Avoid The Hack: 6 Best Privacy Browser Picks for Linux and macOS
This post was originally published on 16 MAR 2021; it has since been updated and revised.
Many of the suggestions here are compatible with both Linux systems and macOS operating systems; users may also find similar suggestions found elsewhere on Avoid the Hack.
The browsers listed here are all open-source, regularly updated, and are out of beta. These browsers also provide customization options and do not phone home browsing activity or assign unique identifiers for telemetry purposes.
- Highly customizable
- Total Cookie Protection by default
- WebRTC can be disabled inside settings
If you're on a Linux-based system - especially a Debian variant - you might find Firefox pre-installed on your operating system. To "harden" Firefox, refer to the avoidthehack Configuring Firefox for Privacy guide.
Firefox has been around for a long time. It is tried, true, and tested in many ways. It has consistently proven reasonably fast, reliable, and secure.
Firefox is one of the few noteworthy browsers with a significant "enough" share of the browser "market" that doesn't rely on Chromium for its engine. Firefox runs on the Mozilla-developed Gecko Engine; as of 2016, with the introduction of Firefox Quantum, Rust is used in the source code.
Many tweaks, both basic, and advanced, should be made before Firefox can be considered a private browser. While vanilla - or otherwise un-configured - Firefox is arguably better for privacy than Google Chrome or Microsoft Edge, Firefox doesn't come especially configured for optimal (or maximum) user privacy out-the-box.
Unlike some more private forks derived from the Firefox source code, even with privacy tweaks, Firefox still has support for DRM content and components for users with the need to play/run DRM content. Users may also experience less breakage in some instances.
- Pre-hardened fork of Firefox
- No telemetry
- Extension firewall
- uBlock Origin pre-installed
LibreWolf is a community-driven Firefox fork that focuses on privacy and security; specifically, its goal is to put "user privacy, security, and user freedom first." It's the successor to the now defunct Firefox fork, LibreFox.
LibreWolf strips all Mozilla telemetry and Mozilla-dependent services from the Firefox source code.
LibreWolf comes with many of the privacy and security-related about:config settings already tweaked out-of-the-box, making it more universally user-friendly - less settings for the average user to tweak for better privacy.
Some privacy-related enhancements LibreWolf offers include:
- Removal of Google Location Services
- Removal of Google as a search option
- An extension firewall where extensions are limited in their abilities to initiate their own network connections
- Resists common fingerprinting techniques out-of-the-box
- Disables the saving of login information
- Offers private search engines, such as Searx, to use by default
LibreWolf appears to keep up with the latest stable Firefox source code. Despite the developers' impressive speed of releasing new versions, note that Librewolf is not affiliated with Mozilla.
- Forked from the Tor browser
- Highly resistant to fingerprinting
- uBlock Origin pre-installed
- No telemetry
In April 2023, Mullvad VPN announced it had collaborated with the developers of the well-known Tor browser to develop the Mullvad browser. According to Mullvad VPN, Mullvad browser is designed give users more options for privacy-oriented browsers.
Mullvad browser is the Tor browser without the Tor Network and instead of using the Tor Network, is designed to be used with a trustworthy virtual private network (VPN).
Similar to the Tor browser, the Mullvad browser provides solid tracking and fingerprinting protection. Mullvad browser removes all telemetry and enables private browsing by default. uBlock Origin comes pre-installed as the default ad/tracker blocker.
- Native adblocker
- Proxied Google services (Brave services)
- Good out-the-box privacy
As of writing, the Brave Browser is the de-facto recommendation for a Chromium-based alternative privacy-oriented browser that has decent privacy straight out-the-box.
Brave is an open-source privacy-oriented browser first launched in 2016. It is maintained by the Brave company, which of itself has a handful of privacy-related scandals. However, this browser mostly delivers on its privacy promises.
Brave has a native adblocker ("shields") enabled by default. Brave proxies all/any requests to Google, effectively substituting Google Services with "Brave Services." For example, when "Safe Browsing" is enabled, Brave proxies the request to the Google Safe Browsing service.
While Brave engages in telemetry, it can be disabled. Brave also has an opt-in rewards program, though this rewards program is controversial, so user discretion is advised prior to opting in.
- Removes Google services from source code
- No Telemetry
- No DRM plugins/components
This is mainly an option for slightly more savvy users who want to opt-out of using the Brave Browser.
Ungoogled Chromium is a fork of the Chromium project and is a de-googled version of Chromium.
(Chromium is the open-source framework developed and mostly maintained by Google. It is also the same code base regular Google Chrome is derived.)
Ungoogled Chromium strips Google components, plugins, and services from the source code, preventing the browser from directly communicating with Google's servers.
This browser has no default for search providers and is set to automatically wipe browsing sessions between uses.
Ungoogled Chromium is compatible with most Chromium-based extensions - extensions can be installed manually without signing into the Chrome Web Store.
Falkon (Linux Only)
- Native adblocker
- Uses QtWebEngine
- Lightweight footprint
Falkon is a unique browser not powered by the Chromium or Gecko engines; Falkon uses QtWebEngine as its rendering engine, which is open-source. Falkon is primarily developed and maintained by the KDE community.
QtWebEngine does use upstream code from the Chromium project, but removes binaries and Google-related services. It builds from different compilers than Google and uses other system libraries.
Falkon has a lightweight footprint and includes a build-in tracker plugin enabled by default. This native adblocker uses the same standard blocking lists as uBlock Origin; the adblocker can use custom blocking lists as well.
Falkon is available for download via Flatpak. It can also be built from source via its repository on GitLab.
Using Tor for anonymous browsing
While the browser suggestions in this post provide better privacy, they don't necessarily provide anonymity. For anonymous browsing, users should use the Tor browser.
The Tor browser is configured to run on the Tor network. At its most basic, the Tor network routes user browsing traffic via at least three (3) hops before hitting an exit node and connecting to the destination.
The Tor browser is also highly resistant to many fingerprinting techniques; it's designed to prevent users from standing out amongst each other - like blending into a crowd all wearing the same color. uBlock Origin is installed and enabled by default
A word on Safari (macOS only)
If you're a macOS user, then you already know that Safari is the default browser for your Mac; much like Edge is the default browser for Windows machines.
While Safari has a very minor leg up on privacy from Microsoft Edge, Safari can be "tweaked," it has a fairly low ceiling; Safari does little for combating fingerprinting.
As of late 2021, WebKit (Safari's engine) is open-source. This does not make Safari an open-source browser, but it paves the way for developers to create a privacy-oriented browser fork using the same engine powering Safari.
Safari, like Edge and Chrome, does phone home to Apple. Apple claims collected data is anonymized, but as with most closed-source software, these claims aren't easily verified.
Officially, Apple's Safari hasn't been released for Linux distros despite macOS and Linux both deriving from UNIX. But again, since WebKit has officially become open source, perhaps this could change in the near future.
Generally, it is better to use a privacy-oriented browser recommended here in most cases, for most users.
Criteria for private browser recommendations
At a minimum, to be listed as a recommendation on avoidthehack, privacy-oriented browsers must:
Given the modern state and role of the browser, browsers should be open-source to promote transparency above all else. Open-source browsers also promote customization in the form of building from source and/or forking as a default.
With that said, browsers forked from Firefox’s Gecko engine are preferred over Chromium forks.
Browsers are often exploited (frequently using zero-days) as it is probably the most commonly used application/program on any given end-user device. Browsers listed here have timely updates to at least patch the latest vulnerabilities. This is especially important for forked browsers, which must keep up with the upstream to remain up-to-date with security patches.
Out of alpha or beta stages
Many browsers in alpha or beta stages are buggy or require additional attention to work properly. Additionally, a lot of browsers remain in a perpetual alpha or beta stage, never making it to a suitable release version.
The “best” privacy-oriented browsers provide a wealth of customization options inside the browser - without the help of extensions or add-ons - itself.
Customization allows users to tailor the browser to their wants and needs; customization in this aspect should allow for users to modify privacy-related settings, such as opting out of telemetry.
Naturally, customization is limited by the platform (operating system) on which a browser installation lives; across different operating systems, customization is relative.
Engage in limited telemetry or data collection
Browsers should not phone home any browsing related activity.
As for telemetry specifically, the browser should 1) allow users to opt-out of telemetry completely and 2) anonymize all information collected via telemetry. Browsers should not assign “unique IDs” or derive any hard to change information such as hardware UUIDs to phone home to remote servers.
Linux has come a long way in recent years; there are no shortage of browsers that you can use across many of the most popular distros.
Of all these browsers available for Linux, naturally you have a smaller amount that are truly privacy oriented. However, Linux users certainly have options - in fact, some of these options aren't even available to macOS or Windows users.
On Linux, it is imperative that you pick a privacy browser that runs well on your system configuration/Linux distro.
As always, stay safe out there!