Browsers: The Tabs Are Watching
Disclosure: Hello people! Just so you know, this post includes affiliate links, which earn us a commission (no extra cost to you). This is one of the things that helps us run this little shindig. You can read our full disclosure here. Now, enjoy the read!
Let's learn ya all about what these here thingies are an' how ya can work 'em!
Ah, the web browser, the window into the world of the internet
Too bad that window isn’t one sided glass. It’s not, by the way… that would be weird. What they are is a tool for users to navigate the internet, and each one has its pros and cons. This time ‘round, we’re going to delve into this and talk about just what is offered, both good and bad.
So, what is a web browser, really?
A web browser, as we know it, is a software application to access and display internet content.
Browsers are the reason why anybody and their grandma can utilize the internet. It would be much more difficult without one, as they provide a usable interface to, well, interface with the World Wide Web. Much like how your computer’s OS has a file explorer to display an easy-to-use UI for navigating your computer files, a web browser does this for the internet. A browser is able to interpret the jumbled mess of serial numbers and machine information, such as URLs, IP addresses and other stuff, to allow you to navigate web pages, images and videos ‘til your heart’s content.
How each browser goes about these things is both very much the same and very much different. This is the crux of what we’ll discuss, here. You see, they each pretty much do all of the above, but not all browsers were created equal!
Have you ever been surfing around and noticed oddly specific ads that seem to be straight out of your head? Yeah, me too, and it’s unsettling. Realizing that you’re being spied on doesn’t feel good.
You see, some browsers are a slave to things like “corporate interests” and/or data mining, while others take steps to separate the user from the prying eyes of cookies and other methods of data collection. The scary thing is these methods aren’t just to figure out what brand of foot cream to market to you (as scary as that is), but they open doors that can be used to undermine basic privacy and threaten security, as a whole.
In our last piece, we went over VPNs (you can check that out, here), but like we said in the conclusion of that piece, those are only one link in the chain of defense. So, let’s get into the nitty-gritty of another chain link and figure out what else we can do to protect ourselves.
The Bad Guys
We’ll start with the bad. Here are some things that should make you shutter when using the internet.
Data Collection
A web page can use several methods to track your every movement and generally spy on your actions. Where you go, where you came from, what you do, how long you do it, all of this and more can be discerned by these methods. There are two main approaches to modern data collection: log files and JavaScript.
Log Files: Log files are small files that are used to log and review activity that occurs on a web page. They can capture data such as user preferences, where a user came from, where they go/what pages they visit, how often they come back to a particular site or page, and other behavior. Cookies are one example of a log file and probably one of the more well known terms to the layman web user.
As cute and delicious as their namesake may be, they can be pretty nasty in relation to your privacy, as they can be used to uniquely identify you. Though, cookies aren’t necessarily inherently bad, since they can be used to foster convenience to a user, especially that of a returning user. However, like most things, it can be used for malice in the wrong hands. Luckily, there are things that can be done to prevent the rampant spying and eavesdropping that log files of all sorts facilitate. Many browsers accept cookies by default, but tools that can block these little suckers can be installed fairly easily, and several of the browsers we’ll go over have either built-in features, or well-made plugins, that can be utilized to combat them.
JavaScript: In short, JavaScript is a programming language. JavaScript is extremely versatile and one of its uses is to track users on a web page. JavaScript can accomplish its own accurate tracking, without log files, by utilizing the code on the web page to transmit the user’s activity to the curious party. This code sends the information it collects to a server somewhere, to be kept for some amount of time. You’re supposed to be able to find out just how long the information is kept, in a website’s privacy policy. It’s sometimes years.
Your information is often sent to a third party to use for its own purposes, which gives the site that gathered the information even less control over that information. This wanton changing of hands is a big part of the privacy issue.
Flash
Flash, a once overly dominant multimedia player, is yet another avenue for these information thieves to take. Your average user most likely won’t know to look out for something like that, not to mention the basic security threats Flash poses. It’s been known to have flaws that expose users to hackers who can use the software to access a user’s memory. This opens the door to a hacker taking over your machine, which leads to more problems from there. Patches have been issued but I still won’t bother with Flash, myself.
It also makes use of tracking techniques that aren’t always cleaned out when you clear your browser cache, even with extensions and plugins meant to do just that. This was a big part of the push to HTML5. Though, HTML5 has it’s own set of issues. We’ll touch on that below.
Fingerprinting
All of these data collection methods can be used for something called fingerprinting. Fingerprinting is a technique of uniquely identifying a user based on collected information and characteristics of your device and/or web browser. Attributes, such as your operating system, the browser you’re using, plugins, location, IP address, fonts, language, screen size, and more can all be ascertained and used to create a digital “fingerprint” to identify you.
As we mentioned above, HTML5 has it’s own problems to address. One of the bigger issues is the “canvas fingerprint”. This is a fingerprinting method wherein the HTML5 API, Canvas (graphics and animations, using our old friend, JavaScript), is used for tracking the user. It’s foundation lies in the ways in which different machines render these animations and graphics. The whole process can be done with zero indication to the user, in a fraction of a second.
One of the best ways to combat these techniques is to simply disable JavaScript. Tools like NoScript do a good job of this, but there are several other useful tools and plugins to help you out, here. We’ll go over these in depth later on.
Another caveat worth mentioning is mobile devices. The standard nature of mobile devices tend to make them less susceptible to unique fingerprinting because they’re so cookie-cutter. Although, they are susceptible by other means.
There are tools you can use to see just how protected you are from fingerprinting methods. The EFF has a one such tool called, Panoptoclick. This website will test your fingerprint protection, or lack thereof. They’ve actually used this tool to publish some pretty interesting results on the efficacy of fingerprinting.
Quick tip: One way in which you can be fingerprinted is your screen resolution. To thwart this, simply refrain from maximizing your browser window. The more you know!
Monetizing You
The information that is collected from you can be bought and sold, making you and your personal information nothing but a commodity. I don’t know about you, but if someone’s making money off me, I want a cut! Unfortunately, you get nothing out of the deal but an invasion of privacy.
The Good Guys
And now, on to the good. Here are some things that should help you stop shuttering uncontrollably and regain some confidence! Whew, I’m sorry I put you through that. It’s rough, I know. But don’t you fret, because we’re going to make it a lot better.
Starting with:
Browsers
But don’t you worry your little head! Sorry, I didn’t mean that… your head is perfectly proportioned. Amazingly, even… Okay, moving on!
There’s several ways to prepare and protect yourself. Using the right browser is the starting point. Many browsers today use hot-button terms and keywords to feign security and privacy, but more than a few have either been caught doing something shady or they’re using words that don’t mean much.
One easy term for them to use is “private browsing”, known as “incognito” in Chrome. But the term is misleading, and private isn’t really the word I’d use. Sometimes, these private modes only refrain from saving your search history, which doesn’t amount to much in the grand scheme of things.
Some browsers and websites have been caught ignoring user settings, such as the “do not track” feature that browsers use in private browsing mode. That’s shady, if you ask me. Just downright rude, really!
So, we’ll go over some of the browsers that take you, the user, into consideration by providing actual protection. Each of these browsers has functions and features meant to increase your privacy and/or security. Let’s get into it!
Open Source - Yes
Platforms - Windows/Mac/Linux/iOS/Android
Framework - Firefox
We’ll kick it off with good ol’ Firefox. Created by the Mozilla Foundation, Firefox is a mainstay in the world of secure and private browsers. An open source project, Firefox is the base for several other privacy-based browsers on the market (notably, Tor).
Firefox is a powerful and well-oiled browser with features built right in to enhance its security and privacy, like tracking protection and a private browsing mode that helps block ads and scripts. Since their “Firefox Quantum” update, it boasts a new engine with better performance, having some serious upgrades to speed. It also has a nice, clean look and feel, and a fairly intuitive interface.
The real boon to Firefox, though, is the plethora of useful add-ons. These all go through a review process before they’re added to the marketplace, helping to prevent questionable software and malware from being available for download. It may seem daunting for those for you who aren’t the most technically inclined, or simply don’t want to spend time fortifying the browser, but it’s not hard to outfit Firefox, even with limited technical knowledge, since the extensions are extremely easy to add to the browser. Just a few clicks of the trusty mouse and your off to the proverbial races. Many talented authors spend time crafting some great additions to the Firefox base, and with the right combination of add-ons, Firefox is one of the best browsers around if you’re looking to lock down your web viewing experience.
Open Source - Yes
Platforms – Windows/Mac/Linux/iOS/Android
Framework – Chromium
A relative newcomer to the browser game, Brave brings a lot to the table for the privacy buffs among us. Developed by Brave Software Inc., Brave came into the game around 2016 and is quickly rising in the world of secure browsers. Brave is another browser that makes some grandiose claims. The difference is they deliver. With excellent ad blocking, tracker blocking, script blocking, forced HTTPS with HTTPS Everywhere, and fingerprint protection, all built right in to the base application, it is most certainly a force to be reckoned with. The desktop version of Brave even has private browsing tabs that connect over Tor! That’s a legitimate private browsing mode, and hopefully other browsers follow its lead.
Brave is an excellent browser for those of us who are privacy conscious but aren’t exactly the most tech savvy. This is one of those applications that has good “out of the box” functionality and doesn’t require a lot to set up. If you’re someone who doesn't like or know how to mess around with configuration and setup but still wants protection, Brave is an excellent choice.
Brave is also a compelling offering on the mobile market. In fact, I think one of the very best, especially on iOS. I personally use Brave on mobile and it’s been a great browser. It’s fast, it’s clean and it has effective features. This is definitely one worth trying out.
Open Source - Yes
Platforms - Windows/Mac/Linux
Framework – Firefox
Tor. This may be a word you’ve heard before, maybe not. If you’re unfamiliar, let me introduce you to the The Onion Router. Tor is a privacy browser developed by a non-profit organization, called The Tor Project that allows you to connect to the Tor network from within the browser. The Tor network is a voluntarily run network that creates a pinball machine of anonymity, bouncing your traffic around the network, from relay to relay, until eventually exiting through a Tor exit relay, or “node”. This hides your IP and prevents prying eyes from spying on your connection, learning where you’re going, where you’ve been and where you are.
The browser itself can be installed on and run straight from a USB drive, making it portable and leaving no trace of its use on the computer you’ve used it on. However, this browser is more private than secure and doesn’t have inbuilt anti-malware features. It also doesn’t support third party plugins like some browsers do (although, it comes with some built in, like NoScript), which means beefing it up by other methods is probably beneficial. Desktop applications, like Adguard (more on that later) and a good antivirus/anti-malware client are a good way to bolster the Tor Browser experience. You should have a good antivirus, anyway.
One downside of using this browser is that the pinball nature of the Tor network reduces the speed of your connection. This may bother some, but I personally find the benefits to far outweigh the speed drop.
The Tor network can also be used in conjunction with a VPN, adding yet another layer of anonymity. If you want to step up your privacy game to another level, using the Tor Browser is a good way to go about doing just that.
Open Source – Ice Dragon is
Platforms - Windows
Framework – Chromium/Firefox
Comodo Dragon and Ice Dragon are two browsers made by cyber security company, Comodo. Dragon is based on the Chromium framework and Ice Dragon is based on the Firefox framework. Both are modified versions of their respective bases and offer many security, privacy and performance enhancements over vanilla. Both Dragon and Ice Dragon offer compatibility with extensions for Chrome and Firefox (which is super handy), as well as some proprietary add-ons, such as integration with Comodo Internet Security, a drag & drop search function, a virtual sandbox, a Web inspector that scans a web page for malware and other fishy content, and proxy capabilities. Both browsers are fully featured monsters and provide a great deal of worthwhile features for both privacy and security.
I use both browsers quite often and I love that these fortified versions can still use all of the extensions that I love. It really feels like a tank of a browser when configurations and extensions are all set up. Although, I do wish they’d get updated much more frequently, which is a sentiment I’ve seen repeated quite a lot. Nonetheless, these are definitely worth your consideration.
Mobile-Only Browsers
Open Source - Yes
Platforms - iOS/Android
Framework – Proprietary
DuckDuckGo is most known for their privacy focused search engine, but they’ve also made their way into the mobile browser market. This slick mobile browser has all your standard privacy features: forced encryption, ad blocker, tracking blocker, etc. But the DDG Privacy Browser also has a nice (A through F) privacy grade in the UI, where it displays a grade for a given site, indicating the level of trust you should grant. This grade is given based on the site’s overall privacy practices, trackers, and encryption.
The DuckDuckGo Privacy Browser, just like their search engine, does not track its users and also makes use of their proprietary feature, “bangs”. This feature allows you to get search results from other sites by using the syntax for the site you want to search in your search query. One more cool little feature this mobile browser offers is a Fire Button that, when tapped, clears the browser of your tabs and data.
Open Source - Yes
Platforms - iOS/Android
Framework – Firefox
Another Mozilla entry, Firefox Focus is Mozilla’s mobile-only privacy browser. This mobile browser is always in private browsing mode and does its due diligence in making your browsing private. It blocks trackers and ads, automatically, requiring no setup or input from you, the user.
The interface also includes an easy way to erase your search history and data. Don’t worry if you forget, because Focus will automatically wipe your history when you close the app. The minimalist interface is easy to use and provides everything you’d expect from a Mozilla browser; and with a size of less than 5mb, it’s definitely worth giving a try.
Open Source - Yes
Platforms - Android
Framework – Firefox
Looking for a Tor browser for mobile? Then, here is your answer. Orfox was developed by The Guardian Project and is built upon the framework of Firefox for Android. The browser allows you to browse the internet over the Tor network and was developed using source code from the Tor Browser. It comes preinstalled with NoScript and HTTPS Everywhere, which is a super nice feature.
Unlike the other browsers on this list, Orfox requires another app to run properly. To use the Tor network, the user must have the Orbot app installed and running, then connect to Tor with Orfox. Orbot is a proxy application that provides the connection to the network, and is also developed by The Guardian Project.
Orfox is made to follow the guidelines of the Tor Browser as closely as possible and is still being actively worked on and updated with new features, so it’s most certainly worth keeping an eye on.
Plugins
Open Source - Yes
Platforms – Firefox
NoScript is a browser extension that blocks JavaScript, Java, Flash, Silverlight and other web plugins by default and only allows them access when you add them to your trusted sites. NoScript provides protection against exploits, such as clickjacking, which is great because it helps when user error is to blame. However, it tends to break many sites that rely on these types of scripts to function, and knowing how to properly whitelist the appropriate scripts isn’t always user friendly. Given this, I’d say NoScript is best implemented by power users, but it is most definitely worth using.
Open Source - Yes
Platforms – Firefox
Disable WebRTC is a browser plugin that disables the communication protocol, WebRTC. This protocol can leak your IP address, even if you’re using a VPN. It’s lightweight and worth having, just in case. You can toggle the plugin on or off with a single click, if you need to.
Open Source - Yes
Platforms – Firefox/Chromium
Privacy Badger is a browser plugin developed by the EFF. One of the problems with the Do Not Track setting (which most private browsing modes will enact) is the fact that many websites won’t honor the setting. Your browser tells the website not to track it, but the website can’t be forced to abide by the request. Privacy Badger helps to block those trackers.
It’s got a simple interface that shows you how many trackers it’s currently blocking and you can enable or disable the trackers listed with a slider. Privacy Badger is a nice, user friendly plugin that does what it says quite well, with no setup required.
Open Source - Yes
Platforms – Firefox/Chromium/Safari/Edge
uBlock Origin is another powerful content filter. It has a small footprint and enforces several filter lists. It has a simple interface that’s fairly easy to use and doesn’t require a lot of tampering, but it also allows for more involved customization and tweaking. It has a litany of features and is still in active development. Ublock Origin is definitely one of the better blocker plugins out there.
Open Source - Yes
Platforms – Firefox/Chromium
Cookie AutoDelete is a useful plugin that automatically deletes cookies whenever you close a tab (automation can be toggled). It allows you to clean local storage, and even clean the cookies for currently open tabs, with a dropdown. It displays notifications, dropdowns for quick adjustments, whitelist/greylist settings, and supports Firefox Container Tabs.
Open Source - Yes
Platforms – Firefox
Decentraleyes is a plugin that protects the user against third party content delivery that can be used to track you. It supplements other content blockers by locally injecting these resources, instead of you being connected to a third party delivery system. It’s a good way to provide protection from this particular form of tracking.
Open Source - Yes
Platforms – Firefox/Chromium
HTTPS Everywhere is a great plugin jointly developed by The Tor Project and the EFF that forces connection to encrypted HTTPS, wherever possible. If you visit a site that has an HTTPS version, the plugin will force connection to that version of the site. It provides the option to block any connection that isn't encrypted with HTTPS.
Honorable Mentions
Open Source - No
Platforms – Firefox/Chromium
Malwarebytes, the internet security company, recently released a new browser extension that filters malicious content and blocks malicious websites. It also has an interesting feature that blocks fake news and misleading content. The plugin is not reliant on pre-made definitions and claims to be able to catch previously unidentified threats. The Malwarebytes Browser Plugin also prevents many other threats, such as pop-ups, hijackers, browser lockers, and social engineering attacks.
Malwarebytes is a mainstay in internet security, and it’s great to see them providing an effective browser plugin. As of this writing, the plugin is brand-spankin’ new and still in beta, but it’s something to keep an eye on.
User Agent Spoof:
Open Source - N/A
Platforms - N/A
The user agent is a unique string of information about your machine that can be used to fingerprint you. There are several plugins available that can spoof your user agent, making your Windows machine look like a Mac, or vice versa, etc., and some will automatically change it based on custom settings.
These can be useful tools, however, many believe that simply using a tool to block the scripts that call for this information is a better method, as you have to do some research on what combination is most common, and using exotic plugins can make you stand out even more.
Search Engines
Not only do the web pages that you’re visiting track you, but the search engines you use to get there do, as well! Google is one of the most notorious for this, and it’s BY FAR the most widely used search engine on the planet. The same goes for every other major player in search engines. If you want to get around being tracked and spied on by your search engine, then consider one of the entries below.
DuckDuckGo is one of my favorite search engines, and one of the best privacy focused engines out there, right now. In fact, it’s my default search engine on everything.
Their whole model is based around not tracking you. The DuckDuckGo privacy policy states they do not track you or collect your information. Period. When you use DDG, they do not send information to the websites you visit about where you came from, unlike the big name search engines. Whether you’re in private browsing or not, DDG does not track your searches. Since they don’t gather information on you, every user gets the same search results for a given query, not “personalized” results based on information they’ve gathered on you. There’s a reason The Tor Project built it into the Tor Browser as the default search engine.
One of the coolest things about DuckDuckGO is their “bang” feature. Bangs are special search commands that allow you to enter a query in DDG and get results from another search engine. For example, entering a query like, “Quiet Red Media” will give you results for that query on DDG, but entering, “!s Quiet Red Media” will search that query on StartPage. It’s a neat feature that nixes the step of browsing to another search engine. The amount of bangs they have is impressive and includes normal search engines, as well as sites like Amazon or eBay. The list is still growing, and you can find a repository of all the bangs they currently have, here.
All in all, DuckDuckGo is a great engine with great features, and the fact that they don’t track a move you make is just one more reason to use it.
StartPage is another search engine that delivers on the privacy. Sometimes you just need the robust results that Google can offer but don’t want to be tracked to hell and back. Fear not, because you can have your cake and eat it too, with StartPage. StartPage is a private search engine that uses Google search results. When you search with StartPage, it sends the query to Google and returns the results to you, without you ever having to interact with or be exposed to the tech titan.
I’ll admit, sometimes DuckDuckGO just doesn’t quite have what I’m looking for. In that case, StartPage is a perfect option. How can you go wrong with Google’s search results sans the whole… spying thing? As if that weren’t enough, StartPage also has a nifty proxy service built in. It doesn’t just refrain from tracking you, it actually puts your traffic through a proxy service to protect you from the sites you visit. It also supports SSL encryption to their servers to further protect your information from prying eyes. They even go so far as to have a URL generator that you can use, instead of storing a cookie. Kudos, StartPage.
Searx is an open source, privacy-focused metasearch engine. If you’re unfamiliar with what a metasearch engine is, it’s just an aggregator. Searx uses the search results of other engines when you search. It’s no ordinary metasearch, though. Searx allows you to choose what engines to pull your results from, and it has a pool of over 70 to choose from. Searx doesn’t share your information with the aggregated engines, does not store information about your searches, blocks cookies, and provides a proxy service for your queries that allows you to access a cached or proxied version of a website, instead of the live site. It also has an HTTPS enforcer.
Since it’s open source, you can even run your own Searx server, providing that much more piece of mind. In fact, there are many Searx instances you can access (found here).
Tools
Open Source – Free products are open source; premium is not
Platforms – Windows/Mac/Android/iOS
AdGuard is a suite of software that provides ad blocking and privacy features on a variety of platforms. The nice thing about it (specifically the desktop version) is that it’s not just for your browser. AdGuard is a separate application that provides ad blocking for your whole machine. This means if a browser doesn’t support it, have a plugin for it, or you just want to free up browser memory, AdGuard can do the job for you.
Open Source - No
Platforms - Windows/Mac/Android
CCleaner is a handy freeware program that can scrub your machine of unnecessary files, such as temporary internet files, file history, log files and other junk. It also gets rid of temp files by third party stuff. Notably, it can help get rid of “super cookies” that aren’t included in normal cache purging by your browser. It works well and is quite full-featured for a freeware program.
Full disclosure, they had a malware scare not long ago and distributed a tainted version, so take that for what you will and make sure you keep up on updates. ALWAYS UPDATE! I will say they reacted quickly and redistributed with a fixed version. If your unsure about third party applications, in this particular case, you should at least use the inbuilt disk cleaner on your OS. Either way, I wouldn’t suggest buying one. CCleaner’s free version is plenty good and gets rid of more junk than the Windows disk cleanup.
Tips
Change your default search engine to DuckDuckGo or StartPage.
Set your browser to launch in private browsing mode.
Set your browser to automatically purge cache and history when tabs and/or the browser is closed. Don’t save passwords and other information in your browser.
Make sure your browser is always updated to the most recent version. Turn on automatic updates, if it’s not already on.
Never enter sensitive information, such as credit card details, passwords, or even your birthday on sites that aren’t secure. Secure sites will have “https” in the beginning of the URL and most browsers have a visual indication, such as a green lock to indicate a secure connection. Remember, “https”, not “http”.
Choose an open source browser. Why? Because software that is open source has it’s code publicly available, which means it can be audited and reviewed by anyone. This helps the public call out shady back doors or questionable software builds.
Let me reiterate how important keeping your software up to date is. You should do this with everything. If something is out of date, it could have vulnerabilities that can be exploited. Although, I will say this: I narrowly avoided the tainted CCleaner distribution because I had lapsed on updating on that particular version. Umm… but, still, that’s not the norm. You should still make sure everything is updated. If you’re nervous about it, wait a little bit for it to circulate and see if you’re in the clear.
Don’t overdue it with the tools and plugins. Having the wrong setup can cause conflicts and you’ll end up shooting yourself in the foot. In the end, it’s up to each person to find the right combination for their needs.
Conclusion
Well… (sigh). That’s a lot to take in, I know. If you take the reigns of this stuff, though, you’ll be much safer and better off for it. Remember, you’ve always got to do your part to keep yourself in the good graces of the digital monster we know as the internet.
As I’ve said before, no one product or tool will do the trick for you. You’re gonna need an armory. Everyone has to do their part to keep up good security and privacy practices, on top of being well equipped. Hopefully these things give you a good idea of where to start padding those walls.
If you need anything else… just don’t need anything else. I’m napping!