Which Browser Is Better for Privacy?

That's a great question, and the answer isn't as clear cut as you might think. Different browsers handle user data in different ways, and when you toss add-ons and extensions into the mix, the picture changes even more. Let's take a look at some of the most popular browsers from a privacy angle, and see who has your back when it comes to tracking—or not tracking—what you do online.

Chrome, and Google's Position on Browser Privacy

Google Chrome, being the dominant web browser in most of the world, has taken a few hits lately in the privacy department. Between adware-filled extensions and microphone-listening exploits, It might look like Chrome has privacy problems. However, both of those issues are third parties using a combination of built-in features and user trust to spy on them—it has nothing to do with the browser itself. We'll get to how third parties play into things a little bit later, but first, let’s talk about Chrome on its own.

Like most browsers, Chrome has useful features that phone home to Google or use Google services. If you sign in to Chrome with your Google account, you can make use of Chrome Sync, which lets you sync your bookmarks, passwords, and tabs for later or to use on other devices. Logging in to Chrome also lets you use Chrome Apps, and while you don't have to sign in to install add-ons, Google definitely encourages it.

Do Not Track, the feature in web browsers and web sites that asks advertisers and data miners not to track your browsing habits, is a relatively new… 

Chrome has discrete privacy settings, where you can enable or disable services like URL prediction, page pre-rendering, spelling correction, and usage statistics and crash reports. By default, most are turned on, but they're all under chrome://settings and "Show advanced settings." This is also the place you can enable Do Not Track, which, as long as sites honor it, also also helps protect your privacy. To their credit, Google has an entire privacy policy breakdown just for Chrome, where they explain exactly what information they get and what they do with that information.

The amount of information Google gets varies depending the features you use. If you use conversational search or voice search, a recording of your audio, the URL requesting speech input, and the grammar settings of the page you're visiting are all sent to Google's servers, but all of that is required for the feature to work. If you use spell check, any text you type in Chrome is sent to check for spelling mistakes or errors. If you have usage statistics and bug reporting enabled, additional information is included. It's a lot of data, but Google is absolutely clear: none of it is personally identifying.

That said, Google doesn't say how long they store that information or how easy it would be to build a personal profile based on all of that non-personally identifiable information. We spoke to Google about their approach to privacy, and they replied in no uncertain terms: Privacy and security is a top priority. They cited their background fighting for internet privacy and against governments and companies that want to harvest data. Indeed, Google is leading the charge for transparancy in government data requests, and recently publisehd their first government transparency report.

Google reps also pointed to Chrome's safety record, their monetary rewards for bug reports, and their Pwnium contests, which encourage hackers to beat on Chrome and Chrome OS until they find vulnerabilities. Finally, since most of Chrome is open source, users can visit Chromium.org to look under the hood (emphasis on most of, as the issue of how open Chrome is, versus Chromium is a hotly debated ongoing issue.) Google also noted that Chrome was one of the first browsers to incorporate sandboxing as a security measure. When asked specifically about Chrome Sync, Google explained that sync data is always encrypted. As for the adware add-on debacle in recent weeks, Google explained to us that developers who inject ads are in violation of their upcoming policy change that demand that extensions be "simple and single-purpose." That policy change is due to take effect in June 2014, although they're enforcing it to some degree now. Google said they were looking into it, and recommend users report offending add-ons in the Chrome Web Store and they'll review them. That's a change of tone compared to when ArsTechnica and How-To Geek brought up the adware extension issue a few weeks ago. Back then, Google made it clear that the issue wasn't really their problem, and users should be careful what they install.

We talked to the Electronic Frontier Foundation for a second opinion, and while they noted that Chrome does give users control over their privacy, they explained that between NSA spying allegations and the fact that Google makes a significant amount of money from advertising—targeted advertising at that—it's difficult to believe that privacy is as paramount as they say. They pointed to the mobile side of things, where Google notoriously pulled ad-blockers from Google Play and refused to open APIs for mobile developers as examples of Google keeping the doors shut to indepedent review. They also noted that while Chrome on the desktop does offer privacy controls, it still restricts users to a subset of what's available with other browsers (like the Tor Browser Bundle, which runs on Firefox.

Google has always had a pretty lax set of rules when it comes to the apps on Google Play, but today, they've started removing a number of

So bottom line: Google is confident in Chrome's overall security and its privacy protection features. Independent privacy advocates aren't so convinced, and note that Google is walking a line between dictating how much privacy their users get and giving them control over it themselves, which is a difficult place to be since they also make money off of user data. Debate aside, one thing is clear: Google obtains a great deal of information about you, but Chrome isn't a primary source of any of it. Gmail, your Google Search history, your YouTube account, your Google+ account, the files you store on Google Drive, and other browser-independent features are where your data really comes from, and in all of those cases, it doesn't matter what browser you use.

Firefox, and the Mozilla Foundation

Firefox has long been touted as the best browser for privacy. It's open source, managed by the non-profit Mozilla Foundation (of which, it should be noted, Google is an investor), and is at the core of most privacy-focused browsers (like the previously mentioned Tor Browser Bundle). Even on the mobile side, Firefox for Android is open source and its code available to anyone who wants it. By most accounts, Mozilla is completely above board with what Firefox does, and the Foundation doesn't trade in user data, so there's no reason for them to harvest it.

Firefox does collect some information though. Firefox Sync uses your tab, password, bookmark, and other browser information to sync across devices, but that data is, like Chrome, encrypted. Firefox's privacy settings are easy to get to, and while they're not as granular as Chrome's, that's largely because there isn't as much to manage. All add-ons for Mozilla browsers are—unlike Chrome—reviewed before they're posted (although some are labeled "experimental" until they're tested.) This approach has helped them largely avoid the adware problem Chrome is suffering, although not completely. Some adware extensions for Firefox were identified, and others are just up front with what they do with your information.

Mozilla has a privacy policy for Firefox that explains what information is collected based on the features you use. it mostly involves sync, Personas, use of Mozilla Add-ons, crash and usage statistics, and so on. In most cases, unless you're part of Mozilla's Test Pilot or beta testing program, you're not sending much. Even the features that do send information, like Personas and Panorama, are so lightly used by most people that it's a non-issue. The message from Firefox's privacy policy is clear: All of the information sent is opt-in, not opt-out, and none of it is personally identifiable, although some of it may contain things like URLs you've visited, your IP address, and so on. The privacy policy also includes information about what Mozilla shares with third parties upon request.

We reached out to the Mozilla Foundation for their input on this piece, but despite lead time, multiple follow-ups, and repeated requests, they declined to comment, and wouldn't even direct us to documents publicly available about their own commitment to privacy. Regardless, Mozilla has its own privacy woes as of late. Recently Mozilla announced that they are planning to introduce ads in Firefox in the form of "sponsored tiles." In short, the first time you open Firefox after a fresh install, the "speed dial" you see will be pre-populated with sites relevant to your location or sponsored by Mozilla. It's resulted in a bit of backlash. Some people have said the move will alienate new users by shoving ads in their face as soon as they install, and SiliconAngle said Mozilla "sold its soul." Mitchell Baker, Chair of the Mozilla Foundation, recently stepped up to defend the move on her blog. In any event, for a privacy-forward browser, it's a bold move.

We asked the EFF about Firefox's privacy stance and the decision to venture into contextual advertising, and while they said it was a bit soon to have an official opinion on the latter, they did praise the former. Everyone agrees that Mozilla on the whole has a more privacy-friendly and user-focused track record than its competition. They pointed out that Firefox's open APIs give developers leeway to build add-ons that protect user privacy beyond what the browser already does, and the fact that Firefox is open source means there's a community of developers sifting through the code, reporting issues, and submitting fixes. That also means it's easier to trust that Firefox isn't doing anything shady in the background, as someone would have called it out by now. Firefox's user community is its real strength, even in spite of the Mozilla Foundation itself.

What About Opera, Safari, and Internet Explorer?

So if you don't use Firefox or Chrome, where does that leave you? We asked the EFF, but none of their experts had any knowledge when it came to browsers that weren't Chrome or Firefox. They did, however, note that privacy advocates generally prefer open source browsers like over closed-source, proprietary ones like Apple's Safari and Microsoft's Internet Explorer. The EFF praised both however for pioneering their own privacy features, like Safari's 3rd party cookie blocking and IE's Tracking Protection Lists. Still, the fact that you can't see under the hood and that neither have developer APIs makes them tough to analyze.

Apple has a global privacy policy, as well as a commitment to customer privacy that actually gets them in trouble with advertisers. Microsoft issues a new privacy statement with each version of IE. Here's the one for Internet Explorer 11. Their closed-source approach may be the reason why security issues in Safari and IE, when they're discovered, make bigger headlines than other browsers. Both Apple and Microsoft have bug bounty programs, and they pay out for reported issues. There's nothing about either that indicates they inherently compromise your privacy, harvest your data, or send data anywhere it doesn't need to go based on the features you're using.

Google announced last night that it's going to stop using WebKit—the rendering engine currently used by the likes of Safari and Chrome to

Opera is more interesting. When Opera ditched its priorietary engine for Blink, the same engine in Chrome, they switched to a semi-open source platform. Still, the rest of Opera is not open, and Opera is in the middle of a massive transition. For its part however, Opera's statement on privacy in its browser is short, to the point, and very reassuring. They collect very little information and all of it is stored as aggregate. If that's not enough for you, How-To Geek has a great guide for optimizing Opera's privacy settings.

The Bottom Line: No, Your Browser Doesn’t Make a Huge Difference

So where does that leave us? Well, your browser is probably sending some information back to the company that created it, but that information is explicitly used to support the features you have turned on. As long as you trust the developer behind your favorite browser, this isn't an issue. Bonus: there's nothing dangerous or invasive about using Chrome sync or Firefox sync.

Privacy is dead, right? Facebook knows everything about you, and the world is still turning. Whether you don't mind companies or the government… 

However, what we learned underscores a few things. First, it's critical that you get familiar with your privacy settings. Look at the features you have enabled, and what information is required for them to work. Remember, that's the key to trading privacy for services—being aware of what you give up for the services you get. Remember, "non-personally identifiable" data often really isn't at all. "Aggregate and anonymous" isn't a credible defense, especially with advertisers and government knocking on the doors of these developers, begging for a peek at that "anonymous, aggregate" data.

It's no secret that there's big money to be made in violating your privacy. Companies will pay big bucks to learn more about you, and…

Also, the real privacy problems don't come from the browser itself, but from the third-party tools and sites you visit. Google has other ways to obtain the data they want—they have Gmail, your Google Search history, YouTube, Android app install history, and anything else you can see on the Google Dashboard. Most web companies use persistent tracking cookies to collect information about you, which is far more efficient. Sure, browser developers could do more to protect your privacy and security, but no amount of sandboxing or add-on review will stop users from being the weak link in the security chain, or stop disreputable developers who use TOS loopholes to publish adware in the first place.

As always, we recommend that you get the best privacy-protecting add-ons for your preferred browser to keep your data safe while you surf the web, and to pay attention to the permissions of the add-ons you install before you install them to make sure they match up with the features you expect. If we had to give any kind of edge to anyone here, it would have to be to Mozilla—they do have a slightly better track record when it comes to privacy than all of the others, and the fact that Firefox is open source means their promises can be verified. Given where Google makes its money, their commitment to privacy and security isn't in doubt, but it is slightly less believable. Apple and Microsoft are in a similar position to Google, just with the gates more firmly closed. In any case, if you're worried about your privacy, your browser is less of a problem than where you use it to go on the web, the things you download through it, and what services you sign into with it.