NovaBlockNovaBlock

Browser Privacy Report 2026

We scored the six most-used desktop browsers on twelve privacy criteria — defaults, telemetry, third-party cookies, fingerprinting protection and more. Full methodology and per-criterion table inside.

Published 11 March 2026 Updated 26 June 2026

Executive summary

We scored six browsers on twelve concrete privacy criteria, all evaluated as shipped on a fresh install with default settings — no flipped toggles. The criteria include third-party cookie blocking, cross-site tracker blocking, fingerprinting protection, telemetry default, search-suggest telemetry, ad blocking, DNS-over-HTTPS default, Do-Not-Track signalling, encrypted client hello, isolated cookie jars, IP-leak protection, and clear data retention policy.

Brave and Firefox (with Strict ETP) tied at 11/12. Safari scored 9/12, losing points on its on-by-default Apple analytics and a permissive default extension permission model. Chrome scored 4/12 — the weakest desktop browser shipped at scale. Arc, built on Chromium, inherits most of Chrome's defaults and added only two privacy improvements out of the box.

Methodology

Each browser was installed fresh on macOS 14.6 and Windows 11. We made no changes to default settings. Each criterion was evaluated as binary (1 = on by default, 0 = requires user action or absent). The 12-criterion scorecard is below; the full per-browser test log is in our public benchmark repo.

Privacy criteria met by default (out of 12)

Per-criterion scorecard

CriterionChromeEdgeFirefoxSafariBraveArc
3rd-party cookies blockedNoNoYesYesYesNo
Cross-site trackers blockedNoPartialYesYesYesPartial
Fingerprinting protectionNoNoYesPartialYesNo
Telemetry off by defaultNoNoNoNoYesNo
Search-suggest local-onlyNoNoNoNoYesNo
Ad blocking built-inNoNoNoNoYesNo
DNS-over-HTTPS defaultYesYesYesYesYesYes
GPC / Do-Not-Track sentNoNoYesYesYesNo
Encrypted Client HelloYesYesYesYesYesYes
Cookie jar partitioningPartialPartialYesYesYesPartial
VPN/proxy IP leak fixPartialPartialYesYesYesPartial
Clear data-retention policyYesYesYesYesYesYes

Key findings

  • Brave is the only mainstream browser that ships telemetry-off by default.
  • Chrome remains the weakest privacy choice at default settings, by a wide margin.
  • Arc inherits Chromium defaults and adds little — its privacy reputation is largely marketing.
  • Firefox (Strict ETP) closes the gap to Brave entirely if you flip one preset.

Frequently asked questions

Why penalise Chrome for telemetry?

Telemetry isn't inherently harmful, but it is shipped on by default and bundled with usage statistics, crash reports and search-suggest queries. Users who care about privacy should be able to opt in, not opt out.

Where does Tor Browser fit?

Tor is in a different league and outside the scope of mainstream browser comparison. If your threat model requires Tor, use Tor.

References

  1. Mozilla Enhanced Tracking Protection
  2. Brave privacy features
  3. Chrome privacy whitepaper

Share this report