SECURITY: Google Chrome is a freeware browser based on the open-source Chromium project. Some proprietary components have been added to optimize features such as upgrading, crash reports, a PDF viewer, media codec support and a randomly generated token that sends basic installation data back to Google. Although Chrome itself is not open-sourced, a nice feature is that Google does offer a very lucrative bounty program for reporting vulnerabilities along with its own Project Zero. Recently, Google has made it so that Chrome now quietly installs a mandatory DRM module without an option to disable it. This makes it difficult and dangerous for security researchers to investigate the possibility of vulnerabilities in Chrome [more information].
SECURITY: Firefox lets you create different user profiles called containers which can be used in the same way as the previously suggested Chrome profiles. Since Firefox switched to HTTPS support, any login that doesn’t support HTTPS displays prompt in the password field reminding the user that their login could be compromised. On top of being free and open-sourced, Mozilla also offers a bug bounty reward for Firefox.
PRIVACY: Mozilla makes it very clear that they put a high priority on privacy. On top of being completely open source, Mozilla will not sell browsing data to other companies since they are a non-profit. Firefox uses tracking protection during private sessions but it can be enabled on the default profile as well. Unfortunately, some previous versions of Firefox used a legacy web extension that offered a lot of freedom for developers at the expense of being quite invasive by introducing several vulnerabilities which are covered in this paper. Considering Firefox has limited protection out of the box compared to a browser like Brave or Tor, there are some addons that can greatly improve the browser’s security. It is recommended to use TheCreeper/PrivacyFox to enhance privacy settings for Firefox.
PRIVACY: Braves makes the list of 3 browsers recommended by privacytools.io, which makes it worth a serious look. A notable feature that Brave has is WebTorrent integration for built in streaming. Brave makes W3C DRM optional by allowing users to disable it and even gives a warning about using it. Besides free ad-blocking, what really sets Brave apart from other browsers is that it allows users to collect micro-donations called Brave Payments, rewarding users with Basic Attention Token (BAT).
“BAT will allow publishers, advertisers, and users to connect in an online environment that reduces fraud, privacy violations and “malvertisements” while increasing publisher revenue.1” BAT offers an anonymous and private p2p ad-tech solution for collecting rich user metrics by eliminating 3rd party intermediaries and rewarding all who participate.
TOR (short for The Onion Router) really deserves it’s own writeup, but here’s the quick rundown. Tor Browser is the flagship application of The Tor Project and as far as browsing goes, it is the undisputed king when it comes to privacy, security and anonymity. It uses a tech developed by U.S. Naval Research Labratory employees in the 90’s called “onion routing”, which implements encrypted nested application layers over the user’s network connection.
SECURITY: As stated on the Tor Project website, “[Tor] protects you by bouncing your communications around a distributed network of relays run by volunteers all around the world”. Tor is so secure that the FBI could not even locate or de-anonymize the Tor user who hacked into the Hillary Clinton email server. Ultimately, any vulnerabilities come down to how browser is configured and used. A good start would be referring to Tor’s documentation on installing and configuring Tor for optimal security.
PRIVACY: Once again, Tor Browser is the king when it comes to privacy browsers and anonymity and even the NSA agrees. However, it’s not a perfect solution. Naked Security points out that Tor had been mistakenly used as an end-to-end encryption tool, which is certainly is not. Basically, no matter how many nodes are relayed together, traffic must eventually escape the network through exit nodes. Years before Snowden, a Sweedish computer consultant named Dan Egerstad was able to leak hundreds of confidential government emails by using a packet sniffer aimed at POP3 and IMAP traffic coming through Tor exit nodes.Tweet