Browser anonymization functions compared
The major web browsers claim to protect users against data collectors and the advertising industry; however, promises are often quite different from reality.
Opera and Opera Next
The 12.15 version of the browser from Opera Software out of Norway was already outdated at the time of writing, and the developers no longer maintain it. The completely redesigned new version, Opera Next , was not available for my review at the time of the test, although the browser is available for download now. The major innovations in Opera 15 are under the hood: The makers have mothballed their own browser engine and changed to the Chromium engine Blink . The successor to WebKit  will also be responsible for rendering in Google's browsers in the future.
Browsers should send do-not-track information, even though most sites ignore it. Another useful addition is a built-in ad banner and pop-up blocker. The ability to disable sending the referrer and browser ID and to delete all data collected while surfing (cookies, history, and so on) when you exit the program are also important considerations.
Our lab computer ran openSUSE 12.3 (64 bit), Debian 7 (64 bit), and Linux Mint 15 (32 bit). Test settings and functions were restricted to those accessible via the menu.
The web browser by Google has been available since September 2008. Although the company has released a large part of the BSD-licensed Google Chrome  source code as an open source project under the name Chromium , the Chrome binary itself may not be copied or modified.
The candidate in our test was Google Chrome 27.0.1453.93; it prompts the user to log in with a Google account directly after launching. In this way, using the Google servers, the browser synchronizes the history, bookmarks, and other features with other Chrome installations.
Chrome is talkative in other respects, too: If you commit a typo in the web address, the program sends the URL to the Google server, which then returns alternative proposals. Also, the terms entered in the address bar migrate to Google, and the search engine suggests suitable sites (Figure 1).
Once the browser has loaded a page, it automatically determines the IP addresses of the links to accelerate loading newly requested pages. Chrome also tries to load pages in advance. Consequently, the pre-rendering method retrieves web content without authorization. Users can disable it in the settings, where it is somewhat misleadingly titled Predict network actions to improve page load performance.
The built-in phishing and malware protection accesses a locally stored blacklist. If the URL is listed in it, Chrome sends it to Google for further review. This function is enabled by default. In the History view, a button lets you delete the history, all form data, the cache, and the data for all extensions and applications that the user has downloaded via the Chrome Web Store. This includes the local memory used by Gmail.
Chrome not only removes cookies but also the information in web storage and the data stored by extensions via the NPAPI ClearSiteData API . Unfortunately, it is impossible to keep data for individual areas.
Debit and Credit
Google Chrome only sends usage statistics and crash reports if the user has allows this. You also need to enable the Do Not Track request and spell checker explicitly. The latter sends the text to be corrected to a Google web service. Alternatively, you can rely on a local dictionary for spell checking.
By default, Chrome stores passwords and form data and puts this data into Google's cloud as well for later synchronization. Users are not allowed to turn off synchronization. Once you sign up, all your data ends up in your own Google account.
Chrome accepts all cookies. In the settings, users can instruct the browser to block third-party cookies or refuse them outright. On request, the program deletes the cookies on exit and defines exceptions for individual sites. Cookie management displays the information stored, and it can remove some cookies directly or all cookies at once (Figure 2).
To browse in private, open a New Incognito Window from the Chrome drop-down menu. Incognito mode does not create a history, and it deletes cookies and data in web storage after closing the last incognito window.
However, before setting incognita mode, Chrome accepts cookies and makes them available in all incognito windows. The browser continues to send data to Google in this mode as well, which is not everyone's understanding of being incognito.
Extensions run in a sandbox with limited privileges. If an add-on tries to break out or prompts the user for personal data, the browser asks whether you agree. In the settings, the user can suppress this behavior or define special rules for individual sites. Users also can switch to a click-to-play version, wherein the browser asks for permission whenever it needs an extension.
The Chrome Web Store  has numerous add-ons that promise anonymous surfing. For example, Adblock Plus disables ads, NotScript switches off active content in a "NoScript"-like way, DoNotTrackMe blocks cookies and other tracking elements.
Epiphany version 3.8  is now available. Because most current distributions use Gnome 3.6, the testers looked at this more widespread release. The default browser on the Gnome desktop always creates a history, and this is not automatically cleaned when you exit. The history management window also only offers to remove the complete history; targeted deletion of entries is not possible.
epiphany-extensions when you install the Epiphany web browser.
Users search in vain for a function that lets them uninstall, add on, or add new extensions, but at least Epiphany includes an advertising filter that blocks all URLs on a blacklist. By default, this is the blacklist maintained by Mozilla; however, users can add other directories. If Epiphany wants to access the geolocation API, the program asks for permission; users cannot turn off the geolocation feature permanently. (However, in our lab, geolocation failed reproducibly.) After starting, the Gnome browser always displays the most recently accessed websites. Again, the user cannot disable this behavior.
Buy this article as PDF
New flaw in an old encryption scheme leaves the experts scrambling to disable SSL 3
Lennart Poettering wants to change the way Linux developers talk to each other.
Enterprise giant frees itself from ink and home PCs (and visa versa).
Mozilla’s product think tank sinks silently into history.
TODO group will focus on open source tools in large-scale environments.
New tool will look like GParted but support a wider range of storage technologies.
New public key pinning feature will help prevent man-in-the-middle attacks.
Carnegie Mellon researchers say 3 million pages could fall down the phishing hole in the next year.
The US government rolls new best-practice rules for protecting SSH.