Brave blocks trackers by default. Firefox Strict mode blocks trackers by default. Safari has shipped Intelligent Tracking Prevention since 2017. Tor Browser blocks effectively everything. They cannot all be the same level of private, and once you load the same tracker-heavy page in each one and watch the network panel, the differences are not subtle.
This post puts the four side by side. Same article, same evening, same machine where possible. We counted third-party requests, cookies, fingerprint surface, and what the destination actually learns about the visitor. The headline finding: only one of the four hides your IP, only one randomizes your fingerprint, and the gap between Firefox Strict and Safari ITP is larger than either vendor would admit. Updated May 2026 with Brave 1.69, Firefox 134, Safari 18, and Tor Browser 14.
Before comparing what they do, what are the four actually? Brave Shields is a built-in ad and tracker blocker with fingerprint randomization, on by default. Firefox Total Cookie Protection in Strict mode is a partition-and-block model that isolates each site's cookies and blocks known trackers. Safari Intelligent Tracking Prevention is a set of machine-learning-driven cookie and storage lifetime caps that quietly expire cross-site state. Tor Browser is a Firefox-based hardened browser routing through the Tor network, with aggressive fingerprint normalization.
What each one actually does under the hood
Brave Shields is list-based blocking, fingerprint farbling, and HTTPS upgrades wrapped into a single default-on toggle. The lists are Brave's own derivatives of EasyList, EasyPrivacy, and uBlock Origin's filters, refreshed several times a day. Cookies and storage are partitioned per top-level site, the same mechanism Firefox calls Total Cookie Protection. The interesting piece is the farbling: Brave injects a small per-session per-eTLD+1 perturbation into Canvas, WebGL, and AudioContext readings, so two visits in two different sessions produce different fingerprint hashes. The IP, however, is untouched.
Firefox Strict mode bundles Enhanced Tracking Protection (the Disconnect tracking-protection lists), Total Cookie Protection (separate cookie jars per site, so a Facebook cookie set on site A cannot be read on site B), and cryptominer plus known-fingerprinter blocking. Fingerprinter blocking here means refusing to load scripts from a curated list of fingerprinting domains; it does not randomize what your browser exposes if a fingerprinter script still runs. That is the load-bearing detail to remember.
Safari Intelligent Tracking Prevention caps cross-site cookies at seven days and script-writable storage (think localStorage written by third parties) at twenty-four hours of non-interaction. ITP also strips known tracking parameters from link decorations on navigation, partitions cache and HSTS state, and quietly disables third-party cookies entirely by default. On top of ITP, iCloud+ subscribers get Private Relay, which hides the user IP from sites through Apple's two-hop relay. Outside Apple devices, none of this exists.
Tor Browser is the only one of the four that does not assume the user is browsing through their own ISP. Every connection is routed through three Tor relays, each top-level site gets its own circuit, and the browser itself is hardened: canvas is randomized per-session, WebGL is heavily restricted, screen dimensions are quantized to letterbox buckets, fonts are standardized, and extensions other than the bundled ones are blocked. The design intent is for every Tor Browser user to look indistinguishable from every other Tor Browser user.
How we tested
The destination was a mid-tier US news site of the sort everyone actually reads: a homepage with the usual two ad networks, a video embed, a comment widget, a CMP banner, and a stack of third-party analytics. We loaded it cold in each browser, with default privacy settings, no extensions beyond what the browser ships with, on the same residential connection.
We measured eight things on each first load. Third-party requests attempted versus blocked. Third-party cookies set after the page settled. Whether the Canvas readback hash stayed stable across two reloads. Whether the WebGL UNMASKED_RENDERER_WEBGL string was the real GPU. Whether AudioContext returned a stable fingerprint. Whether the connection was forced to HTTPS. Whether the destination saw our real residential IP. And whether the cookies that did get through survived a clean browser restart. For the fingerprint uniqueness bucket we ran a single pass against AmIUnique, aware that one-shot numbers are directional, not definitive.
Brave 1.69 on macOS 14, Firefox 134 on the same machine, Safari 18 on the same machine, and Tor Browser 14 on the same machine. Same evening. Same starting state (full profile reset on each browser before the run). All four are the current stable channels as of Q2 2026.
The side-by-side comparison
Same page, same machine, same evening. The first three rows are absolute counts; everything below is what each browser exposes or hides by default.
| Metric | Brave Shields | Firefox Strict | Safari ITP | Tor Browser |
|---|---|---|---|---|
| 3rd-party requests blocked (of 84 attempted) | 71 of 84 | 48 of 84 | 31 of 84 | 84 of 84 |
| 3rd-party cookies set after load | 0 | 0 (partitioned) | 0 | 0 |
| 1st-party cookies set | 11 | 14 | 13 | 9 |
| Canvas fingerprint randomized per session | Yes (farbled) | No | No | Yes (randomized) |
| WebGL renderer string masked | Partial (farbled) | No | Partial | Yes (generic) |
| AudioContext defended | Yes (farbled) | No | No | Yes |
| HTTPS upgrade default | Yes (aggressive) | Yes (HTTPS-Only off by default) | Yes | Yes |
| Real IP visible to destination | Yes | Yes | Yes (No on Private Relay) | No |
| Cookie persistence (cross-site) | Partitioned | Partitioned (TCP) | Capped at 7 days | Per-circuit, dropped on close |
| Extensions supported | Chrome Web Store | AMO | Limited via App Store | Bundled only |
| Daily-driver feasibility (1-5) | 5 | 5 | 4 (Apple only) | 2 |
A few rows deserve a second look. The third-party cookie count is zero across the board, which is what every vendor wants you to notice in marketing. The deeper question is what the same trackers achieve without cookies, and there the request-block counts tell a different story. Brave drops 84% of third-party requests outright; Firefox Strict drops 57%, leaving roughly half the tracking surface still loading, partitioned but live. Safari ITP only drops 37% of third-party requests, because ITP fights cookies, not requests. Tor Browser is at 100%, but only because the page largely fails to assemble; many embeds and scripts time out behind the relay.
What surprised us
Brave farbles canvas, but the farbling is detectable
Brave's per-session per-site canvas perturbation is good in the sense that no two sessions produce the same hash. It is less good in the sense that a fingerprinter can detect the perturbation itself. The set of pixels that come back from a standard test pattern in Brave does not match the set produced by any unmodified browser, so "is this user running Brave with shields up" is itself a fingerprint bit. Brave is aware of this and argues that linking sessions across time is what matters and that bit is fine to leak. They are not wrong, but it is worth knowing.
Firefox Strict partitions, but does not randomize
Total Cookie Protection is genuinely impressive engineering and it breaks the basic third-party cookie tracking model. But once a fingerprinter script that is not on Disconnect's list does load (and several do), Firefox hands it the same canvas hash, the same WebGL renderer string, the same AudioContext signal as regular Firefox. The protection is structural, not perceptual. You can be fingerprinted in Firefox Strict, the tracking just cannot be glued together via cookies.
Safari ITP is excellent against persistence, weak against fingerprinting
Cookies expire in seven days. Storage written by scripts expires in twenty-four hours of inactivity. Link decoration parameters get stripped. This is genuinely hostile to long-term tracking based on persistent identifiers. But Safari does almost nothing to randomize what a real-time fingerprinter reads from your device. The renderer string is real, the canvas hash is stable within a session, and AudioContext is untouched. ITP wins the memory war and loses the snapshot war.
Tor protects identity, but breaks the modern web
Tor Browser is the only one of the four that hides your IP and the only one that normalizes the fingerprint surface across users. It is also the one where the news page we tested rendered with the comment widget missing, the video embed permanently spinning, and the CMP banner refusing to dismiss. WebGL-heavy sites and geo-gated content fail outright. This is by design. Tor is not trying to be a daily-driver browser. Treating it as one creates a brittle setup and a frustrated user.
Which one should you actually use?
None of these browsers is "the right answer" in the abstract. They are answers to different questions. The cleanest way to choose is by which sentence sounds most like you.
"I want minimum effort, low fingerprint surface, mainstream sites still work." Use Brave. Defaults are aggressive, the per-session farbling buys real protection against re-identification, and it ships as Chromium so the sites you depend on render normally. It is the highest privacy floor of any "just open it and browse" browser.
"I trust Mozilla's governance and want partitioning more than I want randomization." Use Firefox in Strict mode. It is the most pleasant of the four to customize, has the strongest non-Chromium engine story, and the partitioning model is honest about what it does. Pair it with Privacy Badger or uBlock Origin if you want the request-block count to climb to Brave levels.
"I'm on Apple devices and want sane defaults." Use Safari with iCloud+ Private Relay enabled. ITP is doing real work on cookie persistence and Private Relay covers the IP gap that ITP itself does not. The honest limitation is that on Windows or Linux this stack does not exist for you.
"I need to actually be anonymous, and I accept broken sites." Use Tor Browser. Nothing else hides your IP and normalizes your fingerprint at the same time. Read the anonymity stack guide before relying on it for anything that matters; Tor demands discipline that the other three do not.
"I need isolation in addition to privacy." None of these four isolate the browser from your operating system. A malicious script that exploits a Chromium or Gecko bug runs on your machine in all four. A cloud browser sidesteps that class of problem entirely by executing the rendering somewhere else, with the privacy posture of your choosing in front of it. That is the shape of the bet Browser.lol makes.
Where all four fall short
The four modes argue about different things, but they share four blind spots that no privacy mode fixes by itself. The first is login. The moment you sign into a site, the privacy mode is irrelevant for that site; you have just told the destination who you are. Browsing modes protect against ambient tracking, not against the identifiers you volunteer.
The second is the network. Three of the four still use your real IP. Brave, Firefox, and default Safari all send packets directly from your residential or office connection. Only Tor (and Safari via the Private Relay add-on) does anything about that. A VPN bolts on partial coverage, but most VPN providers know more about you than your ISP does.
The third is the device. All four run on your real hardware, which means a real-world malware payload, a hostile extension, or a kernel-level exploit operates on the machine you are reading email on. Browser fingerprinting is also fundamentally device-bound: as the fingerprinting deep dive walks through, things like GPU rendering signatures and audio stack quirks survive even the most aggressive in-browser defenses.
The fourth is incognito theater. Three of the four offer a private window that most users assume is the strongest privacy mode they have. It is not. Private windows do not change what trackers see; they only forget what you did locally. Mullvad Browser and DuckDuckGo Browser are interesting attempts to bridge this gap with tighter defaults than Firefox or Brave ship by default, but the same four blind spots apply to them too.
Frequently asked questions
Is Brave really better than Firefox for privacy?
On default settings, against tracker-heavy pages, against fingerprinting, yes. Brave blocks more requests, randomizes more signals, and ships with HTTPS Everywhere behavior on by default. Firefox Strict catches up in measured privacy if you add uBlock Origin and toggle resistFingerprinting, but that is no longer "default Firefox." The honest answer depends on what you mean by "Firefox."
Does Safari work as well as Brave outside Apple devices?
Safari does not exist outside Apple devices. There is no Safari for Windows, no Safari for Android. On macOS and iOS it is a competitive choice; everywhere else the question does not apply. If you wanted the Safari approach (aggressive ITP-style cookie caps) on a non-Apple device, the closest available analog is Firefox Strict plus an extension or Brave with default shields.
Why does Tor Browser break so many sites?
Two reasons. First, the Tor exit node IP is in commercial block-lists used by Cloudflare and many CDNs, so legitimate traffic gets challenged or denied. Second, Tor Browser disables or quantizes APIs that modern sites assume are present: WebGL, precise screen dimensions, persistent storage, and a long list of newer browser features. Sites built around those APIs degrade gracefully in theory and ungracefully in practice.
Should I use a VPN with Brave?
For most threat models, yes, if you want to hide your IP from destinations. Brave Shields does not touch the network path, so the destination still sees your real residential or office IP. Pairing Brave with a privacy-respecting VPN (Mullvad and IVPN are reasonable starting points, picked because they accept cash and do not require an account email) gives you randomized fingerprints and a hidden IP without leaving Chromium-rendered sites behind.
What about Mullvad Browser or DuckDuckGo Browser?
Mullvad Browser is Tor Browser's hardened Firefox build stripped of the Tor network, designed to be used through Mullvad VPN. It inherits Tor's fingerprinting defenses without Tor's connectivity tax, at the cost of relying on a single VPN provider for the IP layer. DuckDuckGo Browser bundles tracker blocking and link-decoration cleaning into a friendlier Chromium/WebKit wrapper; its protection level sits between Safari ITP and Brave Shields depending on platform. Both are worth a look if none of the big four fit your model.
Does AmIUnique tell me how unique my fingerprint is?
It tells you how unique your fingerprint is among AmIUnique visitors, which is a self-selected population of privacy-curious users. The score is directional. Use it as a sanity check that your defenses moved a needle, not as an absolute claim about the wider web. The EFF Cover Your Tracks tool from the Electronic Frontier Foundation is a useful second opinion.
Pick the layer that matches your threat, then add isolation
Across the comparison the pattern is consistent. Brave gives you the strongest default privacy floor for everyday browsing. Firefox Strict gives you the cleanest partitioning model and the most customizable defenses. Safari ITP gives you the best persistence story on Apple hardware. Tor Browser gives you actual anonymity, at the cost of a usable web. None of them isolate your device from the page, and none of them survive you logging in.
- Default to Brave if you want strong privacy without thinking about it.
- Default to Firefox Strict if you value partitioning, customization, and a non-Chromium engine.
- Default to Safari with Private Relay if you live inside the Apple ecosystem.
- Reach for Tor Browser when anonymity is the actual goal, not just convenience.
- Add a cloud browser when you need the page to execute somewhere that is not your device.
Privacy modes are about reducing what the page learns. Isolation is about reducing what the page can do. They solve adjacent problems, and the strongest setups stack one on top of the other. Updated for 2026.
Ready to unlock desktop power on any device?
Try Browser.lol free and experience true mobile productivity.
Start Your Desktop BrowserNo downloads required • Works on any device
