Maintaining your security and protecting your anonymity on the internet is arguably one of the hardest things to pull off when you’re browsing the web.
However, there are quite a few hardened browsers that offer excellent protection for your browsing sessions. In addition, there are extensions available to add protection to the popular browsers that most people use.
In this article, I’ll share information about the popular “mainstream” browsers, and also discuss some options and settings you can adjust in your favorite browser to enhance the security of said browser.
We will take a look at alternative browsers that, while based on mainstream browsers, all add additional security and privacy features designed to provide better protection for you during your browsing sessions.
Finally, I’ll share some web browser extensions that I particularly like, which offer increased security for your online travels. They’re free to use and can help prevent ad tracking, as well as increase the possibilities of avoiding the malware that’s just waiting to pounce on your browser.
In this section, I’ll provide a look at the “mainstream” browsers most readers are probably most familiar with. These browsers include Microsoft’s Edge browser, Google’s Chrome, Mozilla’s Firefox, Apple’s Safari, and Opera Software’s Opera.
As we’ll see, while these browsers aren’t the most secure and private available, users continue to prefer them due to their convenience.
Microsoft Edge is the Redmond firm’s attempt to put the security-hole-ridden days of Internet Explorer behind them and offer a more secure and sleeker web browsing experience.
In addition to Windows 10, Microsoft Edge is also available for iOS and Android devices. Both versions provide background syncing of information with your Windows 10 PC to allow seamless browsing across all devices.
Microsoft designed Edge to be more secure than Internet Explorer, removing some features while adding others. The browser does not offer support for VBScript, JScript, VML, Browser Helper Objects, Toolbars or ActiveX controls.
Microsoft has removed support for legacy Internet Explorer document modes, saying that removing support for these features significantly reduces the browser’s “attack surface,” making it more secure than IE was.
In Windows 10, Microsoft added their “Windows Hello” technology, which is a system to authenticate both the user and the website they are accessing.
“Windows SmartScreen” helps to defend against phishing attempts by performing reputation checks on websites, blocking any that appear to be phishing sites. The technology also helps to defend users against being tricked into installing malicious applications via socially-engineered attacks.
Despite Microsoft’s efforts on the security-hardening front, at the March 2021 Pwn2Own hacking event, participants were able to execute remote code on the Edge browser.
The event offers cash rewards to “ethical hackers” who can attack vulnerabilities in the major browser platforms, including Edge, Chrome, Safari and Firefox. I’ll share more about each browser’s performance at Pwn2Own in their own sections.
Google Chrome is available on the Windows, macOS, Linux, Chromebook, Android and iOS platforms.
The Chrome browser is based on the open-source Chromium browser project. The browser supports expanded functionality via a vast collection of extensions, available through the Chrome web store.
Participants at the Pwn2Own 2021 event hacked Google Chrome, Safari, and Microsoft Edge, while other competitors, including Firefox, have been compromised in the past.
Google uses two blacklists: one for phishing and another for malware. (A blacklist is a list of websites or IP addresses that are sources of spam, viruses, fraud and other malicious activity and payloads.) Chrome uses the list to warn users when they attempt to visit a potentially harmful website. The browser also offers download scanning protection to protect against malware.
The browser “sandboxes” its tabs, preventing them from interacting with critical memory functions, such as operating system memory and user files. This helps prevent device infection from malicious code. The sandbox can only respond to communication requests that the user places.
Chrome does not offer a master password function to prevent access to a user’s passwords, which the browser stores, which is a major security fault.
The browser offers an “Incognito” private browsing feature, which prevents the browser from permanently storing users’ history information or cookies from any visited websites.
It should be noted that Incognito mode does not prevent a third party, such as a hacker or even a user’s own Internet Service Provider, from observing a user’s online antics. Only an encrypted connection, such as what a Virtual Private Network (VPN) offers, can protect that information. (See my “Other Methods of Securing Your Web Browsing” section for more information.)
The online search and advertising firm Google develops and maintains the Chrome browser, and as such, Google tracks Chrome users’ online activities and search history in order to serve targeted ads during a web browsing session. This is an intrusion into a user’s privacy, spurring many to explore other browser options.
Firefox is an open-source browser that the Mozilla Foundation founded. The browser is available on most popular desktop and mobile computing platforms, including Windows, Linux, macOS, iOS and Android.
The most recent Pwn2Own event included the opportunity to attempt to hack Firefox. Participants made two hacking attempts against the browser. Only one attempt, which was able to elevate system privileges by using an integer overflow and an uninitialized buffer in the Windows operating system kernel, was successful. (Don’t worry if you didn’t understand that – what’s important is that it was hacked.)
Firefox limits scripts on one site from accessing data from another website (making it tougher to track or read data from another website), and uses SSL/TLS to protect web server communications via the HTTPS protocol. The browser is compatible with the popular HTTPS Everywhere add-on to enforce HTTPS, even if you enter a normal HTTP address.
Firefox generally has fewer security vulnerabilities than Microsoft’s Internet Explorer, making it a popular alternative for security-minded users. When Mozilla discovers bugs, many of which paid researchers searching for security holes find, Mozilla quickly patches them.
Mozilla recently released Firefox “Quantum,” which provides a number of security and speed enhancements, and which uses less memory than before.
The browser offers a Private Browsing feature, which blocks online trackers while browsing and doesn’t keep a record of the user’s browsing history while it is enabled. The new browser also offers protection against hidden ad tracking.
Unlike Google, Firefox creator Mozilla is a non-profit organization and doesn’t make use of a Firefox user’s browsing and search history to serve up ads. Instead, the company is a champion of internet privacy and safety.
Released in 2003, Apple’s Safari web browser is available only on the Mac OS X, macOS, iOS and iPadOS computing platforms. Apple announced a Windows version of the WebKit-based browser in June 2007, but Apple discontinued the Windows version in May 2012 and no longer supports it.
Safari didn’t really fare well at Pwn2Own in 2021, as a hacker was able to score a cool $100 grand by pulling off a Kernel code execution through Safari.
Safari is a reasonably secure browser, although there have been numerous exploits discovered against the platform.
Some of Safari’s and the macOS operating system’s excellent security reputation has, in the past, been due to the relatively small user base for the OS. But as the Mac has become more popular with users, the platform and its built-in browser have become more attractive targets.
The current version of Safari offers “Intelligent Tracking Prevention,” designed to identify advertisers and other parties that attempt to track your online activities and remove the cross-site tracking data left behind. The browser also warns users if they attempt to visit suspicious websites.
A Private Browsing feature prevents Safari from remembering a user’s search history, which websites the user visited, or a user’s auto-fill information. In addition, a tab sandboxing feature offers protection from malicious code and malware by confining each page to a single browser tab, preventing it from crashing a browser or accessing other websites’ data.
Currently, the Opera web browser is available for the Windows, macOS, Linux, Android and iOS operating systems. The browser is based on the open-source Chromium browser platform, the same one Google’s Chrome is based on.
Opera is the only browser listed in this “mainstream browser” section that did not participate in the 2017 Pwn2Own competition. However, the browser does have several security-minded features that help protect users while they traverse the net.
Perhaps the most helpful security feature of the latest version of Opera is its free, built-in Virtual Private Network (VPN) feature. The feature protects a user’s browsing session by encrypting the browser’s internet connection, shielding the user’s online antics from prying eyes.
Please note that the VPN protection is not quite as comprehensive as what pay-for-play services offer, offering only protection for any activities in the browser itself – the rest of your computer’s online activities, such as that connected to email, torrenting and other apps, are still laid bare to possible monitoring by outside parties.
Opera VPN’s connection options are also more limited than that of paid VPNs, with location options limited to only “Europe,” “Americas” and “Asia.” While this might limit your blocked-content-unlocking options, it should prove to be enough protection for those simply looking for a free and easy-to-use service to protect their browsing activities.
Opera’s fraud and malware protection has the ability to warn users of suspicious web pages, which is a feature that is turned on by default.
The browser checks any web page a user requests against a “blacklist” database of phishing and malware websites. If the requested site is on the blacklist, a warning page will display before Opera shows the page. The user must then decide, on their own, whether or not to go ahead and open the page.
The browser also includes a built-in ad blocker, which Opera claims makes “content-rich” web pages open as much as 90% faster.
In addition to the mainstream browsers listed in the previous section, there are a number of alternative browsers, which are designed to offer additional security and privacy protections.
These browsers are usually based on popular browser engines, such as the Chromium engine used in Google’s Chrome browser, but are modified to provide safer browsing.
In this section, we’ll take a look at 3 browsers, each of which takes a slightly different approach to securing and privatizing your web browsing sessions. All 3 browsers, while offering excellent protection, also have their own drawbacks.
Epic Privacy Browser
The Epic Privacy Browser was designed from the ground up to provide comprehensive private browsing, with “always-on” privacy that doesn’t require toggling on a “private mode,” like some other browsers require. The browser is based on the Chromium browser engine, which is the basis for the Google Chrome browser.
Epic blocks trackers and third-party cookies, and claims to be the only browser that actively blocks thousands of trackers.
The browser also protects your web searches from being saved and tracked by automatically loading search engines via its built-in proxy, preventing the search engines from tracking users by their IP address. If available, the browser will use an HTTPS version of the websites you visit.
In addition to its other privacy protections, the Epic browser also offers a built-in encrypted proxy, similar to a VPN, which both hides your IP address and encrypts all of your data.
The browser offers 9 locations in the United States, Canada, Europe, Asia and the United Kingdom, allowing users to appear as if they are located in the selected country. You can enable the proxy from the browser’s toolbar.
Please note that during testing, many websites, especially those that are vigilant for proxy servers and VPNs, such as Netflix and Hulu, did not work properly with the encrypted proxy engaged. Epic warns that some websites, such as Facebook and Gmail, may require additional authentication steps with the proxy turned on.
Any time you open a new browsing tab, you’ll see a screen similar to that of other browsers, with a set of buttons you can click to go directly to a website. However, since Epic doesn’t track or remember any of your web travels, you’ll need to manually set up the buttons with links to your favorite websites.
The home page also offers a running count of how many trackers have been blocked during your current browsing session.
While Epic allows the use of browser extensions, the selection is limited, with just 7 extensions available at the time of this article. Extensions are available from Evernote, Clearly, Pocket, IE Tab (Windows Only), Xmarks, LastPass and RoboForm.
The Tor Browser provides one of the most secure ways available to browse the web. The browser makes use of the Tor (“The Onion Router”) network, using the network’s series of relays, which are run by volunteers and are used to encrypt and anonymize a user’s connection.
Tor’s “onion routing” is called that due to its implementation of encryption in the communication protocol stack’s application layer, which is constructed similarly to the layers of an onion. The network encrypts the data several times, never revealing the original IP address.
The browser has the ability to effectively prevent anyone from tracking your internet connection to learn your location or to monitor which websites you visit. This makes the Tor Browser a popular choice among journalists and activists who are located in countries where internet activity is closely monitored.
By bouncing a user’s connection around the Tor network, the browser makes it appear that the user is located somewhere else. As seen below, despite my actually being located in the southeastern part of the United States, whatismyip.com indicates that I am located in France.
This IP address “spoofing” feature prevents websites from learning your actual IP address and physical location. It also provides access to many websites and services that might normally be blocked to your area, due to geographical content blocking.
While the Tor Browser does a great job of anonymizing your web browsing, it only anonymizes your browser activity, and the traffic for other internet-connected apps on your computer or mobile device is routed in the usual, unprotected manner.
In addition to IP address spoofing, the Tor Browser also protects your privacy by routing your internet searches through the anonymous DuckDuckGo search site, which doesn’t track you – unlike the Bing and Google search sites.
Tor is lightweight and self-contained, which makes it an excellent candidate for including on a USB stick so you can use it on other computers, no installation needed.
Tor Browser isn’t a valid candidate for use as your daily driver browser, as the relay method used by the network to anonymize your internet usage can noticeably slow down your online experience. So, you’ll likely still want to have Chrome or another browser handy for activities that aren’t security-critical.
I advise you that the Tor Browser allows users to access some of the more dangerous, and let’s say “seedier,” parts of the web, which could lead you to encounters with viruses and malware more often than you normally might. So be careful to practice safe browsing, even with the extra access to these more “unusual” areas of the net.
Brave is an open-source browser based on the Chromium browser engine, which is the same engine that the Google Chrome browser uses. The lightweight browser claims improved loading speeds and reduced data usage, mostly due to its advanced ad tracking and blocking abilities.
Brave is available for the Windows, macOS, Linux, Android, and iOS platforms. It includes HTTPS Everywhere integration, blocks cookies, and boasts a growing community of developers working to improve the browser.
While Brave blocks all ads and trackers by default, you can allow selected ads and trackers via the browser’s preferences panel.
Since ads are the main source of income for many websites, the company also offers a “Brave Payments” system, which allows users to anonymously donate to content producers they like. Brave then automatically distributes microdonations to the desired content producers.
Brave does allow the use of browser extensions. However, those extensions are limited to a small number of approved extensions. Brave-approved extensions include those from 1Password, bitwarden, Dashlane, Honey, LastPass, MetaMask, PDF Viewer, Pocket and Torrent Viewer.
The browser also offers a number of innovative tab-based features, such as tab previews, which offer a full-screen preview of a tab when you hover your mouse pointer over it.
In addition, the browser includes the ability to create new private tabs on the fly and set the number of tabs to be shown per session.
Other Methods of Securing Your Web Browsing
In addition to trying to use the most secure browser, you can also help protect your security and privacy while surfing the web by using plug-ins or adjusting the settings on your browser of choice. You can also help protect yourself by simply practicing safe computing.
In this section, I’ll share the various methods that you can use to secure your browsing by using plug-ins like HTTPS Everywhere, apps like those available from VPN providers, and the settings you can change in your browser to harden your security settings. (But never harden your heart, as Quarterflash did.)
I’ll also look at common-sense steps to take to protect yourself and your precious personal information.
HTTPS Everywhere is a free extension for the Firefox, Chrome and Opera browsers on most desktop computing platforms, and on Android mobile devices. This free extension encrypts your communication with a large number of websites, making your browsing sessions more secure.
HTTPS Everywhere is the result of collaboration between The Tor Project and the Electronic Frontier Foundation.
Although many websites offer support for encryption over HTTPS, not all do. Or, some of the websites may use HTTPS for logins, but leave much of the rest of the site open to unencrypted HTTP communication.
HTTPS Everywhere sits in the background, quietly rewriting HTTP requests to use the more secure HTTPS on websites that support it.
The extension was inspired by Google’s increased usage of HTTPS and is designed to force the use of the secure transport layer where possible.
Zscaler Tools (Internet Explorer 6 to 10)
While the HTTPS Everywhere extension is not officially available for Internet Explorer, there is an extension based on the HTTPS Everywhere project available for Internet Explorer 6 to 10.
Zscaler Tools – HTTPS Everywhere for Internet Explorer – is still in its early days, development-wise, as the version number of 0.0.0.3 indicates. The extension translates URLs from HTTP to HTTPS according to EFF rules and also secures cookies.
It does not support HSTS (HTTP Strict Transport Security) at this time, and also doesn’t provide support for custom rules. HSTS is a web server directive that tells user agents and web browsers how to handle its connection through a response header sent at the very beginning and back to the browser.
The extension is available on the Zscaler website, and the download includes an installer. You’ll need to restart Internet Explorer to enable the extension.
Disconnect is a browser extension that works on the major browser platforms (Chrome/IE/Firefox/Safari). The extension works to block web tracking, malware and “malvertising” while you roam the web. Disconnect also offers apps for Android and iOS devices.
The Disconnect button sits in your browser’s toolbar and displays the total number of tracking requests from every page you visit. If the icon is green, it means the extension has blocked all of the requests on a page. If the icon is gray, it means the extension was only able to block some of the requests.
Clicking the toolbar icon shows the type of requests that Disconnect has blocked, including advertising, analytics, social and content requests.
Google, Facebook and Twitter are shown separately, allowing you to block or unblock a site with a click of the mouse. You can also add websites to a blacklist or a whitelist to block or unblock all requests from a website.
The Disconnect service is available in three levels of service:
- Basic offers protection for a single browser, allowing you to block trackers and search privately.
- Pro blocks malware and trackers across all of your devices.
- Premium also secures your Wi-Fi connection and masks your location via the Disconnect VPN service.
I have found the Disconnect browser extension’s basic plan is perfect for my needs, as I already have a favorite VPN I use to protect my internet connection.
The DuckDuckGo website has long been an excellent way to prevent your search activity from the monitoring it is subject to when you use one of the big boys like Google or Bing.
The private search engine recently made an extension available for Firefox, Safari and Chrome, which offers private search, tracker network blocking and smart encryption.
The DuckDuckGo browser extension also shows you a Privacy Grade of A to F when you visit a website. This lets you view, at a glance, how well your privacy is protected on any given site.
The score is based on the presence of hidden tracker networks, the website’s privacy practices and its available encryption. (Take it from me, they’re strict. I haven’t seen a website that’s earned an “A” grade yet.)
The search company has partnered with Terms of Service Didn’t Read (TOSDR) to include their scores of the service and privacy policies of websites, when it’s available. The extension also includes DuckDuckGo’s private web search, making private searches more convenient than ever.
In addition to the browser extension, DuckDuckGo has also released a new version of their mobile private search app for iOS and Android devices.
The DuckDuckGo browser extension is available for Firefox, Safari and Chrome.
Virtual Private Networks (VPNs)
A Virtual Private Network (VPN) protects your internet connection by encasing it in a layer of encryption.
This prevents anyone who’s looking to monitor your connection, such as hackers, government agencies or even your own Internet Service Provider, from seeing your online travels, as well as the important personal information related to those travels.
I have tested and reviewed a large number of VPN providers on this very website, and they are a valuable tool for protecting your internet connection – especially when traveling and when you’re forced to use your computer or mobile device on an open Wi-Fi hotspot, such as those found in coffee shops, hotels and other public locations.
In addition to protecting your internet connection from prying eyes, a VPN also allows you to appear as if you’re connected in another global location. This makes it easier to access international web content, such as video and audio streaming content, that might normally be blocked from your actual location.
I strongly recommend that you check out NordVPN to protect your web browsing, no matter which browser you use. NordVPN provides top-notch online security and privacy for most popular device platforms. Its impressive global server network delivers fast connections that are protected with the latest in security and privacy measures.
In addition to comprehensive online protection, NordVPN also delivers reliable access to numerous video streaming sites around the globe. The provider protects users’ accounts with two-factor authentication and offers blocking of malware and other online-related threats.
Use Your Browser’s Security and Privacy Tools
You may or may not be aware that whichever browser you use, it has privacy and security settings that you can adjust to your liking. Chrome, Firefox, Safari, Opera, Internet Explorer and Microsoft Edge browsers all have options that allow you to protect yourself while browsing.
I’ve already covered how to do this in a quite informative article, How to Browser the Web as Anonymously as Possible, which is (in my humble opinion) highly recommended reading for those interested in securing their favorite web browser.
We’ve covered a lot in this article, but nothing too arcane. By taking the time to investigate your options, you can easily decide on the most secure browser for your needs, and even find ways to better strengthen your browser of choice’s own security protections with the use of extensions or a VPN.
I have personally found that Google’s Chrome, with a few well-chosen extensions such as HTTPS Everywhere and Disconnect, as well as a high-performance VPN like NordVPN, to be one of the best ways to protect online travels from prying eyes. All those individual pieces stack up to a security wall that keeps your screen from becoming cluttered with ads and adware and protects you from malware.
For privacy protection from a base browser configuration, try Brave browser. macOS Monterey 12 users can take advantage of the privacy and security improvements Apple has brought to Safari. With the proper combination of VPNs, browser extensions, and antivirus/anti-malware protection, you can be reasonably safe on the web. Just stay out of the dark corners of the web.
When I’m researching subjects like the dark web, or when I want to protect myself from detection by my ISP or friendly neighborhood government agent, I always use the Tor Browser due to its use of connection relays to obfuscate my actual location and the activities that I am conducting.
You may find that, much like your other online activities, there isn’t any single app that will cover all of your security and privacy needs. That’s why I always suggest keeping various tools in your online arsenal to protect yourself and your activities. That’s why you should also check out the other guides on my site for more information on how to protect yourself while online.
Enjoy your travels, and stay safe!
Secure & Private Web Browser FAQs
What Is the Most Private Browser?
Thanks to its use of multiple relays to anonymize your IP address and identity, I consider the Tor Browser to be one of the most private browsers available. However, it is also one of the slowest browsers around, thanks to using multiple relays.
Is Mozilla's Firefox a "Safe" Browser?
Firefox is an open-source browser, meaning anyone can examine the code, and this helps keep things on the up-and-up. Firefox also offers a variety of security features, including phishing and malware protection, blocking attack websites, and warning users when a website attempts to install add-ons.
What browser should you use when Tor is not an option?
Use a browser like Brave or Firefox. Make sure the browser settings are set to their most private, deleting your browsing history as well as your caches each time the browser is shut down. Also, use a VPN, like NordVPN, this will encrypt your internet connection, preventing your ISP and other nosy types from tracking your online travels.
What is the least secure web browser?
Yandex, Microsoft Edge, Google Chrome, Waterfox, are all less than secure. Yandex is owned by a Russian company that is much like Google, and like Google, it collects information about your online activities for sale to advertisers and other nosy types. Microsoft Edge is owned by a less than private company, and Waterfox is owned by an advertising firm.
- Mainstream Browsers
- Microsoft Edge
- Google Chrome
- Mozilla Firefox
- Alternative Browsers
- Epic Privacy Browser
- Tor Browser
- Other Methods of Securing Your Web Browsing
- Action Steps
- Secure & Private Web Browser FAQs
- What Is the Most Private Browser?
- Is Mozilla's Firefox a "Safe" Browser?
- What browser should you use when Tor is not an option?
- What is the least secure web browser?