How to choose a browser for everyday use?

Introduction

Let's start with the basics. What is the point of a web browser? Originally, it was to be able to read HTML documents, but since then, the Web has changed massively, and modern browsers need to satisfy more demands. The basic terminal browser - links, w3m, Lynx, elinks - can still be used today to display websites only in text. Actually, elinks supports features that are somehow missing in "modern" web browsers (such as editing cookies, custom stylesheets or keybinding), but in the end, they can all be got back through addons. Maximum of 256 colors, no images, little or no Javascript support, limited CSS support, no loading of non-HTML content such as videos (but can load externally), and no addons make these unsuitable for modern day browsing.

I could mention many other browsers here. Surf is a graphical web browser that has image and Javascript support, but no tabs or an actual user interface. Midori has everything you'd expect from a modern web browser and even includes in-built functionality to replace some of the common addons, but it's not enough. Otter Browser is a promising project with a very nice UI, but has no addon support (so far, though it's planned). Qutebrowser is a keyboard controlled browser that recently added per-domain settings, but they are inferior to uMatrix. Many of its features can be replaced by, again, addons.

One advantage of these niche browsers is that they don't spy on you, but what I've learned from trying probably all of them is that, in the end, addons are essential - especially uMatrix is irreplaceable. So, for a day-to-day browser, you have only two options: Firefox based and Chrome based. Since they all support the same addons (with slight exception in Pale Moon), we will have to use some other criteria to judge these browsers. These consist of usability, privacy, customizability, philosophy, respect for the user, looks, and speed. Let's analyze them one by one:

Firefox based browsers

Mozilla Firefox

There is a long history of anti-user decisions with this one - it's so big I've written a massive article about it and other Mozilla's sins. Briefly, they include removing configuration options, having anti-privacy default search engines, lying about being privacy-based, removing addon compatibility, disrespecting contributors, shoving you targeted advertisements, enforcing usage of certain other software, and many, many others (read the article!). Add to that the slow speed and shitty UI and you have a browser you're never going to want to use. August 2020 update: Mozilla has now clearly ceased caring about technology, but is instead fully focusing on social issues - From combatting a lethal virus and battling systemic racism. As if it wasn't already obvious earlier, they have now thrown out 250 people mostly working on technical stuff such as their rendering engine or browser security. I suspect this is preparation for ceding control of the web browsing ecosystem to Google soon (as predicted in Mozilla - Devil Incarnate, they were always controlled opposition). I doubt any Firefox based browsers will survive this apocalypse, to be honest.

GNU IceCat

Firefox fork from the Free Software Foundation - with a huge focus on freetardism. This means no Flash Player compatibility as well as an annoying LibreJS addon included by default. Older versions had some spyware in there, but 60.2 removed all of it as far as I can see. Some privacy addons are included by default, but you should still use uMatrix - though newbies might like having some privacy built-in. Though it is made by more ethical people, this browser still suffers from many of Firefox' ills - like the shitty UI, slow speed, lack of configuration, deprecated addons etc. All in all, IceCat fixes many Firefox issues but leaves more of them in - and it can't be otherwise since they are fully dependent on Mozilla's decisions in the end. UPDATE: it's fucking August 2020, and the latest release of IceCat is still version 60.7 compared to Firefox 79. Packages for most distros are also not provided, so you'll have to compile. I recommend skipping this one especially in light of the recent happenings at Mozilla.

LibreWolf

LibreWolf is to Firefox what Ungoogled-Chromium is to Chrome. The first version (Librefox) was considered just an "enhanced" Firefox - until it was killed by Mozilla (archive). Some community members revived it as an independent project this time. LibreWolf aims to fix many of the issues vanilla FF has - it will be compiled with no telemetry, Pocket or pulseaudio requirements. All included search engines will be private by default (no big G) and no unsolicited requests will be made. At least, that was the plan but then it died and was inactive for a very long time apparently until now (March 12) - so watch this space for updates! UPDATE April 3: the new appimage release has no problems aside from the lists for uBlock Origin being automatically updated. Clearly nothing compared to what Firefox is doing, but LibreWolf is still dependent on Mozilla - if they start adding more nonsense, removing about:config options, , userchrome.css support, (as they were planning to do), Alsa support, etc. then LibreWolf devs will have to maintain those features themselves, and I doubt they can keep up with such a small dev power. But for now, it is a fine alternative to vanilla Firefox if you really want to base on it. UPDATE August 2020: the dev team admits they have a problem (archive) with Mozilla firing their employees and has doubts about the future of the project.

Waterfox

Another browser pretending to care about your privacy (archive) - We’re obsessed with protecting your privacy. That’s why we’ve made Waterfox Private Browsing more powerful than the others., when in fact Waterfox does nothing whatsoever to protect it and actually spies on you almost as much as Firefox (archive) (it made 109 unsolicited requests upon my run of it). The more powerful private browsing mode is a sham as well - anyone caring about their privacy will not rely on this but install essential privacy addons, so his deceptive claims are designed to lure in newbies only. This browser is completely dependent on Firefox, has its shitty UI and all the other flaws and does not even bother to remove much of the spyware. It's also run by a single developer (who is also a liar and hates privacy as proven above) so you don't know how long it will keep going. There are some positives, however - Waterfox is the only browser out there to support both XUL and WebExtensions, as well as NPAPI plugins. Still, due to all the other issues, this browser should be ignored. UPDATE FEBRUARY 2020: yet another reason to avoid Waterfox - it's been sold to an advertising company (archive), the same one that claimed StartPage.

Summary

Firefox is absolutely terrible and its forks have not much to be proud of either, as we can see. Though some of them do remove (some or all of) the spyware problems, they either add their own or have some other issues, like IceCat's incompatibility with Flash Player and lack of updates, or Waterfox' shady ownership. LibreWolf, the only project with actual potential, has been abandoned resurrected, but still only a few people are involved. The other, more important reason to avoid Firefox-based browsers is that they are all still dependent on the evil Mozilla. If they ever officially cede control to Google (as is already happening in all but name [archive]) - the whole Internet will be pretty much taken over by an even more evil corpo. I have predicted this in the report above, but it was somewhat speculative at the time. Now, it's pretty much a certainty it will happen in a few years. UPDATE August 2020: Mozilla is self-destructing (see above) so a Google owned web might soon become a reality. Knowing this, it is obvious Chrome forks can't be any better, but let us check them out anyway:

Chrome based browsers

Google Chrome

A massive platform dedicated entirely to data collection (archive)...but at least it doesn't pretend to be something else, unlike Firefox. Shitty "modern" UI (like Firefox), lack of customizability (no in-built proxy settings, even?), little in-built features, slow, dependent on the evil Google company...Avoid like the plague.

Iridium Browser

Billing itself as A BROWSER SECURING YOUR PRIVACY. THAT’S IT, it actually fulfills the claim aside from a few spyware issues still left in. Specifically, your private Iridium Browser will make a connection to Big G every 30 minutes to download their Safe Browsing database - what a joke. The devs have reacted dismissingly (archive) to the issue, plus have sneakily added more recent spyware (archive) - so I don't think they're to be trusted. Iridium has a hasn't been updated in a long time (it's August 2020, but the last release is from April based on Chromium 81 - compared to Ungoogled-Chromium's 84). There's no AppImage or portable build, making installation a bigger problem. This was my browser of choice for a long time (until I found the one below), but it doesn't do anything aside from disabling automatic connections - and not even all of them, at that. If you want a private Chrome based browser, this one is a much better choice:

Ungoogled-chromium

Unlike Iridium, Ungoogled-Chromium actually disables all automatic connections and other Google integration. The dev is also a really nice and skilled guy (at least he doesn't have a problem with people reporting stuff - unlike Pale Moon, or worse - Mozilla). However, keep in mind the Chromium codebase is massive, and it's doubtful this single guy can keep up for long (then again, he does lift patches from other similar projects such as Bromite, and has a helpful userbase). He's doing better than the Iridium team, though - with his browser being much more up to date. In the end, Ungoogled-Chromium is still just a bunch of bandages applied to Chromium, and keeps Uncle G in control of the Web. There's not any real features added beyond the privacy fixes and a few CLI options (archive). Still, it is surely the best Chromium fork out there if a Google monopoly doesn't bother you. The packages are available only for a few distros (plus Windows and Mac), but fortunately, there's an AppImage as well as a portable build that work everywhere.

Brave Browser

This browser has made waves thanks to its built-in privacy protections - such as AdBlock, HTTPS everywhere and script blocking - but in the end, they are outclassed by uMatrix. More than that - after checking them out, I can confidently say the Shields are pretty useless - the vast majority of trackers are left alone; in fact, sometimes it seems that a site can have hundreds of them, and yet none of them will be blocked by the Shields. Script blocking option simply blocks JavaScript fully - it's just NoScript revisited. Brave used to be able to install Chrome extensions only from source, but now does it the same as the other Chrome based browsers. Despite those, it not only spies on you (archive) but is actively working against your privacy by whitelisting Facebook and Twitter trackers. Brave has also been soliciting donations in the name of other people without their consent!

Here (archive) is a thread discussing the issue. UPDATE August 2020: since I wrote this, more shady shit from these guys has surfaced. For example, not only do they have sponsored backgrounds (recall Mozilla's Directory Tiles?) in their New Tab page but they were also earning big money from the included affiliate links without telling you (this is illegal and they've locked the convo as expected)! More recently, they were caught rewriting typed web addresses to add referrals for various partners. Brave Browser also has auto-updates (archive) that cannot be disabled which is extremely malicious (complete with a closed topic, of course - in a Mozilla-esque fashion). The only real reason to use Brave is their so-called Brave Rewards program with which you can earn their Basic Attention Tokens in exchange for watching ads (displayed as system notifications). Here's the catch: to pay out their BATshit tokens, you need an account on Uphold, whose Privacy Policy states this:

To verify your identity, we collect your name, address, phone, email, and other similar information. We may also require you to provide additional Personal Data for verification purposes, including your date of birth, taxpayer or government identification number, or a copy of your government-issued identification

Facebook tier surveillance. But wait, it's not over:

We may obtain information from affiliated and non-affiliated third parties, such as credit bureaus, identity verification services, and other screening services to verify that you are eligible to use our Services, and will associate that information with the information we collected from you.

They will also stalk you all over the Internet to try to find already existing information. There's still more violations coming, so sit back and watch:

Uphold uses Veriff to verify your identity by determining whether a selfie you take matches the photo in your government-issued identification. Veriff’s facial recognition technology collects information from your photos that may include biometric data, and when you provide your selfie, you will be asked to agree that Veriff may process biometric data and other data (including special categories of data) from the photos you submit and share it with Uphold. Automated processes may be used to make a verification decision.

As soon as I think I've found the biggest privacy violator possible, the cold hammer of reality strikes that stupid idea right out of my skull. Anyway - again - the only way to pay out BATshit tokens is by using this service. Even then, you can only do it once a month and Brave still swipes 30% (archive) of it - You’ll earn 70% of the ad revenue that we receive from advertisers. This is portrayed as a way of revolutionizing the Internet ad industry - the middlemen and platform operators capture most of today’s ad revenue, while creating malware distribution and ad fraud opportunities. Brave Rewards upends this broken system and provides a new way forward for creator support. However, the real revolution will happen when the whole ad business model is dead and buried, or even better - when content creators don't need to worry about "earning a living" because the capitalist monster has been slain or at least put on a leash. For now, you can just support the sites you like directly with Bitcoin, anonymously and on your own terms. All you need is a wallet and a person you want to donate to (I have an address at the top of the page ^_^). Anyway, at the beginning I was way too forgiving for Slave (certainly nothing Brave about it) Browser - let it rot along with all the scams they're pulling.

Dissenter Browser

This Brave fork was whipped out in literally a few days in response to the recent wave of censorship from Twitter, Facebook, Mozilla etc. Its claim to fame is being integrated with the Dissenter extension (banned from Firefox's and Chrome's extension stores (archive)) which allows you to comment on any article from any website, bypassing their censorship policies. Quite handy. To use it, however, you need to sign up for their social network, which requires ReCaptcha (devs have dismissed the issue (archive)). Then, to post a comment, you of course have to share the site you're on with Dissenter, which, if used extensively, could build quite a profile of your browsing history. Who's to say they won't run away with all that data then? Their privacy policy (archive), consisting of one fucking sentence says literally nothing about what they collect and share, so you might assume it's everything with whoever. As for the browser, it contains the usual Brave shit like Shields, whitelisted trackers and safebrowsing. In addition to those - whenever you open a new tab, Dissenter will connect to a bunch of news sites and youtube, as well as clearbit to download their icons; fortunately, this can be disabled. Their site is also cloudflared, which means all your history and comments will be shared with the evil tech giant (archive), MITMing from the shadows. All in all, this browser is just a fad riding on the current anti-censorship climate. In fact, I'd say it's very likely a honeypot designed to collect the browsing and comment history from as many people as possible and share them with the great centralizer (Cloudflare), to help eventually create an Internet that is fully controlled by the elites. The idea is nice (and I hope someone worthy repeats it) but the execution could not have been worse. Run the fuck away faster than you would from an angry, rabid dog! Speaking of dogs, the Spyware Watchdog has an in-depth review of some other issues with Dissenter.

Opera

Used to use a custom engine and was highly praised by the users, but after switching to Blink (Chrome engine) it dropped most of its features and left waves of dissatisfied users. A few years later it was bought by a Chinese company which put the final nail in its coffin. Forget about its bullshit marketing talk such as Now with a built-in ad blocker, battery saver and free VPN. Opera heavily spies on you (archive), including on your whole browsing history. Integrated by default with spyware platforms such as Facebook, WhatsApp (owned by FB), and Telegram (apparently insecure according to the cryptographers). The VPN is very likely a Chinese honeypot and uMatrix outclasses all adblockers. Though it has some nice features like mouse gestures and automatic currency conversion, there's not much reason to use nuOpera over the other Chrome forks. Avoid.

Vivaldi

UPDATE: it's August 2020, and nothing has changed for Vivaldi. It's still the most featureful browser out of the box (mouse gestures, screenshots, web panels, notes...) and boasts massive amounts of customizability (in regards to tabs, bookmarks, keyboard shortcuts that no other browser can change by default). However, it also still includes a bunch of spyware such as Google SafeBrowsing and auto-updates. But their most egregious way of privacy violation is this:

When you install Vivaldi browser (“Vivaldi”), each installation profile is assigned a unique user ID that is stored on your computer. Vivaldi will send a message using HTTPS directly to our servers located in Iceland every 24 hours containing this ID, version, cpu architecture, screen resolution and time since last message.

The above cannot be disabled even if you're a programming ninja - because Vivaldi's source code is unavailable! Their New Tab page is filled with various partners' websites by default, including violators such as YouTube and Amazon - though you can fortunately remove those. The default search engine is the anti-privacy Bing. Tracking protection is included but it's off by default. It doesn't seem as if Vivaldi cares about privacy too much - it's also closed source. The only saving grace is the massive amount of features, which is of course significant - but most of those can be replaced with extensions on browsers that support them. There also comes a point where a piece of software is trying to do too much - and Vivaldi might have crossed that bridge already. But at least it's something different compared to all the browsers that are bare-bones.

Summary

The situation with Chrome forks is better than Firefox ones - there's more of them and they are more commonly updated. We've got more variety in terms of features, included addons, looks, philosophies, etc. But something seems to be missing. The ones with more features introduce their own problems such as custom spyware, false advertising, lack of ethics, even less speed, or crashes. The ones removing all the spyware don't introduce anything new. And they all still rely on the Blink engine (and thus Google). And since Google keeps including anti-user changes (archive), the forks will have to remove / modify those in the code, which some of the smaller teams might not be able to eventually keep up with. Is that it? Are we really stuck with desperately trying to patch up the big corpo abominations?

The Fallen Hero - Pale Moon

It used to be fucking good - and still has several advantages over FF / Chrome such as independent development, lack of some antifeatures, less vulnerabilities, XUL addons support, better UI, smaller codebase, and more customizability. However it recently went off the deep end so much that I cannot in good conscience call it an "alternative" to anything anymore. Let me give some examples:

And with that, it's obvious that Pale Moon is a sinking ship. A few months ago I've said that the browser is in the beginning stages of degradation. Now, the stage is clearly advanced, the cancer has metastasized and cannot be removed anymore. Pale Moon has become exactly what they've fought against for so long - Mozilla-lite. It's still a good enough piece of software (and the only decent one for browsing the modern web) - but one I cannot recommend anymore due to violating the most important principles (which for years have defined it). So what do we do now that the giant has commited suicide?

Web Browser

If you're worried about Pale Moon's issues, know that one of our community chatroom members is developing a fork called Web Browser that is focused on stability, privacy and customizability even more so than its predecessor. Pale Moon still has auto-updates, OCSP and a few other unsolicited requests by default - as well as an extension blocklist. Web Browser either lacks PM's issues (no automatic connections or an extension blocklist) or is in the process of fixing them (using system libraries instead of bundling your own, disabling WebAssembly by default). There's a NixOS package and a SlackBuild (archive) with support for other operating system coming soon (or you can compile from source). The guy is looking for additional developers, so go check the project out if you want to help.

What's wrong with auto-updates?

There is everything wrong with autoupdate, basically you are giving whoever controls the updates full control over your software and data, with autoupdates it is possible to: Autoupdate has always been used for bad, its purpose was always to take control away from the user, updating should ALWAYS be a choice.

Source: Nanon - hope he doesn't mind me reposting this. And let me add modifying user settings to the list of auto-update issues - something which Firefox has done many times, for example.

Summary

Pale Moon is still the only decent way to browse the modern web that's actually relevant - but it's slowly rotting from the inside. Firefox is dying and will soon bring down all its forks alongside itself, surrendering the Web to Google whose abomination of a browser is just as worthless. Promising projects such as Otter Browser or suckless surf suffer from small dev teams, no / low addon support and don't have their own engines - so depend on Google / Apple, anyway. The only reasonable choice is Pale Moon until Web Browser gets more support. Or, just try wean yourself off the modern web by sticking to websites such as the ones on Neocities, wiby.me, etc. which are functional in NetSurf or terminal browsers. I hate to kill the positivity of yet another summary, but if reality forces me to - what can I do?

Back to the front page