Leaving a digital trail
Not all browsers are created equal when it comes to security of your personal data. Some of the most popular browsers in the world are being exposed for collecting and selling user data or lacking adequate security measures.
Wed 31 August 2022
Whether on your phone, tablet or computer, everyday you probably use a browser. It’s that ubiquitous tool we use to access the internet (Chrome, Firefox, Safari to name just three) and with a search engine built in as a way for you to browse content once you’re there.
What do they offer in terms of protecting your personal data?
In a browser you type in keywords or a question, as soon as you click ‘search’ the search engine kicks in and looks through its index for relevant web pages to display. These results show up on the browser again so you can look through them and click on the web page you want. They are recorded in the browser’s history, so you can use the history tab to go back to something you looked at earlier.
We tend to have a ‘go-to’ browser of choice. For many, it’s Chrome from Google. It’s on every platform, quick and for many the fact that Chrome is ‘open-source’ is a big plus. Open-source means that the browser can be scrutinised by anyone for hidden vulnerabilities and any malicious code.
A number of other browsers are based on the same open-source code and collectively they are known as ‘Chromium based browsers’, built using the basic structure of Google’s open-source software. Chromium itself is fast and has a vast library of extensions, but it has a high RAM consumption (memory usage), doesn’t update automatically and isn’t privacy focused.
Chromium based browsers include: Opera, Edge, Chrome, Brave, Epic
Not Chromium based browsers include: Tor, Safari, Firefox
Private browsing, not so private?
What is private browsing? It’s supposed to minimise the digital footprint you leave behind when you visit websites. Most of the leading web browsers offer some version of private browsing. Chrome, for example, calls it ‘Incognito browsing’, while Safari calls it ‘private browsing mode’. When in this mode, the browser stops recording where you’ve visited, it won’t remember any data entry you may have made, and supposedly any cookies will also be erased.
Whilst surfing the web in ‘incognito’ or ‘private’ mode might seem more secure than doing it with a totally unsecured browser, recent research and anecdotal evidence suggests that so-called private browsing isn’t nearly as private as it may appear. In fact, it’s not really private at all: routers, firewalls, proxy servers, RAM chips or the Domain Name System (DNS) cache all could have a record of your browsing history.
It’s important to remember also that going in private mode doesn’t prevent cyberattacks, infection by malware, or phishing scams because you are still connected to servers out in the internet.
Browsing in private mode does prevent advertisers from tracking what you’re looking at.
But Private Browsing doesn’t make you invisible. Your IP address will still be visible to many third-party individuals and organisations. For example, your ISP will know which websites you've visited, and hackers could work out your location using your IP (though some private modes do limit location tracking). For true online privacy and anonymity, you're safer using a VPN app, such as Nord or ExpressVPN.
Not all browsers are just browsers
Google Chrome is the most popular browser in the world, it has a very sophisticated algorithm, it gets updated frequently and it’s one of the fastest available. But, this comes at a price. It’s good to remember that Google is not primarily the search engine that we often think of. It’s an advertiser first and foremost. And as such, it’s very interested to see where you visit, what you do, what makes you tick. In fact Google loves to know everything about you that it possibly can and Chrome is its window into your world. Your privacy is limited because your online activity and behaviour is tracked.
Sure, you can switch between incognito windows and normal Chrome windows. You can also choose to block third-party cookies when you open a new incognito window. According to Google, Chrome does have technology built in that protects from dangerous and deceptive sites that might steal your passwords or infect your computer. Advanced technologies, such as site isolation, sandboxing, and predictive phishing protections, keep you and your data safe.
There are stories that browsers like Chrome play fast and loose with your data though, especially when it comes to tracking your movements. Facebook has repeatedly been singled out as a major offender, but few will know that Chrome collects more data on behalf of other applications, revealed in an investigation by Forbes.
Mozilla’s Firefox is a favourite of those who value privacy as this browser only collects the information it needs. With over 250 million users, Firefox is popular and regarded as a more secure alternative to Google. It’s known for its advanced customisation abilities so you can adjust the privacy and security settings to suit you best.You don’t need an email address to sign up, and it blocks website trackers by default. It also has a customisable security feature, where you can manually select the strictness of the browser data collection and protection.
Having retired Internet Explorer, Microsoft introduced Edge and it has a host of built-in privacy features. Like some other browsers, it also blocks web tracking and cookies by default. A great feature of Edge is its ability to notify you when you visit a website that has been compromised. The built-in password manager will also suggest stronger passwords if your current ones are weak.
Edge collects data to identify your device and ‘diagnostic data’, for instance information about the websites you visit, for ‘product development’. You can limit the data Edge collects on you in settings but if you’re using Windows, Microsoft probably collects your data anyway.
Researchers found that Edge sends ‘persistent identifiers that can be used to link requests (and associated IP address/location) to backend servers’, which is about the same as saying that your data is being leaked.
One of the most private browsers is DuckDuckGo. It’s a private search engine. Unlike Google and other mainstream search engines, it offers no personalised search results, making it harder to get caught in an information echo chamber throwing up results based on previous visits. It doesn't profile its users according to their search patterns, and everyone gets the same search results.
DuckDuckGo doesn't track you in the same way that Google does. If you want to browse the internet safely, combine DuckDuckGo with a VPN which will wrap your traffic in encryption and protect your IP address. DuckDuckGo also has its own apps and extensions for all major operating systems and internet browsers. It focuses on its main function, providing a quality and private search experience. You can use it on both a desktop and mobile browser.
Taking a stand against tracking
Some companies are taking a stand against tracking your online activity. Apple in particular has pushed back against advertising and tracking, much to the chagrin of big advertising players such as Facebook or Amazon, who rely on browsers tracking what you're doing in order to serve up things that they think may interest you.
Apple introduced an option to ‘prevent cross-site tracking’ in their Safari browser. Unless you visit and interact with the third-party content provider as a first-party website, their cookies and website data are deleted by Safari.
Social media sites often put Share, Like or Comment buttons on other websites. These buttons can be used to track your web browsing, even if you don’t use them. Safari blocks that tracking. If you still want to use the buttons, you’ll be asked for your permission to allow the site to see your activities on the other websites.
Safari can generate a Privacy Report for you that shows a list of known trackers who’ve been blocked from tracking you. It can also check all your stored passwords to see whether they have been compromised in a data leak somewhere, or have been used on more than one site, prompting you to update them. It’s useful to help keep your password information safe.
Apple has gone further too. Every time you visit a website, the site gathers data about your device, for example your system configuration. It uses that data to show you a web page that works well on your device - so that’s helpful. However, some companies use this data to try to uniquely identify your device, which is known as ‘fingerprinting’. To stop this, whenever you visit a web page, Safari presents a simplified version of your system configuration. The effect is to make your Mac look more like everyone else’s Mac, which dramatically reduces the ability of trackers to uniquely identify your device.
Safari alerts you and doesn’t load sites that aren’t secure, for example, if they have unencrypted payment fields. It runs your tabs in separate sandboxes, which helps prevent a malicious code damaging or accessing your entire browser’s data. It has its own password manager, so it’s convenient, especially because it can share passwords across your devices through the ‘Keychain’. Safari can store your bookmarks, browsing and password data and more in iCloud so you can synchronise Safari across all your devices. It also helps save it if your device is lost or stolen.
Can I delete my data from browsers?
Yes, and we can help you do that. You can see how to delete your personal data from browser companies on our dedicated page here.
Rightly Protect is our product that can help you find out which companies have your data and then get it deleted from those that don’t need it any more, quickly and for free.