You’re Probably Using a Tracking Machine Right Now
Chrome owns like 65% of the browser market. Firefox has solid privacy defaults but Mozilla still ships telemetry by default. Safari locks you into Apple’s ecosystem. And if you’re honest with yourself, you installed a bunch of extensions that you don’t actually trust.
Here’s the thing: your browser is the highest-resolution profile advertisers, three-letter agencies, and tech companies have on you. It sees everything — your passwords (if you’re a braver soul), your tabs, your search history, your physical location if you let it, your IP address, your hardware fingerprint, your OS, your fonts, your screen resolution. Everything.
The good news? In 2026, there are actually solid options that don’t require you to run a Raspberry Pi in your closet or live like a hermit. Three of them have matured enough to be daily-driver viable: Brave, LibreWolf, and Mullvad Browser.
But they’re not all the same. And they’re definitely not all right for you.
The Three Horses
Brave: The Pragmatist’s Choice
Brave is a Chromium fork (yes, based on the same engine as Chrome) built by folks who used to work on Firefox. It strips Google tracking, adds Tor circuit switching, and ships uBlock Origin by default—no extension installation needed.
What it does well:
- Actual fingerprinting protection built-in. Not perfect, but genuine randomization of hardware fingerprints so sites can’t build a profile across domains
- BAT rewards (Brave Attention Token) — you can earn crypto from ads you choose to see. Yeah, it sounds weird. It actually works and it’s totally optional
- Shields toggle per-site. You need to temporarily allow cookies for some legacy web app? One click. Much smoother than other hardened browsers
- Crypto/Web3 wallet built-in if you care about that (most people don’t, and you don’t have to use it)
- Sync works across devices without needing a centralized server knowing your passwords. Uses secret storage that only you hold keys for
- Solid performance. Because Chromium. It’s fast
What it compromises on:
- It’s Chromium. Google controls the engine, not Brave. Manifest v3 changes that broke extension capabilities? Brave has to live with that
- Brave’s fingerprinting protection isn’t state-of-the-art — it randomizes hardware details, but a sophisticated tracker can still profile you across sessions if they’re persistent
- BAT and Brave Rewards can feel like they’re pushing crypto. If that makes your skin crawl, you’re not alone. Disable it and move on
- Brave Sync sends some metadata to Brave’s servers (though your actual passwords/bookmarks are client-encrypted)
Who should use it: You want privacy but you’re not paranoid. You use the same browser for work and personal stuff. You want one extension toggle (“Shields”) instead of managing six different privacy add-ons. You like speed.
LibreWolf: The Hardliner
LibreWolf is Firefox with every privacy compromise stripped out and every privacy setting hardened by default. It’s maintained by volunteers, it’s completely transparent, and it assumes you’re the threat model.
What it does well:
- Firefox under the hood (Mozilla’s engine), not Chromium
- Actual fingerprinting resistance. LibreWolf uses RFPing (Resist Fingerprinting) by default. Your browser reports a fake user agent, fake screen resolution, fake fonts. Everything. It means less site compatibility, but way less fingerprinting
- No telemetry. Zero. Firefox ships telemetry by default; LibreWolf strips it all out
- No integrated crypto or reward schemes. Just a browser
- Respects your configuration completely — about:config tweaks actually stick and do what you expect
- Great extension ecosystem for additional hardening (uBlock Origin, Bitwarden, etc.)
What it compromises on:
- RFPing breaks some sites. Especially banking sites, some video players, sites that rely on specific screen sizes to render correctly. It’s not “totally broken,” but you’ll hit
Oops, try a different browsermore often than with Brave - Sync is optional and uses Mozilla’s servers (though data is encrypted end-to-end). No sync = no cross-device state, which is a pain
- Performance is okay, not great. Firefox is heavier than Chromium. On older hardware, you’ll notice it
- No built-in fingerprinting protection randomization — it’s all spoofing. If a site expects real values, it gets fake ones, and that can cause issues
- The project is small and volunteer-run. Updates are regular, but you’re not getting corporate backing
Who should use it: You want real resistance fingerprinting. You don’t care if some sites break. You’re comfortable tweaking about:config. You actively distrust Mozilla and appreciate that LibreWolf removes the telemetry without permission. You don’t need sync across devices (or you use Bitwarden/1Password instead).
Mullvad Browser: The Privacy Hardened Browser
Mullvad Browser is the newest of the three, built by the Tor Project and distributed by Mullvad. It’s Firefox-based, and specifically designed for maximum anonymity against your ISP, your government, and tracking networks. Note: it does NOT include a built-in VPN — it’s a browser, not a VPN client, and is designed to be paired with a VPN service separately.
What it does well:
- Exceptional fingerprinting resistance. Like LibreWolf, but even more aggressive. Your browser reports the same specs as everyone else using Mullvad Browser. Same user agent, same screen res, same fonts. It’s anonymity by homogeneity
- Designed to work alongside Mullvad VPN (or any other VPN you trust) — when paired with a VPN, your IP is the exit node, not your home address
- No sync, no accounts, no cloud storage. You install it, you configure it locally, you keep your settings on your machine
- Privacy audit published. Mullvad had independent security researchers audit the browser. They published the results. Transparently
- Works across all platforms (Windows, Mac, Linux)
- Free and open source — no subscription required to use the browser itself
What it compromises on:
- Site breakage is real. Same issue as LibreWolf: aggressive fingerprinting protection changes how sites see you and some break
- You can’t really customize much. The defaults are locked in for your safety. Want to turn off fingerprinting protection? Nope
- No extensions by default (though you can install them). The paranoia is: extensions can leak your identity even if the browser is hardened
- No sync means you need to manually back up bookmarks and settings if you want them on another machine
- The VPN is separate software — Mullvad Browser does NOT include a built-in VPN. You need to run Mullvad VPN (paid) or another VPN client alongside it to mask your IP
Who should use it: You’re extremely privacy-conscious. You want an off-the-shelf solution that requires minimal configuration. You already use or plan to use a VPN (ideally Mullvad). You actively distrust ISPs and state-level surveillance. You have only one primary machine (or you manually sync bookmarks). You don’t use online banking from sketchy coffee shops.
The Extension Stack (If You’re Not Using Mullvad)
If you pick Brave or LibreWolf, you want a consistent extension stack. Brave ships uBlock Origin by default, but these three should be your baseline:
uBlock Origin — Content blocker. Removes ads, trackers, ads masquerading as content. The list is crowdsourced and maintained by volunteer networks that reverse-engineer tracking vectors.
Rules to add to uBlock Origin (Custom):- Block Facebook trackers across the web- Block Google Analytics- Block HotjarBitwarden — Password manager. Open source, self-hostable, but the official Bitwarden Cloud is solid. Stores passwords encrypted, zero-knowledge architecture. When you need a password, Bitwarden autofills it, but the server never sees the plaintext.
HTTPS Everywhere — This EFF extension was retired in January 2023, as modern browsers now have built-in HTTPS-only modes that do the same job. Enable HTTPS-only mode in your browser settings instead (Firefox: Settings → Privacy & Security → HTTPS-Only Mode; Chrome: Settings → Privacy and security → Always use secure connections).
Optional: DecentralEyes — Caches CDN libraries (jQuery, Bootstrap, etc.) locally so sites don’t have to fetch them from cloudflare.com or cdn.jsdelivr.net. Reduces tracking surface. Tiny performance boost as a bonus.
Optional: Privacy Badger — EFF’s heuristic tracker blocker. Works alongside uBlock Origin. Where uBlock is based on maintained blocklists, Privacy Badger learns which domains are tracking you and blocks them dynamically.
Install these, lock your password manager with a strong passphrase, and you’re already better than 95% of internet users.
The about:config / Hardening Tweaks
If you’re using Brave, most of this is done for you. For LibreWolf, the heavy lifting is baked in. But if you want to customize or you’re hardening regular Firefox (don’t—just use LibreWolf), here are the tweaks worth knowing:
# Disable HTML5 geolocationgeo.enabled = false
# Disable DNS-over-HTTPS initially (we'll handle DNS separately)network.trr.mode = 5
# Disable WebRTC leakmedia.peerconnection.enabled = false
# Disable auto-update of extensions (they can be fingerprintable)extensions.update.autoUpdateDefault = false
# Disable hardware acceleration (makes fingerprinting harder)gfx.webrender.enabled = false
# Disable prefetching (sites prefetch resources to track clicks)network.prefetch-next = falsebrowser.prefetch.userSettingsOverride = true
# Disable DNS prefetchingnetwork.dns.disablePrefetch = trueReal talk though: If you’re at the about:config level, you probably want LibreWolf or Mullvad. Those projects have already made these decisions for you, tested them against breakage, and locked them in. Manually tweaking Firefox is how you end up with a secure-but-completely-broken browser that can’t log into anything.
Threat Model Decision Tree
You just want ads and obvious trackers gone, and you want a fast browser: → Brave. Use it for everything. Shields on. Done.
You’re willing to tolerate some site breakage for aggressive fingerprinting protection: → LibreWolf. Install uBlock Origin, Bitwarden, and enable HTTPS-only mode. You’re good.
Your ISP, your government, or your coffee shop’s WiFi admin is on the adversary list: → Mullvad Browser + a VPN. The browser hardens fingerprinting; the VPN hides your IP. Run both.
You want different tools for different contexts (work browser vs personal vs high-risk): → Brave for work (faster, better site compat). LibreWolf for personal (stronger fingerprinting defense). Mullvad for untrusted networks.
The Reality Check
None of these browsers will make you completely anonymous. A motivated adversary with JavaScript execution in your browser can:
- Steal your IP via WebRTC (wait, we disabled that above)
- Read your filesystem metadata (partially)
- Build a profile based on your typing patterns, mouse movement, even how you scroll
- Correlate you across sites using the metadata they can extract even when fingerprinting is hard
But here’s the thing: the adversary has to want to correlate you that aggressively. Advertisers? No. They’ll just buy data from brokers instead. ISPs? They already have your IP, so VPN helps. Government agencies? If they’re specifically interested in you, a browser isn’t going to stop them—use Tor for that.
What these browsers do stop is the casual, automated tracking that happens to literally billions of people every day. The retargeting ads. The analytics profiles. The “oh, you looked at hiking boots, here’s 500 ads for hiking boots.” That stuff disappears.
Final Word
Browser hardening is like locking your car doors. It’s not going to stop a professional car thief with a flatbed truck, but it stops the opportunistic break-in. Your threat model matters. Pick accordingly.
Brave if you want speed and convenience. LibreWolf if you want aggressive fingerprinting defense and don’t mind some breakage. Mullvad Browser (paired with a VPN) if your ISP or your government is on your threat list.
All three are better than Chrome. All three respect your privacy more than you think you deserve. Pick one, install the extension stack, and spend the time you save on something worth actually worrying about.
Your 2 AM self will appreciate it.
