Digital Security Training Intern

Last updated

There’s been a lot of news and discussion about Google’s controversial plans to change how extensions will work in Chrome, and potentially other browsers that are built on top of it. While the dust is settling on how exactly these plans will be implemented, it’s a good time to look at what features browsers have to protect your privacy and security online — maybe even re-evaluating your browser of choice.

These days most of our use of the internet happens through a web browser, and which one you use has real impacts on your safety online. Besides advertisers trying to track your online activity, there are also adversaries who may try to exploit bugs in your browser in order to compromise your entire system (regardless of which browser you do choose, it’s always important to ensure you have the latest update).

There are quite a few different options across various operating systems and devices, so it can be difficult to determine which one is right for you. We’re looking for browsers that provide good network security, protect your privacy, and maintain the user experience you expect.

Tor Browser

Platforms: Windows, Mac, Linux, Android

Maintainer: Tor Project


Tor Browser is the best option when it comes to safeguarding your privacy. This hardened version of Firefox is designed to protect user privacy by reducing the amount of unique bits specific to your browsing experience. By limiting the amount of browsing data you share with third parties, Tor Browser effectively prevents trackers from uniquely identifying or fingerprinting you.

Websites and the ads embedded in them use trackers to try and collect as much information as possible about your browser, such as installed fonts, screen size, operating system and version, or plugins, to identify you across multiple websites. This technique is known as “fingerprinting.” Instead of maintaining a list of trackers to block, Tor Browser aims to disguise the unique information about you, for example by using a common set of fonts, using a standard window size, faking platform information, and using a consistent set of plugins. While trackers can figure out that you are using Tor Browser, in theory you’ll appear the same as any other Tor Browser user.

All network traffic runs through the Tor network, an anonymity network designed to conceal your location and IP address. Requests to websites that support HTTPS are automatically converted to use the more secure protocol. One caveat: Depending upon its popularity in your region (the Tor usage by country statistics can help you get an estimate), Tor users may actually draw attention upon themselves in regions with low Tor usage.

Screenshot of a Tor Browser circuit, showing its connection to freedom.press through multiple random servers around the world — in this case, a server in Germany, Hong Kong, and France, before the connection exits to freedom.press.

Each tab you open on the Tor Browser creates a new circuit, routing your requests to multiple servers throughout the world.

On top of that, Tor Browser allows users to strengthen its security by toggling through progressively robust security settings. Users with the highest security settings enabled be warned — you may have to contend with decreased functionality on some websites you visit, especially those that rely heavily on JavaScript. Tor Browser also “sandboxes” requests to mitigate the impact of vulnerabilities, though this isn’t available on all platforms yet.

Screenshot of Tor Browser's three "security levels: Standard, Safer, and Safest. Standard enables all features in the browser; Safer disables some website features; Safest disables many website features, including JavaScript on all websites.

The three levels of security settings offer users the choice to toggle between different browser experiences.

These privacy-enhancing features come at a cost though. Tor Browser won’t keep you logged in to websites or store history between sessions, and discourages customization of the browser. You’re more likely to hit CAPTCHAs, and popular streaming services like Netflix won’t work. Interactive features that websites utilize may be disabled to prevent them from revealing too much user information.

A side-by-side view of a version of youtube.com with all features enabled, versus the "safest" version, which appears blank.

Tor Browser on the “Standard” security level (left), and on the “Safest” security level (right).

All told, Tor Browser is an incredibly useful tool for risky research, private communication, and censorship circumvention that should be part of your toolkit, but is unlikely to be an appropriate tool to use as your daily driver.


Platforms: Windows, Mac, Linux, Android, iOS

Maintainer: Mozilla


Firefox provides an easy user experience, and takes steps to protect users’ privacy by blocking known trackers. This approach, while not as strong as Tor Browser’s anti-fingerprinting measures, is significantly better than nothing. And over time, privacy-enhancing features from Tor Browser are making their way into standard Firefox.

A screenshot of Firefox's content blocking settings, including standard, strict, and custom. The user is currently selecting "standard," which only blocks trackers in private windows and third party cookies. Strict settings would block all trackers.

Firefox features strong privacy enhancements to your browsing experience in its "Standard" settings.

For stronger network security, users need to install the Electronic Frontier Foundation’s HTTPS-Everywhere addon that upgrades requests to use HTTPS if the site supports it. Users may also want to install uBlock Origin and Privacy Badger, other ad/tracker blockers with access to even more tracker block lists.

Firefox features “containers,” which allow you to fully separate different profiles and accounts. If you wanted to log into a website with two different accounts, you could have a container for each account. The containers are fully isolated from each other, so if you visited your bank’s website in one container, and did some shopping in another, none of the tracking information like cookies would be shared between the two.

Firefox also provides an end-to-end encrypted sync feature, that allows sharing bookmarks and history across multiple devices, including between your desktop and phone— without giving that data up to Mozilla or third parties.

In terms of security, Firefox is still working on implementing sandboxing across all platforms.

iOS users should look into Firefox Focus, a lightweight browser with a tracker blocker that deletes history once you’re finished browsing.


Platforms: Windows, Mac, Linux, Android, iOS

Maintainer: Brave Software


Brave provides a strong user experience, and uses similar measures as Firefox to protect your privacy. By default, it blocks known ad trackers and upgrades requests to HTTPS if possible.

Brave is designed to communicate what measures it takes to protect your privacy, with blank new tabs displaying how many ads and trackers have been blocked.

Screenshot of Brave's tracker blocking dialogue, providing a count of both trackers and ads blocked, as well as a count of HTTPS upgrades, and the amount of estimated time saved through blocking.

Brave offers users real-time metrics on ad and tracker blockers, and usability features.

It also allows further anonymity by opening a private Tor window that routes most network traffic over Tor. While using Tor will likely improve your privacy, the protection offered by Brave is not as fully-featured as the hardening provided by Tor Browser, and could potentially leak information that would have normally been protected by Tor Browser.

A screenshot of a Brave's private winddow with Tor enabled.

Users can leverage some of Tor's features in a special window in Brave.

Brave also comes with a cryptocurrency experiment, the Basic Attention Token (BAT) that allows users to pay content creators in micropayments, but this feature is optional, and can be ignored.


Platforms: Windows, Mac, Linux, Android, iOS

Maintainer: Google


Chrome has been a pioneer in safeguarding users’ security. It was the first major browser to implement sandboxing, a method of reducing or nullifying the impact of security vulnerabilities in browsers, on all platforms.

A screenshot of a webpage within Chrome called "sandbox status," which can be found at chrome://sandbox.

Chrome's "sandboxing" features grant users significant security benefits.

Before using Chrome, you should consider whether Google is part of your threat model, given the fact that the company will be collecting some data about you as you browse the web. If you’re already using some Google services like Gmail or Drive, then you may not be concerned with additional data collection.

Chrome also offers a “profiles” feature, which allows you to build multiple profiles to compartmentalize different accounts and browsing activity (similar to Firefox’s containers).

Screenshot of a profile (or "person") switching screen within Chrome, showing two users with different profiles.

Users can easily switch between different "Profiles" on Chrome.

Users may want to install extra extensions for stronger network security, including Electronic Frontier Foundation’s HTTPS-Everywhere addon that upgrades requests to use HTTPS if the site supports it. Users may also want to install uBlock Origin and Privacy Badger, other ad/tracker blockers with access to even more tracker block lists.

Google recently announced plans to change how tracker blocking extensions work. In short, instead of the extension looking at each request and deciding whether to block it or not, the extension will give Chrome a list of things to block so the extension isn’t looking at every request.

Google expects that this will cut down on the ability of malicious extensions to steal your data, but it will also require authors of legitimate extensions to change how they work. Some of the newly proposed limitations are expected to limit the ability of tracker blockers to perform effectively. Google says that the plans are still being iterated upon, so it’s not cause for immediate panic — but it may be a reason to start reconsidering your choice in browser.

Comparison of features

These browsers all provide some similar privacy and security features, but may not be directly comparable. This table is intended to give a high-level comparison of all of the different features that were discussed above.


  • Yes - Enabled by default
  • Available - Included in the browser, but disabled by default
  • Partial - Not fully implemented
  • Needs addon - Functionality is available through a third-party addon/extension
  • No - Not included
Tor Browser Firefox Brave Chrome
Platforms Desktop Yes Yes Yes Yes
Mobile Android only[1] Yes Yes Yes
Network Automatic HTTPS redirection Yes Needs addon Yes Needs addon
Tor integration Yes No Partial[2] No
Privacy Anti-fingerprinting measures Yes Available[3] No No
Tracker blocking No[4] Available[5] Yes Partial[6]
Distinct profiles No Needs addon Yes Yes
Security Sandboxing Partial[7] Partial[7] Yes Yes
FIDO2/U2F security keys No Yes Yes Yes
Automatic updates Yes Yes Yes Yes
User experience Bookmarks & history Partial[8] Yes Yes Yes
Desktop/mobile sync No data to sync, n/a Yes Yes Yes
Add-ons/Extensions Not recommended[9] Yes Yes Yes