This website is secure, but is your browser? Do you know what difference it makes if you read this page in Chrome, Edge, or Firefox? With new browsers to choose from, like Brave, what are the most secure browsers in 2019? And does TOR Browser really allow you to browse anonymously?
We’ll answer these questions and others in this 2019 updated list of the best secure browsers.
Basic Security Overview
When you visit a website, the first thing you’ll want to observe is whether or not the connection between you and that website is secure. A secure website uses HTTPS and SSL/TLS (a way to encrypt and protect the data sent to and from the website), which is indicated by a small, locked padlock icon in the web address area, and often by a green-highlighted area that indicates the full name of the website.
If the website is not secure (if you see http:// instead of https://), then other computers on your local network and every “hop” along the path of servers between you and the website can eavesdrop on everything sent and received.
Additionally, even when a connection is secured by HTTPS, other computers on your local network and every “hop” along the path can still see the root domain of what websites you’re visiting. For instance, with HTTPS, they won’t be able to see what videos you watched, but they can still detect that you went to YOUTUBE.COM.
To prevent this, you can use a VPN, like Express VPN or Nord VPN. Your VPN will still be able to see what domains you went to, but that’s why it’s important to choose a VPN that you trust not to track you or save detailed logs. Also, VPNs hide your true IP address from the websites you visit. This is important, because your true IP address rarely changes and it can be used like a unique identifier across the internet.
If you don’t want even your VPN to know which sites you visit, you can learn about and use TOR for truly anonymous browsing. TOR (“The Onion Router”) uses a multi-layered approach, like envelopes stuck inside envelopes, or like layers of an onion, where no “hop” along the route to the website server knows both your location and the website destination – in theory.
As a result, your browsing is slowed down, but trust isn’t required. The only trust required is that the random-selection TOR relays (“nodes”) aren’t sophisticated malicious actors and that the entire TOR network is sufficiently broad as to prevent some very large actor (like the NSA) from watching all points of entry and exit.
Finally, in addition to your IP address, many websites attempt to collect detailed information about your browser in an effort to create a “digital footprint” that can be used to track you from one site to another even when you use other privacy features.
The Best Secure Browsers
Edge is Microsoft’s default browser for Windows 10 and was written from the ground up after Microsoft finally admitted that browsing the Internet with Internet Explorer was not only a bad user experience, but dangerous.
Microsoft’s Edge offers very few privacy features, and it includes a lot of privacy leaks. It’s not recommended for use in private browsing, but we include it here so you can know that we didn’t just skip over it.
The good – Edge is not Internet Explorer; you won’t get infected just by visiting and getting tricked into installing an ActiveX control that can take over your system. Edge also includes an “InPrivate” browsing mode that doesn’t keep track of your history. If your reasons for private browsing only extend to covering your tracks from others in your household, Edge will suffice.
The bad – Like the other leading browsers, out of the box, Edge won’t protect your privacy from your employer, your ISP, or while using a wireless hotspot. You can, however, add VPN extensions to prevent this.
The worse – The default configurations will send every website you visit, and everything you type into the address bar, to Microsoft. This is necessary to use Microsoft’s “SmartScreen” feature (which tries to block access to malicious sites and downloads) and Bing search suggestions. Even beyond these features, Edge closely integrates with Windows 10 and Cortana, which collects other information from you and saves it to your Microsoft account and may be exposed through Windows 10’s new “Timeline” feature.
Conclusion – The odds are you already have Edge, and if your threat model is a snooping family member, it will probably get the job done, but there are better browsers overall, so why risk letting Microsoft collect all your private data?
As a side note, Microsoft is currently redesigning Edge from the ground up, again. But the new Edge, based on Chromium and with no target date for release, will likely still have the same privacy implications, as Microsoft will continue to include their SmartScreen, Bing search suggestions, and Timeline integration in the new browser.
Google’s Chrome is the Internet’s most used browser, even though it only comes pre-installed on a relatively small number of devices. That fact alone speaks to Google’s ability to drive user behavior towards their desired outcomes. Put another way, Google has the demonstrated ability to influence user thoughts and behaviors through targeted advertising. How does Google do this? They do this through immense data collection – including data collection from users using Chrome as their standard browser.
The good – Google Chrome is a powerful browser capable of many advanced browser features. It’s fast and relatively easy to use. It’s the Internet Explorer of the late 90s. Virtually all websites will look as intended when viewed in Chrome, and almost all of them will work without needing any sort of special plugin or extension.
The bad – Like Microsoft’s Edge sends information back to Microsoft, Google’s Chrome does the same for Google. Unlike Edge, Google’s Chrome does this in a number of ways and places. The most data intensive way that Google collects this information is through having users sign into the Chrome browser itself and then syncing browsing information with Google’s servers.
Google also attempts to collect data from you if you mistype a web address or if the browser crashes, as well as from general usage patterns. Google’s Chrome also has a “Safe Browsing” feature that works similar to Microsoft’s SmartScreen. Safe Browsing uses a local list of malicious sites, but it still communicates back to Google from time to time if the site you visit happens to be on the list, and they leave open the possibility that other “page content” will be sent to Google for checking.
The worse – Possibly the most intrusive way that Google Chrome collects your data and sends it to Google is the spell checker built in to Chrome. The built-in spell checker sends everything you type in Chrome back to Google. Let me say that again: The built-in spell check will send Google a copy of every Facebook post, ever Tweet, every private chat, every email you type to Google. In theory, this communication is very secure and only Google can see it, but do you really want to enable a “feature” that leaks everything you type in the browser to a third party?
Google’s response – Google knows they collect a lot of data and they try to make promises on how they will and won’t use it, but it takes a lot of trust. For instance, they promise not to store everything you type when they check its spelling.
On the other hand, Google admits that they use your browsing history, contacts, open tabs, and all the other information synced into your Google account. (If that sounds like a lot of data – it is, and Google Chrome aggressively tries to encourage users to sign in and sync their data; so aggressively in fact, that unless you carefully read and click, it’s very likely that you will end up syncing your private browsing data with Google’s servers without even realizing it.) Google uses that information to target you with advertising and to build Google’s overall understanding of user behavior as a whole.
Additionally – As Google’s Chrome is the Internet Explorer of the modern internet, it’s most-often used for advanced features like teleconferencing and real-time communication. Underlying those features is a technology called WebRTC, which has serious privacy shortcoming that can allow a website to learn detailed information about your computer using WebRTC calls and WebRTC leaks.
For instance, even if you are browsing over a secure VPN connection, WebRTC leaks can allow the website you’re visiting to learn your true IP address and even your local network address. These problems can be somewhat mitigated by using the popular ad-blocking extension uBlock Origin and finding the option to block WebRTC in its privacy settings.
Conclusion – If you use Google Chrome, install uBlock Origin, open an Incognito window, and use a good VPN, you’re relatively safe. This degree of privacy will suffice for the majority of users’ threat models. But be aware that Google will learn virtually everything about you whenever browse in a regular Chrome window, while signed in to the browser.
Like Edge, Safari is the default browser on many machines, and on even more smartphones. Also like Edge, it’s not the most robust of browsers, but unlike Edge and Microsoft, Apple has a reputation respecting privacy.
The good – Safari is a standards-compatible, efficient browser that has few security concerns. It has built in social website tracker blocking and extensions can be installed to block even more. Further, you can choose a content blocker that has no access to browsing data, which limits its functionality but that limitation also minimizes your exposure to potential malicious code.
The bad – Safari doesn’t always offer full compatibility with websites which may have been designed for Chrome or Chromium based websites. It’s an unfortunate trend, but also a current reality. But it’s bigger shortcoming is the lack of a fully-supported uBlock Origin ad-blocking extension.
Conclusion – Safari’s Private Browsing window with a VPN will be “safe enough” for most users, as Safari doesn’t phone home to Apple like Edge or Chrome do for Microsoft and Google. (Safari does use Google’s “safe browsing,” which has potential privacy implications, so users should consider turning this off.)
Brave is a new browser that has gained significant attention in 2019, and it’s one of the most secure browsers available while still remaining user-friendly.
The good – Brave is built in Chromium and as such enjoys relative parity with Google’s Chrome in terms of compatibility and built in feature, but it doesn’t include any of Google’s data harvesting. And even without Google’s servers, Brave still allows for some syncing between browsers (just bookmarks for now, but more coming), using private data encrypted using blockchain technology.
The really good – Brave includes a built in ad-blocking and a built in TOR browser, which allows for a very user-friendly approach to true anonymity.
The bad – Like Chrome, Brave includes full WebRTC support, which can leak private data, so users will want to install uBlock Origin to mitigate this data leak.
Firefox is the gold-standard of open-source browsers. Instead of being built by Internet giants for corporate reasons, it’s built by a non-profit organization for the sake an open Internet.
The good – Firefox has all the privacy protecting features you’d expect built in, including basic advertising and tracker blocking. Privacy focused at its core, Firefox also allows you to clear your history and cache every time your quit the browser, automatically.
The really good – There is a strong community security and privacy focused individuals who develop extensions first and foremost for Firefox, so by installing extensions like Tor, uBlock Origin, HTTPS everywhere, and using a good VPN, you’re very safe.
Conclusion – Firefox is the browser used by those who understand security and privacy the most. While Brave may be more user friendly and a very close second in any list of best secure browsers, Firefox is the trusted and reliable browser that can fully disable WebRTC and be configured incredibly secure.
6. Tor Browser
Last on our list is a variation of Firefox – the Tor Browser. The Tor Browser is a customized version of Firefox that includes built in support for TOR, with privacy settings pre-configured for maximum security.
Use this instead of Firefox if you’re unsure that you can fully configure Firefox yourself, or if you simply want a separate browser for the most secure experience.
There’s plenty to choose from, but thankfully you can also choose them all. There’s very little harm in letting Google and Microsoft know a little bit about you by using Chrome or Edge. And Apple’s Safari is “private enough” for most use cases, if you prefer the full Apple design experience. But if you want true privacy, use Firefox or Brave, install uBlock Origin, disable or block WebRTC, use a VPN, or consider using the Tor Browser for when you don’t want to even trust your VPN.
FAQs: Frequently Asked Questions
Can you still be traced when using TOR?
Yes. The TOR “exit nodes” can see what website domains you go to, and if the website is insecure, they will be able to see everything you do on that website. Also, it’s possible that the TOR network can be compromised by a sufficiently capable “see everything” adversary like the NSA.
Is using TOR dangerous?
No. But feeling overconfident is dangerous, so know the limits of TOR and the risks associated with visiting risky websites.
How do I prevent my IP address from being tracked?
Use a VPN that allows you to change servers, or use TOR, or use both. Also, be sure to disable or block WebRTC.
Does Incognito offer anonymity while using Google Chrome?
Incognito only stops Google Chrome from recording your history on your computer. Without other protections, your history can still be recorded by your ISP, by Google’s servers, and by many IP-tracking advertisers.
Does my Internet Service Provider know what I do online?
Yes and no. With HTTPS becoming more common, the ISP is less-capable of monitoring what pages you visit on a website, but without a VPN or using TOR, your ISP will still be able to see the domains of websites you visit.