The best browsers for privacy: Secure web browsing

Web browsers have become flooded with ad-sponsored content, making browsers a key battleground for end-user privacy. While Chrome is the most widely-used browser in the world, there are alternative browsers and ways to improve your privacy when using Chrome.

Unfortunately, there's no easy way yet to ensure total privacy, according to Dr. Lukasz Olejnik, an independent privacy researcher and consultant who conducted a large-scale study in 2009-2011. The study revealed how online advertising companies can use web browsing histories to fingerprint individual browsers over time. 

Researchers from Firefox-maker Mozilla emulated the study in 2020 with 52,000 Firefox users and confirmed Olejnik's findings. They warned Google and Facebook's tight grip on online advertising makes re-identification through browsing histories an even more pressing privacy problem today.

Google's FLoC (Federated Learning of Cohorts) substitute for third-party cookies, which Google plans to block in 2022, is being trialed now by some Chrome users in the US and other markets. However, Google recently admitted FLoC might not be compatible with the EU's General Data Protection Regulation (GDPR).  

But FLoC still won't solve the problem of browser fingerprinting. "Fingerprinting is here to stay and the removal of third-party cookies indeed does not impact on this technique," says Olejnik. 

BraveBest browser for privacy overall

Brave

pros & consprosA fast experience - Not in the traditional online ad businessPrivacy-focused by defaultChromium challengerconsIssues in the past show it isn't perfectmore detailsFeatures: Chromium-based | Blocks third-party ad-trackers | Blocks cookies Brave is a Chromium-based browser that blocks ads, fingerprinting and ad-trackers by default. In January, Brave announced it reached 50 million monthly active users-- a fraction of Chrome's 3.3 billion users across desktop and mobile. Brave's business model relies on privacy-protecting ads that pay publishers and users with Basic Attention Tokens (BAT) when users pay attention to ads. Brave recently acquired Tailcat to launch Brave Search, an alternative to Google Chrome and Google Search.  A recent study by Professor Douglas J. Leith at Trinity College in the University of Dublin rated Brave as the most private browser over Google Chrome, Mozilla Firefox, Apple Safari, and Chromium-based Microsoft Edge. Leith examined how much data browsers communicate to backend servers. Brave prevents IP addresses from being tracked over time and does not share individual browser histories with backend servers. In contrast, Chrome, Firefox, and Safari tagged telemetry data with identifiers linked to web visits. Brave CEO Brandon Eich was a key designer of the JavaScript programming language as well as a co-founder of Mozilla and Firefox. Still, Brave's privacy record isn't unblemished. In 2020, Eich apologized to customers for sharing default autocomplete answers with an affiliate cryptocurrency exchange. Brave has several privacy-enhancing settings, including options to block third-party ad-trackers, upgrade unsecured connections to HTTPS, as well as block cookies and fingerprinting. Brave removed some Google code from its Chromium to improve user privacy. The company also took a stance against Google's FLoC ID proposal, which is rolling out to Chrome users. Olejnik says FLoC is preferable to third-party cookies from a privacy standpoint, but he's holding off judgement until the final design reveal. FLoC is a type of fingerprint designed to replace third-party cookies. In this scheme, Google assigns a FLoC ID to clusters of Chrome users with similar interests, allowing for some privacy by letting individuals 'hide within crowds', as Google put it, while still delivering targeted ads to advertisers. Still, Olejnik found the initial implementation of FLoC can leak users web browsing histories, so taking cover in the crowd might not actually work as intended yet."If I had to choose between third-party cookies or FLoC, I would choose FLoC. But it all depends on the final design and configuration. Care must be exerted in the design to avert the risk of data leaks," Olejnik says. "In my tests of the initial version, I verified that leaks of web browsing histories are indeed possible. But I am sure that the final solution would have to have some privacy settings designed and implemented. In current testing FloC, this is not the case."

View now at BraveView now at Google PlayView now at Apple App Store

Mozilla FirefoxMost secure browser for privacy

CNET

pros & consprosInvested much into Enhanced Tracking Prevention - No interest in profiting from online ads - Trusted by 220 million usersconsFirefox still loses users - Mozilla pushes its read-it-later service Pocket through Firefoxmore detailsFeatures: Enhanced Tracking Protection | Firefox Focus for mobile | 220 million active users Chrome's security and patching make it the most secure browser available today, but when looking solely at privacy, Olejnik rates Mozilla Firefox as the best of the pack. So, for those using a multi-browser strategy to improve privacy, Firefox is a must-have. One of Firefox's most important privacy features is Enhanced Tracking Protection. Mozilla has also borrowed Tor techniques to block browser fingerprinting and, despite its declining monthly active user numbers (it's at 220 million today, down from 250 million a year ago), Firefox developers are on a constant quest to improve tracking-prevention features, such as its work on browser data storage that can be used for tracking users across the web, which goes beyond just stored cookies and targets multiple caches.  Firefox is rich with choices to customize the browser for privacy by typing about:preferences#privacy in the address bar. The "standard" Enhanced Tracking Prevention blocks social media trackers, cross-site tracking cookies, and blocks tracking in private windows, cryptominers, and fingerprinting scripts. There is a "strict" mode too that might break some sites, but there are ways to whitelist Enhanced Tracking Protection for trusted sites. And for those with the time, Mozilla provides a way to customize the privacy feature.    The other option for Firefox fans is Firefox Focus, a privacy-focused browser for iOS and Android that blocks ad trackers and has a built-in ad blocker.    And if you're against Chrome's FLoC, Mozilla this week told Digiday that it too would oppose the fingerprinting technique and won't be implementing it in Firefox.   "We are currently evaluating many of the privacy preserving advertising proposals, including those put forward by Google, but have no current plans to implement any of them at this time," a Mozilla spokesperson said."We don't buy into the assumption the industry needs billions of data points about people, that are collected and shared without their understanding, to serve relevant advertising," they added. 

View now at MozillaView now at Google PlayView now at Apple App Store

DuckDuckGoBest browser for privacy and searches

CNET

pros & consprosSupported on Chrome, Chromium-based browsers, and Firefox - Has a solid commitment to user privacy - Blocks FLoC automaticallyconsIt's a software extension that creates another avenue for security flaws to snake inmore detailsFeatures: Chrome and Firefox supported | more than 100 million search queries per day | Does not collect user dataDuckDuckGo, a privacy-focused search engine, is a vocal supporter of consumer's privacy rights and in January hit a milestone of reaching 100 million user search queries in a day.DuckDuckGo and the rise of encrypted messaging app Signal, shows there is a growing appetite for privacy-focussed alternatives to tech giants like Facebook and Google. Still, DuckDuckGo's daily search numbers are minuscule compared to Google's five billion daily search queries. DuckDuckGo's Privacy Essentials extension for Chrome, Firefox and Microsoft's new Edge has been installed by four million Chrome users. Its reputation is built on the idea it does not collect user data but can provide the same search results as those that do collect user data. In a seeming reaction to Google's unchallenged dominance in search, some browser makers such as the To web-anonymizing project, made DuckDuckGo the default search engine to ship with its Firefox-based browser. DuckDuckGo was founded by entrepreneur Gabriel Weinberg as a self-funded project in 2008. The DuckDuckGo extension was also quick to block Google's FLoC fingerprinting identifier.  And the company is a founding member of the Global Privacy Control (GPC) standard (which is still being hashed out) as an answer to consumer privacy protections under the California Consumer Protection Act (CCPA) and Europe's General Data Protection Regulation (GDPR).But it is browser extension and, like all software, there are vulnerabilities that crop up. In March, researchers discovered a cross-site scripting flaw in the DuckDuckGo Privacy Essentials that could allow an attacker to observe all websites that the user is visiting. Fortunately DuckDuckGo fixed the flaw fairly swiftly for both Chrome and Firefox. 

View now at DuckDuckGoView now at Google PlayView now at Apple App Store

Microsoft EdgeBest browser for Windows users who value privacy

CNET

pros & consprosEdge gains new features fast - Better than Google ChromeconsIt has a burgeoning online advertising business - Microsoft's position on FLoC is ambiguousmore detailsFeatures: Compatible with Windows 10 and above, macOS and Linux | InPrivate browsing mode | Built-in Microsoft Defender SmartScreenMicrosoft Edge, being based on Google's Chromium project, is now available for Windows 10 and above, macOS and  Linux. Microsoft was rated the worst browser for privacy by Professor Leith because of how often it sent identifiers, including IP address and location data to Microsoft servers — even worse than Google Chrome. Microsoft told ZDNet it was just diagnostic data that can be easily disassociated from the device ID. Microsoft confessed its collection does include information about websites visited but said this information is not used to track users browsing history or URLs specifically tied to the user. Windows 10 telemetry data collection shows Microsoft can be clumsy on privacy despite Microsoft president Brad Smith's principled statements on the use of facial recognition in public arenas. Microsoft also has an interesting take on Google's FLoC. A Microsoft spokesperson told ZDNet it does not support fingerprinting because users can't consent to it. It is however developing its own alternative to FLoC called PARAKEET, which has similar goals to FLoC, like retargeting browsers over time."Like Google, we support solutions that give users clear consent, and do not bypass consumer choice. That's also why we do not support solutions that leverage non-consented user identity signals, such as fingerprinting. The industry is on a journey and there will be browser-based proposals that do not need individual user ids and ID-based proposals that are based on consent and first party relationships. We will continue to explore these approaches with the community. Recently, for example, we were pleased to introduce one possible approach, as described in our PARAKEET proposal. This proposal is not the final iteration but is an evolving document," Microsoft said.Microsoft PARAKEET proposal says it supports an "ad-funded web because we don't want to see a day where all quality content has moved behind paywalls, accessible to only those with the financial means."While Microsoft's Bing search engine may not be widely-used, it does own LinkedIn and that brand's online ad division brought in $2.58 billion in revenue in quarter ending December 2020 quarter, up 23% year on year, making up about 5% of Microsoft's total $43.1 billion in revenue for that quarter. Microsoft has never claimed to be a guardian of end-user privacy but it does at least provide a support page explaining what data Edge collects and why Microsoft collects it. 

View now at MicrosoftView now at Google PlayView now at Apple App Store

NoScript extensionBest easy installation browser for privacy

pros & consprosFreely available for Firefox, Chrome, and Chromium-based browsers - Protects against the most common privacy and security issues - Doesn't collect your web historyconsCumbersome to set up the allow list - A burden to managemore detailsFeatures: Firefox, Chrome, and Chromium-based browsers | Deals with invasive scripts and malware attacks | Simple to useIn the past, security-conscious people advised others to disable JavaScript in the browser, but Olejnik tells ZDNet this is a sledgehammer approach for the web today. "Disabling JavaScript today is a no-go because almost every website depends on it. Disabling it would make the web essentially unusable," says Olejnik.  One example is that today Google won't let users who disable JavaScript to sign in to Google Accounts such as Gmail and YouTube.His recommended workaround for people wanting more privacy is to install the NoScript extension for Firefox, Chrome and Chromium-based browsers like the new Microsoft Edge. NoScript offers a more selective way to deal with invasive scripts and malware attacks that rely on JavaScript.   "In very simple ways users may easily decide which websites would be able to include what component, executing JavaScript or not," he says. However, he warns NoScript may be "quite cumbersome" since it takes time to click-through to decide which websites should be allowed what. "But it is worth it," he adds.  "Disabling scripting on weird or random sites is the biggest impact. Scripting is responsible for most of the most important privacy risks. It is also responsible for the delivery of some web browser exploits. So not having scripting on by default may actually save you from being hacked," says Olejnik.   Of course, there are other approaches users can take too, including using a browser other than Chrome. To this end, Olejnik suggests it is wise to use several browsers for different tasks. You can go to the NoScript website for more information on what exactly the extension does, as well as access an active user community forum to report bugs, propose updates, and troubleshoot issues.

View now at Chrome StoreView now at MozillaView now at NoScript

What is the best browser for privacy?Brave is our pick for the best browser for privacy based on our analysis of specs such as cookies stored, privacy settings, and speed of the top browsers.Best browser for privacyKey featuresBrave, a privacy-focused Chromium challenger Privacy-focussed by default  Not in the traditional online ad business A fast experience Mozilla FirefoxFirefox has invested a lot into Enhanced Tracking Prevention No interest in profiting from online adsTrusted by 220 million users DuckDuckGo extensionSupported on Chrome, Chromium-based browsers and FirefoxDuckDuckGo appears to have a solid commitment to user privacy If you don't like FLoC, it blocks it automaticallyMicrosoft Edge It's not Google Chrome  Edge is gaining new features rapidly NoScript extensionFreely available for Firefox, Chrome and Chromium-based browsers  Protects against the most common privacy and security threats on the web Doesn't collect your web history 

Which is the right browser for privacy for you?Not one size fits all, so be sure to reference the table below to better understand which browser suits your use case.Choose this..If you want...Brave, a privacy-focused Chromium challengerThe best browser for privacy.Mozilla FirefoxMost secure browser.DuckDuckGo extensionAn extension.Microsoft EdgeA wild card.NoScript extensionSomething easy to install.

How did we choose these browsers for privacy?I am a technology journalist with a demonstrated history in enterprise tech, security, and telecommunications. I personally compared each of these browsers to determine what makes them different and which is best for different use cases. I believe these are the top secure browsers available. If a new entry should hit the market, I will promptly review it and update this guide with my findings.

How does a privacy browser work?A privacy browser works by automatically erasing your browsing and search history and cookies. It also A limits web tracking, and some even help hide your location (IP address). 

Do I need a privacy browser?If you are concerned about your online privacy, you should absolutely install a privacy browser, or at least an extension. 

Is Brave browser good for privacy?Yes! In fact, it's ZDNet's top pick!

Does using a private browsing window hide my IP address?If you're using Chrome, an Incognito Window doesn't hide your IP address. It simply doesn't store your browser history, information you've entered into forms, or what permissions you've given to sites you've visited. Microsoft Edge, Firefox, and Opera all use a similar form of "anonymous" web window for browsing, but they aren't truly hiding your online identity. If you want to block your IP address from being viewed or tracked, you can download a VPN, which masks your IP address so your service provider (or anyone else, for that matter) can't see what you're doing.

What is the most common personal web security vulnerability?Honestly? Putting your personal or contact information in your social media. If you have your full name, phone number, address, or place of work anywhere on your social media, someone can use it to wreak havoc on your personal accounts. To prevent this, avoid using your real name online where possible, turn off location tracking, and don't post about your place of work if you can help it. All it takes is a single piece of personal information for someone with very bad intentions to get ahold of your entire online presence. Those innocent-looking name generator memes are another big issue; the ones that have you type out your first pet's name and your childhood street name (or something similar) to make up a gnome (or whatever) name. These are answers to common password recovery questions, so by letting the world know that your Christmas elf name is Fluffy Elm Street, you could be handing over all of your personal accounts to internet criminals. 

What is the Tor browser?Tor is a non-profit organization that researches online privacy. Their proprietary web browser "hides" a user's IP address and activity by relaying it through an in-house network of servers run by volunteers. By bouncing your information around so much, it makes things exceptionally difficult to track, which is great if you don't want your ISP or anyone else spying on your online activity. The Tor browser has seen its fair share of controversy, since it's a popular choice for accessing the deep web: a collection of websites and pages that are inaccessible through traditional means, like search engines. While accessing deep web sites is not in itself a crime, there are quite a few places (like the now defunct Silkroad) that conduct highly illegal activity such as trafficking drugs. But don't let that dissuade you from using the Tor browser itself, or other privacy-focused browsers that use Tor like Brave. Just because some people misuse the technology, that doesn't mean it's a bad browser.

Are there other browsers worth considering?Another great choice for improving your privacy on the web is the Tor browser, which is based on Mozilla's Firefox Extended Support Release (ESR). It's been tweaked to help users use the Tor anonymizing network -- a collection of distributed nodes versus a more centralized design like a VPN service. The Tor browser's default search engine is DuckDuckGo.While it isn't a mainstream browser choice, the Tor browser is a well-regarded browser for people who don't want to be tracked across the web and it gets updated on a monthly basis by the Tor Project. However, page loads in the Tor browser can be slower and some sites might not work due to the architecture of the Tor network. Using the Tor browser for Google Search, for example, might require going through additional CAPTCHA challenges to prove you're not a bot. Page loads are also noticeably slower on streaming services like Netflix. Nonetheless, the Tor browser is worthy addition for people who use multiple browsers to get life done on the web. Along with it, here are two more options to consider.