Browser anonymization functions compared
Zero Information

© Lead Image © Yuri Arcurs, Fotlia,.com
The major web browsers claim to protect users against data collectors and the advertising industry; however, promises are often quite different from reality.
Web browsers are usually quite chatty. Among other things, they tell the owners of websites their names and which site their users last visited; web apps leave cookies and use JavaScript to retrieve more information about the system, making the surfer transparent. In this article, I focus on putting the anonymization functions of the Chrome [1], Epiphany [2], Firefox [3], and Konqueror [4] browsers to the test. Opera [5] was left out because it was in a transitional phase at the time of testing (see the box "Opera and Opera Next").
Opera and Opera Next
The 12.15 version of the browser from Opera Software out of Norway was already outdated at the time of writing, and the developers no longer maintain it. The completely redesigned new version, Opera Next [6], was not available for my review at the time of the test, although the browser is available for download now. The major innovations in Opera 15 are under the hood: The makers have mothballed their own browser engine and changed to the Chromium engine Blink [7]. The successor to WebKit [8] will also be responsible for rendering in Google's browsers in the future.
In my tests, I wanted the candidates to indicate whether they delete cookies or just return them to the pages from which they originated. Web storage, "an API for persistent data storage of key-value pair data in Web clients" [9] introduced in the context of HTML5, is also becoming more and more fashionable: Secure browsers must be able to delete this stored data. Other features browsers should offer to disable are JavaScript, web fonts, access to the geolocation API [10] for querying locations, Java, and Flash.
Browsers should send do-not-track information, even though most sites ignore it. Another useful addition is a built-in ad banner and pop-up blocker. The ability to disable sending the referrer and browser ID and to delete all data collected while surfing (cookies, history, and so on) when you exit the program are also important considerations.
Our lab computer ran openSUSE 12.3 (64 bit), Debian 7 (64 bit), and Linux Mint 15 (32 bit). Test settings and functions were restricted to those accessible via the menu.
Chrome
The web browser by Google has been available since September 2008. Although the company has released a large part of the BSD-licensed Google Chrome [1] source code as an open source project under the name Chromium [11], the Chrome binary itself may not be copied or modified.
The candidate in our test was Google Chrome 27.0.1453.93; it prompts the user to log in with a Google account directly after launching. In this way, using the Google servers, the browser synchronizes the history, bookmarks, and other features with other Chrome installations.
Chrome is talkative in other respects, too: If you commit a typo in the web address, the program sends the URL to the Google server, which then returns alternative proposals. Also, the terms entered in the address bar migrate to Google, and the search engine suggests suitable sites (Figure 1).
Once the browser has loaded a page, it automatically determines the IP addresses of the links to accelerate loading newly requested pages. Chrome also tries to load pages in advance. Consequently, the pre-rendering method retrieves web content without authorization. Users can disable it in the settings, where it is somewhat misleadingly titled Predict network actions to improve page load performance.
The built-in phishing and malware protection accesses a locally stored blacklist. If the URL is listed in it, Chrome sends it to Google for further review. This function is enabled by default. In the History view, a button lets you delete the history, all form data, the cache, and the data for all extensions and applications that the user has downloaded via the Chrome Web Store. This includes the local memory used by Gmail.
Chrome not only removes cookies but also the information in web storage and the data stored by extensions via the NPAPI ClearSiteData API [12]. Unfortunately, it is impossible to keep data for individual areas.
Debit and Credit
Google Chrome only sends usage statistics and crash reports if the user has allows this. You also need to enable the Do Not Track request and spell checker explicitly. The latter sends the text to be corrected to a Google web service. Alternatively, you can rely on a local dictionary for spell checking.
By default, Chrome stores passwords and form data and puts this data into Google's cloud as well for later synchronization. Users are not allowed to turn off synchronization. Once you sign up, all your data ends up in your own Google account.
Chrome accepts all cookies. In the settings, users can instruct the browser to block third-party cookies or refuse them outright. On request, the program deletes the cookies on exit and defines exceptions for individual sites. Cookie management displays the information stored, and it can remove some cookies directly or all cookies at once (Figure 2).

Chrome only blocks pop-ups and JavaScript on request. In both cases, the user can define exceptions for specific sites. The browser shows the location, allows access to the microphone and webcam, and shows incoming notifications on the desktop. Google Calendar users rely on the latter feature. By default, users always need to confirm all of this explicitly, but it can also be disabled completely in the settings. When you Show advanced settings, Chrome lets you define exception rules for cookies and images in the Privacy section under Content settings.
To browse in private, open a New Incognito Window from the Chrome drop-down menu. Incognito mode does not create a history, and it deletes cookies and data in web storage after closing the last incognito window.
However, before setting incognita mode, Chrome accepts cookies and makes them available in all incognito windows. The browser continues to send data to Google in this mode as well, which is not everyone's understanding of being incognito.
Extensions run in a sandbox with limited privileges. If an add-on tries to break out or prompts the user for personal data, the browser asks whether you agree. In the settings, the user can suppress this behavior or define special rules for individual sites. Users also can switch to a click-to-play version, wherein the browser asks for permission whenever it needs an extension.
The Chrome Web Store [13] has numerous add-ons that promise anonymous surfing. For example, Adblock Plus disables ads, NotScript switches off active content in a "NoScript"-like way, DoNotTrackMe blocks cookies and other tracking elements.
Epiphany
Epiphany version 3.8 [2] is now available. Because most current distributions use Gnome 3.6, the testers looked at this more widespread release. The default browser on the Gnome desktop always creates a history, and this is not automatically cleaned when you exit. The history management window also only offers to remove the complete history; targeted deletion of entries is not possible.
The Gnome browser accepts cookies always, only returns them to the requested page, or rejects them across the board. Exceptions for individual pages are not possible. Epiphany provides rudimentary cookie management in which users can view and remove cookies individually. In the Privacy settings, you will also initially find a Clear button that not only removes all the cookies, but also your saved passwords, the complete history, and all temporary files. The remaining configuration is also easy to understand. Users can disable all extensions, suppress pop-ups, completely disable JavaScript, and disable tracking (Figure 3). On the test system, no extensions were enabled. To turn them on or off, users need to access the rather spartan Extension Manager, made available by installing epiphany-extensions
when you install the Epiphany web browser.
Users search in vain for a function that lets them uninstall, add on, or add new extensions, but at least Epiphany includes an advertising filter that blocks all URLs on a blacklist. By default, this is the blacklist maintained by Mozilla; however, users can add other directories. If Epiphany wants to access the geolocation API, the program asks for permission; users cannot turn off the geolocation feature permanently. (However, in our lab, geolocation failed reproducibly.) After starting, the Gnome browser always displays the most recently accessed websites. Again, the user cannot disable this behavior.
This is the full extent of Epiphany's functionality. Users cannot define exceptions for JavaScript, influence web storage, or start in privacy mode.
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.
News
-
The GNU Project Celebrates Its 40th Birthday
September 27 marks the 40th anniversary of the GNU Project, and it was celebrated with a hacker meeting in Biel/Bienne, Switzerland.
-
Linux Kernel Reducing Long-Term Support
LTS support for the Linux kernel is about to undergo some serious changes that will have a considerable impact on the future.
-
Fedora 39 Beta Now Available for Testing
For fans and users of Fedora Linux, the first beta of release 39 is now available, which is a minor upgrade but does include GNOME 45.
-
Fedora Linux 40 to Drop X11 for KDE Plasma
When Fedora 40 arrives in 2024, there will be a few big changes coming, especially for the KDE Plasma option.
-
Real-Time Ubuntu Available in AWS Marketplace
Anyone looking for a Linux distribution for real-time processing could do a whole lot worse than Real-Time Ubuntu.
-
KSMBD Finally Reaches a Stable State
For those who've been looking forward to the first release of KSMBD, after two years it's no longer considered experimental.
-
Nitrux 3.0.0 Has Been Released
The latest version of Nitrux brings plenty of innovation and fresh apps to the table.
-
Linux From Scratch 12.0 Now Available
If you're looking to roll your own Linux distribution, the latest version of Linux From Scratch is now available with plenty of updates.
-
Linux Kernel 6.5 Has Been Released
The newest Linux kernel, version 6.5, now includes initial support for two very exciting features.
-
UbuntuDDE 23.04 Now Available
A new version of the UbuntuDDE remix has finally arrived with all the updates from the Deepin desktop and everything that comes with the Ubuntu 23.04 base.