This story is part of The Privacy Divide, a series that explores the misconceptions, disparities, and paradoxes that have developed around our privacy and its broader impacts on society. Read the series here.
The big tech giants, online advertising companies, and data brokers use a ton of tricks to track you around the web. These include things like cookies, location and device logging, fingerprinting, and even share buttons, the last of which make it very easy for companies like Facebook and Google to see what you do online, even on third-party websites.
Of course, today’s users aren’t blind to much of this tracking. And most people who are aware of it will take (somewhat predictable) steps to do what they think will hide their online activity from tech companies.
One of the most common techniques people think can help hide their activity is the use of an “incognito” mode in a browser. This opens a secure browsing window where third-party cookies are blocked and browsing history is paused.
The problem with incognito modes is they provide a false sense of security.
Despite what most people assume, incognito modes are primarily built to block traces of your online activity being left on your computer–not the web. Just because you are using incognito mode, that doesn’t mean your ISP and sites like Google, Facebook, and Amazon can’t track your activity.
This is especially true if you log into any of these sites in your browser after you’re in an incognito window–the companies can still see everything you do. And it’s the same for any other site you need to log in to. So remember that if you’re logged in to a website, no matter if you are using incognito mode, or even a VPN, the website’s owners can see exactly what you are doing.
For the people who recognize the limits of incognito mode, they’ll generally then use browser extensions to help block more information being sent back to tech companies. These usually involve script, cookie, and ad blockers. The problem with this is that many websites rely on those same technologies to work right–again, this is especially true of websites you need to log into, like banks, social media sites, and shopping sites.
Usually, the sites that require scripts and cookies to work will show you a notification telling you that you need to whitelist them if you want to use the site properly. Whitelisting them gives you back the site’s functionality, but then you lose the privacy protections you were seeking in the first place, because those sites will once again place tracking cookies on your computer to follow your online footsteps. So what is a privacy-conscious person supposed to do?
Browser compartmentalization is a privacy technique that is finally gaining mainstream attention. The technique sees users using two or even three browsers on the same computer. However, instead of switching between browsers at random, users of browser compartmentalization dedicate one browser to one type of internet activity, and another browser to another type of internet activity.
Here’s how it works:
Users will use one browser for any and all websites they need to log in to. This browser is the one on which they’ll access their social media, banks, and shopping sites.
The big catch here is that users will never use this browser to search the web or randomly browse the internet. This browser is only used for bookmarked sites you need to log in to. Let’s call this your “accounts” browser.
Users will then use a second browser for all their web searching and random browsing. On this browser, a user will never log into any website–ever. They will never use this browser to personally identify themselves in any way, period. We’ll call this your “everyday” browser.
By splitting up your web activity between two browsers, you’ll obtain the utmost privacy and anonymity possible without sacrificing convenience or the ease of use of the websites you need to log in to. That’s because the majority of your web usage will be done in your “everyday” browser, which, by never logging into any website, will make it extremely hard for data firms to identify you and track your activities–especially if you fit your “everyday” browser out with some hardcore privacy extensions. You can go all out with your privacy settings on your “everyday browser”: Block all cookies, scripts, and trackers, and always use in it incognito mode. That’s because you won’t be logging into any sites that require cookies or scripts to be enabled to work.
A word of warning: This approach won’t completely protect your privacy. Your ISP and other companies may still be able to see which sites you are visiting. To completely obscure your traffic, you’ll need to also use a VPN.
For websites that do require those technologies to work, like social media sites and banking sites, you’ll use your “accounts” browser.
Why browser compartmentalization works
The reason browser compartmentalization works is because web browsers are, for the most part, walled gardens. They don’t share cookies between them, nor other identifiable items like browser history or bookmarks. Thus, when Google or Facebook places a cookie tracker on your “accounts” browser when you log in to their sites so they can track you around the web, this cookie they’ve put on your computer is only accessible through that browser, not any other browser on your computer.
Setting up your “accounts” browser
When configuring your browser compartmentalization setup on your computer, you’ll want to decide which browser you’ll use as your “accounts” browser, and which one you’ll use for your “everyday” browser. Since your “everyday” browser will be the one you use most often to browse the web, I recommend you use a privacy-focused browser that supports a ton of extensions and add-ons, like Firefox or Brave.
For your “accounts” browser, I still recommend you use a privacy-focused browser, but one that doesn’t require a lot of add-ons or extensions. Remember, you’re going to want to have your “accounts” browser set up to accept some cookies and scripts so you can log in to the websites you need.
That’s why on a Mac I recommend using Apple’s Safari as your “accounts” browser. It’s got decent privacy protections built in, yet ones that won’t break websites you need to log in to. As for a PC, good “accounts” browser options include Microsoft’s Edge, Firefox, and Brave (the latter two are also good options on the Mac). As for Chrome: It’s made by Google, whose sole aim is to know everything you do online, so it’s probably best to stay away from Chrome if you value your privacy.
Once you’ve chosen your “accounts” browser, bookmark every site you use that you log in to: Google, Facebook, your bank accounts, Netflix, airline accounts, utility accounts, Amazon, dating sites, etc. Bookmark them (the toolbar is best for easy access) and access those sites only by clicking on your bookmarks.
Remember: Do not do web searches in this browser. That’s what your “everyday” browser is for. By not searching in this browser nor using it to browse the web, you’ll greatly limit the online activity the websites you do need to log in to can see. But just in case you forget this and do accidentally perform a search, make sure you change the default search engine in your “accounts” browser to DuckDuckGo, the privacy-focused search engine that doesn’t track you.
After you’ve done this, congratulations, your “accounts” browser is now set up.
Setting up your “everyday” browser
The next step is to set up your “everyday” browser. Remember, this is the browser you will use to search and browse the web, so it’s the one you’ll be using most of the time. There are plenty of great browsers to use as your “everyday” browser, but I recommend Firefox because it offers so many built-in security and privacy protections, and even more through extensions. This makes it one of the most secure browsers you can use if set up properly. Other viable options include browsers like Brave and the Tor browser.
Once you’ve downloaded Firefox, you will want to do the following:
- Do not bookmark any sites you need to log in to, and never log in to those sites on this browser. Remember that you have your “accounts” browser for that.
- Go into Firefox’s preferences (Firefox > Preferences) and in the General tab click “Make Default” to make Firefox your default browser. By doing this, you can ensure any links you click on in an email will open your “everyday” browser by default.
- Still in Firefox’s preferences, click on “Privacy and Security.” Under “Content Blocking” choose “strict.” This will block known trackers and all third-party cookies.
- Under “History,” check the box labeled, “Always use private browsing mode.” This is Firefox’s version of incognito mode. Enabling this will ensure your web history is never saved (and thus can never be accessed by a website you visit).
- Next, you’ll want to download three extensions. The first is uBlock Origin. This extension will block the most intrusive ad trackers and malware.
- Now, install the HTTPS Everywhere extension. This extension is made by the Electronic Frontier Foundation, and it forces your browser to request and use the encrypted version of websites, which mean it’s harder for your ISP to track what you do on those sites.
- Finally, download the Cookie AutoDelete extension. This will automatically delete any cookies, first-party or third-party, that were downloaded during your last browsing session. This ensures that each time you begin a browsing session, no cookies from the last session remain, which makes it almost impossible for sites to track you between browsing sessions.
Once you’ve done this, your “everyday” browser is now set up. From here on out, all you need to do is remember to keep your online activity compartmentalized between these two browsers. If you need to log in to a site, it’s your “accounts” browser you want to go to. If you just want to search or browse the web in relative privacy, simply launch your “everyday” browser.
Remember that browser compartmentalization isn’t a perfect privacy method. However, by using browser compartmentalization, you’ll make it much harder for the biggest tech companies and data brokers to identify your online activities and track you around the web.