Are you concerned about your web browser sending data back to the company that created it? A new study, Web Browser Privacy: What Do Browsers Say When They Phone Home?, looked at the six popular desktop web browsers Google Chrome, Mozilla Firefox, Microsoft Edge (Chromium-based), Apple Safari, Brave, and Yandex, to uncover what these browsers send back to the mothership.
If you just want the result, the study found that used out of the box, Brave "is by far the most private of the browsers studied" followed by Chrome, Firefox and Safari. Brave is the only web browser that did not use identifiers that allowed tracking of the IP address over time and did not share details of web pages visited to backend servers.
Chrome, Firefox and Safari used identifiers that are linked to the browser instance that persist over sessions and all three share web page details with backend servers via the browser's search autocomplete functionality.
The study found the Chromium-based Microsoft Edge web browser and Yandex to do worse than the other browsers of the test. Both send identifiers linked to the device hardware which means that the identifier persists even across installations. Edge sends the hardware UUID to Microsoft, and Yandex transmits a "hash of the hardware serial number and Mac address". Both also appear to send web page information to servers that "appear unrelated to search autocomplete".
The researcher logged all network connectivity on the devices the browsers ran on. Chrome connections using QUIC/UDP had to be blocked so that the browser would fall back to TCP. To inspect encrypted data, mitmdump was used and since leftovers can be an issue, extra care was used to delete all traces of previous installations from the systems.
The test design was repeated multiple times for each browser.
For Brave with its default settings we did not find any use of identifiers allowing tracking of IP address over time, and no sharing of the details of web pages visited with backend servers. Chrome, Firefox and Safari all share details of web pages visited with backend servers. For all three this happens via the search autocomplete feature, which sends web addresses to backend servers in realtime as they are typed. In addition, Firefox includes identifiers in its telemetry transmissions that can potentially be used to link these over time. Telemetry can be disabled, but again is silently enabled by default. Firefox also maintains an open websocket for push notifications that is linked to a unique identifier and so potentially can also be used for tracking and which cannot be easily disabled. Safari defaults to a poor choice of start page that leaks information to multiple third parties and allows them to set cookies without any user consent. Safari otherwise made no extraneous network connections and transmitted no persistent identifiers, but allied iCloud processes did make connections containing identifiers.
From a privacy perspective Microsoft Edge and Yandex are qualitatively different from the other browsers studied. Both send persistent identifiers than can be used to link requests (and associated IP address/location) to back end servers. Edge also sends the hardware UUID of the device to Microsoft and Yandex similarly transmits a hashed hardware identifier to back end servers. As far as we can tell this behaviour cannot be disabled by users. In addition to the search autocomplete functionality that shares details of web pages visited, both transmit web page information to servers that appear unrelated to search autocomplete.
The researcher analyzed the default state of the browsers and found that Brave had the most privacy friendly settings. At least some of the browsers may be configured to improve privacy by changing the default configuration, e.g. disabling autocomplete functionality.
Study finds Brave to be the most private browser - gHacks Tech News
I am going try out Brave and see if it is as convenient as Firefox or Chrome as far as extensions and features goes.
If I do like Brave, I will probably replace Chrome and then delete Chrome.
Less Google software I have the better.
Brave uses Chrome Webstore for its extensions download.
Overall, nice Browser. Will take me awhile to get the browser to look the way I want it, e.g. Large Toolbar icons and add more extensions.
I'll give it a try also..never heard of it before. I would like to replace Firefox.
Remember Brave is based on Chromium as well. Also if you look at the conclusions, and the whole study, their complaints with Firefox were things which "could be used for tracking", but were not.
Personally I'm sticking with Firefox, DNS over HTTPS enabled, and Cloudflare's DNS set in Windows instead of my ISP's DNS server.
And, as Mozilla stated in their response to the study, as published on Ars Technicana.
Interesting that they did not test Opera. Opera allows you to opt out of tracking. They also only use your data if you choose to sync between browsers and then it is encrypted as well. They are the only ones with a free VPN which is even more secure than anything offered by the others.
Yeah I thought that too. Opera is my main browser...Firefox is backup.
Strangely enough, I found out Brave was founded by one of the Co-founders of Mozilla creators of Firefox.
I wasn't aware there was a new browser until you posted your article about safe browsers.
Brave Browser Release date was November 13, 2019 since it is very new.
EDIT: About Brave and VPNs. I just had an issue with a couple of Website not working and found out it was my VPN causing the issue (Brave Forum helping troubleshoot). But one fact that came out was that the VPN's Ad Blocking feature should be disabled. According to the Brave Forum User helping me, Brave has its own Ad blocking feature which seems to be in conflict with the VPN's Ad Blocking feature. Now everything is working smoothly with my VPN active.
Brave is a copyright infringer by nature. Beware I am considering suing the developer for commercial infringement at the maximum rate for derived copies of content. Every page on the internet at $150,000 per.
If I was really evil, every user could be sued as well.
Use Chrome and allow websites to eat. Otherwise they will all go dark fast.