So I’ve been testing out the new-ish Edge and it works really well, and on the surface it has a lot of settings that would seem like it’s relatively safe in terms of privacy. But I was curious what’s going on on the back-end and I found this article that compares it to other mainstream browsers.
It’s a little bit of a read, but it’s nice to have more in-depth information, compared to the typical tech site comparisons that seem to just make judgements based on settings and company reputation.
TLDR
VIII. CONCLUSIONS
We study six browsers: Google Chrome, Mozilla Firefox,
Apple Safari, Brave Browser, Microsoft Edge and Yandex
Browser. For Brave with its default settings we did not find
any use of identifiers allowing tracking of IP address over
time, and no sharing of the details of web pages visited with
backend servers. Chrome, Firefox and Safari all share details
of web pages visited with backend servers. For all three this
happens via the search autocomplete feature, which sends web
addresses to backend servers in realtime as they are typed.
In Chrome a persistent identifier is sent alongside these web
addresses, allowing them to be linked together. In addition,
Firefox includes identifiers in its telemetry transmissions that
can potentially be used to link these over time. Telemetry can
be disabled, but again is silently enabled by default. Firefox
also maintains an open websocket for push notifications that
is linked to a unique identifier and so potentially can also
be used for tracking and which cannot be easily disabled.
Safari defaults to a choice of start page that potentially
leaks information to multiple third parties and allows them
to preload pages containing identifiers to the browser cache.
Safari otherwise made no extraneous network connections
and transmitted no persistent identifiers, but allied iCloud
processes did make connections containing identifiers.
From a privacy perspective Microsoft Edge and Yandex are
qualitatively different from the other browsers studied. Both
send persistent identifiers than can be used to link requests
(and associated IP address/location) to back end servers. Edge
also sends the hardware UUID of the device to Microsoft
and Yandex similarly transmits a hashed hardware identifier to
back end servers. As far as we can tell this behaviour cannot
be disabled by users. In addition to the search autocomplete
functionality that shares details of web pages visited, both
transmit web page information to servers that appear unrelated
to search autocomplete.
I’m not going to pretend like I know what these companies are doing with the data they collect, and I’m not of the mindset that all data collection is bad no matter what, but in general it seems like Brave is the best.
Now if Brave could just fix their damn sync function, then I could actually use it.