~/tools/browsers

Browsers & Search

last updated 2026-06-17 · 5 recommendations · what changed

Your browser sees everything you do online, which makes it the single biggest privacy decision on a normal computer. The good news: the right pick works out of the box: no extension pile, no settings safari.

before you pick More hardening is not automatically better. Aggressive fingerprinting protection breaks sites, and a heavily customized browser can be more identifiable, not less. Pick the tier of friction you'll actually live with: a private browser you abandon after a week protects nothing.

what actually matters

tracking protection by default

Blocking trackers and third-party cookies out of the box, not buried behind flags or an extension you have to know to install.

fingerprinting resistance

Trackers don't need cookies if your browser's configuration is unique. Resisting that matters more every year.

engine security

Chromium is more battle-tested and extensively vetted than Gecko: a flat security reality that privacy circles often wave away. The monoculture concern is real too; it's just a different axis.

update cadence

Browsers are the most attacked software you run. Fast security updates beat any privacy tweak.

recommendations

Brave

the default pick

chromium derivativeopen sourceshields built inanti-fingerprintingfree · origin ~$60 one-off

A direct Chromium derivative (not a fork) which keeps it close to upstream and gives it a genuine security edge over Gecko-based alternatives. What it ships matters: aggressive first-party ad and tracker blocking baked in, one of the most robust anti-fingerprinting implementations in any mainstream browser, and a shields system that needs no separate extension layer. The "crypto browser" criticism is lazy: BAT rewards are entirely opt-in and gone in under a minute, which is functionally no different from Mozilla shipping Pocket, sponsored shortcuts, or that Mr. Robot extension nobody asked for. The double standard deserves calling out.

Brave Origin answers the bloat argument outright: a variant that strips all non-privacy/security-essential features and hard-disables them rather than hiding them behind toggles. One-time ~$59.99 on Windows and macOS, free on Linux, the cleanest version of an already strong browser at no cost if you're on the right OS.

good

Strong blocking and fingerprint randomization with zero setup
Chromium's security posture and site compatibility
Origin variant: minimalist build, features hardware-disabled, free on Linux
Brave Search integration: an independent index by default

mind the

Chromium monoculture is a legitimate systemic concern, ideologically
Rewards/wallet clutter in the standard build, switch it off first thing
Origin's licence check uses a blind-token protocol (Privacy Pass): architecturally sound, but it is one more trust layer worth knowing about

free · Origin ~$59.99 one-off (free on linux) brave.com →

Firefox

the gecko pick

gecko engineopen sourceneeds hardeningfull extension libraryfree

Still a valid alternative for people who genuinely need Gecko: the full extension ecosystem (including unrestricted uBlock Origin), certain enterprise compatibility, or an ideological preference against the Chromium monoculture. Be honest about the work, though: out of the box it isn't competitive on privacy, and needs hardening (arkenfox user.js or a pre-hardened build like LibreWolf) plus telemetry and sponsored content switched off.

good

The last serious non-Chromium engine: a vote against the monoculture
Unrestricted extensions, including full uBlock Origin
Container tabs separate work / personal / shopping identities
Deeply configurable for those willing to do the work

mind the

Requires hardening to match what Brave does by default
Telemetry and sponsored tiles ship enabled
Gecko sees less security scrutiny than Chromium, the uncomfortable flip side of engine diversity
Mozilla's funding still mostly comes from Google's search deal

free mozilla.org →

Helium

the one to watch

chromium / ungoogled baseopen sourcebetano sync · no drmfree

A lean open-source Chromium browser built on ungoogled-chromium by a small team (imput). Strong privacy defaults: Google services removed, trackers and third-party cookies blocked out of the box, and the attack surface kept small by deliberately omitting sync, a built-in password manager, and DRM. Still in beta with limited auto-update on some platforms, not a daily-driver replacement yet, but genuinely interesting for purists who want even less than Brave Origin.

good

Privacy-by-omission: less shipped means less to audit and less to leak
Google services removed at the ungoogled-chromium level
Blocking on by default, no account, no monetization angle

mind the

Beta software from a small team, treat it accordingly
Limited auto-update on some platforms is a real security cost
No DRM means no Netflix and friends; no sync means you're the sync

free helium.computer →

Mullvad Browser

recommended secondary

gecko engineco-developed with tor projectanti-fingerprinting by uniformityno vpn requiredfree

Built by Mullvad in partnership with the Tor Project, using the same hardened Firefox base as Tor Browser but without the Tor network attached. The strategy is different from most "private browser" pitches: it doesn't try to make you unique, it tries to make you identical to every other Mullvad Browser user: a shared, locked-down fingerprint is far stronger anti-tracking than per-user randomization. Pairs naturally with Mullvad VPN for matched infrastructure, but works perfectly well with no VPN at all, which is why it's a secondary pick rather than a daily driver.

good

Uniform fingerprint by design: strong defense against tracking, not just blocking
Built and maintained by two organizations with real anti-surveillance track records
Doesn't require Mullvad VPN or any subscription

mind the

Aggressive hardening breaks some sites, expect occasional friction
No extensions ecosystem to speak of; that's deliberate, not a bug
Best as a secondary browser for sensitive browsing, not everyday use

free mullvad.net/browser →

Vivaldi

the power-user pick

chromium basebuilt-in tracker/ad blockingheavily customizablemainstream-leaningfree

A Chromium browser built around customization first, privacy second: tab stacking, panels, a built-in mail client, and more interface options than almost anything else on the market. It ships built-in tracker and ad blocking, which puts it ahead of stock Chromium and most Chromium forks that ship nothing, but it's more feature-dense and mainstream than it is privacy-first by design. A reasonable pick for someone who wants Chromium's compatibility and a genuinely useful blocker, with heavy customization as the main draw rather than minimizing footprint.

good

Tracker and ad blocking on by default, no extension required
Extremely configurable UI: tab stacking, panels, custom shortcuts
Chromium compatibility and update cadence
No Google account ties; independent Norwegian company

mind the

Feature-dense by design: more surface area than a minimalist browser
Fingerprinting resistance is weaker than Brave or Mullvad Browser
Still Chromium under the hood, with the same monoculture trade-off

free vivaldi.com →

at a glance

browser	engine	blocking by default	fingerprint defense	auto-update	friction
Brave	Chromium	built-in	randomization	yes	low
Firefox	Gecko	strict mode + uBlock	needs hardening	yes	medium
Helium	Chromium	built-in	lean profile	platform-dependent	medium-high
Mullvad Browser	Gecko	built-in	uniformity by design	manual-ish	medium-high
Vivaldi	Chromium	built-in	standard chromium	yes	low

friction = day-to-day breakage and maintenance, not install difficulty.

search engines

Brave Search as primary. It runs an independent index (not a reskinned Bing or Google feed), which puts it in a different category from most "private" search engines. Result quality is competitive and well past the rising-star phase. It's the default in Brave already; in other browsers it's two clicks to set.

Startpage as secondary. Proxied Google results plus the Anonymous View feature: the pragmatic answer when you need Google's retrieval quality without the direct relationship. Caveat: it's owned by System1, an ad-tech company. Fine as a secondary with clear utility; not architecturally trustworthy enough for a primary.

Qwant if you want a second independent index. French, partial own index, GDPR jurisdiction, credible privacy stance. Not as robust as Brave Search, but a reasonable European-backed rotation option.

DuckDuckGo, with eyes open. Usable and easy, but it's primarily Bing-backed and structurally inherits Bing's limitations. In 2022 its CEO publicly endorsed down-ranking sites associated with Russian disinformation; much of the mechanism came from Microsoft's own policy changes, but the endorsement was DDG's. If you can't control your index, you can't fully control your results. Acceptable for casual use; don't treat it as neutral.

Kagi if you'll pay to opt out of the ad economy entirely. A paid, no-ads, no-tracking search engine with independent ranking signals: the subscription funds the business directly instead of your data or attention doing it indirectly. Worth it for anyone who treats search quality as a tool budget rather than something that has to be free.

SearXNG for a self-hostable, no-account option. An open-source metasearch engine that aggregates results from other engines (Google, Bing, Brave Search, and more) without forwarding your identity to any of them. Run your own instance for full control, or use one of the many public instances if you trust the operator. No tracking either way.

more browsers worth knowing

Floorp, a Firefox-based fork aimed at privacy and research use, with workspaces, vertical tabs, and a set of hardening tweaks applied out of the box. A reasonable middle ground for someone who wants more than stock Firefox without doing the arkenfox work themselves, though it carries the same smaller-team maintenance risk every Firefox fork does.

LibreWolf, Firefox with arkenfox-style hardening baked in before you ever open it: aggressive fingerprinting resistance, telemetry stripped, trackers blocked by default. The honest take: this is not recommended as a daily driver. The hardening that makes it strong also breaks sites more often than most people will tolerate day to day. Update cadence has closed the gap with Firefox proper (patches now typically land within days of upstream), though the structural risk of a smaller team with no centralized telemetry feedback loop remains. Better used as a secondary, research-grade browser than an everyday one.

mind the

No automatic updates: releases track Firefox within days, but applying them requires manual action or a package manager - easy to run unpatched on standalone installs
Disables Safe Browsing by default, removing Firefox's built-in malware and phishing blocklist (can be re-enabled, but off by default)
Inherits Gecko's weaker sandboxing and site isolation compared to Chromium - an engine-level gap no fork can close
Maintained by a small volunteer team with no staffed security organization or telemetry feedback loop; institutional gap matters for rapid issue detection
Privacy hardening ≠ security: some defaults trade real-world malware/phishing/patch protection for privacy gains

Orion, a WebKit-based browser built by Kagi around privacy, notable for supporting both Chrome and Firefox extensions despite running a different engine entirely. Stable on macOS and iOS, with a Linux beta now available and Windows in development. Closed source, unlike most of this list; free, with an optional paid Orion+ tier for extras. Extension support is good but not complete yet, especially on iOS.

worth knowing

On Brave, skip the extension pile entirely. Shields already cover what most "privacy extensions" claim to do, and every extra extension makes you more fingerprintable. On Firefox, install exactly one: uBlock Origin. Gecko still runs it unrestricted, unlike Chromium's Manifest V3 limits (which don't affect Brave's native shields). This applies everywhere, not just Brave and Firefox: uBlock Origin is the one extension worth installing, and piling on more "privacy" extensions on top of it tends to make you more identifiable, not less; each one adds another fingerprintable signature to your browser's configuration.

First-run checklist for Brave: settings → turn off Rewards, Wallet, and News if you don't want them. That's the whole de-clutter; shields and anti-fingerprinting are already on.

Private/incognito mode is not privacy. It only stops local history. Your ISP, employer, DNS resolver, and the sites themselves see exactly the same traffic: that's what encrypted DNS and VPNs are about.

If you need actual anonymity, that's Tor Browser. Nothing on this page hides who you are from a determined observer; these picks reduce tracking, they don't make you anonymous. Different problem, different tool.