STOP! This article is outdated. See my newest article about browser security for updated information.
Your Internet browser is the lid on Pandora's box. A window to the madness of cyberspace. Visit the wrong website, click the wrong link, download the wrong file, and you'll find out how effective that window is at protecting you.
When activated, Private Browsing on Safari prevents your browsing history from being kept in the history tab of the application. Along with this, it doesn't autofill information that you have saved in the browser. In this mode, you essentially become incognito and any references of previous use is essentially hidden when you are in private mode. Safari is the only major browser without data execution prevention, which helps prevent buffer overflows, says Roger Grimes, a product reviewer for sister publication InfoWorld.
The trouble with this article
- If you choose to use Safari, you're in safe hands as long as you're using an Apple device. But Safari only works on Apple devices, whereas Firefox works on Windows, macOS, iOS, Android and Linux. So no matter what operating system you choose, Firefox has you.
- There have been loads of reports from different security agencies, that Safari would be unsafe. But loads of these stories are proof of concepts and your unlikely to encounter. Some of these 'exploits' are no actual exploits.
Is Safari Safe To Use Ipad
The true security differences in these browsers are nitpicky. I can safely recommend using any browser in this roundup (except for Safari on Windows) because the differences don't mean a whole lot as long as you practice good security habits.
This is a high-level overview, based on 1) others'research, 2) the averaged scores from the Browserscope project, and 3) my own experiences with clients and colleagues.
I should point out that the Browserscope project is not a good standalone comparison of which browser is the safest. It merely analyzes a certain 'class' of attack vectors. There is much more to browser safety than a number can tell you.
And keep in mind this is not a completely scientific comparison. It's not really possible to pick a 'most secure' browser since all browsers have their strengths and weaknesses.
Which Browser is the Most Secure and Private?
Google Chrome
Chrome is typically the most highly regarded for security. That sentiment is based in large part on a 2011 study which was funded by Google themselves, as it so happens. A lot has changed since then, though Google appears to be staying on top of things pretty well. Its Browserscope tests are by far the highest in this roundup. It also has the second highest malware detection rate, right behind IE.
My biggest issue with Chrome is the fact that it's developed by Google. Google makes their billions by knowing what you do, where you are, what you buy, and what type of hemorrhoid cream you prefer. Seriously, they want to know everything about you and giving us a browser on our computer is the absolute best way to get that information. That makes Chrome a huge privacy risk in my opinion. And because it's not entirely open source, we can't look inside and see how it works.
Chrome Summary
- Security: Very good
- Privacy: I have my doubts
- Browserscope score: 16/17
Mozilla Firefox
I like Firefox the most – it's my preferred browser. I wouldn't put it's security in the same class as Chrome, but it's certainly not without its own strengths. For instance, it handles SSL certificate revocation extremely well, better than any other browser.
Part of what makes it so popular is the small footprint. It's lighter-weight than its competitors, not bundling things like Adobe Flashplayer in case you don't want it. Overall, that means fewer features and less code, which presents less of an attack surface for bad guys to latch onto.
My favorite thing about Firefox is its privacy. The source code is available for perusing, meaning anyone can crack it open and see its programming. Firefox is the only browser that is fully open source. This is extremely good from a privacy standpoint because no one can hide stuff in there that we don't want (like tracking software). Firefox's development community (known as 'Mozilla') is a non-profit organization that exists simply to produce free quality software. That puts me at ease, knowing that Firefox is not being used as part of a larger financial agenda.
Firefox Summary
- Security: Good
- Privacy: Very good
- Browserscope score: 12/17
Microsoft Internet Explorer
IE probably has the worst reputation for security. Unfortunately for them, that reputation isn't entirely warranted these days but the stigma remains. The worst security issues are with older versions, like version 6 and 7. As long as you're using version 10 or greater, you can avoid the worst problems. Microsoft has made a lot of improvements over the years.
For instance, IE has the highest detection rate of malware. That means it's the best at keeping you from accidentally getting infected through web browsing.
However, some strange issues still remain. Like how they provide the manual ability to fake EV certification, and how they messed up the implementation of Java so that it's very difficult to completely disable the plugin.
Video pro com. Not to mention, there have been plenty of severe vulnerabilities exposed in its programming over the years. Far more than any other browser. Which makes using IE a rather dubious affair when you're always wondering what else they've messed up.
Additionally, IE is completely closed source. Considering that we now know Microsoft has been targeted by the NSA spying efforts, all bets are off. We don't know what they may have been coerced into putting in their browser.
IE Summary
- Security: Okay
- Privacy: Maybe okay, but assume it's not
- Browserscope score: 11/17
Opera
Opera is the quiet guy who sits in the corner minding his own business and likes it just fine, thank you very much. It has a pretty good reputation for security (though, I should mention that the underdog usually has the loudest voice of dedicated followers). I do like Opera, and for being the little guy, it's doing things really well. But based on it having the lowest Browserscope score of the bunch (by a significant margin), I feel like I need to dock it a few points.
Opera does have a reputation of patching security vulnerabilities faster than the big guys, and it's also been known to adopt some new security features first, before anyone else.
However, Opera is completely closed source so no one but the development team knows what goes into it. Their market share is so small that we could probably assume they don't have an agenda or are being pushed by someone who does. But who knows in this crazy world? It's not a bad browser and it does a lot of things well. In spite of its shortcomings, I wouldn't hesitate to recommend it.
Opera Summary
- Security: Good
- Privacy: Probably okay, but we can't know for sure
- Browserscope score: 8/17
Apple Safari for Windows
Safari on Windows is no longer supported. The latest version available is 5.1.7 from May 2012. It is no longer getting security updates and therefore you shouldn't use it on Windows.
On Mac, it's another story. Safari is still a good choice if you're using OSX. It has a good reputation for security and is one of the earlier adopters of new features. Privacy, on the other hand, may be an issue. We don't know if Apple has cooperated with the NSA spying efforts, but being as big as they are, I'm playing the safe side and just assuming they have.
Safari Summary (on Mac only)
- Security: Good
- Privacy: Maybe okay, but assume it's not
- Browserscope score: 13/17
Browser Comparison Chart
| Browser | Security | Privacy | *Browserscope |
|---|---|---|---|
| Chrome | Very good | Serious doubts | 16/17 |
| Firefox | Good | Very good | 12/17 |
| IE 10+ | Okay | Maybe okay | 11/17 |
| Opera | Good | Probably okay | 8/17 |
| Safari (Mac only) | Good | Maybe okay | 13/17 |
*The Browserscope score is the averaged security scores for each browser family up to the time of this writing.
Which Browser Should I Use?
Chrome is probably the marginal winner in security. Of course it's not always so cut and dry. As stated, I actually use Firefox. I believe it has the best security/privacy combo in this roundup. It's also much cleaner and easier to use, and better at rendering pages, in my opinion. And based on my safe browsing habits, it does not concern me enough to change.
If you have no issues with Google knowing even more about you than they already do, or you prefer Google's interface, then I suggest Chrome because they have the resources and expertise to make a good, secure product. Or if you'd rather support the little guy, Opera is also a good choice.
Do not use Apple Safari on Windows. It is no longer secure. However, on Mac, it's a good option.
I would suggest staying away from Internet Explorer whenever possible. If you regularly practice good security habits, it shouldn't be too big of a problem. It's just my recommendation. There are plenty to choose from. Why choose the worst out of the bunch?
In the end, your security is based mostly on your behavior. No browser can always protect a user who's browsing habits are unsafe. As always, practice good behavior, no matter what browser you're using.
Related Articles
There's $20B in buyer demand for technology M&A. Where's it going?
Our Technology M&A: 2021 Outlook gives owners, founders and entrepreneurs insight into why e-commerce is dominating technology acquisitions, what this means for multiples, when investors are looking to allocate capital and more. Download now.
An option in Apple's Safari browser that's supposed to protect Web surfers from malicious sites has raised privacy concerns in some quarters.
The option, called 'safe browsing,' is turned on by default. Depending on where an Apple device is registered, the browser could be sending IP information to Tencent, a conglomerate with close ties to China's government.
Apple offers the following explanation in Safari's settings section: 'Before visiting a website, Safari may send information calculated from the website address to Google Safe Browsing and Tencent Safe Browsing to check if the website is fraudulent.'
That should concern consumers, maintained law professor Joel R. Reidenberg, founding academic director of the Center on Law and Information Policy at Fordham University School of Law in New York City.
Call of duty next release. 'Safe browsing should not only mean you're protected from visiting websites that are dangerous, but that your privacy is safe, too,' he told TechNewsWorld.
'The way this is structured, that's not going to be the case,' Reidenberg continued. 'The fact that browser history information is going to a Chinese company that may or may not be giving access to that data to the Chinese government is something that should raise a series of red flags from a security standpoint in the United States.'
Value of Browser Histories
A person's browser history can reveal valuable data, noted Matthew Green, a professor specializing in cryptography in the computer science department at Johns Hopkins University in Baltimore, Maryland.
'If I were browsing websites of interest to the Chinese government, these systems could leak that information to Tencent,' he told TechNewsWorld.
Browser information also could be valuable to intellectual property thieves.
'Someone in an American company might be doing research on an innovative product. That browser history information now goes to Tencent, which gives Tencent information about the innovation in that U.S. company,' Reidenberg explained.
'There's no reason to believe the Chinese government cares about this information right now, is going to use this mechanism, or doesn't have other ways to acquire it, but it's another way they can use to surveil people, if they chose to,' he pointed out.
'There are some pretty vulnerable people in China right now, people not being treated particularly well by the government,' Reidenberg said. 'This could be another path by which those people's private browsing history could become available to the state. I think that deserves a little more thought than I've seen from Apple.'
OK Privacy
Apple did not respond to our request to comment for this story, However, in a statement to iMore, it explained that when the Fraudulent Website Warning feature is enabled, Safari checks the website URL against lists of known websites and displays a warning if the URL the user is visiting is suspected of fraudulent conduct like phishing.
'To accomplish this task, Safari receives a list of websites known to be malicious from Google,' Apple's statement says, 'and for devices with their region code set to mainland China, it receives a list from Tencent. The actual URL of a website you visit is never shared with a safe browsing provider and the feature can be turned off.'
Browser information also could be valuable to intellectual property thieves.
'Someone in an American company might be doing research on an innovative product. That browser history information now goes to Tencent, which gives Tencent information about the innovation in that U.S. company,' Reidenberg explained.
'There's no reason to believe the Chinese government cares about this information right now, is going to use this mechanism, or doesn't have other ways to acquire it, but it's another way they can use to surveil people, if they chose to,' he pointed out.
'There are some pretty vulnerable people in China right now, people not being treated particularly well by the government,' Reidenberg said. 'This could be another path by which those people's private browsing history could become available to the state. I think that deserves a little more thought than I've seen from Apple.'
OK Privacy
Apple did not respond to our request to comment for this story, However, in a statement to iMore, it explained that when the Fraudulent Website Warning feature is enabled, Safari checks the website URL against lists of known websites and displays a warning if the URL the user is visiting is suspected of fraudulent conduct like phishing.
'To accomplish this task, Safari receives a list of websites known to be malicious from Google,' Apple's statement says, 'and for devices with their region code set to mainland China, it receives a list from Tencent. The actual URL of a website you visit is never shared with a safe browsing provider and the feature can be turned off.'
While it's true the actual URL of a visited site isn't delivered to a safe browsing provider, a determined provider could reconstruct the URL.
Safe browsing wasn't designed to provide total privacy to users, but to degrade the quality of the browsing data that providers collect by using a system of hashed prefixes to disguise the actual URLs, Johns Hopkins' Green explained in an online post.
Is Safari Safe To Use
Google has the compute power to reverse engineer the degraded URL data, he noted, but it's unlikely the company would do it -- or if it did, a whistleblower would expose it.
'But Tencent isn't Google,' Green wrote. 'While they may be just as trustworthy, we deserve to be informed about this kind of change and to make choices about it. At very least, users should learn about these changes before Apple pushes the feature into production, and thus asks millions of their customers to trust them.'
More Info Needed
Consumers concerned about the threat to privacy posed by safe browsing can turn it off in the privacy and security section of Safari's settings. However, that means protection from malicious websites will be turned off, too.
'You have to know about it to do it,' Green said in an interview. 'It needed a little more advertising, publicity and documentation than it got, which was nothing.'
Is It Safe To Use Safari On Windows 10
Another alternative is to use a browser other than Safari. The problem there, though, is that when a Web page is viewed in an app, it's displayed in something called 'Safari View Controller' instead of the third-party browser. The same is true for tapping links in apps. So it's difficult to avoid Safari entirely.
The safe browsing flap is another example of data collectors obscuring what they're doing with user's data.
'Apple pushes out these features that have a huge impact where data goes, and doesn't advertise what's happening or who's the recipient of the data,' Green observed.
Losing Credibility
'TheseIt's very difficult for a user to know how significantly their privacy is going to be compromised by the tech company whose products they're using.'
Since privacy and security are being touted mightily by Apple, the safe browsing fuss could undermine the company's credibility in some consumer's eyes. 'It certainly contradicts the image they're trying to put forward,' he noted.
It also seems to be part of what could be a worrisome pattern for Apple.
'At the very least, they don't speak up about privacy concerns when it comes to China,' Green said.
'You can't have a company that behaves one way regarding privacy in America and then behaves very differently overseas,' he added. 'They may not have a choice in China, but at the end of the day, they have to be honest about the differences in their approach. If they can't be honest about that, how can we trust them?'
The safe browsing problem is just part of a larger one that's going to be a lot tougher to solve than toggling a virtual switch on an iPhone.
'Right now, we have an ecosystem that puts a premium on surveillance,' Reidenberg observed. 'There are features and products to hinder that surveillance, but there are also core features -- like safe browsing -- with privacy compromises baked into them.'
John P. Mello Jr. has been an ECT News Network reporter since 2003. His areas of focus include cybersecurity, IT issues, privacy, e-commerce, social media, artificial intelligence, big data and consumer electronics. He has written and edited for numerous publications, including the Boston Business Journal, the Boston Phoenix, Megapixel.Net and Government Security News. Email John.
