Securing Your Browser
Why Should I Change my Browser?
Currently Google Chrome has the most users, but it’s basically spyware, even going so far as to turn on your microphone and eavesdrop on you while you browse. Instead, you can get almost identical performance and security with a massive improvement in privacy by switching to Brave or Firefox. Changing browsers may take some getting used to at first, but is critical for improving your privacy.
Brave vs Firefox
Browsers are highly controversial. No matter what browsers I suggest, people will always say that I should’ve considered a different one or shouldn’t have listed one I did. To see my criteria for why I selected these browers to list, check here. In the interest of transparency, I do want to acknowledge that both Brave and Mozilla have made questionable decisions. Brave’s criticisms mostly revolve around their use of BAT, a cryptocurrency they developed to allow site owners and content creators to get paid based on visits and time spent on their site. You can read more about that here. Such decisions included collecting payments on behalf of a creator who claims he never got paid and injecting affiliate links into browser traffic so Brave made more money. These situations have since been corrected. For Mozilla’s shortcomings, they regularly draw criticism for making their analytics opt-out rather than opt-in, making Google the default search engine, and paying their CEO over $3 million USD per year while struggling to be financially solvent. I also want readers to be aware that Firefox has been found to be issuing a temporary, one-time tracker that shares some data with Google when you download and install the program for the first time on Windows or Mac, so if you go this route I suggest you turn off your internet during the installation until you have a chance to disable analytics (discussed below).
While I don’t think there is a perfect solution in this space, I personally recommend Brave for most people. It is the most Chrome-like so most users will find the transition easy, using the Chromium engine will make you “blend in” more with other chrome users, and it is extremely privacy-friendly “out of the box” without having to make a lot of advanced tweaks. Having said that, a lot of people feel very strongly about Brave as a company, the BAT token, and the idea of giving Google too much power by having too many users dependent on the Chromium engine. Therefore, I will leave it up to my readers to decide which company they consider to be more ethical and which browser is right for their needs. If you still find yourself on the fence, it’s worth noting that Chromium-based browsers tend to have better security, however as long as you’re using good online habits the difference should be minimal for most casual web users (Source).
If you decide to go with Brave, you don’t need to add any additional extensions (except for the ones in the next paragraph if you decide). If you decide to go with Firefox, you should install uBlock Origin, a powerful, lightweight ad- and tracker-blocker. Malicious, fake ads designed to scam you or trick you into downloading malware (called “malvertising”) has become such a serious problem that even the FBI recommends that you use an ad-blocker. Officially, uBlock Origin is ready for use “out of the box.” However, there are a couple of filters I recommend enabling in the “Filter lists” tab of the settings to improve the protections and convenience it has to offer. I recommend enabling every filter under the “Privacy” section, and every filter except for “EasyList - Notifications” under the “Annoyances > EasyList - Annoyances” section. Under the privacy section, these filters will block website’s attempts to probe your local network and strip the tracking portion of links when you go to share them. The Annoyances filters will block various pop-ups that you may frequently encounter on various websites including newsletter join forms, cookie consent banners, chat bots, social media share suggestions, and more. You may feel tempted to add other filters. This is personal preference, but beware that adding additional filters may cause breakage on some websites. Furthermore, some people suggest that blocking additional content that other users are not blocking may make you easier to fingerprint.
There are two additional extensions that I think are worth adding if you feel so inclined. The first is your password manager’s official extension. Many password managers offer browser extensions to help make logging in easy and safe. There are numerous advantages to these, like protection against phishing and keyloggers, and as such I consider these okay to install if you want to. The other is Snowflake (this is optionally included in Brave, see the recommended settings below). This is a project to help certain internet users in foreign, repressive countries bypass censorship. This should not cause any kind of legal risk to you. Both of these extensions are optional, but I believe they are safe to use.
I strongly advise against installing any other extensions unless absolutely necessary. The more extensions you install, the more easily your browser can be fingerprinted, making it easier to track you across the web despite any other privacy-enhancing changes you make to your browser or browsing habits. They also present a serious security risk as extensions typically have advanced privileges that allow them to modify the web page, read data, and other necessary functions that could be abused for malicious purposes.
- Show autocomplete in address bar: disabled
- Always show full URLs: enabled (1)
- Social media blocking: disable all
- Privacy and security:
- Allow privacy-preserving product analytics (P3A): disabled
- Automatically send daily usage ping to Brave: disabled
- Clear browsing data: On exit: check all (2)
- Cookies and other site data: Clear cookies and site data when you close all windows: enabled (3)
- Security: Always use secure connections: enabled
- (Skip this setting if using a VPN) Security: Use Secure DNS: With a DNS provider from this list.
- Private window with Tor: disabled
- Volunteer to help others connect to the Tor network: enabled (this is a built-in integration of the Snowflake extension discussed above)
- Content filtering: Easylist-Cookie List: Enabled
- Hangouts: disabled
- Additional settings:
- Autofill: disable all (2)
1: This allows you to see the full URL and help defend against phishing attacks.
2: There is malware capable of swiping data stored in your browser, including history and saved passwords, credit cards, and even multi-factor authentication cookies. You can choose to leave cookies and other sign-in data and history if you want, but know that it is a security risk.
3: This will sign you out of everything and reset any settings. See Note 2 for more information.
- After downloading but before installing, disconnect from the internet.1
- (Skip this setting if using a VPN.) General: Network Settings: Enable DNS over HTTPS: Custom: Select a DNS provider from this list.
- Home: Firefox Home Content: Shortcuts: Sponsored Shortcuts: uncheck
- Home: Firefox Home Content: Recommended by Pocket: Sponsored Stories: uncheck
- Search: Default Search Engine: Pick a privacy-respecting search engine.
- Privacy & Security: Enhanced Tracking Protection: Strict2
- Privacy & Security: Cookies & Site Data: Delete cookies and site data when Firefox is closed: checked3
- Privacy & Security: Logins and Passwords: uncheck all3
- Privacy & Security: Forms and autofill: uncheck all3
- Privacy & Security: History: Never remember history
- Privacy & Security: Address Bar - Firefox Suggest: Suggestions from the web: disabled
- Privacy & Security: Address Bar - Firefox Suggest: Suggestions from sponsors: disabled
- Privacy & Security: Firefox Data Collection and Use: uncheck all
- Privacy & Security: HTTPS-Only Mode: Enable HTTPS-Only Mode in all windows
1: Mozilla issues a temporary, one-time tracker that utilizes Google Analytics to understand the relationship between downloads and installations. This will be disabled in later settings.
2: I have never known this setting to cause any website breakage, however you can always change it back to Standard or Custom if you do.
3: There is malware capable of swiping data stored in your browser, including history and saved passwords, credit cards, and even multi-factor authentication cookies. You can choose to leave cookies and other sign-in data and history if you want, but know that it is a security risk.
While the Mullvad Browser technically meets the criteria to be listed as an official recommendation here, I’m currently listing it as an “honorable mention” for two reasons. The first is that it’s new and untested, and the second is usability. The Mullvad Browser is the result of a collaboration between Mullvad VPN and The Tor Project (see below) and is ultimately based on Firefox. The Mullvad Browser is basically “the Tor Browser without Tor.” It attempts to make all users look the same by applying the same settings to every user, thus defeating brower fingerprinting. Furthermore, the Mullvad Browser offers a number of “hardening” features that make it more private and secure than regular Firefox. However, these changes unfortunately come at the cost of guaranteed usability, so while the Mullvad Browser is a great and recommended browser, users should expect some degree of site breakage and be prepared to use a backup browser in those cases.
LibreWolf does not technically qualify to be listed on this site because it is not capable of auto-update on Mac and Windows. However, I believe LibreWolf is still worth a mention. LibreWolf is a pre-hardened fork of Firefox, offering pre-configured improvements like no telemetry, private default search options, and it comes with uBlock Origin already installed. Truthfully, LibreWolf is out-of-the-box ready to use in terms of privacy and settings. However, there are two drawbacks.
First, you should beware that LibreWolf’s hardened settings may result in some website breakage. In my experience this hasn’t been an issue, but I also don’t use a lot of popular websites that many people do. Your results may vary. Second, as mentioned, LibreWolf does not auto-update except on Linux. You can get around this by installing the LibreWolf Updater extension in the browser. This is an unofficial extension, but it is officially recommended in the documentation, and therefore is likely safe. It will not auto-update the browser, but it will alert you every time a new version is available and make it easy for you to download it. From there you have to run in the install as if it were the first time. If this is a convenience tradeoff you’re willing to make, then consider LibreWolf.
Between the extensions and the settings changes suggested on this page, you will greatly reduce the ability of websites to track you as you go from site to site. However, it should be noted that browser fingerprinting - one of the most common forms of online tracking - is incredibly complex and ever evolving. While these changes have dramatically reduced your fingerprint, you should not assume - as with any of the advice I give on this site - that you are totally invisible or untrackable. If you want to achieve maximum privacy and/or anonymity, consider using the Tor Browser.
The Tor browser is a somewhat common daily browser among privacy enthusiasts for a few reasons. If you’re unfamiliar with Tor, check out my Tor Crash Course video. The Tor browser routes only your browser traffic through the Tor network and not all device traffic. The Tor browser also comes pre-packaged with a more advanced content blocker called No-Script which can be used to block ads, as well as many other unseen, powerful tracker-blocking features. The Tor browser also isolates each tab and changes your relay path with every new website you visit to help further protect your anonymity. Using the Tor Browser as your main browser is a great idea, but keep in mind that many legitimate websites such as banking and e-commerce sites block known Tor addresses to prevent abuse and fraud, so you’ll want to keep a copy of Brave/Firefox installed for when that happens. Additionally, using the Tor Browser in a truly, 100% anonymous way is incredibly difficult and requires very intentional browsing habits, so don’t do anything illegal. Finally, because all nodes are volunteer-run and therefore work on an “honor system,” be sure to check that any site you login or transfer personal data across is using HTTPS (the lock icon at the beginning of the address bar) and is the actual site and not a fake phishing site designed to look like the real thing.