Every time you use the web, or open an app on your phone, you leave a trail of breadcrumbs that can be used to check up on what you’ve been doing, and what kinds of things you’re interested in.
This record could be used to monitor the sites you’re accessing, the topics you’re interested in, your political affiliations, or the health conditions that you or your family are dealing with.
This information is stored on servers that you cannot access, yet can be combed through by a wide range of organizations.
Additionally, your web use is regularly used to inform advertising networks of your interests, empowering them to target you with advertising that can be creepy, intrusive — and downright annoying.
Sure — Firefox, Chrome, and some less common browsers like Brave have a private browsing mode. But it isn’t quite as private as they make out. For example, your browsing history is still visible to snoopers with the majority of so-called “private” browsing features, and there are elements of your identity that are still tracked with many browsers.
What exactly are the limitations, and how can you take back control of your privacy?
What is Private Browsing?
Let’s recap on what private browsing actually is, because the definition can vary pretty widely.
Private browsing describes a browser setting that disables certain features, with the supposed aim of allowing you to browse ‘incognito’. In reality, the only privacy-enhancing features tend to be on the client side – or on your computer, in other words.
So private browsing mode may prevent your computer saving a record of the sites you’ve visited. But that information’s still being gathered by your ISP.
To be clear, the efficacy of private browsing mode varies widely between different browsers. So one person’s expectations of ‘private’ browsing could be different to someone else’s.
Here’s an example of what some popular browsers block in private mode:
|Browser||What does private browsing actually block?|
|Chrome “Incognito Mode”||Form data, browsing history, cookies.|
|Firefox “Private Browsing Mode”||Form data, browsing history, cookies, downloaded file lists, passwords, and temporary files.|
|Epic default browsing mode||Advertising cookies, cryptomining scripts, autosuggest, installation ID, error reports, saved passwords, browsing history, form data, referrer data, and information that could be used to created a “fingerprint” of your individual machine – like your screen resolution. Also, there’s an optional proxy to hide your IP.|
|Brave “Private Browsing Mode”||Form data, browsing history, and cookies. The default search engine is set to Duck Duck Go, and optional Tor integration prevents your IP address being revealed. As of August 2018, this feature has some “known issues and leaks”.|
Immediately we can see that there’s inconsistency in what each browser vendor considers to be true “private browsing”. Epic’s default browsing mode is clearly much more private than Chrome’s special “Incognito” setting.
So in this relatively small group, we can see that only one browser — Epic — would defend your privacy well, and even then, you’d need the proxy on to hide your IP. Brave’s Tor integration offers some promise, but it isn’t yet completely leakproof. And in comparison, Chrome is clearly pretty poor.
What are the Risks of Browsing In Plain Sight?
When you’re browsing the web, your activity is being logged and tracked by three key groups. All of them have an interest in what you’re getting up to.
In the UK, the Investigatory Powers Act gave the government sweeping surveillance powers. The websites we visit are logged and can be searched by a dizzying array of organisations under the guise of anti-terrorism measures and crime prevention.
Arguably, this monitoring goes way beyond a proportionate level of surveillance. It is theoretically possible for police to go through bulk data sets containing snooped metadata about entirely innocent people.
Not only that but your browsing history can be viewed without a warrant by mid-level staff at organisations like the Department for Work and Pensions, the Health and Safety Executive, and the Food Standards Agency. There is, in theory, very little to stop a nosey neighbour or vengeful ex-partner from having a good look through your browsing records.
Not only is this an invasion of privacy, but it could also be used for purposes other than law enforcement. For example, under RIPA — the system that preceded the Investigatory Powers Act — government snooping powers were used to spy on people leaving clothes outside a charity shop.
Similar snooping laws already exist in Australia and the United States, but the UK’s is arguably the most extreme in the western world.
Your internet service provider is likely keeping a log of your activity when you browse the web. For example, in the UK, it hands that data to the government under the terms of the Investigatory Powers Act.
In some countries, ISPs go one step further. Not only do they record what you’re up to, they then sell your browsing history (and some associated data) to the highest bidder. So in the USA, for example, your ISP can lawfully disclose your location to commercial companies, along with the sites and apps you use.
Privacy organisations like the Electronic Frontier Foundation are fighting this rollback of Obama-era FCC rules, but the situation is still very much in flux.
The web as we know it is driven by advertising. And when managed properly, ads can be useful and unintrusive.
But in the absence of strong privacy laws, advertising networks are able to get away with some privacy-invading practises that are often downright creepy.
By tracking your movements online, advertisers learn what you’re into. Thet can target you with personalised ads that exploit the data from your web searches and browsing activity.
Apple made waves in January 2018 by restricting tracking cookies in Safari, and browsers increasingly allow you to block third-party cookies. But this doesn’t completely solve the problem. We’re still a long way away from being able to control advertising meaningfully and simply on an individual level.
How to Browse Privately - For Real
For true private browsing, you need a complete privacy toolkit at your disposal. Simply relying on your browser to do the heavy lifting won’t cover you. Here are the four components you need:
1. The Most Private Browser
We demonstrated earlier that browser vendors have differing ideas of what private browsing actually is. In the vast majority of cases, the big-name browsers are the worst offenders.
When we researched the best browsers for privacy, we found a few lesser-known names that are fighting hard for user privacy:
- Epic is, by default, a private browsing machine. It blocks as much tracking and fingerprinting as possible while ensuring that the web still works.
- Brave impressed us with its robust approach to privacy and its comprehensive features. By default, it offers good all-round privacy protection in private browsing mode, and the recent addition of Tor gives it a bright future, even though there are a few kinks to be ironed out.
- Tor is the best browser for privacy, but it’s also a little slower than its competitors, so you may find that a more consumer-focused interface is better for daily use. Bear in mind that Tor also acts as a gateway to the Dark Web, a hidden area of the internet that you probably won’t want your kids to investigate.
Whatever you do, make sure that the private browsing mode in your browser is actually doing what you want it to do. Some vendors could be said to have ulterior motives when it comes to their light-touch approach.
2. The Most Private Search Engine
Your search queries build a treasure trove of information about you over time, and this data is exploited by advertisers. It can also be a privacy risk all on its own.
For example, if you search while logged in to Google, everything you search for is recorded in My Activity, a huge downloadable archive. If you search while logged in, your personal data stash is likely to be dozens of gigabytes in size.
There are better alternatives:
- Duck Duck Go is Brave’s default browser when it’s in private browsing mode, and is arguably the most well-known browser that doesn’t track you
- StartPage is a good alternative if you want results powered by Google without the tracking
- Qwant, like StartPage, is based in the EU and offers cookie-free searching.
Even if you opt to use a big-name browser, it is possible to change the default search engine to one of these smaller players. All offer instructions or extensions that make this simple.
3. Disable Location Services
Location services allow commercial companies and government snoopers to log your location. This is a clear privacy invasion. For example, you might be implicated in criminal activity simply because you were nearby at the time. Additionally, you may simply be uncomfortable with other people knowing your daily routine.
Logging your location on a remote server also opens you up to unpleasant data breaches. Remember the horrific example of an alleged abuser being given all of the data on his ex-partner’s phone? It would be trivial for location data to be extracted and misused in a case like this.
Ensure location services are turned off on your device. Then check whether you have another setting called Web and App Activity — and turn that off too. In August 2018, Google was found to be tracking people who turned off location services by using this sneaky additional setting. So double-check it.
4. Get a VPN
In the battle against tracking and snooping, a VPN is your best defence against snooping, tracking, IP leaks and accidentally revealing your location.
When you connect to a VPN, you essentially bypass your ISP by placing all of your internet activity in an encrypted tunnel. If you wish, you can also use a VPN to hide your real location by choosing a server that’s in another country.
Connecting to a VPN is straightforward; you just need to install the appropriate VPN app, or make a quick change to the settings on your device.
Not all VPNs are made equal, and it’s best to trial a few before taking out a paid subscription:
- Check that the provider offers good transfer speeds; if you plan to use your VPN with video streaming services, this is going to be important
- Look at the options for connecting to the VPN to ensure that your devices are supported
- Check the list of available server locations; some companies only offer a few, while others have dozens to choose from
- Most importantly, ensure that your VPN provider does not log your activity while you’re connected; this will ensure that they cannot be forced to hand over your browsing history, because they simply don’t hold it in the first place.
Privacy is Your Right Online
You have the right to close your curtains at night, just as you have the right to use the internet without being spied on, tracked, and pestered by advertisers.
Even if you have nothing to hide, it’s foolish to allow data about your personal life to fall into unknown hands. You just don’t know where it will end up.
As the web continues to mature, companies like Facebook and Google are being pulled up on past privacy misdemeanors. Protect your privacy now and you could avoid being caught up in the next big hack or scandal.