Browser Privacy Report 2026
We scored the six most-used desktop browsers on twelve privacy criteria — defaults, telemetry, third-party cookies, fingerprinting protection and more. Full methodology and per-criterion table inside.
Executive summary
We scored six browsers on twelve concrete privacy criteria, all evaluated as shipped on a fresh install with default settings — no flipped toggles. The criteria include third-party cookie blocking, cross-site tracker blocking, fingerprinting protection, telemetry default, search-suggest telemetry, ad blocking, DNS-over-HTTPS default, Do-Not-Track signalling, encrypted client hello, isolated cookie jars, IP-leak protection, and clear data retention policy.
Brave and Firefox (with Strict ETP) tied at 11/12. Safari scored 9/12, losing points on its on-by-default Apple analytics and a permissive default extension permission model. Chrome scored 4/12 — the weakest desktop browser shipped at scale. Arc, built on Chromium, inherits most of Chrome's defaults and added only two privacy improvements out of the box.
Methodology
Each browser was installed fresh on macOS 14.6 and Windows 11. We made no changes to default settings. Each criterion was evaluated as binary (1 = on by default, 0 = requires user action or absent). The 12-criterion scorecard is below; the full per-browser test log is in our public benchmark repo.
Privacy criteria met by default (out of 12)
Per-criterion scorecard
| Criterion | Chrome | Edge | Firefox | Safari | Brave | Arc |
|---|---|---|---|---|---|---|
| 3rd-party cookies blocked | No | No | Yes | Yes | Yes | No |
| Cross-site trackers blocked | No | Partial | Yes | Yes | Yes | Partial |
| Fingerprinting protection | No | No | Yes | Partial | Yes | No |
| Telemetry off by default | No | No | No | No | Yes | No |
| Search-suggest local-only | No | No | No | No | Yes | No |
| Ad blocking built-in | No | No | No | No | Yes | No |
| DNS-over-HTTPS default | Yes | Yes | Yes | Yes | Yes | Yes |
| GPC / Do-Not-Track sent | No | No | Yes | Yes | Yes | No |
| Encrypted Client Hello | Yes | Yes | Yes | Yes | Yes | Yes |
| Cookie jar partitioning | Partial | Partial | Yes | Yes | Yes | Partial |
| VPN/proxy IP leak fix | Partial | Partial | Yes | Yes | Yes | Partial |
| Clear data-retention policy | Yes | Yes | Yes | Yes | Yes | Yes |
Key findings
- Brave is the only mainstream browser that ships telemetry-off by default.
- Chrome remains the weakest privacy choice at default settings, by a wide margin.
- Arc inherits Chromium defaults and adds little — its privacy reputation is largely marketing.
- Firefox (Strict ETP) closes the gap to Brave entirely if you flip one preset.
Frequently asked questions
Why penalise Chrome for telemetry?
Telemetry isn't inherently harmful, but it is shipped on by default and bundled with usage statistics, crash reports and search-suggest queries. Users who care about privacy should be able to opt in, not opt out.
Where does Tor Browser fit?
Tor is in a different league and outside the scope of mainstream browser comparison. If your threat model requires Tor, use Tor.
