While browsers such as Tor might be associated with dark web criminal activity and hackers, there are a growing number of reasons for the average person to think about using a secure browser.
In light of the Cambridge Analytica scandal, the average consumer has become more conscious of their privacy and the ways in which their data is being used. A secure browser is one way to avoid your data being collected by companies such as Google and Facebook.
Another concern driving people to secure browsers is avoiding hacks. Although the nastiest campaigns are aimed at large businesses, the average user can be subject to hacks as well.
Using a secure browser can help to avoid these problems. If we’ve missed your favourite, get in touch and let us know.
What is a secure browser?
A range of security features such as URL filtering, download protection and the 'do not track' feature have transformed mainstream desktop browsers such as Chrome, Internet Explorer and Firefox. In a sense all browsers could now plausibly claim to be 'secure' browsers for the average Joe.
This means that today, more specialised products are now focused on the issue of user privacy, handing back control to the user and opting out of data collection systems of the sort that underpin firms like Google.
It is perfectly possible to fine tune Chrome, Firefox or IE for security and privacy with plugins. Each now has a ‘privacy’ mode - which may or may not convince the sceptic. But the philosophy often behind true secure browsers is to eschew the notion of platforms and plug-ins, stripping back every non-essential feature to create a more minimalist experience.
Tor is the most well-known, but the browser can slow down your internet and lead to connectivity issues, meaning people are increasingly looking for alternatives.
However it should be noted that achieving true privacy online is a fairly difficult task, as it means isolating the machine from public Wi-Fi connections, locking it down with an open source OS, and being conscious of the sites and services you use - considering most depend on harvesting your data for the success of their business.
Therefore, the following browsers (plus one plug-in) are not exhaustive nor will they guarantee you real privacy. However, they’re likely to help somewhat. But note that privacy usually requires compromises so these won't be for everyone.
There are various Chromium-based browsers that promise to cater to privacy (and in some instances de-Google the core browser) but ultimately there's no guarantee this is the case - so we've left those out.
We also discuss Virtual Private Networks (VPNs), such as nordvpn, which can be used in association with the browser you already use to increase privacy.
Read on for the full list...
Trusty Firefox from the Mozilla Foundation comes recommended by PrivacyTools.io because with the addition of some add-ons, it can become a seriously privacy-friendly browser. There is a long list of add-ons that can be used to make the Firefox experience more secure, including – but not limited to – HTTPS Everywhere (see below), uBlock Origin, NoScript, Stop Fingerprinting and Windscribe. It also has some privacy features built in such as tracking protection.
Firefox is also just a good, user-friendly open source browser that receives regular updates, has a pleasing UI, delivers in speed performance and is lightweight – with the Mozilla Foundation boasting that it uses 30 percent less memory than Chrome.
However, there have been a number of controversial decisions taken by Mozilla that have upset both casual Firefox fans and die-hard open sourcers who have been with the project since the start.
The two most prominent of these were a plug-in appearing in users' browsers without warning and without their consent called Looking Glass, which turned out to be a promotional plug-in for TV series Mr Robot. Although it was disabled by default, it rightly caused alarm among the userbase who have valued Firefox for its line on privacy and yet was inserting code into users' computers.
Another cause for alarm was an experiment with Cliqz, a privacy-focused browser that Mozilla had invested in. Essentially Mozilla rolled out an engine provided by Cliqz called Human Engine to roughly one percent of users in Germany. There's a great explainer on Reddit - the extremely short version is that Human Engine would scrape user data, although it was anonymised this caused a mild uproar.
There are various forks of Firefox that claim to be privacy-focused (listed below - Waterfox, Pale Moon, Basilisk) but it's up for debate whether they are more overall secure because their development teams are, naturally, way smaller than the contributors to Firefox's code base.
Waterfox is an open source fork from Firefox with telemetry (Mozilla phoning home) turned off completely - which is possible in Firefox but with some tinkering. It also claims to be speedy but your results may vary compared to lightweight browsers like Firefox Quantum. Waterfox also promises to erase all online information from your computer, so passwords, cookies and history, as well as blocking trackers automatically without addons.
Speaking of addons, Waterfox supports legacy Firefox extensions. The Waterfox subreddit is fairly active and its creator says that it will continue to be supported with updates and patches, although these won't be as regular as Firefox. It's available on desktop and Android.
A lightweight open source desktop browser forked from old Firefox code (technically a fork from Mozilla's Gecko browser engine to the open source Goanna), Pale Moon touts "efficiency and customisation" as two of its selling points. It is regularly being updated with the latest version released in August 2018 at time of publication. You might find some compatibility issues with addons.
Yet another independent fork from Mozilla/Firefox code with the Goanna engine, the Pale Moon team also recently announced Basilisk, a free and open source XUL-based browser. We've not created a separate entry for Basilisk because the developers say it's development software, and so should be "considered more or less 'beta' at more times", although it is still worth investigating bearing that in mind.
Browser plug-in HTTPS Everywhere is an EFF/Tor project that enforces SSL security wherever that’s possible in Chrome, Firefox and Opera. It promises to make what would otherwise be a complex and uncertain process much simpler because it is easy to start out using HTTPS on a website and be sent back to non-HTTPS pages without realising it.
Downsides? It’s another plug-in of course, but it’s worth it. A boon for café surfers everywhere.
The granddaddy of privacy browsers, Tor has become the watchword for the anti-surveillance movement because it is built on an entire infrastructure of ‘hidden' relay servers. Because it bounces your connection through a number of distributed nodes, it should obscure the public IP address you are connecting to the internet with.
Built atop a modified Firefox, it can be installed on a Windows, Mac or Linux PC but also on a USB stick if that's preferable.
The important thing to remember about Tor is that it is really an advanced privacy browser rather than a secure one, in that it includes no anti-malware technology and blocks plug-ins by design. It’s designed to anonymise a user within certain constraints such as the requirement to use only HTTPS connections (enforced by HTTPS Everywhere – see above).
The Tor Project offers a list of do and don’t for using it securely, including being very careful about downloading and opening documents which require external applications.
Downsides? Using Tor will be slower than with other browsers and it can be demanding to use to its full privacy potential. Some people think that anyone who uses Tor is trying to hide something. Of course they are right. If privacy is that important, let them think what they want.
Announced by Brendan Eich, co-founder of the Mozilla Project, Brave is an open source browser that offers a respectable Chrome, Safari, and Firefox alternative.
Brave offers great speeds and advanced ad-tracking controls, ideal for the privacy-conscious who are also after a lightweight browser.
Available for Windows, Linux and OS X users, Brave includes HTTPS Everywhere integration, blocks cookie capture, features a decent ad-blocker, and has an active developer community which is always improving the browser.
Downsides? It's still a relatively new browser, so perhaps not as polished a product as it could be, and extension functionality is still lacking.
Based on Chromium - the open-source Web browser project founded by Google - Epic is a browser that strips out every conceivable feature to maximise privacy. Cookies and trackers are eliminated after each session, all searches are proxied through the firm’s own servers (which means there is no way to connect an IP address to a search), and it attempts to prioritise SSL connections wherever possible - useful for open Wi-Fi connections. It does not collect data about its users and comes with excellent built-in ad blocking.
For a fully encrypted connection, it includes a one-button proxying feature that does slow down browsing but will appeal to some users (but can’t necessarily be used as a regional bypass proxy because Epic’s servers are based in the US). Despite eschewing plug-ins, a handful are available to make life a bit easier, for example password manager LastPass.
Downsides? Epic's one-click proxy does slightly slow browsing speed, although for high-spec machines this shouldn't be an issue.
It is also a closed shop – a proprietary browser based on an open source project (Chromium) is unlikely to keep pace with the latter for updates and patches. And although Epic claims to have removed Google’s tracking features the fact that it’s based on Chromium means you’re still sort-of using a Google product. Why opt for a closed shop Google offshoot when there are actually open source alternatives available?
Yandex is a Chromium re-skin with a pleasing, minimal UI that doesn't stray too far from Google Chrome in design and features, and can import your Chrome preferences.
Yandex, Russia’s biggest tech company, makes use of the 'Blink' engine, which runs checks through downloads and uses Kaspersky's antivirus to scan for malicious content.
Normally when browsers run scans they become sluggish, and Yandex has tried to address this. The browser uses Opera's Turbo technology to optimise web pages that are underperforming or working across an unstable network.
Yandex also blocks website containing malicious content and protects passwords and bank card details that are stored. This means it makes your online payments more secure.
In terms of its anonymity provisions, it prevents third parties from tracking your browsing behaviour and location. It uses DNSCrypt technology that encrypts Domain Name System (DNS - how domain names are translated into IP addresses) traffic as well as hiding your true IP address.
Users might want to exercise caution for the fact that it is closed-source and proprietary, so you don’t truly know what’s happening to your data (other than Google’s not getting it).
This browser runs on Windows 7, Mac and Linux.
Freenet is a peer-to-peer secure platform that allows communication and publishing without censorship and anonymous and secure web browsing. It stores encrypted data in a distributed, decentralised network. It supports Darknet and OpenNet technologies, through which connection with other users is facilitated.
The lack of a central server means that it is very difficult to hack Freenet.
I2P (also known as the invisible internet project)
This is an anonymous network which facilitates the secure and private exchange of messages. It utilises DarkNet technology to provide protection from tracking by third parties like internet service providers.
It’s layered encryption of network traffic and communication means your data is both anonymous and protected.
Virtual Private Networks (VPNs)
VPNs work by connecting two computers securely and privately over the internet. When you open up a web browser and enter a URL on your device, the request is sent to the VPN server. The server then acts as an intermediary, requesting the web page from the site and sending it back to you. That means the website can only see the VPN server - not the client device requesting it.
This information is encrypted, meaning external parties can't see the information exchanged. VPNs also mask the location of the client, allowing you to access location-specific services in other countries. Read more information on VPNs here.