Browsing the internet is becoming more of a minefield as new, more complex and even more aggressive malicious code keeps surfacing.
While some of the nastiest campaigns will be aimed at large businesses, the average user should also take extra care.
To help, we take a look at the most secure browsers out there. Also, if there's one you recommend, get in touch and we can take a look.
What does the idea of a secure browser mean?
We first examined privacy-friendly browsers nearly a decade ago in 2010. The technological landscape has changed dramatically and the average consumer has become more conscious of their privacy – surely in part due to the explosive leaks from Edward Snowden back in 2013, not to mention popular TV shows about hacking like Mr Robot.
People are more oriented to mobile devices running under very different conditions, while a range of security features such as URL filtering, download protection and 'do not track' have transformed mainstream desktop browsers such as Chrome, Internet Explorer and Firefox. In a sense all browsers could now plausibly claim to be 'secure' browsers for the average Joe.
If that's the case, what has happened to what were once considered 'secure' browsers? One answer is the specialised products are now more focused on the issue of user privacy, of handing back control to the user and opting out of data collection systems of the sort that underpin firms like Google.
It is perfectly possible to tweak Chrome, Firefox or IE with plugins, fine tuning them for security and privacy if that’s important. Each now has a privacy mode - which might or might not convince the sceptic of course. But the philosophy behind the true secure browser is to eschew the notion of platforms and plug-ins, stripping back every non-essential feature to create a more minimalist experience.
But it should be noted that achieving true privacy is going to be a fairly difficult task, isolating a machine from public Wi-Fi connections, locking it down with an open source OS, and being conscious of sites and services you use, as most depend on your data for their businesses to thrive.
So the following browsers (plus one plug-in) are not exhaustive nor will they guarantee you real privacy. However, they’re likely to go some way to help. Note that privacy usually requires compromises so these won't be for everyone.
Our top picks are:
Read on for the full list:
Trusty Firefox from the Mozilla Foundation comes recommended by PrivacyTools.io and this is because it can be hardened through the use of add-ons to become a seriously privacy-friendly browser. There is a long list of add-ons that can be used to make the Firefox experience more secure, including – but not limited to – HTTPS Everywhere (see below), uBlock Origin, NoScript, Stop Fingerprinting and Windscribe. It also has some privacy features built in such as tracking protection.
Firefox is also just a good, user-friendly open source browser that receives regular updates, has a pleasing UI, delivers in speed performance and is lightweight – with the Mozilla Foundation boasting that it uses 30 percent less memory than Chrome.
Epic privacy browser
Based on Chromium, Epic is a browser that strips out every conceivable feature to maximise privacy. Cookies and trackers are eliminated after each session, all searches are proxied through the firm’s own servers (which means there is no way to connect an IP address to a search), and it attempts to prioritise SSL connections wherever possible, useful for open Wi-Fi connections. It does not collect data about its users and comes with excellent built-in ad blocking.
For a fully encrypted connection, it includes a one-button proxying feature that does slow down browsing but will appeal to some users (it can’t necessarily be used as a regional bypass proxy because Epic’s servers are based in the US). Despite eschewing plug-ins a handful are available to make life a bit easier, for example password manager LastPass.
Downsides? Epic's one-click proxy does slightly slow browsing down, although for high-spec machines this shouldn't be an issue.
It is also a closed shop – a proprietary browser based on an open source project (Chromium) is unlikely to keep pace with the latter for updates and patches. And although Epic claims to have removed Google’s tracking features the fact that it’s based on Chromium means you’re still sort-of using a Google product. Why opt for a closed shop Google offshoot when there are actually open source alternatives available?
Announced by Brendan Eich, co-founder of the Mozilla Project, Brave is an open source browser that offers a respectable Chrome and Safari alternative.
Brave offers great speeds and advanced ad-tracking controls, ideal for the privacy-conscious who are also after a lightweight browser.
Available for Windows, Linux and OS X users, Brave includes HTTPS Everywhere integration, blocks cookie capture, features a decent ad-blocker, and has an active developer community which is always improving the browser.
Downsides? It's still a relatively new browser, so perhaps not as polished a product as it could be, and extension functionality is still lacking.
The Tor browser has become the watchword for the anti-surveillance movement because it is built on an entire infrastructure of ‘hidden' relay servers. Built atop a modified Firefox, it can be installed on a Windows, Mac or Linux PC but also on a USB stick if that's preferable.
The important thing to remember about Tor is that it is really an advanced privacy browser rather than a secure one, in that it includes no anti-malware technology and blocks plug-ins by design. It is designed to anonymise a user within certain constraints such as the requirement to use only HTTPS connections (enforced by HTTPS Everywhere – see below). The Tor Project offers a list of do and don’t for using it securely, including being very careful about downloading and opening documents which require external applications. Tor is a privacy browser not a secure environment.
Downsides? Using Tor will be slower than with other browsers and it can be demanding to use to its full privacy potential. Some people think that anyone who uses Tor is trying to hide something. Of course they are right. If privacy is that important, let them think what they want.
An innovative feature is that all user content (bookmarks, browsing preferences and history) can be encrypted using various ciphers and a passphrase. Another interesting feature is to set privacy, for example private browsing, for each tab using the right-click option.
Despite its status as relatively unknown, the Dooble project is still live and is being updated.
Reviewers haven’t taken to Dooble because it lacks refinement in places but we found it fast and in some of its ideas clever.
Downsides? As stated.
A browser plug-in rather than a browser as such, HTTPS Everywhere is an EFF/Tor project that enforces SSL security wherever that’s possible in Chrome, Firefox and Opera. Its promise is to make what would otherwise be a complex and uncertain process much simpler because it is easy to start out using HTTPS on a website and be sent back to non-HTTPS pages without realising it.
Downsides? It’s another plug-in of course but it’s worth it. A boon for café surfers everywhere.
Yandex Browser is a Chromium re-skin with a pleasing, minimal UI that doesn't stray too far from Google Chrome in design and features, and can import your Chrome preferences.
Yandex, Russia’s biggest tech company, makes use of the 'Blink' engine, which runs checks through downloads and even uses Kaspersky's antivirus to scan for malicious content.
Normally when browsers run scans they become sluggish, and Yandex has tried to address this. The browser uses Opera's Turbo technology to optimise webpages that are under-performing or working across an unstable network.
Yandex also provides DNS spoofing protection, which can block website containing malicious content and protects passwords and bank card details that are stored.
Users might want to exercise caution for the fact that it is closed-source and proprietary, so you don’t truly know what’s happening to your data (other than Google’s not getting it).
Comodo Dragon / Ice Dragon
Comodo offers two browsers, one based on Chromium (Dragon) and the other on Firefox (Ice Dragon). Which one you choose would depend on your current investment in either Chrome or Firefox because each aims to maintain compatibility with thing like plug-ins, stored passwords, and favourites if desired.
Features? Probably the first one is the ability to choose whether to use Comodo’s SecureDNS servers for either Dragon or all applications (or not at all), which potentially offers privacy and security compared to a user wanting to bypass their ISP’s infrastructure. This incorporates a domain filtering system designed to limit exposure to problem domains of the sort used by malware.
Probably the most intriguing feature is the browser’s virtualised mode that isolates it from the host system. This is a free feature but requires the user to install Comodo Internet Security (CIS), a free version of the company’s anti-virus software. Not everyone will want to do that but the added security of this approach is worth considering.
Downsides? Comodo is set up as a parallel to Chrome or Firefox minus some of the tracking and with some extra added layers of security. Impressive as this sounds on paper, in practice both are modified browsers with some bloat on top. There are other Chromium- and Firefox-based browsers in this list that are more worthy of your time.