Read this article in Español.
How your browser handles sensitive data is crucial to your privacy online.
Most people trust their browser to do the best for them and for that reason when it comes to privacy, the defaults can be more important than customization.
We ship Vivaldi with a set of carefully chosen defaults that let you reap privacy and usability benefits at the same time.
We believe that you should understand why we’ve picked the defaults we’ve picked, and thus give you the peace of mind you need online.
Knowledge will also empower you to tweak and take control should you feel the need for this. Yes, in Vivaldi, you can turn on and off all privacy settings.
- In Vivaldi you get a multitude of options to keep your data safe – our settings are pretty comprehensive.
- We keep our privacy settings grouped together for easy access – most settings are listed under Privacy with the exception of Search-related privacy settings which are listed under Search.
- Opt-in / opt-out of Google services – although Vivaldi doesn’t track or store any of your data, we use third-party services for some features and it’s important that you understand what these settings mean.
Let’s take a look at the settings.
Phishing and malware protection
It’s the browser’s job to check whether a website is fraudulent or serves malware. The browser needs to get the most up to date information since a website could have been hacked right before your visit. For that, we need a service that can keep up with the pace of phishing site creation.
Vivaldi integrates the Safe browsing API from Google, which checks against a master blacklist of known suspected phishing and malware sites – sites that pretend to be a different website and trick you into divulging your username, password, or other sensitive stuff, or websites that offer malware for download.
In order to avoid sending a full list of your visited websites to the service provider for checking (which would be very bad for privacy), the service provider gives Vivaldi a “filter” – a small file which describes every URL that is known to be malicious, using an approximation method.
We recommend that you keep Google Phishing and Malware Protection enabled.
If you would like to disable it, you can do this from Settings > Privacy but make sure you understand the implications.
Resolving navigation errors with DNS
The Google DNS Service will give you the IP address of the website you want to visit in case your ISP (Internet Service Provider) fails to do so properly (in some cases the ISP may have faulty DNSs).
For some of you, this service will not be extremely useful, as your ISP is probably doing a good job already. For others, it will be helpful, e.g. if you live in parts of the world where ISPs routinely return errors in order to blacklist banned websites. With the Google DNS Service enabled, you have a workaround that gives you access to websites blocked via DNS.
The privacy implications of this, of course, are that they also see your typos, like “vvaldi.com” and can, therefore, work out what website you are trying to visit.
The Google DNS server addresses – 188.8.131.52 and 184.108.40.206 – have been hardcoded into Chromium, on which Vivaldi is built. In the future, we may consider switching to something else, for example, Cloudflare’s 220.127.116.11. For now, you can opt out by unchecking “Use Google DNS Service to Help Resolve Errors” in the Privacy settings.
You can save time by letting your browser fill out forms automatically with saved info, like your address or payment details. Autofill falls into the category of sensitive data you store in your profile, such as passwords, notes, and bookmarks. When you enter info in a new form online, Vivaldi might ask you to save it.
For this functionality, we use Chromium’s autofill feature. It does not send your personal information to Google, only the types of data you submit. Detailed information of what is shared can be found here.
Autofill is enabled by default, but it can be turned off at any time in Vivaldi’s privacy settings.
Search in the address field
When you type “vivaldi com” by accident instead of “vivaldi.com”, it will end up sending that to your selected search engine. It will do this for anything you type which does not appear to match a URL pattern.
Some of you would not want that to be leaked to your search engine. Disabling this option allows you to get an error page instead. The choice is yours!
No other browser gives you as much control over your searches as Vivaldi. But do you know why we have built in so many options when it comes to search suggestions?
When you start typing in the search or address field, your search engine will offer to autocomplete the search term before you’ve even finished typing.
As convenient as this may be, search suggestions have significant privacy implications. Everything you type is sent to your selected search engine (even if you don’t perform a search), and this can be quite revealing.
This is the reason Vivaldi does not enable search suggestions by default.
And a bit of a pro tip. You can modify the suggest URL for individual search engines meaning that you can use the suggest URL of a private alternative (for example DDG) on engines that you don’t want to share any info with (Bing or Google).
Block Ads on Abusive Sites
We’ve just added new functionality to block ads that use abusive technologies and ads designed to be misleading. This functionality stops ads from sites that for example use pop-ups which prevent you from leaving the site.
This feature gives the browser access to a blocklist that has been enabled by default and can be turned off at any time. The blocklist is hosted on our end-to-end encrypted servers. The blocklist will give us the opportunity to consider adding similar, related functionality in the future and rely less on third-party services.
Update: Vivaldi Browser now features fully armed Ad Blocker with many settings and support for custom blocking lists.
Do Not Track
When you enable Do Not Track, each time you connect to a website the browser sends a request asking the website not to track you. It’s a polite way of asking websites to not set tracking cookies.
The Do Not Track check box can provide a false sense of security though. While a few websites will pay attention to the browser’s request, the vast majority will ignore the stated preference. Most websites – especially the ones you want to avoid – aren’t interested in obeying this request.
With just a couple of clicks, Vivaldi (starting from Vivaldi 3.0) blocks known tracking services, using a blocker list provided by DuckDuckGo’s Tracker Radar. If a website tries to embed content – an advert, a tracking “pixel”, a frame, a script, etc. – from a known tracker, the resource will be ignored, and the tracker service never gets to see any requests. This prevents them from receiving identifying tokens like cookies, and prevents them from being able to inject scripts into the page that might track you by other means. You can enable other default tracker blocker lists, or add lists of your own from other sources.
You can also ask it to block other ads too, but by default, the browser only blocks the ones that do tracking. After all, websites are often funded by advertising, and you might not want to penalise a website that uses advert suppliers who respect your privacy.
You can block trackers and ads per site if needed, by clicking the shield icon in the address field. This should allow you to optionally block ads only on a particular site where the ads are causing problems, but which were not removed by the Abusive-Ad Blocker.
This is only really important if you use a VPN for privacy. Normally, websites can see your IP address when you connect. VPNs allow you to hide your IP address from a website. However, websites can use WebRTC to check your real IP address (though often they just end up seeing your internal network IP address, like 192.168.2.10, which is not particularly privacy invasive). By disabling IP broadcasting, you prevent this, so you regain your privacy when using a VPN.
Note that it can also help hide the details of your internal network IP address if that was being broadcast. If you wanted to hide this information from websites, even when not using a VPN, you could use this option for that.
WebRTC does not affect performance. Disabling it can sometimes cause websites not to function correctly, particularly some peer-to-peer web chat systems.
We do recommend that you keep “Broadcast IP for Best WebRTC Performance” checked.
Not all cookies are bad, and not all are used to profile a user. They let you continue to access an authenticated website without re-entering your login password on every page. They’re also used to display content from third parties, such as ads, an embedded video or, indeed, our comments section on vivaldi.com.
You can view, manage and remove all stored cookies in your privacy settings.
* * *
We’ve arrived at our set of defaults after giving this some thought. There is another downside to tweaking the default settings – you will stand out more from the crowd. “Do Not Track” is a good example. It doesn’t bring much value yet websites will know that you’ve requested it, and can use this to target you, e.g. advertisers directing “privacy” products at you.