What to look for when choosing a browser. From business model to fingerprinting resistance.
How you browse the internet is one of the most important questions to ask yourself if you care about online privacy. Not only because the browser in itself can collect a large amount of personal data about your internet behavior. But also because the internet is built on an infrastructure that makes it possible to use your browser to access that data for those who want it.
Let’s start with the obvious: don’t pick a browser whose core purpose is to collect data from you. Aka: big tech browsers.
If you use a VPN but don’t care which web browser you run, you are likely to go with the most popular one. In that case it’s not totally wasted VPN money and effort, but let us put it this way: some browsers are entirely designed to collect your data. If you use a big tech company’s web browser, ask yourself the following question: what is their business model? This comic is a fun (well, not fun, but you get it) read on the subject. As the comic artist and digital rights activist Leah Elliot puts it: “Chrome collects your IP address, the words you search for, the videos you watch, the pages you visit, the ads you click, your purchase activity, the network of people you’re in touch with, and much more. All facets of your life are scrupulously collected, analyzed and assembled into an intimate profile: a data text that aims to describe what makes you you.”
All facets of your life are scrupulously collected [by the browser], analyzed and assembled into an intimate profile: a data text that aims to describe what makes you you.
So, it’s pretty clear you shouldn’t run a browser that’s all about collecting data from you. Quite the opposite – your browser should help you fight all those techniques used to track you on the internet. Your browser should be as good a friend as your VPN. And the truth is, some browsers are trying to do that job these days. Some big improvements have come from the Tor Project and have been implemented by Firefox. And there are several other browsers today that limit things like third-party-based tracking. However, as a result of this, advertisers and others interested in capitalizing on your behavioral data have invested in other tactics for tracking users around the web. In other words: it’s become more important for them to use browser fingerprinting.
Browser fingerprints: make sure your browser is fighting for your privacy – but not ‘too much’.
So let’s dig deeper into what makes a good privacy-focused browser. First, we believe that fingerprint resistance is definitely of importance. Especially now, with browsers blocking third-party resources and cookies are under legal attack, advertisers and other data gatherers are looking for other solutions.
Another thing to keep in mind: with an internet infrastructure loaded with different tracking techniques, it could be tempting to offer as many cool features as possible to stop and block them. But the irony is that your attempts to block trackers could be the one thing to make you uniquely identifiable. The more protection you use, the higher the risk that you will be exposed with a unique browser fingerprint.
That’s why the Mullvad Browser only uses uBlock Origin to block third-party trackers, for instance. In this case, we lean towards what Peter Eckersley called “the paradox of fingerprintable privacy”. As the Tor Project describe this paradox: “Sometimes having no specific defense is better than having one. By wanting to increase online privacy, you install extensions that in the end make you even more visible than before.”
The most important and simplest question is: do you collect any kind of data from your users’ browser activity? The longer the answer, the bigger the doubt.
Telemetry: don’t let your browser ‘call home’ and betray you.
Telemetry is data being collected by the browser to improve its performance in the long run. That means your browser is gathering information like session lengths, crash and error reports, and automatically checking for update status every time you start the browser. What’s the problem with this? Well, it’s all about your trust in your browser provider (and their ability to store this data safely). Some browser providers state that they only collect this or that data, and that the data is anonymized. This is the kind of arguments you also run into when researching VPN providers. And we think they are a good blueprint; we think you should ask the same kind of questions of your browser provider as your VPN provider.
The most important and most simplest question to ask your browser provider is: do you collect any kind of data from your users’ browser activity? The longer the answer, the bigger the doubt. Here you can read our answers to this question. The same goes for our VPN. Here you can read the answers regarding our VPN. Remember: if you have big data sets of anonymous data – well, it’s impossible to keep that data anonymous in the long run.
Mullvad has no interest in earning money from the Mullvad Browser; the only interest we have in this is to provide the best possible privacy-focused browser possible to our VPN users – and to everyone else, for that matter.
Business model: follow the money.
It all comes down to the business model. If your browser provider has problems answering simple questions, it’s probably because they collect data and possibly sell it. A straightforward way to get a clue is to follow the money. How does your browser provider earn money? Is it by sending all its users to a big tech search engine provider (to take just one example) by default? Is it by running third-party add-ons from companies whose business model revolves around collecting data? And by the way, who are the owners of the browser? Are they a part of a company group together with other businesses that earn money in the big data industry? Or are they owned by a venture capitalist who could change their focus at any time? Any other strange arrangements?
Our answer to this question: the Mullvad Browser is developed by the Tor Project (a non-profit organization) and Mullvad VPN (which makes money from its paying VPN users). We have no intention of earning money directly of the Mullvad Browser; the only intention we have in this is to provide the best privacy-focused browser possible to Mullvad’s VPN users – and to everyone else, for that matter.
Fight against browser monoculture.
Before you go on, we’d like to leave you with one final argument that supports not choosing the most popular browser out there. Since Chromium is the browser engine used by the most popular browsers, there’s what we could call a browser monoculture right now. That means any decision they make has a direct effect on what the web actually is and becomes. So to make sure the future of the internet is not decided by a surveillance capitalist: support diversity!