In the 1990s, web browsers like Netscape Navigator and Microsoft Internet Explorer competed bitterly to offer the snazziest new features and attract users. Today, the browser landscape looks totally different. For one thing, Chrome now dominates, controlling around two-thirds of the market on both desktop and mobile. Even more radical, though, is the recent competitive focus on privacy, a welcome change for anyone who's gotten sick of creepy ad tracking and data mismanagement. But as browsers increasingly diverge in their approaches, it's clear that not all privacy protections are created equal.

At the USENIX Enigma security conference in San Francisco this week, developers, security researchers, and privacy advocates presented differing views of how browsers should protect their users against data abuses. In a panel discussion that included representatives from Mozilla Firefox, Google Chrome, Microsoft Edge, and Brave, all participants agreed that collaboration across the industry has driven innovation and helped make privacy a priority. But some browsers are taking a hardline approach, while others prefer to increase protections within the status quo.

"I think competition pushes everyone toward being more private by default," Yan Zhu, chief information security officer of the Brave browser, said during the panel. "For instance, when Brave sees Safari rolling out a new protection we think 'Oh, we should at least try to match that,' because as a privacy-first, privacy-focused browser that is one of our main selling points."

"When we choose between the existing model and privacy we’ll always choose privacy." Tanvi Vyas, Mozilla

Browsers can take a number of steps to thwart the tracking efforts of websites and ad networks. They can add anti-fingerprinting measures, which make it harder for sites and services to connect your browsing to you based on unique characteristics—a "fingerprint"—of your browser and device. They can block trackers embedded in sites. They can take extra steps to encrypt information about what websites you visit. And they can support third-party extensions that allow users to further adapt and customize their privacy protections.

Another longstanding topic of debate is how to handle third-party website "cookies" that browsers store to customize your web experience, but that sites often also use for tracking. Safari, Firefox, and Brave all take steps by default to block most third-party cookies—much to advertisers' chagrin. They also offer more extreme options to block all third-party cookies, though this still comes with some risk of breaking certain website features. Google announced earlier this month that it will eventually add cookie-blocking features by default, too. An important first step will come this month, but the whole process won't be complete for two years. As a major ad distributor itself, Google stands to benefit from blocking third-party trackers, disadvantaging marketing competitors while potentially relying on signals from its massive user base to tailor ads.

Almost all mainstream browsers take these privacy-friendly steps in some form, but under different conceptual approaches. A lot of the debate hinges on the question of how far to push screening and blocking, given that these protections can sometimes create collateral damage. Privacy defenses can sometimes break legitimate website functionality; comments that load from a third-party hosting service, for example, could be mistaken for a sketchy targeted ad module. So each browser has to weigh how it prioritizes privacy versus ease of use.

"Firefox, Edge, Brave, and Safari all have anti-tracking protections by default, and they all vary a little bit, they all have different tradeoffs," Tanvi Vyas, Mozilla's principal engineer, said during the panel. "But in the end we’re all trying to improve those protections and we’re learning from each other on how to do that. I think we [Firefox] differ from Chrome in that we’re not trying to preserve the existing model. For us our highest priority is privacy, so when we choose between the existing model and privacy we’ll always choose privacy."