Browser Safety: Choose Your Weapon

Your web browser is your primary portal to the wild and woolly world wide web. For many people, the web browser effectively is the Internet. As such, it’s one of the most vulnerable areas of our attack surface (i.e., the sum of all the places where we might be susceptible to attack by digital bad guys). Therefore, it behooves us to choose the most formidable browser we can find, bolting on whatever extra ‘armor’ and ‘stealth’ technologies we can find.

How Do We Define a “Safe” Browser?

There are at least two primary aspects to ‘safety’ when it comes to web browsing: security and privacy. A secure browser will do whatever it can to prevent you from visiting bad web sites, warn you against entering sensitive information on insecure pages, identify sites that aren’t encrypted, and strictly enforce policies that prevent malvertising and other malicious web exploits.

However, while security is something that all browsers claim to seek, privacy is another matter entirely. Because much of the web is “free”, most web sites have turned to advertising for revenue. And unlike traditional newspaper and billboard ads from days of yore, web advertising is built on hordes and gobs of personal data. Companies like Google and Facebook collect intimate details on you in order to serve you highly targeted (and much more lucrative) ads. Data, as the say, is the new oil. In their lust for data, online advertisers have gone seriously overboard with their tracking technology, prompting many to use ad blockers. So a good web browser will help protect your privacy by severely limiting the ability of web sites and marketers to track you.

The Big Four

The four most popular browsers today are Chrome (60%), Internet Explorer/Edge (20%), Firefox (13%), and Safari (4%). It wasn’t long ago that Microsoft had a near monopoly on web browser use, but Google’s Chrome browser has come on strong and clearly holds the lead today. Internet Explorer and Edge are the default browsers on Windows PC’s and Safari is the default browser on Apple Macintosh computers. Firefox (which rose from the ashes of Netscape Navigator) is the only browser in the top four that is open source (meaning the source code is freely available for review). Firefox is made by the non-profit Mozilla Foundation, which is funded primarily by search royalties. Despite very different aesthetics, at the end of the day, all four of these browsers do basically the exact same things: they show you web pages. So how do you know which is safest?

Choose Your Weapon: Security

Let’s just get this out of the way now: it’s almost impossible to know which browser is the most secure. This is largely because all of these browsers are constantly rolling out new security-related features, fixing security-related bugs, and generally trying to claim the title of ‘most secure’. That’s a good thing – they’re competing to be the best, and so we all win. There are dedicated hacking contests to reveal bugs in browsers, but it’s hard to say whether the number of bugs found in these contests really reflect the security of the browser. How likely were bad guys to find these bugs? How severe are the bugs? What about the bugs they didn’t find? These hack-a-thons also don’t address factors like how quickly the browser maker fixes their bugs and whether the browser is smart enough to self-update (because if you don’t have the latest version, you don’t have the bug fixes). It’s really hard to compare the relative security of web browsers (see this article to understand what I mean).

However, if I had to pick a winner here, I’d probably have to choose Chrome. Google is doing some fantastic work in the realm of computer and web security. Furthermore, they’re using Chrome’s dominance to prod web sites to be more secure, as well. That said, I think Firefox and Safari are also fairly secure browsers. And you could argue that because Firefox is open-source, it can actually be audited by cybersecurity experts – unlike the other three major browsers. Ideally, this vetting leads to less bugs.

Choose Your Weapon: Privacy

Unlike security, there are significant and important differences between the four major browsers when it comes to privacy. And this (to me) is the real differentiating factor.

While Google has been a true leader in terms of security, they’re pretty much the worst in terms of privacy. They’re whole business model revolves around advertising (Google makes about 90% of its money from ads). And that leads to an enormous conflict of interest when it comes to protecting your personal data and web surfing habits. Apple has gone out of their way to basically be the anti-Google, making it a point of pride to collect as little data on their users as possible (and causing a collective freak-out by advertisers). But Firefox is also doing some great work in this area. In the coming months, Firefox will enable some wonderful anti-tracking technologies of their own.

So who’s the winner in terms of privacy? Today, I’d say it’s a toss-up between Firefox and Safari, with Chrome being dead last. Internet Explorer and Edge are somewhere in between, but with Microsoft’s recent penchant for collecting user data, I would put it closer to Chrome.

And the Winner Is…

Based on everything I’ve read, I personally choose Firefox as my main browser. No browser is 100% secure and it’s very hard for even the most erstwhile browser to completely protect your privacy. But I think Firefox, on balance, is the best of the bunch. Browsers are constantly adding new features, so I will have to revisit this periodically (and I will update this article accordingly).

That said, there is at least one reason to also have Chrome installed on your system. And we’ll talk about that below.

Beyond the Big Four

There are actually several other web browsers you might want to consider. This article covers some of them, but I’ll just mention three.

The fifth most popular browser is Opera, and many people enjoy using it. If you’re not satisfied with any on my list, you might give it a try. Opera is fast and works on both Mac and PC.

The Brave browser is an open-source browser built for privacy, with built-in ad blocking and tracking protection. However, in a move to try to acknowledge the need for ad-based revenue, it also has a mechanism to insert its own ads, which opens up a lot of issues. I would wait and see on this one.

Lastly, the Tor browser is all about privacy – in fact, it tries to achieve true anonymity (though that is extremely difficult in practice). It’s based on Firefox and builds in several kick-butt privacy tools that are too technical to sum up here. But if you really need to surf privately, you should give Tor a serious look.

Less Is More

Modern browsers all have the ability to add more functionality through plugins or add-ons. These extensions can both significantly raise and lower your level of security and privacy. So no discussion of browser security would be complete without discussing them. Let’s start with the plugins you should remove.

First and foremost, delete Adobe Flash. Flash was created years ago to enable all sorts of fun things – animations, video or audio, and online games. But Flash is horrendously buggy and mostly obsolete. So just remove it. (Note that the Chrome browser actually has Flash built-in and Google ensures that it’s up to date – so if you find a web site that requires Flash, you can use Chrome for that site… and then go back to Firefox!)

In the same vein, I would delete both Java and Silverlight plugins, if you have them. They’re buggy and mostly unnecessary.

Finally, go through all your browser plugins and just remove (or disable) any that you don’t need. Every one of those add-ons is a potential security or privacy risk.

If you later find that you do need any of these plugins, you can always just reinstall them… with the following major caveat…

DANGER! Beware Plugin Requests!

If you ever get a pop-up from a web site saying that you need some plugin in order to do something, never ever follow their link to install it!! This is an extremely common and effective way to install malware. When you see a pop-up like this, close it and then go directly to the site for this plugin and install from the source. A Google search should take you to the right place, if you don’t know where to go.

Plugins for Better Privacy and Security

The one plugin you should add to your browser to increase your security is a password manager like LastPass. Not only will a password manager help you to create strong and unique passwords for every web site, they will not be fooled by fake (“phishing”) web sites.

In terms of enhancing your privacy, Firefox and Safari already have a lot of built-in features to prevent tracking. However, there are a handful of add-ons I strongly recommend you install. It’s safe to add them all, they play nicely with each other.

  • uBlock Origin. This is a very good ad blocker, which protects you from tracking and malvertising. (Don’t get “uBlock” – you want “uBlock Origin”.)
  • Privacy Badger. From the wonderful folks at the EFF, this plugin watches for suspicious tracking behavior and blocks it – it even learns over time to get better.
  • HTTPS Everywhere. Also from EFF, this plugin ensures that any site you visit that can support encrypted communication will do it by default.
  • Decentraleyes. Kinda hard to explain briefly, but this plugin helps to limit your downloading of several common web page resources that could be used to track you when you request them.

To install a plugin, find your browser’s menu option for plugins, add-ons or extensions. You can search for the above plugins and install them directly into your browser.