Brave comes out on top in browser privacy study

By contrast, two other web browsers share identifiers that are tied to the device hardware and so persist even across fresh installs

By contrast, two other web browsers share identifiers that are tied to the device hardware and so persist even across fresh installs

If you’re a privacy buff, you might be best served by using Brave as your main browser, according to a study published recently. Google Chrome, Safari, Firefox, Microsoft Edge and Yandex Browser were also scrutinized.

Professor Douglas J. Leith of Trinity College Dublin assessed the privacy risks that were associated with the backend data exchange between browsers and their makers’ respective servers that takes place during general web surfing. The study conducted several tests to find out if the browsers track users’ IP addresses over time and whether they leak details of the web pages visited.

To assess this fairly, the researcher combed through the shared data in several scenarios – on startup, after a fresh install, after it was closed and opened again, after both pasting and typing a URL into the address bar, and when the browser was just sitting idle. Based on the tests’ results, the browsers were divided into three privacy categories.

Brave was the most private of the pack, ending up in a class of its own when tested in its out-of-the-box settings. Prof. Leith wasn’t able to find any kind of identifiers that would allow IP address tracking over time, nor were there any signs of the browser sending details of the visited webpages to backend servers.

Chrome, Safari and Firefox – which between them account for more than 85 percent of the browser market share – all ended up in the second category. All have been recorded to tag data with identifiers that persist through restarts but are not available if you do a fresh install of their browsers. They also share details about the visited pages with the backend servers of the browser’s respective maker. This occurs when the browser uses the autocomplete feature, which sends the data to backend servers in real-time. The option is enabled by default, but you can turn it off if you’re willing to dig into the settings.

Firefox has identifiers in its telemetry transmission, which is again set up by default but can be switched off. It also maintains an open web socket for push notifications, using a unique identifier that could be used for tracking. This, too, can be disabled, but it’s not something an average user will normally deal with.

RELATED READING: 3 ways to browse the web anonymously

Turning to Safari, Prof. Leith criticized the way Apple’s browser shares data: “Safari defaults to a poor choice of start page that leaks information to multiple third parties (Facebook, Twitter, etc, sites not well known for being privacy friendly) and allows them to set cookies without any user consent.”

Safari is also the most data greedy of the bunch when it comes to autocomplete behavior, generating 32 requests to both Google and Apple. The requests to the latter include identifiers that persist across browser restarts and can be used to piece together your browsing history.

The study goes on to summarize that all three browsers can indeed be made more private, except that you need to be a bit tech-savvy, since most of the privacy-enhancing options are turned off by default and hidden in the settings.

Moving on, Yandex and Microsoft Edge bring up the rear. Lumped together in the last category, both were observed sending identifiers tied to the device’s hardware. Edge contacts its Microsoft home base with the device’s UUID, an identifier that would be challenging to change if you tried. Yandex, for its part, sends a hash of the hardware serial number and MAC address to backend servers. As a result, these identifiers will likely persist, no matter how many times you do a fresh install of these browsers.

With privacy increasingly in the spotlight, tech giants are trying to alleviate users’ concerns on how their data is handled and shared. As an example, Google recently announced plans to phase out support for third-party cookies in Chrome whereas Firefox has started turning on DNS over HTTPS for users in the US by default.

Sign up to receive an email update whenever a new article is published in our Ukraine Crisis – Digital Security Resource Center