I’ve read this 5-year old peer-review pdf out of Trinity College in Dublin a few times.
Thought I’d share it.
Prof Leith tested the top 6 browsers and discovered on startup, idle, and in use they do some seemingly sketchy things. Eye-opening study in simple language.
Among his many discoveries:
“From a privacy perspective Microsoft Edge and Yandex are
qualitatively different from the other browsers studied. Both
send persistent identifiers than can be used to link requests
(and associated IP address/location) to back end servers. Edge
also sends the hardware UUID of the device to Microsoft
and Yandex similarly transmits a hashed hardware identifier to
back end servers. As far as we can tell this behaviour cannot
be disabled by users.”
These are two separate considerations (but I acknowledge, both important).
@drunkenvicar is referring to what the browser itself is sending home to the creator of the browser, behind the scenes. The browser check by EFF is only checking what the browser might reveal of itself to the websites it visits.
Brave did their own test a year later, citing research by Douglas Leith.
This is actually Brave’s research, so it’s best to take it with a grain of salt.
Here’s the AI’s TL;DR
The review analyzes the first-run network requests of Brave, Chrome, Firefox, Edge, and Opera browsers on Windows 10 to assess user privacy and security.
The methodology involves clearing browser data, capturing network traffic for 10 minutes, minimal user interaction, and analyzing requests made.
Brave had the fewest network requests, all to Brave endpoints, focusing on security and feature updates, with privacy-preserving telemetry.
Chrome attempts to identify the user early, transmits keystrokes, but failed to access any personal or sensitive information; attempts were made to identify GAIA (Google Accounts and ID Administration service).
Firefox had the highest number of requests, primarily security-related, but with aggressive telemetry collection; telemetry payloads contained a client ID and browser session id.
Edge had the earliest and most active third-party advertising strategy, accesses and retrieves much sensitive information from the user’s Windows account, plus redirection-based tracking.
Opera uses Sitecheck to validate URLs, sends data to numerous third-party trackers, and surprisingly makes Android-related requests, included Google Analytics, X (formerly Twitter), and HotJar endpoints.
Transmission of keystrokes and pasted content: Brave didn’t transmit, Chrome and Edge transmitted all input, Firefox transmitted input only after 2 characters.
The second launch of each browser showed variations but generally involved similar requests to the first launch, with some new telemetry and feature update checks.
The review concludes that Brave is the most private, while Edge demonstrates the potential for significant data access via Windows account integration.
edit. The test was run in Windows 10 (Version 20H2, Build 19042.804) desktop computer, with an authenticated Microsoft account.
What you see (humans trigger on dangers; also on what’s mentioned last in a sentence):
Your reaction: Firefox is BAD!
Let’s dissect the sentence a little:
“Firefox had the highest number of requests”
True. They separate requests and check a number of things.
If you didn’t opt-out from the telemetry (you can!), all requests together make for some more.
A high number.
They even tell you in their title: “Comparing the Network Behavior of Popular Browsers on First-Run”. Note the “first run”—they know exactly that with Firefox’ opt-out scheme telemetry data will be sent on the first run, making for more requests, since only then you can go to settings and opt-out!
“primarily security-related”
True. Most of the requests have nothing to do with privacy.
“but with aggressive telemetry collection”
That they do in the browser settings.
And of course transmit, if you don’t opt-out.
“telemetry payloads contained a client ID and browser session id”
Yes. Partly because you didn’t opt out.
But in the few telemetry payloads, not in all requests.
They know that you’ll better remember the last few words of a sentence.
See what sentence they’re building in your mind? Many … security … aggressive … telemetry payloads! → DANGER HERE!
Conclusion after reading carefully: Firefox mostly GOOD. Although it’s objectionable to use an opt-out instead of an opt-in.
Also: Competitor used clever wording to make you think their product is better than competition. Want you to think “With Firefox, almost every request is poisoned with user’s private data!”
Btw, clever thread title, too. When I read “What do browsers say when they phone home?” I immediately thought of stuff like
Firefox: “Hey, mom, my user is watching porn again!”
Professor Leith’s study was very open with OOTB browsers being tested. I don’t know you mean by opt out exactly.
At the end of the day it was Vivaldi, Edge, and Yandex that were the worst out-of-the-box offenders in that study. They cannot be secured like Firefox can so I will give it up for that.
I thought that study was fascinating but one thing hurts it, and you pointed it out: a peer-reviewed study that studied telemetry in browsers you just download an use with no tinkering…
…a study deserves to be done on the same browsers with medium-strict or strict privacy setting enabled. The bottom offenders likely won’t change but Firefox could beat them all hands down if they actually shipped a secure product. The amt of stuff you can strip out, deactivate, delete, and disable is incredible. [I just got sick of doing it].
They’d probably win with a simple Arkenfox or Betterfox profile (I tried them both; did not think they were tough enough personally).
I was mainly referring to what @EOS quoted from the “Brave Browser Comparison”, and @Archie1’s reaction.
Didn’t actually read the study. There are so many things out there called “study” nowadays, and I didn’t want to bother finding out if it was done under scientific conditions, and gives all needed parameters. So-called (non-scientific but nicely worded) “studies” used in advertising have been melting our brains for years now… Usually done by so-called “experts”… Sigh.
Just wanted to encourage everyone to THINK, read carefully, and show some tricks being used.
Back in my university days, after learning FORTRAN, the next thing was SPSS (Statistical Package for the Social Sciences). There are so many ways to present data, and we learned to “Don’t trust any statistics you didn’t fake yourself.”
Since then I’m a rather critical reader (and listener).
I came across a few forks of Firefox. LibreWolf, WaterFox, Floorp.
Maybe they will be better than Firefox. Though the underlying problem still remains. They are all based on Gecko and Firefox. If Mozilla foundation goes belly up, which it might post 2026, then these browsers will be moot.
Also Perplexity AI recently has made an open offer for Chrome browser, asking that it be taken off from Google’s hand. A smart move, they can take over the world’s most used browser and then mine its usage for their models. So that it in one way good for privacy and also bad for privacy.