Most privacy advice online falls into one of two traps. Either it's paranoia-driven to the point of being unusable (run Qubes OS, use Tor for everything, pay cash for a burner laptop), or it's so surface-level it changes nothing (use incognito mode, clear your cookies).
I've spent the better part of a year building and refining a setup that sits between those extremes. Genuinely private, genuinely usable. The goal is a browser environment where your daily activity doesn't feed corporate surveillance pipelines, without requiring you to sacrifice the tools and workflows that make you productive.
Here's what I've landed on, layer by layer.
Why the browser is the right place to start
Your browser is the single most data-rich application on your computer. It knows every website you visit, every search you make, how long you spend on each page, what you click, and increasingly, what you type. It holds your logins, your payment information, your location, and your browsing history going back years.
The default browsers, Chrome, Edge, and to a lesser extent Firefox, are designed to collect and transmit significant portions of that data. Chrome in particular is a data collection product that happens to also render web pages. Google's business model depends on knowing as much about your browsing as possible.
This isn't a conspiracy theory. It's disclosed in privacy policies and documented by independent researchers. The data collected through Chrome's sync features, crash reporting, usage statistics, and browsing history is extensive.
The good news is that swapping one layer of this stack has cascading effects. A privacy-respecting browser blocks thousands of tracking requests your default browser would have allowed. A local history tool replaces cloud-synced history. A local LLM replaces API calls to OpenAI. Each change reduces the surface area of data exposure.
Layer 1: The Browser
Brave is where I'd tell most people to start. It's a Chromium-based browser, which means full Chrome extension compatibility and the same rendering engine. The built-in Brave Shields block ads, trackers, and fingerprinting scripts by default without any configuration. There's no Google sync, no Google telemetry, and the default search engine isn't Google (though you can change it if you prefer).
The practical difference is immediate. On ad-heavy news sites, pages load faster because the ad network requests never happen. Tracker-heavy SaaS marketing sites stop following you around with retargeting ads. The browsing experience is quieter.
Brave's Shields work at the network level, blocking requests before they're made. This is more effective than a content blocker that lets requests through and then hides the elements.
Firefox with uBlock Origin is the alternative I'd recommend for users who prefer Mozilla's non-profit stewardship and Firefox's more aggressive privacy defaults in areas like Enhanced Tracking Protection. The trade-off is that uBlock Origin as an extension doesn't block as early in the request lifecycle as Brave's built-in shields, but in practice the difference is small for most users.
I'd actively avoid Chrome for everyday browsing if privacy matters to you. I've written more about this in the chrome extension privacy risks post, but the short version is that the browser itself is a larger data vector than most of the extensions people worry about.
Layer 2: Ad and Tracker Blocking
Even inside Brave, I run uBlock Origin as a second layer. Brave's Shields handle the majority of tracking, but uBlock Origin's filter lists are updated more frequently and catch some things the Shields miss, particularly in-content tracking pixels embedded in legitimate page content rather than separate requests.
The configuration I use:
- Filter lists: uBlock Filters (default), EasyList, EasyPrivacy, AdGuard Base, Peter Lowe's Ad and tracking server list
- Dynamic filtering: Block all third-party frames by default (this breaks some embedded content but catches a lot of tracking)
- My Filters: I add specific domain blocks for known analytics vendors that occasionally slip through default lists
This might sound aggressive, but I've been running this configuration for over a year and the number of sites it meaningfully breaks is small. Most modern sites degrade gracefully when tracker scripts fail to load.
Privacy Badger from the EFF is worth mentioning as an alternative for users who want blocking that learns from behavior rather than static lists. I've moved away from it because uBlock Origin's filter-list approach catches more in my experience, but Privacy Badger's heuristic approach has the advantage of not requiring any manual configuration.
Layer 3: Local History Search
This is where most privacy stacks have a gap they don't talk about.
Your browser history is one of the most revealing data sets about you. It encodes your medical concerns, your financial research, your relationship problems, your political reading, your career anxieties. All of it, timestamped and searchable.
Cloud-synced browser history, which Chrome enables by default when you're logged in, sends all of this to Google's servers. Even if you trust Google's data practices today (and I don't particularly), that data exists on servers you don't control, subject to data breaches, legal requests, and future policy changes.
The solution I use is TraceMind, a browser extension that replaces cloud history with a local semantic index. It captures pages you visit, extracts the content using Mozilla Readability, generates semantic embeddings using the all-MiniLM-L6-v2 model running via WebAssembly, and stores everything in IndexedDB on your machine. Nothing leaves the browser.
The semantic search capability is what makes this more than just a local copy of Chrome's history. I can search by meaning rather than exact keywords. "that article about sleep and immune system" finds the page even if the title was something generic like "Your Body at Night." Standard browser history search would never surface that.
The privacy architecture is: all data in IndexedDB, ML inference via WASM in a background worker thread, optional AES-256-GCM encryption with PBKDF2 key derivation at 200,000 iterations if you want an additional layer. For users who need the highest level of protection, the encrypted export/import feature (PRO) means you can back up your index without exposing plaintext.
I've written more about how the privacy trade-offs compare across browser extensions if you want a deeper look at how to evaluate extensions for privacy.
Layer 4: Private DNS
Your DNS queries reveal every domain you visit, even if the page content is encrypted via HTTPS. Your ISP's default DNS resolver logs these queries. Many ISPs sell that data.
Switching to an encrypted DNS resolver closes this gap. My recommendations:
- Cloudflare 1.1.1.1 with privacy mode (no query logging, DNSSEC)
- NextDNS (configurable blocklists, per-device policies, query log you control)
- AdGuard DNS (built-in tracker blocking at the DNS level)
NextDNS is my current choice because it provides a dashboard showing what's being blocked and lets me customize blocklists per-device. The free tier allows 300,000 queries/month, which is enough for light usage. Heavy users need the paid plan.
Setting encrypted DNS (DNS-over-HTTPS or DNS-over-TLS) can be done at the browser level in both Brave and Firefox, or at the OS level to cover all applications.
Layer 5: Local LLMs for AI Assistance
This is the layer most privacy stacks don't include yet, but I think it'll be standard practice in two or three years.
Cloud AI assistants like ChatGPT, Gemini, and Claude process your queries on remote servers. The content you send (documents you paste, questions you ask, code you share) is transmitted over the internet and processed by third parties. Even with privacy-respecting policies, this is a data exposure risk for anything sensitive.
Ollama runs large language models on your local machine. You download a model, run the Ollama server locally, and interact with it through a local API or a UI like Open WebUI. No internet connection required after download. No queries logged anywhere.
The models I've found most useful for daily work:
- Llama 3 (8B): Good general reasoning, low hardware requirements, handles most writing and Q&A tasks well
- Mistral (7B): Fast, particularly good at summarization and extraction tasks
- Phi-3 Mini: Extremely small, useful on machines with limited RAM
Honest trade-offs: local models are slower than cloud APIs, require a machine with adequate RAM (8-16GB minimum for useful models), and have quality ceilings below frontier cloud models. For sensitive work where you can't send data to a cloud provider, they're invaluable. For complex reasoning tasks, the quality gap is real.
My personal setup pairs Ollama with TraceMind's local history index. When I'm researching a topic, I can search my history for what I've already read on it, then ask a local LLM to help me synthesize or extend that research, without either the history or the synthesis leaving my machine.
Layer 6: Hardening the Extensions You Already Use
Most people don't think carefully about the extensions they've installed. But extensions request broad permissions, including access to all page content on every site you visit, and can transmit that data anywhere.
Before adding any extension, I check:
- What permissions it requests (especially "read and change all your data on all websites")
- Who publishes it (individual vs. company vs. well-known open-source project)
- Whether the source code is public and auditable
- What the privacy policy says about data collection
The Chrome Web Store's extension detail pages now show the permissions more clearly, but you still need to read them actively. An extension with "read browsing history" and "communicate with external servers" permissions is a potential data pipe.
I keep my extension list short. Unnecessary extensions are unnecessary attack surface. For the extensions I do use, I prefer ones with open-source code and a clear local-first architecture.
What this stack does and doesn't protect against
To be clear about the limits:
This stack significantly reduces data collection by ad networks, trackers, and browser vendors. It keeps your history and AI interactions on-device. It closes the DNS query leak. It blocks most third-party scripts from loading.
It does not protect you against websites you're logged into that track your behavior (every major platform does this). It doesn't hide your IP address (use a trustworthy VPN or Tor for that). It doesn't prevent browser fingerprinting entirely, though Brave does more here than most. It doesn't protect against OS-level telemetry, which is a separate problem.
Privacy is a spectrum, not a binary. This stack moves the needle substantially toward the private end without requiring you to abandon normal browser usage.
Starting somewhere is better than starting nowhere
The biggest mistake I see is people treating privacy as all-or-nothing and either going full-paranoid or doing nothing because the problem seems too big. Most of the value comes from the first few changes.
Swap Chrome for Brave: big improvement, zero friction. Add uBlock Origin: catches what Brave misses. Install TraceMind for local history: eliminates the cloud history exposure. Switch DNS to NextDNS: closes the query leak. Add Ollama for sensitive AI work: eliminates cloud AI data exposure for things you can't share.
That's a full stack, and each step is reversible if something doesn't work for you. The TraceMind features page has more detail on the specific privacy architecture if you want to understand what's happening under the hood before installing.
Privacy tools work best when they're invisible. The goal isn't a more complicated browser setup. It's one where your data stays yours without you having to think about it every time you open a tab.