Study finds Brave to be the most private browser

[Karlston]

Study finds Brave to be the most private browser

Are you concerned about your web browser sending data back to the company that created it? A new study, Web Browser Privacy: What Do Browsers Say When They Phone Home?, looked at the six popular desktop web browsers Google Chrome, Mozilla Firefox, Microsoft Edge (Chromium-based), Apple Safari, Brave, and Yandex, to uncover what these browsers send back to the mothership.

 

If you just want the result, the study found that used out of the box, Brave "is by far the most private of the browsers studied" followed by Chrome, Firefox and Safari. Brave is the only web browser that did not use identifiers that allowed tracking of the IP address over time and did not share details of web pages visited to backend servers.

 

 

Chrome, Firefox and Safari used identifiers that are linked to the browser instance that persist over sessions and all three share web page details with backend servers via the browser's search autocomplete functionality.

 

The study found the Chromium-based Microsoft Edge web browser and Yandex to do worse than the other browsers of the test. Both send identifiers linked to the device hardware which means that the identifier persists even across installations. Edge sends the hardware UUID to Microsoft, and Yandex transmits a "hash of the hardware serial number and Mac address". Both also appear to send web page information to servers that "appear unrelated to search autocomplete".

 

The researcher logged all network connectivity on the devices the browsers ran on. Chrome connections using QUIC/UDP had to be blocked so that the browser would fall back to TCP. To inspect encrypted data, mitmdump was used and since leftovers can be an issue, extra care was used to delete all traces of previous installations from the systems.

 

The test design was repeated multiple times for each browser.

1. Start the browser from a fresh install/new user profile.
2. Paste a URL into the address bar, press Enter, and record the user activity.
3. Close the browser and restart, record network activity.
4. Start the browser from a fresh install/new user profile and monitor network activity for 24 hours.
5. Start the browser from a fresh install/new user profile, type a URL and monitor traffic.

The conclusion

For Brave with its default settings we did not find any use of identifiers allowing tracking of IP address over time, and no sharing of the details of web pages visited with backend servers. Chrome, Firefox and Safari all share details of web pages visited with backend servers. For all three this happens via the search autocomplete feature, which sends web addresses to backend servers in realtime as they are typed. In addition, Firefox includes identifiers in its telemetry transmissions that can potentially be used to link these over time. Telemetry can be disabled, but again is silently enabled by default. Firefox also maintains an open websocket for push notifications that is linked to a unique identifier and so potentially can also be used for tracking and which cannot be easily disabled. Safari defaults to a poor choice of start page that leaks information to multiple third parties and allows them to set cookies without any user consent. Safari otherwise  made no extraneous network connections and transmitted no persistent identifiers, but allied iCloud processes did make connections containing identifiers.

 

From a privacy perspective Microsoft Edge and Yandex are qualitatively different from the other browsers studied. Both send persistent identifiers than can be used to link requests (and associated IP address/location) to back end servers. Edge also sends the hardware UUID of the device to Microsoft and Yandex similarly transmits a hashed hardware identifier to back end servers. As far as we can tell this behaviour cannot be disabled by users. In addition to the search autocomplete functionality that shares details of web pages visited, both transmit web page information to servers that appear unrelated to search autocomplete.

Closing Words

The researcher analyzed the default state of the browsers and found that Brave had the most privacy friendly settings. At least some of the browsers may be configured to improve privacy by changing the default configuration, e.g. disabling autocomplete functionality.

 

 

Source: Study finds Brave to be the most private browser (gHacks - Martin Brinkmann)

[zanderthunder]

Looks like we have number one contender to Tor's bundled web browser.

[steven36]

4 hours ago, zanderthunder said:

Looks like we have number one contender to Tor's bundled web browser.

The study  did not include TOR Browser  , The test was based on how much browsers call home  and this not really new info as i read it before Brave calls home less  than these  other browsers ,  Tor Browser has been heavily modified not to call back home so has my Firefox browser  and i even have stuff in my host files  to block telemetry . I dont use windows  very often or do Linux even have EDGE  yet so what Microsoft  does is a Windows users problem .  The difference is since Firefox  is open source you can  fork it  or edit the about config  were it dont hardly call home at all. Brave is  a heavily modified version of Chromium but there is others they did not test . Also this test did not cover fingerprintg and  does thee builtin protection make you unique .

 

Even a mod at  Brave reddit tells us  TOR Browser is better with a price  Tor slows your internet browsing down and blocking too much scripts break sites 

 

 

the Brave DEVs  run there  own test  on these  browsers and more and tweak theirs to call home the lest . The others  Browsers Devs don't do this, by default  they all call home more , except  for  TOR  and some other browsers they dont test .

 

Here are the last test Brave Ran

https://brave.com/brave-tops-browser-first-run-network-traffic-results/

 

At the time EDGE CR  was in Beta  and Firefox called home the most so the only thing new  this  tells  us  is EDGE CR stable  calls home more .

 

 

As far  as the OP Business Insider was the the 1st to report on it

 

A new report shows the most popular web browsers in the world are sending companies your history or personal data. Here's how each browser's privacy stacks up.

https://www.businessinsider.com/web-browsers-privacy-concerns-chrome-firefox-safari-edge-yandex-2020-2

 

My freind sent me this Link yesterday in a IM.

[capt_blake]

On 2/25/2020 at 9:51 AM, Karlston said:

The study found the Chromium-based Microsoft Edge web browser and Yandex to do worse than the other browsers of the test. Both send identifiers linked to the device hardware which means that the identifier persists even across installations. Edge sends the hardware UUID to Microsoft, and Yandex transmits a "hash of the hardware serial number and Mac address". Both also appear to send web page information to servers that "appear unrelated to search autocomplete".

aren't they total f#$%ing douchebags🙂
wouldn't you agree...?😊
no Credge for me🙃.