Intro:
Mobile Browser Links
Disable 3rd-party cookies (for desktop browsers)
Disable 3rd-party cookies (for iOS browsers)
Disable 3rd-party cookies (for Android browsers)
Disable Topics (Chrome for desktop only)
Disable Topics (Chrome for Android only)
Enable Maximum Protection (for desktop browsers)
Enable Maximum Protection (for iOS browsers)
Enable Maximum Protection (for Android browsers)
Force 'Global Privacy Control' (for desktop browsers)
Force 'Global Privacy Control' (for iOS browsers)
Force 'Global Privacy Control' (for Android browsers)
Device Fingerprinting Results for Desktop, using CoverYourTracks
Device Fingerprinting Results for iOS, using CoverYourTracks
Device Fingerprinting Results for Android, using CoverYourTracks
Device Fingerprinting Results for Desktop, using CreepJS
Device Fingerprinting Results for iOS, using CreepJS
Device Fingerprinting Results for Android, using CreepJS
Changelog
In this guide I'm comparing various browser settings and configurations, to see how well they protect your privacy/security.
Inspiration for this thread:
1. After my thread about 'Stop YouTube ads once and for all', I had another idea about comparing browser's privacy/security
2. Then, I saw this article on Dec 14, 2023... Google has announced that they will be disabling 3rd-party cookies for all Chrome users in 2nd half of 2024, by default.
Seeing how Chrome has 62% Market Share for desktop/mobile/tablet, this is massive news since it's the majority user base.
In this guide, instead of waiting for 2nd half of 2024 until Google implements this change, I'll guide everyone on how to do this right now, regardless of your browser.
Inspiration for this thread:
1. After my thread about 'Stop YouTube ads once and for all', I had another idea about comparing browser's privacy/security
2. Then, I saw this article on Dec 14, 2023... Google has announced that they will be disabling 3rd-party cookies for all Chrome users in 2nd half of 2024, by default.
Seeing how Chrome has 62% Market Share for desktop/mobile/tablet, this is massive news since it's the majority user base.
In this guide, instead of waiting for 2nd half of 2024 until Google implements this change, I'll guide everyone on how to do this right now, regardless of your browser.
Mobile Browser Links
Table 1: iOS Browsers
-All iOS browers use Web Kit technology, due to Apple restriction
Table 2: Android Browsers
iOS Browsers | Apple Store Link |
Safari (default browser) | Link |
Firefox | Link |
Chrome | Link |
Edge | Link |
Brave | Link |
DuckDuckGo | Link |
Firefox Focus | Link |
Arc | Link |
Opera | Link |
Vivaldi | Link |
Table 2: Android Browsers
Android Browsers | Google Play Link | Downloads | Based on Chromium |
Firefox | Link | 100 M+ | |
Chrome (default browser) | Link | 10 B+ | Yes |
Edge | Link | 50 M+ | Yes |
Brave | Link | 100 M+ | Yes |
Firefox Focus | Link | 10 M+ | |
DuckDuckGo | Link | 50 M+ | |
Opera | Link | 100 M+ | Yes |
Opera Mini | Link | 500 M+ | |
Samsung Internet | Link | 1 B+ | Yes |
Vivaldi | Link | 5 M+ | Yes |
Orions | Link | 100 K+ | |
Ghostery | Link | 1 M+ |
Disable 3rd-party cookies (for desktop browsers)
What's the difference between 1st-party and 3rd-party cookies?
-When you first visit a website, like cnn.com, your browser receives a 1st-party cookie from cnn.com and saves it into your browser. If you wish to login to cnn.com, this credential information is stored in your cookie. When you close the browser and re-open it, and visit cnn.com, your previously logged in state is restored. 1st-party cookies are required for much of today's internet experience. Blocking 1st-party cookies is not a good idea, since it will break the internet. So browsers always allow 1st-party cookies.
-At the same time, by going to cnn.com, the developers of this 1st-party domain have allowed 3rd-party advertisers and 3rd-party addons/scripts. By going to cnn.com, all browsers (from the earliest days of internet) store 3rd-party cookies in your browser. This allows the 3rd-parties to track your activity, even across 1st-party domains. So for example, if you go to cnn.com and it has a Facebook addon/script, that addon/script will save a 3rd-party cookie for Facebook. Then when you go to cbc.ca and if the second domain has a Facebook addon/script as well, the script will try to save a Facebook cookie. If your browser has this cookie, it will use that cookie. As you can see, this allows 3rd-parties to effectively track you online, across multiple 1st-party domains.
-Over time, browsers added the ability to either sandbox and/or block 3rd-party cookies. This has been a long-time battle between privacy and advertisers. Every browser is different, so I'll explain how each browser handles 3rd-party cookies.
-For a much more in-depth explanation, see GRC's page.
-In this guide, I will guide you on how to disable 3rd-party cookies for all browsers. Don't worry, your websites won't break.
Browsers already protected by default:
Browsers partly protected by default:
Browsers unprotected by default:
Testing all desktop browsers in their ability to block 3rd party cookies, after changing all of the above settings:
To test your browser for 3rd party cookies go to:
GRC.com Cookie Forensics
Summary:
- This shows that the browsers for desktop are indeed blocking 3rd-party cookies (after we've changed their settings).
-When you first visit a website, like cnn.com, your browser receives a 1st-party cookie from cnn.com and saves it into your browser. If you wish to login to cnn.com, this credential information is stored in your cookie. When you close the browser and re-open it, and visit cnn.com, your previously logged in state is restored. 1st-party cookies are required for much of today's internet experience. Blocking 1st-party cookies is not a good idea, since it will break the internet. So browsers always allow 1st-party cookies.
-At the same time, by going to cnn.com, the developers of this 1st-party domain have allowed 3rd-party advertisers and 3rd-party addons/scripts. By going to cnn.com, all browsers (from the earliest days of internet) store 3rd-party cookies in your browser. This allows the 3rd-parties to track your activity, even across 1st-party domains. So for example, if you go to cnn.com and it has a Facebook addon/script, that addon/script will save a 3rd-party cookie for Facebook. Then when you go to cbc.ca and if the second domain has a Facebook addon/script as well, the script will try to save a Facebook cookie. If your browser has this cookie, it will use that cookie. As you can see, this allows 3rd-parties to effectively track you online, across multiple 1st-party domains.
-Over time, browsers added the ability to either sandbox and/or block 3rd-party cookies. This has been a long-time battle between privacy and advertisers. Every browser is different, so I'll explain how each browser handles 3rd-party cookies.
-For a much more in-depth explanation, see GRC's page.
-In this guide, I will guide you on how to disable 3rd-party cookies for all browsers. Don't worry, your websites won't break.
Browsers already protected by default:
Browser | Notes |
Brave | - Default behavior is "Block 3rd-party cookies" - Nothing needs to be changed |
Safari for MacOS | - Default behavior is blocking 3rd-party cookies, since March 2020 - Nothing needs to changed - Actually, you can't disable this functionality since there's no option for it |
DuckDuckGo | - Default behavior is "Block 3rd-party cookies" - Nothing needs to be changed - Actually, you can't disable this functionality since there's no option for it |
Arc for MacOS | - Default behavior is "Block 3rd-party cookies" - Nothing needs to be changed |
Browsers partly protected by default:
Browser | Notes |
Firefox | - Default behavior is "Block cross-site tracking cookies and isolate other cross-site cookies" (which is part of "standard" protection) - This effectively means it's doing a hybrid job, of either blocking 3rd party cookies (that Firefox classified and kept on a maintained list) or sandboxing 3rd-party cookies (which means the cookie is still set in your browser, but just can't be accessed across multiple 1st-party domains, and is only isolated to one 1st-party domain). - This is a useful change that Firefox has implemented since April 2023. - From my perspective, this default setting offers partial protection since some cookies are stored in your browser (sandboxed by Firefox) - In order to block all 3rd-party cookies from being saved in your browser, we need to get to settings, privacy and security, change from "standard" to "custom", and then change "cookies" from "Block cross-site tracking cookies and isolate other cross-site cookies" to "block all cross-site cookies". |
Browsers unprotected by default:
Browser | Notes |
Chrome | - Default behavior is "Block 3rd-party cookies in Incognito Mode". - This effectively means allow all 3rd-party cookies, since people don't use incognito/private mode all the time. - This needs to be changed. Go to settings, privacy and security" and change "Block 3rd-party cookies in Incognito Mode" to "Block 3rd-party cookies" first. - Then disable this option (which is on by default) "allow related sites to see your activity in the group". According to Google documentation, related sites are websites like "brandx.com and fly-brandx.com—or domains for different countries such as example.com, example.rs, example.co.uk and so on." - As of December 2023, Google has announced that they will change the current behavior to "Block 3rd-party cookies" for everyone in 2nd half of 2024. |
Edge | - Default behavior is "Allow 3rd-party cookies" - This needs to be changed by going into settings, "cookies and site permissions" tab, hit "manage and delete cookies and site data", and then turn on "Block 3rd-party cookies" |
Opera | - Default behavior is "Block 3rd-party cookies in private mode". - This effectively means allow all 3rd-party cookies, since people don't use incognito/private mode all the time. - This needs to be changed. Go to settings, privacy and security" and change "Block 3rd-party cookies in private mode" to "Block 3rd-party cookies". - Then keep this option disabled (which is off by default) "allow related sites to see your activity in the group". According to Google documentation, related sites are websites like "brandx.com and fly-brandx.com—or domains for different countries such as example.com, example.rs, example.co.uk and so on." |
Testing all desktop browsers in their ability to block 3rd party cookies, after changing all of the above settings:
To test your browser for 3rd party cookies go to:
GRC.com Cookie Forensics
Browser | Result of test? |
Chrome | Success, blocked all 3rd-party cookies |
Edge | Success, blocked all 3rd-party cookies |
Safari for MacOS | Success, blocked all 3rd-party cookies |
Firefox | Success, blocked all 3rd-party cookies |
Brave | Success, blocked all 3rd-party cookies |
Opera | Success, blocked all 3rd-party cookies |
DuckDuckGo | Success, blocked all 3rd-party cookies |
Arc for MacOS | Success, blocked all 3rd-party cookies |
- This shows that the browsers for desktop are indeed blocking 3rd-party cookies (after we've changed their settings).
Disable 3rd-party cookies (for iOS browsers)
Testing all iOS browsers in their ability to block 3rd party cookies:
To test your browser for 3rd party cookies go to:
GRC.com Cookie Forensics
Summary:
- This shows that the browsers for iOS are indeed blocking 3rd-party cookies.
Update:
- That's because of "All iOS browsers are required to use the same iOS based Web Kit rendering engine (same as Safari). Apple has that locked down..."
To test your browser for 3rd party cookies go to:
GRC.com Cookie Forensics
Browser | Result of test? |
Chrome for iOS | Success, blocked all 3rd-party cookies |
Edge for iOS | Success, blocked all 3rd-party cookies Update: this seems weird, since the default option for edge is to allow all cookies (1st-party and 3rd-party) Update 2: It's because of Web Kit (reason below) |
Safari for iOS (default browser) | Success, blocked all 3rd-party cookies |
Firefox for iOS | Success, blocked all 3rd-party cookies |
Brave for iOS | Success, blocked all 3rd-party cookies |
Opera for iOS | Success, blocked all 3rd-party cookies |
DuckDuckGo for iOS | Success, blocked all 3rd-party cookies |
Firefox Focus for iOS | Success, blocked all 3rd-party cookies |
Arc for iOS | Success, blocked all 3rd-party cookies |
Vivaldi for iOS | Success, blocked all 3rd-party cookies |
- This shows that the browsers for iOS are indeed blocking 3rd-party cookies.
Update:
- That's because of "All iOS browsers are required to use the same iOS based Web Kit rendering engine (same as Safari). Apple has that locked down..."
Disable 3rd-party cookies (for Android browsers)
Testing all Android browsers in their ability to block 3rd party cookies:
To test your browser for 3rd party cookies go to:
GRC.com Cookie Forensics
Summary:
- This shows that the most (but not all) browsers for Android are blocking 3rd-party cookies by default
How to block 3rd-party cookies for the browsers that failed the test above?
Summary:
- Avoid 2 browsers for Android (since you can't disable 3rd-party cookies): 1. Opera Mini 2. Ghostery
To test your browser for 3rd party cookies go to:
GRC.com Cookie Forensics
Browser | Result of test? |
Chrome for Android | Success, blocked all 3rd-party cookies |
Firefox for Android | Failed, allowed 3rd-party cookies |
Brave for Android | Success, blocked all 3rd-party cookies |
Edge for Android | Success, blocked all 3rd-party cookies |
DuckDuckGo for Android | Success, blocked all 3rd-party cookies |
Firefox Focus for Android | Failed, allowed 3rd-party cookies |
Opera for Android | Success, blocked all 3rd-party cookies |
Opera Mini for Android | Failed, allowed 3rd-party cookies |
Samsung Internet for Android | Success, blocked all 3rd-party cookies |
Vivaldi for Android | Success, blocked all 3rd-party cookies |
Orions for Android | Success, blocked all 3rd-party cookies |
Ghostery for Android | Failed, allowed 3rd-party cookies |
- This shows that the most (but not all) browsers for Android are blocking 3rd-party cookies by default
How to block 3rd-party cookies for the browsers that failed the test above?
Browser | Change these settings to block 3rd-party cookies |
Firefox for Android | Settings, "enhanced tracking protection", change from 'standard' to 'custom', then under 'cookies', change from 'isolate cross-site cookies' to 'all third-party cookies (may cause websites to break)' update: The grc cookie test still fails after changing these settings above... very strange! perhaps a bug in firefox? update 2: This looks like a false positive. read my notes. In other words, Firefox for Android is safe to use! |
Firefox Focus for Android | Settings, 'Block cookies', change from 'block cross-site' to 'block 3rd-party cookies only' update: this passed grc cookie test now |
Opera Mini for Android | There's no options for you to change, avoid this browser. |
Ghostery for Android | There's no options for you to change, avoid this browser. |
- Avoid 2 browsers for Android (since you can't disable 3rd-party cookies): 1. Opera Mini 2. Ghostery
Disable Topics (Chrome for desktop only)
What is Topics?
- Google has implemented the next evolution of Cookies, called "Topics" or "Privacy Sandbox".
- This was rolled out to all Chrome users in September 2023.
What are the 3 Topics?
- Explanations by eff.org
1. Ad topics:
- This is the fundamental component of Privacy Sandbox that generates a list of your interests based on the websites you visit. If you leave this enabled, you'll eventually get a list of all your interests, which are used for ads, as well as the ability to block individual topics. The topics roll over every four weeks (up from weekly in the FLOCs proposal) and random ones will be thrown in for good measure.
2. Site-suggested ads:
- This confusingly named toggle is what allows advertisers to do what’s called "remarketing" or "retargeting," also known as “after I buy a sofa, every website on the internet advertises that same sofa to me.” With this feature, site one gives information to your Chrome instance (like “this person loves sofas”) and site two, which runs ads, can interact with Chrome such that a sofa ad will be shown, even without site two learning that you love sofas.
3. Ad measurement:
- This allows advertisers to track ad performance by storing data in your browser that's then shared with other sites. For example, if you see an ad for a pair of shoes, the site would get information about the time of day, whether the ad was clicked, and where it was displayed.
How to disable Topics for Chrome browser for Desktop?
1. In Chrome, go to settings, "privacy and security", "ad privacy" and you'll 3 sections.
2. Disable all 3.
Can you use a Chrome Extension to disable the Topics signal from being sent by Chrome for desktop?
Yes, you can install one of these Google Chrome extensions. These serve the same function as disabling all 3 options in Chrome's settings (I mentioned above).
1. OptMeowt (chrome web store)
2. PrivacyBadger (chrome web store)
Should you disable Topics?
- Most people agree that "Topics" or "Privacy Sandbox" is better than the 3rd-party cookies being stored in your browser and which are used to track you across multiple 1st-party domains.
- The wording is deceptive from Google. "Privacy Sandbox" is still tracking—of a different nature—under the name of "Privacy".
- We don't want tracking of any kind, so we turn this off.
- Google has implemented the next evolution of Cookies, called "Topics" or "Privacy Sandbox".
- This was rolled out to all Chrome users in September 2023.
What are the 3 Topics?
- Explanations by eff.org
1. Ad topics:
- This is the fundamental component of Privacy Sandbox that generates a list of your interests based on the websites you visit. If you leave this enabled, you'll eventually get a list of all your interests, which are used for ads, as well as the ability to block individual topics. The topics roll over every four weeks (up from weekly in the FLOCs proposal) and random ones will be thrown in for good measure.
2. Site-suggested ads:
- This confusingly named toggle is what allows advertisers to do what’s called "remarketing" or "retargeting," also known as “after I buy a sofa, every website on the internet advertises that same sofa to me.” With this feature, site one gives information to your Chrome instance (like “this person loves sofas”) and site two, which runs ads, can interact with Chrome such that a sofa ad will be shown, even without site two learning that you love sofas.
3. Ad measurement:
- This allows advertisers to track ad performance by storing data in your browser that's then shared with other sites. For example, if you see an ad for a pair of shoes, the site would get information about the time of day, whether the ad was clicked, and where it was displayed.
How to disable Topics for Chrome browser for Desktop?
1. In Chrome, go to settings, "privacy and security", "ad privacy" and you'll 3 sections.
2. Disable all 3.
Can you use a Chrome Extension to disable the Topics signal from being sent by Chrome for desktop?
Yes, you can install one of these Google Chrome extensions. These serve the same function as disabling all 3 options in Chrome's settings (I mentioned above).
1. OptMeowt (chrome web store)
2. PrivacyBadger (chrome web store)
Should you disable Topics?
- Most people agree that "Topics" or "Privacy Sandbox" is better than the 3rd-party cookies being stored in your browser and which are used to track you across multiple 1st-party domains.
- The wording is deceptive from Google. "Privacy Sandbox" is still tracking—of a different nature—under the name of "Privacy".
- We don't want tracking of any kind, so we turn this off.
Disable Topics (Chrome for Android only)
How to disable Topics for Chrome for Android?
1. Open Chrome for Android
2. Settings, 'privacy and security', 'ads privacy', then disable all 3:
- Ad topics
- Site-suggested ads
- Ad measurement
1. Open Chrome for Android
2. Settings, 'privacy and security', 'ads privacy', then disable all 3:
- Ad topics
- Site-suggested ads
- Ad measurement
Enable Maximum Protection (for desktop browsers)
- For those wanting the best possible protection when using your browser, look at these settings.
- By default, most browsers offer a 'balanced protection', instead of 'maximum protection'. So I'll summarize on how to enable these settings.
- By default, most browsers offer a 'balanced protection', instead of 'maximum protection'. So I'll summarize on how to enable these settings.
Browser | Notes | Explanations |
Chrome | 1. Go to settings, privacy and security, security - Change 'standard protection' to 'enhanced protection'. | Explanation 1: Enhanced Protection: If you’ve opted into “Enhanced protection” (pictured above), in addition to all the protections described above for “Standard protection” mode, Chrome will use the real-time checks mechanism described above for checking the Safe Browsing reputation of top-level URLs and iframe URLs. If you're signed in to Chrome, the requests for performing real-time checks and the requests for checking potentially dangerous file downloads contain a temporary authentication token tied to your Google account that is used to protect you across Google apps. Enhanced protection also enables reporting additional data relevant to security to help improve Safe Browsing and overall web security, and it enables Chrome’s password breach detection. When browsing in incognito or guest mode, these extra checks do not occur, and Enhanced protection mode operates the same way as Standard protection. Explanation 2: Enhanced Protection:
To help protect your account and data, Enhanced Safe Browsing for your account checks for risky:
|
Edge | 1. Go to settings, privacy search and services - Change 'tracking protection' from 'balanced' to 'strict'. 2. Go to settings, privacy search and services - Enable 'enhanced your security on the web', then change 'balanced' to 'strict'. | 1. Tracking Protection Explanation 1: - Balanced (Recommended): Blocks potentially harmful trackers and trackers from sites you haven’t visited. Content and ads will likely be less personalized. - Strict: Blocks potentially harmful trackers and most trackers across sites. Content and ads will likely have minimal personalization. This option blocks the most trackers but could cause some websites to not behave as expected. For example, a video might not play, or you might not be able to sign in. 2. Enhanced Your Security On the Web Explanation 2: -Enhanced security in Microsoft Edge helps safeguard against memory-related vulnerabilities by disabling just-in-time (JIT) JavaScript compilation and enabling additional operating system protections for the browser. These protections include Hardware-enforced Stack Protection and Arbitrary Code Guard (ACG). With these protections in place, Microsoft Edge helps reduce the risk of an attack by automatically applying stricter security settings on unfamiliar sites while adapting to your browsing habits over time. - Balanced (Recommended): Microsoft Edge applies added security protections to sites you don’t visit often or are unknown to you. Websites you browse frequently will be left out. Most sites will work as expected. - Strict: Microsoft Edge applies added security protections to all sites visited by default. Strict mode may impact your ability to complete normal tasks on the web because some parts of websites might not work as expected. |
Firefox | Go to settings, privacy and security, change from 'standard' to 'custom'. 1. Change 'tracking content' from 'only in private windows' to 'In all windows'. 2. Change 'suspected fingerprints' from 'only in private windows' to 'In all windows'. 3. In previous section about Cookies, I've mentioned to change the 'cookies' from 'block cross-site tracking cookies and isolate other cross-site cookies' to 'block all cross-site cookies' | 1-2. Too many changes to list, here's Firefox articles to read: Explanation 1. Firefox's protection against fingerprinting Explanation 2. Enhanced Tracking Protection in Firefox for desktop Explanation 3. Trackers and scripts Firefox blocks in Enhanced Tracking Protection Explanation 4. SmartBlock for Enhanced Tracking Protection 3. Cookies: Disables all 3rd-party cookies |
Brave | Go to settings, shields. 1. Change 'trackers and ads blocking' from 'standard' to 'aggressive'. 2. Change 'block fingerprinting' from 'standard' to 'strict'. | 1. Trackers and ads blocking: Improving privacy by improving Web compatibility 2. Block Fingerprinting: Fingerprinting protections |
Safari for MacOS | Go to settings, advanced 1. enable 'use advanced tracking and fingerprinting protection' (which I believe should be enabled since Sep 2023) 2. Change 'use advanced tracking and fingerprinting protection' from 'in private browsing' (default setting) to 'in all browsing'. | Explanation 1: In Safari 17.0, Private Browsing gets even more private with added protection against some of the most advanced techniques used to track you. Technical changes include:
|
Opera | No settings are available to configure | No settings are available to configure |
DuckDuckGo | No settings are available to configure | No settings are available to configure |
Arc for MacOS | Go to settings, general, 'privacy and security', select 'security', change from 'standard protection' to 'enhanced protection' | To find detailed info |
Enable Maximum Protection (for iOS browsers)
- For those wanting the best possible protection when using your browser, look at these settings.
- By default, most browsers offer a 'balanced protection', instead of 'maximum protection'. So I'll summarize on how to enable these settings.
- By default, most browsers offer a 'balanced protection', instead of 'maximum protection'. So I'll summarize on how to enable these settings.
Browser | Notes | Explanations |
Safari for iOS (default browser) | Open iOS, to Settings, Safari, Advanced, select 'advanced tracking and fingerprint protection'. The default option is 'private browsing', change to 'all browsing' | Explanation 1: In Safari 17.0, Private Browsing gets even more private with added protection against some of the most advanced techniques used to track you. Technical changes include:
|
Chrome for iOS | Open Chrome, settings, 'privacy and security', 'safe browsing', change from 'standard protection' to 'enhanced protection' | To find detailed info |
Edge for iOS | 1. Open Edge, settings, 'privacy and security', select 'tracking prevention', and change 'balanced' to 'strict' 2. Open Edge, settings, 'privacy and security', select 'cookies', and change from 'don't block cookies' to ' block only third party cookies' | To find detailed info |
Brave for iOS | Open Brave, settings, 'brave shield and privacy', select 'trackers and ads blocking', change from 'standard' to 'aggressive' | To find detailed info |
Firefox for iOS | Open Firefox, settings, 'tracking protection', change from 'standard' to 'strict' | To find detailed info |
Opera for iOS | Open Opera, settings, content filters, enable 'ad blocking' | To find detailed info |
DuckDuckGo for iOS | No settings are available to configure | No settings are available to configure |
Firefox Focus for iOS | No settings are available to configure | No settings are available to configure |
Arc for iOS | No settings are available to configure | No settings are available to configure |
Vivaldi for iOS | When running for the first time, change 'no blocking' to 'block trackers and ads' | To find detailed info |
Enable Maximum Protection (for Android browsers)
- For those wanting the best possible protection when using your browser, look at these settings.
- By default, most browsers offer a 'balanced protection', instead of 'maximum protection'. So I'll summarize on how to enable these settings.
- By default, most browsers offer a 'balanced protection', instead of 'maximum protection'. So I'll summarize on how to enable these settings.
Browser | Notes | Explanation |
Firefox for Android | Settings, 'enhanced tracking protection', change from 'standard' to 'custom', then set 'cookies' from 'isolate cross-site cookies' to 'all third-party cookies (may cause websites to break)' | To do |
Chrome for Android | 1. Settings, 'privacy and security', change 'third party cookies' from 'block third-party cookies in incognito' to 'block third-party cookies' 2. Settings, 'privacy and security', 'send a do not track request', enable it 3. Settings, 'privacy and security', 'safe browsing', change from 'standard protection' to 'enhanced protection' | To do |
Edge for Android | 1. Settings, 'privacy and security', 'tracking prevention', change from 'balanced' to 'strict' 2. Settings, 'privacy and security', 'do no track', enable it | To do |
Brave for Android | 1. Settings, 'brave shield and privacy', change 'block trackers and ads' from 'standard' to 'aggressive' 2. Settings, 'brave shield and privacy', change 'block fingerprinting', from 'standard' to 'strict' 3. Settings, 'brave shield and privacy', change 'send do not track request', enable it | To do |
DuckDuckGo for Android | Nothing to configure | Nothing to configure |
Firefox Focus for Android | Nothing to configure | Nothing to configure |
Opera for Android | 1. Settings, 'privacy and security', enable 'tracker blocking' 2. Settings, 'privacy and security', 'cookies', change from 'enabled' to 'enabled, excluding third-party' | To do |
Opera Mini for Android | Nothing to configure | Nothing to configure |
Samsung Internet for Android | Nothing to configure | Nothing to configure |
Vivaldi for Android | 1. Settings, 'privacy and security', 'send a do not track request', enable it | To do |
Orions for Android | Nothing to configure | Nothing to configure |
Ghostery for Android | Nothing to configure | Nothing to configure |
Force 'Global Privacy Control' (for desktop browsers)
What is Global Privacy Control?
- Global Privacy Control (GPC) refers to a standard designed to give individuals more control over their online privacy by allowing them to assert their legal rights to opt-out of online tracking and data sharing. It aims to simplify the process of communicating user privacy preferences across websites and online services.
- The concept is similar to "Do Not Track" (DNT), but GPC is an effort to create a more enforceable and standardized approach. The GPC initiative is typically implemented through browser extensions or settings that users can enable to signal their desire to opt-out of online tracking. When a website or online service recognizes the GPC signal, it is expected to respect the user's preference and refrain from collecting or sharing their personal information.
How to test your browser for this?
Go to GlobalPrivacyControl.org and see what the message on top says.
- If you see "GPC signal detected. Test against the reference server.", then your browser passed the test, and your browser is protected.
- If you see "GPC signal not detected. Please download a browser/extension that supports it.", then your browser failed the test and you're not protected.
Global Privacy Control test for Desktop OS:
Summary:
- Brave and DuckDuckGo for desktop protected you by default.
What application for Desktop OS, you can install to pass this test?
- AdGuard. Website (free to install, but requires a license) (see my previous 'youtube ads' guide on how to get a license)
Will this pass the test?
- No, it will fail the test by default.
- But if you enable "send do-no-track signals" (found under 'advanced tracking protection', then 'general' tab, in MacOS), then it passes the test.
- Since AdGuard works at OS level, it will work for any browser you use.
Which browser extension, you can install to pass the test?
1. Privacy Badger (website).
- Available for Chrome, Firefox, Edge, Opera.
- Your browser will pass the test after you install this extension.
2. Disconnect (website).
- Available for Chrome, Firefox, Opera.
- By default, this option is turned off, which means the browser will fail the test.
- Select the icon, and hit 'enable GPC', now the browser will pass the test.
3. OptMeowt (github)
- Available for Chrome, Firefox.
- Your browser will pass the test after you install this extension.
4. DuckDuckGo Privacy Essentials (website)
- Available for Chrome, Firefox, Edge
- Your browser will pass the test after you install this extension.
Which browser extension failed to pass this test?
1. AdGuard for Safari (website).
- While this extension is useful for blocking ads, it fails this test since Adguard hasn't implemented the GPC signal.
- On the other hand, if you use Adguard for Desktop OS instead (like I mentioned earlier), then GPC signal can be activated, in which case that will pass the test.2
2. Ghostery (website)
- Did nothing about GPC
In Summary:
-If you're using Brave or DuckDuckGo, you won't need to install any browser extension to pass this test, since it's built into browser (like I mentioned above).
-If you're using Firefox, you need to make one simple change in Firefox's settings, to pass this test, since it's built into Firefox (like I mentioned above).
-If you're using Chrome or Edge or Opera, you'll need to install any of the browser extensions (like I mentioned above), to pass this test.
-If you're using Safari for MacOS, I don't have a solution for you yet (other than AdGuard application for desktop OS).
- Global Privacy Control (GPC) refers to a standard designed to give individuals more control over their online privacy by allowing them to assert their legal rights to opt-out of online tracking and data sharing. It aims to simplify the process of communicating user privacy preferences across websites and online services.
- The concept is similar to "Do Not Track" (DNT), but GPC is an effort to create a more enforceable and standardized approach. The GPC initiative is typically implemented through browser extensions or settings that users can enable to signal their desire to opt-out of online tracking. When a website or online service recognizes the GPC signal, it is expected to respect the user's preference and refrain from collecting or sharing their personal information.
How to test your browser for this?
Go to GlobalPrivacyControl.org and see what the message on top says.
- If you see "GPC signal detected. Test against the reference server.", then your browser passed the test, and your browser is protected.
- If you see "GPC signal not detected. Please download a browser/extension that supports it.", then your browser failed the test and you're not protected.
Global Privacy Control test for Desktop OS:
Browser | Does the browser pass the test, by default? | How to make the browser pass the test? |
Opera | No, it failed | Nothing can be done in Opera. -Note: Enabling "Send a "Do Not Track" request with your browsing traffic" doesnt help. |
Brave | Yes, it passed | Nothing needs to be done, since Brave protects you by default |
Chrome | No, it failed | Nothing can be done in Chrome. -Note: Enabling "Send a "Do Not Track" request with your browsing traffic" doesnt help. |
Safari for MacOS | No, it failed | Nothing can be done in Safari for MacOS |
Firefox | No, it failed | There is a quick fix: -Go to settings, privacy and security, enable 'tell websites not to sell or share my data'. Now the test passes. |
Edge | No, it failed | Nothing can be done in Edge. -Note: Enabling 'send do not track requests' doesnt help. |
DuckDuckGo | Yes, it passed | Nothing needs to be done, since DuckDuckGo protects you by default |
Arc for MacOS | No, it failed | Nothing can be done in Arc for MacOS. -Note: Enabling "Send a "Do Not Track" request with your browsing traffic" doesnt help. |
- Brave and DuckDuckGo for desktop protected you by default.
What application for Desktop OS, you can install to pass this test?
- AdGuard. Website (free to install, but requires a license) (see my previous 'youtube ads' guide on how to get a license)
Will this pass the test?
- No, it will fail the test by default.
- But if you enable "send do-no-track signals" (found under 'advanced tracking protection', then 'general' tab, in MacOS), then it passes the test.
- Since AdGuard works at OS level, it will work for any browser you use.
Which browser extension, you can install to pass the test?
1. Privacy Badger (website).
- Available for Chrome, Firefox, Edge, Opera.
- Your browser will pass the test after you install this extension.
2. Disconnect (website).
- Available for Chrome, Firefox, Opera.
- By default, this option is turned off, which means the browser will fail the test.
- Select the icon, and hit 'enable GPC', now the browser will pass the test.
3. OptMeowt (github)
- Available for Chrome, Firefox.
- Your browser will pass the test after you install this extension.
4. DuckDuckGo Privacy Essentials (website)
- Available for Chrome, Firefox, Edge
- Your browser will pass the test after you install this extension.
Which browser extension failed to pass this test?
1. AdGuard for Safari (website).
- While this extension is useful for blocking ads, it fails this test since Adguard hasn't implemented the GPC signal.
- On the other hand, if you use Adguard for Desktop OS instead (like I mentioned earlier), then GPC signal can be activated, in which case that will pass the test.2
2. Ghostery (website)
- Did nothing about GPC
In Summary:
-If you're using Brave or DuckDuckGo, you won't need to install any browser extension to pass this test, since it's built into browser (like I mentioned above).
-If you're using Firefox, you need to make one simple change in Firefox's settings, to pass this test, since it's built into Firefox (like I mentioned above).
-If you're using Chrome or Edge or Opera, you'll need to install any of the browser extensions (like I mentioned above), to pass this test.
-If you're using Safari for MacOS, I don't have a solution for you yet (other than AdGuard application for desktop OS).
Force 'Global Privacy Control' (for iOS browsers)
How to test your iOS browser for this?
Go to GlobalPrivacyControl.org and see what the message on top says.
- If you see "GPC signal detected. Test against the reference server.", then your browser passed the test, and your browser is protected.
- If you see "GPC signal not detected. Please download a browser/extension that supports it.", then your browser failed the test and you're not protected.
Global Privacy Control test for iOS:
Summary:
- Brave and DuckDuckGo for iOS protected you by default.
Go to GlobalPrivacyControl.org and see what the message on top says.
- If you see "GPC signal detected. Test against the reference server.", then your browser passed the test, and your browser is protected.
- If you see "GPC signal not detected. Please download a browser/extension that supports it.", then your browser failed the test and you're not protected.
Global Privacy Control test for iOS:
Browser | Does the browser pass the test, by default? | How to make the browser pass the test? |
Safari for iOS | No, it failed | Nothing can be done |
Chrome for iOS | No, it failed | Nothing can be done |
Firefox for iOS | No, it failed | Nothing can be done |
Edge for iOS | No, it failed | Nothing can be done |
Brave for iOS | Yes, it passed | Nothing needs to be done, since Brave protects you by default |
Opera for iOS | No, it failed | Nothing can be done |
DuckDuckGo for iOS | Yes, it passed | Nothing needs to be done, since DuckDuckGo protects you by default |
Arc for iOS | No, it failed | Nothing can be done |
Firefox Focus for iOS | No, it failed | Nothing can be done |
Vivaldi for iOS | No, it failed | Nothing can be done |
- Brave and DuckDuckGo for iOS protected you by default.
Force 'Global Privacy Control' (for Android browsers)
How to test your Android browser for this?
Go to GlobalPrivacyControl.org and see what the message on top says.
- If you see "GPC signal detected. Test against the reference server.", then your browser passed the test, and your browser is protected.
- If you see "GPC signal not detected. Please download a browser/extension that supports it.", then your browser failed the test and you're not protected.
Global Privacy Control test for Android:
Summary:
- Only Brave and DuckDuckGo for Android protected you by default.
Go to GlobalPrivacyControl.org and see what the message on top says.
- If you see "GPC signal detected. Test against the reference server.", then your browser passed the test, and your browser is protected.
- If you see "GPC signal not detected. Please download a browser/extension that supports it.", then your browser failed the test and you're not protected.
Global Privacy Control test for Android:
Browser | Does the browser pass the test, by default? | How to make the browser pass the test? |
Chrome for Android | No, it failed | Some Chrome extension for Android? To find out |
Firefox for Android | No, it failed | Some Firefox extension for Android? To find out |
Edge for Android | No, it failed | Some Edge extension for Android? To find out |
Brave for Android | Yes, it passed | Nothing left for you to do |
Opera for Android | No, it failed | You can't |
Firefox Focus for Android | No, it failed | You can't |
DuckDuckGo for Android | Yes, it passed | Nothing left for you to do |
Opera Mini for Android | No, it failed | You can't |
Samsung Internet for Android | No, it failed | You can't |
Vivaldi for Android | No, it failed | You can't |
Orions for Android | No, it failed | You can't |
Ghostery for Android | No, it failed | You can't |
- Only Brave and DuckDuckGo for Android protected you by default.
Device Fingerprinting Results for Desktop, using CoverYourTracks
Go to CoverYourTracks to test the browser.
For browser settings, I enabled the 'maximum protection' options mentioned before.
Summary:
- Brave is the only one browser with 'randomized fingerprint'. Explanation, Explanation2
For browser settings, I enabled the 'maximum protection' options mentioned before.
Browser | Blocking tracking ads? | Blocking invisible trackers? | Protecting you from fingerprinting? |
Safari for MacOS | Yes | Yes | Your browser has a unique fingerprint |
Chrome | Partial protection | Partial protection | Your browser has a nearly-unique fingerprint |
Firefox | Yes | Yes | Your browser has a unique fingerprint |
Firefox + NoScript (addon) | Yes | Yes | No |
Firefox + PrivacyBadger (addon) | Yes | Yes | Your browser has a unique fingerprint |
Firefox + Disconnect (addon) | Yes | Yes | Your browser has a nearly-unique fingerprint |
Firefox + DuckDuckGo Privacy Essentials (addon) | Yes | Yes | Your browser has a unique fingerprint |
Firefox + Ghostery (addon) | Yes | Yes | Your browser has a nearly-unique fingerprint |
Firefox + Chameleon (addon) | Yes | Yes | Your browser has a unique fingerprint |
Firefox + CanvasBlocker (addon) apply 'max protection' | Yes | Yes | Your browser has a unique fingerprint |
Edge | Yes | Yes | Your browser has a unique fingerprint |
Brave | Yes | Yes | Your browser has a randomized fingerprint |
Opera | Partial protection | Partial protection | Your browser has a unique fingerprint |
DuckDuckGo | Yes | Yes | Your browser has a unique fingerprint |
Arc for MacOS | Partial protection | Partial protection | Your browser has a unique fingerprint |
- Brave is the only one browser with 'randomized fingerprint'. Explanation, Explanation2
Device Fingerprinting Results for iOS, using CoverYourTracks
Go to CoverYourTracks to test the browser.
For browser settings, I enabled the 'maximum protection' options mentioned before.
Summary:
- All iOS browsers are very similar.
For browser settings, I enabled the 'maximum protection' options mentioned before.
Browser | Blocking tracking ads? | Blocking invisible trackers? | Protecting you from fingerprinting? |
Safari for iOS | Yes | Yes | Your browser has a unique fingerprint |
Chrome for iOS | Partial protection | Partial protection | Your browser has a unique fingerprint |
Firefox for iOS | Yes | Yes | Your browser has a unique fingerprint |
Edge for iOS | Yes | Yes | Your browser has a unique fingerprint |
Brave for iOS | Yes | Yes | Your browser has a unique fingerprint |
Opera for iOS | Partial protection | Partial protection | Your browser has a unique fingerprint |
DuckDuckGo for iOS | Yes | Yes | Your browser has a unique fingerprint |
Arc for iOS | Yes | Yes | Your browser has a unique fingerprint |
Firefox Focus for iOS | Yes | Yes | Your browser has a unique fingerprint |
Vivaldi for iOS | Yes | Yes | Your browser has a unique fingerprint |
- All iOS browsers are very similar.
Device Fingerprinting Results for Android, using CoverYourTracks
Go to CoverYourTracks to test the browser.
For browser settings, I enabled the 'maximum protection' options mentioned before.
Summary:
- Brave for Android is the only one browser with 'randomized fingerprint'. Explanation, Explanation2
For browser settings, I enabled the 'maximum protection' options mentioned before.
Browser | Blocking tracking ads? | Blocking invisible trackers? | Protecting you from fingerprinting? |
Firefox for Android | Yes | Yes | Your browser has a unique fingerprint |
Chrome for Android | Partial protection | Partial protection | Your browser has a unique fingerprint |
Edge for Android | Yes | Yes | Your browser has a unique fingerprint |
Brave for Android | Yes | Yes | Your browser has a randomized fingerprint |
DuckDuckGo for Android | Yes | Yes | Your browser has a unique fingerprint |
Firefox Focus for Android | Yes | Yes | Your browser has a nearly-unique fingerprint |
Opera for Android | Yes | Partial protection | Your browser has a unique fingerprint |
Opera Mini for Android | Yes | Yes | Your browser has a unique fingerprint |
Samsung Internet for Android | Partial protection | Partial protection | Your browser has a unique fingerprint |
Vivaldi for Android | Yes | Yes | Your browser has a unique fingerprint |
Orions for Android | Yes | Yes | Your browser has a unique fingerprint |
Ghostery for Android | Partial protection | Partial protection | Your browser has a unique fingerprint |
- Brave for Android is the only one browser with 'randomized fingerprint'. Explanation, Explanation2
Device Fingerprinting Results for Desktop, using CreepJS
Device Fingerprinting Results for iOS, using CreepJS
Device Fingerprinting Results for Android, using CreepJS
CreepJS's Github page and Test page.
For browser settings, I enabled the 'maximum protection' options mentioned before.
Summary:
- ...
For browser settings, I enabled the 'maximum protection' options mentioned before.
Browser | Results |
Firefox for Android | |
Chrome for Android | |
Edge for Android | |
Brave for Android | |
DuckDuckGo for Android | |
Firefox Focus for Android | |
Opera for Android | |
Opera Mini for Android | |
Samsung Internet for Android | |
Vivaldi for Android | |
Orions for Android | |
Ghostery for Android |
- ...
Changelog
2023-12-15:
- Launched
2023-12-16:
- Added DuckDuckGo browser for desktop
- Added 3rd-party cookie checking website for desktop and mobile
- Tested desktop browsers against 3rd-party cookie website
- Tested mobile browsers against 3rd-party cookie website
- Added "Enable Maximum Protection (for all mobile browsers)"
- Added explanations for various settings
2023-12-17:
- Device fingerprinting results for a few websites for desktop and iOS
2023-12-18:
- Added "Device Fingerprinting Results for iOS, using CoverYourTracks"
- Added "Force 'Global Privacy Control' (for all iOS browsers)"
- Added Arc for MacOS and iOS
2023-12-19:
- Added colors to sections, for similar topics. Makes it much easier to see.
- Added 'Disable 3rd-party cookies (for all Android browsers)'
- Added 'Enable Maximum Protection (for all Android browsers)'
- Added 'Force 'Global Privacy Control' (for all Android browsers)'
- Added 'Device Fingerprinting Results for Android, using CoverYourTracks'
- Added GRC's 3rd-party cookie explanation page that talks about tracking in much more detail. Link
- Added reason for why Firefox for Android's GRC's 3rd-party cookie test keeps failing. Link
- Launched
2023-12-16:
- Added DuckDuckGo browser for desktop
- Added 3rd-party cookie checking website for desktop and mobile
- Tested desktop browsers against 3rd-party cookie website
- Tested mobile browsers against 3rd-party cookie website
- Added "Enable Maximum Protection (for all mobile browsers)"
- Added explanations for various settings
2023-12-17:
- Device fingerprinting results for a few websites for desktop and iOS
2023-12-18:
- Added "Device Fingerprinting Results for iOS, using CoverYourTracks"
- Added "Force 'Global Privacy Control' (for all iOS browsers)"
- Added Arc for MacOS and iOS
2023-12-19:
- Added colors to sections, for similar topics. Makes it much easier to see.
- Added 'Disable 3rd-party cookies (for all Android browsers)'
- Added 'Enable Maximum Protection (for all Android browsers)'
- Added 'Force 'Global Privacy Control' (for all Android browsers)'
- Added 'Device Fingerprinting Results for Android, using CoverYourTracks'
- Added GRC's 3rd-party cookie explanation page that talks about tracking in much more detail. Link
- Added reason for why Firefox for Android's GRC's 3rd-party cookie test keeps failing. Link
Last edited: