Our personal data is tracked and collected constantly as we navigate the web. So it’s no surprise that internet privacy has been hitting news headlines and law-makers’ bills alike. The focus trends mostly toward the ad networks, cookies and sites that follow us. But what about our web browsers? Whether or not a browser respects data privacy is crucial because it’s essentially our portal to the entire web. So how would you objectively determine what the best browser for privacy actually is?
You’d ask a computer science professor. More specifically…
Professor Douglas Leith is Chair of Computer Systems at Trinity College in Dublin. In a recent study published by Leith, researchers set out to rank common browsers by an important aspect of privacy: the amount and type of user data each shared by default. Based on their analysis, the number one spot went to Brave. This caught my eye because I’ve been using this browser for a few months and… well… enjoying it.
Take Brave for a Spin
Using this link may reward Pixel Perfectly.
Researching Browser Privacy and Data Sharing
Leith noticed that a lot of published work on data privacy focused on the cookies and tracking from websites. He felt this left a gap by inherently assuming the browsers themselves were trustworthy. So he set out to conduct a data privacy study on six popular browsing platforms.
Specifically, Leith measured the number of backend server calls that browsers sent during normal usage, along with what identifying information those calls shared.
I read the findings so you wouldn’t have to. But if social distancing has left you with some extra time on your hands, by all means read the full thing.
Summarizing the Paper
Here are some highlights from the paper,“Web Browser Privacy: What Do Browsers Say When They Phone Home?“.
- The study examined six popular browsers: Chrome, Firefox, Safari, Brave, Edge, and Yandex. If you haven’t heard of it, Yandex is popular among Russian speakers.
- Edge and Yandex were both bad enough not really mention within the scope of this articles focus on browser privacy.
- A secured WiFi won’t fix the kind of privacy issues this study examined. The bulk of the research was conducted on encrypted networks to mitigate this variable.
- While Leith measured the number of external calls, he paid special attention to the unique identifiers each browser sent. Unique identifiers are essentially a shot across the bow of user anonymity online.
- A surprising privacy offender was the autocomplete function available by default in most browsers. As a user types, external requests are sent to the servers to process the data. The only browser with this feature turned off by default was Brave.
- Apple’s Safari appears to be “quite a quiet browser” with the exception of its start page, which “leaks information to third parties and allows them to cache prefetched content without any user consent.”
- Mozilla’s Firefox also fared reasonably well, but was caught transmitting the user’s IP address on startup (i.e., the computer’s rough geographical location). Mozilla addressed this finding in a statement to Ars Technica. See “Research Methodology: Browser Privacy Fine Print” later in this article.
It’s worth noting that the researchers did reach out to companies with their findings, along with suggestions to remedy the identified risks. Which is pretty cool on their part.
The Browsers Fit Into One of Three Privacy-Respecting Groups
The findings placed each of the browsers into one of three distinct privacy categories, in respect to the data they share.
In group C, with the highest number of unprompted backend server calls unique identifiers:
- Microsoft Edge
- Yandex
Next, group B. Which falls in the middle of the pack, privacy-wise, but were fairly upstanding and privacy-respecting:
- Chrome
- Firefox
- Safari
Lastly, group A, the group that shared the least data:
- Brave
Citing minimal backend server calls and use of anonymized identifiers, the study felt that Brave was a cut above the rest.
A Little Background on Brave
Brave was Founded by Brendan Eich and Brian Bondy in 2015. In Brian’s words, “Brave is on a mission to fix the web by giving users a safer, faster and better browsing experience…“
Brian is an alum of Mozilla and the Khan Academy. Brendan is the inventor of JavaScript and co-founder of Mozilla. Yes, you read that correctly.
The two developers started Brave with some basic tenants:
Stop allowing users to be tracked; users should own their own data. Speed up page load time and reduce bandwidth by blocking bad things. Allow publishers to get paid via cryptocurrency replacing lost revenue from the blocking. Allow users to get paid via cryptocurrency micropayments for their attention on privacy preserving ads.
Brian Bondy
The tenants haven’t seemed to change much. But the features have.
Since its founding, Brave has expanded to implement its own Ethereum-based cryptocurrency, Tor browsing functionality, and on-by-default ad blocker. It’s the kind of stuff I geek out about a bit.
Brave Web Browser Features
Here are some of the best features I’ve found far:
- Built-in Tor. Tor is an anonymity network. It works by routing user traffic through a worldwide network of over 7,000 servers. This conceals a user’s location from network surveillance and traffic analysis. Tor itself is free and open source software from The Tor Project. Basically, Tor makes it difficult for employers, sites and internet service providers (ISPs) to track fingerprint, or otherwise collect information about you and your traffic online.
- Built-in ad blocker. And it’s turned-on by default. The browser also prevents videos from auto-playing, which is a godsend. The internet gets blessedly quieter without ads and auto-play videos everywhere. You should know that some sites have started identifying ad-blockers and asking their visitors to disable them.
- Privacy-respecting default settings. Brave’s default settings block phishing, malware, ‘malvertising’, malicious tracking, plus any plugins which have proven to be a security risk.
- Chrome Web Store. Speaking of plugins, the Brave browser is built on Chromium, which means the most of the user experience will be familiar to Chrome users. Plus, Brave users have access to any extension on the Chrome Web Store.
- Brave Rewards. Brave takes an interesting approach to rewarding both users and publishers for site visits. Users can choose to opt into earning Brave Rewards, receiving little native ad notifications (see image below) every now and then. The frequency of these notifications is customizable. But what’s huge is that users accrue 70% of the revenue from these ads themselves. It’s delivered in the the form of Basic Attention Tokens, or BAT. BAT is a cryptocurrency created by Brave that allows users to anonymously reward publishers whom they give their attention to. Or more simply, to sites they visit. Brave walks you through the easy process of hooking up a digital wallet so you can accrue BAT each month. Or convert it to the currency of your preference and cash out. It’s up to you. But the best part is that Brave ads are matched to you on your local machine. This means users get relevant advertising without their personal data spewing all over the internet. The native ad notifications look something like this: [can an image be inserted here inline with
- Brave Sync. Currently in beta, Brave Sync lets users sync their settings and bookmarks across devices with a unique key. This means no account creation or signing in necessary.
- Forced HTTPS. Wherever possible, Brave automatically upgrades your connection to secure and encrypted HTTPS.
I’ve been using Brave since before this study came out and enjoying the experience. The feature I’ve probably been most interested in is the beta Brave Sync feature that lets you sync browsers across machines. It works by creating a single key and chaining your devices together. It’s sweet because it doesn’t require you to create an account or log in.
All the big operating systems are covered — Windows, Mac, Linux, iOS, and Android. So you can bask in the glory of data anonymity no matter what operating system or mobile device you might be rocking.
Take Brave for a Spin
Using this link may reward Pixel Perfectly.
Brave May Not Be for Everyone
Brave is a relative upstart in the web browser market. Competitors like Chrome have been around since 2008, and Firefox since 2002.
Built with Chromium, Brave feels polished the way a browser in 2020 should be. But its youth does seem to invite occasional errors.
One instance I’ve run into is a font-family rendering as gobbledygook on macOS. It seems to work fine on other my operating systems, though.
If you’re curious, here’s the font-family making trouble:
font-family: NonBreakingSpaceOverride, "Hoefler Text", Garamond, "Times New Roman", serif;
Not a deal-breaker, but certainly a pain.
Controversial Approach to Ad-Based Revenue
Brave’s disruptive approach to digital advertising has drawn its fair criticisms. By employing an aggressive ad blocker and (optionally) replacing traditional ad networks with its own ecosystem, publishers might miss out on their traditional ad ecosystem revenue. The old guard of targeted and cookied ad networks aren’t exactly enthused either.
From their point of view, an upstream client (ie, the browser) is effectively blocking their revenue stream and supplanting it with its own ad strategy.
While it comes off like a land grab, there’s also nothing preventing a publisher from jumping on-board Brave’s publisher program. Brave, of course, encourages it.
Also, the value proposition is ridiculously convincing.
Publishers get rewarded when people use or view their content, just like before. And Brave claims advertisers get better insights into ad targeting. All the while, users get relevant ads that are smaller, quieter and less-intrusive.
Research Methodology: Browser Privacy Fine Print
The study acknowledges that transmitting user data to servers in itself does not inherently indicate an intrusion on user anonymity. The true privacy issue is when a user’s information can be linked together to form a larger picture.
In this light, it seems like unique identifiers are the primary culprit, with the frequency of transmission being a risk factor.
There’s a great article written by Dan Goodin on Ars Technica that offers some input/rebuttal from Apple and Mozilla along these lines. Chiefly, Mozilla points out that the data transferred from Firefox is encrypted end-to-end so that not even they can read it.
Apple declined to comment on the study itself, but drew attention to their third-party cookie and tracking blockers baked-in to Safari.
So is Brave the Best Browser for Privacy Online?
A big part of Brave’s dominance in professor Leith’s study appears to rest upon the default settings shipped with each browser.
Used “out of the box” with its default settings Brave is by far the most private of the browsers studied. We did not find any use of identifiers allowing tracking of IP address overtime, and no sharing of the details of web pages visited with backend servers.
Douglas Leith
With some light research, it’s possible to get the similar privacy in Chrome, Firefox, and Safari. It just takes a bit of fiddling with settings and downloading extensions.
After trying several alternative browsers, I feel like Brave is currently my best bet for a private full-featured browser on my Mac. Now, I’m using it almost exclusively (except for QA testing), and have it on my Linux and Windows machines, as well as my mobile device.
Brave seems to have its quirks. But its commitment to privacy, coupled with an ingenious approach to the user-publisher-advertiser relationship, make it an intriguing option in a competitive market. That’s in addition to a full suite of modern features, performance and built-in Tor functionality. For my needs, Brave has a slight Edge[sic] over the competition.
Take Brave for a Spin
Using this link may reward Pixel Perfectly.
This page contains some affiliate links. If you follow an affiliate link and purchase a product or service we may receive a commission. It’s what helps us keep content like this free. Regardless of potential revenue, we only recommend products or services we truly believe in.