A secure browser that protects your privacy is absolutely essential for staying safe online and keeping your data secure from third parties.
Unless properly configured, most browsers contain vast amounts of private information that can potentially be exploited – or simply collected – by third parties:
- Browsing history – all the websites you visit
- Login credentials – usernames and passwords
- Cookies and trackers – these are placed on your browser by the sites you visit
- Autofill information – names, addresses, phone numbers, etc.
Aside from all of the data mentioned above, browsers can also expose your identity – even if you are using one of the best VPN services available. In other words, even when using a VPN to hide your true IP address and location, your browser may reveal your identity through WebRTC leaks or browser fingerprinting.
Fortunately, there are relatively simple solutions to all of these problems, which we will cover in this guide:
- Popular browsers to avoid
- Best secure browsers that respect your privacy (top 5 picks)
- Browser privacy compartmentalization
- Secure browser add-ons
Choosing the right browser – based on both privacy and security considerations – is crucial since your browser can reveal so much private information. With that in mind, we’ll first examine popular browsers to avoid.
Browsers to avoid
While some browsers claim to be secure against vulnerabilities, they also abuse your privacy by collecting private data, including your browsing history, which is often shared with third parties and advertisers. First up on the offender list is Google Chrome.
Google Chrome may be the most popular browser that is secure and hardened against exploits, but it’s horrible when it comes to privacy. At heart, Google is fundamentally a data collection company that works hard to know everything about you, which helps Google to dominate the advertising industry. For this basic reason, it’s a good idea to consider alternatives to all Google products, including Chrome.
In a previous article, we even covered how Chrome scans files on your computer. While it may be secure against exploits, Chrome is absolutely not worth the privacy tradeoff and handing over your data to Google.
Microsoft Internet Explorer/Edge
Edge is another browser that’s offered by a data collection behemoth: Microsoft.
Just like with Windows, it’s a good idea to avoid all Microsoft products, including Internet Explorer, and their newest browser called Edge. Internet Explorer and Edge are also closed-source, so there’s no telling what’s going on behind the scenes.
You can see above that Opera is explicitly stating that your data will be collected and shared with third parties. Additionally, Opera was sold to a large Chinese conglomerate and it’s not clear if there are any protections of user data under Chinese law – unlike, for example, with the GDPR in Europe.
Best secure browsers
In this section we will examine the best secure browsers based on two main factors:
- Security – How well does the browser protect you from hackers, vulnerabilities, and online exploits?
- Privacy – How much data is the browser itself collecting about you – and who is this data being shared with?
Also keep in mind, it’s a great idea to use different browsers for different purposes. This is called compartmentalization, which we’ll cover below. So without further delay, here are the best secure browser recommendations for 2018.
Firefox is an excellent all-around browser for privacy and security. It offers strong privacy protection features, customization options, excellent security, and regular updates with an active development team. The newest version of Firefox – Firefox Quantum – is fast and light-weight with many customization options.
Out of the box, Firefox is not the best for privacy, but it can be customized and hardened – as explained in the Firefox privacy guide. Be sure to disable telemetry in Firefox, which is a feature that will collect “technical and interaction data” and also “install and run studies” within your browser. However, there are recent reports suggesting that Mozilla is still collecting telemetry data, even when disabled.
Another great benefit with Firefox is the ability to use numerous browser extensions that will enhance your privacy and security. We’ll go over some of these extensions below.
- Open source code that was also audited by a third party
- Active development with frequent updates
- Excellent privacy features and customization options
- Many browser extensions supported
- Telemetry and tracking need to be manually disabled (but data may still be getting collected by Mozilla)
- Other modifications necessary for more privacy and security
If you want to keep using older add-ons that are no longer supported by Firefox Quantum, you can go with the Firefox Extended Support Release (ESR), or one of the Firefox forks discussed below. If you want a privacy-focused version of Firefox for Android, you could go with Firefox focus.
For additional customization and privacy settings, check out the Firefox privacy guide.
Waterfox is a fork of the open source Firefox browser, mentioned above. It may be a good browser for people who still want Firefox functionality, but without using standard Mozilla Firefox. After all, Mozilla has enabled telemetry options to collect user data with Quantum, while also collecting user browsing history through Cliqz. Additionally, it was recently revealed that telemetry data is still being sent to Mozilla, even if the user has opted out.
The main drawback with Waterfox – and other Firefox forks, for that matter – is slower security updates. Waterfox is based on Firefox 56, and although it will work with older add-ons, some may opt for the newer version of Firefox Quantum for security reasons.
Alex Kontos, the developer behind Waterfox, is also working on an alternative search engine and is a big advocate of online privacy, which is why he removed all of the tracking and other fluff that Mozilla put into Firefox. Regarding browser tracking, he explained:
We offer complete anonymity. It’s a moral issue. You don’t want to feel that there is always someone looking over your shoulder when you’re online, so I removed all the tracking features.
From a privacy perspective, Waterfox is much better than Firefox by default – especially for those who don’t trust Mozilla after all the different privacy issues. But from a security standpoint, Firefox would be slightly better, due to faster updates. Nonetheless, Waterfox is a solid option that is somewhat popular among privacy-conscious users.
- Based on Firefox 56 (with ESR security patches)
- Open source
- Allows you to use older Firefox add-ons
- Tracking, telemetry, data collection, startup profiling, and sponsored tiles have been removed
- Less active development and slower security updates in comparison to standard Firefox
Among the different Firefox forks available, Waterfox seems to be the best.
Brave is a Chromium-based browser that is fast, secure, and very privacy-focused by default with a built-in ad blocker. The main developer behind Brave is Brandon Eich, who formally worked for Mozilla. For out-of-the-box privacy and security, Brave is a great option.
The main drawback, however, is that Brave is based on Chromium. Chromium is the open-source code behind the Google Chrome browser – but with all of the proprietary and privacy-abusing features stripped out. One other drawback with Brave is that it is vulnerable to WebRTC leaks, but there’s a simple solution for fixing that with Brave.
Brave does very well with its default privacy settings and extra features. Here is a brief overview:
- Blocks ads and trackers by default
- Protects against browser fingerprinting
- Built-in script blocker
- Automatically upgrades to HTTPS (HTTPS Everywhere)
To protect against the possibility of WebRTC leaks, simply set the Fingerprinting Protection option to “Block All Fingerprinting”:
You can read more about Brave’s unique features here. It remains one of my top recommendations.
Pale Moon is another open-source fork of Firefox, based on older version of Firefox (Firefox 38 ESR). This gives it the look and feel of an older browser. While Pale Moon does support some older Firefox add-ons, many of the newer extensions are not supported.
Similar to Waterfox, Pale Moon strips out all of the dubious features of Firefox that undermine user privacy. Pale Moon is based on Goanna, rather than Gecko, and is available on Linux and Windows. The user interface is also very customizable, although it does feel a bit dated.
Pale Moon highlights:
- Open-source, based on Firefox 38 ESR
- Lightweight and customizable
- Compatible with older Firefox add-ons (but not all newer add-ons)
- No telemetry, data collection, or other unnecessary Mozilla features
Last up we have the Tor browser. The Tor browser is a hardened version of Firefox that is configured to run on the Tor network. By default, it is a secure browser that protects you against browser fingerprinting, but it also has some noteworthy disadvantages.
By default, the Tor browser is not a good alternative for most users. Since it uses the Tor network, download speeds are very slow. The default version of the browser also breaks most websites, since it uses NoScript. Finally, there are also drawbacks with the Tor network itself, including malicious exit nodes, slow speeds, and some consider it to be fundamentally compromised. (See also the Tor guide for more pros/cons of Tor and the Tor browser.)
Another option is to use the Tor browser with a VPN service and the Tor network disabled. The instructions for this are in the browser fingerprinting guide. Be careful when adjusting the settings for the Tor browser, however, as this may compromise the browser’s privacy and security functionality.
There are also a few options that did not make the recommendation list, but they also do not fit into the ‘avoid’ category.
Safari is the default browser for Mac OS and iOS devices. Overall, Safari is not a horrible choice in terms of privacy and tracking protection – but it also cannot be recommended for a few reasons:
- Apple is a partner in the NSA PRISM program
- Apple was caught “hoarding” Safari browsing history – even after it was deleted
- Apple was found to be collecting Safari history even when used in private mode
On a positive note, however, Apple does much better with privacy than other large companies, such as Microsoft and Google. The Safari browser blocks third-party cookies by default and also implements cross-site tracking protection.
Vivaldi is a Chromium-based browser with source-code modifications that can be seen here. It is less popular than other browsers, with less active development than Firefox, for example. Being based on Chromium, it is also vulnerable to WebRTC leaks.
When you install Vivaldi browser (“Vivaldi”), each installation profile is assigned a unique user ID that is stored on your computer. Vivaldi will send a message using HTTPS directly to our servers located in Iceland every 24 hours containing this ID, version, cpu architecture, screen resolution and time since last message. We anonymize the IP address of Vivaldi users by removing the last octet of the IP address from your Vivaldi client then we store the resolved approximate location after using a local geoip lookup. The purpose of this collection is to determine the total number of active users and their geographical distribution.
Being assigned a unique ID and the inability to opt out of this data collection may be concerning for privacy-conscious users.
Browser privacy and compartmentalization
One problem that often comes with browser privacy and security is that people want to remain logged in to various accounts, while also browsing the web. This is problematic because it allows these sites to track your browsing activity and link that up to your identity. For example, with Facebook and Google products.
One potential solution to this problem is browser compartmentalization. This is when you use different web browsers for different online activities. For example:
- Browser #1 will only be used for accessing your online accounts that require a password.
- Browser #2 will only be used for web browsing, with strict privacy configurations (private mode) and no cookies or history being stored on the browser.
You can also utilize different browsers, configured exactly the way you want, for other purposes online, depending on your needs and threat model. The key is to keep the compartmentalization very strict and not break the rules/uses for each browser.
Password managers – It should also be noted that storing your passwords in the browser may be risky depending on the browser you are using. A better alternative would be to utilize a secure password manager, such as KeePass or LessPass.
Secure browser add-ons
In addition to adjusting the settings within your browser, there are also a number of different add-ons or extensions you can install to improve the browser’s privacy and security.
Here are a few different options, but they may not all be supported by the browser you are using:
- uBlock Origin – This is one of the best browser-based ad blockers available that will also protect you against tracking.
- HTTPS Everywhere – An add-on from the folks at Electronic Frontier Foundation, this will force websites to use a secure HTTPS encrypted connection (when available).
- Privacy Badger – Privacy Badger is also from EFF that blocks spying ads and trackers.
- Cookie Autodelete – This will automatically delete cookies that are no longer needed from your browser.
- Decentraleyes – This protects you against tracking via content delivery networks.
- uMatrix – This gives you control over all the requests that may be tracking you as you visit different websites (extensive configuration necessary).
- NoScript – NoScript allows you to customize exactly which scripts run on the websites you visit. Like uMatrix, this is for advanced users and requires lots of customization, since it will break most websites by default.
- Random User Agent – Available for Firefox and Chrome, this add-on will cycle through various user agents, allowing you to spoof different browsers and operating systems (see their GitHub page for more info).
Warning: Be cautious about using third-party add-ons and browser extensions. Many of these function as spyware and will collect your data for profit. This is especially true with free VPN or browser proxy add-ons, even if they are highly-rated in the Play or Apple stores. Do your research before installing any browser add-on or extension.
Conclusion on secure browsers and privacy
A well-configured secure browser is crucial for protecting your data as you browse the web. This is simply because most browsers will contain vast amounts of private data by default, which makes them ripe targets for exploitation.
If you are looking for a high degree of online anonymity, the top three privacy tools to consider (in my opinion) are:
- A secure browser
- A good VPN service (see the best VPN guide)
- An advertisement and tracking blocker
Fortunately, all of the secure browsers featured in this guide are customizable and can also be used with various add-ons to further enhance your privacy and security.