a simple imperfect setup for online privacy
every time you open a browser, you leave a trail. your ISP sees your DNS queries. advertisers track you across sites. and google quietly stitches together your searches, emails, and youtube history into one neat profile.
online privacy has several layers — browsers, email, passwords, search, and more. this post covers the browser layer specifically.
after a lot of experimenting, i settled on a setup that pushes back without adding friction. the core idea: use three browsers, each with a distinct role.
the three-browser model
when you use one browser for everything, every site you visit can be linked back to your identity through cookies, fingerprinting, and login state. fingerprinting is when sites identify you by collecting details about your browser, screen, fonts, and hardware — creating a unique signature even without cookies.
separating browsers creates hard boundaries between your identities:
- librewolf (firefox, but with telemetry stripped out) knows who you are, but only sees your google accounts
- mullvad browser (built on tor browser's anti-fingerprinting, without the tor network) sees your casual google activity, but has no idea who you are
- brave handles the rest
no cross-contamination.
| librewolf | mullvad browser | brave | |
|---|---|---|---|
| role | logged-in google services | anonymous google browsing | everything else |
| use for | gmail, docs, calendar | youtube, maps, search (no login) | casual browsing, non-google logins (chatgpt, stackoverflow) |
| login to accounts? | yes | never | as needed |
| anti-fingerprinting | moderate | strong (tor-based) | moderate (randomized) |
| sandboxing | flatpak | flatpak | none (apt) |
| ad/tracker blocking | ublock origin + privacy badger | built-in | brave shields |
the key rule: don't log into google outside librewolf. the moment you do, you've linked your identity to a browser that wasn't meant to have it.
why brave? it randomizes your fingerprint on each session — you look like a different person every time. it does require customisation before use — disabling rewards, wallet, and tightening shields — but once configured, it's a good everyday browser.
additional steps
browsers are only half the picture. a few things that strengthen the setup:
- encrypted dns — your DNS queries (the lookups that translate domain names to IP addresses) are normally visible to your ISP. use a trusted dns provider — i use mullvad's dns-over-https — and you shift that visibility away from your ISP to a provider you trust more
- minimal extensions — fewer extensions means a smaller fingerprint and less attack surface
- disabled telemetry — librewolf has it stripped by default, mullvad browser ships with it off, brave needs manual configuration
- flatpak sandboxing — librewolf and mullvad browser run isolated from the rest of the system
a vpn is a good addition to this setup, but the idea here is to keep things simple yet effective.
what this doesn't cover
this setup improves privacy, but it's not airtight.
- your IP is still visible — without a vpn, every site you connect to sees your real IP address. encrypted dns hides your queries from your ISP, but it doesn't hide which servers you connect to
- brave has its own baggage — brave ads, bat tokens, and past telemetry controversies make it an imperfect choice for a privacy setup. it's convenient, but worth keeping an eye on
- fingerprinting is only partially addressed — mullvad browser handles it well, but librewolf and brave offer moderate protection at best. and since you're logged in on librewolf, fingerprinting resistance there is mostly irrelevant anyway
this is a meaningful step up from using one browser for everything. it's not a fortress.
the mental model
if you take away one thing, it's this:
- librewolf = google, logged in
- mullvad browser = google, anonymous
- brave = everything else
three browsers, three roles, no overlap. if you only do one thing from this post — use brave for everything and never log into google on it. that alone is a meaningful step.