We implicitly trust our browsers every time we go online, but sadly that trust is often misplaced. When you visit websites in the comfort of your own home, you don’t want or expect details of your activities to be collected, shared and used to build a profile of your interests, so you can be targeted with adverts. But that’s exactly what happens if you use Chrome or Edge. Read our STOP USING BROWSERS THAT TRACK YOU.
Table of Contents
- WHAT YOU CAN DO
- FIVE WAYS CHROME AND EDGE TRACK YOU
- FIVE BEST PRIVATE BROWSERS TO USE INSTEAD
- DO OPERA & VIVALDI TRACK YOU ONLINE?
- Browser privacy features compared
The two most popular PC browsers, with three billion and 300 million users respectively, are also the worst for tracking you online and gathering your data. This is claimed to be for your own good – to ensure you see relevant content and recommendations, and to improve the quality and performance of Google and Microsoft products and services – but we all know it’s about making money.
Thankfully, there are now plenty of browsers that actually respect your privacy, and make protecting your data as important as loading web pages properly. These programs typically fund their development via donations and optional paid-for features, rather than personalised ads based on your web activities.
Although these private browsers have the same goal, their features and settings – and the level of anonymity they promise – vary greatly. Here, we recommend the five best browsers for different privacy purposes, and explain why they’re all preferable to Chrome and Edge.
WHAT YOU CAN DO
• Browse the web without your data being collected
• Block ads and trackers without installing an extension
• Instantly delete all traces of your online activities
- TNR earns Amazon affiliate commissions from qualifying purchases. You can support the site directly via Paypal donations ☕. Thank you!
• Conceal your location and identity
• Block ads in YouTube videos
• Hide cookie consent pop-ups automatically
• Tweak your browser’s settings for maximum privacy
• Stop your ISP seeing which sites you visit
FIVE WAYS CHROME AND EDGE TRACK YOU
1 They target you with personalised ads
Google and Microsoft use their browsers to collect data about your interests and online behaviour, so they can target you with personalised adverts. These ads are then displayed on websites by the companies’ respective advertising networks, as well as in the Google and Bing search engines.
Microsoft admits in one of its support pages (www.snipca.com/47650) that “we’ll collect and use your browsing activity from within Microsoft Edge to personalise advertising, recommendations and experiences”. The information it gathers includes details of websites you’ve visited and saved to your Favourites, and how you use the browser – for example, the times of day you go online and the devices you browse on.
To limit this data collection, which is enabled by default, click the three-dot menu button in Edge’s top-right corner and choose Settings, then ‘Privacy, search and services’. Scroll down to ‘Personalisation and advertising’ and switch off the option ‘Allow Microsoft to save your browsing activity…’ (see screenshot top right). However, this won’t stop you seeing ads altogether (see next section).
This is supposed to be more private than using cookies, because it groups you with other users who share similar interests rather than assigning you a unique identifier, but it still means Google is prying into your internet activities.
You may have seen a pop-up message about ‘Enhanced ad privacy in Chrome’ when you updated the browser, and inadvertently activated the new system. Or you may be concerned that Google has enabled it without your knowledge, which means you’ll be targeted by both the old and new ad-tracking methods.
To check, click the three-dot menu button and choose Settings then ‘Privacy and security’. Select ‘Ads privacy’ and ensure all three options are switched off – at least until there’s more transparency about how the new system works.
The options are ‘Ad topics’ (see screenshot below left), which displays personalised ads based on websites in your recent browsing history; ‘Site-suggested ads’, which lets sites show ads based on your activity on them’; and ‘Ad measurement’, which allows sites and advertisers to monitor the performance of their ads, such as the time of day you see them.
2 Their built-in ad blockers are ineffective
Because Google and Microsoft make so much money from personalised ads, their browsers’ built-in ad-blockers are notoriously ineffective and deliberately tucked away.
In Chrome, you need to go to Settings, then ‘Privacy and security’ and select ‘Site settings’ then ‘Additional content settings’. Scroll down to find the ‘Intrusive ads’ option, which lets you block adverts on sites “known to show intrusive or misleading ads” (see screenshot above right) – but not other ads.
In Edge, the same option is buried in the ‘Cookies and site permissions’ section of the browser’s Settings. You can boost its ad-blocking capabilities by going to ‘Privacy, search and services’ and switching ‘Tracking prevention’ to Strict, but even this claims only that ads “will likely have minimal personalisation”.
The only way to block all annoying ads in Chrome and Edge is to install a dedicated extension such as uBlock Origin (www.snipca.com/47086). As we’ll explain later, the best private browsers have powerful ad blockers enabled by default, so you don’t need a third-party tool. Sadly, Google is planning to make ad blockers less reliable in Chrome and other Chromium browsers by forcing extension developers to use its new Manifest V3 system, from early next year. We wrote about this problem in our ‘Switch your ad blocker’ feature (page 62, Issue 664) – buy a back issue from www.snipca.com/47347.
3 They provide poor tracking protection
Google and Microsoft claim that Chrome and Edge protect your privacy online by blocking third-party trackers that follow you around the web. But in truth, their built-in tracking protection falls far short of that offered by rival browsers, as we’ll explain later.
Chrome is particularly poor at dealing with trackers, perhaps because Google tools such as its Analytics service – which analyses website traffic – depend on them. Currently, there’s a ‘Block third-party cookies’ option in the ‘Privacy and security’ section of the browser’s Settings, but this is disabled by default.
As we mentioned earlier, Google intends to phase out cookies in Chrome by the end of 2024, in favour of its new ‘Ads privacy’ system, so it’s unlikely to pay much more attention to them.
Instead, it’s testing an experiment called ‘Tracking protection’ in the browser’s Canary build (aimed at developers) – see www.snipca.com/47656. This is reportedly just a new name for the cookie-blocking option, rather than an improved feature, and privacy-conscious users may regard it as too little, too late.
Edge makes more effort with its own ‘Tracking prevention’ feature, which can be set to Strict mode (1 in our screenshot above right) to block “a majority of trackers from all sites” including “known harmful trackers”. But when you click the option to see a list of blocked trackers 2, you may discover that it hasn’t blocked very many.
As well as collecting your personal data to target you with ads, Google and Microsoft use their browsers to gather diagnostic information to improve their products and services.
Even if you don’t use Chrome’s Sync feature, which saves your bookmarks, browsing history, passwords and contact details to Google’s servers, the browser shares other data in the background. This includes ‘usage statistics and crash reports’, the details of URLs you visit – to “make searches and browsing better” – and search queries you type in the address bar. You can disable these options in the ‘You and Google’ section of the browser’s Settings (1 in our screenshot below), but for privacy’s sake they shouldn’t be enabled in the first place.
Edge also collects details of your web searches, along with ‘optional diagnostic data’. To turn off the latter, open the Settings app in Windows 10 or 11 and select Privacy, then ‘Diagnostics & feedback’. Switch from ‘Optional diagnostic data’, which sends Microsoft “info about websites you browse”, to only ‘Required diagnostic data’.
More worryingly, last year it was reported that the enhanced spell-check features in Chrome and Edge were sharing form information with their parent companies (www.snipca.com/44067), including users’ names, home addresses, email addresses, dates of birth and payment details.
To stop this happening, disable ‘Enhanced spell check’ 2 in Chrome’s ‘You and Google’ section and ‘Enable grammar and spellcheck assistance’ in the Languages section of Edge’s Settings.
Also remember that although Chrome’s Incognito mode stops the browser storing details of what you search for and the sites you visit, the information is still shared with Google. The only way to prevent this is to switch to a more private browser (even Edge doesn’t collect your data in its InPrivate mode).
5 They suffer frequent security flaws
All web browsers are susceptible to privacy and security flaws, such as the WEBP problem we wrote about in Issue 667 (page 6), but Chrome and Edge are by far the worst offenders.
So far this year, Google has rushed to address at least four serious ‘zero-day’ vulnerabilities in Chrome (software security flaws exploited by attackers before developers know about them), and in August it changed to a weekly schedule for security fixes (www.snipca.com/47655). Although we commend its vigilance, perhaps Google should do a more thorough job of checking Chrome for bugs before it releases a new version.
Edge has suffered its own security and privacy problems this year, with version 115 alone requiring 14 separate fixes (though this was still six fewer than Chrome 115).
In April, it was discovered that the browser’s Follow Creator feature, which works like an RSS feed reader, was sending details of every site users visited in Edge to Microsoft’s Bing search engine. The issue has since been solved, but to be on the safe side you should disable the option in Edge’s Settings. In the ‘Privacy, search and services’ section, scroll down to Services and switch off ‘Show suggestions to follow creators in Microsoft Edge’ (see screenshot above).
Other Chromium-based browsers may suffer some of the same vulnerabilities as Chrome and Edge, but the popularity of the Google and Microsoft programs makes them a more lucrative target for hackers. It’s therefore essential to keep both up to date, by choosing About Google Chrome or About Microsoft Edge in the Help section of their main menus.
FIVE BEST PRIVATE BROWSERS TO USE INSTEAD
BEST FOR ALL-ROUND PRIVACY
What we like
Although Brave is based on the same Chromium code as Chrome and Edge, it’s been built “from the ground up” with privacy in mind. This means that while you still have access to familiar browser features such as tabs, bookmarks, extensions and a password manager, Brave will never track you or collect your private data, and protects you against everything that does.
From the moment you install Brave, its powerful Shields system blocks “the creepy stuff that tries to track you across the web”. By default, Shields provides aggressive blocking of trackers and ads (1 in our screenshot above right), cookies that follow you from one site to another, and fingerprinting, which allows websites to identify you from the device and software you’re using.
Click the lion-head logo to the right of the browser’s address bar 2 to open the Shields panel and switch the feature off (for example, if you have trouble loading a site) and back on. You can adjust individual ‘shields’ by clicking the arrow next to ‘Advanced controls’, and selecting the desired level of protection in their dropdown menus.
Brave recently added a useful option called ‘Forget by Default’, which prevents websites from remembering you visited them. It works by logging you out and deleting all cookies and other stored data when you close a site’s tab(s), so it can’t identify you on your next visit. To activate the feature, click the Shields button, open ‘Advanced controls’ and switch on the option ‘Forget me when I close this site’ 3. Remember to turn it off when you want to stay signed into a site.
Although you can use ‘Forget by Default’ instead of Brave’s private-browsing mode, the latter goes much further than in other browsers by letting you access the web through the Tor network. This not only conceals your browsing history, but also hides your IP address from sites you visit, so no one can see where you are. Press Alt+Shift+N to open a private Tor window or click the menu button and choose ‘New private window with Tor’.
As we mention in our Browser Tips section (page 43), Brave now blocks cookie-consent pop-ups automatically, using one of its many content filters. These are built into its Shields, so – unlike other browsers – you don’t need to install an extension to block ads, trackers and other online annoyances. Best of all, Brave blocks ads in YouTube videos by default, and (as also mentioned on page 43), has just been updated to keep up with the site’s latest changes.
See our Workshop below to find out how to customise Brave’s privacy settings for maximum protection.
What we don’t like
Brave’s New Tab dashboard, which tells you how many trackers and ads it’s blocked, includes an unnecessary news feed, though this is easy to remove by clicking Customise and disabling Brave News. Also annoying are the toolbar and sidebar buttons for the cryptocurrency feature Brave Wallet; the company’s Brave Rewards system, which lets you support content creators by watching ‘privacyrespecting’ ads; and the browser’s paid-for VPN, which costs £ a month after a seven-day free trial. Happily, you can hide these options by right-clicking their buttons and choosing Hide or Remove. They certainly don’t affect Brave’s status as the best private browser.
BEST FOR TOTAL ANONYMITY
What we like
Although Brave’s private-browsing mode lets you access websites through Tor, it doesn’t offer the total anonymity of the Tor Browser – Brave itself recommends that “if your personal safety depends on remaining anonymous, use the Tor Browser instead”.
It’s based on Firefox code, rather than Chromium, and redirects your internet connection through a series of global ‘relays’. This encrypted ‘circuit’ prevents websites, hackers, government agencies and other snoopers from seeing where you are and what you do online.
The browser functions in permanent private-browsing mode, which means it automatically deletes cookies, site data and your internet history when you close it, leaving no trace of your activities. Unlike a VPN, Tor Browser has no central service you need to trust, and there’s no risk of your data being shared with third parties for advertising purposes.
Earlier this year, Tor Browser updated its ‘circuits’ feature to make it easier to check the security of your connection. Click the new Tor Circuit button to the left of the address bar (1 in our screenshot above right) to see the locations and IP addresses of the three relays your internet traffic is being sent through. If you suspect your privacy has been compromised, click ‘New Tor circuit for this site’.
What we don’t like
Because Tor redirects your connection around the world, it significantly slows your browsing and its blocking of scripts and automatic deletion of cookies can make sites frustrating to use.
There are also concerns about the so-called dark web, which Tor allows access to, but you needn’t worry – to access a dark site, you need to enter a 56-character onion address, so you won’t accidentally stumble across anything illegal. Besides, many reputable websites, including the BBC, Guardian and the New York Times, have onion sites to help their visitors beat censorship and surveillance. Tor Browser will tell you when a ‘.onion’ version is available 3.
BEST FOR SIMPLICITY
What we like
Star of our Cover Feature in Issue 662 (buy a back issue from www.snipca.com/47139), DuckDuckGo’s new private browser is still in beta but it’s already a strong rival to Brave and even easier to use. There are few settings to configure and no ‘modes’ to apply – it just blocks ads and trackers automatically, to give you instant peace of mind about your online privacy.
The browser benefits from a system called 3rd-Party Tracker Loading Protection, which prevents hidden trackers from loading in the background, before they have the chance to collect your data. Whereas some browsers merely restrict what trackers can do once loaded, DuckDuckGo uses a constantly updated list of known trackers to identify and block their requests.
Our favourite feature is the Fire button (1 in our screenshot below left), which deletes all your browsing data with a single click, including cookies, cached images, file downloads, permissions you’ve granted and details of the sites you’ve visited. The browser also integrates DuckDuckGo’s Email Protection 2, which protects your inbox from spammers and scammers by letting you sign up with websites using a ‘.@duck.com’ forwarding email address.
Other options include blocking cookie-consent pop-ups, and DuckPlayer, which lets you watch YouTube videos without your viewing habits being tracked.
What we don’t like
The most glaring omission in DuckDuckGo’s browser is support for extensions. This means you can’t boost your privacy with tools such as uBlock Origin and Privacy Badger (https://privacybadger.org), if you find some ads and annoyances are slipping through. For example, YouTube’s latest changes may mean you see ads when playing videos in the Duck Player, and while Brave and uBlock Origin have been updated to address these, DuckDuckGo hasn’t.
The company says that extensions are “coming soon”, and part of the appeal of the browser is that you don’t need to install any to block ads and trackers. But add-ons are for customising your browser as well as privacy, so we hope they’ll be supported in the first stable version.
Additionally, while you can enable DuckDuckGo’s Global Privacy Control (GPC) option to ask websites not to sell or share your data, they’re under no obligation to comply.
BEST FOR TRACKING PROTECTION
What we like
Unlike Brave and Tor Browser, Firefox isn’t promoted as a private browser, but it’s much more trustworthy than Chrome and Edge. Mozilla is constantly refining and improving the browser’s protection against online tracking, and – because it’s a non-profit organisation – it doesn’t try to earn advertising revenue from your browsing data like Google and Microsoft. Additionally, by using its own Gecko browser engine, Firefox isn’t affected by vulnerabilities in Chromium code (though it’s not immune to security flaws).
At the heart of Firefox’s ‘Privacy & Security’ settings is its excellent Enhanced Tracking Protection, which is more reliable and customisable than other browsers’ equivalent features. Even the default Standard mode (1 in our screenshot below) protects you against most hidden trackers and fingerprinting, and earlier this year it added Total Cookie Protection.
Previously limited to Strict mode, this isolates website cookies so they can’t follow you to other sites and track your activity there. You can block more trackers and cookies by switching to Strict or Custom mode 2, but Standard is less likely to stop sites displaying content properly.
Other useful privacy options include Cookie Banner Reduction, which rejects and closes cookie-consent requests on “supported sites”, and an ‘Enable secure DNS’ setting that tells Firefox to only use secure DNS servers.
What we don’t like
Unlike Brave and DuckDuckGo, Firefox doesn’t have a built-in ad blocker. Its Strict mode blocks some ads, but leaves big gaps where they should be, so you’re better off installing uBlock Origin.
More annoying is that Mozilla now shows its own ads – called ‘sponsored shortcuts’ – in Firefox to support the development of the browser. These appear on your New Tab page, along with suggested stories from Pocket. To remove them, go to Settings, then Home and untick the ‘Sponsored shortcuts’ and ‘Recommended by Pocket’ options.
You can also stop Firefox sharing diagnostic data with Mozilla, which may include your IP address. On the ‘Privacy & Security’ tab, scroll down to the ‘Firefox Data Collection and Use’ section and untick all the options.
BEST FOR USING WITH A VPN
What we like
Launched earlier this year, Mullvad Browser is a collaboration between VPN provider Mullvad VPN and the Tor Project, the non-profit organisation behind Tor Browser (see page 55). It offers some of the privacy benefits of that 1 browser (and is also based on Firefox) but without its slow, circuitous way of connecting to the internet and access to ‘dark’ websites.
These benefits include the same three security levels – Standard, Safer and Safest – and the ability to reset your identity to disassociate your previous browsing activity from what you plan to do next. Click the New Identity brush icon (1 in our screenshot above) on the toolbar to wipe all session data, restart the browser and start afresh.
One big difference is that Mullvad Browser comes with the powerful content blocker uBlock Origin installed 2. This means you’re protected against ads, trackers and other intrusions from the outset, and you can install further extensions from the Mozilla Add-ons store.
Mullvad Browser has been designed to work in tandem with a VPN, to keep you totally anonymous online. This means you won’t experience any connection errors or slowdown when you’re pretending to be in a different country. You can use any VPN, not just the company’s own Mullvad VPN, which costs £ a month.
What we don’t like
Although Mullvad Browser blocks fingerprinting and uses private-browsing mode by default, if you use it without a VPN you won’t be anonymous online. Websites will be able to see your IP address and your ISP will know which sites you visit – unlike Brave and Firefox, there’s no ‘secure DNS’ option.
Also, although you can use the browser with VPNs other than Mullvad VPN, it’s – perhaps unsurprisingly – tailored to that service. It comes with an extension for “improving your Mullvad VPN experience” and its choice of default search engines is limited to DuckDuckGo and the company’s own Mullvad Leta tool – which requires Mullvad VPN.
DO OPERA & VIVALDI TRACK YOU ONLINE?
If you’re a fan of Opera or Vivaldi, you may wonder why we haven’t recommended them as private alternatives to Chrome and Edge. The reason is that while both browsers have impressive privacy features, they simply can’t compete with our five main choices.
Opera (www.opera.com) is one of the few browsers to offer a free, built-in VPN (you need to pay for the one in Brave), which gives you access to randomly selected servers in the Americas, Asia and Europe. This is really a proxy because it only encrypts data within the browser – you can protect your whole device by upgrading to Opera VPN Pro for £ a month – but it’s still an effective way to disguise your location and activities.
In contrast, Vivaldi (https://vivaldi.com) – which was originally based on Opera – respects your privacy and doesn’t collect or share your data. It has a built-in content blocker, though it’s easy to miss this feature among the browser’s buttonstuffed toolbars. Click the shield icon at the beginning of the address bar and you’ll see the option to ‘Block Trackers and Ads’ (1 in our screenshot above). Click ‘Show privacy statistics’ 2 to see how many trackers and ads Vivaldi has blocked.
What lets the browser down are the sponsored ‘bookmarks’ – essentially ads – on its Speed Dial page. Although you can remove these tiles by clicking Delete in their top-right corners, they reappear every time you update Vivaldi, and are for sites such as YouTube, Amazon and eBay, which are known to track users. The bookmarks help to support the browser’s development, but it’s a shame there’s no way to permanently hide them.