mirror of
https://github.com/privacyguides/privacyguides.org
synced 2024-12-01 07:23:30 +01:00
174 lines
11 KiB
Markdown
174 lines
11 KiB
Markdown
---
|
||
title: "Mobile Browsers"
|
||
icon: octicons/device-mobile-16
|
||
---
|
||
These are our currently recommended mobile web browsers and configurations. In general, we recommend keeping extensions to a minimum; they have privileged access within your browser, require you to trust the developer, can make you [stand out](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint), and [weaken](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ) site isolation.
|
||
|
||
## Android
|
||
|
||
On Android, Firefox is still less secure than Chromium-based alternatives: Mozilla's engine, [GeckoView](https://mozilla.github.io/geckoview/), has yet to support [site isolation](https://hacks.mozilla.org/2021/05/introducing-firefox-new-site-isolation-security-architecture) or enable [isolatedProcess](https://bugzilla.mozilla.org/show_bug.cgi?id=1565196).
|
||
|
||
### Tor Browser
|
||
|
||
!!! recommendation
|
||
|
||
![Tor Browser logo](assets/img/browsers/tor.svg){ align=right }
|
||
|
||
**Tor Browser** is the choice if you need anonymity, as it provides you with access to the Tor Bridges and [Tor Network](https://en.wikipedia.org/wiki/Tor_(network)), along with settings and extensions that are automatically configured by the default security levels: *Standard*, *Safer* and *Safest*.
|
||
|
||
The Tor Browser is designed to prevent fingerprinting, or identifying you based on your browser configuration. Therefore, it is imperative that you do **not** modify the browser beyond the default [security levels](https://tb-manual.torproject.org/security-settings/).
|
||
|
||
[:octicons-home-16: Homepage](https://www.torproject.org){ .md-button .md-button--primary }
|
||
[:pg-tor:](http://2gzyxa5ihm7nsggfxnu52rck2vv4rvmdlkiu3zzui5du4xyclen53wid.onion){ .card-link title=Onion }
|
||
[:octicons-info-16:](https://tb-manual.torproject.org/mobile-tor/){ .card-link title=Documentation }
|
||
[:octicons-code-16:](https://gitlab.torproject.org/tpo/applications/fenix){ .card-link title="Source Code" }
|
||
[:octicons-heart-16:](https://donate.torproject.org/){ .card-link title=Contribute }
|
||
|
||
??? downloads
|
||
|
||
- [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=org.torproject.torbrowser)
|
||
- [:pg-f-droid: F-Droid](https://guardianproject.info/fdroid/)
|
||
|
||
### Brave
|
||
|
||
!!! recommendation
|
||
|
||
![Brave logo](assets/img/browsers/brave.svg){ align=right }
|
||
|
||
**Brave Browser** includes a built-in content blocker and [privacy features](https://brave.com/privacy-features/), many of which are enabled by default.
|
||
|
||
Brave is built upon the Chromium web browser project, so it should feel familiar and have minimal website compatibility issues.
|
||
|
||
[:octicons-home-16: Homepage](https://brave.com/){ .md-button .md-button--primary }
|
||
[:pg-tor:](https://brave4u7jddbv7cyviptqjc7jusxh72uik7zt6adtckl5f4nwy2v72qd.onion){ .card-link title=Onion }
|
||
[:octicons-eye-16:](https://brave.com/privacy/browser/){ .card-link title="Privacy Policy" }
|
||
[:octicons-info-16:](https://support.brave.com/){ .card-link title=Documentation}
|
||
[:octicons-code-16:](https://github.com/brave/brave-browser){ .card-link title="Source Code" }
|
||
|
||
??? downloads annotate
|
||
|
||
- [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=com.brave.browser)
|
||
|
||
#### Recommended Configuration
|
||
|
||
Tor Browser is the only way to truly browse the internet anonymously. When you use Brave, we recommend changing the following settings to protect your privacy from certain parties, but all browsers other than the [Tor Browser](#tor-browser) will be traceable by *somebody* in some regard or another.
|
||
|
||
These options can be found in :material-menu: → **Settings** → **Brave Shields & privacy**
|
||
|
||
##### Shields
|
||
|
||
Brave includes some anti-fingerprinting measures in its [Shields](https://support.brave.com/hc/en-us/articles/360022973471-What-is-Shields-) feature. We suggest configuring these options [globally](https://support.brave.com/hc/en-us/articles/360023646212-How-do-I-configure-global-and-site-specific-Shields-settings-) across all pages that you visit.
|
||
|
||
Shields' options can be downgraded on a per-site basis as needed, but by default we recommend setting the following:
|
||
|
||
<div class="annotate" markdown>
|
||
|
||
- [x] Select **Aggressive** under Block trackers & ads
|
||
|
||
??? warning "Use default filter lists"
|
||
Brave allows you to select additional content filters within the internal `brave://adblock` page. We advise against using this feature; instead, keep the default filter lists. Using extra lists will make you stand out from other Brave users and may also increase attack surface if there is an exploit in Brave and a malicious rule is added to one of the lists you use.
|
||
|
||
- [x] (Optional) Select **Block Scripts** (1)
|
||
- [x] Select **Strict, may break sites** under Block fingerprinting
|
||
|
||
</div>
|
||
|
||
1. This option provides functionality similar to uBlock Origin's advanced [blocking modes](https://github.com/gorhill/uBlock/wiki/Blocking-mode) or the [NoScript](https://noscript.net/) extension.
|
||
|
||
##### Social Media Blocking
|
||
|
||
- [ ] Uncheck all social media components
|
||
|
||
##### IPFS
|
||
|
||
InterPlanetary File System (IPFS) is a decentralized, peer-to-peer network for storing and sharing data in a distributed filesystem. Unless you use the feature, disable it.
|
||
|
||
- [ ] Uncheck **IPFS Gateway**
|
||
|
||
##### Other privacy settings
|
||
|
||
- [x] Select **Disable Non-Proxied UDP** under [WebRTC IP Handling Policy](https://support.brave.com/hc/en-us/articles/360017989132-How-do-I-change-my-Privacy-Settings-#webrtc)
|
||
- [ ] Uncheck **Allow privacy-preserving product analytics (P3A)**
|
||
- [ ] Uncheck **Automatically send daily usage ping to Brave**
|
||
- [ ] Uncheck **Automatically send diagnostic reports**
|
||
- [x] Select **Always use secure connections**
|
||
- [x] Select **Close tabs on exit**
|
||
- [x] Select **Clear data on exit**
|
||
|
||
## iOS
|
||
|
||
On iOS, any app that can browse the web is [restricted](https://developer.apple.com/app-store/review/guidelines) to using an Apple-provided [WebKit framework](https://developer.apple.com/documentation/webkit), so there is little reason to use a third-party web browser.
|
||
|
||
### Safari
|
||
|
||
!!! recommendation
|
||
|
||
![Safari logo](assets/img/browsers/safari.svg){ align=right }
|
||
|
||
**Safari** is the default browser in iOS. It includes [privacy features](https://support.apple.com/guide/iphone/browse-the-web-privately-iphb01fc3c85/15.0/ios/15.0) such as Intelligent Tracking Protection, Privacy Report, isolated Private Browsing tabs, iCloud Private Relay, and automatic HTTPS upgrades.
|
||
|
||
[:octicons-home-16: Homepage](https://www.apple.com/safari/){ .md-button .md-button--primary }
|
||
[:octicons-eye-16:](https://www.apple.com/legal/privacy/data/en/safari/){ .card-link title="Privacy Policy" }
|
||
[:octicons-info-16:](https://support.apple.com/guide/safari/welcome/mac){ .card-link title=Documentation}
|
||
|
||
#### Recommended Configuration
|
||
|
||
These options can be found in :gear: **Settings** → **Safari** → **Privacy and Security**.
|
||
|
||
##### Cross-Site Tracking Prevention
|
||
|
||
- [x] Enable **Prevent Cross-Site Tracking**
|
||
|
||
This enables WebKit's [Intelligent Tracking Protection](https://webkit.org/tracking-prevention/#intelligent-tracking-prevention-itp). The feature helps protect against unwanted tracking by using on-device machine learning to stop trackers. ITP protects against many common threats, but it does not block all tracking avenues because it is designed to not interfere with website usability.
|
||
|
||
##### Privacy Report
|
||
|
||
Privacy Report provides a snapshot of cross-site trackers currently prevented from profiling you on the website you're visiting. It can also display a weekly report to show which trackers have been blocked over time.
|
||
|
||
Privacy Report is accessible via the Page Settings menu (:pg-textformat-size:).
|
||
|
||
##### Privacy Preserving Ad Measurement
|
||
|
||
- [ ] Disable **Privacy Preserving Ad Measurement**
|
||
|
||
Ad click measurement has traditionally used tracking technology that infringes on user privacy. [Private Click Measurement](https://webkit.org/blog/11529/introducing-private-click-measurement-pcm/) is a WebKit feature and proposed web standard aimed towards allowing advertisers to measure the effectiveness of web campaigns without compromising on user privacy.
|
||
|
||
The feature has little privacy concerns on its own, so while you can choose to leave it on, we consider the fact that it's automatically disabled in Private Browsing to be an indicator for disabling the feature.
|
||
|
||
##### Always-on Private Browsing
|
||
|
||
Open Safari and tap the Tabs button, located in the bottom right. Then, expand the Tab Groups list.
|
||
|
||
- [x] Select **Private**
|
||
|
||
Safari's Private Browsing mode offers additional privacy protections. Private Browsing uses a new [ephemeral](https://developer.apple.com/documentation/foundation/urlsessionconfiguration/1410529-ephemeral) session for each tab, meaning tabs are isolated from one another. There are also other smaller privacy benefits with Private Browsing, such as not sending a webpage’s address to Apple when using Safari's translation feature.
|
||
|
||
Do note that Private Browsing does not save cookies and website data, so it won't be possible to remain signed into sites. This may be an inconvenience.
|
||
|
||
##### iCloud Sync
|
||
|
||
Synchronization of Safari History, Tab Groups, iCloud Tabs and saved passwords are E2EE. However, bookmarks are [not](https://support.apple.com/en-us/HT202303). Apple can decrypt and access them in accordance with their [privacy policy](https://www.apple.com/legal/privacy/en-ww/).
|
||
|
||
If you use iCloud, we also recommend checking to ensure Safari's default download location is set to locally on your device. This option can be found in :gear: **Settings** → **Safari** → **General** → **Downloads**.
|
||
|
||
### AdGuard
|
||
|
||
!!! recommendation
|
||
|
||
![AdGuard logo](assets/img/browsers/adguard.svg){ align=right }
|
||
|
||
**AdGuard for iOS** is a free and open-source content-blocking extension for Safari that uses the native [Content Blocker API](https://developer.apple.com/documentation/safariservices/creating_a_content_blocker).
|
||
|
||
AdGuard for iOS has some premium features; however, standard Safari content blocking is free of charge.
|
||
|
||
[:octicons-home-16: Homepage](https://adguard.com/en/adguard-ios/overview.html){ .md-button .md-button--primary }
|
||
[:octicons-eye-16:](https://adguard.com/privacy/ios.html){ .card-link title="Privacy Policy" }
|
||
[:octicons-info-16:](https://kb.adguard.com/ios){ .card-link title=Documentation}
|
||
[:octicons-code-16:](https://github.com/AdguardTeam/AdguardForiOS){ .card-link title="Source Code" }
|
||
|
||
??? downloads
|
||
|
||
- [:fontawesome-brands-app-store-ios: App Store](https://apps.apple.com/app/apple-store/id1047223162)
|
||
|
||
Additional filter lists do slow things down and may increase your attack surface, so only apply what you need.
|