internet browsers

From Tor to Dooble: The browsers that prioritise privacy and security

Founder, Privacy PC

Author Bio ▼

David Balaban is a computer security researcher with over 15 years of experience in malware analysis and antivirus software evaluation. David runs the Privacy-PC.com project which presents expert opinions on the contemporary information security matters, including social engineering, penetration testing, threat intelligence, online privacy and white hat hacking.
November 20, 2018

Download

Lithium-Ion batteries. A guide to the fire risk that isn’t going away but can be managed

What kind of security issues are associated with the most popular browsers?

What do we mean by secure browsers or privacy-oriented browsers, and what are their distinctive features? In which direction is the secure browsers segment developing? The answers to these and other questions are provided in my review below.

Introduction

The web browser is probably one of the most demanded programs among users regardless of age, profession or social status. Since the advent of the first browser, many programs of this kind have been developed.

Program developers go to all sorts of tricks in order to attract public attention to their own pet projects. As a matter of fact, it is easiest to win the heart of users by giving them the most comfortable working conditions. To achieve this, one has to support as many operating systems, web technologies, data formats, and protocols as possible, as well as implement all possible convenient functions.

Users also like high-speed page loading. Although some would simply use what is already there and install the most popular one, it’s not necessarily wise since browsers aren’t all equally safe.

Security issues of web browsers

The title of this article may prompt the question: “Aren’t all browsers secure?”

If you go to the ‘settings’ pane of the browser you’re reading this article with, you’ll easily find a section like ‘security’, ‘privacy” or something like that. Security features, such as download protection, URL filtering, tracking prevention or confidential mode have become mainstream, having been adopted by Google Chrome, Microsoft Edge, and Mozilla Firefox.

Why, then, might some popular browsers be less secure than others?

A browser’s popularity doesn’t equate to a high level of its security – indeed, these two qualities rather contradict each other

First of all, from a number of cases in the past, the general public has learned that using the most popular browsers entails security risks. Secondly, products owned by large companies like Google, Microsoft and Apple are actively involved in secretly collecting information transmitted over telecommunication networks on behalf of government.

By their nature, browsers are a very convenient tools for collecting data on user behaviour, habits, and preferences. Naturally, the more widely used the browser is, the more valuable it is for corporations and government organizations as a source of information. But the biggest problem is that we can’t even get a complete idea of how and for what purpose the collected data can be used in the future. We are dealing with a time bomb, and it is rather careless to ignore the fact of its existence.

What is a secure, privacy-oriented browser?

For an average user, most browsers may look secure. But information security experts are well aware that true security and privacy implies giving up numerous additional features and all excessive elements associated with platforms.

Some specialised browsers are optimised to protect users’ privacy, providing them with complete control over the browser’s data collection. Now it becomes obvious that a browser’s popularity does not equate to a high level of its security. Indeed, these two qualities rather contradict each other. Below I discuss the most prominent representatives of the segment.

Tor

It is difficult to talk about secure browsers without mentioning Tor. The development of the Tor browser was a response from employees of the United States Naval Research Laboratory to the avalanche-like increase in the number of security incidents and to protect US intelligence communications.

But Tor is actually just the tip of the iceberg. Behind it lies a secure distributed network of proxy servers (nodes) created in order to ensure the anonymity and privacy of the user on the internet.

The functioning of the browser is based on the principle of “onion routing” (“Tor” is an acronym of “The Onion Router”). Traffic data is encrypted and transferred from server to server – “onion layers.” However, the traffic between the Tor network and the target resource is not encrypted. That is why, if a user wants to transmit sensitive information over the Internet, they still need to take care of confidentiality by using HTTPS or another end-to-end encryption protocol, as well as authentication mechanisms.

Waterfox

It becomes clear already from the name that Waterfox is based on Mozilla Firefox. Apart from it, one can find quite a few other privacy-oriented browsers based on Firefox code, such as Pale Moon and Basilisk.

Waterfox is a very simple open-source web browser. One of the goals of it developers was creating the fastest browser for the 64-bit computers. Waterfox earned its popularity due to the fact that it started to support 64-bit systems even at the time when Mozilla Firefox was still 32-bit.

Waterfox is based on Firefox ESR and therefore supports the traditional Firefox XUL extensions and NPAPI plug-ins. Compared to Firefox, a number of default security settings have been changed, in particular:

  • The integration with the Pocket web service is disabled
  • The automatic sending of telemetry to Mozilla is disabled
  • The Encrypted Media Extensions required for the operation of some sites are also disabled.

These improvements do not bring any substantial speed increase, but help from the security point of view.

Comodo Dragon

The Comodo Dragon browser is based on Chromium technology. In addition to the latest Chromium’s privacy improvements, Comodo implements a number of its own interesting security mechanisms:

  • It uses a domain validation, which identifies and isolates external SSL certificates from internal ones
  • It does not allow cookies and other techniques potentially dangerous in terms of tracking the user actions
  • It prevents the possibility to track the user’s downloads.

Comodo Group Inc is widely known as a developer of various information security tools, including an antivirus and a network firewall, which also makes it necessary to treat the security mechanisms of their browser with due attention. The browser installation window looks very promising for anyone who seriously cares about the security of their personal data — the user can at once take advantage of the offer to use Comodo’s own free DNS servers to increase the security level and even the Internet speed.

Epic

Epic browser is also based on Chromium technology. The developers see Epic’s mission in counteracting the hidden surveillance of users’ actions and point out the shortcomings of many of the security mechanisms that are common today, including the incognito mode, browser extensions, and VPN tools.

The statistics we have is disappointing: about 80% of websites use one or more trackers. After visiting the fifty most popular websites, over 3000 tracker files can be installed on a user’s computer.

Epic blocks the most critical channels of leakage of personal user data:

  • It does not allow the address bar prompts and URL tracking modules
  • information related to the installation of the browser
  • It blocks browser tracking modules and error sending features.

In addition, Epic protects search queries data, for which a secure search engine core is built into it, and blocks many different types of trackers, including scripts, cookies, agents, etc. The default privacy settings are set to disallow all the redundant and potentially dangerous mechanisms of the browser, including history, saving passwords, page caching, synchronization with Google servers, auto-complete, etc.

Dooble

Finally, let us have a look at, perhaps, the most unusual solution presented in this post, the Dooble cross-platform browser. On November 5, 2017, the first release of the 2.0 generation of the Dooble browser was presented, in which, compared to previous versions, almost everything was revised, beginning from the logic of operation and ending with icons.

As we have already seen, most Internet browsers are based either on Chromium or, less often, on Firefox, which makes them very similar to each other. Unlike them, Dooble is an independent and original software product, which, however, is not much inferior in terms of functionality.

The comparatively low popularity level of Dooble is explained by the fact that the first versions caused a lot of complaints, and although a lot of water has flowed since the project start in 2009, it’s still treated with caution. The basis of Dooble is the WebKit engine, and the browser user interface should be considered rather unusual.

Conclusion

You have just read about the most prominent representatives of the secure browsers segment. We did not aim at conducting a detailed comparison.

Each of the solutions presented has certain advantages and disadvantages, each has its admirers and critics. It is natural, since goals, expectations, lifestyles of people differ, and the level of security may also differ.

The main conclusion is that one should expand hist set of criteria for choosing a suitable browser taking into account data breach risks. One should be aware that an increase in the security level will often be connected with a loss in convenience and the Internet speed.

The auto-fill of usernames and passwords, the synchronization of user data with external servers, and visitor history make life easier, but they also have a negative impact on security. Enhancing your security is always possible with the help of VPN technology which allows you to encrypt all the traffic and change your IP address. But you should understand that an absolutely safe browser does not exist, just as there is no absolute security in principle.

As we can see, at present there is no unified approach to building a protected browser. Basically, the developers’ efforts go the following directions:

  • Developers take a popular solution as a base and remove all the unnecessary, potentially dangerous components.
  • Taking a popular solution and just set safe default settings in it.
  • Creating a browser with the minimum required functions and a set of built-in protection mechanisms.

In practice, you can often observe various combinations of these approaches. It should be noted that the products reviewed above provide a higher level of security than the most popular browsers. Taking this into account, it makes sense to keep secure browsers on hand as an alternative in performing at least the most security-sensitive operations on the Internet.

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments