What Is the Most Secure & Private Web Browser for 2018?
Maintaining your security and protecting your anonymity on the internet is arguably one of the hardest things to pull off when you’re browsing the web.
However, there are quite a few hardened browsers that offer excellent protection for your browsing sessions. In addition, there are extensions available to add protection to the popular browsers used by most internet users.
In this article, I’ll share information about the popular “mainstream” browsers, including Microsoft’s Edge, Google’s Chrome, Mozilla’s Firefox, Apple’s Safari and Opera Software’s Opera browsers. I’ll also discuss some options and settings you can adjust in your favorite browser to enhance the security of said browser.
I’ll take a look at alternative browsers that, while based on mainstream browsers, all add additional security and privacy features designed to provide better protection for you during your browsing sessions.
Finally, I’ll explore some web browser extensions that I particularly like, which offer increased security for your online travels. They’re free to use and can help prevent ad tracking, as well as increase the possibilities of avoiding the malware that’s just waiting to pounce on your browser.
In this section, I’ll provide a look at the “mainstream” browsers most readers are probably most familiar with. These browsers include Microsoft’s Edge browser, Google’s Chrome, Mozilla’s Firefox, Apple’s Safari and Opera Software’s Opera.
As we’ll see, while these browsers aren’t the most secure and private available, users continue to prefer them due to their convenience.
Microsoft Edge is the Redmond firm’s attempt to put the security-hole-ridden days of Internet Explorer behind them and offer a more secure and sleeker web browsing experience.
Don’t worry. If you need Internet Explorer due to a special need for an IE-only ActiveX or Browser Helper Objects, IE 11 is included in Windows 10, it’s just hidden a bit. I’m not going to tell you where to find it, though. I simply refuse to enable your bad life choices.
Edge does not support any legacy technologies, such as ActiveX, but instead supports an extensions system, much like Google’s Chrome browser. Browser extension support for the Edge browser is still in its early days, with only a small number of extensions having been approved for use with the platform.
The browser is integrated with Microsoft’s digital assistant, Cortana, to provide voice control and search functionality. The browser uses a proprietary engine called EdgeHTML. Written in C++, the engine is intended to be fully compatible with the WebKit layout engine used by Apple’s Safari and other browsers.
Microsoft designed Edge to be more secure than Internet Explorer, removing some features while adding others. The browser does not offer support for VBScript, JScript, VML, Browser Helper Objects, Toolbars or ActiveX controls.
Support for legacy Internet Explorer document modes has also been removed. Microsoft says removing support for these features significantly reduces the browser’s “attack surface,” making it more secure than IE was.
In Windows 10, Microsoft added their “Windows Hello” technology, which is a system to authenticate both the user and the website they are accessing.
“Windows SmartScreen” helps to defend against phishing attempts by performing reputation checks on websites, blocking any that appear to be phishing sites. The technology also helps to defend users against being tricked into installing malicious applications via socially-engineered attacks.
Despite Microsoft’s efforts on the security hardening front, the Edge browser was found to be the least secure browser at the March 2017 Pwn2Own hacking event, having been hacked a total of 5 times during the event.
The event offers cash rewards to “ethical hackers” who can attack vulnerabilities in the major browser platforms, including Edge, Chrome, Safari and Firefox. I’ll share more about each browser’s performance at Pwn2Own in their own sections.
In addition to Windows 10, Microsoft Edge is also available for iOS and Android devices. Both versions provide background syncing of information with your Windows 10 PC to allow seamless browsing across all devices.
For more information, visit the Microsoft Edge website.
Google Chrome is available on the Windows, macOS, Linux, Chromebook, Android and iOS platforms.
The Chrome browser is based on the open-source Chromium browser project. The browser supports expanded functionality via a vast collection of extensions, available through the Chrome web store.
Although Google CEO Eric Schmidt opposed the development of a Google-branded browser for six years, he was persuaded otherwise when company co-founders Sergey Brin and Larry Page hired a group of former Firefox developers to build a demo version of Chrome.
The browser was officially released for the first time for Windows XP on September 2, 2008. Beta versions of the browser were released for OS X and Linux in December 2009.
As of Q2 2017, it was estimated that Chrome had a 63% share of the worldwide desktop web browser market. It had 54% of the market across all platforms, due to its 50% market share on smartphones (Chrome is the default browser on Android devices.)
Google Chrome has been named “most secure browser” at the Pwn2Own hacking event for two years straight. During both events, the browser was not hacked, while its competitors, Microsoft Edge, Firefox and Safari, were all compromised at least once.
Google uses two blacklists: one for phishing and another for malware in order to warn users when they attempt to visit a potentially harmful website. The browser also offers download scanning protection to protect against malware.
The browser “sandboxes” its tabs, preventing them from interacting with critical memory functions, such as operating system memory and user files. The sandbox can only respond to communication requests placed by the user.
Chrome has long been faulted for not offering a master password function to prevent access to a user’s passwords, which are stored by the browser.
The browser offers an “Incognito” private browsing feature, which prevents the browser from permanently storing users’ history information or cookies from any visited websites.
It should be noted that Incognito mode does not prevent a third party, such as a hacker or even a user’s own Internet Service Provider, from observing a user’s online antics. Only an encrypted connection, such as that provided by a Virtual Private Network (VPN), can protect that information.
Chrome is developed and maintained by online search and advertising firm Google, and as such, Google is known to track Chrome users’ online activities and search history in order to serve targeted ads during a web browsing session. This is seen by many as an intrusion into a user’s privacy, spurring them to explore other browser options.
For more information, visit the Google Chrome website.
Firefox is an open-source browser developed by the Mozilla Foundation. The browser is available on most popular desktop and mobile computing platforms, including Windows, Linux, macOS, iOS and Android.
Firefox began life as a branch of the Mozilla project. Mozilla developers Dave Hyatt, Joe Hewitt and Blake Ross believed the Mozilla browser suite was becoming bloated and looked to develop a stand-alone browser free of the commercial requirements of the Mozilla project, which was sponsored by Netscape.
The Firefox project was originally dubbed “Phoenix,” as the browser was said to arise from the ashes of Netscape Navigator (much like the firebird of mythology), which had been killed off by Microsoft’s Internet Explorer in what proved to be the first of many “browser wars.” (Sorry X-Men fans, it’s not named after Jean Grey, the popular character from the X-Men.)
The name of the project was renamed a few times due to trademark issues, and was named “Phoenix,” then “Firebird,” then “Mozilla Firebird,” finally settling on the name “Firefox,” said to be derived from the nickname of the red panda, which became the project’s mascot.
Firefox usage grew to a peak of 32% at the end of 2009, making it the world’s most popular browser. Usage began to decline following the 2008 release of Google’s Chrome browser. As of September 2017, Firefox still holds between 5.96% and 13.6% of global usage, depending on the source.
Firefox was also made available for hacking attempts at the most recent Pwn2Own event, where two hacking attempts were made against the browser. Only one attempt, which was able to elevate system privileges by using an integer overflow and an uninitialized buffer in the Windows operating system kernel, was successful.
Firefox limits scripts on one site from accessing data from another website, and uses SSL/TLS to protect web server communications via the HTTPS protocol. The browser is compatible with the popular HTTPS Everywhere add-on to enforce HTTPS, even if a normal HTTP address is entered.
Firefox is generally viewed as having fewer security vulnerabilities than Microsoft’s Internet Explorer, making it a popular alternative for security-minded users. When bugs are discovered, many of which are found due to a “bug bounty” paid to researchers who discover security holes, they’re quickly patched.
Firefox “Quantum” was recently released, which provides a number of security and speed enhancements, and which uses less memory than before.
The browser offers a Private Browsing feature, which blocks online trackers while browsing and doesn’t keep a record of the user’s browsing history while it is enabled. The new browser also offers protection against hidden ad tracking.
Unlike Google, Firefox creator Mozilla is a non-profit organization and doesn’t make use of a Firefox user’s browsing and search history to serve up ads. Instead, the company is known as a champion of internet privacy and safety.
For more information, visit the Firefox website.
BackgroundApple’s Safari web browser was first released in 2003 and is available only on the Mac OS X, macOS and iOS computing platforms. A Windows version of the WebKit-based browser was announced for the Microsoft Windows platform in June 2007, but the Windows version was discontinued in May 2012 and is no longer supported by Apple.
Safari 11 is the currently-available version of Apple’s desktop browser and was released in September 2017 as part of macOS High Sierra, the latest version of Apple’s Mac operating system.
Safari is no longer available as a standalone download and is instead included as a part of the OS. The only exception to this is the Safari Technology Preview, which is intended for use by developers to test possible upcoming features of the browser.
Safari didn’t really fare well at Pwn2Own in 2017, although it should be noted that one of the successful hacks used a use-after-free (UAF) bug that had been fixed in the beta version of the browser. One group used six different bugs to attack the browser and gain root access to macOS.
Safari is considered to be a reasonably secure browser, although there have been numerous exploits discovered against the platform.
Some of Safari’s and the macOS operating system’s excellent security reputation has, in the past, been due to the relatively small user base for the OS. But as the Mac has become more popular with users, the platform and its built-in browser have become more attractive targets.
The current version of Safari offers “Intelligent Tracking prevention,” designed to identify advertisers and other parties that attempt to track your online activities, and remove the cross-site tracking data left behind. The browser also warns users if they attempt to visit suspicious websites.
A Private browsing feature prevents Safari from remembering a user’s search history, which websites were visited or a user’s auto-fill information. In addition, a tab sandboxing feature offers protection from malicious code and malware by confining each page to a single browser tab, preventing it from crashing a browser or accessing other site’s data.
For more information, visit the Safari website.
Opera Software develops and maintains the Opera web browser, which began in 1994 as a research project at Norwegian telecommunications company Telenor. In 1995, it spun off into a separate company named Opera Software ASA. The first publicly-released version was released in 1996 and was designated version 2.0, which ran only on the Microsoft Windows platform.
Currently, the Opera web browser is available for the Windows, macOS, Linux, Android and iOS operating systems. The browser is based on the open-source Chromium browser platform, the same one Google’s Chrome is based on.
While user adoption of Opera lags well behind its more popular brethren, the browser has a small but dedicated user base.
Opera is the only browser listed in this “mainstream browser” section that did not participate in the 2017 Pwn2Own competition. However, the browser does have several security-minded features that help protect users while they traverse the net.
Perhaps the most helpful security feature of the latest version of Opera is its free, built-in Virtual Private Network (VPN) feature. The feature protects a user’s browsing session by encrypting the browser’s internet connection, shielding the user’s online antics from prying eyes.
It should be noted that the VPN protection is not quite as comprehensive as that offered by pay-for-play services, offering only protection for any activities in the browser itself - the rest of your computer’s online activities, such as that connected by email, torrenting and other apps, are still laid bare to possible monitoring by outside parties.
Opera VPN’s connection options are also more limited than that of paid VPNs, with location options limited to only “Europe,” “Americas” and “Asia.” While this might limit your blocked-content-unlocking options, it should prove to be enough protection for those simply looking for a free and easy-to-use service to protect their browsing activities.
Opera’s fraud and malware protection offers the ability to warn users of suspicious web pages, which is a feature that is turned on by default.
The browser checks any requested web page against a “blacklist” database of phishing and malware websites. If the requested site is found on the blacklist, a warning page will display before the page is shown. The user must then decide, on their own, whether or not to go ahead and open the page.
The browser also includes a built-in ad blocker, which Opera claims makes “content-rich” web pages open as much as 90% faster.
For more information, visit the Opera website.
In addition to the mainstream browsers listed in the previous section, there are a number of alternative browsers, which are designed to offer additional security and privacy protections.
These browsers are usually based on popular browser engines, such as the Chromium engine used in Google’s Chrome browser, but are modified to provide safer browsing.
In this section, we’ll take a look at 3 browsers, each of which takes a slightly different approach to securing and privatizing your web browsing sessions. All 3 browsers, while offering excellent protection, also have their own drawbacks.
Epic Privacy Browser
The Epic Privacy Browser was designed from the ground up to provide comprehensive private browsing, with “always-on” privacy that doesn’t require toggling on a “private mode,” like is required with some other browsers.
The browser is based on the Chromium browser engine, which is the basis for the Google Chrome browser.
Epic blocks trackers and third-party cookies, and claims to be the only browser that actively blocks thousands of trackers.
The browser also protects your web searches from being saved and tracked by automatically loading search engines via its built-in proxy, preventing the search engines from tracking users by their IP address. If available, the browser will use an HTTPS version of the websites you visit.
In addition to its other privacy protections, the Epic browser also offers a built-in encrypted proxy, similar to a VPN, which both hides your IP address and encrypts all of your data.
The browser offers 9 locations in the United States, Canada, Europe, Asia and the United Kingdom, allowing users to appear as if they are located in the selected country. The proxy can be enabled from the browser’s toolbar.
It should be noted that in my testing, many websites, especially those that are vigilant for proxy servers and VPNs, such as Netflix and Hulu, will not work properly with the encrypted proxy engaged. Epic warns that some websites, such as Facebook and Gmail, may require additional authentication steps with the proxy turned on.
Any time you open a new browsing tab, you’ll see a screen similar to that of other browsers, with a set of buttons you can click to go directly to a website. However, since Epic doesn’t track or remember any of your web travels, you’ll need to manually set up the buttons with links to your favorite websites.
The home page also offers a running count of how many trackers have been blocked during your current browsing session.
While Epic allows the use of browser extensions, the selection is limited, with just 7 extensions available at the time of this article. Extensions are available from Evernote, Clearly, Pocket, IE Tab (Windows Only), Xmarks, LastPass and RoboForm.
For more information, visit the Epic Browser website.
The Tor Browser provides one of the most secure ways available to browse the web. The browser makes use of the Tor (“The Onion Router”) network, using the network’s series of relays, which are run by volunteers and are used to encrypt and anonymize a user’s connection.
Tor’s “onion routing” is named as such due to its implementing of encryption in the communication protocol stack’s application layer, which is constructed similarly to the layers of an onion. The network encrypts the data several times, never revealing the original IP address.
The browser has the ability to effectively prevent anyone from tracking your internet connection to learn your location or to monitor which websites you visit. This makes the Tor Browser a popular choice among journalists and activists who are located in countries where internet activity is closely monitored.
By bouncing a user’s connection around the Tor network, the browser makes it appear that the user is located somewhere else. As seen below, despite my actually being located in the southeastern part of the United States, whatismyip.com indicates that I am located in France.
This IP address “spoofing” feature prevents website from learning your actual IP address and physical location. It also provides access to many websites and services that might normally be blocked to your area, due to geographical content-blocking.
While the Tor Browser does a great job of anonymizing your web browsing, it only anonymizes your browser activity, and the traffic for other internet-connected apps on your computer or mobile device are routed in the usual, unprotected manner.
In addition to IP address spoofing, the Tor Browser also protects your privacy by routing your internet searches through the anonymous DuckDuckGo search site, which doesn’t track you - unlike the Bing and Google search sites.
Tor is lightweight and self-contained, which makes it an excellent candidate for including on a USB stick so you can use it on other computers, no installation needed.
Tor Browser isn’t a valid candidate for use as your daily driver browser, as the relay method used by the network to anonymize your internet usage can noticeably slow down your online experience. So, you’ll likely still want to have Chrome or another browser handy for activities that aren’t security-critical.
It should be advised that the Tor Browser allows users to access some of the more dangerous, and let’s say “seedier” parts of the web, which could lead to encounters with viruses and malware more often than you normally might. So be careful to practice safe browsing, even with the extra access to these more “unusual” areas of the net.
For more information, visit the Tor Project website.
Brave is an open-source browser based on the Chromium browser engine, which is the same engine used in the Google Chrome browser. The lightweight browser claims improved loading speeds and reduced data usage, mostly due to its advanced ad-tracking and blocking abilities.
Brave is available for the Windows, macOS, Linux, Android and iOS platforms. It includes HTTPS Everywhere integration, blocks cookies and boasts a growing community of developers working to improve the browser.
While Brave blocks all ads and trackers by default, selected ads and trackers can be allowed via the browser’s preferences panel.
Since ads are the main source of income for many websites, the company also offers a “Brave Payments” system, which allows users to anonymously donate to content producers they like. Brave then automatically distributes microdonations to the desired content producers.
Brave does allow the use of browser extensions. However, those extensions are limited to a small number of approved extensions. Brave-approved extensions include those from 1Password, bitwarden, Dashlane, Honey, LastPass, MetaMask, PDF Viewer, Pocket and Torrent Viewer.
The browser also offers a number of innovative tab-based features, such as tab previews, which offers a full-screen preview of a tab when you hover your mouse pointer over it.
In addition, the browser includes the ability to create new private tabs on the fly and set the number of tabs to be shown per session.
For more information, visit the Brave website.
Other Methods of Securing Your Web Browsing
In addition to trying to use the most secure browser, you can also help protect your security and privacy while surfing the web by using plug-ins or adjusting the settings on your browser of choice. You can also help protect yourself by simply practicing safe computing.
In this section, I’ll share the various methods that can be used to secure your browsing by using plug-ins like HTTPS Everywhere, apps like those available from VPN providers and the settings you can change in your browser to harden your security settings. (But never harden your heart, like Quarterflash did.)
I’ll also look at common-sense steps to take to protect yourself and your precious personal information.
HTTPS Everywhere is a free extension for the Firefox, Chrome and Opera browsers on most desktop computing platforms, and on Android mobile devices. This free extension encrypts your communication with a large number of websites, making your browsing sessions more secure. HTTPS Everywhere is the result of collaboration between The Tor Project and the Electronic Frontier Foundation.
Although many websites offer support for encryption over HTTPS, not all do. Or, some of the websites may use HTTPS for logins, but leave much of the rest of the site open to unencrypted HTTPS communication.
HTTPS Everywhere sits in the background quietly rewriting HTTP requests to use the more secure HTTPS on websites that support it.
The extension was inspired by Google’s increased usage of HTTPS and is designed to force use of the secure transport layer where possible.
For more information, visit the HTTPS Everywhere website.
Zscaler Tools (Internet Explorer 6 to 10)
While the HTTPS Everywhere extension is not officially available for Internet Explorer, there is an extension based on the HTTPS Everywhere project available for Internet Explorer 6 to 10.
Zscaler Tools - HTTPS Everywhere for Internet Explorer - is still in its early days, development-wise, as the version number of 0.0.0.1 indicates. The extension translates URLs from HTTP to HTTPS according to EFF rules, and also secures cookies.
It does not support HSTS at this time, and also doesn’t provide support for custom rules.
The extension is available on the Zscaler website, and the download includes an installer. You’ll need to restart Internet Explorer to enable the extension.
For more information, visit the Zscaler website.
Disconnect is a browser extension that works on the major browser platforms (Chrome/IE/Firefox/Safari). The extension works to block web tracking, malware and “malvertising” while you roam the web. Disconnect also offers apps for Android and iOS devices.
The Disconnect button sits in your browser’s toolbar and displays the total number of tracking requests from every page you visit. If the icon is green, it means all of the requests on a page have been blocked. If the icon is gray, it means some of the requests were not blocked.
Clicking the toolbar icon shows the type of requests that have been blocked, including advertising, analytics, social and content requests.
Google, Facebook and Twitter are shown separately, allowing users to block or unblock a site with a click of the mouse. Users can also add websites to a blacklist or a whitelist to block or unblock all requests from a website.
The Disconnect service is available in three levels of service:
I have found the Disconnect browser extension is perfect for my needs, as I already have a favorite VPN I use to protect my internet connection.
For more information, visit the Disconnect website.
The DuckDuckGo website has long been an excellent way to prevent your search activity from the monitoring it is subject to when you use one of the big boys like Google or Bing.
The private search engine recently made an extension available for Firefox, Safari and Chrome, which offers private search, tracker network blocking and smart encryption.
The DuckDuckGo browser extension also shows you a Privacy Grade of A to F when you visit a website. This lets you view, at a glance, how well your privacy is protected on any given site.
The score is based on the presence of hidden tracker networks, the website’s privacy practices and its available encryption. (Take it from me, they’re strict. I haven’t seen a website that’s earned an “A” grade yet.)
The search company has partnered with Terms of Service Didn't Read (TOSDR) to include their scores of the service and privacy policies of websites, when it’s available. The extension also includes DuckDuckGo’s private web search, making private searches more convenient than ever.
In addition to the browser extension, DuckDuckGo has also released a new version of their mobile private search app for iOS and Android devices.
The DuckDuckGo browser extension is available for Firefox, Safari and Chrome.
For more information, visit the DuckDuckGo website.
Virtual Private Networks
A Virtual Private Network (VPN) protects your internet connection by encasing it in a layer of encryption.
This prevents anyone who’s looking to monitor your connection, such as hackers, government agencies or even your own Internet Service Provider, from seeing your online travels, as well as the important personal information related to those travels.
I have tested and reviewed a large number of VPN providers on this very website, and they are a valuable tool for protecting your internet connection - especially when travelling and when you’re forced to use your computer or mobile device on an open Wi-Fi hotspot, such as those found in coffee shops, hotels and other public locations.
In addition to protecting your internet connection from prying eyes, a VPN also allows you to appear as if you’re connected in another global location. This makes it easier to access web content, such as video and audio streaming content, that might normally be blocked from your actual location.
For more information about VPNs, or to check out my VPN provider reviews, visit the VPN area of this website.
Use Your Browser’s Security and Privacy Tools
You may or may not be aware that whichever browser you use, it has privacy and security settings that you can adjust to your liking. The Chrome, Firefox, Safari, Internet Explorer and Microsoft Edge browsers all have options that allow you to protect yourself while browsing.
I’ve already covered how to do this in a quite informative article on my website, which is (in my humble opinion) highly recommended reading for those interested in securing their favorite web browser.
The article goes into much more detail than space here allows. Click here to read the article.
We’ve covered a lot in this article, but nothing too arcane. By taking the time to investigate your options, you can easily decide on the most secure browser for your needs, and even find ways to better strengthen your browser of choice’s own security protections with the use of extensions or a VPN.
I find that Google’s Chrome, with a few well-chosen extensions such as HTTPS Everywhere and Disconnect, as well as a high-performance VPN like ExpressVPN, to be the best way to protect my online travels from prying eyes. All those individual pieces stack up to a security wall that keeps my screen from becoming cluttered with ads and adware, and protects me from malware.
When I’m researching subjects like the dark web, or I want to protect myself from detection by my ISP or friendly neighborhood government agent, I always use the Tor Browser due to its use of connection relays to obfuscate my actual location and the activities that I am conducting.
You may find that, much like your other online activities, there isn’t any one app that will cover all of your security and privacy needs. That’s why I always suggest keeping various tools in your online arsenal to protect yourself and your activities. That’s why you should also check out the other guides on my site for more information on how to protect yourself while online. Enjoy your travels.