Why Your Browser Matters — Tips for More Secure Browsing
By Cody Shultz and Alec Harris
It’s amazing to think that, for the most part, the internet is free to use and explore. Even more amazing is that the programs that allow you to browse the internet, understandably called “browsers,” are also free. But as the adage goes, if the product is free, then you are the product. Browsers are a revenue generating machine for the tech companies behind them and there are many opinions about which browser is best. There are several privacy-focused browsers as well as several that are used just because it’s the default application on a device.
Users should understand that browsers leave traces as they navigate the internet. Any site with an IP logger will collect what is referred to as the “browser fingerprint” for any given session. The browser fingerprint reveals a trove of metadata about the browser including the screen size, time zone, operating system, plug in details, fonts, browser version etc. See full IP logging capabilities and test your browser here at https://coveryourtracks.eff.org.
It’s difficult to argue that any browser is more secure than Google Chrome. The browser is built on the Google-sponsored open-source code base, Chromium, and benefits from consistent patching and updates. Because of its expansive userbase (over 60% market share[1]) Chrome exploits sell for significantly more than other browser exploits. Security, however, does not always equal privacy, and in the case of Google products, this is especially true. Google, or more accurately its parent company Alphabet, is first and foremost an advertising company. CNBC reported in May 2021 that “Google’s main business is online advertising. More than 80% of Alphabet’s revenue comes from Google ads, which generated $147 billion in revenue last year.”[2] Remember that even if you have configured your Google product for privacy, this doesn’t always mean it does what it says: “An Associated Press investigation found that many Google services on Android devices and iPhones store your location data even if you’ve used a privacy setting that says it will prevent Google from doing so.”[3]
There are three primary options when it comes to privacy-focused browsers: Mozilla’s Firefox, the largest by volume of users, and two lesser well-known options, Brave and Epic. Brave, built on Chromium, offers a user empowering AdTech marketplace through its native cryptocurrency “Basic Attention Token” which rewards users for their clicks and views. However, in 2020, Brave was caught redirecting users through paid affiliate links, which isn’t worse than what Google does, but it is antithetical to their privacy ethos.[4]
Epic, meanwhile, is a low-budget, privacy-centric browser also built on Chromium. Epic’s approach is that all privacy settings should be native to the browser and “on” by default. Curiously, their code is only quasi open source. If you read the fine print, Epic says “We love open source software and Epic is built on open source Chromium. If you would like to audit any files, please let us know.”[5] If that raises an eyebrow, it should Epic doesn’t directly claim it is open source if you take the time to analyze what that answer truly says. A casual reader of their FAQs (and how many could that possibly be?) may be led to believe otherwise. Saying you’ll show us if we ask is not the same thing as open source. They also admit to being funded by “search partners.”[6] There is another name for search partners…advertisers.
Firefox may then sound like the best option, but more accurately, it has the potential, to be the best option Unlike Epic, Firefox is truly open source and anyone can download and inspect the repositories. [7] Firefox is the power user’s browser; almost everything is configurable.
As mentioned earlier, your browser fingerprint becomes more and more unique the more you customize your browser, Firefox or otherwise. Too many plug-ins and you become easily identifiable, too few and you’re giving away your data. We encourage everyone to do their independent research into the various plug-ins available, but below are some suggested options for Firefox.
· Firefox Multi Account Containers — keeps each tab isolated from referrers and cross-application tracking
· User Agent Switcher & Manager — allows you to pick any browser, any operating system, and version thereof to spoof your browser agent string so that websites can’t tell what you are running
· uBlock Origin — blocker for filtering ads as well as other unwanted content like malware
· TrackMeNot — disinformation tool which runs random word searches in the background creating noise around your actual searches
· HTTPS Everywhere — automatically engages HTTPS encryption
· DuckDuckGo Privacy Essentials — contains a suite of privacy functions and it rates sites you visit based on their privacy profile
· Your password manager of choice’s plug in. It just makes life easier.
In addition to the above, be sure to engage the correct Firefox settings in the “Privacy & Security” section:
· Enhanced Tracking Protection — Strict
· Send websites “Do Not Track” –Always
· History –Never remember history (this is less user friendly, but give it a try)
· Permissions — Check all settings to make sure nothing has access to something it doesn’t need. Pay close attention to Location, Camera, & Microphone.
· Firefox Data Collection & User — Unselect all
· Deceptive Content — Select all
Lastly, under the “Search” section in Settings, select DuckDuckGo as your default search engine. At this point it’s so good you won’t miss Google, and its much more privacy focused.
While not a panacea, taking the above steps will set you up for privacy and security success. Just remember, the browser is your window to the internet, not a one-way mirror, so proceed with caution. It’s not all cat memes out there.
[1] https://gs.statcounter.com/browser-market-share#monthly-202103-202103-bar
[2] https://www.cnbc.com/2021/05/18/how-does-google-make-money-advertising-business-breakdown-.html#:~:text=But%20Google's%20main%20business%20is,billion%20in%20revenue%20last%20year.
[3] https://apnews.com/article/north-america-science-technology-business-ap-top-news-828aefab64d4411bac257a07c1af0ecb
[4] https://www.pcmag.com/news/brave-browser-caught-redirecting-users-through-affiliate-links
[5] https://epicbrowser.com/FAQ.html
