Business

What does the future hold for browser security? Check out the latest features destined for mobile and desktop

Published

on

Taking responsibility for our personal privacy and security is more important than ever, and browser developers continually support these efforts with new and improved privacy and security features.

However, not all web browsers are created equal, and in many cases a balance needs to be maintained between privacy and security on the one hand, and convenience on the other.

But given browsers are the gateway to the internet, security and privacy features – from warning users of expired certificates to blocking trackers and blocklisting malicious websites – should be a top priority for today’s developers.

According to Statcounter, Google Chrome remains the most popular browser with an estimated two-thirds global market share (65%), followed by Apple Safari (18%), Microsoft Edge (3%), Firefox (3%), Samsung Internet (3%), and Opera (2%). Other browsers have collectively snagged 6% of the overall market share.

While familiarity with a particular brand may influence our choice of browser, this doesn’t necessarily mean that the most popular varieties offer the best security today.

So, how do the leading browser developers compare in terms of current and in-the-pipeline features designed to combat modern-day threats to our security and privacy?

Chrome is by far the world’s most popular web browser

Google Chrome

When it comes to Chromium-based browsers, developers aim to stick to four core principles: speed, security, stability, and simplicity.

As the overwhelming market leader, Google Chrome bears a heavy responsibility in protecting its userbase.

Over the past year, the tech giant has made a number of improvements, including implementing stricter privacy rules for extensions, warning users when their credentials have been compromised and found online, and the launch of enhanced Safe Browsing to mitigate phishing attacks.

Google has also worked on Site Isolation for Android, image-based phishing classification system, and Chrome actions for completing tasks such as deleting passwords and performing safety checks.

An upcoming feature slated for Chrome 94, meanwhile, is HTTPS-First Mode, which will attempt to upgrade connections from HTTP to HTTPS and warn users before loading sites that don’t support the upgrade.

Apple Safari

The Safari browser only works within Apple’s ecosystem, and iOS and macOS are considered relatively secure.

There are features that block cookies and cross-site tracking, enable or disable JavaScript, and implement Google’s Safe Browsing to warn users when they are likely visiting a malicious or fraudulent website.

Apple has also implemented a new anti-tracking feature that requires user consent before third-party advertisers can make use of Apple’s Identifier for Advertiser (IDFA).

According to Verizon Media’s Flurry Analytics, over 80% of iOS users have, so far, denied tracking requests.

The Edge browser is now built on Chromium

Microsoft Edge, Internet Explorer

Microsoft Edge, released in 2020, includes a number of interesting security controls including Kids Mode for minors, a dedicated tracking prevention module, private browsing, a password monitor and generator, and Microsoft Defender SmartScreen, an optional scanner for malware and phishing-based web threats.

The Redmond giant is testing new features and improvements in both the Microsoft Edge Developer and Canary builds. In addition, Microsoft is investing in the open source Chromium engine project to boost the platform for applications including touch and ARM64.

Despite the new Microsoft Edge, based on Chromium and released in January last year, there are still some Windows users and enterprises that choose to rely on 1995’s Internet Explorer while browsing.

Microsoft is trying to encourage a shift to its more modern – and secure – successor, especially given the browser includes an Internet Explorer ‘mode’ which is compatible with many legacy websites and applications. The IE 11 desktop application will be retired on June 15, 2022.

“Microsoft puts customers in control of their privacy and security with easy-to-use tools and clear choices,” a Microsoft spokesperson told The Daily Swig. “We recommend customers remain compliant with the latest security and privacy updates on their devices, apps, and services.”

Mozilla Firefox

Styled as a privacy-first browser, Mozilla Firefox places a big emphasis on protecting its users from tracking and privacy leaks.

The browser’s development team has improved the software by implementing DNS-over-HTTPS for some demographics as default, which leans upon the Trusted Recursive Resolver project for transparent DNS services, as well as increasing the availability of Mozilla VPN.

Over the past year, Firefox has honed in on third-party cookies and trackers with Enhanced Tracking Protection, with elements including Supercookie isolation and SmartBlock, as well as total cookie protection and HTTPS-First by default in private browsing mode.

The company is also getting ready to roll out Fission, a new site isolation feature for sandboxing web pages and frames.

A Mozilla spokesperson told The Daily Swig that Fission will address specific types of vulnerabilities, such as Spectre and Meltdown, making Firefox the only “non-Chromium browser to offer such protection to users”.

“At Mozilla, we think people that use the internet can have it all with Firefox: they can have the best experience of the web without compromising on privacy, performance, or convenience,” the non-profit added.

Samsung

Samsung’s browser claims a modest market share, but the handset manufacturer is making inroads into the mobile browser market.

One notable feature is Secret Mode, which wipes cookies and browsing history upon exit. In addition, Samsung offers an always-on anti-tracking mode and a running tally of how many times users are tracked – and by whom on a weekly basis.

Pop-ups and backward redirections can also be blocked, and users are warned when they are visiting malicious websites.

The browser’s Secret Mode can also be locked with either a password or biometric marker.

Opera browser comes bundled with several privacy and security features

Opera

According to Cezary Cerekwicki, Opera’s product security manager, Opera is the “people’s personal browser of choice”.

This browser comes with a VPN, ad and tracker blocker technology, scanning for malicious and fraudulent websites, phishing protection, and an interesting means for preserving a computer’s resources: cryptocurrency mining protection.

Cerekwicki told The Daily Swig that Opera, which has the competitive disadvantage of not coming pre-installed on devices, has 380 million active monthly users.

“We’re also actively working with the bug bounty community to discover and resolve any security and privacy issues,” Cerekwicki commented.

“We encourage dedicated bug bounty hunters to participate in our private and public programs in order to help the community at large, and maybe even earn some money in the process.”

There are further security improvements in the pipeline, which will be revealed later in the year.

Tor Browser

Tor Browser is a very specific form of privacy-preserving web browser. Developed and maintained by the Tor Project, the browser is based on Firefox but leverages onion routing – a decentralized system that relies on relays and proxies to mask a user’s IP.

The project also recommends ways to ensure as much anonymity as possible, such as restricting the use of plugins, avoiding torrenting, and only downloading files through OnionShare.

Alas, speed is an unavoidable trade-off for protecting anonymity and privacy by way of proxies and routing.

While Tor Browser is used to access .onion addresses online, it is considered invaluable in a more substantial way: as a means to fight censorship and dodge surveillance.

Brave

The Chromium-based Brave browser blocks trackers by default. Compatible across multiple platforms, the browser now accounts for 36.2 million monthly active users and 12.5 million daily active users.

Brave strips ads and ad trackers, while also curating new content from different sources. Consenting users can ‘support’ content creators by opting-into the Brave ads scheme, in which marketers can push ads and users earn Brave tokens in return.

DuckDuckGo

DuckDuckGo is primarily a privacy-preserving search engine, but is also available as Android and iOS browser apps that account for over 50 million downloads over the past 12 months.

Planned improvements include App Tracking Protection for Android, and tests have also begun around fingerprint protection and click-to-load Facebook widget restrictions, which DuckDuckGo told us may prevent Facebook tracking content to load unless it is essential.

This year, a DuckDuckGo desktop app is set to be released to serve as a web browser.

“At a high level, we’d encourage folks to understand that it’s never too late to start protecting your privacy and it doesn’t have to mean changing everything you do or the services you use,” Allison Goodman, DuckDuckGo senior communications manager, told The Daily Swig.

Source: https://portswigger.net/daily-swig/what-does-the-future-hold-for-browser-security-check-out-the-latest-features-destined-for-mobile-and-desktop

Click to comment
Exit mobile version