Why the engine matters more than the brand
Underneath every browser's interface is a rendering engine, the software actually responsible for interpreting a webpage and deciding what it can and can't do. There used to be several genuinely independent ones. Today there are three that matter: Blink, which powers Chrome and, because so many browsers are built on top of Chromium, also powers Edge, Brave, Opera, Vivaldi, and most others you've heard of; Gecko, which is Firefox's own engine and answers to nobody else; and WebKit, Apple's engine, which powers Safari and, until recently, every other browser on iOS regardless of what it was called.
This matters beyond branding because the engine determines what a browser is technically capable of doing, including what privacy protections it can implement and how much control an extension is allowed to have over what loads. When one company controls the engine underneath the large majority of browsers people actually use, that company has an outsized say in how web standards evolve, including standards that affect tracking, extensions, and ad delivery — not because of a conspiracy, but because whoever builds the most widely used engine ends up setting the practical rules everyone else has to work within.
Manifest V3: the story reshaping ad blocking
This is the single biggest browser-privacy story of the past two years, and it's still playing out. Manifest V3 is Google's redesigned extension system for Chrome, and by mid-2026 it stopped being optional.
What actually changed
The old extension system, Manifest V2, let an extension like uBlock Origin inspect and block network requests dynamically, in real time, as a page loaded — deciding on the fly whether a given request looked like an ad or tracker and stopping it before it ever loaded. Manifest V3 replaced that with a system called declarativeNetRequest, which requires an extension to pre-declare a fixed, capped set of blocking rules in advance, rather than deciding dynamically as it goes. That's a fundamentally more limited model, and it directly targets the technique the most effective ad and tracker blockers relied on.
Where full-strength blocking still exists, and where it doesn't
By mid-2026, Google finished disabling Manifest V2 extensions in Chrome entirely, meaning the classic, full-power uBlock Origin simply cannot run there anymore. Chrome users are left with uBlock Origin Lite, a separate, purpose-built Manifest V3 version with a capped rule count, no dynamic filtering, and no real-time network logger — noticeably weaker than what it replaced. Firefox took the opposite approach: Mozilla implemented its own version of Manifest V3 but explicitly kept backward compatibility with the old webRequest API, so the full, unrestricted uBlock Origin still runs there at full strength. Brave, also Chromium-based, sidestepped the problem differently: it built its own ad-blocking engine directly into the browser itself, bypassing the extension framework Manifest V3 governs entirely. Edge and Opera, both Chromium-based like Chrome, are following the same trajectory Chrome already completed, just somewhat behind it.
Google generated an estimated $239.5 billion in advertising revenue in 2025. Content blockers directly reduce how many ads a user sees. The company that makes Chrome is also the company whose core business model benefits most directly from Chrome users having weaker ad-blocking tools than Firefox or Brave users do. Google has framed Manifest V3 as a security and stability improvement, and there are genuine security arguments in its favor; the financial incentive sitting alongside those arguments is also real; both things are true at once.
This isn't only about seeing fewer ads
The US Cybersecurity and Infrastructure Security Agency has specifically recommended ad-blocking software as a defense against malvertising, the practice of distributing malware through legitimate-looking ad networks, citing it as a layer of protection against drive-by downloads and malicious redirects. A weaker ad blocker isn't purely a comfort issue; CISA's own guidance treats it as a security layer, which makes Chrome's downgrade a security regression for its users, not just an inconvenience. The EFF's own coverage of browser tracking protections goes further into what's actually at stake beyond ad volume.
The browsers, one by one
The only mainstream browser running an engine genuinely independent of Google, which alone makes it worth serious consideration regardless of any other feature. Enhanced Tracking Protection blocks known trackers by default, its version of Manifest V3 explicitly preserved the webRequest API that full-strength uBlock Origin depends on, and Mozilla has publicly committed to keeping that support rather than following Chrome's path. It's also fair to note Firefox isn't spotless: in 2024, Mozilla enabled a feature called Privacy-Preserving Attribution by default, without an opt-in prompt, drawing real criticism from privacy advocates who felt a feature touching ad measurement shouldn't have shipped on by default regardless of how it was technically designed to limit data exposure. Firefox is still the most straightforward mainstream recommendation here; it isn't a company with a perfect track record, just a meaningfully better-aligned one than Chrome's.
Chromium-based, but built specifically to blunt Chromium's own defaults: ad and tracker blocking on by default at the browser level, a built-in Tor window for one-off anonymous browsing without a separate download, and IPFS support for decentralized content. Its independent, built-in blocking engine is also, structurally, the reason it wasn't caught by the Manifest V3 crackdown the way Chrome's extension-dependent competitors were. Brave's history isn't uncomplicated, and it's worth knowing why: in 2020, the browser was caught automatically inserting its own referral codes into URLs when users typed certain cryptocurrency exchange addresses directly into the address bar, redirecting a small potential affiliate commission to Brave without disclosure. The company apologized and reversed the behavior once it was publicly reported. Brave's broader Rewards program, which pays users its BAT cryptocurrency for viewing opted-in ads, remains a distinguishing but polarizing feature depending on how you feel about a privacy browser also running its own crypto-ad ecosystem alongside it.
Apple's WebKit-based browser ships with genuinely strong defaults: Intelligent Tracking Prevention limits cross-site tracking automatically, and Advanced Fingerprinting Protection actively works against the device-fingerprinting techniques covered in our browser data guide. iCloud Private Relay adds IP-masking for supported traffic, though it's gated behind a paid iCloud+ subscription rather than available to every Safari user by default. The trade-off worth naming clearly: Safari is closed source, so its privacy claims can't be independently inspected the way Firefox's genuinely can, and its default search engine is Google, funded by a long-standing payment arrangement between the two companies reported to be worth billions annually — meaning Apple's privacy-marketed browser is substantially bankrolled by the company most associated with tracking-based advertising, a genuine tension worth being aware of rather than a disqualifying one.
A community-maintained fork of Firefox that strips out telemetry, Mozilla's default search deals, and several settings LibreWolf's maintainers consider privacy-negative, hardening the defaults out of the box rather than requiring manual configuration. It inherits Firefox's engine independence and its Manifest V2 compatibility, so full-strength uBlock Origin works the same way it does on Firefox itself. The honest trade-off: it isn't distributed through mainstream app stores in most cases, updates require more manual attention than an auto-updating mainstream browser, and its smaller user base makes it a less common target for compatibility testing by web developers, occasionally showing up as minor site-rendering quirks a bigger browser wouldn't hit.
A joint project between Mullvad and the Tor Project, built around a different theory of fingerprint resistance than most browsers: rather than trying to hide or randomize your specific fingerprint, it tries to make every user's fingerprint look as close to identical as possible, so blending into a large, uniform crowd replaces standing out as a unique signature. It doesn't include a built-in VPN itself, despite the name, and is specifically designed to be paired with one (Mullvad's own or otherwise) for IP-level protection alongside its fingerprint uniformity. It's a specialized tool for a specific threat model, not a general-purpose daily browser for most people.
The strongest anonymity option here by a clear margin, routing traffic through three independent, volunteer-run relays so no single point in the chain knows both who you are and what you're accessing. The trade-offs are real and specific to how onion routing works: noticeably slower browsing, since traffic is bouncing through multiple relays instead of a direct connection, and a meaningful number of sites block traffic from known Tor exit nodes outright, sometimes presenting extra CAPTCHAs or refusing the connection entirely. It's built for situations where anonymity is the actual priority, not for replacing your everyday browser.
Chrome, and why it's still worth understanding
Not a recommendation, but worth including because it's the browser most readers actually use, and understanding its trade-offs matters even if you switch away. Chrome is where Manifest V3 originated, it's the default home of Google's Privacy Sandbox initiative (the company's proposed cookie-alternative ad-targeting framework, still evolving and still contested by privacy researchers), and its market dominance is precisely what gives Blink, and by extension Google, the outsized influence over web standards described earlier. None of that makes Chrome unsafe to use day to day; it does mean it's the browser furthest from privacy-optimized among the mainstream options here.
Worth a shorter mention
Vivaldi is Chromium-based with heavy customization and a built-in tracker blocker, appealing to users who want deep interface control alongside reasonable privacy defaults. DuckDuckGo's browser markets itself heavily on privacy but drew real criticism in 2022 when researchers discovered its mobile app was, at the time, exempting Microsoft's ad and tracking scripts from its own blocking due to a search syndication agreement between the two companies — DuckDuckGo acknowledged the gap and closed it, but it's a useful reminder that "privacy-branded" and "privacy-audited" aren't the same claim. Ungoogled Chromium is exactly what it sounds like: the open-source core of Chrome with Google's own service integrations and telemetry stripped out, appealing specifically to people who want Blink's compatibility without Google's data connections, at the cost of losing Chrome Web Store access and needing a more technical setup process.
Fingerprinting resistance compared
| Browser | Engine | Trackers blocked by default | Fingerprint resistance | Full uBlock Origin support |
|---|---|---|---|---|
| Firefox | Gecko | Yes | Partial | Yes |
| Brave | Blink | Yes | Partial | Yes (via built-in engine) |
| Safari | WebKit | Yes | Partial, known trackers only | Discontinued after v13 |
| LibreWolf | Gecko | Yes, hardened defaults | Partial | Yes |
| Mullvad Browser | Gecko | Yes | Strong, via uniformity | Not the primary model |
| Tor Browser | Gecko | Yes | Strong, via uniformity | Not the primary model |
| Chrome | Blink | No | No | Lite version only |
Mobile is a different, more locked-down landscape
Everything above assumes desktop, where switching engines is genuinely just picking a different browser. Mobile, especially iOS, has worked differently for over a decade.
Apple's WebKit requirement, and what actually changed
Until recently, every browser distributed through Apple's App Store, including Chrome, Firefox, and Edge, was required to use WebKit under the hood regardless of what engine it ran on every other platform — meaning "Chrome for iOS" was, functionally, Safari wearing a different interface. The EU's Digital Markets Act, effective March 2024, explicitly prohibited platform gatekeepers from mandating a specific browser engine, and Apple introduced new developer frameworks intended to make alternative engines technically possible within the EU. Whether that principle has actually converted into practice is genuinely unsettled: through 2025 and into 2026, reporting has described browser vendors piloting or experimenting with EU-specific builds using their own engines, without a confirmed, stable, widely available product actually running an alternative engine as the default experience yet. The friction appears to be economic as much as technical — maintaining a separate engine build just for EU users is expensive for a market that's one region among many.
The UK moved further in April 2026: its Competition and Markets Authority ruled Apple's WebKit requirement a breach of the UK's own market competition regime, giving Apple until January 2027 to allow genuinely alternative engines on iPhones sold in the UK, with a formal compliance plan due mid-2026. Depending on how that plays out, it may be the ruling that actually forces the change the EU's law has technically permitted but not yet produced in practice.
Android's more genuine variety
Android doesn't have an equivalent engine mandate, so Firefox for Android genuinely runs Gecko, and the underlying flexibility is real rather than theoretical. In practice, though, Chrome's default status on most Android devices, combined with most users never changing a default, means Blink's practical dominance on mobile looks similar to desktop even without a legal requirement forcing it.
Who actually funds the "privacy" browser you're using
Worth being honest about, since it applies well beyond Safari: Mozilla's revenue, the organization behind privacy-forward Firefox, comes overwhelmingly from a default-search payment arrangement with Google, structurally similar to the Apple-Google deal funding Safari. Neither arrangement has been shown to compromise either browser's actual privacy engineering, and Firefox's Gecko independence and tracker-blocking defaults are real, verifiable, and unrelated to who's paying for default search placement. But it's a genuine dependency worth knowing: the two most Google-independent mainstream browsers by engine are still, commercially, significantly dependent on Google for revenue, which is a more complicated picture than "avoid Google, use Firefox" fully captures — the same follow-the-money approach we take with ad networks in our targeted advertising guide.
The extension you install matters as much as the browser
None of the browser-level protections above account for what you install afterward. A malicious or poorly-vetted extension can request broad permissions, read page content on every site you visit, or quietly bundle its own tracking regardless of which browser it's running in — the browser choice sets the ceiling on what's possible, but a bad extension can still use everything within that ceiling against you. Stick to extensions with a large, actively maintained user base and a specific, narrow permission request that matches what the extension actually claims to do; an ad blocker asking for access to your clipboard or every open tab's content, for instance, is asking for more than the stated job requires.
Which one to actually pick
- The single most broadly reasonable upgrade from Chrome, least friction — Firefox: independent engine, strong defaults, full uBlock Origin support, available everywhere.
- Strong ad and tracker blocking with zero configuration, staying in Chromium — Brave, with the affiliate-code history as the one asterisk worth remembering.
- Already inside Apple's ecosystem, no extra install — Safari's built-in protections are genuinely competitive, with Private Relay as a paid upgrade worth considering.
- Hardened Firefox defaults out of the box — LibreWolf, if manual updates aren't a dealbreaker.
- Not being distinguishable from other users at all — Mullvad Browser or Tor Browser are the only two options here built around that specific goal, at a real cost to convenience and speed.
Frequently asked questions
Is Chrome unsafe to keep using?
Not unsafe in a dramatic sense, but meaningfully weaker on two specific fronts as of 2026: ad and tracker blocking is capped by Manifest V3 in a way Firefox and Brave users don't experience, and it's the browser most tied to the company with the largest financial interest in ad-based tracking working well. For most everyday use it remains functional and broadly secure; it's just no longer the strongest privacy option among mainstream browsers, if it ever was.
Why did Google make this change if it weakens ad blockers?
Google's stated reasoning is security and performance: the old webRequest API gave extensions broad, low-level access to every network request, which is also a meaningful attack surface if a malicious extension abused it. That's a real security argument. It's also true that the same change happens to weaken the tools most effective at reducing how many ads Chrome's users see, and both facts can be accurate at once without one canceling out the other.
If I switch to Firefox or Brave, do I need to change anything else?
The browser switch alone handles engine independence and ad/tracker blocking capability. It doesn't automatically cover:
- DNS-level tracking, which is a separate layer covered in our DNS explained guide
- Browser fingerprinting, which persists across browsers unless you're specifically using one built around fingerprint resistance — see our fingerprinting breakdown
- Your IP address, which no browser choice alone hides — that's what a VPN is for
A browser switch is one layer of a broader setup, not a complete one on its own.
Is Brave's crypto rewards program a privacy risk?
Not directly a data-privacy risk in the way tracking is, since it's opt-in rather than default-on. It's more of a business-model and trust consideration: a browser marketed on privacy also running an advertising-adjacent rewards ecosystem is worth being aware of, particularly given the 2020 affiliate-link incident, even though that specific behavior was reversed once it became public.
Will the EU's browser engine rule actually change what I use on my iPhone?
Not yet, in practice, despite being legally permitted since March 2024. As of 2026, most browsers still ship WebKit-based versions even for EU users, reportedly due to the cost of maintaining a separate engine build for one region. The UK's stronger 2026 ruling, with a January 2027 compliance deadline, may end up being the actual forcing function, but nothing currently guarantees a specific timeline.
Sources
- uBlock Origin — current per-browser support status under Manifest V3
- Electronic Frontier Foundation — background on browser tracking protections
- Apple Developer Documentation — EU browser choice screen requirements
- The Register — Apple's 2024 DMA compliance changes for iOS browser engines
Written by PrivacyTestLab
This guide reflects each browser's current default configuration and each company's own current documentation, including the Manifest V3 rollout status and the still-unsettled state of alternative browser engines on iOS, both of which are actively changing and worth rechecking periodically.