15 min read

Managing your privacy: Web Browsers

Managing your privacy: Web Browsers

Trying to figure out the starting point when you're beginning your privacy reboot is often the hardest part. You jump online to start your research, punching in "how to increase your privacy" into Google. After 30 minutes of reading an assortment of articles and comments on forums, you end up with more questions than when you started.  

Who do I trust? Who is right? Is there more than one way to do this? Which is better? Why do I need to do this? How is this different than what I'm doing?  I've never heard of any of these things, what are they?

After spending some time considering what someones first step should be, web browsers turned out to make the most sense. Changing your browser requires no money, no specific platform, no technical know how, little set up time, and minimal impact on day to day habits. Things like figuring out your threat model don't come into play because this is something everyone needs to do at every level.

What you'll find here is a discussion surrounding 8 specific web browsers, search engines, add-ons, why you should care about which one you use, and suitable options.


As of October 2020, Google Chrome is used by roughly 7 out of 10 internet users. Speed, design, branding, and familiarity are a handful of reasons why so many people use Chrome on a day to day basis. But, it all comes at the expense of your data.

For example, here's a handful of things Chrome collects.

  • Chrome sends your original search query, the suggestion you selected, and the position of the suggestion back to Google
  • If you've chosen to sync your Chrome history, and if Google is your default search engine, the URL of the page you’re viewing is sent to Google
  • Chrome will send a [location] request to google.com each time you start the browser
  • Chrome uses your IP address to identify your country or region.
  • Desktop versions of Chrome can provide smarter spell-checking by sending text you type into the browser to Google's servers [...]. If this feature is enabled, Chrome sends the entire contents of text fields as you type in them to Google, along with the browser’s default language.
  • When you search using the address bar in Chrome, the characters you type (even if you haven’t hit "enter" yet) are sent to your default search engine.
  • When you can’t connect to a web page, you can get suggestions for alternative pages similar to the one you're trying to reach. In order to offer you suggestions, Chrome sends Google the URL of the page you're trying to reach.
  • Chrome sends Google limited, anonymous information about the web forms that you encounter or submit while Autofill or password management is enabled, including a hashed URL of the web page and details of the form's structure

To summarize, Chrome can collect your searches, what you typed in the search bar even if you didn't complete the search, the URL of the page your viewing, your location, anything you type into the browser, the URL of pages you tried to go to but didn't load, and data around your web forms used with your auto fill. And remember, this list isn't comprehensive and any/all of this information is merged together with all of the other data Google has in your profile. It isn't exactly like Google has a clean record when it comes to data abuse.

Thankfully, Chrome isn't the only choice available.  Costing nothing more than about 15 minutes of your time, installing a new browser and going through the initial setup and settings is the first step to regaining an enormous amount of control over your digital privacy.

So, which one?

The browser market is nothing short of crowded with a mixture of old guards and up and comers.  Chrome, Opera, Internet Explorer, Safari, Firefox, Brave, Tor, Chromium, Ungoogled Chromium, IceCat, Waterfox, Iridium, Pale Moon, Vivaldi, Epic, and more are all available and all vying for your attention.

With so many choices, it's tough to know what the differences are and which options actually respect your privacy. While we aren't going to cover every browser on the market, we're going to talk about 8 of the most commonly discussed browsers on the web.

Side note: this list is in alphabetical order and is not listed "best" to "worst"


Brave

Brave launched January 2016 as a browser that had a focus on privacy and ethical advertising.  The first couple years of its life were spent as an Electron fork but eventually migrated to Google's open source project, Chromium, in 2019.

Over the years since its inception, Brave has added or enhanced multiple features to reinforce their commitment to privacy, such as better adblocking algorithms for their Shields feature, enhanced fingerprinting protection, and integrating Tor into their browser when using private tabs and windows.

But, it wasn't long before cracks began to show. Brave has been saddled with controversy after controversy after controversy as the years went on and has lost much of its luster with the privacy community because of this.

If you're looking for a Chromium based browser, Brave is a decent option after adjusting a few settings but it's no longer respected among the community and comes with multiple asterisks.

Firefox

Thanks to Mozilla's commitment to protecting its users, Firefox is often paraded as the best browser for privacy. It's open source, managed by the non-profit Mozilla Foundation, and is at the core of most privacy-focused browsers, such as Tor. Over the years, Firefox has led the charge with implementing privacy first features since they aren't reliant on data collection to stay in business.

Enhanced tracking protection to help block trackers by default, partnering with one of the most respected VPNs in the community (Mullvad) to strengthen your privacy when browsing, stripping sensitive information from URLs, enabling encrypted DNS by default to prevent snooping, and an extensive configuration page to further make granular changes are just a handful of features Mozilla has added over the years to guard your privacy. And while some other browsers treat mobile users as second class citizens, if they even serve them at all, Mozilla has been actively working to make sure you're covered not only on the big screen, but on the go as well with Firefox Focus.

However, that's not to say that Firefox hasn't had its fair share of controversy and blunders. In 2014, Mozilla launched a new feature called Directory Tiles, which later turned into Suggested Tiles, that put ads and sponsored content directly into the Speed Dial. Shortly after, they partnered with Cliqz to bundle an add-on that sent your browsing activity back to their servers and a few months after that they force installed an add-on without user interaction or permission related to a TV show.

Even with the handful of questionable decisions, you'll be hard pressed to find a more private way to browse the web for every day use after flipping a few settings.

Iridium

Per Iridium's GitHub

Iridium is an open modification of the Chromium code base, with privacy being enhanced in several key areas. Automatic transmission of partial queries, keywords, metrics to central services is inhibited and only occurs with consent.

Iridium is an open source browser based on Chromium but contains a slew of privacy enhancements turned on by default. This does mean some things don't work, such as signing into your Google account and syncing data like you can with Chrome/Chromium, since that would defeat the entire purpose.

Extensions work just like like they do in Chrome and the general style has a similar feel as well. The only true downside to Iridium is that it can lag behind in updates on certain platforms, sometimes for months. This could be a potential security issue as new vulnerabilities are constantly being patched but most updates are relatively minor.

If you want an overall solid Chromium browser, Iridium is a great choice.

Opera

When we're talking about old guards, Opera is sitting at the head of the table. Initially released 25 years ago in 1995, it's one of the oldest browsers still actively developed today. Opera has always been a part of the conversation but, for one reason or another, it's never truly been a first pick choice among users.

Opera started its life a bit different compared to what you find today. For the first 10 years of its life, Opera was paid commercial software and had its own rendering engine, Presto - which was dropped in 2013 for Chromium.  

In November 2016, the original Norwegian owner sold his stake in Opera Software company to a Chinese consortium named Golden Brick Capital Private Equity Fund I Limited Partnership for $600 million. After word spread that a Chinese group took over Opera (a proprietary browser), concerns sprouted and trust was broken.

There was already a downward trend in active users at the time and the idea with the sell off was to, beyond getting a pay out, boost the number of users using the software and grow the ecosystem.

“They have products we don’t have — and they have 500 million users in China, where we are not strong,” Boilesen said.

In 2016, a built in VPN was released.  Concerns rose as it 1) turned out to be a proxy and not really a VPN and 2) this free "VPN" was released only a couple months before they were bought out by the Chinese consortium, which lead to worries about user data being funneled to Chinese servers.

Opera may have helped shape the browser landscape but they have no place in this discussion. There are simply too many asterisks to put this browser anywhere near a recommended section for privacy conscious users and should not be used.  

Tor

When it comes to privacy, there's currently nothing as accessible and private as Tor.  Here's a quick 2 minute video explaining what Tor is and how it's able to achieve such a high level of privacy.

In short, there's two main ways Tor jumps ahead of other browsers for privacy. First, they automatically make everyone using Tor look the same. When you look exactly like 485,028 other Tor users, you being identified is next to impossible. And second, when you punch in the URL to a website, your request is encrypted multiple times and goes through three voluntarily operated servers before ending up at the destination.  

With these two things combined, you're as private as you can get when it comes to using the web. No other browser does what Tor does, even after modifications and adjustments.

Since this sounds so great, you might be wondering if you should just use Tor all the time. You can, but it comes with a couple footnotes.  

It tends to be a bit slower because of the additional servers you're jumping through and it's recommended that you don't install any add-ons to maintain the high level of privacy you're granted from the default configuration, which means you'll lose out on some quality of life extensions. You're also going to be hit with an increased amount of Google Captchas when using Tor due to general abuse from bad apples.

If privacy or anonymity is your absolute number one priority, Tor is for you. Otherwise, it's a good back up browser to use for specific things as some of the annoyances can be a bit much for the average user.

Ungoogled Chromium

If you're looking a Chromium browser that takes privacy about as far as a Chromium based browser can, look no further. Ungoogled Chromium is, as the name implies, a completely open source version of Chromium with all of the Google services and features stripped away. It takes what Iridium does and adds additional protections.

There are a couple of speed bumps however.  Extensions? They work but it's not as fluid as clicking the "Add to Chrome" button on the web store. Updates to the browser need to be done manually (some versions are slightly behind depending on the platform you're on) and building from scratch isn't exactly beginner friendly, even with documentation.

With that said, if you don't mind the bit of extra work to get extensions working and doing the maintenance to keep it up to date, Ungoogled Chromium is the best option for Chromium based browser for privacy.

Vivaldi

Launched in 2016, Vivaldi is one of the newer entrees on the browser ticket. Cofounded by Opera founder and CEO, Vivaldi, a mostly open source Chromium based browser, is geared towards reclaiming Operas original user base who may have been disgruntled by the direction Opera had taken and to hone in on the user looking for a more technical and advanced browser.

In a place where leading browsers offer simple solutions to a large number of users, we strive to offer our users with a product that is packed with rich technical features, specifically shaped according to their advanced and ever growing needs.

This certainly shows after launching Vivaldi for the first time. The number of options to tick and sheer customization available can be overwhelming even to the most internet savvy user. That isn't to say it's bad, but out of all the browsers on this list, Vivaldi will take you the longest to get through all of the settings and options to set it up how you like.

Their stance on privacy is fairly straight forward. They aren't here to harvest your data.

Apps often monitor users, create profiles, and sell data to advertisers for profit. That’s the cost of using their services for “free”.

But not Vivaldi. Honestly, we have no use for your data.

The sites you visit, what you type in the browser, your downloads – we have zero interest and zero access to that data. It’s either stored locally on your machine, or encrypted.

We have zero data to sell.

We’re not going to lie. Of course it’d be nice to have data about how you use Vivaldi (like what are your favorite features). But rather than tracking this in a creepy way, we think it’s better to ask you directly. Crazy, we know.

Coupled with built in ad and tracker blocking (still download uBlock Origin though) and end to end encrypted syncing, Vivaldi is a fantastic choice only held back from mass adoption due to being nudged towards a slightly more technical user.

Waterfox

Waterfox is a fork of Firefox created by Alex Kontos back in 2011 and has lived on with the goal of creating and maintaining an ethical, user oriented browser. While Firefox is an excellent browser, there's still some telemetry and collection happening in the background by default and Waterfox strips all of that out.  The only thing Waterfox knows is what OS you have and what version of Waterfox, which is needed to check for updates.

In 2019, System1, who are generally known for being an advertising company that collects data, bought out Waterfox in an acquihire. There was a vocal minority of concerned, and outright angry, users who were worried about Waterfox's future after being absorbed.

In reality, little has changed. Alex still maintains full control of the development of Waterfox and since the browser is open source, slipping malicious or privacy invasive features into the code isn't easy due to the public nature of commits.

This comment on the Waterfox subreddit explains what System1's role is.

- for two years, Bing has been the default search engine

- as a search syndication partner (think: Bing search), System1 has been with Waterfox for a while.

System1 : What We Do outlines three primary business areas, one of which is search:

We drive additional search traffic for the three largest search players - Google, Bing & Yahoo. We also power search for our sizeable network of partners.

Previously:

System1 revenue from search was split with Alex.

Now:

Waterfox has a development team
System1 receives all revenue from search
Waterfox receives funding from System1.

Waterfox offers a top tier browser experience without any of the cruft seen elsewhere and System1 doesn't interfere.


Search Engines

The browser itself is an important part of your online privacy but the search engine plays and equal, if not larger, role due to how often it's used.

Take a moment and think about some of the things you've searched for in Google. You'll probably think of the search you did last night asking Google or Bing to tell you the recipe for rhubarb pie or catchy memes from the 2000s.

Our average search probably doesn't amount to much more than the simple questions with simple answers, which have little impact on our lives now or in the future.  But what about some of the these?

  • "what do red bumps on arms mean"
  • "how to file for divorce"
  • "should I declare bankruptcy"
  • "how to treat hemorrhoids"
  • "painless suicide"
  • "STD symptoms"
  • "signs that you're pregnant"
  • "pros and cons of abortion"
  • "is a therapist worth it"
  • "symptoms of depression"
  • "next [political candidate] rally date"

These searches are a bit more personal but are common searches punched in every day in some form by millions of people.  Some of these questions are never uttered to anyone in real life and only Google knows these inner thoughts, questions, and concerns.  And yet, Google is indiscriminately collecting every one of those searches to profile you, used for targeted advertising, and to share with dozens, if not hundreds, of other companies.

What if healthcare providers or employers get their hands on your profile or specific information about your online history and decide to make decisions based on that? Maybe your health insurance raises your premiums because you're deemed a higher risk for illness due to searching for symptoms too many times in a certain time frame. Or maybe you're turned down for a job because one too many of your searches revolved around depression and anxiety and they can't take the chance on you since you'd be working with the public.

These things aren't tin foil hat worries either.  Employers, for example, will use any information they can get to make a decision and 70% of companies already screen people based their social media and have denied employment based on what they've found for 54% of them.  If they had access to the information Google and others have, why would we think they wouldn't use it?

Another example could be seen in a recently failed attempt to prevent obtaining our search and browsing history without a warrant. Google already allows law enforcement dragnet access to your information, so this isn't a far out situation either.

What if law enforcement scoops up your history that contains "how to be anonymous at a protest" or "best place to buy a gun"?  Even if you've never set foot near a protest or the gun was purely for hunting, you'd suddenly be under suspicion, especially in the current climate, with searches of that nature sprinkled in throughout cooking recipes and cat videos. 1300 police departments already partnered with Ring and are pushing for real time access to this data. Search history doesn't seem so far fetched anymore after seeing what's going on elsewhere.

There's also the side effect of your results changing based on information Google has about you. Google claimed as much in front of Congress that this was the case, albeit intervention happened by AI and not humans. WSJ has an extensive post regarding this subject as well.

Thankfully, the fix for all of this is simple. A change to your search engine will eliminate virtually all data harvesting with little impact on your day to day activities.  While there are many choices out there, StartPage and DuckDuckGo are the most mainstream. If you're into being different, Swisscows is a good alternative and uses Bing results.

StartPage

StartPage utilizes Google's search engine but without the data collection, profiling, and storing of your searches. They also don't personalize results, making your search results less biased. Some complain that the results are less accurate than Google but that's only because Google isn't giving you true results. They're generating results based on information they've been gathering about you from across the web. StartPage, on the other hand, is giving you an unfiltered look at what you're asking.

In 2019, System1 invested heavily into StartPage (the same System1 that bought Waterfox) and the backlash was immediate.  System1 is, generally, known for being a data collecting/analytics company in the advertising industry. Naturally, everyone was looking for answers as they were concerned that this private search engine was tainted and, essentially, no better than Google.

Questions were plentiful but communication from StartPage and System1 was nonexistent.  After a period of silence, StartPage released a statement regarding the relationship and apologized for lack of transparency. This wasn't good enough for some people and still claim foul but, to this day, there has been no proof that the privacy aspects of StartPage have changed or eroded.

DuckDuckGo

Of the two, DDG is the more well known and more advertised search engine. The biggest difference between this and StartPage is that DDG uses Bing/Yahoo results for their searches, along with some in house development for their instant answers.  

DDG also has a feature called !bangs which only showing results as if you searched from the banged site itself. For example, searching !w treehouse would strip all searches except from Wikipedia and !g dog treats strips everything except Google responses.

It's a handy feature to help drill down only to the results you're looking for but they do not offer the same privacy as using DDG itself. DDG staff have stated that you will be tracked by Google if you use the !g bang and they state on the feature page that you are subject to that site’s policies, including its data collection practices because your search is actually taking place on the banged site.

DuckDuckGo comes preloaded in many of the web browsers you want to use and only requires a simple change in the preferences to make it default.


Extensions and add-ons

You'll want to grab a few add-ons to help manage things in the background. Once these are installed, there's no need to fiddle with any additional settings (unless you want to, of course). Here's a short list of add-ons that all work in the background to enhance your privacy, with the pleasant side effect of making your overall browsing experience better.

  • uBlock Origin (Firefox/Chrome) - Blocks ads, trackers, and scripts
  • Cookie AutoDelete (Firefox/Chrome) - Deletes cookies automatically after a set amount of time or specific action, such as a domain change.
  • Multi Containers (Firefox) - Allows you to separate your tabs so one tab can't track what's going on in another.  This add-on is not available on Chrome based browsers.
  • Privacy Redirect (Firefox/Chrome) - Automatically redirects YouTube, Twitter, Instagram, and Google Maps links to their private counterparts.

If you want to take it one step further, and you're using Firefox, you can flip the switch on some behind the scenes settings as well.  Privacytools has a really nice list of what can be adjusted to enhance your privacy further. Fair warning, while this is not difficult, it's not fully "idiot proof" and it can make some website behave weirdly or break them entirely.  Many of the changes that Privacytools lists are already taken care of in Firefox's preferences and from the add-ons we installed, so this step is entirely optional.


Conclusion

So, what browser should you use?

For the average user and every day browsing:

1. Firefox/Waterfox
2. Iridium
3. Vivaldi

For the most part, the majority of browsers on this list can be customized to achieve, roughly, the same level of privacy. Firefox/Waterfox take the top spot for one, main reason: Multi-Account Containers.

This extension is extremely beneficial to privacy and is powerful enough to place it ahead of any Chromium based browser since it isn't available on those platforms.

For the privacy first user:

1. Tor
2. Ungoogled Chromium
3. Firefox/Waterfox

What about the search engine?

I believe StartPage is the best option between privacy and relevant results. DDG is good as well but personal experience with it has produced weaker results comparatively. Swisscows would be my second option as they offer better privacy than DDG while using the same results (Bing).


Want to join the discussion?  Check out this post, and others, over at the CupWire subreddit and leave a comment.