I no longer align with many of the points made in this article. Please see my revised article here.
Tell me, do you like your browser? That is probably something you never considered. Who has strong opinions about browsers? A browser is just a browser, right? Something that just does what you expect it to do.
I'm a tinkerer, and there's nothing you can say that won't stop me from tinkering everything I touch. So here's the gist of my browser setup and some tips. Hey, you might learn something new.
The most important choice is, of course, what browser do I actually use? The only decent choices rely on one of the three major engines: Blink, Gecko and Webkit.
Why does this matter, exactly? The main reason is compatibility. All three of these engines do things differently. Blink is generally the engine pushing for adoption of bleeding-edge technology. Gecko is trying to keep up with Blink, and Webkit... seems to just do the bare minimum of maintaining security.
Blink is by far the most popular engine, and so some idiotic web developers think that only testing their product on Blink is acceptable. It's not. Usually it's nothing more than a styling nuance, but I have seen websites of pretty sizeable companies that will straight up break if I access using Gecko.
If you care about ethics... all three of them aren't great. Much like the internet itself, it means taking the good with the bad. It does not happen often, but Blink is the best choice if you can't afford to potentially deal with a broken site.
If you're still willingly using Internet Explorer in this day and age, then you deserve the abhorrent web experience that comes with using it.
Now, I've chosen Woolyss' Chromium builds. Specifically the Ungoogled variant. I admit, this is a pretty niche choice, but there are a few reasons:
Another browser to consider is Brave, which is also based on Chromium. Business practices aside, it seems to be one of the better choices for those not interested in getting their hands dirty. If you despise Chromium as a whole, an alternative is LibreWolf, which is based on Firefox and has most telemetry removed from it.
Note that while both Woolyss' Chromium builds and Librewolf have timely updates, there is no update prompt and you will have to install them manually.
For Apple users, the Orion Browser might be worth considering. It is based on Webkit, supports Chrome/Firefox extensions and allegedly features no telemetry by default[4].
If you care about the best streaming quality (on Netflix, etc.) then things get a bit complicated, due to DRM limitations. For instance, Microsoft Edge has exclusive system-level DRM support on Windows, making it the best choice. It's a different story if you're on Linux, Chrome OS or Mac. I just thought this was worth mentioning.
Now I have my chosen browser, it's time to spice it up.
Settings will differ depending on the browser you use. But most of these options will be available under different names.
In settings, there isn't much to play with, especially on Chromium.
Nothing useful here.
You can absolutely use the built in autofill, but I instead use Bitwarden.
I choose these options:
Regarding cookies, Chromium does not isolate them between tabs or websites, so clearing them periodically is the next best thing to avoid cookie-based tracking. Firefox and Safari can isolate cookies per tab with some configuration, which is marginally better.
Clearing cookies means being logged out of websites after already logging in. This sounds tedious, but is easily remedied by using a password manager. Logging in will only take a few clicks.
In some cases I might allow exceptions. For instance with Google Drive, files cannot download without allowing 3rd-party cookies.
Not much here. I never use the home button so I disable it.
Here is where things gets interesting. In addition to your default search engine, you can also search on specific websites using keyword searching.
Essentially, I can search on a specific website via the (search) omni-box with just a single letter.
This is keyword searching in action:
Anyone who's ever used DuckDuckGo's !bangs will be familiar with this underrated feature. However, keyword searching is advantageous for two reasons:
Chromium will automatically set these up for you if it thinks it can, albeit using the full name of the service. One character keywords are efficient. Then it's simply a matter of setting up the correct URL for searches.
Here's an example of reddit and Twitter:
Here, the [%s] at the end of both URLs are the placeholder for your actual search query.
That is all the configurations I make in Settings. Like I said, there isn't much to play around with.
Let's move onto flags.
Here's something you may not know about. Chromium and Firefox both feature a console menu featuring hundreds of dev settings you can play around with. For Chromium, it's chrome://flags and for Firefox, it's about:config.
That being said, some of these settings, uh... might hinder the browser. If you don't understand what something does, don't touch it. The choices I make here boil down to further simplification, or enhanced functionality.
It's worth noting that Chromium likes to change their flags. Some options listed here may no longer exist.
Browsers and extensions go together like bread and butter. Here, one can really configure how their browser works.
Privacy and security focused people will discourage the use of extensions, because they usually create more attack surface, and (depending on the extension) can make your browser easier to fingerprint. For the average Joe, don't worry about this. Chromium has a good security model, and as for privacy, we can rely on another browser. More on that later.
For me, there are two extensions I absolutely need:
Note that uBlock Origin should not be confused with uBlock, which is a different content blocker.
Let's break this down.
uBlock Origin is a content blocker that gives your browser massive control at what is allowed to load from a website. Out of the box, it uses curated filter lists to block stuff that isn't required for normal site functionality, like analytics.
Strictly speaking, these lists aren't that useful[5], but what's important to us is that it excels at handling intrusive content. The filter lists will target advertisements within most websites.
In addition, other filter lists can be included. For example, I Don't Care About Cookies boasts a filter list made to block cookie warnings as a result of GDPR.
See Also:
In addition, one can manually target any visual element of a website, which allows us to further simplify our website experience.
I hide buttons and info I never interact with on frequent websites, such as DuckDuckGo.
Here's how it works. In uBlock Origin's GUI, there is a handy feature called Element Picker mode. This mode allows you to pick an element of a website that you want to add to your custom filters list.
After removing everything I don't use, here is what my search result page looks like now:
(Interact with the image)
Doesn't look like much, but it definitely helps.
Incidentally, there's a feature called Element Zapper, which does the exact same thing but temporarily, which might be useful.
If you block something and later realise you need access to it, you can disable cosmetic filters for a given site. This will reveal all filtered cosmetics.
If you want to permanently stop blocking a specific element that you previously picked, you'll have to delete the filter manually via "My Filters", which can be found in uBlock Origin's dashboard.
Here is Element Picker and Zapper mode in action:
As a side note, uBlock Origin can sometimes block too much on a website and break it in some way. The biggest giveaway being a lack of response from the website. You can simply turn off uBlock Origin for that given website and it will function exactly as intended.
As another side note, some people will mention uMatrix, made by the same dev. It is an acceptable alternative in that it gives you even more control over what is allowed to load. However, it is really only useful in block-all mode, and so can be very tedious to work with. I'm not entirely sure why anyone would want to use something so time-consuming for privacy when there's a far simpler, less head-ache inducing solution (more on that later). If you're a masochist then by all means, use uMatrix.
Let's move onto Redirector.
On paper, Redirector doesn't sound exciting. However, pair it with fabled alternative frontends and it quickly becomes a powerful beast.
Firstly, what is a frontend? It's basically the interface you interact with. In the case of web browsing, it's what you actually see in a webpage. Front-ends are designed to look nice. On the other side, is the backend. You do not see what happens in a backend because it's irrelevant for the user experience.
The best analogy I can think of is a theatre performance. The frontend is the actors performing on the stage - what we actually see. The backend is behind the curtains, where other essential people are scrambling about to prepare for the next scene, or whatever.
Now, many popular websites like to bloat their frontends with content and buttons. Most people have no choice but to deal with it if they want to access said websites.
Enter the proxy frontend. These are websites specifically designed to replace the default frontend of a given website by scraping the content, and serving it to us instead. If you're confused, then try this demonstration.
Here's a link to reddit.com - the original site, and here's a link to libredd.it - a proxy-frontend. Both show the same content posted by users of reddit.
If you've ever used 3rd-party apps for reddit or Twitter, then you should be no stranger to this idea. The only difference is that with a proxy frontend, you're (usually) not connecting to the original website. Libredd.it is a proxy-frontend to reddit, and makes the experience much more lean. I appreciate simplicity.
The selling-point of these frontends is that they improve privacy by acting as a proxy - scraping reddit's content on our behalf, and presenting the content to us themselves.
The only problem with alternative frontends is that they cannot reroute outside links, such as a search engine result, to the proxy frontend.
I think you know where this is going...
With Redirector, we can make our browsers automatically reroute reddit links to the libredd.it frontend ourselves.
Here is Redirector in action:
Here is a copy of my Redirector configuration for reference. It might be outdated, but should at least demonstrate how this works.
Just a number of trivial extensions I also use that enhance my browser:
No doubt you will have heard of commercial VPNs or other products like antivirus that claim to greatly enhance your privacy and security on the internet. The truth is that it's mostly all bark and no bite.
The main problem is that you have to trust them. With nearly all of these "one-stop solutions", the only thing you actually accomplish is the transferral of trust from one entity (which granted, is often far less trustworthy to begin with) to another, who promises to play nice. For instance, do you have faith that your VPN provider won't just disclose your information to third-parties like your ISP already does?[6]
See Also:
So what's the easiest way to obtain privacy on the internet? Keep it simple and use a dedicated browser for that very purpose. Specifically, make use of the Tor Project. This is the best privacy with minimal compromise you're gonna get. Tor and Tor Browser are two separate components that work together to create the most private browsing experience on the modern web.
What is Tor? It's like a VPN, but with a key difference. Tor routes your traffic in a near trustless manner, which as I mentioned earlier, is the biggest issue of most commercial privacy solutions.
As for the Tor browser, it's based on Firefox, and hardened in such a way that the fingerprint of every browser looks as similar as possible. This is very important, as it's pretty much the only reasonable way to defeat fingerprinting. This is done via under-the-hood overhauls and GUI changes, such as letterboxing.
It is effective, and it is free. I use this as a secondary browser.
I say secondary, because sometimes it is impractical. While customisation is possible, it is actively discouraged. Therfore installing uBlock and Redirector are big no-nos. These things can and will likely worsen the security and fingerprint mitigation models baked into Tor (although I've yet to see an argument how an extension like Redirector could cause this). Also, some websites discriminate against Tor users. Tor still has a way to go if it wants to be truly accessible to the public. I use Tor for most research, and I also use it as the default browser for opening external links. I leave everything else to my Chromium browser. For most people's threat models, the Tor Browser on standard security will absolutely suffice.
Incidentally, using Tor gives us access to .onion domains, offering increased anonymity and security over conventional domains (.com, .net, etc.). In a case like this, both the server and the client will connect via the Tor network. Not many services embrace them, but you may be surprised at those who do. Hell, even Facebook has one.
See Also:
Mobile devices are more limited in choice. On iOS, the only reasonable choice is Safari and maybe the Onion Browser. On iOS, browsers are forced to use the Webkit engine, so there's little point in using other browsers, unless you care about syncing bookmarks or whatever.
Android gives more freedom. Bromite is my personal choice. It features ad blocking and enhanced privacy, with telemetry stripped out, similar to Ungoogled Chromium.
There is an official Tor Browser for Android as well.
And as a bonus, there's the Kiwi Browser, which is feature-rich and boasts the ability to install extensions - which Chromium doesn't officially support on mobile. The Kiwi Browser does not focus on privacy enhancements.