Why Should I Change my Browser?
Currently Google Chrome has the most users, but it's basically spyware, even going so far as to turn on your microphone and eavesdrop on you while you browse. Instead, you can get almost identical performance and security with a massive improvement in privacy by switching to Brave or Firefox. Changing browsers may take some getting used to at first, but is critical for improving your privacy.
Brave vs Firefox
Browsers are highly controversial. No matter what browsers I suggest, people will always say that I should've considered a different one or shouldn't have listed one I did. To see my criteria for why I selected these browers to list, check here. In the interest of transparency, I do want to acknowledge that both Brave and Mozilla have made questionable decisions. Brave's criticisms mostly revolve around their use of BAT, a cryptocurrency they developed to allow site owners and content creators to get paid based on visits and time spent on their site. You can read more about that here. Such decisions included collecting payments on behalf of a creator who claims he never got paid and injecting affiliate links into browser traffic so Brave made more money. These situations have since been corrected. For Mozilla's shortcomings, they regularly draw criticism for making their analytics opt-out rather than opt-in, making Google the default search engine, and paying their CEO over $3 million USD per year while struggling to be financially solvent. I also want readers to be aware that Firefox has been found to be issuing a temporary, one-time tracker that shares some data with Google when you download and install the program for the first time on Windows or Mac, so if you go this route I suggest you turn off your internet during the installation until you have a chance to disable analytics (discussed below).
While I don't think there is a perfect solution in this space, I personally recommend Brave for most people. It is the most Chrome-like so most users will find the transition easy, using the Chromium engine will make you "blend in" more with other chrome users, and it is extremely privacy-friendly "out of the box" without having to make a lot of advanced tweaks. Having said that, a lot of people feel very strongly about Brave as a company, the BAT token, and the idea of giving Google too much power by having too many users dependent on the Chromium engine. Therefore, I will leave it up to my readers to decide which company they consider to be more ethical and which browser is right for their needs. If you still find yourself on the fence, it's worth noting that Chromium-based browsers tend to have better security, however as long as you're using good online habits the difference should be minimal for most casual web users (Source).
Regardless of which browser you decide to go with, there is one plugin you should add to dramatically improve your privacy and security. This is uBlock Origin, a powerful, lightweight ad- and tracker-blocker. Officially, uBlock Origin is ready for use "out of the box." However, there's a few things I prefer to add to it to improve the protections it has to offer. First, I enable every option under the "Privacy" section. I then click on the tab “Filter lists” and enable everything under “Built-In,” “Ads,” "Privacy," “Malware domains,” “Annoyances,” and "Multipurpose." I would also recommend checking the "Regions, languages" section if you live outside North America and enable for your location, too. In my experience, enabling all the features has never presented any significant site breakage. However, if you find yourself repeatedly running into issues with a lot of sites not working correctly, you can easily go back to the developer's recommended settings by clicking "Reset to default settings" on the main Settings page.
Another plugin, LocalCDN, is only recommend if you don't plan to use a VPN). LocalCDN is a plugin that will replace a lot of third-party libraries like JQuery, Google, and Bootstrap and inject them locally from privacy-respecting alternate sources. These third-party libraries and CDNs can be used to track you, so this plugin helps to reduce tracking. If all that went over your head, just know that this blocks a large number of trackers without any configuration or interaction required on your end. Just install it and let it run. Again, you do not need this plugin if you're using a VPN. Brave (and Firefox with the Enhanced Tracking Protection settings I recommend in the next section) will do an excellent job of isolating third-party libraries to reduce or prevent tracking, and the VPN will prevent the trackers from seeing your IP address, making LocalCDN largely redundant.
There are two additional plugins that I think are worth adding if you feel so inclined. The first is your password manager's official plugin. Many password managers offer browser plugins to help make logging in easy and safe. There are numerous advantages to these, like protection against phishing and keyloggers, and as such I consider these okay to install if you want to. The other is Snowflake. This is a project to help certain internet users in foreign, repressive countries bypass censorship. This should not cause any kind of legal risk to you. Both of these plugins are optional, but I believe they are safe to use.
In my experience, these plugins and settings rarely cause any issues, but be aware that in extreme cases they can break sites and must be temporarily turned off if site access is required.
- Appearance: Show autocomplete in address bar: disabled
- Appearance: Always show full URLs: enabled (1)
- Social media blocking: disable all
- Privacy and security: Allow privacy-preserving product analytics (P3A): disabled
- Privacy and security: Automatically send daily usage ping to Brave: disabled
- Privacy and security: Clear browsing data: On exit: check all (2)
- Privacy and security: Cookies and other site data: Clear cookies and site data when you close all windows: enabled (3)
- Privacy and security: Security: Always use secure connections: enabled
- (Skip this setting if using a VPN.) Privacy and security: Security: Use Secure DNS: With a DNS provider from this list.
- Extensions: Hangouts: disabled
- Extensions: Private window with Tor: disabled
- Additional settings: Autofill: disable all (2)
2: There is malware capable of swiping data stored in your browser, including history and saved passwords, credit cards, and even multi-factor authentication cookies. You can choose to leave cookies and other sign-in data and history if you want, but know that it is a security risk.
3: This will sign you out of everything and reset any settings. See Note 2 for more information.
- After downloading but before installing, disconnect from the internet.1
- (Skip this setting if using a VPN.) General: Network Settings: Enable DNS over HTTPS: Custom: Select a DNS provider from this list.
- Home: Firefox Home Content: Shortcuts: Sponsored Shortcuts: uncheck
- Home: Firefox Home Content: Recommended by Pocket: Sponsored Stories: uncheck
- Search: Default Search Engine: Pick a privacy-respecting search engine.
- Privacy & Security: Enhanced Tracking Protection: Strict2
- Privacy & Security: Cookies & Site Data: Delete cookies and site data when Firefox is closed: checked3
- Privacy & Security: Logins and Passwords: uncheck all3
- Privacy & Security: Forms and autofill: uncheck all3
- Privacy & Security: History: Never remember history
- Privacy & Security: Address Bar - Firefox Suggest: Suggestions from the web: disabled
- Privacy & Security: Address Bar - Firefox Suggest: Suggestions from sponsors: disabled
- Privacy & Security: Firefox Data Collection and Use: uncheck all
- Privacy & Security: HTTPS-Only Mode: Enable HTTPS-Only Mode in all windows
2: I have never known this setting to cause any website breakage, however you can always change it back to Standard or Custom if you do.
3: There is malware capable of swiping data stored in your browser, including history and saved passwords, credit cards, and even multi-factor authentication cookies. You can choose to leave cookies and other sign-in data and history if you want, but know that it is a security risk.
Honorable Mention: LibreWolf
LibreWolf does not technically qualify to be listed on this site because it is not capable of auto-update on Mac and Windows. However, I believe LibreWolf is still worth a mention. LibreWolf is a pre-hardened fork of Firefox, offering pre-configured improvements like no telemetry, private default search options, and it comes with uBlock Origin already installed. Truthfully, LibreWolf is out-of-the-box ready to use in terms of privacy and settings. However, there are two drawbacks.
First, you should beware that LibreWolf's hardened settings may result in some website breakage. In my experience this hasn't been an issue, but I also don't use a lot of popular websites that many people do. Your results may vary. Second, as mentioned, LibreWolf does not auto-update except on Linux. You can get around this by installing the LibreWolf Updater plugin in the browser. This is an unofficial plugin, but it is officially recommended in the documentation, and therefore is likely safe. It will not auto-update the browser, but it will alert you every time a new version is available and make it easy for you to download it. From there you have to run in the install as if it were the first time. If this is a convenience tradeoff you're willing to make, then consider LibreWolf.
Honorable Mention: Tor Browser
Between the plugins and the settings changes suggested on this page, you will greatly reduce the ability of websites to track you as you go from site to site. However, it should be noted that browser fingerprinting - one of the most common forms of online tracking - is incredibly complex and ever evolving. While these changes have dramatically reduced your fingerprint, you should not assume - as with any of the advice I give on this site - that you are totally invisible or untrackable. If you want to achieve maximum privacy and/or anonymity, consider using the Tor Browser.
The Tor browser is a somewhat common daily browser among privacy enthusiasts for a few reasons. If you're unfamiliar with Tor, check out my Tor Crash Course video. The Tor browser routes only your browser traffic through the Tor network and not all device traffic. The Tor browser also comes pre-packaged with a more advanced content blocker called No-Script which can be used to block ads, as well as a ton of unseen, powerful tracker-blocking features. The Tor browser also isolates each tab and changes your relay path with every new website you visit to help further protect your anonymity. Using the Tor Browser as your main browser is a great idea, but keep in mind that many legitimate websites such as banking and e-commerce sites block known Tor addresses to prevent abuse and fraud, so you'll want to keep a copy of Brave/Firefox installed for when that happens. Additionally, using the Tor Browser in a truly, 100% anonymous way is incredibly difficult and requires very intentional browsing habits, so don't do anything illegal. Finally, because all nodes are volunteer-run and therefore work on an "honor system," be sure to check that any site you login or transfer personal data across is using HTTPS (the lock icon at the beginning of the address bar) and is the actual site and not a fake phishing site designed to look like the real thing.
If you're still unsure what browser is right for you, Privacy Tests and Cookie Status compare a few of the more popular choices.