PrivacyTests reveals how your web browser does privacy-wise
All web browsers support some privacy features, some more than others, but none protect users 100% against all privacy threats; that is the quintessence of the tests that PrivacyTests runs regularly.
PrivacyTests is a free website that runs tests regularly to check privacy features and protections in browsers. The organization checks desktop and mobile browsers, development builds of browsers, and the private browsing modes of the browsers.
If you look at the test results, you will notice that bare bones Chromium-based browsers are not doing too well. Google Chrome is a prime example of a browser that is failing most tests. Other Chromium-based browsers, including Edge, Opera and Vivaldi, do not fare a lot better in their default configurations.
In fact, the only two Chromium-based browsers of the tests that perform better are Brave and Ungoogled Chromium.
Firefox protects users better than default Chromium-based browsers, but LibreWolf and Tor offer better privacy protections still; this will change once Total Tracking Protection is enabled for more users. Safari is doing better than the default selection of Chromium-based browsers, but it too is not offering good protections for the most part.
Test results get better when you look at the browser's private modes and how they protect users. Often, tracking protection features are enabled automatically when these modes are used.
Chromium-based browsers get a few extra protections, but Chrome and many other Chromium-based browsers are still inferior when it comes to overall privacy protection. The browsers that do best are Brave, LibreWolf and Tor, followed by Firefox and Safari.
On Android, Chromium-based browsers that use the default configuration are again the worst from a privacy perspective. Google Chrome is not a good choice when it comes to that. Other browsers, including Brave, Firefox Focus, Tor and Bromite are leading the list. Firefox is doing better than the Chromium-based browsers, as is DuckDuckGo.
On iOS, browsers are more limited, but Brave, DuckDuckGo and Firefox Focus are offering the best protection.
Finally, Nightly build tests see Brave and Tor perform best, followed by Firefox and Safari. Edge is doing better than Chrome Canary, Opera and Vivaldi.
All web browsers have privacy weaknesses. Even Brave and LibreWolf, the three browsers that do best on the desktop, lack protections in some areas, but they do a lot better than all the other browsers.
You may click on a test to find out more about it; this may help you determine whether this is a potential issue. A click on a browser's specific test result displays information about the expected data and the returned data.
Internet users may improve privacy, for example, by changing default configurations or installing privacy extensions.
The website is run by Arthur Edelstein, who became an employee of Brave after the creation of the site, according to the About page on the site. Edelstein claims that the site is run independently of Brave and that there is "no connection with Brave marketing efforts".
Now You: how is your browser doing in comparison? Did you make changes to it that improved privacy?
If you want to ensure your privacy when browsing the web, then I advise you to use a browser from the Utopia P2P ecosystem. This browser comes with pre-installed web proxies that will help you access any website quickly and anonymously. Even those sites that are not available in your geolocation.
The reason Librewolf APPEARS to be so great at privacy is a very disgusting one and one that the Librewolf browser makers KNOW will be unacceptable to most users is that you get a VERY WEIRD screen resolution if you install it on Firefox on Windows 10 Pro and then try to use it on Firefox. When you to fit the browser window to your computer screen to your momentary surprise you cannot! Who wants a badly sized browser screen? So, you investigate and learn that this is how Librewolf gets good privacy ratings. I spent good money on a 24 inch Dell Ultrasharp monitor and have zero intention of ever using a browser that cannot be fitted to my screen. That is a pathetic and sneeky way for Librewolf to try and earn brownie points on it supposed great privacy! Bah!
No, the screen resolution not matching your computer screen is because the browser spoofs it. It is a consequence of changes made in the browser, not the direct reason why Librewolf gets good privacy ratings. Browsers don’t get “brownie points” just for making the browser screen not fit the computer… And no, what you just described at least is not “disgusting”, “pathetic”, or “sneeky [sic].”
test
I use Palemoon on desktop and Yandex on Smartphone, both are not included
I don’t seem to believe this.
Brave adds itself to startup and sets to autolaunch without permission. I tested it on Mac as well as Windows.
That is a big red flag.
1) Why would a browser want to add itself to startup?
2) Why would it do so without permission?
Your article seems to contradict my experience with Brave.
Thanks Martin, and the users of this site, for the mostly friendly sharing of knowledge.
I wish they had included WaterFox G4 and WaterFox Classic and WaterFox. I admit I am disappointed in Vivaldi. I have been using it as a backup browser, though I have it locked down quite a bit.
As I have said before on this site, I would consider Brave (yes, I know the PrivacyTests site is connected to Brave now), but they insist on always running, checking for updates, phoning home, even when you think you have turned the browser off. I know there are several ways to “break” that, but I don’t want to reward that behavior. When they change their policy and allow power users to choose when to update I will give it yet another try. Also, I know there is a way to use a portable version of Brave to defeat this some of you have pointed out in the past. Thanks for that!
(And yes, I know it is important to update your browser. Don’t worry, I will do that.)
Hello! Please read this: spyware.neocities.org/articles/brave.html
Nothing really matters if your web brower forces non-wanted connections to remote hosts without your consent AND without letting the user to disable this feature. For example, Monkeyzilla Firefucks includes this spy connection to (firefox.settings.services.mozilla.com) that they claim it’s for your login security, and because of this you have no right to disable it. If they manage to steal data from your web browser or your local storage disk, or RAM, no bullshit of any browser’s security and privacy features will protect your privacy anymore!
Hi, good website.
I have just switched from Internet Explorer after many years of use. Is there any browser I can trust to surf the web without getting JavaScript or ads? I am using now Opera browser, but I love to read other opinions. Thank ya!
I checked and the Partition Cookies flags are both present in the latest nightly for Vivaldi.
is liberowolf the best?
I performed a Tracking Cookie Protection test in Edge.
The results may be very different from that published by PrivacyTests.
Example.
New Relic is blocked by Edge:
https://ibb.co/b6XQ6gb
The flag “Partitioned cookies: bypass origin trial” flag is not available in Edge.
@Sampei Mihira: type “bypass” (without quotation marks) in the search box at the top of the page.
In case anyone using a Chromium is interested, you can activaye the CHIPS origin trial using two flags: 1) Partioned Cookies and 2) Partitioned cookies: bypass origin trial. Both are needed as the second forces many (most/all) websites to partition the cookies rather than just a few that have opted in.
You mean, like, “Enabled”?!
@Azz: yep.
@Coriy: thanks for pointing that out. I had only enabled #1.
Good on Librewolf but you have to use it with its default settings for it to score that well and that is a very painful internet experience.
Well, like with anything good in the privacy/security arena, such as noscript, you start out hardcore and you relax a bit here and there to have a decent overall experience. I don’t think there’s anything unusual about that.
Of course, some people think that noscript is too much trouble, so there’s a big difference in the way people approach these things. If the thing you value most is the ability to inject internet streaming media directly into your veins, then just use Chrome and give up on worrying about privacy.
I don’t care one bit what any test says, I use Ungoogled Chromium for the sole fact that it has the least CRAP that every other browser is filled to the brim with. It’s the ALMIGHTY GOD of browsers in my world. I have this very scientific test I have done: I have an old spare laptop from 2011 with LOUD fans when something intensive is going on. I have tested every browser known to man and Ungoogled Chromium was the only one the kept the fans at bay, everyone else had so much goddamn fishy background activity going on it’s not even funny. It’s scary. It’s outrageous what we put up with.. All the big names, wouldn’t touch them with a ten foot pole. You see, my web browser has ONE job: show websites. Period. Crazy, I know. I am a very sick person apparently. Oh well, that’s your problem.
@Zorro:
This is off-topic, but if your 2011 laptop is user-serviceable and you want to hold onto it as long as you can, you might consider cracking it open to replace: (1) the thermal compound between the CPU and the heat sink; (2) the fan(s); and (3) the CMOS battery.
Laptop manufacturers often use mediocre thermal pads in lieu of compound (because pads are cheaper for them to apply), or crappy thermal compound, carelessly applied. And if your CPU has been running hot for long stretches, the original pad or compound can actually melt and migrate out the sides, making the problem even worse. A highly rated thermal compound, properly applied, could get you as much as a 5°C drop in CPU temperature (and more than that if the current thermal interface is in bad shape).
As for the fan(s), the bearings don’t last forever, and once your fan dies, well … see my remark above about thermal compound melting and migrating out. If you’re lucky, your computer will automatically throttle or shut down before the CPU burns out.
Finally, CMOS batteries generally last only around 10 years at most (from the time the batteries were manufactured, not from the time you bought the laptop). If your CMOS battery dies, you’re likely to lose any custom BIOS settings you made and you could even be unable to boot.
Thermal compound and CMOS batteries are relatively cheap, and, depending on the laptop, a compatible replacement fan might be reasonably priced as well. What’s *really* going to determine whether it’s worth doing is how much of a PITA your particular laptop is to open, service, and reclose. (I sure do wish we had right-to-repair laws with teeth … and people in hell want ice water. ;-)
@Peterc
Thanks for your concern. I work as a computer repairman, this laptop is in better shape than it was when it was brand new. By todays standards the fan is loud, and that is helpful in this case. Most of you probably thought I’m an idiot who doesn’t know what he is talking about and the background tasks could be anything from updates and different other tasks doing different things or the AV. Nope. I know what I am doing, and I know what I am talking about. Ungoogled Chromium is the best browser, for me and my very very VERY simple needs as what a web browser is and what it needs to do and what it is allowed to do. Is Ungoogled Chromium perfect? F**K NO, but this is the s**tshow of garbage browsers we have to choose from in 2022 and that’s my choice. The one with the least amount of cancer. Feel free to be butthurt beyond belief, personally insulted and mortally offended because you don’t agree. Also I don’t care if your/my computers have the fastest ssd’s a million GB of RAM, the best processor known to mankind and a graphics card that would make even satan jealous and can handle any program without blinking an eye: that doesn’t give the program any right to be a bloated behemoth. If I drive two small kids to school in my Prius and then buy a huge truck with the largest engine ever and a backseat tha can fit an army platoon, I would still drive those two small kids to school instead of 250 obese ones.
@Zorro:
Well, *I* didn’t presume you were an idiot in your comments about browsers, since (in Windows) I regularly pull up Task Manager or System Explorer (a third-party app) to see what’s thrashing my CPU and have observed much the same thing. But there were no clues one way or another as to how much you knew about hardware, and I wanted to spare you an ordeal I went through on a ThinkPad, thanks to a rogue “Windows 10 readiness inventory” utility back in spring 2015. ThinkPads are (were?) more user-serviceable than most, and they have (had?) *excellent* service manuals, but keeping track of 40-odd tiny screws, clips, brackets, thermal tape, and more makes for slow going for a guy like me who’s NOT a pro. On the plus side, I *definitely* ended up with a higher-performing thermal interface than when I first got the machine. (From memory, I used Tuniq TX-something-or-other, and I leveled it out with a razor blade.)
Just out of curiosity, is your noisy laptop an HP? I’ve heard and read a lot of complaints about fan noise from HP-laptop owners.
@Peterc
It’s a Fujitsu Siemens A530, easy to service. I have many horrorstories to tell about older HP laptops but the top of all nightmares goes to Toshiba. Their components pop left and right, always something new you wouldn’t expect but Toshiba will always keep you entertained. Fujitsu Siemens (not all of course) were built like tanks most of the time and all parts were easily accessible. I have squeezed more life out of many of them with modded BIOS that unlocks advanced options and of course the usual cleaning/thermal paste/SSD/RAM upgrades. Linux is of course King but they run Windows 10 and 11 without breaking a sweat..and were talking about 10-15 year old machines here. Very satisfying in many ways. I also do not charge much, the customer pays enough for the new RAM and SSD so to top that with some ridiculous labour cost would just be rude. We’re trying to keep aging tech alive here, not rob people who just want their old trusty workhorse back in action. So they walk out happy because they didn’t have to spend more than a hundred dollars on their beloved familymember =)
Yes that sounds like a very scientific test
Brave sponsored test very favorable towards Brave browser, what a shocker. Repeated on Privacy Tests and over the internet over and over again. Yeah, we get it, Brave ADs pay very well.
Lamo Chrome fanboy, the source code is available mate, how can opensource cheat ?
Tbf Chrome cheated a lot to trick userbase, you may not know non-Chrome browsers used to load Youtube slower, because of polymer was suitable only for Chrome back then.
@TairikuOkami The source code is avail for anyone to run themselves. You can fork it, modify it, and expand the test to include items of your interest. Really can’t be denied, of the mainstream browsers, brave did an exceptional job.
https://github.com/arthuredelstein/privacytests.org
No need to cry because you don’t like that Brave perform well in privacy tests
People are gonna take this article out of context like they always do and they are right now in the comments. The key thing to remember is this test was performed using the DEFAULT settings of each browser with no extensions. You can tweak the settings and add extensions to make just about any browser much more private. No browser is perfect and privacy isn’t the only factor that people should take into account. When it comes to Security, browsers like Chrome and Edge would be at the top of the list while Firefox based browsers would be at the bottom, I would probably add Brave to the bottom because their crypto nonsense adds more vectors for attack. Bottom line, use the browser YOU like the best and don’t let anyone else’s paranoia and delusions influence your decision.
@Anon said “The key thing to remember is this test was performed using the DEFAULT settings of each browser with no extensions”
The test does reflect the real world. It is a well known fact that the majority of computer users run in DEFAULT mode. For instance for Chrome, of the 2.65 billion users use it, only 10 million use uBlock Origin. Considering the massive benefit all users would receive from using uBlock Origin, very few do. That gives anyone interested a large insight into the mindset of how people use their computers, and their propensity to run in DEFAULT mode.
>”when it comes to the most encountered threats such as phishing and malware, Chrome and Edge handily beats out Firefox when it comes to blocking those threats”
I don’t think that’s accurate, the 2021 paper by Lim et al that I referenced compared numbers of cve’s and threat mitigations between browsers. Chrome had a few types of exploits where they had specific mitigations that Firefox was missing, but the reverse was also true. Overall, the numbers in the paper nearly all seem to favor Firefox. I don’t think a YouTube video is a good substitute for controlled academic research in this field.
yeah we got that you care what that Lim guy said… but are you going to test it yourself? or you are going to believe someone’s words and that’s it?
How many of these ‘academic research’ you seem to love so much are actually biased? You know, humans make them and humans are biased, and many will nitpick their little test to favor their preference in the end, even if many of the ‘exploits’ are not even going to be used for anything because they don’t make sense in real life but only on paper, so you understand, it is like saying a house in the middle of the Atacama desert was build and then some tests say that the house will not be good if there is a flooding, yeah, the paper might be right… but the possibilities of a flooding there are minimal so logically the paper information would be useless.
But how will you know it? you aren’t testing anyway, you just read and believe. I mean, you aren’t even providing links to that super awesome academic research paper that seems to favor Firefox to even see if those vulnerabilities or exploits are even relevant on the big real life picture.
You sound as weird as the OP guy saying that ‘crypto adds more vectors for attack’ might be true, but the person is just not testing or finding vulnerabilities or those ‘vectors’. The person just believe without any test and not providing any proof, but I guess people just want to believe what they want to believe. I am sure 90% of those vulnerabilities will not affect 99.9% of people, but people will believe what favors their preferences and agendas etc etc
>”I mean, you aren’t even providing links to that super awesome academic research paper”
https://arxiv.org/abs/2112.15561
Couldn’t understand most of the rest of your rant, but whatever. The paper is useful as it is a very recent overview of the state of the important security mitigations in the major browsers.
Is this a troll post ?
Just like many users who think Chrome being the fastest web browser in the world because of benchmark, eventhought in practice Chrome loads many websites slower than Firefox, because in practice you will likely never face a situation where javascript load is as heavy as benchmark, understand ?
It’s been my experience from daily use that Chromium based browsers are faster than Firefox. Plus websites render better under Chromium based browsers, not to mention streaming sites suck on Firefox. But that’s my experience. I don’t need to rely on a benchmark, just my eyes.
>”When it comes to Security, browsers like Chrome and Edge would be at the top of the list while Firefox based browsers would be at the bottom.”
I don’t think that’s completely accurate. For example, in the 2021 paper “SOK: On the Analysis of Web Browser Security” by authors Jungwon Lim et al, the authors point out that Chrome’s network service operates outside the sandbox, unlike Firefox’s. They also praised Firefox’s Oxidation effort to re-write browser component code in rust as effectively reducing memory safety bugs better than any other method. They pointed out that Firefox has more fine-grained heap isolation. They pointed out that Firefox has a superior ‘delayed free’ mitigation. They reported that Chrome’s site isolation is inferior, allowing an attacker to learn cross-origin sensitive information.
Perhaps, but when it comes to the most encountered threats such as phishing and malware, Chrome and Edge handily beats out Firefox when it comes to blocking those threats. Here’s a real world test.
https://youtu.be/5K4takqrwQ8
The Librewolf column of nearly all green checkmarks vs the Chrome column of nearly all red x-marks is pretty hilarious.
I did not think that Firefox and Vivaldi would score so poorly, that’s pretty bad. Fortunately there’s Librewolf to fix Firefox.
On Android, this site shows Brave as the best, followed by Mull.
@Andy Prough: and there’s FireDragon, a fork of Librewolf, that does more.
>@Klaas Vaak – “@Andy Prough: and there’s FireDragon, a fork of Librewolf, that does more.”
Good point, I tried that with the Artix distro, it looked and performed real well. I’ll have to see if it’s available for Debian-based distros.
@Andy Prough: I wish it were but I believe it is not, from what I understand from their Github page:
“I encourage users to find their own setup and to use our default configuration as something to build on top of using: -> ~/.firedragon/firedragon.overrides.cfg”
Also, there is no release shown on that page.
I fear you have NO clue at all, what independent means!
do not understand your comment on Firefox as it scores in above image very good, equal to Librewolf.
Yeah, that makes sense if you use Librewolf with the default settings pretending you have a normal web browsing experience for some paranoid ‘privacy’ fantasy land, you can’t literally do a lot of things with just the fingerprinting protection setting on in Librewolf… but good luck.
You probably care about Librewolf but then have a smart house, you get new phone every year, you play videogames and give all your info to Epic or Steam, you have reddit accounts, twitter, and any possible website. What about the apps you run in your phone? the ones that track you, what about cell towers? do you think they protect your privacy?
What privacy do you think you have? you have none, even if you didn’t use internet, governments are spying you, you were born with a barcode in your forehead, your number is tracked in everything you do. Every payment you do, every payment you get, every time you drive your car, when you buy gasoline… anything spys you and tracks you and you worry about a web browser?
They are pushing the non-green electric cars (yes they pollute more than gas cars) and do you think their little computers will not track you and protect your privacy? but you still worry about your browser?
I don’t even use vivaldi because I can’t stand the CEO, but Vivaldi works just fine (little slower than others but not by much) so this stupid privacy tests shouldn’t even matter, especially when they are done with default settings, and Vivaldi default settings are stupid like the google services turned on. But people should worry about features not about some fake sense of security and privacy some stupid software will give you, while you browse and give yourself away to everyone else.
>”You probably care about Librewolf but then have a smart house, you get new phone every year, you play videogames and give all your info to Epic or Steam, you have reddit accounts, twitter, and any possible website.”
You’ve got the wrong person, I do not have any of those things, and Librewolf is not my browser. I was merely commenting on the test results that anyone could see by clicking on the link in the article. If the data makes you angry, maybe it’s you who should adjust your own viewpoint and activities. It certainly caused me to re-think what I am doing.
This is sort of interesting, not really that useful. The naive user won’t ever see it, and the privacy focused user will not be using a bare bones browser. A real privacy test needs to take into account all of the various extension and other configuration changes that a user makes.
“……….this will change once Total Tracking Protection is enabled for more users”
Even in chrome-based browsers you can turn on a flag and get something like this:
https://developer.chrome.com/docs/privacy-sandbox/chips/
Thanks for pointing this out did not know it existed.
We should be able to test our browser.
Thanks Martin, this is good reminder. It confirms what many assumed about Chrome and the MS Edge. It also highlights the fact that spy corporations do not respect users but only their self interest. Thus, we must protect ourselves. All netizens should have a few entries like those further below as a bare bones start.
1 of 3) If you don’t think you need these entries, take a peek at what your browser is doing by using a tool such as LiveTcpUdpWatch
https://www.nirsoft.net/utils/live_tcp_udp_watch.html
2 of 3) HOSTS FILE – add to system hosts file. Note, even facebook users need to add facebook’s “connect.facebook.net” tracking domain to their system hosts file
connect.facebook.net
#The 4 domains below blocks facebook; thus for non-facebook users only
http://www.facebook.com
http://www.facebook.net
facebook.com
facebook.net
#If you don’t use google services such as gmail but do use a chrome based browser, add these 3….
redirector.gvt1.com
accounts.google.com
clients1.google.com
#small sample of google blocking required
google-analytics.com
googletagmanager.com
googletagservices.com
pubads.g.doubleclick.net
securepubads.g.doubleclick.net
ssl.google-analytics.com
stats.g.doubleclick.net
http://www.google-analytics.com
http://www.googletagmanager.com
http://www.googletagservices.com
http://www.ssl.google-analytics.com
#amz
amazon-adsystem.com
c.amazon-adsystem.com
aax.amazon-adsystem.com
#microsoft is also in the ad game, but I block all of their domains so you’re on your own if you use their stuff
3 of 3) DNSCRYPT PROXY
https://github.com/DNSCrypt/dnscrypt-proxy/releases
Add the below entries to the blocklist file. Then use the query.log and nirsoft to find out where your machine is connecting to; add new domains as needed. There are many block files avail for dnscrypt-proxy that contain thousands of domains, but I just created my own custom list and mod as required.
*pixel*
*telemetry*
*tracker*
*adsafeprotected*
*adclick*
ad[0-9]*
ads[0-9]*
*.amazon-adsystem.com
*adsystem*
Can the Google addresses be blocked if using Gmail? I already have double-click.net blocked in uBlock origin
Don’t use Google Chrome. Switch to Tutanota. Completely free, encrypted and has both mobile and desktop versions as well as webmail: https://tutanota.com/
I’ve been using it for five years already.
@Jonathan The three domains I listed are required to use gmail. So if you use gmail, you won’t want to use them. You bring up another point too btw, which I should have originally mentioned. The absolute best thing anyone can do to protect themselves is use uBlock Origin because it takes care of many privacy concerns and greatly diminishes the threat of getting a virus via infected ad networks.
CHr https://github.com/gorhill/uBlock/releases
FFx https://addons.mozilla.org/firefox/addon/ublock-origin/
@ChromeFan No problem about the mispost. But please note good netizen friend, Chrome and MS Edge do not respect user privacy. Folks should actually go to the static report Martin linked to @ https://privacytests.org/private.html and view the whole thing, the failures are much more substantial than the limited space allowed in a blog can display. In the full report, both Google Chrome and MS Edge miserably fail user protections and privacy. When you think of it, it makes sense both browsers are not interested in protecting user’s rights and privacy. Both are made by ad companies where user rights and privacy are detriments to both corporations, which would deter them raking in billions USD in profit.
Quick edit to section 2 of 3) HOSTS FILE above. When I posted the above, the website auto inserted “http://” in front of all domains that had www in front of them. If you use them, remove the http:// otherwise, it will not work.
Chrome number 1 yet again. Google yet again providing a safe, inclusive, free and innovative web.
Chrome is already private out of the box, we have pretenders who take all of Google’s hard work and make a worse browser.
For a advertising company that is not bad.
Long may Google’s dominace continue on the web.
@ Chrome Fan,
You’ve been thoroughly brainwashed if you think Google Chrome is privacy orientated: https://www.unixsheikh.com/articles/choose-your-browser-carefully.html#chrome
> Chrome is already private out of the box,
Looking at above test, rather Brave respect more privacy of user
Lol
@steve99
Apologizes, did not mean to reply to your comment.