Kunal Mehta
Jul 11 · 7 min read
Prioritize privacy and security when surfing the web. Photo by Shalom Jacobovitz, CC-BY-SA 3.0.

This piece has been cross-posted from Freedom of the Press Foundation. You can read the original article here.

There’s been a lot of news and discussion about Google’s controversial plans to change how extensions will work in Chrome, and potentially other browsers that are built on top of it. While the dust is settling on how exactly these plans will be implemented, it’s a good time to look at what features browsers have to protect your privacy and security online — maybe even re-evaluating your browser of choice.

These days most of our use of the internet happens through a web browser, and which one you use has real impacts on your safety online. Besides advertisers trying to track your online activity, there are also adversaries who may try to exploit bugs in your browser in order to compromise your entire system (regardless of which browser you do choose, it’s always important to ensure you have the latest update).

There are quite a few different options across various operating systems and devices, so it can be difficult to determine which one is right for you. We’re looking for browsers that provide good network security, protect your privacy, and maintain the user experience you expect.

Tor Browser

Platforms: Windows, Mac, Linux, Android

Maintainer: Tor Project

Download

Tor Browser is the best option when it comes to safeguarding your privacy. This hardened version of Firefox is designed to protect user privacy by reducing the amount of unique bits specific to your browsing experience. By limiting the amount of browsing data you share with third parties, Tor Browser effectively prevents trackers from uniquely identifying or fingerprinting you.

Websites and the ads embedded in them use trackers to try and collect as much information as possible about your browser, such as installed fonts, screen size, operating system and version, or plugins, to identify you across multiple websites. This technique is known as “fingerprinting.” Instead of maintaining a list of trackers to block, Tor Browser aims to disguise the unique information about you, for example by using a common set of fonts, using a standard window size, faking platform information, and using a consistent set of plugins. While trackers can figure out that you are using Tor Browser, in theory you’ll appear the same as any other Tor Browser user.

All network traffic runs through the Tor network, an anonymity network designed to conceal your location and IP address. Requests to websites that support HTTPS are automatically converted to use the more secure protocol. One caveat: Depending upon its popularity in your region (the Tor usage by country statistics can help you get an estimate), Tor users may actually draw attention upon themselves in regions with low Tor usage.

Each tab you open on the Tor Browser creates a new circuit, routing your requests to multiple servers throughout the world.

On top of that, Tor Browser allows users to strengthen its security by toggling through progressively robust security settings. Users with the highest security settings enabled be warned — you may have to contend with decreased functionality on some websites you visit, especially those that rely heavily on JavaScript. Tor Browser also “sandboxes” requests to mitigate the impact of vulnerabilities, though this isn’t available on all platforms yet.

The three levels of security settings offer users the choice to toggle between different browser experiences.

These privacy-enhancing features come at a cost though. Tor Browser won’t keep you logged in to websites or store history between sessions, and discourages customization of the browser. You’re more likely to hit CAPTCHAs, and popular streaming services like Netflix won’t work. Interactive features that websites utilize may be disabled to prevent them from revealing too much user information.

Tor Browser on the “Standard” security level (left), and on the “Safest” security level (right).

All told, Tor Browser is an incredibly useful tool for risky research, private communication, and censorship circumvention that should be part of your toolkit, but is unlikely to be an appropriate tool to use as your daily driver.

Firefox

Platforms: Windows, Mac, Linux, Android, iOS

Maintainer: Mozilla

Download

Firefox provides an easy user experience, and takes steps to protect users’ privacy by blocking known trackers. This approach, while not as strong as Tor Browser’s anti-fingerprinting measures, is significantly better than nothing. And over time, privacy-enhancing features from Tor Browser are making their way into standard Firefox.

Firefox features strong privacy enhancements to your browsing experience in its “Standard” settings.

For stronger network security, users need to install the Electronic Frontier Foundation’s HTTPS-Everywhere addon that upgrades requests to use HTTPS if the site supports it. Users may also want to install uBlock Origin and Privacy Badger, other ad/tracker blockers with access to even more tracker block lists.

Firefox features “containers,” which allow you to fully separate different profiles and accounts. If you wanted to log into a website with two different accounts, you could have a container for each account. The containers are fully isolated from each other, so if you visited your bank’s website in one container, and did some shopping in another, none of the tracking information like cookies would be shared between the two.

Firefox also provides an end-to-end encrypted sync feature, that allows sharing bookmarks and history across multiple devices, including between your desktop and phone — without giving that data up to Mozilla or third parties.

In terms of security, Firefox is still working on implementing sandboxing across all platforms.

iOS users should look into Firefox Focus, a lightweight browser with a tracker blocker that deletes history once you’re finished browsing.

Brave

Platforms: Windows, Mac, Linux, Android, iOS

Maintainer: Brave Software

Download

Brave provides a strong user experience, and uses similar measures as Firefox to protect your privacy. By default, it blocks known ad trackers and upgrades requests to HTTPS if possible.

Brave is designed to communicate what measures it takes to protect your privacy, with blank new tabs displaying how many ads and trackers have been blocked.

Brave offer users real-time metrics on ad and tracker blockers, and usability features.

It also allows further anonymity by opening a private Tor window that routes most network traffic over Tor. While using Tor will likely improve your privacy, the protection offered by Brave is not as fully-featured as the hardening provided by Tor Browser, and could potentially leak information that would have normally been protected by Tor Browser.

Users can leverage some of Tor’s features in a special window in Brave.

Brave also comes with a cryptocurrency experiment, the Basic Attention Token (BAT) that allows users to pay content creators in micropayments, but this feature is optional, and can be ignored.

Chrome

Platforms: Windows, Mac, Linux, Android, iOS

Maintainer: Google

Download

Chrome has been a pioneer in safeguarding users’ security. It was the first major browser to implement sandboxing, a method of reducing or nullifying the impact of security vulnerabilities in browsers, on all platforms.

Chrome’s “sandboxing” feature grants users significant security benefits.

Before using Chrome, you should consider whether Google is part of your threat model, given the fact that the company will be collecting some data about you as you browse the web. If you’re already using some Google services like Gmail or Drive, then you may not be concerned with additional data collection.

Chrome also offers a “profiles” feature, which allows you to build multiple profiles to compartmentalize different accounts and browsing activity (similar to Firefox’s containers).

Users can easily switch between different “Profiles” on Chrome.

Users may want to install extra extensions for stronger network security, including Electronic Frontier Foundation’s HTTPS-Everywhere addon that upgrades requests to use HTTPS if the site supports it. Users may also want to install uBlock Origin and Privacy Badger, other ad/tracker blockers with access to even more tracker block lists.

Google recently announced plans to change how tracker blocking extensions work. In short, instead of the extension looking at each request and deciding whether to block it or not, the extension will give Chrome a list of things to block so the extension isn’t looking at every request.

Google expects that this will cut down on the ability of malicious extensions to steal your data, but it will also require authors of legitimate extensions to change how they work. Some of the newly proposed limitations are expected to limit the ability of tracker blockers to perform effectively. Google says that the plans are still being iterated upon, so it’s not cause for immediate panic — but it may be a reason to start reconsidering your choice in browser.

Comparison of features

These browsers all provide some similar privacy and security features, but may not be directly comparable. This table is intended to give a high-level comparison of all of the different features that were discussed above.

Legend:

  • Yes — Enabled by default
  • Available — Included in the browser, but disabled by default
  • Partial — Not fully implemented
  • Needs addon — Functionality is available through a third-party addon/extension
  • No — Not included

References:

  1. https://support.torproject.org/tormobile/tormobile-3/
  2. https://brave.com/tor-tabs-beta/
  3. https://wiki.mozilla.org/Security/Fingerprinting
  4. https://2019.www.torproject.org/projects/torbrowser/design/#philosophy
  5. https://support.mozilla.org/en-US/kb/content-blocking#w_how-to-block-more-or-fewer-trackers
  6. https://blog.chromium.org/2019/05/improving-privacy-and-security-on-web.html
  7. https://wiki.mozilla.org/Security/Sandbox
  8. https://2019.www.torproject.org/projects/torbrowser/design/#disk-avoidance
  9. https://2019.www.torproject.org/projects/torbrowser/design/#fingerprinting-scope

Freedom of the Press Foundation

Defending journalists and whistleblowers in the 21st century.

Kunal Mehta

Written by

Freedom of the Press Foundation

Defending journalists and whistleblowers in the 21st century.

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade