Browse the web more securely

Updated12 September 2024

Table of Contents

...Loading Table of Contents...

    A web browser is one of the digital tools most of us use daily. It is the main way many people access the internet. Many people are familiar with Edge, Safari and Chrome – browsers that come installed with our devices.

    Because we rely so much on browsers, they are often targets for people who want to compromise your privacy or security. Follow the steps below to choose a more secure browser and make its protection stronger.

    Choose a web browser... or two!

    • Install Firefox for your platform and in your language (available for Windows, macOS, Linux, Android and iOS).
      • On Android and iOS, consider installing Firefox Focus, a light-weight browser which comes with privacy-oriented settings by default.
    • Install Chrome for Windows, macOS, Linux, Android or iOS.
    • Consider installing the free and open-source Chromium instead of Chrome. On Linux, you can install Chromium through your software installer in many distributions. On Android, you can install it through FFUpdater, a free and open-source installer and updater app that you can get from F-Droid.
    • Opyionally consider installing the DuckDuckGo Privacy Browser for Windows, macOS, iOS and Android.
    • For advanced privacy and to access websites that are not accessible in the institution or country you connect from, you can consider using the Tor Browser (for Windows, macOS, Linux or Android), but consider this may change your browsing experience dramatically. Read more on this in our guide on anonymization tools.
    • On Android, you can install a selection of secure and privacy-oriented web browsers through FFUpdater, a free and open-source installer and updater app that you can get from F-Droid.
    Learn why we recommend this

    Most operating systems come with pre-installed browsers. For example the default macOS and iOS browser is Safari, and the default Windows browser is Edge. These web browsers are not designed with a focus on privacy and security, and we strongly suggest to use more security and privacy-oriented software as your default browsers.

    • We recommend the Firefox web browser, made by Mozilla. Firefox is free and open-source software and has better built-in security than others browsers.
    • Chrome and Chromium, both developed by Google, also have high-quality security. While Chromium is free and open-source, Chrome is proprietary freeware based on open-source components. Since Chrome is developed by Google, consider whether it might send more data about you to Google than you are comfortable with and consider not logging into your Google account when using it.
    • The DuckDuckGo Privacy Browser is a privacy-oriented browser that automatically blocks web trackers and upgrades insecure HTTP connections to HTTPS when possible.
    • The Tor Browser is a modified version of Mozilla Firefox that allows you to anonymize your connections by browsing the web through the Tor network. Read more on this in our guide on anonymity tools.

    It can be a good idea to install more than one browser, and use one for more sensitive activities and the other for your everyday needs. Read more on this in our guide on multiple identity management.

    Change your device's default browser

    Learn why we recommend this

    Not all web browsers are created equal. Some protect your privacy and security more effectively than others.

    By setting a browser focused on privacy and security as your default browser, the links you click in other apps will open directly in a more secure browser. In any case, always think twice before you open a link you receive through messages or emails.

    Read more on why you should pause before you click when you receive a link in our guide on malware.

    Make sure your browser is up to date

    Enter web addresses in the address bar

    If you know the complete web address of a website (for example securityinabox.org), type it in the address bar to avoid going through a search engine to access it.

    If you just type the name of the website (Security in a Box) without its extension (.org), the browser will open your default search engine with several results, some of which may be malicious.

    If you use the address bar to search the web, consider replacing Google with a more privacy-friendly option as your default search engine).

    Learn why we recommend this

    The address bar is the familiar text field at the top of a web browser’s interface. When you browse the web, the address bar displays the address of the web page you are visiting (in our current case, this is https://securityinabox.org/en/internet-connection/safer-browsing). By typing a web address into the address bar, you'll request a website or a specific page of a website.

    Address bars also offer additional functionalities, like performing web searches or providing suggestions for websites.

    Set your default search engine

    Learn why we recommend this

    Search engines like Google and Bing build profiles of people who use them, track your device specifically and share their users' personal information with third parties. Your browser uses one search engine by default when you use the address bar to perform a web search or when you right-click a selected string of text and click Search.

    Review the camera, microphone and other site permissions

    Learn why we recommend this

    Permissions can be like a door or window you leave open in your house: if one website can get in, others may be able to as well. Make sure only websites you use and trust have permission to use sensitive features like your camera or microphone. Malware might use those permissions to let someone see or hear where you are.

    Secure your connections

    Learn why we recommend this

    The S in HTTPS stands for "secure." This is the protocol you should use to access web pages in your browser. HTTPS encrypts and protects what you are looking at as it travels between your device and the website, making it harder for people trying to spy on you to see, for example, sensitive data you enter or what pages you visit in that site.

    Enable Tracking Protection settings

    Learn why we recommend this

    When you browse the web, cookies and trackers gather details of who you are, where you are, and what you have looked at online. Consider what might happen if these fell into the hands of your adversary, and take these steps to limit tracking.

    Turn off the browser's built-in password manager

    Learn why we recommend this

    Most browsers can generate, save and encrypt passwords for you. However, we recommend you turn this feature off and use a separate password manager like KeePassXC instead. Browser-based password managers put you at greater risk of an attacker tricking your browser into giving up your passwords.

    If you decide to use a browser-based password manager, avoid using it to store passwords for highly sensitive accounts and read our recommendations on how to protect the passwords you store in your browser.

    Use protective browser add-ons/extensions

    • You can choose which add-ons/extensions to install and decide how to configure them, depending on your circumstances.
    • If you are using a device that is managed by someone else (for example in a public library or at your workplace), you might have to make these adjustments repeatedly.
    • Install and configure:
      • Privacy Badger (for Firefox, Chrome/Chromium and Firefox on Android)
        • Why? Prevents tracking and collection of metadata through your browser.
      • uBlock Origin (for Firefox and Firefox on Android) and uBlock Origin Lite for Chrome/Chromium
        • Why? Blocks advertising and trackers, some of which might be malicious.
      • Cookie Autodelete for Firefox and Chrome/Chromium
        • Why? Deletes trackers that gather data on where you have been online.
      • Facebook Container, if you use Facebook or Instagram (Firefox only, only for computers)
        • Why? Keeps Facebook from gathering data on where you have been online and associating it with your profile.
      • Zoom Redirector for Firefox and Xoom Redirector for Chrome/Chromium (only for computers)
        • Why? By making Zoom links open in your browser, this add-on keeps the call within your browser's protections.
      • NoScript (for Firefox, Chrome/Chromium and other Chromium-based browsers like Edge, Brave or Vivaldi) (optional, but recommended; available for computers and for Firefox on Android)
        • Note that NoScript will often make websites look empty or broken. Learn how to configure NoScript so this happens less often.
        • Why? It may be possible for an adversary to get to your device using malicious code in a script downloaded along with a webpage you are viewing. NoScript blocks all code from unknown websites, protecting your device from infection.
    Learn why we recommend this

    When you browse the web, you come into contact with a great deal of code from unknown sources. This is one reason why the overwhelming majority of malware and spyware infections originate from web pages.

    We recommend installing these browser extensions or add-ons to protect against these security and privacy issues.

    Remove unwanted add-ons/extensions and manage pop-ups

    Learn why we recommend this

    Malicious people may try to trick you into installing malware through your browser. They may do this using a pop-up window. Make sure your browser is set to protect you from these tricks. Additionally, remove add-ons/extensions you are not using to be sure you only use pieces of software that you really need.

    Browser add-ons/extensions can be malicious and could be used to spy on you just as any other program or app. It is therefore important to only install add-ons/extensions that you can trust, possibly only from trusted sources, like the Mozilla add-ons repository for Firefox or the Chrome web store for Chrome/Chromium extensions. If you really need to install an add-on/extension from a different source than the official repositories, read Mozilla's tips for assessing the safety of an extension before you proceed.

    Delete your browsing history

    Learn why we recommend this

    Your browsing history is a list of websites you have visited. The default option in Firefox and Chrome/Chromium is to remember your browsing, download, form and search histories.

    Browser history can be helpful to you: your browser will suggest pages you have visited before, so you don't have to re-type addresses or get sent by mistake to sites that are malicious. But there are trade-offs. If someone had access to the history of what you viewed on the internet, there is a lot they could learn about you, the people you work with and the things you have been reading about.

    Use private browsing or Incognito mode

    If you would like to avoid saving your history just for one browsing session, you can use the private browsing, or Incognito mode feature.

    Firefox

    Chrome/Chromium

    Learn why we recommend this

    If you open a browser window in "Private browsing" or "Incognito mode", the browser does not track cookies or save your browser history. Using it is a quick way to hide some of your activity if you otherwise tell your browser it is ok to keep a record of the pages you have searched. It can be especially useful if you need to better protect your privacy from somebody with access to your device.

    Note that private browsing/Incognito mode will not protect you from malware or surveillance. Read our guides on malware and anonymity to learn how to address such risks.

    Consider not showing what you last viewed on startup or your most visited sites

    Learn why we recommend this

    If you are worried that somebody else will have access to your browser, turn off the feature that shows the webpages you had open when you last closed your browser and stop your browser from suggesting to open your most visited sites.

    [Advanced] How to recognize and report a malicious website

    Most modern browsers recognize malicious and unsafe websites by default and will warn you if you try to access phishing, malware or social engineering sites. If you see such a warning, it's best not to visit that website. If, on the other hand, you open such a website without being warned, consider reporting it to improve spam detection systems that protect Google's search results.