I’ve read this 5-year old peer-review pdf out of Trinity College in Dublin a few times.
Thought I’d share it.
Prof Leith tested the top 6 browsers and discovered on startup, idle, and in use they do some seemingly sketchy things. Eye-opening study in simple language.
Among his many discoveries:
“From a privacy perspective Microsoft Edge and Yandex are
qualitatively different from the other browsers studied. Both
send persistent identifiers than can be used to link requests
(and associated IP address/location) to back end servers. Edge
also sends the hardware UUID of the device to Microsoft
and Yandex similarly transmits a hashed hardware identifier to
back end servers. As far as we can tell this behaviour cannot
be disabled by users.”
These are two separate considerations (but I acknowledge, both important).
@drunkenvicar is referring to what the browser itself is sending home to the creator of the browser, behind the scenes. The browser check by EFF is only checking what the browser might reveal of itself to the websites it visits.
Brave did their own test a year later, citing research by Douglas Leith.
This is actually Brave’s research, so it’s best to take it with a grain of salt.
Here’s the AI’s TL;DR
The review analyzes the first-run network requests of Brave, Chrome, Firefox, Edge, and Opera browsers on Windows 10 to assess user privacy and security.
The methodology involves clearing browser data, capturing network traffic for 10 minutes, minimal user interaction, and analyzing requests made.
Brave had the fewest network requests, all to Brave endpoints, focusing on security and feature updates, with privacy-preserving telemetry.
Chrome attempts to identify the user early, transmits keystrokes, but failed to access any personal or sensitive information; attempts were made to identify GAIA (Google Accounts and ID Administration service).
Firefox had the highest number of requests, primarily security-related, but with aggressive telemetry collection; telemetry payloads contained a client ID and browser session id.
Edge had the earliest and most active third-party advertising strategy, accesses and retrieves much sensitive information from the user’s Windows account, plus redirection-based tracking.
Opera uses Sitecheck to validate URLs, sends data to numerous third-party trackers, and surprisingly makes Android-related requests, included Google Analytics, X (formerly Twitter), and HotJar endpoints.
Transmission of keystrokes and pasted content: Brave didn’t transmit, Chrome and Edge transmitted all input, Firefox transmitted input only after 2 characters.
The second launch of each browser showed variations but generally involved similar requests to the first launch, with some new telemetry and feature update checks.
The review concludes that Brave is the most private, while Edge demonstrates the potential for significant data access via Windows account integration.
edit. The test was run in Windows 10 (Version 20H2, Build 19042.804) desktop computer, with an authenticated Microsoft account.