This new and updated secure browser guides takes a deep dive into the topics of browser security and privacy. (Updated on June 7, 2019)
A secure browser that protects your privacy is absolutely essential for staying safe online and keeping your data secure from third parties.
Unless properly configured, most browsers contain vast amounts of private information that can potentially be exploited – or simply collected – by third parties:
- Browsing history: all the websites you visit
- Login credentials: usernames and passwords
- Cookies and trackers: these are placed on your browser by the sites you visit
- Autofill information: names, addresses, phone numbers, etc.
Aside from all of the data mentioned above, browsers can also expose your identity – even if you are using one of the best VPN services available. In other words, even when using a VPN to hide your true IP address and location, your browser may reveal your identity through WebRTC leaks or browser fingerprinting.
Fortunately, there are relatively simple solutions to all of these problems, which we will cover in this guide:
- Best secure browsers that respect your privacy
- Popular browsers to avoid
- Browser privacy compartmentalization
- Secure browser add-ons
Choosing the right browser, based on both privacy and security considerations, is crucial since your browser can reveal so much private information. With that in mind, we’ll first examine popular browsers to avoid.
Secure browsers that protect your privacy
In this section we will examine the best secure browsers based on two main factors:
- Security: How well does the browser protect you from hackers, vulnerabilities, and online exploits?
- Privacy: How much data is the browser itself collecting about you and who is this data being shared with? How does the browser protect your privacy?
Just like with Tor, opinions about browser privacy and security can be wildly divergent and contentious.
This guide is not meant to sell everyone on one browser that beats all others for 2019. Rather, it is just a summary of information about different web browsers that do well with both privacy and security.
What is the most secure browser?
Ultimately, there is no best or most secure browser that is the same for everyone. Instead, you should choose the best browser for you based on your unique needs and threat model.
Here are the most secure and private browsers for 2019:
1. Firefox (modified and tweaked for privacy)
Firefox is a great all-around browser for privacy and security. It offers strong privacy protection features, customization options, excellent security, and regular updates with an active development team. The newest version of Firefox, Firefox Quantum, is fast and light-weight with many customization options.
Out of the box, Firefox is not the best for privacy, but it can be customized and hardened, as explained in my Firefox privacy modifications guide. Be sure to disable telemetry in Firefox, which is a feature that will collect “technical and interaction data” and also “install and run studies” within your browser.
Another great benefit with Firefox is the ability to use numerous browser extensions that will enhance your privacy and security. We’ll go over some of these extensions further below.
- Open source code that was also audited by a third party
- Active development with frequent updates
- Excellent privacy features and customization options
- Many browser extensions supported
- Telemetry and tracking need to be manually disabled
- Other modifications necessary for more privacy and security
If you want to keep using older add-ons that are no longer supported by Firefox Quantum, you can go with the Firefox Extended Support Release (ESR), or one of the Firefox forks discussed below. If you want a privacy-focused version of Firefox for Android, you could try Firefox focus.
For additional customization and privacy settings, check out the Firefox privacy guide.
2. Iridium browser
Iridium is a secure browser that is also based on Chromium, configured for more privacy. This might be a good option for anyone wanting a browser that supports Chrome extensions, while also having much more privacy than you’d get from Chrome.
As explained on Iridium’s official site:
Iridium Browser is based on the Chromium code base. All modifications enhance the privacy of the user and make sure that the latest and best secure technologies are used. Automatic transmission of partial queries, keywords and metrics to central services is prevented and only occurs with the approval of the user. In addition, all our builds are reproducible and modifications are auditable, setting the project ahead of other secure browser providers.
Our ambition is to get builds for Debian, Ubuntu, openSUSE, Fedora, RHEL/CentOS, Windows and macOS a couple of days after a new release of Chromium. To achieve this, we need help from individuals and organisations who have the same intention. Currently, there are weeks between a new release of Iridium and Chromium.
3. GNU IceCat browser
GNU IceCat is a fork of Firefox from the GNU free software project. IceCat is entirely “free software” as defined here and also includes various privacy add-ons and tweaks by default. Here are the privacy-protection features listed from the IceCat page:
- Fingerprinting countermeasures
Learn more about IceCat on the official page below.
4. Tor browser
Next up we have the Tor browser. The Tor browser is a hardened version of Firefox that is configured to run on the Tor network. By default, the Tor Browser is a secure browser that protects you against browser fingerprinting, but it also has some disadvantages.
Because it uses the Tor network, which routes traffic over three different hops, download speeds with the Tor browser can be quite slow. The default version may also break websites due to script blocking. Finally, there are also drawbacks with the Tor network itself, including malicious exit nodes, slow speeds, ties to the US government, and some consider it to be fundamentally compromised. (I also write about the pros and cons of Tor here.)
Another option is to use the Tor browser with a VPN service and the Tor network disabled (like any other standard browser). The instructions for this are in the browser fingerprinting guide. Be careful when adjusting the settings for the Tor browser, however, as this may compromise the browser’s privacy and security.
5. Ungoogled Chromium browser
Ungoogled Chromium is a 100% open source project to provide a Chromium browser, without the Google privacy issues:
ungoogled-chromium is Google Chromium, sans integration with Google. It also features some tweaks to enhance privacy, control, and transparency (almost all of which require manual activation or enabling).
ungoogled-chromium retains the default Chromium experience as closely as possible. Unlike other Chromium forks that have their own visions of a web browser, ungoogled-chromium is essentially a drop-in replacement for Chromium.
Ungoogled Chromium receives regular Chromium security updates.
6. Brave browser
Brave is a Chromium-based browser that is fast, secure, and privacy-focused by default with a built-in ad blocker. The main developer behind Brave is Brandon Eich, who formally worked for Mozilla. For out-of-the-box privacy and security, Brave is a decent option.
Like Iridium, Brave is also based on Chromium, with many privacy-abusing features/preferences stripped out. Brave does well with its default privacy settings and extra features. Here is a brief overview:
- Blocks ads and trackers by default
- Protects against browser fingerprinting
- Built-in script blocker
- Automatically upgrades to HTTPS (HTTPS Everywhere)
Brave now has ads – Despite offering “ad blocking” in the browser, Brave officially launched its own ad program in April 2019. The ads will be vetted by Brave and there’s a revenue-sharing model for users or certain websites to get a percentage of the revenue. Some have called this move hypocritical for a “privacy” browser to roll out an advertising program – but it’s also not too surprising.
WebRTC – It’s also worth noting that all Chromium-based browsers are vulnerable to the WebRTC leak issue, whereby your real IP address can be exposed, even if you are using a VPN service. While there are solutions to WebRTC leaks for all browsers, but with Chromium, you’ll need to block WebRTC because it cannot be completely disabled (such as with Firefox).
To protect against the possibility of WebRTC leaks in Brave, simply set the Fingerprinting protection option to “Block All Fingerprinting”:
Keep in mind, however, that to effectively “block all fingerprinting” you will probably need to consider other factors as well – see the browser fingerprinting guide. You can read more about Brave’s privacy and security features here.
7. Waterfox browser
Waterfox is a fork of the open source Firefox browser, mentioned above. It may be a good browser for people who still want Firefox functionality, but without using standard Mozilla Firefox. After all, Mozilla has enabled telemetry options to collect user data with Quantum, while also collecting user browsing history through Cliqz.
The main drawback with Waterfox, and other Firefox forks, for that matter, is slower security updates. See the latest releases of Waterfox here. From a privacy perspective, however, Waterfox is better than Firefox by default and it remains a popular Firefox alternative among privacy-focused users.
- Based on Firefox (see latest releases)
- Open source
- Allows you to use older Firefox add-ons
- Tracking, telemetry, data collection, startup profiling, and sponsored tiles have been removed
- Less active development and slower security updates in comparison to standard Firefox
8. Pale Moon browser
Pale Moon is another open-source fork of Firefox, which aims for efficiency and customization. In testing out Pale Moon, it does indeed offer great customization options, as well as support for older Firefox add-ons and its own lineup of add-ons. The design feels a bit dated, but it’s also not overly-cluttered and is very lightweight and fast.
Pale Moon is currently available on Windows and Linux, with other operating systems in development. Unlike other Firefox forks, Pale Moon runs on its own browser engine, Goanna, which is a fork of Gecko (used by Firefox).
Opinions on Pale Moon can be rather mixed. The Pale Moon website has some interesting information; here are a few useful links I found:
Overall, Pale Moon might be a good option for some people. Although it feels a bit dated, Pale Moon is also fast, lightweight, customizable.
Other browsers that I don’t recommend using
While some browsers claim to be secure against vulnerabilities, they might not be the best choice from a privacy perspective.
1. Google Chrome
Google Chrome is by far the most popular browser. Unfortunately, it’s a data collection tool as well and not a good choice for anyone looking for privacy.
2. Microsoft Internet Explorer/Edge
Edge is a Microsoft product.
Just like with Windows, it’s a good idea to avoid Microsoft products, including Internet Explorer, and their newer browser called Edge. Internet Explorer and Edge are also closed-source, so there’s no telling what’s going on behind the scenes, and they’re also not the best for privacy reasons.
3. Opera browser
4. Epic browser
Epic is a browser based on Chromium, created by “Hidden Reflex” which is based in India. Since 2014, Epic has been claiming they would open source the code, but it remains closed source today. What’s going on behind the scenes? How do they manage Chromium and remove invasive code? Who knows.
One person who analyzed Epic found it to be connecting to Google on startup. This means that Epic is not, in fact, de-googled as it claims.
There are many better Chromium-based browsers to consider, such as Iridium, Ungoogled Chromium, or even Brave.
5. Safari browser
Safari is the default browser for Mac OS and iOS devices. Overall, Safari is not a horrible choice in terms of privacy and tracking protection – but it also cannot be recommended for a few reasons:
- Apple is a partner in the NSA PRISM program
- Apple was caught “hoarding” Safari browsing history – even after it was deleted
- Apple was found to be collecting Safari history even when used in private mode
On a positive note, however, Apple does somewhat better with privacy than other large companies. The Safari browser blocks third-party cookies by default and also implements cross-site tracking protection.
6. Vivaldi browser
When you install Vivaldi browser (“Vivaldi”), each installation profile is assigned a unique user ID that is stored on your computer. Vivaldi will send a message using HTTPS directly to our servers located in Iceland every 24 hours containing this ID, version, cpu architecture, screen resolution and time since last message. We anonymize the IP address of Vivaldi users by removing the last octet of the IP address from your Vivaldi client then we store the resolved approximate location after using a local geoip lookup. The purpose of this collection is to determine the total number of active users and their geographical distribution.
You can read more about Vivaldi here, although it’s not recommended for privacy reasons.
Browser privacy and compartmentalization
One problem that often comes with browser privacy and security is that people want to remain logged in to various accounts, while also browsing the web. This is problematic because it allows these sites to track your browsing activity and link that up to your identity.
One potential solution to this problem is browser compartmentalization. This is when you use different web browsers for different online activities. For example:
- Browser #1 will only be used for accessing your online accounts that require a password.
- Browser #2 will only be used for web browsing, with various privacy configurations (private mode) and no cookies or history being stored on the browser.
- Browser #3 could be completely locked down for maximum privacy and security.
You can also utilize different browsers, configured exactly the way you want, for various purposes, depending on your needs and threat model. The key is to keep the compartmentalization strict and not break the rules/uses for each browser.
Virtual machines – On the topic of compartmentalization, using virtual machines is also a good idea for both privacy and security. You can easily run Linux VMs through VirtualBox (FOSS) on your host computer.
Password managers – It should also be noted that storing your passwords in the browser may be risky depending on the browser you are using, especially since browsers typically store passwords in cleartext. A better alternative would be to utilize a secure password manager, such as Bitwarden, KeePass or LessPass.
Browser add-ons for security and privacy
In addition to adjusting the settings within your browser, there are also a number of different add-ons or extensions you can install to improve your browser’s privacy and security.
Here are a few different options, but they may not all be supported by the browser you are using:
- uBlock Origin – This is one of the best browser-based ad blockers available that will also protect you against tracking.
- HTTPS Everywhere – An add-on from the folks at Electronic Frontier Foundation, this will force websites to use a secure HTTPS encrypted connection (when available).
- Privacy Badger – Privacy Badger is also from EFF that blocks spying ads and trackers.
- Cookie Autodelete – This will automatically delete cookies that are no longer needed from your browser.
- Decentraleyes – This protects you against tracking via content delivery networks.
- uMatrix – This gives you control over all the requests that may be tracking you as you visit different websites (extensive configuration necessary).
- NoScript – NoScript allows you to customize exactly which scripts run on the websites you visit. Like uMatrix, this is for advanced users and requires lots of customization.
Warning: Be cautious about using third-party add-ons and browser extensions. Do your research first, since add-ons could function as spyware and data collection tools for third parties. This is especially true with free VPN services or browser proxy add-ons, even if they are highly rated in the Google Play or Apple stores.
Conclusion on secure browsers and privacy
A well-configured secure browser is crucial for protecting your data as you browse the web with privacy.
In addition to using a secure browser that is configured to protect your privacy, you should also consider using:
- An ad blocker – Ads basically function as advanced tracking and data collection tools for advertising networks. Ads often track your activity, which is used to build a data profile and then serve you personalized ads. (See the ad blocker guide.)
- A VPN (virtual private network) – A VPN will encrypt and anonymize your internet traffic, hide your real IP address and location, while also unblocking restricted content. With most internet providers recording your online activities (through DNS requests), using a good VPN service is now just common sense. (I also have a guide where I explain what is a VPN and common uses.)
Last updated on June 7, 2019.