🧭

My browser strategy for security and privacy

Category
Data Protection
Published on
April 27, 2023

🧐
There are a variety of web browsers available, each with its own strengths and weaknesses in terms of privacy, security, and convenience. There are passionate advocates for each browser, and it can be difficult to decide which one is right for you. Having tested several of these options myself, I have recently switched to a customized combination of browsers that offers increased privacy.

Chrome

My previous main browser

Let’s not be overly sarcastic about Chrome. You may not have been around when it was launched in September 2008, but it was a revolutionary bet from Google at a time when Internet Explorer held a 60% market share.

I loved Chrome’s minimalist transparent design and lightning-fast speed. Also, the ability to synchronize your bookmarks, settings and especially browsing history across your devices was both innovative and a somewhat scary. This has now long become a double-edged sword: when connected to your Google account on Chrome, there’s hardly any aspect of your web activity that will not be recorded.

Eventually one day, like most privacy-conscious users, I decided to not use it anymore, and switch to another Chromium-based solution, much more compatible with privacy: Brave.

Brave

My new main browser

Brave has now become my go-to browser for personal use. While it feels familiar because it’s based on Chromium, it has a lot of interesting exclusive features for privacy. However it’s always a trade-off between usability and privacy, and I don’t have hardcore privacy needs.

Privacyguides.org provides recommendations on how to configure Brave, but here’s a few details on my personal config:

  • Ad and Tracker Blocking: set on “agressive” level, this killer built-in feature eliminates the need for an extension like uBlock Origin. Sometimes it does prevent website from loading properly (typically when a GDPR popup is blocked but needed an actual click), but it’s easy to downgrade the protection level on a per-site basis.
  • Disabled BAT and Web3 features: while they are innovative features, I have decided not to use them. My primary focus is on browsing with enhanced privacy and security, rather than engaging in crypto-based rewards or decentralized applications.
  • Skipping Tor Windows, since I have no need for this added layer of privacy. It could even raise suspicion, and the browsing experience is much slower. When I really need an extra level of protection, I use Mullvad Browser (see below).
  • Anonymous synchronization: I love Brave’s sync feature based on a simple passphrase. This functionality allows to sync my bookmarks, settings, and extensions across my personal devices (including mobile and tablets) in a much more private way than Chrome’s account.
  • Search engines: it’s very convenient to have the ability to select different engines for Normal and Private windows. I use Google in normal windows, and switch to DuckDuckGo in private windows.

💼 On my work device, I don’t use synchronisation, and I configured a full erase my history and cookies when I quit the app.

Firefox hardened

My previous high-privacy browser

For a long time, Firefox was my “high privacy” browser, with a hardened configuration inspired from pyllyukko. I spent hours understanding and fine-tuning each parameter of the user.js file, and ended up with a custom set of rules.

This was my user.js configuration file
// From https://github.com/pyllyukko/user.js

// Extra hardened preferences (disabled by default)
//user_pref("pdfjs.disabled", true);
//user_pref("keyword.enabled", false);
//user_pref("dom.indexedDB.enabled", false);
//user_pref("dom.storage.enabled", false);

// User Agent override
user_pref("general.useragent.override", "Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0");
user_pref("browser.startup.homepage_override.buildID", "20100101");
user_pref("general.appname.override", "Netscape");
user_pref("general.appversion.override", "5.0 (Windows)");
user_pref("general.buildID.override", "20100101");
user_pref("general.oscpu.override", "Windows NT 6.1");
user_pref("general.platform.override", "Win32");

// Locale
user_pref("intl.accept_languages", "en-US, en");
user_pref("intl.locale.matchOS", false);
user_pref("javascript.use_us_english_locale", true);
user_pref("browser.startup.homepage", "https://start.duckduckgo.com/");

// Proxy
user_pref("network.proxy.type", 1);
user_pref("network.proxy.socks", "10.64.0.1");
user_pref("network.proxy.socks_port", 1080);
user_pref("network.proxy.socks_remote_dns", true);

// Privacy and clearing after shutdown
user_pref("browser.helperApps.deleteTempFileOnExit", true);
user_pref("browser.privatebrowsing.autostart", true);
user_pref("network.cookie.lifetimePolicy", 2);
user_pref("network.cookie.thirdparty.sessionOnly", true);
user_pref("privacy.clearOnShutdown.cache", true);
user_pref("privacy.clearOnShutdown.cookies", true);
user_pref("privacy.clearOnShutdown.downloads", true);
user_pref("privacy.clearOnShutdown.formdata", true);
user_pref("privacy.clearOnShutdown.history", true);
user_pref("privacy.clearOnShutdown.offlineApps", true);
user_pref("privacy.clearOnShutdown.openWindows", true); // Causes 2 windows to open on startup
user_pref("privacy.clearOnShutdown.sessions", true);
user_pref("privacy.clearOnShutdown.siteSettings", true);
user_pref("privacy.cpd.cache", true);
user_pref("privacy.cpd.cookies", true);
user_pref("privacy.cpd.downloads", true);
user_pref("privacy.cpd.formdata", true);
user_pref("privacy.cpd.history", true);
user_pref("privacy.cpd.offlineApps", true);
user_pref("privacy.cpd.sessions", true);
user_pref("privacy.firstparty.isolate", true);
user_pref("privacy.sanitize.sanitizeOnShutdown", true);
user_pref("privacy.sanitize.timeSpan", 0);
user_pref("privacy.trackingprotection.cryptomining.enabled", true);
user_pref("privacy.trackingprotection.enabled", true);
user_pref("privacy.trackingprotection.pbmode.enabled", true);
user_pref("privacy.userContext.enabled", true);

// All other preferences
// Truncated but identical to https://github.com/pyllyukko/user.js

One very important safeguard was to force the connection through a Mullvad SOCKS5 proxy, that reliably blocked Firefox from connecting to Internet if not connected to a Mullvad VPN server, as explained here.

But then Mullvad released their browser.

Mullvad browser

My new high-privacy browser

In April 2023, Mullvad introduced their customized version of the Tor browser, which actually doesn't require connecting to Tor (or any VPN, for that matter). The Tor browser itself is built on a heavily modified configuration of Firefox ESR.

Upon trying the Mullvad browser on its launch day, I was so convinced that I uninstalled Firefox just an hour later. The Mullvad browser now serves as my "extreme privacy" browser, relieving me from the task of continually customizing Firefox's hardening parameters to ensure up-to-date security. The Tor and Mullvad teams handle the job for us with each update.

I retain almost all the default settings, with the exception of adjusting my Security Level to Safer for a balance between privacy and usability.

Firefox Focus

My privacy browser on mobile

On my iPhone, alongside the Brave browser, I also utilize Firefox Focus as a lightweight and privacy-oriented browsing solution. Firefox Focus is specifically designed when you want a separate browser for private browsing sessions.

Here are the features that I like most:

  • Automatic History Erasure: by default, Firefox Focus erases your browsing history between sessions, ensuring that your data remains private and secure.
  • Built-in Tracking protection: it comes with a tracking protection feature, which essentially functions as an ad blocker.
  • Face ID Integration: Firefox Focus can be automatically locked with Face ID, adding an extra layer of security from prying eyes.
  • Speed: the browser's minimalistic design and focus on privacy result in a fast and efficient browsing experience, free from the slowdowns caused by excessive ads.

Firefox Focus is not meant to replace my default mobile browser, as it doesn't maintain login sessions between uses. However, this is precisely its goal – to provide a dedicated, privacy-focused browser for sensitive tasks and browsing sessions where you don't want to leave any trace.

Safari

My fallback when a site blocks on Chromium

While I rarely use it, since I primarily rely on Brave for general browsing and Mullvad for enhanced privacy, there are occasions when I resort to Safari. This typically occurs when a website or plugin is incompatible with my favorite browsers.

Nonetheless, Safari can be configured to provide a reasonably privacy-friendly browsing experience. I my view, the easiest and most important setting to change is Safari opens with: A new private window. This way, any new browsing session begins in private mode, automatically discarding browsing data (history, cookies, downoad history, etc.) once the session ends.

😏
With this browser strategy, I find a balance between privacy, security, and performance. Using multiple browsers, I improve my online experience and reduce potential risks. But the digital world keeps changing, so I'll keep adjusting my choices to stay safe and in control of my footprint.