All of Iridium, unGoogled Chromium and Brave Browser make bold claims for privacy. Talk is cheap and fortunately the EFF is here to referee.
The EFF has created a test called Cover Your Tracks which tests browsers for their ability to block tracking ads, block invisible trackers and prevent browser fingerprinting. The latter deserves explanation: by gathering information about your computer, your monitor, your browser extensions, your IP, your time-zone settings, companies like Google with their Chrome browser are effectively able to identify an individual down to one in a million. Of course a surfer’s extension profile changes and s/he may change something about his or her computer (RAM for instance or storage or monitor) but it’s pretty easy to track an individual even without cookies.
Only a browser which is on your side, pro-actively blocking these measures can (partially) protect your privacy.
Here’s how these top privacy browsers score on my Mac Pro running Big Sur 11.6.1.
Iridium (Version 2021.10)
Fail on all counts:
Starts by opening up Google’s About Chrome page, bringing down Google on your head before you even have time to add any extensions to block Google.
unGoogled Chromium (Version 95.0.4638.69)
Ungoogled Chromium could be made much more robust by adding a few extensions and tweaking it a bit. One serious issue though with protecting via extension is that Ungoogled Chromium allows Googles machine ID technology which means your profile is reset every time you move between computers or even sneeze.
Brave Browser (Version 1.31.88 Chromium: 95.0.4638.69)
Success, albeit imperfect.
Straight out of the box, Brave Browser does manage to block tracking ads and invisible trackers, while randomising your browser fingerprint. There’s some caveats.
- Brave did not have any additional privacy extensions added but I had set Brave preferences to be as anti-tracking as possible.
- The randomisation was not entirely impressive (most of the information was accurate and non-random).
- Chrome’s machine ID raises its ugly head again. Every time you reopen Brave on a new computer (using the same disk or migrated data (including using Apple’s Migration Tool), Brave disables all extensions.
Machine ID and browser portability
All of these “privacy” focused browsers should not be allowing hardware ID and forced preference/extension zeroing. While simple users may need nannying to make sure they don’t accidentally move their browser profile onto their friends’ computer with all the logins intact, the kind of users which unGoogled Chromium and Brave attract know better. It’s all well to dream of a world in which no surfer leaves the house on anything except a privacy-respecting browser, that time is a long way off. Eloton and Brave should be catering to their customer, not a fantasy world in which everyman is their customer.
Resetting users’ browsers whenever they move from one machine to another or migrate machines is extremely unfriendly to power users or people who practice portable computing.
unGoogled Chromium or Brave
In the meantime, if you’re in a hurry but would still like to block ad-tracking and protect your privacy Brave would be the browser train on which to jump. Setting up and managing privacy on unGoogled Chromium is just too much trouble and probably weaker than what Brave builds right into the browser.
If you’re wondering why I didn’t test Opera, Firefox, Chrome, Vivaldi, Edge, it’s because they would all fail these tests. With Firefox and some elbow grease, it’s possible to pass these tests. The other browsers fail by design: they are not meant to be private and are beholden to either advertisers or Google. As no browser developers are able to charge for the browser (a tradition brought into play by Microsoft with its Internet Explorer built and released for free to destroy Netscape Navigator), almost all browser developers owe their living to the bad guys.
Eloston (unGoogled Chromium) does what he does as a matter of principle. Brave Browser makes its living on cryptocoin affiliate links. Frankly I wish Brave would just charge for the browser and drop all the other somewhat hare-brained, “innovative” schemes to make money.
If you’d like to add some additional privacy-focused extensions, here’s a few with which to start.
- ClearURLs, which prevent tracking parameters from being added to URLs. Can break some sessions when using advanced websites. Sessions are a privacy-friendly alternative to cookies.
- PrivacyBadger, which anonymously tracks your browsing habits and finds and blocks trackers as you come across them. PrivacyBadger from the EFF (Electronic Freedom Foundation) so unlike some commercial ad-blockers (contradiction in terms) like Ghostery, we can trust them.
- Decentraleyes. Should keep Cloudflare and Google Hosted Libraries at bay, as well as other tracking CDN’s.
Ironically installing these extensions requires a trip to the Chrome Web Store which is already a step away from privacy! For myself, I believe I will start downloading .crx files and installing them manually. Manual installs of a folder of .crx files will also easier to deal with during the (endless) Chromium-based browser resets.
Alec has been helping businesses succeed online since 2000. Alec is an SEM expert with a background in advertising, as a former Head of Television for Grey Moscow and Senior Television Producer for Bates, Saatchi and Saatchi Russia.