While browsers such as Tor might be associated with dark web criminal activity and hackers, there are a growing number of reasons for the average person to think about using a secure browser.
Once, the privacy movement was somewhat fringe, but data misuse by governments and companies, data breaches, and scandals such as Cambridge Analytica have brought the need for secure, private browsers acutely into light. While changing browsers won't guarantee anonymity, it can help shield your data from being collected by companies such as Google and Facebook, or at least make things a little harder.
Using a secure browser can help to avoid these problems.
What is a secure browser?
A range of security features such as URL filtering, download protection and the 'do not track' feature have transformed mainstream desktop browsers such as Chrome, Internet Explorer and Firefox. In a sense all browsers could now plausibly claim to be 'secure' browsers for the average user, to a degree, anyway.
This means that today, more specialised products are now focused on the issue of user privacy, handing back control to the user and opting out of data collection systems of the sort that underpin firms like Google.
It is perfectly possible to fine tune Chrome or Firefox for security and privacy with plugins, and even Microsoft Edge has a privacy mode. But the philosophy often behind true secure browsers is to eschew the notion of platforms and plug-ins, stripping back every non-essential feature to create a more minimalist experience.
Tor is the most well-known, operating on the peer to peer Onion network, but the browser can slow down your internet and lead to connectivity issues. And while it is more anonymous in theory, just being on the network can flag activity to those monitoring it. Something as simple as re-sizing your browser window while on Tor can de-anonymise you.
Achieving true privacy online is a difficult task, as it means isolating the machine from public Wi-Fi connections, locking it down with an open source OS such as Tails, and being conscious of the sites and services you use - considering most depend on harvesting your data for the success of their business.
Therefore, the following browsers and plug-ins are not exhaustive, nor will they guarantee you real privacy.
There are various Chromium-based browsers that promise to cater to privacy (and in some instances de-Google the core browser) but ultimately there's no guarantee this is the case – so we've left those out. Really, we think the best picks for most users are either Brave or a modified Firefox with ad-blocking and privacy plug-ins – they're open source, therefore transparent, and designed with privacy in mind – but we'll go over a few other options below.
We also discuss Virtual Private Networks (VPNs), such as nordvpn, which can be used in association with the browser you already use to increase privacy.
Read on for the full list...
Trusty Firefox from the Mozilla Foundation comes recommended by PrivacyTools.io because with the addition of some add-ons, it can become a seriously privacy-friendly browser. There is a long list of add-ons that can be used to make the Firefox experience more secure, including – but not limited to – HTTPS Everywhere (see below), uBlock Origin, NoScript, Stop Fingerprinting and Windscribe. It also has some privacy features built in such as tracking protection, and in an official update in late 2019, Mozilla announced how much work it had been doing to block all ad-trackers.
Firefox is also just a good, user-friendly open source browser that receives regular updates, has a pleasing UI, delivers in speed performance and is lightweight – with the Mozilla Foundation boasting that it uses 30 percent less memory than Chrome.
However, there have been a number of controversial decisions taken by Mozilla that have upset both casual Firefox fans and die-hard open sourcers who have been with the project since the start.
The two most prominent of these were a plug-in appearing in users' browsers without warning and without their consent called Looking Glass, which turned out to be a promotional plug-in for TV series Mr Robot. Although it was disabled by default, it rightly caused alarm among the userbase who have valued Firefox for its line on privacy and yet was inserting code into users' computers.
Another cause for alarm was an experiment with Cliqz, a privacy-focused browser that Mozilla had invested in. Essentially Mozilla rolled out an engine provided by Cliqz called Human Engine to roughly one percent of users in Germany. There's a great explainer on Reddit – the extremely short version is that Human Engine would scrape user data, although it was anonymised this caused a mild uproar.
There are various forks of Firefox that claim to be privacy-focused (listed below: Waterfox, Pale Moon, Basilisk) but it's up for debate whether they are more overall secure because their development teams are, naturally, way smaller than the contributors to Firefox's code base.
Waterfox is an open source fork from Firefox with telemetry (Mozilla phoning home) turned off completely – which is possible in Firefox with some tinkering. It also claims to be speedy but your results may vary compared to lightweight browsers like Firefox Quantum. Waterfox also promises to erase all online information from your computer, so passwords, cookies and history, as well as blocking trackers automatically without add-ons.
Speaking of add-ons, Waterfox supports legacy Firefox extensions. The Waterfox subreddit is fairly active and its creator says that it will continue to be supported with updates and patches, although these won't be as regular as Firefox. It's available on desktop and Android.
A lightweight open source desktop browser forked from old Firefox code (technically a fork from Mozilla's Gecko browser engine to the open source Goanna), Pale Moon touts "efficiency and customisation" as two of its selling points. It is regularly being updated with the latest version released in May 2020, at time of publication. You might find some compatibility issues with add-ons.
Yet another independent fork from Mozilla/Firefox code with the Goanna engine, the Pale Moon team is also behind Basilisk, a free and open source XUL-based browser.
Browser plug-in HTTPS Everywhere is an EFF/Tor project that enforces SSL security wherever that’s possible in Chrome, Firefox and Opera. It promises to make what would otherwise be a complex and uncertain process much simpler because it is easy to start out using HTTPS on a website and be sent back to non-HTTPS pages without realising it.
Downsides? It’s another plug-in of course, but it’s worth it. A boon for café surfers everywhere.
The granddaddy of privacy browsers, Tor has become the watchword for the anti-surveillance movement because it is built on an entire infrastructure of ‘hidden' relay servers. Because it bounces your connection through a number of distributed nodes, it should obscure the public IP address you are connecting to the internet with.
Built atop a modified Firefox, it can be installed on a Windows, Mac or Linux PC but also on a USB stick if that's preferable.
Tor is designed to anonymise a user within certain constraints such as the requirement to use only HTTPS connections (enforced by HTTPS Everywhere – see above).
The Tor Project offers a list of dos and don’ts for using it securely, including being very careful about downloading and opening documents which require external applications.
Downsides? Using Tor will be slower than with other browsers and it can be demanding to use to its full privacy potential.
Announced by Brendan Eich, co-founder of the Mozilla Project, Brave is an open source browser that offers a respectable Chrome, Safari, and Firefox alternative.
Brave offers great speeds and advanced ad-tracking controls, ideal for the privacy-conscious who are also after a lightweight browser.
Available for Windows, Linux and OS X users, Brave includes HTTPS Everywhere integration, blocks cookie capture, features a decent ad-blocker, and has an active developer community which is always improving the browser.
Downsides? It's still a relatively new browser, so perhaps not as polished a product as it could be, and extension functionality is still lacking.
Based on Chromium – the open-source Web browser project founded by Google – Epic is a browser that strips out every conceivable feature to maximise privacy. Cookies and trackers are eliminated after each session, all searches are proxied through the firm’s own servers (which means there is no way to connect an IP address to a search), and it attempts to prioritise SSL connections wherever possible – useful for open Wi-Fi connections. It does not collect data about its users and comes with excellent built-in ad blocking.
For a fully encrypted connection, it includes a one-button proxying feature that does slow down browsing but will appeal to some users (but can’t necessarily be used as a regional bypass proxy because Epic’s servers are based in the US). Despite eschewing plug-ins, a handful are available to make life a bit easier, for example password manager LastPass.
Downsides? Epic's one-click proxy does slightly slow browsing speed, although for high-spec machines this shouldn't be an issue.
It is also a closed shop – a proprietary browser based on an open source project (Chromium) is unlikely to keep pace with the latter for updates and patches. And although Epic claims to have removed Google’s tracking features the fact that it’s based on Chromium means you’re still sort-of using a Google product. Why opt for a closed shop Google offshoot when there are actually open source alternatives available?
Freenet is a peer-to-peer secure platform that allows communication and publishing without censorship and anonymous and secure web browsing. It stores encrypted data in a distributed, decentralised network. It supports Darknet and OpenNet technologies, through which connection with other users is facilitated.
The lack of a central server means that it is very difficult to hack Freenet.
I2P (also known as the invisible internet project)
This is an anonymous network which facilitates the secure and private exchange of messages. It utilises DarkNet technology to provide protection from tracking by third parties like internet service providers.
It’s layered encryption of network traffic and communication means your data is both anonymous and protected.
Virtual Private Networks (VPNs)
Another option for greater security and privacy is to enable a VPN.
VPNs work by connecting two computers securely and privately over the internet. When you open up a web browser and enter a URL on your device, the request is sent to the VPN server. The server then acts as an intermediary, requesting the web page from the site and sending it back to you. That means the website can only see the VPN server – not the client device requesting it.
This information is encrypted, meaning external parties can't see the information exchanged. VPNs also mask the location of the client, allowing you to access location-specific services in other countries. Read more information on VPNs here.