Every one of the estimated 3.7 billion Internet users should be concerned that the vast majority of their searches, the contents of their shopping baskets both on and off line, often their location, and, by careful statistical analysis, their associates are exposed to the corporate desires of the likes of Google, Microsoft, and Facebook. This information, once collected, is available to law enforcement agencies in many international jurisdictions. Some governments additionally collect information directly to spy on their citizens. One might also consider that logs of private information are also ripe for hackers, paid by organized crime or governments, who break into notionally “secure” systems.
Our mobile devices are also directly inspectable by customs agents when we cross international borders, and in some jurisdictions by police on the street.
Those who say that they have no care for privacy on the Internet have seemingly no idea of the abuse to which such information may be put. The Holocaust was perpetrated by a vicious regime primarily on the basis of household religious indications from a century of national census collection. No government of the past has ever had access to the amount of information available about the location and habits of individual citizens.
How can we possibly protect ourselves from a technically savvy authoritarian government that is willing to abuse this treasure trove of data?
Our browsers, those critical tools for our daily lives, are not currently our friends. They are the portal by which our personal information flees to corporate and government interests.
There are two fundamental approaches to securing our personal information in browsers. The first and easiest is to avoid recording your history from your local device. This is the primary tool behind browsers’ privacy modes such as Firefox’s private mode or Safari’s incognito mode. No having local data will provide some level of protection if your phone or computer is seized.
The Electronic Frontier Foundation (EFF) has made a useful tool called Panopticlick to test browsers vulnerability to online tracking. The odd but fitting name is a reference to the Panopticon, a type of jail designed in 1787 by English philosopher Jeremy Bentham. A single jailer could see a large number of prisoners in the Panopticon.
This post reports on a series of Panopticlick tests on a variety of browsers. Desktop browsers were tested on a MacBook Pro. Mobile browsers were tested on an Apple iPhone 6 and a Sony tablet running Android Marshmallow.
Panopticlick asks four questions of browsers:
- Is your browser blocking tracking ads?
- Is your browser blocking invisible trackers?
- Does your browser unblock 3rd parties that promise to honor Do Not Track?
- Does your browser protect from fingerprinting?
A perfect browser would respond in the affirmative to each question, and a report might look like this:
|My good browser||yes||yes||yes||yes|
A browser that failed all four tests would have a negative report. The last question would be answered by noting that a unique fingerprint could be calculated:
|A terrible browser||no||no||no||unique|
It is naturally possible for some browsers to provide partial implementations to block tracking ads or other trackers. Partial implementations are marked in yellow.
Desktop Browser Tests
Tests were performed on an Apple MacBook Pro, running MacOS Sierra version 10.12.4.
Safari version 10.1 (12603.1.30.0.34)
|Safari (Mac, default)||partial||partial||no||unique|
|Safari (Mac, private browsing, default)||partial||partial||no||unique|
|Safari (Mac, private browsing, block cookies and website data)||partial||partial||no||unique|
Chrome version 57.0.2987.133 (64-bit)
|Chrome (Mac, default)||yes||no||no||unique|
|Chrome (Mac, EFF Privacy Badger installed)||yes||yes||no||unique|
|Chrome (Mac, incognito mode, default)||partial||partial||no||unique|
|Chrome (Mac, incognito mode, block cookies and website data)||yes||yes||no||unique|
Blocking all sites entirely using manual control of Privacy Badger yielded the same results as having Privacy Badger installed.
Safari’s incognito mode blocks plugins including Privacy Badger, so using plugins is ineffective to increase privacy on Safari.
Firefox version 52.0.2
|Firefox (Mac, default)||no||no||no||unique|
|Firefox (Mac, EFF Privacy Badger installed)||yes||yes||yes||unique|
|Firefox (Mac, NoScript installed)||yes||yes||yes||yes|
|Firefox (Mac, private mode, EFF Privacy Badger installed)||yes||yes||yes||unique|
|Firefox (Mac, private mode, NoScript installed)||yes||yes||yes||yes|
Firefox’s private mode does not block plugins, so Privacy Badger could be used with private mode.
Mobile Browser Tests on iOS
Tests on iOS were performed on an Apple iPhone 6, running iOS version 10.3.1.
Safari iOS version 10.3.1
|Safari (iOS, default)||partial||partial||no||unique|
|Safari (iOS, private browsing, default)||partial||partial||no||unique|
|Safari (iOS, private browsing, block cookies and website data)||partial||partial||no||unique|
|Safari (iOS, Disconnect Privacy Pro installed and VPN active)||yes||yes||no||unique|
Firefox iOS version 7.1 (2565)
|Firefox (iOS, default)||no||no||no||unique|
|Firefox (iOS, private mode, default)||partial||partial||no||unique|
|Firefox (iOS, Disconnect Privacy Pro installed and VPN active)||yes||yes||no||unique|
Firefox Focus iOS version (current as of 17 April 2017)
|Firefox Focus (iOS, default)||yes||yes||no||unique|
|Firefox Focus (iOS, “Block other content trackers” option on)||yes||yes||no||unique|
|Firefox Focus (iOS, Disconnect Privacy Pro installed and VPN active)||yes||yes||no||unique|
The motto for Firefox Focus is “Browse, erase, repeat”, which shows its focus on erasing local history.
Chrome iOS version 57.0.2987.137
|Chrome (iOS, default)||no||no||no||unique|
|Chrome (iOS, incognito mode, default)||no||no||no||unique|
|Chrome (iOS, Disconnect Privacy Pro installed and VPN active)||yes||yes||no||unique|
Opera Mini iOS version 126.96.36.199835
|Opera Mini (iOS, default)||no||no||no||unique|
|Opera Mini (iOS, “Accept Cookies” turned off and “Block Pop-ups” turned on)||no||no||no||unique|
EFF suggests rather concerningly, “switching to another browser or OS that offers better protections.”
Mobile Browser Tests on Android
Tests on Android were performed on a Sony Xperia Z2 Tablet SGP511, Android version 6.0.1 (Marshmallow), kernel 3.4.0-perf-gc14c2d5
Chrome Android version 57.0.2987.132
|Chrome (Android, default)||no||no||no||unique|
|Chrome (Android, incognito mode, default)||no||no||no||unique|
Firefox Android version 52.2
|Firefox (Android, default)||no||no||no||unique|
|Firefox (Android, private mode, default)||yes||yes||no||unique|
Opera Mini Android version 24.0.2254.115784
|Opera Mini (Android, default)||yes||yes||no||unique|
|Opera Mini (Android, private tab, default)||yes||yes||no||unique|
NB: Opera Mini tested “no” in all categories last week, but Opera seems to be adding an effective ad blocking technology, which seems to have come to Android before iOS.
Disconnect free edition for Android (no version number, as of 23 April 2017)
|Disconnect in-app browser(Android, default)||partial||partial||no||unique|
NB: Disconnect Pro/Premium versions were not tested on Android because I was borrowing the device and didn’t want to buy my friend a $50 subscription.