Web browsers get little attention when privacy is concerned. VPN has dominated the conversations as the leading solution for protecting online privacy – and for a good reason – but something needs to be said about web browsers in those conversations. A gateway to the internet, web browsers are sophisticated applications that employ several technologies to make the user experience smooth, native, and consistent across devices.
The power of the internet, the horsepower of devices running them, and the explosion of devices per user have fueled the evolution of web browsers from just an interface for the internet to something that allows you to play video-games or enjoy VPN protection without leaving the web browser.
Web Browsers Hold Important Data
As the saying goes, the most valuable thing in modern time is not oil, but data. It drives success by implementing the right strategies to the right audiences. There was a time when marketing had to have a broader appeal, but now, ads can be targeted to the user more likely to be interested in it. Digital advertisers pay top dollar to get their hands on data that allows them to target people based on interest. The interest can only be gauged when they have certain parameters such as search history, website visits, and engagement with posts online.
So, let us start with the basic example that I’m sure you will be able to relate to. Ever thought that Facebook was spying on you? Or that YouTube’s algorithm was working way accurate in showing content that matched your preference? You are not paranoid. It’s very common to see suggestions and ads based on what you were previously searching on the web. Just looked up where to buy furniture? Voila! There’s an ad on Facebook about the best furniture you can get at discounted prices. Bought a new phone? A Facebook ad pops up about accessories for that particular phone.
It’s not magic, but something called cross-site tracking.
Cookies and Cross-site Tracking
A cookie is a file that contains data about you. When you visit a website, it sends cookies to the web browser that acts as temporary files that the server can use to identify you during the next visit. Cookies enable a personalized experience; it allows websites to show content according to your preference. It’s useful for shopping. Imagine browsing through an online store, but you close the window before going through the checkout. Cookies retain the items in the checkout and let you pick from where you left off.
It consists of unique identifiers such as your IP address to automatically load the values upon your visit. It’s neat, but cookies are being used to display ads by advertisers. Ads are not inherently bad. It’s logical to play by the user’s preference than display irrelevant ads. If you visited some website and set the language to your preference, you would expect it to retain that setting for future visits. But, the issue is transparency – advertisers don’t take your consent before collecting the data, or at least do not explain the extent of it.
Ads are one of the ways websites earn money. They may partner with ad programs and display ads on the various available portions of the website. Some ads are randomly generated, and some are paid placements. The randomly generated ones are based on the website’s target audience, but they also take into account the user’s preference and browsing history.
There is No Free Lunch
Have you ever wondered how web browsers are completely free to download and use? Like I said earlier, modern web browsers are feature-rich and run thousands of lines of codes under the hood. There’s development cost attached. So how do web browsers make money? Ads.
It doesn’t apply to other web browsers as much as it does to Google. Being an internet giant, unlike any other, Google owns several technologies; one of them is the biggest search engine on the planet. The Google Adsense platform allows publishers to partner and utilize their domains for displaying ads. Likewise, Google Adwords is the platform advertisers turn to for running ads.
Google has a unique position to combine its offerings so that they work in tandem. Google Search has ad spaces that allow advertisers to target keywords and geographic audiences. There is a reason why Google pays Apple royalty in the billions for making Google Search the default search engine in Safari – it’s a way to display ads and translates to ad revenue. In 2019, Google’s advertisement revenue reached $134.8 billion.
Facebook is in a similar position. Its cross-site trackers are notorious. In addition to that, the “like” and “share” buttons that you see on websites deliver signals back to Facebook, allowing insight into your preferences for targeted ads.
This information should answer the burning question of how companies like Google make money by giving their tools for free. Other browsers such as Safari and Mozilla Firefox are not in the same boat. Apple sells you a hardware platform, so Safari’s software development efforts get offset when you buy an Apple product. Firefox is a non-profit entity that runs on donations to keep the operations afloat.
Top Secure Browsers
Firefox was introduced back in 2002 when dialup internet was still a thing. Slowly, the web browser gained popularity over Internet Explorer thanks to its speed and overall performance. It continues to be one of the leading web browsers, having established itself as a privacy-focused web browser over the past couple of years. Firefox is fighting the privacy war with several features that it gradually introduced.
In 2019, Firefox launched Enhanced Tracking Protection (ETP) in its browser. The feature blocks cross-site trackers. ETP was upgraded this year with the ability to block fingerprinting as well – a form of invasive data collection that forms a unique fingerprint about you, based on device type, screen resolution, operating system.
Firefox also led the adoption of Domain Over HTTPS (DoH). The web browser uses a trusted DNS resolver and combines encryption to secure DNS queries, thus preventing spoofing and any third-party from seeing them. You can learn more about DoH here.
But, even web browsers that are so focused on giving control back to users can only do so much without a steady stream of revenue. Firefox is battling to survive. Having laid off hundreds of its staff and engineers over the years, Firefox needs funding more than ever to survive as the web browser continues to walk in the shadow of Google Chrome, which remains the most popular web browser in the world.
Nevertheless, Firefox is a solid choice. It has plenty of extensions and the ability to sync your browsing history, preferences, login passwords across devices.
Apple has positioned itself as a pro-privacy tech giant of Silicon Valley. It doubled-down on its stance in the last five years when other tech companies were attracting heat over user privacy.
Safari has seen several improvements and additions over the years, and one of them is the ability to block cross-site tracking. Apple introduced the feature with iOS 11 and has slowly made improvements to it since. Today, Safari’s Intelligent Tracking Prevention (ITP) is more aggressive than ever.
Let’s go back to the social buttons that I discussed earlier. Some websites allow you to sign-in with a Facebook or Google account. Once you confirm, the website uses information such as your full name, email address, date of birth, friends, and more. Apple went ahead and introduced Sign-in with Apple as an alternative that’s centered around privacy. If the app requests your email address, Safari will ask for confirmation, or you can even choose to allow by hiding the email address. In the latter, Safari will hide your email address by generating a unique email address that will forward the email address to the real account. Because the randomly-generated email addresses are unique to every app, it allows you to the flexibility of disallowing access to apps manually.
You may not have heard of this one, but it’s actually very capable when it comes to privacy. Brave managed to develop a way to give money to publishers and advertisers while also restricting the type of invasive advertisement we normally encounter.
By default, cross-site trackers and ads are disabled. But, the user can choose to participate in what Brave calls the Basic Attention Token (BAT). By leveraging blockchain technology, Brave has developed a program where the user can earn money for viewing ads. BAT is earned through user-attention; it all happens anonymously without revealing the user’s identity to the advertiser.
It’s not a get rich scheme where you would just keep viewing ads all day and become a millionaire; the payout is not so enticing. However, the option is there.
By default, you are looking at a browser that’s capable of fending off malvertisments and data collection.
Based on Mozilla Firefox’s source-code, Tor Browser is an open-source project for accessing The Onion Router (Tor) network. Websites on the Tor network carry the .onion suffix and can only be accessed through a special browser like Tor. The onion websites are also not indexed by search engines.
The Deep Web is another – and more mainstream – name for the Tor network. Whereas the Dark Web is the part of the Tor network that’s hidden and encrypted.
Tor browsing involves multiple nodes (computers) that have volunteered to act as relays in the network. Requests have to traverse three nodes before reaching the destination. The process takes away the uncertainty surrounding eavesdropping on data. Tor is end-to-end encrypted, so not even the nodes can see either the destination and the contents of the packets.
Because of its security – and by extension, privacy – Tor is used by journalists who want to connect with whistleblowers in complete anonymity.
There are only two downsides to Tor. Firstly, because every request has to travel through multiple nodes, it hampers speed. Although you can browse the public internet, it’s not recommended to use Tor for such general purposes. The second issue is with the way Tor works. The first node in the network connects directly with you, and consequently knows the IP address. If you want complete anonmity – end-to-end – then use a VPN over Tor. Although it will introduce more delay, but it guarantees that your identity is completely safe online.
What is HTTPS
Hypertext Transfer Protocol (HTTP) was developed to help web browsers and web servers communicate. But it has a major vulnerability that allows someone to look into the data passing between the client and the server. It means your passwords, personal information, banking details is exposed to a Man-in-the-Middle attack. HTTPS was developed to fix that hole in the boat.
Hypertext Transfer Protocol Secure (HTTPS) uses SSL/TLS encryption to establish a secure link between the user and the webserver. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are encryption protocols that encrypt data before it leaves the user’s device. The data is then decrypted by the webserver, thus preventing any hacker from stealing it.
When a user visits a website, the client’s device authenticates the webserver by receiving its digital certificate. These certificates are issued by independent entities known as Certificate Authorities (CA). The handshake and key exchange happen through asymmetric encryption process; involving a public key and a private key. For the best speed, exchanges between the user and the webserver happen through symmetric encryption after the handshake stage.
HTTPS is a Sign of Trust
By encrypting user data, it thereby guarantees the user of a safe browsing experience. Most websites today have adopted HTTPS – but a lot of them have not.
HTTPS is most crucial for websites that retrieve information from the user – login details, for example. E-Commerce websites use it to make transactions securely over the web. Without encryption, a third-party can steal the banking information, or even direct you to fake login pages that are designed to retrieve information. But today, you are much less likely to end up on a non-HTTPS website.
It’s not just users who view it as a sign of trust, search engines like Google favor websites with HTTPS. It is one factor that helps a website rank higher, simply because Google – as a search engine – wants to show users with websites that are trusted. HTTPS is one of the fundamentals that every new website adopts if it hopes to do better from the SEO perspective.
You can check for encryption yourself. The padlock icon next to the web address in the URL bar of the web browser denotes a secure connection with the website. By clicking on the padlock icon, you can view more details, such as its digital certificate signing authority.
If you do come across a website without HTTPS, then using a VPN is the best solution. Pick from any of our top VPN services for a safe browsing experience. But VPN has benefits outside of encryption, it makes browsing activities anonymous and allowing access to geo-restricted content. It is highly recommended for public Wi-Fi hotspots.
Avoid Free VPN and Proxies
Once you have picked a secure web browser, the next thing is to ensure that you never use free proxies or free VPNs. Because both pass your data to the web server, they can log every activity, then sell it to advertisers. They are free for a reason – you are the product. Moreover, they have limited servers to choose from, and the performance will feel like a crawl. Instead of going for free services, there are many premium providers that offer the best VPN discounts.
In the end, it may take a bit of the first-hand experience before you decide on a primary web browser. But because modern web browsers allow you to sync browsing history, login information, and bookmarks to an account, you can not only take your history on other devices but also export the data to a new browser.