Three Trends Killing Web Privacy and Decentralization

The World Wide Web has revolutionized human communication, but it’s under threat.

We at Brave think this distributed and interlinked information system is unique among platforms for many reasons: Its design and direction aren’t controlled by any one organization. Its pages and applications are modifiable by users (e.g., extensions, ad/tracker blocking, more general browser configuration, etc). And its decentralized design gives the web the potential to be more privacy-preserving than any other system.

Brendan Eich, is the CEO and co-founder of Brave. Peter Snyder is a senior privacy researcher at Brave. This article is part of CoinDesk's "Internet 2030" series.

Brave may be best known for protecting privacy on the web today, but we’re concerned with long-range trends, too, particularly those that could weaken, or effectively end, its decentralized nature. And while it is difficult to build privacy-preserving decentralized systems, preserving privacy on the web will become even more difficult as more and more control is centralized in fewer organizations.

We’d like to describe three threats to the web’s decentralization, and explain why we think they should concern everyone.

Centralization in content distribution

The growth of centralized distribution systems is harmful to web decentralization. More specifically, while we’re concerned about more and more of the web being served from fewer and fewer CDNs [content delivery networks], we’re especially concerned about systems like Google’s AMP or a potential WebPackaging based AMP follow-up, which impose design decisions on publishers (and so, indirectly, on other browsers, too).

Privacy and decentralization are mutually supporting aims

The more of the web that is served from a single party, using a format designed primarily by a single party, the fewer voices and goals end up in future design of the web. And while Web 3.0 cannot ensure that the web reflects a broad range of uses and needs, a centralized web nearly ensures it won't.

Consent management systems and delayed alternatives

We think it’s obvious that the future of the web is privacy-by-default: Privacy-focused tools like Brave are rapidly growing in popularity, and legislation like the GDPR and CCPA increasingly recognize that people have a right to privacy. However, the proposals from tracking companies on how current systems can be maintained are tragicomically complicated, piling layers and layers of machinery on top of outdated, user-harmful systems to try and resist change.

See also: Privacy Laws Are Only as Effective as the Companies Implementing Them

The existing, centralized, surveillance economy is making last-ditch efforts to slow down privacy as much as it can. Systems like the Orwellian-named “consent management platforms” offer to store information about what kinds of tracking users “consent to,” often through dialogs riddled with dark patterns and inscrutable descriptions, designed to trick, confuse or exhaust users into “consenting.”

These systems are harmful to the goal of a privacy-preserving decentralized web because they slow progress and speed regress. To anyone paying attention, the future isn't in massive databases collecting quasi-consent signals to excuse privacy violations. The future of the web is in privacy-by-default, and the sooner the surveillance economy recognizes the inevitable, the faster we can advance.

Centralized profile building

Finally, we think the current, widespread practice of collecting and building profiles of people (both on and off the web) is antithetical to the underlying goals of decentralization, in addition to being unethical.

Centralized profile building increases the incentive for sites to track you, essentially to "monetize" your data by selling it to data brokers. The scope and risks of decisions made on the web are difficult for users to predict, and generally puts trackers and data brokers in positions of enormous, unaccountable power. At the limit, this leads to psychological warfare campaigns via ad campaigns and promoted “user-generated" content.

Here, privacy and decentralization are mutually supporting aims. Improving privacy will reduce the "usefulness" of user profiles, thereby decreasing the ability of trackers to centralize power on the web. Likewise, a decentralized web, where no single party can track you, will make it much more difficult for the data collectors to violate your privacy in the first place, in order to achieve monopoly or market power.

Power brokers?

Privacy violations and increasing power centralization are just two of the many threats to what makes the web a unique, and uniquely user-centering, platform. Other threats range from making sure the web is usable and enjoyable to everyone everywhere, not only those with the latest devices, to making sure that websites are accessible to users of all physical needs and abilities.

See also: Ben Powers – When Corporations Violate Privacy, They Do Concrete Harm

The more people and organizations involved in web standards, in activism and in browser development, the better we can ensure the future of the web is private-by-default, decentralized and always serves the user first.