Privacy

Browser Privacy: How to Stop Being Tracked Online

Heads up: this article contains affiliate links. If you buy through them we may earn a commission at no cost to you. We only recommend tools we trust — see our disclosure.

Here's something that surprises most people: by the time you finish reading the first paragraph of a typical news article, dozens of companies you've never heard of may already know you were there. Not because you did anything wrong, and not because anyone hacked you — it's just how the modern web is built. The good news is that you can take back a lot of that control in an afternoon, without becoming a tech wizard.

This guide walks you through how online tracking actually works, why it matters even if you feel you have nothing to hide, and the practical settings, tools, and habits that genuinely cut down on how much you're watched. Let's make your browser work for you instead of against you.

How online tracking actually works

Tracking sounds mysterious, but it comes down to a handful of techniques. Once you can name them, they stop feeling spooky and start feeling like something you can manage.

Cookies (first-party vs. third-party)

A cookie is just a small text file a website stores in your browser to remember something. A first-party cookie is set by the site you're actually visiting, and it's often helpful — it keeps you logged in, remembers what's in your shopping cart, and saves your language preference. Those are the friendly kind.

A third-party cookie is the problem child. It's set by a company that isn't the site you're on — usually an advertising or analytics network whose code is embedded in the page. Because that same network's code appears on thousands of sites, it can quietly stitch together a profile of where you go across the web. This is how an item you glanced at on one store seems to follow you around for a week.

Third-party trackers and ad networks

Most pages load invisible scripts from outside companies. Some count visitors, some serve ads, some run "social" buttons. Each one is an opportunity to record that your browser showed up. Ad networks then auction the chance to show you an ad in real time, using whatever they've learned about you. You never see the auction — you just see the result.

Browser fingerprinting

Even if you block every cookie, you can still be recognized through fingerprinting. Your browser quietly reveals dozens of small details: your screen size, operating system, time zone, installed fonts, language, and how your device renders graphics. Individually these are harmless. Combined, they often form a "fingerprint" unique enough to single out your device — no cookie required. Fingerprinting is sneakier than cookies precisely because there's nothing to delete.

Tracking pixels and link tracking

Emails and pages often include a tracking pixel — a single transparent dot of an image that loads from a tracking server. When it loads, the sender learns you opened the message. Links can carry tracking too: those long strings of ?utm_source= gibberish after a web address are tagging where you came from. None of this is illegal, and some of it is genuinely useful to site owners. It just adds up.

Why it matters even if you have "nothing to hide"

This is the objection almost everyone raises, so let's take it seriously. "Nothing to hide" assumes tracking is only about catching wrongdoing. It isn't.

  • Prices and offers can change based on your profile. What you're shown — and what you pay — can quietly differ from what your neighbor sees.
  • Profiles get bought, sold, and leaked. Data brokers compile detailed dossiers, and when one of them suffers a breach, your habits, location patterns, and interests can spill out. You have no say in how carefully a company you've never heard of guards your data.
  • Context collapses. Searching for a health symptom, a lawyer, or a new job is nobody's business but yours. Tracking flattens all of that into one profile that can resurface in unexpected places.
  • It's about consent, not secrecy. Closing the curtains at night doesn't mean you're hiding crimes. Privacy is the normal, healthy default — the burden shouldn't be on you to justify wanting it.

You don't have to go fully off-grid. The goal is reasonable defaults: less silent collection, fewer profiles, more choices that you actually made on purpose.

Choosing a more private browser

Your browser is the single biggest lever you have. Switching, or just tuning the one you've got, changes how much is collected before you touch any other setting. Here's an honest look at the main options.

Firefox

Firefox is made by a nonprofit and has strong privacy protections turned on by default, including blocking many third-party trackers and offering serious resistance to fingerprinting in its stricter modes. It's highly customizable, available everywhere, and not tied to an advertising business. The trade-off: a small number of sites built only for Chrome may occasionally misbehave, though this is rare these days. For most people wanting privacy without friction, Firefox is the easiest recommendation.

Brave

Brave is built on the same underlying engine as Chrome, so sites feel familiar and compatible, but it blocks trackers and ads aggressively out of the box. It's fast and requires almost no setup. The honest caveat: Brave includes its own optional advertising and cryptocurrency rewards features. You can leave them off entirely, but it's worth knowing they exist so you can decide for yourself.

Safari

If you live in Apple's world, Safari is a solid, low-effort choice. It includes Intelligent Tracking Prevention, which limits cross-site cookies automatically, and it's tightly integrated with iPhone and Mac. The trade-off is that it's Apple-only and less customizable than Firefox, but for everyday users on Apple devices it's a perfectly good private default.

Chrome — the honest take

Chrome is fast, compatible, and everywhere. It's also made by Google, whose business is built on understanding what people do online. You can harden Chrome, and we'll cover how, but you're tuning a car built by an advertising company. If privacy is a priority and you're open to change, Firefox or Brave will get you further with less effort. If you stay on Chrome, the steps below still help a lot.

The essential privacy settings to change

Whatever browser you land on, a few minutes in the settings menu pays off for years. The labels differ slightly between browsers, but the ideas are universal.

  1. Block third-party cookies. Look for the privacy or cookies section and set it to block third-party (cross-site) cookies. This stops most of the follow-you-around advertising tracking immediately and rarely breaks anything you care about.
  2. Turn on the strictest tracking protection your browser offers. Firefox calls it Enhanced Tracking Protection (choose "Strict"); Brave and Safari have similar toggles on by default. This also helps against fingerprinting.
  3. Send "Do Not Track" / Global Privacy Control. Enable Global Privacy Control if available. In some places it carries legal weight and tells sites not to sell your data.
  4. Disable third-party login prompts and "personalized ads." If your browser or its maker offers ad personalization, switch it off.
  5. Set search and new-tab pages thoughtfully. Change your default search engine (more on this below) and turn off sponsored shortcuts on the new-tab page.
  6. Clear cookies on exit, or use containers. You can tell your browser to wipe cookies when you close it, while keeping a few logins you want. Firefox's container feature can also isolate sites like social networks from the rest of your browsing.

While you're tidying up, it's worth understanding the basics of how websites protect you in return. You can paste any web address into our header check tool to see whether a site sets sensible security headers — it's a quick, plain-English window into how seriously a site takes safety.

Must-have extensions: start with a content blocker

One good extension does more for your privacy than a dozen mediocre ones. Resist the urge to install everything — each add-on is also code running in your browser.

uBlock Origin

The single most effective privacy tool for most people is uBlock Origin, a free, open-source content blocker. It blocks ads, third-party trackers, and many fingerprinting scripts in one lightweight package, and it's careful about not slowing your browser down. Install it from your browser's official add-on store, then mostly forget about it — the defaults are excellent. If a site ever breaks, you can click the extension icon and disable it for that one site with a couple of clicks.

A note for Chrome users: changes to how Chrome handles extensions have limited some blockers over time. This is another reason Firefox, where uBlock Origin runs at full strength, is an appealing home base for privacy-minded folks.

A few worthwhile extras (optional)

  • A reputable HTTPS-everywhere style feature — now built into most browsers — that prefers encrypted connections.
  • A password manager extension so you stop reusing passwords (we'll come back to this).

That's genuinely enough. More extensions means more to maintain and, ironically, a more unique fingerprint.

Picking a private search engine

Your search engine sees some of your most personal questions, so it's worth choosing one that doesn't build a profile on you. Several solid options don't track your searches or tie them to a profile — they show results without logging who asked. Switching takes about thirty seconds: open your browser's search settings and pick the new default.

Give a privacy-respecting engine a couple of weeks of honest use. Most people find the results perfectly good for everyday questions, and you can always add a keyword shortcut to fall back to another engine for the occasional tricky search. The point isn't perfection — it's not handing your entire curiosity history to an ad company by default.

Dealing with cookie consent banners sensibly

Those pop-ups asking about cookies are annoying, and they're often designed to make "Accept All" the easy button. A few simple habits keep you in control without losing your sanity.

  • Look for "Reject All" or "Necessary only." It's frequently there, just styled to be less obvious than the bright "Accept" button. Choosing it keeps the cookies a site genuinely needs and skips the tracking extras.
  • If there's no easy reject, open "Manage preferences." Toggle off everything labeled marketing, advertising, or "legitimate interest," then save.
  • Let a content blocker help. uBlock Origin and similar tools can hide many of these banners automatically, which reduces the temptation to just click "Accept" to make it go away.

You don't have to fight every banner perfectly. Aim for "reject the trackers most of the time," not flawless purity.

The truth about Incognito / Private mode

This is the biggest misunderstanding in all of browser privacy, so let's be clear and calm about it. Private mode is useful, but it does far less than people assume.

What it does: it doesn't save your history, cookies, or form entries on your device after you close the window. That's genuinely handy on a shared or public computer, or for keeping a surprise gift search off your main history.

What it does NOT do:

  • It does not hide your activity from the websites you visit — they can still see and track you during the session.
  • It does not hide your activity from your internet provider or your employer's or school's network.
  • It does not make you anonymous, and it does not stop fingerprinting.

Think of Incognito as "don't leave footprints in this house," not "become invisible outside." For everyday tracking protection, the settings and extensions above matter far more than private windows.

Privacy on your phone's browser

People often lock down their laptop and forget the device they actually use most. Your phone browser deserves the same attention.

  • iPhone: Safari has good defaults — keep "Prevent Cross-Site Tracking" on and turn on "Hide IP Address" from trackers. You can also install Firefox or Brave from the App Store if you prefer their protections.
  • Android: consider Firefox or Brave, both of which support content blocking and stronger tracking protection than the stock browser. Mobile Firefox even supports uBlock Origin.
  • Everywhere: change your mobile search engine to a private one, block third-party cookies, and turn off any "personalized ads" toggle you find in settings.

If you want a guided, do-it-in-an-afternoon approach across all your devices, our privacy lockdown weekend walkthrough pulls these steps together in order.

Where a VPN helps — and where it doesn't

A VPN (virtual private network) routes your internet traffic through an encrypted tunnel to a server run by the VPN company. It's a useful tool, but only for specific jobs, and it's often oversold. Let's be honest about both sides.

Where a VPN genuinely helps:

  • It hides your browsing from your internet provider and from the operator of the network you're on — useful on public Wi-Fi, in a hotel, or anywhere you don't trust the connection.
  • It masks your real IP address (a rough location identifier) from the sites you visit.
  • It can let you reach content as if you were in a different region.

Where a VPN does NOT help:

  • It does not stop cookies, fingerprinting, or ad-network tracking — once you log in somewhere, you're identified regardless.
  • It does not make you anonymous, and it shifts your trust to the VPN company itself, so the provider matters enormously.

If you decide a VPN fits your needs, choose a trustworthy, audited provider with a real no-logs policy rather than a flashy free one — free VPNs often pay their bills by selling the very data you're trying to protect. A reputable option like Proton VPN is a sensible place to start, and you can compare choices in our best VPN guide. Just remember: a VPN is one layer, not a magic cloak.

Putting it all together

Privacy isn't a single switch — it's a stack of small, reasonable defaults that add up. You don't need every tool, and you don't need to be perfect. A private browser plus one good content blocker plus a private search engine already puts you ahead of the vast majority of internet users.

If you'd like to keep building good habits beyond your browser, the start here page and our broader training walk you through the next steps at a comfortable pace. Take it one setting at a time, and remember that wanting privacy isn't paranoid — it's just sensible.

The quick version

  • Tracking works through first-party cookies (often helpful), third-party cookies (the follow-you-around kind), invisible trackers and ad networks, tracking pixels, and fingerprinting — recognizing your device by its quirks, even with no cookies.
  • It matters even with "nothing to hide": profiles get bought, sold, and leaked, prices can vary, and privacy is a normal default, not an admission of guilt.
  • Choose a private browser: Firefox (great default, nonprofit), Brave (fast, blocks by default), or Safari (good on Apple). Chrome works but is built by an ad company.
  • Change the essentials: block third-party cookies, turn on strict tracking protection, enable Global Privacy Control, and switch your default search to a private engine.
  • Install one content blocker — uBlock Origin — and resist piling on extra extensions.
  • Reject cookie trackers when banners appear; look for "Reject All" or "Necessary only."
  • Incognito only hides history on your own device — it does not make you anonymous or block tracking.
  • Lock down your phone browser too, with private defaults and tracking protection.
  • A VPN hides traffic from your provider and the local network and masks your IP, but it does not stop cookies, fingerprinting, or ad tracking. Pick a trusted, audited provider.
  • Curious about a site? Run it through our header check tool to see how it protects visitors.

Liked this?

Get one short, useful security email when we publish something new.

More in Privacy

Get the plain-English security newsletter

One short email when we publish something useful. No spam, no fearmongering. Unsubscribe anytime.