cancel
Showing results for 
Search instead for 
Did you mean: 

General Discussions

Study finds Brave to be the most private browser

Are you concerned about your web browser sending data back to the company that created it? A new study, Web Browser Privacy: What Do Browsers Say When They Phone Home?, looked at the six popular desktop web browsers Google Chrome, Mozilla Firefox, Microsoft Edge (Chromium-based), Apple Safari, Brave, and Yandex, to uncover what these browsers send back to the mothership.

If you just want the result, the study found that used out of the box, Brave "is by far the most private of the browsers studied" followed by Chrome, Firefox and Safari. Brave is the only web browser that did not use identifiers that allowed tracking of the IP address over time and did not share details of web pages visited to backend servers.

Chrome, Firefox and Safari used identifiers that are linked to the browser instance that persist over sessions and all three share web page details with backend servers via the browser's search autocomplete functionality.

The study found the Chromium-based Microsoft Edge web browser and Yandex to do worse than the other browsers of the test. Both send identifiers linked to the device hardware which means that the identifier persists even across installations. Edge sends the hardware UUID to Microsoft, and Yandex transmits a "hash of the hardware serial number and Mac address". Both also appear to send web page information to servers that "appear unrelated to search autocomplete".

The researcher logged all network connectivity on the devices the browsers ran on. Chrome connections using QUIC/UDP had to be blocked so that the browser would fall back to TCP. To inspect encrypted data, mitmdump was used and since leftovers can be an issue, extra care was used to delete all traces of previous installations from the systems.

The test design was repeated multiple times for each browser.

  1. Start the browser from a fresh install/new user profile.
  2. Paste a URL into the address bar, press Enter, and record the user activity.
  3. Close the browser and restart, record network activity.
  4. Start the browser from a fresh install/new user profile and monitor network activity for 24 hours.
  5. Start the browser from a fresh install/new user profile, type a URL and monitor traffic.

The conclusion

For Brave with its default settings we did not find any use of identifiers allowing tracking of IP address over time, and no sharing of the details of web pages visited with backend servers. Chrome, Firefox and Safari all share details of web pages visited with backend servers. For all three this happens via the search autocomplete feature, which sends web addresses to backend servers in realtime as they are typed. In addition, Firefox includes identifiers in its telemetry transmissions that can potentially be used to link these over time. Telemetry can be disabled, but again is silently enabled by default. Firefox also maintains an open websocket for push notifications that is linked to a unique identifier and so potentially can also be used for tracking and which cannot be easily disabled. Safari defaults to a poor choice of start page that leaks information to multiple third parties and allows them to set cookies without any user consent. Safari otherwise  made no extraneous network connections and transmitted no persistent identifiers, but allied iCloud processes did make connections containing identifiers.

From a privacy perspective Microsoft Edge and Yandex are qualitatively different from the other browsers studied. Both send persistent identifiers than can be used to link requests (and associated IP address/location) to back end servers. Edge also sends the hardware UUID of the device to Microsoft and Yandex similarly transmits a hashed hardware identifier to back end servers. As far as we can tell this behaviour cannot be disabled by users. In addition to the search autocomplete functionality that shares details of web pages visited, both transmit web page information to servers that appear unrelated to search autocomplete.

Closing Words

The researcher analyzed the default state of the browsers and found that Brave had the most privacy friendly settings. At least some of the browsers may be configured to improve privacy by changing the default configuration, e.g. disabling autocomplete functionality.

Study finds Brave to be the most private browser - gHacks Tech News 

0 Likes
10 Replies

I am going try out Brave and see if it is as convenient as Firefox or Chrome as far as extensions and features goes. 

If I do like Brave, I will probably replace Chrome and then delete Chrome.

Less Google software I have the better.

EDIT: Deleted Chrome Browser and kept Brave browser. Brave seems to be a hybrid of Firefox & Chrome browsers.  My Mcafee extension which doesn't work in either Firefox or Chrome works in Brave. Also I needed to add an exemption to AMD Forums to enable Javascript which is automatically disabled in Brave.

Brave uses Chrome Webstore for its extensions download.

Overall, nice Browser. Will take me awhile to get the browser to look the way I want it, e.g. Large Toolbar icons and add more extensions.

I'll give it a try also..never heard of it before. I would like to replace Firefox.

0 Likes

Remember Brave is based on Chromium as well. Also if you look at the conclusions, and the whole study, their complaints with Firefox were things which "could be used for tracking", but were not.

Personally I'm sticking with Firefox, DNS over HTTPS enabled, and Cloudflare's DNS set in Windows instead of my ISP's DNS server.

0 Likes

And, as Mozilla stated in their response to the study, as published on Ars Technicana.

Interesting that they did not test Opera. Opera allows you to opt out of tracking. They also only use your data if you choose to sync between browsers and then it is encrypted as well. They are the only ones with a free VPN which is even more secure than anything offered by the others. 

0 Likes

Yeah I thought that too. Opera is my main browser...Firefox is backup.

0 Likes

Strangely enough, I found out Brave was founded by one of the Co-founders of Mozilla creators of Firefox.

Is Brave browser a VPN?
Brave Browser is an open-source web browser founded by the inventor of JavaScript and co-founder of Mozilla. ... However, using Brave Browser alone is not secure enough, unless it is combined with VPN. A Virtual Private Network, also known as a VPN is a private, encrypted connection between your computer and VPN's servers.Nov 13, 2019

Best VPN for Brave browser on Windows 10 [2020 Guide] : Best VPN for Brave browser on Windows 10 [2020 Guide] 

 

0 Likes

I wasn't aware there was a new browser until you posted your article about safe browsers.

Brave Browser Release date was November 13, 2019 since it is very new.

EDIT: About Brave and VPNs. I just had an issue with a couple of Website not working and found out it was my VPN causing the issue (Brave Forum helping troubleshoot). But one fact that came out was that the VPN's Ad Blocking feature should be disabled. According to the Brave Forum User helping me, Brave has its own Ad blocking feature which seems to be in conflict with the VPN's Ad Blocking feature. Now everything is working smoothly with my VPN active.

I guess I did know about it ??

https://community.amd.com/thread/232517 

Brave is a copyright infringer by nature. Beware I am considering suing the developer for commercial infringement at the maximum rate for derived copies of content. Every page on the internet at $150,000 per.

If I was really evil, every user could be sued as well.

Use Chrome and allow websites to eat. Otherwise they will all go dark fast.

0 Likes