A Relatively Recent Study On Browser Privacy

So I’ve been testing out the new-ish Edge and it works really well, and on the surface it has a lot of settings that would seem like it’s relatively safe in terms of privacy. But I was curious what’s going on on the back-end and I found this article that compares it to other mainstream browsers.

It’s a little bit of a read, but it’s nice to have more in-depth information, compared to the typical tech site comparisons that seem to just make judgements based on settings and company reputation.

TLDR

VIII. CONCLUSIONS

We study six browsers: Google Chrome, Mozilla Firefox,
Apple Safari, Brave Browser, Microsoft Edge and Yandex
Browser. For Brave with its default settings we did not find
any use of identifiers allowing tracking of IP address over
time, and no sharing of the details of web pages visited with
backend servers. Chrome, Firefox and Safari all share details
of web pages visited with backend servers. For all three this
happens via the search autocomplete feature, which sends web
addresses to backend servers in realtime as they are typed.
In Chrome a persistent identifier is sent alongside these web
addresses, allowing them to be linked together. In addition,
Firefox includes identifiers in its telemetry transmissions that
can potentially be used to link these over time. Telemetry can
be disabled, but again is silently enabled by default. Firefox
also maintains an open websocket for push notifications that
is linked to a unique identifier and so potentially can also
be used for tracking and which cannot be easily disabled.
Safari defaults to a choice of start page that potentially
leaks information to multiple third parties and allows them
to preload pages containing identifiers to the browser cache.
Safari otherwise made no extraneous network connections
and transmitted no persistent identifiers, but allied iCloud
processes did make connections containing identifiers.

From a privacy perspective Microsoft Edge and Yandex are
qualitatively different from the other browsers studied. Both
send persistent identifiers than can be used to link requests
(and associated IP address/location) to back end servers. Edge
also sends the hardware UUID of the device to Microsoft
and Yandex similarly transmits a hashed hardware identifier to
back end servers. As far as we can tell this behaviour cannot
be disabled by users. In addition to the search autocomplete
functionality that shares details of web pages visited, both
transmit web page information to servers that appear unrelated
to search autocomplete.

I’m not going to pretend like I know what these companies are doing with the data they collect, and I’m not of the mindset that all data collection is bad no matter what, but in general it seems like Brave is the best.

Now if Brave could just fix their damn sync function, then I could actually use it.

5 Likes

Cant you just actually post the TLDR?

y tho?

I’d rather not click a pdf link, please?

Fiiiine. Added to original post.

2 Likes

My TL;DR is basically if you go on the internet with a common browser you’re going to be tracked. The difference is how much and by who.

3 Likes

Ya pretty much. And I think there is like an acceptable amount/type of data that can be collected, as well as what that data is being used for.

Like if MS wants to check what browser version I’m using, I don’t care. But if my Apple Watch was telling Gatorade when my workouts were finished and Gatorade started sending me ads whenever I finished a workout, I would get rid of it.

Having a quick look through it appears they may have made an error in their testing in presuming Edge is “clean” on “install”. The telemetry they talk about is Windows telemetry controlled by the Diagnostics & Feedback settings in Windows and other Microsoft product integrations.

The ‘much more troubling’ domain they mention self.events.data.microsoft.com is just Office 365 integration1 which shows up if you have Microsoft Office applications installed on the OS.

That they don’t cover this and test for this suggests that its a learning student who’s made this paper. I would have hoped, so we could excuse some of the bias and poor and missed research. Unfortunately I just looked up the author while writing this and its a professor at the university. I’m disappointed.


[1] https://docs.microsoft.com/en-us/windows/privacy/manage-windows-1903-endpoints

7 Likes

Brave the best? They collect everything.

You are the best browser, for bringing the TL:DR to us…

1 Like

Lol. I find most privacy zealots often have no idea what they’re talking about. Good to know university funded research yields the same results.

2 Likes