Your Choice of Browser Matters
Your choice of browser affects not only what tools are available to you or how convenient the browser is, but also how much information you share in the process.
The Internet only stays healthy if we trust it as a safe place — to explore, transact, connect, and create. Our privacy and security online is under constant threat. But there's something you can do about it: get informed, protect yourself, and make your voice heard. A healthy Internet depends on you. — Mozilla
Each browser has strengths and weaknesses which can change over time.
Whichever browser you choose, the most recent version will usually have improved security features and/or have known security issues patched.
While most browsers come in both 32- and 64-bit versions, the 64-bit versions are generally faster and more secure.
Consider Security and Privacy
When making your choice, consider how well each browser handles privacy and security.
To be “secure,” a modern browser must meet certain requirements.
Check Privacy Settings
Check your browser's privacy settings. Choose your addons carefully as well as any other third-party aspects your browser uses.
Check Your Browser's Search Engine Settings
Choose your search engine carefully rather than accepting the default setting.
Clear Private Data
You should clear your privacy data (cookies, saved form information, cache and authenticated sessions) before and after on-line banking (or similar sites where there is the risk of revealing personal information of greater value).
It is a myth that you can't be tracked while using so-called "Incognito mode." In fact, Incognito mode mainly just deletes information on your computer and does nothing to stop Google from saving your searches, nor does it stop companies, Internet service providers, or governments from being able to track you across the Internet. — DuckDuckGo
Firefox is my recommendation.
Firefox products have never — and never will never — buy or sell user data. — IRL Podcast
Not only is it more secure, but Mozilla is a non-profit organization dedicated to protecting privacy and has no ties to an operating system or search engine company.
Built-in Privacy Features
Firefox has built-in privacy and security features that are designed to keep you safe, but are flexible enough that you get to choose your settings.
Firefox's privacy settings are located Privacy tab (Options ⇒ Privacy & Security). Be sure to review all the settings as you go. Firefox privacy notice.
When you come to History I recommend checking Clear history when Firefox closes. You can choose which items get removed by clicking the Settings button located to the right:
In order to preserve any visited sites, bookmark them when you realize that you may want to come back to them later. Hints:
- Use a “Current” folder to manage new bookmarks, moving them to a permanent sorted location when you realize that you want to keep them.
- Be sure to remove the tracking information at the end of a link (usually starts with
?utm_source=) before bookmarking them. Links from Twitter and emails typically include these.
Private Browsing Mode
Firefox's Private Browsing mode allows you to surf without saving information about the sites and pages you've visited. Neither cookies nor passwords are saved.
If you're like most people, you're probably using Google Chrome as your default browser. It's hard to fault Google's record on security and patching but privacy is another matter for the online ad giant. — ZDNet
Google Chrome is now the dominant browser (only Firefox and Safari are not based upon Chromium).
We created the monster that Google Chrome has become. Only we can destroy it. — ZDNet
Convenient but Lacks Privacy
Chrome collects your surfing data and there are significant privacy concerns.
A Global Monopoly
Google's monopoly goes far beyond their browser's dominance.
It now threatens the future of the open Web and the digital economy.
Google now controls a significant majority of both Web searches AND browser installations, giving Google a monopoly on access to content on the Web.
Google purchased existing companies with expertise in areas they traditionally didn't have, then combined the users' data from all their companies to create powerful search and advertising profiles.
Google Never Forgets
Google makes their money by exploiting the information you provide both intentionally and unintentionally.
Google NEVER forgets.
Don't Sign-in To Google
While you have access to your bookmarks and history from any number of computers, phones and tablets, clearing the data on your computer doesn't remove it from Google's servers where it resides forever.
By not signing in to your Google account, you may miss some of the conveniences, but you provide less information to Google.
The most important difference between the new Edge and Google Chrome strikes right at the heart of Google's business model. By default, the new Edge turns on tracking protection and sets it to Balanced, which blocks many ads and almost all third-party tracking code. — ZDNet
Edge has more privacy settings than Chrome, and it's much easier to track them down. For example, Edge can block trackers from sites you've visited and those you haven't. It can also reduce the odds of your personalized information being shared across sites. — Digital Trends
Adjust System Settings
It defaults to running continuously in the background unless you turn off “Continue running background apps when Microsoft Edge is closed” in the System settings option.
Safari is Apple's default browser and they have made great efforts to improve the privacy protections.
The “Good Privacy” Browser
Some of those changes were aimed at fighting ad-tracking and digital fingerprinting of the Safari browser.
Don't Use Internet Explorer
Internet Explorer (IE) is a major security vulnerability within Windows and therefore should not be used as your primary browser when surfing the Internet.
You see, Internet Explorer is a compatibility solution. We're not supporting new web standards for it and, while many sites work fine, developers by and large just aren't testing for Internet Explorer these days. They're testing on modern browsers. — Chris Jackson, Microsoft
Security risks are not unique to Internet Explorer but its reach is deep into the Windows operating system, making it more vulnerable to security issues than any other browser.
Don't simply install your browser. Customize the settings to ensure that you've locked it down as tightly as you can.
Do Not Track
Current browsers have the capability of telling a site that you don't want to be tracked. But that assumes that a site will bother to respond. There are few, if any, such mechanisms in place.
Do Not Track (DNT) is a browser setting where the user can indicate that they don't want to be tracked. However, without a consensus about how to interpret DNT, most sites ignore the setting:
At this time, there is no general agreement on how companies interpret Do Not Track signals. This site does not currently respond to DNT signals, whether the signal is received on a computer or on a mobile device.
Interpretation: Tracking you is profitable, so I'll just ignore the DNT and claim it is because there isn't agreement on interpretation.
Were it to their benefit (like copyright or patents), these corporations would have found a solution long ago.
If if wasn't so profitable to track users and their metadata, I'm sure that standards could be accomplished.
Early anti-spam technical fixes failed because no one wanted to accept anyone else's solution. The result? The huge amount of spam we have to deal with today.
I wonder if the desire to ignore such requests is behind the failure to cooperate in a respected standard.
Even when Do Not Track is enabled, some facilities also track store visitors via their cell phone using Mobile Location Analytics.
It will probably take legislation to enforce such a mechanism and governments are implicit in the collection of metadata and its storage without court oversight.
Still Worth Setting
It is still worth setting the DNT.
[D]espite the fact that only a small number of companies respect it — a significant number of companies like Twitter, Medium and others do respect it. — Jules Polonetsky
Hopefully, when there is a universally-accepted standard in place, all websites will honour them. At the present time not all browsers have a DNT setting.
Learn more about fingerprinting and other techniques that are used track you online, even if you are using privacy-protection software.
Much of the Internet is broken, a result of greed and exploitation at the expense of those who simply want information and entertainment but don't consider the risks of their behaviour.
These recommendations make using your browser safer.
Use Encrypted HTTPS Sites Where Possible
HTTPS is a secure protocol used by websites that encrypts traffic between the site's server and your browser.
The content of your web request and the reply that comes back can't easily be monitored by other people on the network. This makes it much harder (nearly, if not absolutely, impossible) for attackers to eavesdrop on secrets such as passwords, credit card numbers, documents, private photos and other personal files that show up in your network traffic.
HTTPS traffic isn't just encrypted, it's also subjected to an integrity test. This stops attackers sneakily altering or corrupting data in transit, such as replacing bank account numbers, changing payment amounts or modifying contract details. — Sophos Blog
Secure sites are indicated by
https:// (notice the s) in the address and/or some sort of a padlock symbol. The display varies by browser:
- Firefox, Google Chrome, Safari, Microsoft Edge and Opera all use a padlock to the left of the address.
- The shield beside the padlock in Firefox indicates enhanced tracking protection.
- Firefox and Edge display the HTTPS prefix. Chrome, Safari and Opera don't.
Connect Only to HTTPS Sites
I strongly recommend that you only connect to sites that are encrypted with HTTPS (HTTP over TLS), especially you're logging in or whenever you're sharing personal information.
HTTPS across the Web is good for Internet Health because it makes a more secure environment for everyone. It provides integrity, so a site can't be modified, and authentication, so users know they're connecting to the legit site and not some attacker. Lacking any one of these three properties can cause problems. More non-secure sites means more risk for the overall Web. — Mozilla Blog
This is particularly important when using online banking or when shopping online — anywhere that you are sharing banking or credit card details.
Avoid Unsecured Sites
Unsecured (non-HTTPS) sites are vulnerable to man-in-the-middle attacks.
Without HTTPS, there are many places along the way between your browser and the other end where not-so-innocent third parties could easily eavesdrop on (and falsify) your web browsing.
Those eavesdroppers could be nosy neighbours who have figured out your Wi-Fi password, other users in the coffee shop you're visiting, curious colleagues on your work LAN, your ISP, cybercriminals, or even your government. — Sophos Blog
Site owners should ensure their site is encrypted if they wish to retain the trust of visitors to their site.
Many sites scrape information and engage in cross-site tracking. Facebook and Google are the worst offenders.
This is a one sided bargain that benefits advertisers and data brokers. It formed the surveillance economy that has taken over the Internet.
Watch for Insecure Content on HTTPS Sites
Watch for warnings on HTTPS sites that indicate that some content is not being handled securely. This often results from insecure links to images and similar material.
Because it degrades the security of the site, most browsers now list such mixed-content HTTPS sites as insecure.
HTTPS:// Everywhere is a Firefox, Chrome, and Opera extension that encrypts your communications with many major websites, making your browsing more secure.
- Mozilla's HTTPS and your online security looks at the strengths and weakness of HTTPS.
Firefox HTTPS-only Mode
Firefox has HTTPS-only mode:
HTTPS provides a secure, encrypted connection between Firefox and the websites you visit. Most websites support HTTPS, and if HTTPS-Only Mode is enabled, then Firefox will upgrade all connections to HTTPS.
When an HTTPS option cannot be located, Firefox warns you that a secure connection is not available, telling your that it is most likely that the site doesn't support HTTPS, including this caveat:
It's also possible that an attacker is involved. If you decide to visit the website, you should not enter any sensitive information like passwords, emails, or credit card details.
If you continue, HTTPS-Only Mode will be turned off temporarily for this site.
Firefox DNS Over HTTPS (DoH)
DNS (Domain Name Server) is the process by which the domain name that is easier for humans to remember (e.g. Wikipedia.org) is converted into the numberical address much like phone numbers (e.g. 220.127.116.11) that computers on the Internet can understand.
Unfortunately, this process can be tracked or spoofed, so Mozilla added security:
We are introducing two new features to fix this — Trusted Recursive Resolver (TRR) and DNS over HTTPS (DoH). Because really, there are three threats here:
- You could end up using an untrustworthy resolver that tracks your requests, or tampers with responses from DNS servers.
- On-path routers can track or tamper in the same way.
- DNS servers can track your DNS requests.
- — Mozilla
- A cartoon intro to DNS over HTTPS explains the terminology and issues simply.
Site Owners: Enable HTTPS
If you're a site owner, ensure that your site has HTTPS enabled by default. HTTPS sites are more secure and load faster.
Now, with the ever increasing percentage of HTTPS sites, it is the share of sites using the HTTP protocol that is getting smaller and smaller. — Ghacks
The continued use of a legacy HTTP address sends the wrong message: that your site is insecure and likely not properly maintained.
Chrome and Firefox Now Default to HTTPS Sites
Browsers are starting to default to HTTPS sites in order to help secure the Web.
- Google Chrome will now give loading preference to HTTPS sites.
- Firefox HTTPS-only mode places a full-screen warning for insecure sites before allowing temporary access.
This is annoying to the site visitor and greatly reduces confidence in non-HTTPS sites, which is bound to affect the SEO.
What's stopping you from securing your site with HTTPS?
HTTPS certification used to be expensive but Let's Encrypt, a non-profit option, now provides free site certificates.
Enabling HTTPS requires action on your part, including changes in your hosting service settings, but cost should no longer be a factor.