Overview

Choosing the correct browser is one of the most important things to consider when trying to stay anonymous online. However, privacy often comes at the cost of functionality. For instance, the best way to ensure the privacy and security of the files on your personal computer is not having a connection to the internet at all, but apart from government agencies and some corporate networks, few would consider going to such extremes.

When it comes to browsers, the rules stay the same: the more functionality a browser possesses, the more points of failure it has. When taken to an extreme, the most private and secure browser in the world is Lynx, because as a text based browser it doesn't support JavaScript, plugins or any other technologies that may threaten privacy. Needless to say, many of these technologies are helpful and are used to compose the web as we know it, which means that for general purpose browsing a compromise between privacy and functionality must be made.

The task here is to find a browser that supports all relevant technologies, while maintaining the power and flexibility of customization of blocking features that may be detrimental to privacy. Additionally, the browser has to be free and open source in order to verify its integrity and should not be produced or directly affiliated with a company that gets a major portion of its revenue from tracking users, such as targeted advertisement, to avoid a conflict of interest. Below is a list of browsers and some reasons why they should be used or avoided.

Browsers currently acceptable in terms of privacy

Firefox ESR 52

When it comes to privacy and customization, Firefox used to be the go to browser, however with the deprecation of XUL/XPCOM extensions, things have changed. Firefox 57 has marked the end of the rich feature set of the browser, marking Firefox customization effectively dead. The ESR channel is on life support until April 2018, when ESR 52 is going to be deprecated. It can not be relied on as a long term solution. Therefore it only logically follows, that Firefox must be abandoned in favor of forks that are going to stay true to the original ideology of Mozilla as opposed to what it has become today.

Waterfox

Waterfox is a fork of Firefox that is compiled with optimizations for 64bit systems, doesn't include certain features that pose a risk to privacy, such as Telemetry and Adobe EME, allows running unsigned extensions, doesn't plan to forcefully deprecate XUL/XPCOM extensions and has a few other privacy enhancing features under the hood. Additionally, MrAlex has recently announced his plans to create a new browser based on the current Mozilla Platform, which would support existing addons, while introducing new features to the browser. Although the long term viability of the project may be in question, it is currently one of the two feature rich browsers recommended for privacy oriented users.

Pale Moon

Pale Moon is the second feature rich browser recommended for privacy. It is based on a fork of the Gecko engine called Goanna, which maintains the old pre-australis front-end of the browser together with a more modern, patched back-end. It has enhanced security and privacy features, such as a built in canvas spoofer and lacks certain risky features, such as WebRTC. It doesn't support all of the latest Firefox addons, but the vast majority of the useful ones either work or have working alternatives. While it lacks certain features, such as some HTML5 technologies, e10s, WebExtensions, and a modern media parser, it remains a fast a secure browser with a solid foundation.

Basilisk

Basilisk is Moonchild's new UXP-based browser, which supports many features of new versions of Firefox, including partial support of WebExtensions. It is very new and still contains a lot of bugs and Mozilla atavisms. It is also considered testing software, which puts its security under question. The current builds are also not well optimized and are noticeably slower than Waterfox and Pale Moon.

SeaMonkey

SeaMonkey is an application suite that consists of a web browser, an email, RSS and newsgroup client, an HTML editor, and an IRC chat. It has an outdated interface, but the back-end is modern and secure. However, it has limited support for Firefox extensions, including many privacy oriented ones and therefore can not be recommended. The future of the project, in light of the changes in Mozilla's policies, is currently unclear and it remains to be seen, whether SeaMonkey is going to survive in 2018.

Tor Browser

Tor Browser is probably the best out-of-the-box solution in terms of privacy. It is a modified version of Firefox ESR, that comes with a built-in Tor network and hardened privacy settings. While Tor Browser may be the best solution for hardcore anonymity uses, such as avoiding government agencies for highly illegal activities, it is not a practical option for general purpose browsing due to the speed limitations of the Tor network.

Browsers that are not acceptable in terms of privacy

Firefox Quantum

Firefox Quantum, aka Firefox 57+, has marked the beginning of a new era for the browser. While implementing Servo elements into the engine has allowed the browser to become faster at rendering pages, the political decision to get rid of XUL/XPCOM extensions, as well as the plethora of gutted features, has left it wanting in terms of customization and feature set. Another recent concern is the partnership between Mozilla in Cliqz, which involves shipping the Cliqz experiment to a portion of the German users of Firefox. Cliqz is posed as a privacy respecting browser and search engine, but according to their own transparency sheet, the amount of data they collect can put Chrome to shame. Their recent purchase of Ghostery, which has exhibited similar behavior in the past, further proves this point.

Internet Explorer/Edge

Proprietary browsers made by Microsoft, a long standing supporter of PRISM. They come built into Windows and receive updates far less often than third party alternatives. Not recommended to anyone concerned with privacy.

Google Chrome

Chrome is probably the worst major browser one can choose, and considering the usage statistics, it tends to prove my theory that facing a multiple choice problem the majority of people tend to choose the worst possible option. It is proprietary, created by Google, a company focused on selling personalized advertisement and comes with a variety of built in tracking techniques. It also lacks the customization and usability set of Gecko-based browsers and therefore should not be used by anyone who values privacy or usability.

Chromium

Chrome's open source counterpart. It doesn't include all of the tracking methods that come with Chrome, but has previously been proven to spy on users after all.

Opera, Vivaldi, Other proprietary Chromium based browsers

These browsers have all the privacy issues that Chromium has and possibly more, which can't be verified due to the closed source code.

Safari

All the things said about Opera and Vivaldi also apply to it, the only difference is in ditching one untrustworthy corporation for another. According to the license agreement Safari collects "Diagnostics and Usage data" which includes a unique system identifier. You can opt out of data collection, but since the source code of the browser is closed there is no way to verify that the collection process stops if opted out.

Maxthon

Taken from Wikipedia:
In 2016, computer security researchers from Fidelis Cybersecurity and Exatel discovered the browser surreptitiously sending sensitive browsing and system data, such as ad blocker status, websites visited, searches conducted, and applications installed with their version numbers, to remote servers located in Beijing, China. According to Maxthon, the data is sent as part of the firm's 'User Experience Improvement Program' and it is "voluntary and totally anonymous." However, researchers found the data still being collected and sent to remote servers even after users explicitly opt-out of the program. The researchers further found the data being sent over an unencrypted connection (HTTP), leaving users vulnerable to man-in-the-middle attacks. Fidelis' Chief Security Officer, Justin Harvey, noted the data "...contains almost everything you would want in conducting a reconnaissance operation to know exactly where to attack. Knowing the exact operating system and installed applications, and browsing habits it would be trivial to send a perfectly crafted spear phish to the victim or perhaps set up a watering hole attack on one of their most frequented websites."

Browsers that may be acceptable in terms of privacy, but are not recommended for use

SRWare Iron, Inox, Ungoogled-Chromium, Iridium, Brave, Other privacy oriented Chromium based browsers

All of these browsers seem to lack publicly available audits by independent reviewers to support their privacy claims. Moreover, even assuming that their claims are genuine, they still lack the power of privacy enhancing addons and usability extensions enjoyed by Gecko-based browsers, so there is no practical reason to choose them.

Other browsers

These include Midori, Konqueror, Qupzilla, and other open source browsers. They are typically small projects maintained by a dedicated group of developers and can often be buggy or lack certain features that are common in more popular browsers. While their privacy features may be solid, they simply lack the extensive security testing, feature set and extensibility of Gecko-based browsers.