Defending novice user privacy: An evaluation of default web browser configurations

Cyber novices often enter sensitive data into web browsers for routine activities such as online shopping and bill payments, making them targets for malicious entities, including cybercriminals and oppressive governments. The proliferation of online advertising technologies further exacerbates privacy concerns by exploiting user data for marketing or surveillance, frequently without explicit consent. It is crucial to regularly ensure the latest features of default configurations, which are most relevant for novice users, adequately address growing privacy demands given the centrality of web browsers to internet usage. Our work scrutinizes the privacy claims of 14 desktop browsers and their default configurations, from mainstream options like Chrome to those prioritizing privacy, such as Brave. We validate these claims through a suite of privacy tests on two operating systems commonly used by cyber novices. Based on our findings, we categorize browsers into three tiers of privacy protection. We conclude by outlining future browser design principles and offering privacy-centric recommendations tailored for novice users.