Study of major web browsers finds all but Brave send user data to backend servers

A study published (PDF) this week by the School of Computer Science and Statistics at Trinity College Dublin found that the six major web browsers can be separated into three tiers in regards to out of the box privacy. The study looked at six browsers: Google Chrome, Mozilla Firefox, Apple Safari, Brave Browser, Microsoft Edge, and Yandex Browser. A family of easily reproducible tests were uniformly performed with all six browsers. The tests evaluated data shared in the following scenarios:

  1. on first startup of a fresh browser install
  2. on browser close and restart
  3. on pasting a URL into the top bar
  4. on typing a URL into the top bar
  5. when a browser is sitting idle.

The study split the tested browsers into three categories based on its findings, with Brave in its own category:

Used “out of the box” with its default settings Brave is by far the most private of the browsers studied. We did not find any use of identifiers allowing tracking of IP address over time, and no sharing of the details of web pages visited with backend servers.

Chrome, Firefox, and Safari were placed in the second category, as less private than Brave, but more so than Edge and Yandex. The three in this second category were found to share information regarded webpages visted with backend servers by way of the search autocomplete feature. Web addresses are sent back to these servers in real time as they are typed into the search bar. This data is tagged with an identifier tied to the browser instance, including the user’s IP address. The identifier persists across browser restarts, linking a user’s web activity and IP address over time.

The three browsers can be configured to preserve more of a user’s privacy, but most users are not aware of these issues and will not address them. Additionally, Firefox was found to have an open WebSocket for push notifications that is linked to a unique identifier. This WebSocket could potentially be used for tracking, but cannot be easily disabled.

From a privacy perspective Microsoft Edge and Yandex are qualitatively different from the other browsers studied.

The identifiers sent by Edge and Yandex are tied to device hardware, which means user web activity can be tracked across fresh browser installs. According to the study, this behavior cannot be disabled. Both browsers were also found to transmit additional webpage information seemingly unrelated to the search autocomplete feature.

0 0 votes
Article Rating
Nathan Wasson

Inquiring mind, tech journalist, car enthusiast, gamer.

Subscribe
Notify of
guest

5 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
TraceFree
2 years ago

While Brave is a good step with online privacy, I suggest Googling “CNAME cloaking” to see how “private” Brave really is.
A much better private and secure solution (which isn’t being talked about) is the virtual private browser. Websites never touch the user’s computer..doesn’t get more private and secure than that.

Liron
Liron
2 years ago
Reply to  Sweatshopking

If you’re not the customer, you’re the product
…but if you are the customer, then you’re even more the product.

willmore
willmore
2 years ago
Reply to  Wirko

yes.

Wirko
Wirko
2 years ago
Reply to  Sweatshopking

Was the first word supposed to be “Being” or “Bing”?

Sweatshopking
Sweatshopking
2 years ago

Bring less private than even Google is not a good look, ms.

5
0
Would love your thoughts, please comment.x
()
x

Pin It on Pinterest

Share This

Share this post with your friends!