As the coronavirus pandemic continues to upend society, more and more of our daily lives are moving online. An ever increasing amount of traffic flows through our devices, turning web browsers from our primary gateway to the web into our primary gateway to the rest of the world.
Even browsers haven’t been immune to COVID-19. In April, browser vendors were forced to delay plans to deprecate insecure protocols after realizing it could prevent users from accessing critical health and government websites.
We last examined web browsers in July 2019, after Google made headlines for its controversial plans to change how extensions, especially ad blockers, will work in Chrome.
As it has begun rolling out those changes to Chrome Canary users with a plan to enable it for all users before the end of 2020, it’s a good time to look at what features browsers have to protect your privacy and security online — maybe even re-evaluating your browser of choice.
The browser you use has a real impact on your safety online: alongside advertisers tracking your online activity, there are also adversaries who may try to exploit bugs in your browser in order to compromise your entire system (regardless of which browser you do choose, it’s always important to ensure you have the latest update).
There are quite a few different options across various operating systems and devices, so it can be difficult to determine which one is right for you. We’re looking for browsers that provide good network security, protect your privacy, and maintain the user experience you expect.
Platforms: Windows, Mac, Linux, Android
Maintainer: Tor Project
Tor Browser is the best option when it comes to safeguarding your privacy. This hardened version of Firefox is designed to protect user privacy by reducing the amount of unique bits specific to your browsing experience. By limiting the amount of browsing data you share with third parties, Tor Browser effectively prevents trackers from uniquely identifying or fingerprinting you.
Websites and the ads embedded in them use trackers to try and collect as much information as possible about your browser, such as installed fonts, screen size, operating system and version, or plugins, to identify you across multiple websites. This technique is known as “fingerprinting.” Instead of maintaining a list of trackers to block, Tor Browser aims to disguise the unique information about you, for example by using a common set of fonts, using a standard window size, faking platform information, and using a consistent set of plugins. While trackers can figure out that you are using Tor Browser, you’ll appear the same as any other Tor Browser user.
All network traffic runs through the Tor network, an anonymity network designed to conceal your location and IP address. Requests to websites that support HTTPS are automatically converted to use the more secure protocol. One caveat: Depending upon its popularity in your region (the Tor usage by country statistics can help you get an estimate), Tor users may actually draw attention upon themselves in regions with low Tor usage.
Each separate website you visit is isolated from others, so tracking cookies cannot follow you as you browse, limiting advertisers’ ability to build a profile on you. These “third-party” cookies are set when a website operator uses an external service to provide extra functionality, usually ads or analytics.
These privacy-enhancing features come at a cost though. Tor Browser won’t keep you logged in to websites or store history between sessions, and discourages customization of the browser. You’re more likely to hit CAPTCHAs, and popular streaming services like Netflix won’t work. Interactive features that websites utilize may be disabled to prevent them from revealing too much user information.
All told, Tor Browser is an incredibly useful tool for risky research, private communication, and censorship circumvention that should be part of your toolkit, but is unlikely to be an appropriate tool to use as your daily driver.
Platforms: Windows, Mac, Linux, Android, iOS
Firefox provides a straightforward user experience, and takes steps to protect users’ privacy by blocking known trackers. This approach, while not as strong as Tor Browser’s anti-fingerprinting measures, is significantly better than nothing. And over time, privacy-enhancing features from Tor Browser are making their way into standard Firefox.
For stronger privacy and security, users may need to install a few additional browser add-ons. For example, users may consider installing the Electronic Frontier Foundation’s HTTP Everywhere addon that upgrades requests to use HTTPS if the site supports it. Users may also want to install uBlock Origin and Privacy Badger, other ad/tracker blockers with access to even more tracker block lists.
Recently, Firefox started rolling out a new security feature called DNS-over-HTTPS. Much like a phone book lists a person’s name and phone number, we depend on a routing system called DNS, which is responsible for translating domain names (e.g., https://freedom.press) to server IP addresses (e.g., 126.96.36.199). DNS connections have traditionally been unencrypted, allowing your Internet service provider to snoop on the websites you visit. DNS-over-HTTPS secures these requests by encrypting them with the commonly used HTTPS protocol. Taking it a step further, Mozilla requires all DNS-over-HTTPS providers contractually agree to delete any user data after 24 hours and not sell or distribute that data, on top of other restrictions.
Firefox features “containers,” which allow you to fully separate different profiles and accounts. If you wanted to log into a website with two different accounts, you could have a container for each account. The containers are fully isolated from each other, so if you visited your bank’s website in one container, and did some shopping in another, none of the tracking information like cookies would be shared between the two.
Even if you aren’t using containers, Firefox will now try to block third-party tracking cookies by default using a predetermined list of trackers.
Firefox also provides an end-to-end encrypted sync feature, that allows sharing bookmarks and history across multiple devices, including between your desktop and phone— without giving that data up to Mozilla or third parties.
In terms of security, Firefox continues to improve its implementation of sandboxing across all platforms and is experimenting with new strategies to make browsing the web safer.
iOS users should look into Firefox Focus, a lightweight browser with a tracker blocker that deletes history once you’re finished browsing.
Platforms: Windows, Mac, Linux, Android, iOS
Maintainer: Brave Software
Brave provides a hybrid user experience, offering similar measures to Firefox to protect your privacy, while keeping Google’s Chromium security features. By default, it blocks known ad trackers and upgrades requests to HTTPS if possible.
Brave is designed to communicate what measures it takes to protect your privacy, with blank new tabs displaying how many ads and trackers have been blocked.
It also allows further anonymity by opening a private Tor window that routes most network traffic over Tor. While using Tor will likely improve your privacy, the protection offered by Brave is not as fully-featured as the hardening provided by Tor Browser, and could potentially leak information that would have normally been protected by Tor Browser. For example, Tor Browser uses a technique known as letterboxing to prevent trackers from determining your screen size; Brave doesn’t support that yet. On top of that, some requests/protocols may still send requests over your normal network instead of Tor, leaking your real location.
Despite being built on top of Chrome’s source code, Brave has announced that it does not plan to adopt Google’s proposed change to how extensions function, leaving room for traditional ad blocking extensions.
Brave also comes with a cryptocurrency experiment, the Basic Attention Token (BAT) that allows users to pay content creators in micropayments, but despite it appearing prominently throughout the browser it is fully optional and can safely be ignored.
Platforms: Windows, Mac, Linux, Android, iOS
Chrome has been a pioneer in safeguarding users’ security. It was the first major browser to implement robust sandboxing, a method of reducing or nullifying the impact of security vulnerabilities in browsers, on all platforms.
Before using Chrome, you should consider whether Google is part of your threat model, given the fact that the company will be collecting some anonymized data about you as you browse the web, and can tie data to your Google account when logged into Chrome. If you’re already using some Google services like Gmail or Drive, then you may not be concerned with additional data collection.
Given that Google’s largest revenue source is advertisements based on tracking cookies, it’s no surprise that Chrome is lagging behind Firefox and Safari in blocking them. Google has said it plans to block them, but it may be as late as 2022.
Chrome also offers a “profile” feature, which allows you to build multiple profiles to compartmentalize different accounts and browsing activity (similar to Firefox’s containers).
Chrome has taken a different approach than Firefox in rolling out DNS-over-HTTPS, only enabling it if your system’s current DNS provider supports it. This aims to preserve users’ choices of DNS providers (especially those that might provide filtering options) but will leave users unprotected until their ISP or DNS provider begins supporting DNS-over-HTTPS.
Users may want to install extra extensions for stronger network security, including Electronic Frontier Foundation’s HTTPS Everywhere addon that upgrades requests to use HTTPS if the site supports it. Two other extensions to install are uBlock Origin and Privacy Badger, other ad/tracker blockers with access to even more tracker block lists.
Google has begun to roll out its plans to change how tracker blocking extensions work for alpha testers of Chrome. In short, instead of the extension looking at each request and deciding whether to block it or not, the extension will give Chrome a list of things to block so the extension isn’t looking at every request.
Google expects that this will help prevent malicious extensions from stealing your data, but it may also require authors of legitimate extensions to change how they work. Some of the newly proposed limitations are expected to limit the ability of many extensions (e.g., tracker blockers) to perform effectively. Google says that the old, more featureful system for ad blockers will be kept for at least another year, so it’s not cause for immediate panic. But if this extension functionality is important to you, it may be a reason to consider alternative browsers.
These browsers all provide some similar privacy and security features, but may not be directly comparable. This table is intended to give a high-level comparison of all of the different features discussed above.
|Network||Automatic HTTPS redirection||Yes||Needs addon||Yes||Needs addon|
|DNS-over-HTTPS||n/a, relies on Tor exit node to provide DNS||Yes for US users, available for others||Partial||Partial|
|Blocklist for trackers||No||Available||Yes||Partial|
|Tracker blocking via third-party cookies||Yes||Partial||Yes||No|
|Distinct profiles||No||Needs addon||Yes||Yes|
|FIDO2/U2F security keys||No||Yes||Yes||Yes|
|User experience||Bookmarks & history||Partial||Yes||Yes||Yes|
|Desktop/mobile sync||No data to sync, n/a||Yes||Yes||Yes|