Browser Privacy

Web browsers are the most common tool nowadays. Therefore, they are most popular target for any kind of bad people: malware authors, attackers and others.

Further, there is also a huge interest from companies to get data from users. They want to get all kinds of data. And since web browsers are the most common tools, the most obvious way is to cooperate with browser manufacturers to get data.

So far, this are the facts which are known to most privacy concerned people. But since no one can avoid using a browser, most are willing to do a compromise. But which browser does leak the fewest data of all? Method

The premise was, that the browser is free software (open source), with one exception (Vivaldi). Although some proprietary browsers do a good job from a pure technical perspective, most security and privacy experts do agree, that using free and open source software is essential for secure and privacy-aware networking.

The testing was done on Debian 10 on amd64 with some packages from Antix and MX Linux.

The following browsers were tested:

• Firefox ESR 78.3.0
• Midori 1.1.4 (Electron version)
• Vivaldi 3.4.2066
• Brave 1.15.72
• Epiphany 3.32.1.2

The method itself was relatively simple. I created a new user with an empty home directory, so there were no cache or plugins. Every browser was started without any pre-configuration or cache.

At the same time tcpdump was running. I disabled IPv6 for simpleness. I made sure no other network capable program was active and made tcpdump listen to the outgoing network interface.

I started the browser, kept it open for about 10 seconds without any interaction or usage and then closed it. After that I filtered out the http and https traffic and DNS-Queries from the results. And here they are:

Firefox ESR

39 DNS-Queries, 15 HTTP(S)-Requests

DNS-Queries
 A? accounts.firefox.com. (38)
 A? classify-client.services.mozilla.com. (54)
 A? content-signature-2.cdn.mozilla.net. (53)
 A? detectportal.firefox.com. (42)
 A? firefox-settings-attachments.cdn.mozilla.net. (62)
 A? firefox.settings.services.mozilla.com. (55)
 A? location.services.mozilla.com. (47)
 A? mozilla.org. (29)
 A? normandy.cdn.mozilla.net. (42)
 A? ocsp.digicert.com. (35)
 A? ocsp.sectigo.com. (34)
 A? push.services.mozilla.com. (43)
 A? raw.githubusercontent.com. (43)
 A? shavar.services.mozilla.com. (45)
 A? snippets.cdn.mozilla.net. (42)
 A? tracking-protection.cdn.mozilla.net. (53)
 A? www.ebay.de. (29)
 A? www.facebook.com. (34)
 A? www.mozilla.org. (33)
 A? www.reddit.com. (32)
 A? www.wikipedia.org. (35)
 A? www.youtube.com. (33)
 PTR? 0.140.228.54.in-addr.arpa. (43)
 PTR? 113.159.226.13.in-addr.arpa. (45)
 PTR? 113.178.168.192.in-addr.arpa. (46)
 PTR? 1.178.168.192.in-addr.arpa. (44)
 PTR? 139.228.240.44.in-addr.arpa. (45)
 PTR? 14.159.226.13.in-addr.arpa. (44)
 PTR? 158.168.210.34.in-addr.arpa. (45)
 PTR? 195.208.245.63.in-addr.arpa. (45)
 PTR? 219.101.19.2.in-addr.arpa. (43)
 PTR? 22.159.226.13.in-addr.arpa. (44)
 PTR? 244.145.40.52.in-addr.arpa. (44)
 PTR? 29.220.184.93.in-addr.arpa. (44)
 PTR? 34.164.18.104.in-addr.arpa. (44)
 PTR? 36.75.98.34.in-addr.arpa. (42)
 PTR? 55.159.226.13.in-addr.arpa. (44)
 PTR? 64.159.226.13.in-addr.arpa. (44)
 PTR? 9.11.124.104.in-addr.arpa. (43)

HTTP(S):
104.18.164.34.https
36.75.98.34.bc.googleusercontent.com.https
93.184.220.29.http
a104-124-11-9.deploy.static.akamaitechnologies.com.http
a2-19-101-219.deploy.static.akamaitechnologies.com.https
ec2-34-210-168-158.us-west-2.compute.amazonaws.com.https
ec2-44-240-228-139.us-west-2.compute.amazonaws.com.https
ec2-52-40-145-244.us-west-2.compute.amazonaws.com.https
ec2-54-228-140-0.eu-west-1.compute.amazonaws.com.https
mozilla-org.public.mdc1.mozilla.com.https
server-13-226-159-113.dus51.r.cloudfront.net.https
server-13-226-159-14.dus51.r.cloudfront.net.https
server-13-226-159-22.dus51.r.cloudfront.net.https
server-13-226-159-55.dus51.r.cloudfront.net.https
server-13-226-159-64.dus51.r.cloudfront.net.https

Brave

21 DNS-Queries, 5 HTTP(S)-Requests

DNS-Queries:
 A? brave-core-ext.s3.brave.com. (45)
 A? componentupdater.brave.com. (44)
 A? crlsets.brave.com. (35)
 A? espyjtqpdn. (28)
 A? espyjtqpdn.Speedport_W_724V_Typ_A_05011603_06_003. (67)
 A? go-updater.brave.com. (38)
 A? laptop-updates.brave.com. (42)
 A? pbcdpnhu. (26)
 A? pbcdpnhu.Speedport_W_724V_Typ_A_05011603_06_003. (65)
 A? raw.githubusercontent.com. (43)
 A? static.brave.com. (34)
 A? tracking-protection.cdn.mozilla.net. (53)
 A? xebbpckcsb. (28)
 A? xebbpckcsb.Speedport_W_724V_Typ_A_05011603_06_003. (67)
 PTR? 110.114.101.151.in-addr.arpa. (46)
 PTR? 113.178.168.192.in-addr.arpa. (46)
 PTR? 1.178.168.192.in-addr.arpa. (44)
 PTR? 217.114.101.151.in-addr.arpa. (46)
 PTR? 7.113.101.151.in-addr.arpa. (44)
 PTR? 7.13.101.151.in-addr.arpa. (43)
 PTR? 91.161.67.172.in-addr.arpa. (44)

HTTP(S)
 151.101.113.7.https
 151.101.114.110.https
 151.101.114.217.https
 151.101.13.7.https
 172.67.161.91.https

Midori

10 DNS-Queries, 4 HTTP(S)-Requests

DNS-Queries:
A? redirector.gvt1.com. (37)
A? r5---sn-4g5ednls.gvt1.com. (43)
A? raw.githubusercontent.com.
A? i.picsum.photos.
PTR? 1.178.168.192.in-addr.arpa.
PTR? 113.178.168.192.in-addr.arpa.
PTR? 78.16.217.172.in-addr.arpa.
PTR? 75.163.194.173.in-addr.arpa.
PTR? 133.12.101.151.in-addr.arpa.
PTR? 163.74.67.172.in-addr.arpa.

HTTP(S):
151.101.12.133.https
172.67.74.163.https
173.194.163.75.https
ham11s01-in-f14.1e100.net.https

Vivaldi

31 DNS-Queries, 13 HTTP(S)-Requests

DNS-Queries:
 A? clients2.google.com. (37)
 A? csbxoiwwuhent. (31)
 A? csbxoiwwuhent.Speedport_W_724V_Typ_A_05011603_06_003. (70)
 A? downloads.vivaldi.com. (39)
 A? isrg.trustid.ocsp.identrust.com. (49)
 A? ocsp.int-x3.letsencrypt.org. (45)
 A? ocsp.pki.goog. (31)
 A? play.google.com. (33)
 A? r5---sn-4g5e6nze.gvt1.com. (43)
 A? redirector.gvt1.com. (37)
 A? ssl.gstatic.com. (33)
 A? s.w.org. (25)
 A? update.vivaldi.com. (36)
 A? vihruybnbef. (29)
 A? vihruybnbef.Speedport_W_724V_Typ_A_05011603_06_003. (68)
 A? vivaldi.com. (29)
 A? yuzalmrsyoabesy. (33)
 A? yuzalmrsyoabesy.Speedport_W_724V_Typ_A_05011603_06_003. (72)
 PTR? 109.69.22.104.in-addr.arpa. (44)
 PTR? 113.178.168.192.in-addr.arpa. (46)
 PTR? 1.178.168.192.in-addr.arpa. (44)
 PTR? 202.187.194.173.in-addr.arpa. (46)
 PTR? 206.213.58.216.in-addr.arpa. (45)
 PTR? 233.236.139.151.in-addr.arpa. (46)
 PTR? 29.220.184.93.in-addr.arpa. (44)
 PTR? 5.137.209.31.in-addr.arpa. (43)
 PTR? 55.217.107.104.in-addr.arpa. (45)
 PTR? 64.217.107.104.in-addr.arpa. (45)
 PTR? 67.16.217.172.in-addr.arpa. (44)
 PTR? 75.163.194.173.in-addr.arpa. (45)
 PTR? 78.16.217.172.in-addr.arpa. (44)

HTTP(S)
 104.22.69.109.https
 151.139.236.233.https
 173.194.163.75.https
 173.194.187.202.http
 5-137-209-31.business.hringdu.is.https
 93.184.220.29.http
 a104-107-217-55.deploy.static.akamaitechnologies.com.http
 a104-107-217-64.deploy.static.akamaitechnologies.com.http
 ham02s15-in-f206.1e100.net.https
 ham11s01-in-f14.1e100.net.http
 ham11s01-in-f14.1e100.net.https
 ham11s01-in-f3.1e100.net.http
 ham11s01-in-f3.1e100.net.https

epiphany

5 DNS-Queries, 2 HTTP(S)-Requests

DNS-Queries:
 A? safebrowsing.googleapis.com. (45)
 PTR? 113.178.168.192.in-addr.arpa. (46)
 PTR? 1.178.168.192.in-addr.arpa. (44)
 PTR? 74.16.217.172.in-addr.arpa. (44)
 PTR? 96.90.31.104.in-addr.arpa. (43)


HTTP(S):
 104.31.90.96.https
 par03s13-in-f74.1e100.net.https