A Defensive Computing Checklist    by Michael Horowitz
NOTE: I gave a presentation on Defensive Computing at the HOPE conference in July 2022
HOME | Full Site Index | Domain Names | VPNs | iOS | Android | About | Rules of the Road | DC Presentation |

WEB BROWSERS

Web browsers are one area where the wisdom of the crowd does not apply. In the old days, the crowd used Internet Explorer, now it's Google's Chrome browser. Don't use either one. The bottom half of this page has many articles that make the case against the Chrome browser. I would also avoid the Edge browser for two reasons. First, it is popular and thus a high value target. Second, I don't trust Microsoft.

On a desktop Operating System (Windows, macOS, Linux) I suggest using either Firefox or the Brave browser. Brave has ad blocking and tracker blocking built in, it is based on Chrome, supports all Chrome extensions and also runs on Android and iOS. I would also consider the Vivaldi and DuckDuckGo browsers on the OSs where they are available.

ARTICLES SUGGESTING NOT TO USE CHROME

Opinion: it is time to switch from Chrome to another browser by Martin Brinkmann for GHacks (Sept 2022). His reasons: Chrome is a powerful data gathering tool, Chrome's dominance gives Google a lot of weight when it comes to establishing new web standards, the move to Manifest V3 makes it more difficult to run content blockers and privacy extensions in Chrome.

8 reasons to quit Chrome and switch to Firefox by Alaina Yee for PCWorld (May 2022)

It's time to dump Chrome as your default browser on Android by Jack Wallen for TechRepublic (Nov 2021).

Individual cookie controls are removed from Privacy and Security in Chrome 97 by Martin Brinkmann (Nov 2021)

Ditching Google Chrome was the best thing I did this year (and you should too) by Adrian Kingsley-Hughes for ZDNet (Nov 2021).

Why You Should Delete Google Chrome On Your Phone by Zak Doffman in Forbes (Nov 2021).

Jan 7, 2021: Today I stumbled across another reason not to use the Chrome browser. I was using Chrome version 87 on Windows 10. In Settings -> Autofill a particular website (x.com for the sake of example) was set to never save the password. It had been configured this way for a while. I opened an Incognito window and went to the x.com website. When I went to login and clicked in the UserID box, what showed up? My userid for x.com. There is no way to tell Chrome not to save the userid. And what is the use of incognito mode anyway, if it has access to the userid of what I consider a sensitive website?

A Long List of Ways Brave Goes Beyond Other Browsers to Protect Your Privacy. Written by Brave. No date.

We're suing Google for harvesting our personal info even though we opted out of Chrome sync - netizens by Thomas Claburn of The Register (July 2020). The lawsuit claims that although Google promises that Chrome users can opt out of surveillance by not providing personal information and by not synching their data, people get spied on anyway.

Google sued for at least $5 billion over claimed Incognito mode grab of potentially embarrassing browsing data by Ethan Baron (June 2020). A new incognito page does not warn that Google knows what you do. It does warn that websites you visit and your ISP know what you do, even with private browsing mode.

Incognito mode detection still works in Chrome despite promise to fix by Catalin Cimpanu for ZDNet (June 2020). Google said last year that it would fix a bug that allowed sites to detect incognito mode, but no fix ever came.

Both Firefox and Brave have defenses against browser fingerprinting that Chrome does not have.

Still another reason not to use Chrome: Google: You know we said that Chrome tracker contained no personally identifiable info? Forget we ever said that by Thomas Claburn of The Register (March 2020)

From ProtonMail: Most secure browser for your privacy in 2020 (Dec 2019). In brief: Chrome is bad. Firefox, Brave, Tor and DuckDuckGo (mobile only) are good.

Chrome fails miserably at indicating when insecure data is being sent from a secure page. See my blog (Feb 2020).

uBlock Origin works best on Firefox where it can undo CNAME Cloaking. See If you run uBlock Origin, use the Firefox version as it offers better protection by Martin Brinkmann (Feb 2020).

These hidden cache files are bloating your Google Chrome by Adrian Kingsley-Hughes (April 2020). Chrome caches JavaScript files and there is no simple way to clear the cache, you have to find the folder and delete the files on your own. After reading this, I found data in the cache that was over 4 months old.

Study finds Brave to be the most private browser by Martin Brinkmann (Feb 2020). Only default browser configurations were tested.

Germany's cyber-security agency recommends Firefox as most secure browser by Catalin Cimpanu (Oct 2019). Firefox was tested against Chrome, Internet Explorer and Edge. Not tested were Safari, Brave, Opera, or Vivaldi. The big finding, to me, was that Chrome, IE and Edge have no option to block telemetry.

It's Time to Switch to a Privacy Browser by David Nield in Wired (June 2019). Good article that covers the DuckDuckGo browser (iOS, Android and an extension), the Ghostery browser, Brave, Tor and much more.

Google Chrome has become surveillance software. It’s time to switch. by Geoffrey Fowler in the Washington Post (June 2019) has a great quote: "having the world's biggest advertising company make the most popular Web browser was about as smart as letting kids run a candy shop." Alternate link

There is a whole website (NoToChrome.org) devoted to the bad stuff about the Chrome browser.

It's time you ditched Chrome for a privacy-first web browser by Matt Burgess in Wired (July 2019). Discusses Brave, Ghostery, Tor, DuckDuckGo and two Mozilla browsers.

In June 2019, Firefox added "enhanced tracking protection" by default, but my opinion was formed beforehand. Firefox Now Available with Enhanced Tracking Protection by Default Plus Updates to Facebook Container, Firefox Monitor and Lockwise by Mozilla (June 2019)

Private and Secure Browsers to Keep Your Data Safe by Sven Taylor of Restore Privacy. Created Sept. 2018, Last updated June 2019.

I protected my privacy by ditching Chrome for Brave–and so should you by Michael Grothaus in Fast Company (March 2019)

How I'm locking down my cyber-life by Larry Sanger Jan. 2019

Why I'm done with Chrome by Matthew Green (Sept 2018). Paraphrasing: I've loved Chrome in the past, but, due to Chrome's new user-unfriendly forced login policy, I won't be using it going forward.

Bye, Chrome: Why I'm switching to Firefox and you should too by Katharine Schwab (May 2018). Quoting: "I can't even remember why I decided to use Chrome in the first place. The browser has become such a default for American internet users that I never even questioned it."

Then too, there is the issue of certificate revocation. It is a poorly designed system and does not work very well. But all browsers support it - except Chrome. Chrome does its own thing in this regard and their system only works with a very small number of websites. In contrast, Cloudflare is working to improve this with OCSP Stapling.

 This page: 8 views per day (over 8 days)   Total views: 66   Created: September 18, 2022
This Page
Last Updated

September 19, 2022
Total Site
Page Views

 420,694
Site Page
Views Today

  534
Previous
Website View

1.9 minutes ago
Website by
Michael Horowitz
@defensivecomput
top
Copyright 2019 - 2022