Online Privacy & Security

The 7 Best Private Browsers in 2020: How to Browse Privately

Callum Tennent
Updated

Even with a VPN, using the wrong browser puts your privacy and security at risk. Learn about the dangers of browser fingerprinting and find out how to stay safe with these seven privacy-first browsers.

Illustration of two characters choosing a private and secure web browser.

Using a good VPN is one of the most important steps you can take to protect your online privacy. Even so, it’s only one part of the puzzle.

Even with a VPN, your browser can build a digital fingerprint that advertisers and authorities use to track you online. Without the appropriate protection, your identity, browsing history, and sensitive personal data will be exposed.

This guide will highlight an important concept for those seeking privacy and anonymity online: your browser is usually the weakest link.

We’ve tested dozens of the most popular browsers to find the best private browsers on the market. In the next few chapters, we’ll cover which browsers to avoid, which extensions to download, and which browsers are best for your online privacy.

You’ll learn how to configure your browser and exactly what you can do to limit your online footprint.

Why Do I Need a Private Browser?

Illustration showing data collection, webrtc leaks, cookies, scripts. and browser fingerprinting.

Your choice of browser will have a huge impact on your online privacy and anonymity. Using the wrong browser will put you at risk of:

    • Data collection. Despite the claims from some VPN companies, your IP address is not the only way you are tracked online. Even when your VPN is active, your browser could be sending your activity data straight into the hands of Google, Apple, Microsoft, and hundreds of third-party advertisers.

 

    • IP address leaks via WebRTC. WebRTC — a browser-based technology used for real-time communication like audio, video, and live streaming — can also leak your IP address if not configured properly. WebRTC is enabled in most browsers by default. You can learn more about WebRTC leaks in our guide to VPN leaks.

 

    • Cookies & tracking scripts. Cookies and tracking scripts are another risk which most standard browsers won’t protect you from. These cookies can be used to follow you and record your behaviour as you travel from site to site.

 

  • Browser fingerprinting. Even if you’ve blocked third party trackers and hidden your IP address with a VPN, most browsers can still reveal information about your unique settings to every page you visit. This information is used to build a digital fingerprint which advertisers and authorities can use to track your movements. You can learn more about browser fingerprinting later on in this guide.

All of this information is sold amongst advertising companies and used to build a personalized profile of you, your interests, and your behaviour. It is incredibly easy for authorities to get their hands on this data if they so wish. If you apply for a job at Apple, it might even impact your employability.

The Problem With ‘Normal’ Web Browsers

Advertisers, governments, tech companies, and even criminals can collect a range of sensitive data from an unprotected browser over time. This includes, amongst many other things:

  • Account details
  • Autofill information
  • Purchases made
  • Messages sent
  • Websites visited
  • Videos watched

While it’s well-known that your data is bought and sold by hundreds of secretive companies, it’s less clear to the average user exactly who these organisations are, what information they store, and who they share it with.

There’s nothing wrong with allowing a company to access your data to perform a service. However, most of this data is collected by tracking scripts and cookies without people’s knowledge or consent. Often, companies justify this practice with services that users may not even want or use.

There is a significant risk that your data will be misused, abused, or shared without your consent.

Third-party data brokers use this information to create billions of user profiles with thousands of data points per person. These profiles are then sold and used for advertising, changing the terms of loans, informing insurance premiums, restricting services to certain demographics, and much more.

Many brokers maintain what is essentially a comprehensive shadow profile of unwitting consumers. Reams of personal data are also flowing to political parties attempting to influence voter behaviour, as well as intelligence agencies tracking potential suspects.

Browser cookies and trackers are a major part of this infrastructure. Most websites rely on them in order to serve custom content and ads, and much of the resulting data is up for sale.

Of course, there are inherent risks involved in the collection, storage, and sale of consumer data on such a large scale. More than anything, it infringes on an individual’s right to know and control the information stored about them.

Fortunately, a properly-configured private browser combined with a VPN is the first step towards taking back control of your online privacy. To find out which private browser to choose, you can skip straight to our best private browser recommendations.

What’s the Difference Between a Private and a Secure Browser?

Illustration describing secure, private, and VPN browsers.

1. Secure Browser

A secure browser will protect you from targeted attacks and malware. It might stop a dedicated attacker from stealing your account details or cookies, but it will not stop you from leaving a trail of data behind your online activity.

Google Chrome, for example, is a browser that is secure but not private.

2. Private Browser

A private browser is designed to limit the information you leave behind. A private browser will not send your information back to a large tech company or government, and will include several measures that make it harder for you to be singled out or tracked online.

Transparency and versatility are central to a good private browser. Open-source software — which allows the public to inspect the browser’s behaviour — is a must-have.

However, open-source software and smaller development teams means the software behind some private browsers can be updated less frequently, leaving more room for security vulnerabilities.

Iridium is an example of a browser that is private but less secure.

3. VPN Browser

There are a few browsers that brand themselves as “VPN browsers” — the most popular being Opera.

So-called “VPN browsers” are normally proxies, not full VPNs — which means they don’t offer the best levels of protection. You can learn more about the difference between these two tools in our VPN vs. Proxy guide.

There are no regulations for what can or cannot be called a VPN browser, so you shouldn’t assume a VPN browser offers you privacy.

The Opera browser is a good example. It is a “VPN browser” that undermines your privacy by giving up your data to a large array of third parties including Facebook and Google. You can learn more about the dangers of Opera later on in this guide.

Generally speaking, any product marketing itself as a “VPN Browser” will not be the most effective solution. If you’re seeking privacy, combine a trusted VPN with a truly private browser.

7 Best Browsers for Privacy in 2020

Illustration of two characters awarding medals to the best private browsers.

Using the right privacy-focused browser can go a long way in protecting you from online tracking, WebRTC leaks, and browser fingerprinting.

There isn’t a single best privacy browser, though, because privacy needs and preferences will differ between users.

All of the private browsers we recommend here are open-source. They offer minimal-reliance on big tech companies, custom settings, and active protection against online tracking.

1Mozilla Firefox: Best ‘Mainstream’ Private Browser

Mozilla Firefox Icon

  • The most private ‘mainstream browser’.
  • Includes protection against third party trackers.
  • Completely open-source.
  • Receives frequent security updates.
  • Needs some configuration for optimal privacy.

Once configured properly, the Firefox browser is the best option on the market in terms of performance, ease-of-use, and privacy. You can see the Firefox privacy policy here.

There are two great things about Firefox. The first is that it is completely open-source. The second is that it is highly customizable.

Because it is open-source, Firefox forms the basis for lots of other privacy-focused browsers. You can also inspect the code to make sure that Mozilla is honest about the way the browser behaves.

Unlike Chrome, Opera, or Microsoft Edge, Firefox lets you customize its privacy settings to exclude all telemetry (sending data back to Mozilla) and third-party add-ons. This means even the standard version of Firefox is a potentially great private browser.

Recently we’ve seen some VPN extensions suffer WebRTC leaks in Firefox. See our advice for solving this further down the page.

How to Optimize Firefox for Privacy

The most important thing to remember when using the basic version of Firefox is that you optimize your settings for privacy.

The first and most important change you need to make when optimizing Firefox for privacy is to disable telemetry — the setting which allows your browser to send technical data back to Mozilla.

Firefox has an interactive development process which uses feedback from users and includes experimental builds like Firefox Nightly and Firefox Developer Edition. These are great if you want to help contribute to Firefox’s development, but they aren’t private.

To disable telemetry in Firefox:

 

  1. Select the preferences or settings menu in the top right hand corner of your screen.
  2. Navigate to Preferences >Privacy & Security > Firefox Data Collection and Use.
  3. Uncheck every box in this section.
Screenshot of Firefox telemetry settings.

How to disable Telemetry in Firefox.

Firefox also has a feature which can block trackers, cookies, fingerprinters and cryptominers, called Enhanced Tracking Protection.

To enable Enhanced Tracking Protection in Firefox:

 

  1. Select the settings menu in the top right hand corner of your screen.
  2. Navigate to Preferences > Privacy & Security > Enhanced Tracking Protection.
  3. Choose your protection mode: strict, standard, or custom.

In our experience the ‘strict’ mode will break some webpages, but is generally quite stable.

Screenshot of Firefox Browser tracking protection.

How to enable tracking protection in Firefox.

If you encounter a problem, you can always disable content blocking for specific sites by pressing the “shield” symbol to the left of the URL bar.

You can also change your default search engine from Google to a more private alternative.

To change your default search engine:

 

  1. Select the settings menu in the top right hand corner of your screen.
  2. Navigate to Preferences > Search > Default Search Engine.
  3. Choose your preferred search engine from the drop-down menu.
Advanced Firefox Privacy Settings

Finally, there are some important advanced settings that can be accessed in Firefox’s advanced preferences menu.

To change these settings, just type about:config into your address bar. Press enter and then click “I accept the risk!”

This will take you to Firefox’s advanced configuration menu.

Search for the name of the preference you’d like to change and simply double-click on it to change from True to False or vice versa.

Screenshot of Firefox's advanced configuration menu.

Firefox’s advanced configuration menu.

Here is a list of the most important advanced Firefox privacy settings:

Preference Name Set To Effect
media.peerconnection.enabled FALSE Disables WebRTC — a real-time communication protocol that can leak your true IP address.
privacy.resistFingerprinting TRUE Enables Firefox’s native fingerprint protection.
privacy.trackingprotection.fingerprinting.enabled TRUE Enables additional fingerprint protection.
privacy.trackingprotection.cryptomining.enabled TRUE Provides extra protection against cryptominers.
privacy.firstparty.isolate TRUE Enables first-party isolation. This means cookies, cache, and much more are prevented from tracking you across multiple domains.
privacy.trackingprotection.enabled TRUE Enables a filter list to block known third-party trackers.
geo.enabled FALSE Firefox uses Google Location Services to find your location. In the process, it sends it your IP address, client identifier, and information about nearby WiFi networks. You can turn this off entirely by selecting false.
media.navigator.enabled FALSE Prevents websites from tracking information about your camera and microphone, which is used in fingerprinting.
network.cookie.cookieBehaviour 4 This setting runs from 0 to 4 and controls the browser’s cookie policy. Setting it to 0 would allow all cookies. The highest level of protection, 4, enables New Cookie Jar.
network.cookie.lifetimePolicy 2 This setting controls how long cookies are stored. Set this to 2 to delete cookies at the end of each session.
network.dns.disablePrefetch TRUE Prevents Firefox from prefetching DNS. Prefetching DNS can speed up load times but has some small privacy risks.
network.prefetch-next FALSE Prevents Firefox from prefetching pages it thinks you might visit. This has similar privacy risks to prefetching DNS.
webgl.disabled TRUE Disables WebGL. WebGL can be used in advanced browser fingerprinting techniques, and also represents a potential security risk.
dom.event.clipboardevents.enabled FALSE Prevents websites from knowing when you copy, cut, or paste content.
media.eme.enabled FALSE Disables DRM-controlled HTML5 content.

2Firefox Focus: Best Private Mobile Browser

Firefox focus icon.

  • Stripped-down mobile browser.
  • Fast without demanding much from your processor.
  • Includes advanced security options.
  • Clears cookies and history after each session.

Mozilla has been working on its mobile Firefox apps for a while now, and Firefox Focus is the result. Firefox Focus is tailored towards ad-blocking and tracking prevention by default. It’s also really easy to use.

You’ll find a comprehensive set of privacy options including the ability to block trackers of different kinds, block fonts, disable JavaScript, and even customize what kind of cookies are blocked.

The app can be set to block screenshots and obscure your browser’s contents when you switch between tabs. You can even set it to unlock with your fingerprint.

If you want to delete the history and cookies from your current session you simply press a trash-can symbol at the bottom of the page.

Firefox Focus only lets you have one tab open at a time, which means the browsing experience is quite different from what you might be used to. Because it is so stripped down, Focus also allows for a very fast browsing experience.

Overall, Firefox Focus offers a focused experience with great privacy — but you might not want to use it all of the time.

How to Optimize Firefox Focus for Privacy

By default, Firefox Focus has telemetry turned on. You should navigate straight to the settings to turn it off.

While you’re there, customize the level of privacy to your preferences. As you’ll find with any super-private browser, turning all of the protections on has a habit of breaking some websites or making them display strangely.

3Waterfox: A Reliable Firefox Alternative

Waterfox container logo

  • Based on Firefox source-code.
  • Close to the core Firefox feel.
  • Telemetry stripped out and honed for privacy.
  • Compatible with Firefox extensions.
  • Receives less frequent security updates than Firefox.

An alternative to optimizing your Firefox browser’s settings is to use a ‘Firefox fork’ — a browser separated from Firefox’s open-source code at some point in its development history. There are multiple Firefox forks which exist to maximize user privacy.

Other popular Firefox forks include Pale Moon, IceCat, and Basilisk.

Pale Moon and Basilisk both come with their own drawbacks, so we’ve focused on Waterfox for this list.

Waterfox doesn’t receive updates at quite the same rate as core Firefox, which means it isn’t always quite as secure as its fiery cousin.

However, Waterfox is optimized for privacy by default, which makes it an excellent choice if you don’t want to change Firefox’s settings yourself. Waterfox is fully customisable, supports legacy plug-ins, and has telemetry, data collection, startup profiling and sponsored tiles removed automatically.

Waterfox does send back your OS and browser version to check for updates, but this shouldn’t be a concern for most users.

4GNUzilla IceCat: Built Entirely from ‘Free Software’

GNUzilla icon

  • Based on Firefox source-code.
  • Built from free software.
  • Optimized for privacy.
  • Sacrifices performance.
  • Only available for Linux.

Built on the principle of ‘free software’, IceCat is a part of a full rework of the Mozilla suite which prioritizes privacy and transparency.

Because of its commitment to free software, IceCat is only available for Linux. This means it isn’t an option for Windows or MacOS users.

IceCat has been developed based on an ethical commitment to making and using software which is free for anyone to inspect, edit, and reproduce, even at the expense of utility.

It comes with several add-ons designed to maximize your privacy, including HTTPS Everywhere, SpyBlock and Fingerprinting Countermeasures. These ensure your connection to websites is secure whenever possible, and prevents third party tracking and even fingerprinting.

IceCat also comes with LibreJS, an add-on designed to prevent proprietary javascript from running in your browser and extracting data without permission.

Because IceCat is not just Open Source but also free, you can inspect all elements of its code and even modify it to suit your preferences. You can also be sure that all future versions or variants of the browser keep the same commitment to transparency.

5The Tor Browser: Fully Anonymous Browser

Tor Browser icon

  • Grants access to the anonymous Tor Network.
  • Requires some technical knowledge to use properly.
  • Built on Firefox.
  • Much slower than alternatives.
  • Not effective for torrenting or streaming.

The Tor browser is a modified version of Firefox which grants you access to the Tor Network and comes optimized for your privacy and anonymity.

The Tor network has some similarities to a VPN. Unlike a VPN, however, it is decentralized — so you never have to trust a private company with your data.

If you aren’t careful with Tor you can risk undermining your anonymity and leaving yourself vulnerable to direct criminal or government surveillance.

In addition, the Tor network can be quite a bit slower than using a simpler privacy-focused browser.

When used correctly, Tor is the best option for complete online anonymity. That said, we recommend doing some research before using Tor to make sure it is the right choice for your privacy. You can find full details about the Tor Browser in our Tor vs. VPN guide.

How to Stay Anonymous When Using Tor

Using Tor correctly isn’t difficult, but it isn’t always intuitive. It has two big weaknesses:

  1. A tendency to leak identifiable information when not used properly.
  2. Public exit nodes which can eavesdrop on your traffic.

To maintain your anonymity, follow these basic steps:

  • Never log in to social media or email accounts that are associated with your internet use outside of Tor.
  • Don’t post details about your real-life identity.
  • Always use secure HTTPS sites.
  • Don’t use mobile two-step verification.
  • Never torrent on the Tor Browser. This risks IP address leaks, but also drastically slows the network for everyone involved.
  • Stay away from Google (alternatives include DuckDuckGo, Searx.me, Qwant, and Start Page).

If you’re extremely privacy conscious it is also recommended that you avoid full-screen. When your browser window is fullscreen it can reveal information like your screen resolution and size, which distinguishes your session from other Tor users and can help with browser fingerprinting.

6Brave Browser: An Alternative Approach to Advertising

Brave browser icon.

  • Reimagines online advertising.
  • Built on Chromium.
  • Completely free and open-source.
  • Includes anti-tracking technology.
  • Not the most private browser available.

Built by the developer of JavaScript after he left Mozilla, Brave is a privacy-focused browser that aims to rework traditional online advertising.

Normal adverts and trackers are blocked by default. Instead, Brave shows its own advertisements and rewards users with its own native cryptocurrency called BAT. If you want to claim these rewards you will need to supply an email address.

These adverts are customized based on your browsing history, which is stored locally in the browser, not sent back to Brave. For true privacy enthusiasts, even this local storage might overstep the mark.

The Brave browser also has its own customizable “shields” system, which allows the user to quickly toggle security and privacy measures such as script blocking, device recognition blocking and cross-site cookie blocking.

Brave is free and open-source, which is encouraging from a transparency perspective. You can see the source code on Github.

Brave isn’t without controversy though. The browser’s foundation is in Google Chromium — the open-source project behind the Google Chrome browser and Google Chrome OS. This is a point of anxiety for many users.

Being based on Chromium comes with some privacy downsides. It isn’t possible to disable WebRTC, for instance. While Chromium is open-source now, there is no guarantee it will continue to be in the future.

Unlike most of the other browsers on this list it is also produced by a company looking to make money from advertising, not a group of volunteer privacy enthusiasts. Brave automatically pockets 15% of the revenue from its ads — we’ll let you decide whether this undermines the project or not.

Brave collects some anonymized information about its users, and this cannot be turned off. It claims this information isn’t telemetry, but the lack of user control is concerning from a privacy perspective.

If you buy into its vision for advertising and trust the company to deliver on it, Brave could be a good choice. However, if privacy is your main point of concern, there are better options.

How to Optimize Brave for Privacy

Brave can be a secure, privacy-focused browser if you avoid its advertising arm. Even if configured properly, it is still not as effective as browsers based on Firefox.

If you’re concerned about privacy then stay away from the BAT reward feature — it’s turned off by default and we recommend you keep it that way.

If you’ve already turned the rewards system on, it’s easy to turn off by clicking the triangular ‘rewards’ button in the top right hand corner of the browser.

Screenshot of Brave browser rewards settings.

How to disable Brave’s rewards feature.

7‘Ungoogled’ Chromium: the Closest Option to Google Chrome

Chromium browser icon.

  • Built on Chromium, which is open-source.
  • All connections to Google removed.
  • Very similar feel to Chrome.
  • Compatible with Chrome add-ons.
  • Semi-frequent security updates.

Ungoogled Chromium is exactly what it sounds like: Google Chrome with every possible bit of Google taken out or turned off.

The Chromium Projects are the open-source projects behind the Google Chrome browser and Google Chrome OS. While they are open-source, they are still made by Google.

Chromium browsers send information back to Google by default. Even with ‘Ungoogled’ Chromium, it is hard to confirm that this feature has been turned off completely.

Ungoogled Chromium gives you access to add-ons designed for Chrome. While this is useful, it’s worth remembering that more add-ons make your browser easier to identify. In addition, every add-on you install is a potential way for Google and other third parties to collect your data.

In short, only use add-ons you completely trust. You can learn more about browser add-ons and extensions later in this guide.

There are also other Chromium based browsers to consider including Iridium. Iridium has a similar set of goals to Ungoogled Chromium, but is generally updated less frequently.

Best "VPN Browsers"

VPN browser logos

There are a few browsers that claim to have full VPN capabilities.

As we’ve mentioned previously, these so-called ‘VPN browsers’ are normally glorified proxies, not full VPNs — which means they don’t offer the best levels of protection.

There is no strict definition for what constitutes a VPN browser, so you shouldn’t assume they offer you privacy. We’ll cover the most popular options below.

  1. The most popular ‘VPN Browser’ is probably the Opera browser. Despite its popularity, Opera is neither a proper VPN nor is it particularly private. We recommend avoiding the Opera browser where possible. For more details on exactly why, you can skip to our chapter on popular browsers to avoid.
  2. Tenta Browser is another “VPN browser” that’s only available on Android. Tenta isn’t fully open-source, which is worrying for a browser that sells itself on privacy. The free version of Tenta isn’t a full VPN, although Tenta do sell a “pro version”, which is. It has a firm no-logs policy and is kept up to date from a security perspective, which are both positives.
  3. Epic is the third well-known ‘VPN browser’. Epic is closed-source, so it’s hard to know exactly what it does with your data. Like Opera and Tenta it only runs as a proxy, not as a full VPN.

    Epic is also based in India, with servers in the US – neither of which are good jurisdictions for privacy. It is based on Chromium, and there is some evidence that it still sends your information back to Google.

We can’t fully recommend using any of these browsers. At the very least, you should use them with caution.

We look forward to the arrival of a well-made, transparent, and effective VPN browser. Until then, the term “VPN Browser” is a marketing statement more than anything else.

If you want a lightweight VPN within your browser then the best option is to use a trustworthy VPN add-on, although these are also often proxies. We’ve written guides to the best VPN add-ons for Chrome and Firefox.

If you’re looking for a private browsing experience that includes a VPN, our advice is to avoid “VPN Browsers”. You should be running a full, trustworthy VPN alongside a properly configured privacy-first browser.

5 Popular Web Browsers to Avoid

illustration of a character avoiding dangerous browsers.

Some of the most popular browsers on the market are also the most invasive. If you’re looking to browse privately, avoid the following browsers at all costs:

1Google Chrome

Google Chrome icon

Google Chrome is the most popular browser in the world. It might be easy to use, but if you care about your privacy at all then you should not use Google Chrome.

Google makes money through personalised advertising. This requires huge amounts of data in order to target the right people with the right adverts. Chrome is a key source of this data, and it keeps a record of pretty much everything you do, even in Incognito Mode.

The biggest problem with Chrome is that it forms part of the wider Google ecosystem in which a huge amount of your data is subject to observation and logging. You can find the worrying details for yourself in the Google Chrome privacy policy.

“Sync” is the setting responsible for integrating most of your data. If you’re logging into a Google Account it will be on by default and will save all of this information to Google’s servers:

  • Browsing history
  • Bookmarks
  • Passwords and Autofill information
  • Browser settings and extensions

You can choose whether or not to use sync. However, even when it has been turned off, Google’s surveillance remains extensive. Google’s eyes are everywhere: in Google searches, in your email, on YouTube, in third-party services and in analytics on almost every website you visit.

With Google Chrome, it’s harder than any other browser to maintain your privacy.

Google’s company-wide privacy policy states that they collect data to improve their services:

“We collect information to provide better services to all our users — from figuring out basic stuff like which language you speak, to more complex things like which ads you’ll find most useful, the people who matter most to you online, or which YouTube videos you might like.”

Most of this is worded like data collection is an act of benevolence, but the truth is that it’s an advertising company that can make more money by leveraging the data of its user base. In short, Google is absolutely relentless about collecting data from you in any way it possibly can.

Even when you aren’t signed into a Google Account, Google uses unique identifiers tied to your browser and device. This is supposedly to maintain features like language preferences, but in reality, it simply allows Google to track you even when you aren’t signed in.

Whether you’re signed into your Google account or not, Google can collect the following data across all of its platforms:

  • Browser type & settings
  • Device type & settings
  • Operating system
  • Mobile network name
  • Phone number
  • IP address
  • System activity
  • Purchases
  • Date & time of interaction
  • Search terms
  • Videos you watch
  • Voice and audio (from audio features)
  • A list of the people with whom you communicate and share content
  • Activity of third-party sites or apps that use Google services*
  • Google Chrome browsing history
  • Call & message logs from Google Services

*Includes any website using Google apps or files hosted in Google Hosted Libraries.

All of this data is collected across platforms and analysed to detect “spam, malware and illegal content”. It is then used to serve highly detailed and personalised adverts. You can see just how long Google keeps all of this information here.

Google also uses this information to develop its translation program and voice recognition software, amongst other projects.

How to Download Your Google Data

  1. Click on your user profile and select ‘Manage Your Google Account’.
  2. Select the ‘Data & Personalization’ window on the left.
  3. Scroll down to ‘Download or Delete Your Data’.
  4. Select ‘Download Your Data’ and follow the instructions.
screenshot of google preferences for downloading user data

How to download your Google profile data.

If it wasn’t already clear, we recommend you avoid Google services as much as possible. this is especially true of the Google Chrome browser.

2Microsoft Internet Explorer & Microsoft Edge

Microsoft Edge Logo

Since the advent of Edge, Microsoft has done a good job of modernizing its browser’s performance and user interface — if not its privacy features or customization options.

Microsoft’s data gathering practices don’t compare to Google’s, but it still isn’t a safe haven for your data.

Edge stores information about your browsing habits in the cloud, as well as other information like passwords and form entries. That said, it also offers simple instructions on how to view and purge this data.

Microsoft Edge also has some integrated DRM (Digital Rights Management) technology, which automatically detects media licences on your device and stops you accessing content if these licenses are absent. This is unnecessary and intrusive from a privacy perspective.

There is also some minimal and ineffective anti-tracking technology in place.

As a company, Microsoft has done very little to earn the trust of its users when it comes to privacy.

3Safari Browser

Safari browser logo

Safari offers some protection compared to Chrome and Edge, but it is still not a good choice for privacy.

Safari blocks third party cookies by default and also has some protection against cross-site tracking. While these are both useful tools, they do not make Safari a safe private browser.

There are several reasons why you should not trust Apple with your data. Firstly, Apple is a partner of the NSA’s PRISM program, which means it freely hands information over to government surveillance.

It has also been caught hoarding supposedly “deleted” Safari browsing data and collecting browsing history while users were in private mode.

Apple’s privacy policy states that it gathers the following personal information from its users:

  • Name
  • Device IDs
  • IP address
  • Phone number
  • Email address
  • Mailing address
  • Contact preferences
  • Location information
  • Credit card information
  • Social media profile information
  • Information about family & friends
  • Content shared from Apple products

This information is then used when the company has “assessed it is necessary for the purposes of legitimate interests pursued by Apple”.

Screenshot of Apple's privacy policy

The full list of circumstances in which Apple uses your data includes:

  • To help create, develop and improve internal products, services, and advertising
  • For loss prevention and anti-fraud
  • Pre-screening of uploaded files for illegal content
  • To assist in age verification
  • To contact you about purchases or changes to terms and conditions
  • For internal audits, data analysis, and internal research

There are also some genuinely shocking uses:

“If you apply for a position at Apple or we receive your information in connection with a potential role at Apple, we may use your information to evaluate your candidacy and to contact you.”

This suggests that if you work at Apple or plan to work at Apple, it may use your data to surveil your activities.

This is a notable example of how important it is to insist on your privacy — at some point even basic things like your employment might depend on it.

Safari has a reputation for being more private than other browsers, and this isn’t entirely unfounded. Apple guarantees not to share your information with third parties for marketing purposes, which is more than Google does. You can also opt out of Apple’s tracking ads on all of your devices.

This doesn’t mean that third-party trackers can’t collect your data, though. Apple’s dubious internal use of your data and cooperation with the US government alone should be enough to keep you off of their devices and platforms.

If you’re using Safari we strongly recommend you download a more private browser.

4Opera Browser

Opera browser logo

Opera is built from a mixture of closed and open-source components.

Thanks to some clever marketing as a “VPN Browser”, many people think that Opera is a private browser. This isn’t the case.

Despite claims to the contrary, the Opera browser is actually just a proxy, not a VPN. It was also hacked in 2016 — exposing users’ personal information and passwords. Opera has also had some historical issues with WebRTC leaking IP addresses.

Most importantly, Opera’s privacy policy reveals a complete disregard for genuine privacy and anonymity. The privacy policy states that third parties may process user data, but gives very little information about what data is handed to third parties or how it is processed.

However, it does list the third parties involved:

This list includes several large data companies — namely Google and Facebook — as well as some no-name companies whose websites aren’t even running on HTTPS.

You cannot trust these companies with your data privacy or security. Opera’s reliance on these third-party data processors completely undermines any claims it might have to privacy.

5UC Browser

UCbrowser logo

Developed by the Alibaba Group, UC Browser is a hugely popular browser in countries like China, India, and Indonesia. It even outperforms Google Chrome in some of these markets — yet it is practically unknown to users in Europe and America.

There is plenty of evidence that UC Browser is not at all secure. While Most of the browsers on this list do dubious things with your data or share it with other organizations, UC Browser makes it easy for criminals to get their hands on it.

If you have the option, don’t use UC Browser.

Browser Extensions for Privacy & Security

Illustration showing the advantages and disadvantages of browser extensions.If your browser doesn’t include native privacy protections like script blocking or third-party tracker protection, there are lots of free, trusted extensions that can help you achieve a similar goal.

There are some browser extensions you can’t trust. This includes Adblock Plus, which takes money from websites to put them on a whitelist.

All of the add-ons that we recommend are transparent, community-maintained, or developed by organizations like the Electronic Frontier Foundation, which aren’t run for profit. This means you can trust them not to sell your data or invade your privacy.

If you want to use a VPN browser extension, take a look at our top picks for Chrome or Firefox.

There is no perfect model for online privacy, so you need to work out the best approach for you.

Consider downloading the following extensions:

Extension Name Function
uBlock Origin uBlock Origin doesn’t just block ads, it blocks trackers and malware sites as well. It is easily accessible for non-tech savvy users, and makes your browsing experience safer and more private.
HTTPS Everywhere Maintained as a collaboration between the Tor Project and the Electronic Frontier Foundation (EFF), this extension pushes sites to use HTTPS wherever possible.
Privacy Badger Another extension developed by EFF, Privacy Badger identifies invisible trackers and blocks them automatically. It’s designed to be as easy as possible for the user, and will block non-consensual trackers without the need for any manual configuration.
Decentraleyes It’s not unusual for websites to include files hosted by third-party CDNs (Content Delivery Networks). Because websites rely so heavily on these resources, many pages won’t display correctly if they are blocked. Decentraleyes helps you avoid these third-parties while preventing these pages from breaking.
Cookie AutoDelete This extension will automatically deletes cookies whenever you close a tab.
uMatrix uMatrix is a firewall that allows you to switch every kind of connection your browser makes on a webpage on or off. This includes Javascript, cookies, and plug-ins.
NoScript This is a Firefox extension that prevents Javascript, Java, Flash, and other plug-ins from running unless you are on a trusted website. This add-on makes Firefox more private and secure, and is endorsed by the likes of Edward Snowden.
Chameleon Developed for Firefox, Chameleon is an open-source user-agent spoofer that gives websites and trackers random information to make it harder for them to track you between different websites.
CanvasBlocker This extension blocks Javascript APIs, one of the many ways websites can identify you through your browser. It’s worth noting that blocking some APIs may make you stand out from the crowd even more than allowing them.
Trace Trace is designed to fight against a variety of advanced fingerprinting techniques based on audio, WebGL, WebRTC, user-agent tracking, hardware fingerprinting, and much more.

Browser extensions can help protect your privacy if chosen correctly. It’s important to be aware of the following safety tips:

    1. Be careful which extensions you choose. Browser extensions downloaded from an unreputable source or developer can be loaded up with spyware and data collection scripts. Always do your research before downloading a browser extension — particularly a free one — even if they have a high rating.

 

  1. Don’t overload your browser with extensions (even good ones). The more add-ons or extensions you install, the easier it becomes for third parties to identify you online. This is because of a process called browser fingerprinting, which we cover in more detail in the next chapter. In short, the more customized your browser gets, the more you’ll stand out from everyone else online.

The best compromise is to choose one trusted extension for each element of privacy that is most important to you. This could mean one extension to block adverts, and another to block tracking scripts or CDNs.

Try not to pick extensions with overlapping utilities, and stick to two or three in total.

If you have lots of different privacy priorities, a useful approach might be browser compartmentalization, which we will cover in detail later in this guide.

Firefox WebRTC leaks

Following the most recent update of Firefox, 73.0, we’ve noticed many VPN providers having difficulty preventing WebRTC leaks in their Firefox VPN browser extensions.

At the very least, this issue has effected:

  • HideMyAss
  • Hotspot Shield
  • Private Internet Access
  • Tunnelbear
  • Windscribe

At the time of writing, the only VPNs we’ve seen without this issue are ExpressVPN and NordVPN.

Thankfully, disabling WebRTC in Firefox is quick and easy:

    1. In the navigation bar at the top of your browser, enter about:config

Screenshot of about:config, entered into the Firefox search bar

    1. Click I accept the risk!
    2. In the new Search bar, enter media.peerconnection.enabled

Screenshot of the media.peerconnect.enabled in the Firefox config menu

  1. Set the Value to False by double clicking on it.

Screenshot of disbling webrtc in firefox

What Is Browser Fingerprinting?

Your device provides the websites you visit with detailed information about your operating system, browser, and hardware. Together, this information can be used to create a unique “fingerprint”. The use of this data to identify and track users is known as browser fingerprinting.

Authorities, advertisers, and trackers can use browser fingerprinting or “device fingerprinting” techniques to to trace your activity across the web.

Illustration of a thumbprint, demonstrating browser fingerprinting.

Most of the information included in your browser fingerprint is innocuous. However, when this information is put together it can be used to identify you with worrying precision. Once assembled, your digital fingerprint is consistently accurate.

With recent developments in cross-browser fingerprinting, the technique is now capable of successfully identifying users 99% of the time. That means even if you were to employ multiple privacy precautions — including using a VPN and blocking cookies — trackers can still use your fingerprint to re-identify and re-cookie your device whenever you visit a website.

Audio fingerprinting is another emerging fingerprinting method, which tests the properties of your machine’s audio-stack to provide yet more identifiable information.

If you don’t take any measures to obscure it, your browser fingerprint will include:

  • Device type
  • OS name & version
  • Browser name & version
  • Engine name & version
  • IP address
  • Geolocation
  • ISP
  • System date & time
  • Canvas fingerprint
  • Language
  • Speaker configuration
  • Number of microphones
  • Number of Webcams
  • Graphics card name & driver
  • CPU build
  • Battery Status
  • Device motion
  • Device pointing method
  • Number & names of fonts on device
  • Browser extensions
  • Whether or not Cookies are enabled
  • If tracking protection is present
  • If WebRTC is enabled
  • Information about WebGL
  • Screen resolution and orientation
  • Browser window size
  • Whether the browser is logged into popular websites*
  • Information from Flash, JavaScript, and Active X

*Includes Amazon, Craigslist, Dropbox, Expedia, Facebook, Github, Google, YouTube, Instagram, PayPal, Pinterest, Spotify, Tumblr, Twitch, Twitter, VKontakte.

Once cross-referenced, all this information can be brought together to form a unique profile of every web user.

You can visit deviceinfo.me for a full rundown of all of the information that websites and the cookies they load can see about you.

How to Prevent Browser Fingerprinting

If you want to be truly anonymous online, you want to look like as many other users as possible.

Websites like AmIUnique or Panopticlick can give you an idea of how unique your fingerprint is.

These services are great for getting an idea of how powerful browser fingerprinting is, but you shouldn’t use them as a definitive answer to whether or not you can be fingerprinted. They will compare your browser to a different, more outdated data sample, and will not always be 100% accurate.

Fortunately, most of the recommended private browsers mentioned in this guide include some degree of protection against browser fingerprinting. These browsers try to make you stand out as little as possible by simply denying trackers the information they desire.

It’s worth remembering that giving trackers no information at all can be even more identifiable than revealing something relatively common. In addition, every extension you install makes you stand out from the crowd a little more, and makes it easier for trackers to identify you.

For this reason, using Safari on an Apple iPhone is actually one of the best ways to beat fingerprinting, as iPhone configurations tend to be very similar. There is a clear trade-off to using an iPhone, though: you’ll be handing Apple your personal data instead.

Using a privacy-focused browser with just a few well chosen add-ons is the best method for minimising the risk of browser fingerprinting without giving up other forms of privacy.

What Is Browser Compartmentalization?

Users undermine their online privacy by repeatedly logging into multiple accounts in the same browser. This allows sites to build up a much more detailed profile of you, and even lets them relate your online browsing habits to your real life identity.

Browser compartmentalization is when you use different web browsers for different kinds of activity online. This allows you to keep different activities separate and customize each browser to different threat models.

An example setup for browser compartmentalization is:

  • Browser 1 (e.g. Firefox): logged into your online accounts. Used for accessing anything that needs a password and nothing else.
  • Browser 2 (e.g. Firefox Focus): set up do delete all cookies and history after each session. Used for general browsing.
  • Browser 3 (e.g. Tor): set up for total privacy and anonymity.

If you want the best possible privacy, consider using different browsers for different activities.

Will ‘Private Browsing Mode’ Keep You Private?

Private Browsing or ‘Incognito’ mode will change the way your browser behaves, whether you’re using Google Chrome, Firefox, Safari, or any other browser – but it will not change the way other computers behave.

Screenshot of google chrome incognito mode

When you browse in a normal window, your web browser will store data about your browsing history locally. This data includes:

  • Websites visited
  • Cookies
  • Form data
  • Download history
  • Searches
  • Cached web pages

Anyone with access to your computer and browser could stumble across this information later.

When you enable Private Browsing mode – also known as Incognito Mode – your web browser does not store this information. Some data, like cookies, may be kept for the duration of the private browsing session and then immediately discarded when the browser window is closed.

Private browsing mode stops you leaving any obvious tracks on your computer. It also prevents websites from using cookies to track your visits. However, your browsing is not completely private or anonymous when using private browsing mode.

Private browsing or ‘Incognito mode’ only affects your computer. It will not tell other computers, servers, or routers to forget your browsing history. Your Internet Service Provider (ISP) will still be able to see all of the websites you visit. If your traffic passes through a corporate or school network, your employer or school can still see your activity.

To summarise, private browsing mode will:

  • Delete your history after you finish the session
  • Delete any cookies or site data at the end of the session
  • Not save any form information to the browser

Private browsing mode will not:

  • Completely hide your activity or identity from the websites you visit
  • Hide your activity from your ISP
  • Prevent all records of your activity from being kept on your computer
  • Hide your activity from your school or employer

The main benefit of private browsing mode is that it will let you browse the internet without leaving obvious traces of your activity in the browser itself. It also lets you access websites like Google or YouTube without being logged in to your Google account.

Private mode won’t make you anonymous, and some data can still be stored on your computer.

If you want to be truly private, you should use a privacy-focused browser alongside a trustworthy VPN.

About the Author


  • Headshot of Top10VPN.com Site Editor Callum Tennent

    Callum Tennent

    Callum is our site editor and a member of the IAPP and the EC-Council's Knowledge Review Committee. He oversees all our VPN testing, reviews, guides and advice. Read full bio