Securing Your Browser
Why Should I Change my Browser?
Currently Google Chrome has the most users, but it’s basically spyware, even going so far as to turn on your microphone and eavesdrop on you while you browse. Instead, you can get almost identical performance and security with a massive improvement in privacy by switching to Brave or Firefox. Changing browsers may take some getting used to at first, but is critical for improving your privacy.
Brave vs Firefox
Browsers are highly controversial. No matter what browsers I suggest, people will always say that I should’ve considered a different one or shouldn’t have listed one I did. To see my criteria for why I selected these browers to list, check here. In the interest of transparency, I do want to acknowledge that both Brave and Mozilla have made questionable decisions. Brave’s criticisms mostly revolve around their use of BAT, a cryptocurrency they developed to allow site owners and content creators to get paid based on visits and time spent on their site. You can read more about that here. Such decisions included collecting payments on behalf of creators without consent, and injecting affiliate links into browser traffic so Brave made more money, and installing software without transparency. These situations have since been corrected. For Mozilla’s shortcomings, they regularly draw criticism for having poor default settings, having a hostile attitude toward users, paying their CEO over $3 million USD per year while struggling to be financially solvent, and investing in a wide-range of companies that seem to have little to do with their original mission while failing to focus adequate resources on their browser. I also want readers to be aware that Firefox has been found to be issuing a temporary, one-time tracker that shares some data with Google when you download and install the program for the first time on Windows or Mac, so if you go this route I suggest you turn off your internet during the installation until you have a chance to disable analytics (discussed below).
While I don’t think there is a perfect solution in this space, I personally recommend Brave for most people. It is the most Chrome-like so most users will find the transition easy, using the Chromium engine will make you “blend in” more with other chrome users, and it is extremely privacy-friendly “out of the box” without having to make a lot of advanced tweaks. Having said that, a lot of people feel very strongly about Brave as a company, the BAT token, and the idea of giving Google too much power by having too many users dependent on the Chromium engine. Therefore, I will leave it up to my readers to decide which company they consider to be more ethical and which browser is right for their needs.
Extensions
If you decide to go with Brave, you don’t need to add any additional extensions (except for the ones in the next paragraph if you decide). If you decide to go with Firefox, you should install uBlock Origin, a powerful, lightweight ad- and tracker-blocker. Malicious, fake ads designed to scam you or trick you into downloading malware (called “malvertising”) have become such a serious problem that even the FBI recommends that you use an ad-blocker. Officially, uBlock Origin is ready for use “out of the box.” However, there are a couple of filters I recommend enabling in the “Filter lists” tab of the settings to improve the protections and convenience it has to offer. I recommend enabling every filter under the “Privacy” section, and every filter except for “EasyList - Notifications” under the “Annoyances > EasyList - Annoyances” section. Under the privacy section, these filters will block website’s attempts to probe your local network and strip the tracking portion of links when you go to share them. The Annoyances filters will block various pop-ups that you may frequently encounter on various websites including newsletter join forms, cookie consent banners, chat bots, social media share suggestions, and more. You may feel tempted to add other filters. This is personal preference, but beware that adding additional filters may cause breakage on some websites. Furthermore, some people suggest that blocking additional content that other users are not blocking may make you easier to fingerprint.
There are two additional extensions that I think are worth adding if you feel so inclined. The first is your password manager’s official extension. Many password managers offer browser extensions to help make logging in easy and safe. There are numerous advantages to these, like protection against phishing and keyloggers, and as such I consider these okay to install if you want to. The other is Snowflake (this is optionally included in Brave, see the recommended settings below). This is a project to help certain internet users in foreign, repressive countries bypass censorship. This should not cause any kind of legal risk to you. Both of these extensions are optional, but I believe they are safe to use.
I strongly advise against installing any other extensions unless absolutely necessary. The more extensions you install, the more easily your browser can be fingerprinted, making it easier to track you across the web despite any other privacy-enhancing changes you make to your browser or browsing habits. They also present a serious security risk as extensions typically have advanced privileges that allow them to modify the web page, read data, and other necessary functions that could be abused for malicious purposes.
Settings
Brave
- Appearance:
- Show autocomplete in address bar: disabled
- Always show full URLs: enabled (1)
- Social media blocking: disable all
- Privacy and security:
- Allow privacy-preserving product analytics (P3A): disabled
- Automatically send daily usage ping to Brave: disabled
- Clear browsing data: On exit: check all (2)
- Cookies and other site data: Clear cookies and site data when you close all windows: enabled (3)
- Security: Always use secure connections: enabled
- (Skip this setting if using a VPN) Security: Use Secure DNS: With a DNS provider from this list.
- Private window with Tor: disabled
- Volunteer to help others connect to the Tor network: enabled (this is a built-in integration of the Snowflake extension discussed above)
- Shields:
- Content filtering: Easylist-Cookie List: Enabled
- Extensions:
- Hangouts: disabled
- Additional settings:
- Autofill: disable all (2)
1: This allows you to see the full URL and help defend against phishing attacks.
2: There is malware capable of swiping data stored in your browser, including history and saved passwords, credit cards, and even multi-factor authentication cookies. You can choose to leave cookies and other sign-in data and history if you want, but know that it is a security risk.
3: This will sign you out of everything and reset any settings. See Note 2 for more information.
Firefox
- General: Browsing: Recommend extensions as you browse: Uncheck
- General: Browsing: Recommend features as you browse: Uncheck
- Home: Firefox Home Content: Shortcuts: Sponsored Shortcuts: uncheck
- Home: Firefox Home Content: Recommended by Pocket: Sponsored Stories: uncheck
- Search: Default Search Engine: Pick a privacy-respecting search engine.
- Privacy & Security: Enhanced Tracking Protection: Strict1
- Privacy & Security: Cookies & Site Data: Delete cookies and site data when Firefox is closed: checked3
- Privacy & Security: Passwords: Uncheck all2
- Privacy & Security: Autofill: Uncheck all2
- Privacy & Security: History: Never remember history
- Privacy & Security: Firefox Data Collection and Use: Uncheck all
- Privacy & Security: Website Advertising Preferences: Allow websites to perform privacy-preserving ad measurement: Uncheck
- Privacy & Security: HTTPS-Only Mode: Enable HTTPS-Only Mode in all windows
- (Skip this setting if using a VPN.) Privacy & Security: Enable DNS over HTTPS: Max Protection: Select a DNS provider from this list.
1: I have never known this setting to cause any website breakage, however you can always change it back to Standard or Custom if you do.
2: There is malware capable of swiping data stored in your browser, including history and saved passwords, credit cards, and even multi-factor authentication cookies. You can choose to leave cookies and other sign-in data and history if you want, but know that it is a security risk.
Honorable Mentions
Mullvad Browser
While the Mullvad Browser technically meets the criteria to be listed as an official recommendation here, I list it as an “honorable mention” for one reason: usability. The Mullvad Browser is the result of a collaboration between Mullvad VPN and The Tor Project and is ultimately based on Firefox. The Mullvad Browser is basically “the Tor Browser without Tor.” It attempts to make all users look the same by applying the same settings to every user, thus defeating browser fingerprinting (please note it is recommended to use Mullvad Browser with a VPN). Furthermore, the Mullvad Browser offers a number of “hardening” features that make it more private and secure than regular Firefox. However, these changes may come at the cost of some possible site breakage from time to time, including breaking certain security features that I encourage (like the use of hardware security tokens, for example). I strongly recommend Mullvad Browser as a daily browser - in most cases, it will work excellently with few issues - however my advice to keep a backup browser (at the bottomo of this page) is particularly salient if you choose to do so.
Tor Browser
Between the extensions and the settings changes suggested on this page, you will greatly reduce the ability of websites to track you as you go from site to site. However, it should be noted that browser fingerprinting - one of the most common forms of online tracking - is incredibly complex and ever evolving. While these changes have dramatically reduced your fingerprint, you should not assume - as with any of the advice I give on this site - that you are totally invisible or untrackable. If you want to achieve maximum privacy and/or anonymity, consider using the Tor Browser.
The Tor browser is a somewhat common daily browser among privacy enthusiasts for a few reasons. If you’re unfamiliar with Tor, check out my Tor Crash Course video. In a nutshell, the Tor Browser is a hardened version of Firefox with a number of changes that make it extra resilient against tracking. It attempts to make everyone look the same, thus making tracking harder. It further accomplishes this by routing all your traffic through several relays before arriving at the destination website. All these changes add up to make Tor users as anonymous as possible in the modern era, with a few caveats. Using the Tor Browser as your main browser is a great idea, but keep in mind that many legitimate websites such as banking and e-commerce sites block known Tor addresses to prevent abuse and fraud, so you’ll want to keep a backup browser installed for when that happens. Note that using the Tor Browser in a truly, 100% anonymous way is incredibly difficult and requires very intentional browsing habits, so don’t do anything illegal. Finally, because all nodes are volunteer-run and therefore work on an “honor system,” be sure to check that any site you login or transfer personal data across is using HTTPS (the lock icon at the beginning of the address bar) and is the actual site and not a fake phishing site designed to look like the real thing.
If you’re still unsure what browser is right for you, Privacy Tests and Cookie Status compare a few of the more popular choices.
I recommend keeping both recommended browsers and using the opposite one as a backup. For example, if you decide to use Brave, I would keep Firefox as a backup and vice versa. In many cases a website that experiences issues in one browser is likely to work in the other since they use different rendering engines. Even if you dislike the company behind the other browser and don’t plan to use it as your “daily driver,” it’s still wise in my experience to have it available as a fallback. More often than not, it works.