My 2024 Web Browser Tier List

A browser tier list that actually has more than just the 10-15 usual suspects? Yep, I'm sharing my thoughts on a lot of browsers today. Let me know in a comment where your daily driver ranks and what you think about it!

This whole list will of course come with a very heavy bias towards privacy and security given my background. Your web browser is probably the single most attacked-by-the-internet application you run on a daily basis, so good security and privacy are far more important factors here compared to other types of applications (where privacy and security is still important, don't get me wrong!).

S Tier

Tor Browser: The real OG of privacy browsers, using Tor Browser is pretty much the only way to truly browse the internet anonymously. The ultra paranoid can take their security to the max by using this browser in conjunction with Whonix and Qubes, but really anybody can take advantage of the privacy protections Tor provides.

Mullvad Browser: This browser is developed by the privacy and browser fingerprinting experts at the Tor Project, in a partnership with Mullvad VPN. It's relatively new, but it draws on the long history of Tor Browser as a result, and it brings all of that browser's anti-fingerprinting goodness to VPN users. Basically if you want the most privacy protections a browser could give you, but you don't need the network surveillance thwarting features of the Tor network, Mullvad Browser gives you all the benefits of Tor Browser, as well as the performance benefits of using a VPN instead of Tor. You don't have to be using Mullvad VPN specifically to take advantage of this browser, but you should be using a VPN of some sort to avoid fingerprinting based on IP address.

A Tier

Hardened Firefox: This isn't a specific standalone browser called "Hardened Firefox," but any hardened configuration of a standard Firefox install is going to get top marks in my book. I prefer the configuration changes Arkenfox user.js provides, so I'll call them out specifically, but there are other guides and resources out there to making Firefox more privacy-respecting than its defaults. It's unfortunate that this is necessary, but if you put in the effort to make Firefox better than it normally would be, the results are undeniably good.

Mull: This is a fork of Firefox for Android, but unlike Firefox it is completely 100% free and open source (Firefox bundles some proprietary libraries for things like DRM), it has increased browser fingerprinting protections out of the box, and includes many additional security patches. Mull is developed by Divested Computing who also makes DivestOS, which is perhaps my favorite custom Android ROM currently on the market.

B Tier

Brave Browser: Absolutely one of the best Chromium browsers. Brave has been in some hot water in the past for questionable business practices and their close affiliation with their own cryptocurrency, but disabling those features gives you one of the best private/secure browsing experiences currently available. Brave does a lot of their own independent and original work in the anti-fingerprinting space that improves the privacy outlook of web browsing overall in my opinion, and that sets them apart from many other browser forks which more-or-less just toggle some existing flags and call it a day.

Firefox: Mozilla is one of the longest-standing advocates for internet privacy we have, and their web browser has a long track record of being a reliable favorite of people who want software which respects them. However, as I noted in an interview with WIRED in 2022, Firefox has been slower than even some Big Tech companies when it comes to adding certain privacy-centric features: Safari was the first major browser to block third-party cookies by default for example, something that Mozilla should have been on top of but didn't fully get around to doing until 2023. I and many also take issue with the telemetry Firefox collects by default, integrations with internet services like Pocket, and Mozilla seemingly giving higher priority to new products rather than focusing on Firefox. This is still a great browser, but its defaults could be better, and diving into settings to set better options is pretty much a must when it comes to Firefox in my opinion.

Cromite: This is an actively-updated fork of Bromite, a once-popular browser for Android. Brave is going to be an easier to install and larger project compared to Cromite for Android users, but if you're looking for a Brave alternative still based on Chromium for Android I don't think you can really go wrong here.

Onion Browser: This is an iOS only browser for accessing the Tor network. Being endorsed by the Tor project is as good a reason as any to consider this a good browser. However, this does not benefit from all the same benefits that Tor Browser does, and you will be very identifiable on the Tor network as an Onion Browser user, which could allow sites to track you, given how relatively few Onion Browser users there are out there. This is a fine browser for accessing an .onion site on iOS if needed, but it will not provide the same anonymity as Tor Browser on desktop will.

My overall recommendation would be to choose both an "S Tier" browser below for your general, non-personal internet browsing (reading the news, posts, anything you don't log in for basically), and an "A Tier" or possibly "B Tier" browser for more personal browsing (like banking, social media, etc.).

This is because Mullvad/Tor Browser don't save cookies, browsing history, or other site data which makes them a bit inconvenient for sites you regularly log in to. Splitting your browsing habits across two browsers gives you the best of both worlds!

Moving on to "C Tier..." These next browsers aren't terrible choices, but they don't really go above and beyond to protect both your privacy and security in one way or another. Use them if you understand their limitations.

C Tier

Librewolf: This browser does a lot of things right, but it also does things I'm not a fan of. The lack of built-in automatic updates and signed, official builds is particularly egregious to me from a security perspective. Proponents will say you can get around it with package managers, but those typically aren't automatic and aren't really standard on platforms other than Linux. In an age with browser 0-days being regularly discovered in the wild, automatic updates with in-app notifications is kind of a must for me. And given that the privacy protections of Librewolf can be easily achieved in Firefox given some configuration hardening, I don't think the more private defaults are worth the security trade-offs.

Waterfox: This browser has a bit of a rocky history in the privacy community, being acquired by System1 in 2020 only to emerge fully independently-owned again in 2023. In some respects I prefer this browser to Librewolf: It has fully automatic updates, signed binaries, and long 12 year track record. The biggest downside is that it's based on Firefox ESR rather than the mainline Firefox builds. ESR builds are notably less secure, receiving most but not all security patches available on the main development of Firefox. It's not an insurmountable problem, Tor and Mullvad Browser are both based on Firefox ESR as well, and I think they are excellent, but Waterfox doesn't add quite enough to justify it in my opinion compared to simply hardening a standard Firefox install, whereas Tor/Mullvad add significant improvements which either negate the security downsides or make any security trade-offs worth it. I also am not a fan of how Waterfox claims there is no telemetry whatsoever, when there is out-of-the-box data collection for things like updates. The data collection they do is perfectly reasonable and privacy-respecting in my opinion, but the marketing is still slightly misleading.

Vanadium: A Chromium-based browser for Android, I think this browser falls short in a lot of privacy-specific respects. It is great that the Google integrations which come standard in Chromium are removed, but without additional privacy protections like content blocking functionality and any sort of additional anti-fingerprinting work, Android users will likely be much better served with a browser like Brave (Chromium) or Mull (Firefox-based).

Mulch: Another browser for Android from Divested Computing, but this one is based on Chromium. Unfortunately it has many of the same issues as Vanadium, as it's changes are almost entirely pulled from Vanadium without too much modification. The main benefit over Vanadium is that it is better supported on Android ROMs other than GrapheneOS.

Ungoogled Chromium: A really noble project, it does exactly what the name suggests (removes Google from Chromium) and not much else. Unfortunately it doesn't make a lot of modifications beyond that to help people protect their privacy, and automated, official builds are only available for macOS and Linux. In any case, this is another browser which doesn't support automatic updates, which I feel should be a hard requirement for anyone's daily driver, but I still like this project for some specific use-cases or as a reference for anyone else building a Chromium browser themselves.

Moving on to the much more questionable choices...

D Tier

Floorp: I've seen a lot of people ask about this Firefox fork since ChrisTitusTech posted a video about it, I guess he didn't learn from the Thorium debacle. This is a very new browser, so there isn't too much I can say about it now in terms of its reliability or anything like that. It's another browser based on Firefox ESR, and outside of a couple gimmicks this browser basically seems like Waterfox without any sort of track record.

Arc: One of the biggest newcomers to the browser industry in general, Arc from The Browser Company of New York is certainly an interesting one. It's based on Chromium, receives regular and frequent updates, and in the time I've been testing it out, it has actually made the internet much easier and better to browse, in my humble opinion. It's the only Chromium browser I'm aware of with functionality similar to Firefox's Multi Account Containers, where I can have essentially different browser profiles with different website logins, cookies, etc. all on a per-tab basis in a single browser window, a workflow which I really like. The downsides of Arc are fairly significant though, and mean it's not scoring higher than a D here: It's totally proprietary, and for something like a web browser I really feel that open source is a must these days; it's only available for macOS/iOS (with Windows on the way), and it requires an Arc account before you can even use it! Fortunately it doesn't sync browsing data to that account—opting to use macOS's native iCloud for syncing (which can be end-to-end encrypted)—and their privacy policy is refreshingly easy to read and reasonable, but this isn't going to be my go-to choice for people looking for privacy.

Safari: Certainly not an ideal browser by any means, this is saved from F tier almost entirely because it's a decent choice on iOS, but I'd stick with almost anything else on macOS. In Apple's mobile walled garden, Safari's WebKit is the only available browser option for third-party browsers to use anyways, so you might as well stick with Safari proper, instead of other browsers which are mostly just wrappers for Safari's code except you now have to rely on both the security practices of those developers and Safari's.

Orion: Another proprietary web browser for macOS and iOS, this is one of the rare few browsers which is based on Safari rather than Chromium or Firefox. Unfortunately it inherits pretty much the same problems as Safari has as a result. Normally I'd rank small, forked browsers pretty low, but this gets a few bonus points for being one of the few browsers on iOS to support (some) Chrome extensions, which is neat enough to warrant a D.

Vivaldi: Started by ex-Opera developers and execs, this has always seemed like the Swiss Army Knife of web browsers to me. I don't hate Vivaldi or anything, they do seem to support ideals I'm aligned with, as they host a lot of open-source internet projects for the public to use, such as email, free blogs, a Mastodon server, etc. They also claim to be privacy focused. Unfortunately, it being closed source is a pretty big blow to trusting their browser, and while they try and weasel out of it sometimes with claims about how it's built upon the open-source Chromium, and some aspects of it are source available, it's just not the same as being an open-source project. Vivaldi's privacy protections out of the box are also fairly lacking, and the pre-built options they give you at first launch to improve your privacy don't actually make a huge difference in that regard. You could certainly do worse than using Vivaldi, but you could also probably do better.

DuckDuckGo Browser: This has excellent content blocking capabilities out of the box, but not too much else going for it. It isn't a fork of an existing browser, but it's basically a wrapper for your operating system's built in WebView, which generally is not as secure as the standalone Chromium browser engine, and it's not even open source.

Privacy Browser: This is another WebView-based browser for Android. As such there's not much more to say about it other than the notes with DuckDuckGo Browser above, however, Privacy Browser seems to be worse at content/ad blocking compared to DuckDuckGo's version. It is at least open source, but you're probably better off with a "real" browser on Android.

IceCat: This is just a fork of Firefox from GNU, with non-free components and Mozilla branding removed. I'm not sure I see the value. It appears to be infrequently updated based on Firefox ESR releases, has had no official releases in 5 years (although its dev branch appears current), and otherwise has no real features of note that would make this worth considering over standard Firefox. They don't release any binary downloads anyways, so unless your Linux OS comes with it, you'll probably never encounter this browser in the wild.

F Tier

Thorium: I wish I had never heard of this browser, but I am asked about it seemingly constantly thanks to it being popularized by ChrisTitusTech on YouTube. It was immediately, painfully clear to me as soon as people started asking about it that Thorium was a bad choice for privacy and security, a situation which only worsened since. Thankfully, Chris did eventually post a retraction video after a development disaster in which the Thorium developer uploaded a ton of "furry"... art and other questionably legal content to the source code which got distributed with Thorium releases. However, I wish Chris had simply done more due diligence beforehand and avoided bringing Thorium to a lot of people's attention altogether, because even before that whole situation Thorium was not looking so good at all.

Midori: Some Linux users may be familar with Midori from years past, but the current generation of Midori shares virtually no lineage with the popular Xfce browser of old. In 2019 a company called Astian essentially acquired Midori's brand and is currently releasing a browser based on Floorp, which itself is forked from Firefox. Astian has gone about this whole process in a pretty suspect and opaque way, and while they did join the Privacy Guides forum and engaged with our community there a bit on questions, they ultimately haven't given us much reason to trust them.

Pale Moon: Desperately trying to hold on to some "ideals" of the older web is a cause I'm somewhat sympathetic towards, but then I used Pale Moon and remembered there's a reason Firefox moved on from that ancient codebase. Websites barely function, and the modern security features standard in basically every other browser are totally missing here. It's time to move on and use a hardened Firefox configuration instead.

Bromite: In the Android space Bromite used to be top dog when it came to private and secure browsing, but unfortunately its development was discontinued 2 years ago. I'm including it because people occasionally still ask about it, but the newer Cromite fork is what people looking for Bromite should be using now.

Google Chrome: Google Bad 😄 There's no regaining anyone's trust after being forced to pay a $5 billion settlement for tracking people after saying you won't track people, not that people trusted Google in the first place. Anti-privacy, anti-user "features" like Manifest V3's changes and FLoC (now "Privacy Sandbox") are just the shitty icing on the shitty cake. If you're looking for a drop-in replacement for Chrome, consider Brave.

Microsoft Edge: No, Microsoft Defender Application Guard does not make this a private and secure browser. The incredible amounts of telemetry and bloatware should immediately nix this browser from anyone's lists. For the sake of "fairness" I will note that the Edge security team has done a few things from time to time which I'd like to see other security-focused browsers incorporate. The per-site toggle for disabling or enabling JavaScript Just-In-Time (JIT) compilation, which represents a major security risk in all browsers, is one example. However, a handful of neat features can't redeem one of Microsoft's biggest spyware attempts, and it's shameful that society is letting Microsoft slowly re-monopolize internet browsing in Windows after their failed attempt to do so with Internet Explorer.

Opera: Another generic Chromium clone, but this one is proprietary to boot. I don't want to be one of the "China bad" people necessarily, but being acquired by a Chinese investment group and immediately bundling a "free VPN" that collects all your traffic information inside Opera should definitely raise a lot of red flags for people concerned about their privacy. If you're looking for a browser which carries the spirit of 2012-era Opera, you might consider Vivaldi, although that browser isn't my favorite either.

Opera GX: Popularized by some sponsored YouTubers, this is just Opera with a gamer-y skin.

Puffin Browser: This is a somewhat "unique" browser because it processes all of your web browsing on virtual machines in the cloud. This defeats HTTPS encryption protections by decrypting everything you do on Puffin's servers, meaning they could potentially access things like the passwords you enter, any other personal information you enter, and absolutely everything about what you do within the browser. It's also totally closed source, so virtually nobody really knows what's going on in the code outside of Puffin's developers themselves.

If you liked this post, consider becoming a member of my community, and leave a comment with your feedback, it's much appreciated!