of its own, including backlash over Windows 10 privacy settings when the operating system first launched. And while tracking prevention in Edge is useful and convenient, it is not without its challenges.
Unlike other privacy respecting browsers available, Edge doesn’t provide comprehensive privacy outside of blocking third-party trackers. Not to mention Microsoft has their own trackers.
What’s more, Edge was found sending device-linked identifiers that persist across fresh installs and linking apps on the same device. Edge also collects extensive telemetry, which you can disable in the settings.
Users who want to enhance their privacy online should not rely solely on Edge's tracking prevention, but also take other measures. This includes reviewing their privacy settings in Windows and other Microsoft services, and managing their data on the Microsoft privacy dashboard. (See also Microsoft data protection.)
Tracking prevention in Edge is a welcome feature, but by default it doesn’t provide comprehensive protection on ad- and tracker-heavy sites. There is more to a private browser than just blocking third-party trackers (like site isolation), though this is a good start for the less privacy-conscious consumer.
You can navigate to
edge://settings/privacy in Edge to adjust your tracking prevention preferences.
Mozilla is a globally recognized pioneer of the open source movement, best known for its popular free web browser, Firefox.
One of the ways that Mozilla demonstrates its commitment to privacy is by offering a feature called Enhanced Tracking Protection (ETP) in its Firefox browser.
Firefox Enhanced Tracking Protection
ETP is designed to protect users from online tracking by blocking or limiting trackers’ access to user data. ETP blocks or limits user tracking mechanisms like cookies, scripts, and other code that collect data about your browsing behavior and personal interests.
Trackers can use this data to fuel targeted advertising and to build detailed profiles about you. Some trackers can also harm your security by using techniques like fingerprinting and cryptomining.
Firefox offers users four levels of ETP: Standard, Strict, Custom, and Off. The levels differ in how they block or limit trackers.
However, to block key site tracking requests, and gain more fingerprinting protection, you need to change protections to Strict. This alone enables a number of adjustments under-the-hood, such as Smartblock shims, query parameter stripping, and more isolation technology.
While this all helps, you’ll still need a tracker blocker like Ghostery for full protection against third-party tracking.
You can enhance privacy protections by visiting
about:preferences#privacy in Firefox.
Outside of blocking a small list of fingerprint requests, the Firefox team is gradually rolling out active fingerprint protection, simply called Fingerprinting Protection (FPP). It’s enabled by default when using ETP Strict.
This implementation is supposed to be a more user-friendly alternative to Mozilla’s hidden and heavy-handed approach to fingerprint protection called Resist Fingerprinting (RFP), which is enabled in the Tor browser. It breaks a lot of needed functionality on websites.
Mozilla has increased Firefox’s default privacy protections over the years, but users must still install an ad blocker and customize browser settings to maximize privacy.
Shifting away from web browsers, we now turn to Facebook, one of the most widely used social media platforms today.
The company does offer some privacy controls like Privacy Checkup. This tool guides users through ad targeting preferences.
Privacy Checkup empowers you to strengthen account security. Facebook privacy settings also allow you to “control” the visibility of shared information and dictate how it's used.
However, our two most pertinent categories Your data settings on Facebook and Your ad preferences on Facebook are shallow, providing little data privacy for Facebook.
The former only allows you to revoke third-party logins using your Facebook credentials. The latter provides limited controls over what profile data can be used for targeted advertisements.
How to Access Privacy Checkup
To access Facebook’s Privacy Checkup:
Click on your profile image in the top-right of the page.
Select Settings & privacy.
Select Privacy checkup.
Click on each thumbnail and adjust the settings.
Facebook has been plagued by privacy scandals like Cambridge Analytica, fueling widespread public distrust. The company faced a record $5 billion fine in 2019 from the FTC over deceptive privacy practices. Facebook agreed to a $725 million settlement for privacy violations from the Cambridge Analytica scandal in April 2023.
In April 2021, personal data of over 530 million Facebook users was leaked online by hackers who exploited a vulnerability in 2019 to scrape profiles. Facebook decided not to notify impacted users, framing it as an unavoidable data scraping issue for social media platforms. In November 2022, Meta was fined around $276 million by Ireland's Data Protection Commission for privacy violations related to this incident.
Unlike the web browsers we reviewed, there is no preference to turn off data collection in the Facebook privacy settings.
Outside of not using it at all, users have little control over how their data fuels Facebook’s data collection machine.
Lastly, we look at ChatGPT, which exploded in popularity in 2023.
We will focus on ChatGPT, a conversational AI that can chat with users on various topics, using a large language model trained on a broad corpus of text.
ChatGPT Chat History
By default, ChatGPT stores the conversations that users have with it, and uses them to further train and refine the language model. This helps ChatGPT to learn from user feedback and provide better responses over time.
However, some users may prefer to keep their conversations private. For those users, data controls offer an easy way to opt out of chat history and model training.
Data controls in ChatGPT are settings that allow users to turn off chat history and choose whether their conversations will be used to train and improve the language model. These settings also give users the option to export their ChatGPT data and permanently delete their account.
Disable Chat History
To disable chat history and model training:
Click on your name in the bottom-left corner.
Select Data controls.
Disable Chat history & training.
When chatting with AI systems like ChatGPT, bear in mind your conversations are not private. The texts you input may be viewed by the company to improve their system. There is also still a need for data privacy laws and AI security.
While AI may appear intelligent and conversational, it lacks confidentiality. Discuss personal matters judiciously and don't overshare private details without considering who may access that information. Only share what you feel comfortable providing to a system that retains your data.
Ultimately, Apple leads among the major tech platforms in emphasizing privacy protections in its products. However, no tech company offers full protection. More data protection regulations and data privacy laws are sorely needed.
Privacy is a complex and dynamic issue, and there is no one-size-fits-all solution. Each company has its own approach to privacy, which reflects its values, goals, and challenges. As users, we should be aware of the privacy implications of using different products and services, and make informed choices that suit our preferences.
We should also take advantage of the privacy tools and settings that are available to us, and complement them with other privacy measures. By doing so, we can protect our privacy and security online, and enjoy a more diverse and sustainable web ecosystem.
Users should minimize sharing personal information whenever possible, adjust account settings to preserve their online privacy, and use a tracker blocker like Ghostery — which works well on all browsers, also blocking ads and trackers while using social media.
Have questions? Get in touch. We’re always happy to help.