Browser Comparison Table

All of the available browsers have each of their own faults as documented in the table below.
These tables primarily cover the default/out-of-box settings unless otherwise noted. Recommend settings to change are noted at the bottom of the page.
While DivestOS includes a Gecko based browser for privacy reasons, Chromium based browsers have many security advantages. It is up to the user to choose their preference.

Fennec based browsers should not be considered for use, as upstream no longer receives security updates. Please use a Fenix based browser instead.
Fennec F-Droid is Fenix based, not Fennec based despite its name.

Both lists are sorted by order of coverage. Only browsers marked with a ★ are actually recommended.
For more detailed privacy related technical information please reference the PrivacyTests website.
Extra reading on mobile browsers, an overview of fingerprint-resistance approaches, an in-depth security comparison of the leading engines, a fun webcomic against the Chromium monoculture, as well as why content blockers are critical for security.
Release comparisons are also available for Firefox and Chromium.

Disclosure: Mull and Mulch, noted below, are projects of DivestOS.
Disclosure: DivestOS helps maintain `Fennec F-Droid` and additionally has small contributions (commits) to others such as Firefox, FOSS Browser, and Lightning.

Last updated: 2023/09/14


What is per-site process isolation?

Per-site process isolation is a powerful security feature that seeks to limit exposure of a malicious website/script abusing a security vulnerability.
Firefox calls per-site process isolation Fission and is enabled by default on desktop. Fission is not yet enabled by default on Android, and when manually enabled it results in a severely degraded/broken experience. Furthermore Firefox on Android does not take advantage of Android's isolatedProcess flag for completely confining application services.
Standalone Chromium based browsers strictly isolate websites to their own process.

The lack of per-site process isolation means a successful exploit is likely able to gain more access (to other site data/browser settings/passwords) without needing a second exploit. It would still need an Android system/kernel exploit to further escape the system sandbox. It is an important hardening feature, but the browser isn't completely insecure without it assuming it is up-to-date and that you aren't on the receiving end of targeted/zero-day attacks. Furthermore (in Chromium) with isolated renderer processes there is still some inherent attack surface of the main process that can allow a single exploit, just like in Firefox.

What is per-site data isolation?

The goal of per-site data isolation is to prevent say a third party script from being able to store data and use that to track you across many websites, instead any data set will be keyed to the website it was set from. This concept is further detailed here.
Firefox calls per-site data isolation `dynamic first party isolation` (dFPI). Firefox and Focus enable dFPI by default.
Chromium calls per-site data isolation (network) state partitioning and is not enabled by default.



Full Fledged Browsers

Gecko Based Browsers

Note: uBlock Origin is not included by default and must be installed by the user. No other extensions are recommended per the reasoning here.

NameFree and Open SourcePer-Site Data Isolation (Privacy)Per-Site Process Isolation (Security)Fingerprinting Protection (Privacy)Content Blocker (Privacy/Security)JIT State (Security)Maintained (Security)
MullYes: 1, 2StrongNoStrongBasic + uBlock OriginDisabledWithin two days
Tor BrowserProprietary Libraries: 1, 2StrongNoStrongestuBlock Origin (see note)Disabled on Safer+Within a month
Fennec F-Droid (Fenix)Yes: 1, 2StrongNoVery basicBasic + uBlock OriginEnabledWithin a week
FirefoxProprietary LibrariesStrongNoVery basicBasic + uBlock OriginEnabledYes
Firefox Focus/KlarProprietary LibrariesStrongNoVery basicBasicEnabledYes
IceravenProprietary Libraries: 1StrongNoVery basicBasic + uBlock OriginEnabledWithin two months
Icecat (Fennec)YesNoNoNouBlock OriginEnabled4+ years behind

Chromium Based Browsers

NameFree and Open SourcePer-Site Data Isolation (Privacy)Per-Site Process Isolation (Security)Fingerprinting Protection (Privacy)Content Blocker (Privacy/Security)JIT State (Security)Maintained (Security)
BraveProprietary Libraries: 1StrongStrongStrongStrongEnabledYes
CromiteYes: 1StrongStrongEnhancedBasicDisabledWithin a week
VanadiumProprietary LibrariesEnhancedStrongNoNoDisabledWithin a day
MulchProprietary LibrariesEnhancedStrongNoNoDisabledWithin two days
ChromiumProprietary LibrariesBasicStrongNoNoEnabledYes
BromiteYes: 1StrongStrongEnhancedBasicDisabled10+ months behind

WebView Browsers

These browsers must be combined with an up to date WebView provider to be secure.
If you are on stock/OEM version of Android or have Google Apps installed, you are likely using the Google/Chrome WebView with extra telemetry.
While WebView browsers utilize the Chromium WebView, they cannot offer any per-site process isolation.
Using any WebView-based browser is largely not recommended as they are inherently limited due to the WebView merely being a widget for adding web content to an app and are not intended to create a full browser experience.

NameFree and Open SourcePer-Site Data Isolation (Privacy)Fingerprinting Protection (Privacy)Content Blocker (Privacy/Security)
Privacy BrowserYesVery basicNoBasic
FOSS BrowserYesVery basicVery basicBasic
DuckDuckGo BrowserYesVery basicNoStrong
LightningYesVery basicNoBasic
JellyYesVery basicNoNo

Recommend Settings to Change

Some of these settings may not be available or may already be set depending on browser.

Mull/Fennec F-Droid/Firefox/Iceraven

Firefox

  • Data collection > Usage and technical data > Disabled
  • Data collection > Marketing data > Disabled
  • Data collection > Studies > Disabled

Firefox Focus/Klar

  • Privacy & Security > Block other content trackers > Enabled
  • Privacy & Security > Send usage data > Disabled
  • Privacy & Security > Studies > Disabled

Tor Browser

  • Security Level > Safer
  • Usage of uBlock Origin may provide privacy and security benefits but it and other changes are not recommended by the Tor Project.

Mulch/Vanadium/Bromite/Chromium

  • Privacy and security > Always use secure connections > Enabled
  • Privacy and security > WebRTC IP handling policy > Disable non-proxied UDP
  • Privacy and security > Preload pages > No preloading
  • Site Settings > Motion sensors > Blocked
  • Site Settings > JavaScript JIT > Blocked
  • Navigate to chrome://flags > Darken websites checkbox in themes setting > Enabled > Relaunch

Chromium

  • Google services > Help improve Chrome's features and performance > Disabled
  • Google services > Make searches and browsing better > Disabled
  • Privacy and security > Ad privacy > Ad topics > Disabled
  • Privacy and security > Ad privacy > Site-suggested ads > Disabled
  • Privacy and security > Ad privacy > Ad measurement > Disabled
  • Site settings > Auto-verify > Disabled

Brave

  • Brave Shields & privacy > Block trackers & ads > Aggressive
  • Brave Shields & privacy > Always use secure connections > Enabled
  • Brave Shields & privacy > Block Fingerprinting > Strict
  • Brave Shields & privacy > Unstoppable Domains > Disabled
  • Brave Shields & privacy > Ethereum Name Service > Disabled
  • Brave Shields & privacy > Solana Name Service > Disabled
  • Brave Shields & privacy > IPFS Gateway > Disabled
  • Brave Shields & privacy > WebRTC IP handling policy > Disable non-proxied UDP
  • Brave Shields & privacy > Allow privacy-preserving product analytics > Disabled
  • Brave Shields & privacy > Automatically send diagnostic reports > Disabled
  • Brave Shields & privacy > Automatically send daily usage ping to Brave > Disabled
  • Brave News > Disabled
  • Brave Rewards > Show Ads when Brave is not in use > Disabled
  • Brave Wallet > Display Web3 notifications > Disabled
  • Appearance > Show Brave Rewards icon in address bar > Disabled
  • New Tab Page > Show Sponsored Images > Disabled

Lightning

  • Ad Block Settings > Block ads > Enabled