Browsers FAQ

It’s easy to guess how a browser can pinpoint your location when you’re using a mobile phone: through GPS. When searching for restaurants near you, Google can suggest the best restaurants within walking distance. But what about when you’re using a device that doesn’t have GPS capability, such as a desktop computer? Sure: browsers can know and provide websites through your public IP address, but this is only a rough estimation of your location and can be hidden using a VPN. So how is it possible that when you seek nearby restaurants on a desktop, Google is still able to pinpoint precisely where you are?

How does browser geolocation work?

Modern browsers implement the geolocation API defined by the World Wide Web Consortium (W3C) that typically uses one the following location sources: GPS, available Wi-Fi networks and signal strengths, GSM/CDMA cell IDs, and IP addresses.

Therefore, the way browsers pinpoint your location on a desktop is through the Wi-Fi router you are connected to. But this still doesn’t explain how your browser knows the specific position of your router.

GPS-enabled devices such as mobile phones are designed to read the MAC addresses of all nearby wireless access points – including your router – and forward them to a database. Depending on the device you use, this can be a Google or Apple database, and its information makes it possible to know the precise location of your router.

How to protect yourself from geolocation

It’s impossible to prevent the MAC addresses from your routers from being sent to these databases. Even your neighbor can unknowingly do this while trying to reach their own Wi-Fi. How can you protect yourself?

The best option is to make sure your browser’s settings are well configured and that they aren’t sharing your geolocation without your knowledge. By default, browsers will ask you if you want to share your location with a website. However, to avoid the hassle of choosing this every time you visit a website, you can change settings in order to never share your physical location.

Turning off geolocation in Google Chrome

• Go to Settings.
• Go to Advanced > Privacy and security.
• Click on “Site settings”.
• Click on “Location”.
• Click on the slider on the right.

When you click on the slider, “Ask before accessing” will change to “Blocked”.

These steps work with other Chromium-based browsers such as Opera, Vivaldi, Brave, and others.

Turning off geolocation in Firefox

• Go to Options > About > Preferences.
• Go to Privacy & security.
• Scroll down until you find Permissions.
• Click on the ‘Settings’ button on the right.
• Check the option ‘Block new requests asking to access your location’.
• Save changes.

These steps will work with other Firefox-based browsers, such as Waterfox.

Turning off geolocation in Safari

• Go to Safari in the top left of the task bar.
• Go to Preferences.
• Go to Websites.
• Go to Location.
• Beside ‘When visiting other websites’, select ‘Deny’.

Turning off geolocation in Microsoft Edge

Since Microsoft Edge is a Windows app, you’ll need to configure the location permission through Windows settings:

• Click on the Windows start button.
• Go to Settings.
• Click on Privacy.
• Select Location under App permissions.
• If you want to deny access to your location – even to Windows itself – click on Change under ‘Location for this device’ and disable it.
• If you want Windows (but not other apps) to have access to your location, click on the button under ‘Allow apps to access your location’ to disable it.

Turning off geolocation in Internet Explorer

If you denied Windows access to your physical location, Internet Explorer won’t be able to share it. If not, you will need to:

• Click on the gear icon at the top right.
• Go to Internet options.
• Go to the Privacy tab.
• Check the option ‘Never allow websites to request your physical location’.

Disabling geolocation does not prevent IP sharing

Although you can block geolocation and therefore prevent your physical location from being shared through browser definitions, the same is not valid for your IP.

It is extremely difficult to determine an exact location through an IP address. However, the IP address does indicate the surrounding area from which the internet is being accessed. What’s most problematic is that the IP is public, so websites will see it every time you access them. That’s how American Netflix knows if you’re accessing it outside the country. In cases like these, the best way to stay private is by using a VPN.

A VPN will mask your IP and will show its own server’s IP instead, making it impossible for third parties to know your IP address.

While browsing the internet, you’ve probably noticed that your browser tells you whether a website is completely secure. If there’s an HTTPS connection, it’s ok to insert passwords and credit card information since the connection is private. On the other hand, if there’s only an HTTP connection, the browser will warn against providing sensitive information cyber criminals could steal. How do browsers do this? Through SSL certificates.

What is an SSL certificate?

An SSL certificate is a digital computer file that has information about the authenticity of the website being visited. It also binds a public key to the website, enabling encryption. In other words, it works like the site’s passport and ensures that data exchanged with the site cannot be intercepted and read by any third party.

How are SSL certificates verified?

When browsers verify an SSL certificate, the process is called SSL handshaking. Simply put, when you visit a website the browser downloads the site’s SSL certificate. It then checks to see if the digital signature of the authority that issued the SSL certificate can be trusted. If it can, the browser then makes sure the website you’re accessing is the one listed on the certificate. When the site is verified, the browser and the site’s server create a connection that allows encrypted information exchange.

How to know if a website has an SSL certificate

It’s crucial to verify that you are visiting secure websites, especially when planning to provide sensitive information like your credit card number. Usually, modern browsers will tell you when you are on a site that has an HTTPS connection and therefore has a verified SSL certificate.

The easiest way to verify you’re accessing a secure website is by looking for the padlock icon near the address bar. Typically, modern browsers display that little lock on the left side, but others – like Internet Explorer – have it on the right. If you can’t find the lock, there’s also the option to check the URL in the address bar. If it starts with ‘https’ instead of ‘http’, the website has a verified SSL certificate. However, consider that even secure sites sometimes may not display ‘https’ in their URL.

Why is SSL encryption not enough?

SSL is in fact a secure encryption method that ensures that only you and the website are participating in the conversation. However, this alone is not enough.

For one thing, some websites haven’t correctly implemented SSL. In other words, there may be parts of the site that aren’t secure. The browser may however still show the lock symbol and indicate that the URL is safe.

Even if the website’s owner has done everything right, there are ways to exploit HTTPS connections through DNS leaks and DNS spoofs. On top of that, since getting them is so easy (and cheap), phishing websites typically have SSL certificates and will appear to be safe. In this case, it’s crucial to ensure you’re accessing the site you actually want before providing any sensitive information.

Note that SSL safeguards only the connection between your browser and the website: a hacker can still exploit your device while you’re using public Wi-Fi. In a nutshell, it’s always best to use a VPN to be 100% secure. The best-known VPN services offer military-grade encryption and protect everything on your computer, making sure your information is entirely safe.

Nowadays, most if not all modern browsers come with an ‘incognito’ (i.e. private) mode. This mode lets you open a new private window, eliminating any local web browsing data while using it. In other words, when visiting a website the browser won’t store any history, cookies, or form data (emails, passwords, etc.) and it will disable extensions. Opening an incognito window is like starting an isolated browser session, which means that you won’t be logged into any social media accounts or emails.

While it can be useful, incognito mode is far from being completely private. Incognito mode only deletes the information created by the browser itself. This means that it only guarantees privacy locally: nobody from your household will know what you have been browsing, but even this is not 100% certain. First, incognito mode does not interfere with other applications on the device which can therefore still track your every move. One example is parental control software, which will monitor everything – incognito or not.

Second, just because the information isn’t being stored on the computer doesn’t mean it’s not being stored on third-party servers. For example, if you are accessing the internet from your school or workplace, all information will be stored on their servers. Even when you’re at home, all your traffic can be logged by your internet service provider. In short, while the information will be deleted from your computer, it doesn’t necessarily mean that nobody will be able to see what you browsed during your ‘private’ session.

Of course, incognito mode will behave differently depending on the browser. While any of the popular browsers out there will bypass the retention of browsing data, some of them go the extra mile to offer a little more privacy. For example, Mozilla Firefox also blocks trackers and advertisers from monitoring you – something that Google Chrome does not. Another example is Opera, which will also block advertisers and trackers if enabled in its settings, though not by default. Opera goes even further by providing a built-in VPN that, if enabled, will make sure no network – school, workplace, or ISP – can monitor what you’re doing.

Regarding VPN software, this is an excellent type of service for ensuring nobody peeks at your browsing habits. Since VPNs encrypt traffic data, not only will your workplace or school be prevented from monitoring your online activity, but so will your internet service provider, the government, or any lurking hackers. It goes as far as changing your virtual location, which means that nobody trying to eavesdrop on your browsing habits will even know your physical location.

There is still another step you can take to improve your privacy: use DuckDuckGo as your search engine. As you’ve probably read, the most popular search engines – such as Google and Bing – record everything you search on using their servers in order to know what kinds of ads they should target you with. But unlike most search engines, DuckDuckGo will not log or keep any information you type into its search bar, making sure all your searches are protected and – more importantly – private.

Cache files are useful for speeding up websites you visit often. Still, you’ll never return to most of the websites you visit, so the cache files for these are doing nothing to improve your user experience.

Cookies, on the other hand, contain your information and help websites to deliver its content in the best way possible using localization or your login credentials, among other things. Of course, there are also tracking cookies that are used to deliver tailored advertisements, depending on your browsing habits.

To a certain extent, both cache and cookies can be useful. However, they store data in your device that can make your browser sluggish over time. Therefore, it’s essential to clean them out often. But since it depends heavily on your browser usage and your objectives, there is not an exact recommended frequency for clearing them. For example, users who surf the web all day will need to clean their browser’s cache and cookies more often than someone who only accesses the internet for an hour or so every day.

Heavy users vs regular users

Heavy users who visit dozens of websites will end up with a lot of meaningless cache and cookie files. For example, while doing research for an article you might visit numerous sites that don’t have the information you need. Still, the moment you open them, unnecessary cache and cookie files will be saved on the machine. Therefore, to make sure your browser doesn’t start to slow down, the best approach is to clear both cache and cookies every two weeks or so.

For regular users who spend less time online and always visit the same websites, it’s actually counterproductive to clean cache and cookies that often. Nevertheless, it’s important to clear the data at least once a month.

Clearing cache to solve a specific problem

Though cached files help websites operate faster, it’s also true that they may create problems. For example, the website may have been updated, but thanks to the cache your browser will try to upload an older version, which may break some parts of the site. If this happens, clearing your cache solves the problem, and is always a good place to start. Without the cached files, the browser will be forced to download the webpage anew.

Clearing cache and cookies for privacy-focused users

If you are a privacy advocate and don’t want to have your personal information stored, you should clear your cache and cookie files every session. The best way is to always browse in a private session, as most browsers will delete all files automatically as soon as they’re closed. If you want privacy though, it’s best to disable cookies altogether and use a VPN to make sure your information is secure.

Using tools to help clearing cache and cookies

It’s easy to forget about clearing cookies and cache files. Some browsers let you delete browsing files automatically every time you close them, but this may end up being counterproductive – especially when it comes to cache. Therefore, your best option is to use a registry cleaner for Windows or mac optimization software for macOS. These programs let you define how often you want to delete cache files and cookies and will do so without needing additional intervention.

The quick answer is no, even though it’s indeed tempting to store passwords in your browser. It not only autofills each time you want to access one of your accounts, but there are browsers like Chrome that will even create strong passwords for you. Letting the browser manage passwords may seem more productive than repeatedly entering them yourself – especially if you create complex passwords. However, the cost of being hasty is being less secure.

How can people access passwords in my browser?

Chromium-based browsers and Safari will ask for credentials to display the passwords in text. This means that anyone with the credentials can easily access any password stored in your browser. Worse still, if you don’t have any credentials to begin with, the browser will show the passwords automatically without the need to enter a key.

Taking a different approach, Firefox uses low-level encryption where you can add a master password under its settings. Anyone who tries to access your passwords will need to enter that code first. However, if you forget to create this master password, someone can go in and display all your saved passwords in text with only a button click.

As you can see, it’s quite easy for anyone using your computer to view all your passwords in a matter of seconds, whether that person is physically at your computer or a remote hacker who has gained control of it. In fact, even if they don’t know your computer credentials it’s still relatively simple for them to find your passwords.

Getting passwords by inspecting elements

Besides storing passwords, browsers typically come with the autofill setting enabled, which means that when entering text on a website, both your password and profile will be introduced and ready to log you in. Although your password will be hidden, someone with a minimum knowledge of coding can inspect the elements of the password field and change its content type from “password” to “text” and voila: your password is no longer hidden.

Where to Store and Protect Passwords

There are other, more reliable ways to store your passwords than just letting your browser handle it. Password manager browser extensions are one option. They offer better protection due to stronger encryption standards. However, they also enable autofill, which as we have already seen is not entirely secure.

Nevertheless, password managers by themselves are a solid choice. You can add all your profiles to your account and generate strong passwords with one click. Though not as convenient as autofill, it’s possible to copy and paste passwords in only a few seconds.

Of course, never save your password manager key in the browser or any other digital place. It’s better to write it on a piece of paper and keep it in a safe place. Paper is, in fact, the very best way to save your passwords without the risk of being hacked. You can always write all your passwords in a password organizer book and keep it in a safe place that’s inaccessible to others. Of course, this is also the least convenient option, but depending on your priorities it can be the best way to go.

Whichever method you decide to follow, an excellent step towards greater security is always to enable two-factor authentication when that option exists. It’s a great way to ensure that if someone tries to access your account from an unusual location or device, they will be blocked – even if they have your password. Moreover, the notification you’ll receive indicates that your password has been breached and it’s time to change it.

When it comes to being online, few things can be more annoying than a slow browser. Unfortunately, there are many possible reasons for a browser to become sluggish.

Low specs

More recent browsers come with many neat features, but those bells and whistles can consume a lot of computer resources. Older machines may have a hard time running resource-hungry browsers like Chrome. The obvious answer would be to simply upgrade your device. However, bolstering computer performance is not always possible, so changing to a browser that consumes less RAM and CPU power might be the only option. One of the available choices is Puffin, which uses cloud rendering and therefore offers low resource consumption.

Internet speed

Another reason your browser runs slowly is that your internet speed is subpar. But just like upgrading computer specs, gaining internet velocity is not always possible. Again, browsers like Puffin that compress data before downloading it to your device can be a reliable solution.

Even if you have a stable and fast internet connection, there’s also the possibility that other software is robbing bandwidth from your browser. Torrent software is one common culprit. In this case, it’s best to close the offending applications or limit their bandwidth usage.

The problem could also lurk within your home network. If many computers are accessing the same network, the router may impose a bottleneck on your machine. The same thing can happen at the ISP level, which may restrict the household’s internet speed. In this case, the use of a VPN can help quicken the overall connection.

Outdated browser

Browsers are always coming out with new updates. Besides resolving bugs, these updates often come with performance upgrades. It stands to reason that keeping your browser up to date can help with any slowdowns you’re facing.

Too many extensions

The more extensions you have installed, the more resources the browser will require, and the slower it will become. Investigate whether you have only the necessary extensions installed, and delete all the remaining ones.

Too many opened tabs

Sometimes we go overboard and end up with dozens of opened tabs. Each tab is consuming resources in the background, taxing the browser. Two ways to solve this is by installing extensions that put those tabs to ‘sleep’, or just bookmarking the pages you plan to revisit later instead of leaving them all open.

Browser files

Every time you visit a website, various tiny files – cache, history, and cookies – are saved on your computer. Though these files can be helpful and typically enhance user experience, after a while, they accumulate and slow down the browser. Removing your browser’s baggage is a reliable go-to when trying to restore its speed. A supplementary solution is to install a registry cleaner – a great tool that ensures the housekeeping is done periodically and without requiring any user input.

Viruses and malware

Sometimes a browser will stubbornly remain sluggish even after throwing all the tricks in the book at it. This could be a red flag indicating that your computer has become infected. Viruses and malware consume resources in the background, making other programs – browsers included – behave slowly or erratically. Run up-to-date antivirus and anti-malware apps to verify your machine’s health and bring that lethargic browser back to life.