Browser privacy advice has a bad habit of sounding either magical or hopeless. One camp says a single toggle will make you invisible online. The other says tracking is so sophisticated that you may as well give up and accept every cookie banner with a thousand-yard stare.

The useful answer sits in the middle. You probably cannot make your browser impossible to track, especially if you log into Google, Meta, Amazon, TikTok, Microsoft or your bank in the same browsing life you use for everything else. But you can make tracking harder, noisier and less useful. You can also cut out a lot of the low-effort surveillance that follows people around the web every day.

Here are the browser privacy tricks that actually move the needle, plus the ones that mostly make people feel better without doing much.

Incognito mode is not a privacy shield

Private browsing, incognito mode, InPrivate mode, whatever your browser calls it, is useful. It is just not useful in the way many people think.

Incognito mode mainly stops your browser from saving local history, cookies, form entries and site data after you close the private window. That is handy if you are shopping for a birthday present on a shared family laptop, checking an account on someone else’s computer, or comparing flight and hotel searches without keeping a messy local trail.

It does not make you anonymous to websites. It does not hide your browsing from your internet provider, workplace, school or the Wi-Fi network you are using. It does not stop a site recognising you if you log in. It also will not magically defeat tracking techniques such as IP logging, browser fingerprinting or account-based ad profiling.

Use incognito mode for temporary sessions, not as a cloak. If you are logged into the same account, on the same device, from the same network, the website still has plenty to work with.

Turn on the protections your browser already has

The easiest win is to use a browser with decent privacy protections switched on properly. Firefox is a strong choice for people who want mainstream compatibility without handing every browsing habit to an advertising company. In Firefox, set Enhanced Tracking Protection to Strict. It blocks many known trackers, cross-site cookies, cryptominers and fingerprinting scripts.

Brave is another option if you want more aggressive blocking out of the box, though its crypto-adjacent features are not everyone’s cup of tea. Safari is also solid on Apple devices, particularly because its Intelligent Tracking Prevention limits cross-site tracking in ways that benefit normal users who never touch advanced settings.

Chrome is fast and widely supported, but it comes from Google, whose business is deeply tied to advertising and measurement. You can still make Chrome less leaky, but if privacy is the goal, it is worth asking whether your browser should be made by the company with the biggest incentive to understand what people do online.

Whichever browser you use, go into settings and look for privacy controls rather than assuming defaults are ideal. Block third-party cookies, stop sites from asking for unnecessary permissions, clear old site data occasionally, and disable ad personalisation where the browser offers it.

Install uBlock Origin, then stop installing things

A good content blocker is one of the few browser add-ons that genuinely improves privacy and security for most people. uBlock Origin is the standard recommendation because it is efficient, widely trusted and blocks ads, trackers, malicious domains and annoying page clutter without trying to become a lifestyle brand.

Install it from your browser’s official extension store, keep it updated, and leave the default filter lists alone unless you know what you are doing. More lists are not always better; they can break sites and make troubleshooting harder.

Then be ruthless about every other extension. Extensions can see a lot. Depending on their permissions, they may read and change data on websites you visit, inspect pages, monitor tabs or interact with downloads. That makes them useful, but it also makes them an attack surface. A harmless-looking coupon extension, PDF converter or screenshot tool can become a privacy problem if it is sold, compromised or designed badly from the start.

Do an extension audit. Remove anything you do not actively use. Prefer well-known tools with narrow permissions. Be especially wary of extensions that promise shopping discounts, “AI” summaries across every page, free VPN features, or productivity miracles in exchange for broad access to your browsing.

Separate your browsing lives

One of the most effective privacy habits is not a setting. It is compartmentalisation.

If you use the same browser profile for banking, Gmail, Facebook, YouTube, shopping, news, forums and random searches, trackers can connect a lot of dots. Even when third-party cookies are blocked, logged-in accounts and site scripts can still link activity in ways that are hard to see from the outside.

A practical setup is to use separate browser profiles or containers. Firefox’s Multi-Account Containers are particularly good for this. You can keep Google in one container, Meta-owned services in another, shopping in another, and general browsing somewhere else. Cookies stay separated, so logging into one service does not automatically give it the same view across every tab.

If containers feel fiddly, use separate profiles instead. For example, keep one profile for identity-heavy accounts such as email, banking, myGov and work tools. Use another for shopping and newsletters. Use a third, cleaner profile for general reading, research and casual browsing.

This is not paranoia; it is housekeeping. You would not organise every receipt, password, bank statement and junk flyer into one physical folder called “internet”. Your browser deserves the same basic boundaries.

Kill third-party cookies, but know what replaces them

Third-party cookies are the classic web-tracking tool. They let a company recognise you across different sites, often through ads, social buttons, embedded videos or analytics scripts. Blocking them is a sensible move and most modern browsers now limit them in some form.

In your browser settings, choose the strongest cookie setting you can tolerate. Blocking third-party cookies may occasionally break older login flows, embedded payment widgets or media players, but the modern web is slowly adjusting. If a site breaks, you can usually make a temporary exception rather than weakening privacy everywhere.

That said, cookies are not the whole story. The advertising industry has spent years developing alternatives: link decoration, server-side tracking, device signals, logged-in identity systems and browser fingerprinting. Blocking third-party cookies is still worth doing, but it is a baseline, not a finish line.

Also watch cookie banners. “Reject all” is often the right button, but some sites make it deliberately annoying to find. In Australia, privacy law is not as cookie-specific as Europe’s GDPR regime, so local sites can vary wildly in how clear and respectful they are. Do not mistake a banner for meaningful restraint.

Use DNS-over-HTTPS, with realistic expectations

DNS is the internet’s address book. When you visit a site, your device needs to look up where that domain lives. Traditionally, those lookups can be visible to your internet provider or network operator. DNS-over-HTTPS, usually shortened to DoH, encrypts those lookups between your browser and the DNS provider.

That can be useful on public Wi-Fi, share-house networks, hotel connections and other places where you do not fully trust the network. Firefox, Chrome, Edge and other major browsers offer DoH settings, though the exact menus change over time.

DoH does not hide everything. Your internet provider may still see the IP addresses you connect to, and websites still see your visits once you arrive. It also shifts trust from one party to another: instead of your ISP handling DNS, a provider such as Cloudflare, Google, Quad9 or another resolver may handle it. Pick one with a clear privacy policy and a good reputation, not a random resolver from a forum post.

For most Australians, DoH is a useful privacy improvement, especially on networks you do not control. It is not a complete tunnel for your browsing.

Understand fingerprinting before chasing perfect anonymity

Browser fingerprinting is tracking without relying purely on cookies. Sites can inspect signals such as your browser version, screen size, operating system, installed fonts, time zone, language, graphics behaviour and other technical details. Combined, those signals can make your browser stand out.

The frustrating part is that fighting fingerprinting can itself make you more distinctive. If you install five obscure anti-fingerprinting extensions and change a dozen advanced settings, your browser may become less common, not more private.

This is why mainstream, coordinated protections are usually better than bespoke tinkering. Firefox’s fingerprinting resistance features, Safari’s privacy protections and Brave’s built-in defences are designed to make groups of users look more alike. The Tor Browser goes much further, but it is built for a different threat model and can be slower or less convenient for everyday use.

For normal browsing, aim to reduce tracking rather than win an invisibility contest. Use a privacy-respecting browser, block trackers, separate accounts, limit extensions and avoid logging into identity accounts everywhere. That combination is boring, which is exactly why it works.

Where a VPN helps, and where it does not

A VPN can help with one specific part of browser privacy: it hides your real IP address from websites and hides your browsing destinations from your internet provider, local network or public Wi-Fi operator. That can be useful when travelling, using airport Wi-Fi, working from a café, or reducing how much your ISP can infer from your browsing.

A VPN does not stop logged-in tracking. If you sign into Google, Facebook, Amazon, Netflix or your favourite online shop, those services still know it is you. A VPN also does not remove cookies, block trackers, prevent fingerprinting or make dodgy extensions safe.

Using a VPN to access region-specific catalogues may be lawful for a consumer, but it can breach a streaming platform’s terms of service. The realistic worst case for most people is not a courtroom drama; it is the stream being blocked, the VPN server being detected, or the account being asked to reconnect without the VPN.

Choose a reputable paid VPN if you need one. Be wary of free VPNs, especially browser extensions, because routing your traffic through a company is an act of trust. If the product is free and expensive to run, ask how it pays for servers.

Keep the boring habits

The privacy tricks that work are not very cinematic. Use a browser with strong tracking protection. Install uBlock Origin. Block third-party cookies. Use separate profiles or containers. Turn on DNS-over-HTTPS if it suits your setup. Keep extensions to a minimum. Use a VPN when you need IP and network privacy, not as a cure-all.

Just as importantly, ignore the theatre. Incognito mode is for local tidiness, not anonymity. “Do Not Track” is mostly a polite request that many sites have little reason to honour. Fancy anti-tracking extensions can help, but too many can make your browser messy, fragile and oddly unique.

The goal is not to disappear from the internet. It is to stop making tracking effortless. A few sensible browser choices will do more than a dozen magic toggles ever will.