The Browser Company claims its Arc browser DOES NOT sell your data. But what kind of data does it collect and what does it do with it once it has it? Let’s find out…
When something is free – either an app, a tool, or a search engine – it usually means one thing: you are the product (or, more specifically, your data is the product).
The Arc Browser is a relatively new, ultra-hyped web browser that was created by a rising new tech firm, The Browser Company.
After poaching key staff from Apple, Tesla, and other Big Tech firms, the company now has a valuation of $550 million.
But is its browser, Arc, safe to use from a data privacy perspective? I’ve been road-testing it for a while now and I’ve also gone to town on its privacy policy, which you can check out in full here, shifting through it for any potential clangers.
Here’s everything you need to know about how the Arc browser handles your data – the good, the bad, and the places where there’s room for improvement.
Arc Browser Privacy Policy Analysis
The Good Parts
First, let’s highlight the positives.
The Browser Company has made a concerted effort to be transparent about their data practices, using clear language to explain what data they collect, how they use it, and who they share it with. This level of transparency is crucial for building trust with users.
Another significant point in their favor is the explicit commitment not to sell user data. In an era where data is often treated as a commodity, this stance is both ethically sound and respectful of user privacy.
Arc also limits the scope of data collection, emphasizing that sensitive information like browsing history, downloaded files, and user-created content is not included in their product usage data.
Furthermore, they require their service providers to handle data only in specified ways and prohibit them from selling user data, adding an extra layer of protection.
The Bad Bits
Despite these positive aspects, there are a few potential drawbacks to consider.
- Arc’s reliance on third-party services for features like website translation and sidebar sync could introduce privacy risks, especially if those services have less robust privacy practices.
- The use of AI subprocessors like OpenAI and Anthropic for certain features involves automatic data processing, which could raise concerns even though the company offers zero data retention (ZDR) for these features.
The Concerning Parts
While Arc’s privacy policy outlines clear scenarios for data sharing (with service providers, legal obligations, company ownership changes), the specifics of these situations could potentially lead to unintended data disclosures if mismanaged.
Additionally, the acknowledgment that no data transmission or storage method is 100% secure highlights the ever-present risk of data breaches. Users must rely on the company’s security efforts without an absolute guarantee.
Another concern is that the privacy policy may change over time, with continued use of the product implying consent to these changes. Users could miss update notifications, inadvertently agreeing to new terms.
Lastly, the potential for AI-related features to be enabled by default in future updates could raise questions about user consent and awareness. AI is a trickier thing to pin down with respect to data privacy.
Open AI and the new vanguard of Big Tech companies focussed on AI haven’t exactly been shining beacons of transparency when it comes to what they’re doing with your data.
When ChatGPT was first launched, many enterprises went down the same route of desperately trying to block it. Every week new headlines emerged about companies losing their intellectual property to AI because an employee copy-pasted highly confidential data to the chat so they could ask for a summary or a funny poem about it. This was really all anybody could talk about for a few weeks.
Since you cannot control ChatGPT or any of the other AIs that appear on the consumer market, this has become a sprawling challenge. Enterprises issue acceptable use policies with approved enterprise AI services, but those are not easy to enforce. This problem got so much attention that OpenAI, which caused the scare in the first place, changed its policies to allow users to opt out of being included in the training set and for organizations to pay to opt out on behalf of all their users.
Dark Reading
Recommendations & Areas For Improvement
To further strengthen user privacy, The Browser Company could consider implementing enhanced user consent mechanisms for features involving significant data processing or sharing. Regular security audits and clearer opt-out mechanisms would also help more privacy-focussed users feel more in control of their data.
Conclusion Arc’s privacy policy reflects a genuine effort to prioritize user privacy and transparency. However, as with any online service, there are inherent risks in place from a data security perspective based on the nature of its business.
This is why browsers like Brave are becoming increasingly popular – they do not track anything and even come shipped with things like Tor-powered incognito modes.
Compared to Chrome and EDGE, however, Arc is a much less intrusive entity from a data-harvesting perspective. It also claims it will never sell your data but – as with most things in life – you have to “trust” the company to look after it properly.
Data breaches happen all the time, and any company that collects your data is a target. The Browser Company is no exception, so as always, I’d advise you to use Brave for optimal security and, if you want to get even more hardcore, throw a VPN into the mix for good measure.
