Global Browser Market Growth Trajectory
Google's Chrome is undoubtedly the dominant player in the global browser market, only playing second fiddle to Safari in the tablet market. Chrome's dominance, combined with its ad-driven revenue model, has led to accusations ranging from unfairly leveraging its size to suppress competitors to being careless with user data, the latter of which has led to sanctions in the US and Europe. However, despite evidence that other browsers, particularly Firefox and Opera (with Edge showing promise) are far superior in both security and data privacy, the response of consumers has thus far been a resounding yawn. User inertia, more than any other force, ensures Chrome's dominance for the near future though government intervention, particularly in the EU, may serve to curb that somewhat.
Google Maintains Its Dominance ... Unfairly?
- PC browser market share has remained remarkably stable, with Chrome barely changing and with Firefox and Internet Explorer losing some share to Edge:
- Chrome: 66.89% to 66.93%
- Edge: 4.79% to 7.02%
- Firefox: 9.39% to 8.12%
- Internet Explorer: 8.23% to 6.6%
- The one area in which Chrome does not dominate in on tablets, where Safari has an over 50% market share.
- Some argue that Chrome's dominance is not solely due to quality or inertia, but due to unfair business practices.
- For example, former Mozilla CTO Andreas Gal told Bloomberg, "There were dozens and dozens of 'oopsies,' where Google ships something and, 'oops,' it doesn’t work in Firefox. They say oh we’re going to fix it right away, in two months, and in the meantime every time the user goes to these sites, they think, 'oh, Firefox is broken.'"
- While Google's Chromium has been used to update several other browsers, including Opera, Brave, Vivaldi, and a soon-to-come update to Microsoft Edge, at least one developer, Samuel Maddock, reports that Google refused to allow him to use one of their products to complete his new browser without an explanation as to why.
- This virtual monopoly may stifle innovation, according to many experts, as many of the best browser innovations were developed by Chrome's rivals: "Take Opera, for instance," writes Suzanne Scacca for the Web Designer Depot, "which was responsible for giving us browser tabs, thumbnail speed dial, and mouse gestures. Even if it’s never held a large share of the browser market, it’s still been a major innovative force, and one that the big players have had no problem copying."
Chrome's New API ... and a War on Ad Blockers?
- As reported by Wired and picked up on by several other news outlets, over the last 18 months, Google has worked on improving Chrome's extension security. On the one hand, Wired calls this "a welcome goal given the sketchy morass of extensions that have been out there for years." However, they warn, at least one proposed change "threatens to hobble ad-blocking extensions."
- As announced in the Manifest V3 document in mid-2019, Google plans to replace the current Web Request API with a new Declarative Net Request API, which critics claim will hinder ad blockers' ability to "quickly and correctly identify ads" without providing the security and privacy Google claims.
- Google claims that the new API will allow 150,000 rules per extension, a five-fold increase from the original proposal of 30,000 rules, allowing developers more nuance in their extensions. Ad-blocker developers counter that this only serves to increase the costs of development while providing less flexibility than the old API.
- Developers also note that the original rule limit would have crippled existing blockers and the expanded limit doesn't give much room for expansion; e.g., EasyList for Adblock Plus has 70,000 rules and uBlock Origin can have over 100,000 rules, depending on the configuration.
- Critics further note that Google's revenue is largely ad-based, "giving it an inherent incentive to allow ads to run."
- Google denies that there is a conflict of interest publicly, but their 2018 Annual Report lists ad blockers as a possible threat: "New and existing technologies could affect our ability to customize ads and/or could block ads online, which would harm our business... Most of our Google revenues are derived from fees paid to us in connection with the display of ads online. As a result, such technologies and tools could adversely affect our operating results."
- Other browsers, including Opera, Brave, and Vivaldi, intend to continue support of the old API, while Google intends to continue support only for enterprise users.
Privacy and Security Concerns Are On the Rise ... In the Tech Community
- Among tech experts, the security of browsers is becoming an issue of major concern, with 60% of enterprise organizations having been infected with malware through a web browser and 30% suffering data loss as a result.
- As a result, enterprises are fueling the growing remote browser market; a remote browser operates on the cloud, protecting an enterprise's servers from malware by shifting the risk to the cloud servers.
- Being the world's most popular browser has also resulted in Chrome having the most discovered vulnerabilities. Safari is the most secure browser, followed by IE and Firefox. Edge's vulnerability is not yet fully tested, but experts praise its security and privacy features (see above).
- As much as many industry experts eye Google with suspicion, the company has been active in tackling the problem of both vulnerabilities (often patching them within 15 days of discovery) malicious browser extensions, blocking about 1,800 uploads a month and reducing malicious extension installations by 89% since early 2018.
- Moreover, Chrome is not uniquely vulnerable. IE was recently found to be vulnerable to a zero-day vulnerability "that impacts IE across all versions of Windows and can corrupt memory so that an attacker can execute arbitrary code."
- There are also privacy concerns: Industry watchers have noted that while many web browsers block cookies by default, allowing users to choose to opt-in, Chrome "leaves this to its users to configure on their own."
- Chrome makes opting out of third-party cookies easier in a 2019 update, two years after Safari had implemented the same.
- Even apart from this, there are long-standing concerns about how much user data Google collects and how it uses that data.
- Conversely, experts praise Edge not only for its integration with Windows Defender SmartScreen but for its integrated "Do Not Track" and "In Private" options. Opera is considered even more private, with a built-in VPN and ad blocker, and other browsers like EpicPrivacy Browser are hoping to leverage privacy concerns into a share of the market.
- Google's new Declarative Net API (see above) is designed in part to address security and privacy concerns by preventing browser extensions from seeing the details of network requests. Instead, the extension presents its rules to Chrome, which determines whether to implement them and how.
- Despite the widespread concerns about security and user privacy in the tech world, the vast majority of users simply aren't paying attention and/or don't care enough to change browsers.
- While roughly equal numbers (74+%) of people across generations are "concerned" about their online privacy, Millennials are markedly less likely (69%) than Gen Xers and Boomers (77% and 79%) to say that it is "not OK" that online tech companies are collecting their data to make content and advertisements more relevant for them.
Browser User Inertia
- Given the number of hackers looking for its vulnerabilities and privacy concerns, many wonder why Chrome's dominance barely fluctuates.
- While "techies" happily adopt new browsers to take advantage of security improvements, new features, and performance boosters, most users stay with what they know.
- As Tech Republic notes, "Despite all the improvements to the various browser options in terms of performance and privacy, people tend to stick with what they have, seemingly forever."
- This reticence may have harmed Microsoft IE and Edge as the company tried to force users off of older versions and to IE11 in January 2016. Over the next year, the company's global browser share dropped by over 50%.
Microsoft Dropped the Ball, But is Attempting a Comeback
- Microsoft IE once dominated the browser market, but through "a series of missteps and outright neglect" lost the browser wars to Chrome. These missteps continued through the launch of Edge, whose own failings at the time of its launch (e.g., lack of support for add-ons of any kind) quickly reduced its share among even Windows 10 machines from a third to just 11% by November 2018.
- However, there are signs that Microsoft is hoping to recapture some of that market. The new Edge includes several features that are currently absent from Chrome, though the update uses Google's Chromium:
- An experimental "Collections" feature which pulls a list of webpages into a central hub at the click of a button, simplifying shopping and research.
- Improved Share functionality.
- Several tweaks to the user interface and backward-compatibility with pages optimized for older versions of IE.
- Early reviews of the beta are very positive, though it remains to be seen if the improvements will allow the browser to take back market share from Chrome.
- With concerns growing (at least among the tech-savvy) over the growing control of a handful of tech supergiants (Google, Facebook, et al.), smaller web-browser companies Opera and Mozilla are attempting to create a more decentralized version of the internet.
- This project, dubbed the DWeb or Web 3.0, "promises to enable better user control, more competition between internet firms and less dominance by the large corporations," though questions remain regarding its technical and legal feasibility.
- The underlying idea behind Web 3.0 is to enable locating information based on its content rather than its server address, making it possible for information to be stored in multiple servers at once. "This system would enable us to break down the immense databases that are currently held centrally by internet companies rather than users (hence the decentralized web)."
A Note on Our National Insights
In the course of our research comparing internet browser habits, concerns, and other insights for the US, Canada, the UK, Germany, and France, we found that there were relatively few distinctions in the habits of users in these nations, likely due to similarities in cultures and governments. Ergo, many of our findings focus on the legal forces shaping the browser markets of those countries.
Chrome in the Crosshairs, But Firefox Doesn't Benefit
- Washington Post columnist Geoffrey A. Fowler recently published an article (available via the Philadelphia Inquirer) lambasting Chrome for selling user data which excited comment in publications ranging from Slashdot to Mashable to Inc. Magazine, sparking a new conversation on web browser privacy in the US.
- Mashable, in fact, published an article on how to switch to Firefox.
- To quote Fowler, "My tests of Chrome vs. Firefox unearthed a personal data caper of absurd proportions. In a week of Web surfing on my desktop, I discovered 11,189 requests for tracker "cookies" that Chrome would have ushered right onto my computer but were automatically blocked by Firefox. These little files are the hooks that data firms, including Google itself, use to follow what websites you visit so they can build profiles of your interests, income, and personality."
- Despite the news, there was no mass exodus from Chrome to Firefox. In fact, the number of Firefox users has dropped from 312 million to 253 million worldwide over the last three years, leading Mozilla to lay off another 70 employees in January 2020.
- Contra the findings of the German government (see below), a recent article in Privacy News Online claims that Firefox is not as secure or private as claimed, going so far as to call it a "privacy nightmare."
- This challenge comes in the wake of Mozilla announcing that, per the recently-enacted California Consumer Privacy Act (CCPA), it would make it possible for any Firefox user "to delete stored telemetry data that is tied to said user," though the company maintains that it has "strict limits" on how long they hold on to that data.
- The article raises concerns that, despite being stripped of IP information, Mozilla stores its telemetry information in such a way that it can be traced back to the user.
- The article in question was published in late January and we find no evidence that it has yet become a matter of major concern in the tech industry; however, it serves to illustrate how the CCPA, California's version of the GDPR (see below) affects how browsers handle their users' data.
- Chrome is also being affected by the CCPA, with some suggesting that the law threatens the very existence of the third-party cookie.
- Chrome now has a setting to disable third-party cookies, but it isn't enabled by default, possibly signaling "to the industry that it won’t be taking drastic action to destroy how the digital ad economy has operated for decades," in marked contrast to Safari's "aggressive pro-privacy stance."
- Industry observers note that with Google's primary revenue coming through advertising, it has far more to lose from privacy regulations like the CCPA than Apple, whose primary line of business is hardware and apps.
US Browser Market Shares
- US adoption of Chrome is less universal (49.94%) than elsewhere in the world (64.04%) due to far higher adoption of Safari as the browser-of-choice for tablets (32.78% vs. 15.49% globally). This affinity is shared by Canada (see below).
Despite an extensive search of Canadian news and IT industry sites, we find very little to differentiate the Canadian market from that of the US. Indeed, Canadian sources report the same trends, market drivers, and user statistics as their US counterparts, with one exception that will be detailed below. We hypothesize that the two countries are simply so similar culturally and so close geographically that there is a shared internet culture that offers few distinctions.
We anticipated that this would likely be the case in our original scoping, which informed our decision to scale down the number of requests to cover five countries to four for the sake of providing fair value.
Canadians and Privacy
- Canadians are more careful than many in protecting their privacy: "61% reported deleting their browser history, 60% blocked emails (junk mail and spam), and 42% changed the privacy settings on accounts or apps to limit their profile or personal information."
- 57% report being in a cybersecurity incident, primarily being redirected to phishing websites (19%) or being infected by malware (11%). This is distinctly lower than in the US where, for example, malware is estimated to infect a full 30% of computers.
Privacy vs. the Public Interest
- The UK has its own internet filtering obligations for browsers and providers, including strong parental controls and safety standards.
- The Internet Services Providers Association (ISPAUK) has attacked Mozilla's plans to support DNS-over-HTTPS (aka DOH), even labeling the company with this year's "Internet Villain" award for "throwing a monkey wrench in many ISPs' ability to sniff on customers' traffic and filter traffic for government-mandated 'bad sites.'"
- This is because DNS queries and responses are "hidden inside a cloud of encrypted connections, indistinguishable from the other HTTPS traffic" under DOH and therefore invisible to ISPs and other third-party observers. This would bypass the UK's entire national web-blocking scheme.
- Daniel Pryor of the Adam Smith Institute counters, "This Government is looking to lead the Western world in internet censorship, so shady meetings with internet providers are hardly surprising... Millions of Brits want security and privacy when they go online—especially when the parent company of a porn age check provider has a long history of data breaches."
- Mozilla is not alone; Google also plans to support DOH despite criticism from the British government. Mozilla also plans to bring DOH to other European markets if it can find suitable partners but has relented somewhat on the UK front, promising not to make the new privacy tool the default.
Class Action Lawsuit
- In October 2019, the UK Court of Appeals ruled that consumer-rights advocate Richard Lloyd could proceed with a class-action lawsuit against Google for allegedly violating the privacy of Safari users.
- The suit alleges that in 2011 and 2012, "Google bypassed iPhone users' privacy settings to track [users'] web habits" and is asking for up to £750 ($921) per person effected, potentially levying damages of £3.3 billion (just over $4 billion) against the tech giant.
- Google has already paid $22.5 million in penalties over a similar charge in the US.
- Google claims that, as the event is nearly a decade old and was "addressed at the time," the case was without merit and it would appeal to the UK Supreme Court.
- On a slightly more amusing note, British weariness over the dominance of Brexit in the news was made evident by the popularity of Chrome extensions which replaces all references to Brexit online with other terms, such as "Breakfast" and "Halloween."
- Speaking of Brexit, there remain uncertainties to how the country's data protection laws will develop in the wake of withdrawal from the EU and how this will affect the browser market. For the time being, the UK is considered a "third country" for regulatory purposes by the EU.
German and French Market
Note: The overriding market force for both Germany and France is their participation in the European Union and the General Data Protection Regulation (GDPR) and antitrust laws that govern that body. Consequently, most of our findings will relate to the EU more generally rather than directly referencing either Germany or France and so are combined here under one heading.
Effects of the GDPR on Browsers
- Under the General Data Protection Regulation (GDPR), companies who have a "direct relationship" with end-users can control the "consent-request process," e.g., how consent needs are communicated, which ad tech partners they disclose, etc.
- However, a set of proposals under the label of ePrivacy Regulation would have users set their preferences in their browser settings. This is of grave concern to ad publishers, as it might cut them out of the dialogue and set up browsers as the ultimate gatekeepers.
- At present, the ePrivacy Regulation has been deleted from the GDPR. "But according to policy advisor sources," writes Digiday, "a large number of European Union member states want to reintroduce it. That has sent shivers down the spine of publishers across Europe."
- Proponents point out that publishers can still ask for user consent, overriding the browser settings.
- In either case, GDPR itself is still in the process of being fully implemented, so any addition of ePrivacy is likely to be years away.
Antitrust Investigations into Chrome's Dominance
- EU antitrust regulators recently announced that they will open an inquiry into the tech industry. Early reports say that they are considering increased regulation as a "preventative measure," though there have been accusations against, for example, Google to maintain the dominance of its browser (see above). Whether this will weaken Chrome's share in the EU remains to be seen.
- This isn't the first time Google has come under the EU's eye: In March 2019, Google announced amid its ongoing discussions with the European Commission that "it will make it clearer to Android phone users that there are other browsers available, and offer choices other than Chrome and Google Search to use as a default."
- This move is seen as a preemptive attempt to avoid more fines in the EU, which had already levied a $5 billion fine on Google.
- Chrome is even more dominant in European countries than in North America due to Safari having just over half as much market share, but Firefox is unusually popular in Germany, with a 20-30% market share (see below for impact).
A Brave Salvo
- Perhaps smelling blood in the water, Johnny Ryan, Chief Policy Officer for browser company Brave, published an essay detailing his 2018 complaint to the Irish Data Protection Commission (DPC) in which he claimed proof Google's ad system leaks personal data to its client advertising companies in violation of the GDPR.
- Ryan's article was noted by the European media, which noted Google's counter-claims that they did not provide any personally-identifying information to their vendors and claimed that the information being transmitted was solely to track "latency issues."
- In the wake of Google's antitrust woes, the Norway-based Opera has launched a marketing campaign to "cash in" on the requirement that Google makes other browsers more visible.
- The latest version of Opera for Windows, macOS, and Linux is dubbed Reborn 3 and "includes a native cryptocurrency wallet, which follows Opera’s Android app getting this feature in December." So far, the wallet only supports Ethereum.
- Opera is also accelerating its free VPN as a part of its effort to support Web 3.0 (see above).
Germany's Love-Hate Relationship With Firefox
- In a recent audit by the German Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik or BSI) of Chrome, IE11, Edge, and Firefox, only Firefox passed all of Germany's "minimum requirements for mandatory security features."
- An overview of the minimum requirements can be found here.
- Areas in which the other browsers failed include (quoted verbatim):
- Lack of support for a master password mechanism (Chrome, IE, Edge)
- No built-in update mechanism (IE)
- No option to block telemetry collection (Chrome, IE, Edge)
- No SOP (Same Origin Policy) support (IE)
- No CSP (Content Security Policy) support (IE)
- No SRI (Subresource Integrity) support (IE)
- No support for browser profiles, different configurations (IE, Edge)
- Lack of organizational transparency (Chrome, IE, Edge)
- At the same time Firefox was praised by the German government, it received the ire of German publishers over its September 2019 anti-tracking update.
- This update, which blocks all third-party cookies by default, resulted in a 15% drop in programmatic ad revenues in its first three weeks.
- This is a far greater loss than seen in the US and UK due to the popularity of Firefox in Germany, which is estimated to have a 20-30% market share in that country.