Web browsers are the most common tool nowadays. Therefore, they are most popular target for any kind of bad people: malware authors, attackers and others.
Further, there is also a huge interest from companies to get data from users. They want to get all kinds of data. And since web browsers are the most common tools, the most obvious way is to cooperate with browser manufacturers to get data.
So far, this are the facts which are known to most privacy concerned people. But since no one can avoid using a browser, most are willing to do a compromise. But which browser does leak the fewest data of all? Method
The premise was, that the browser is free software (open source), with one exception (Vivaldi). Although some proprietary browsers do a good job from a pure technical perspective, most security and privacy experts do agree, that using free and open source software is essential for secure and privacy-aware networking.
The testing was done on Debian 10 on amd64 with some packages from Antix and MX Linux.
The following browsers were tested:
- Firefox ESR 78.3.0
- Midori 1.1.4 (Electron version)
- Vivaldi 3.4.2066
- Brave 1.15.72
- Epiphany 3.32.1.2
The method itself was relatively simple. I created a new user with an empty home directory, so there were no cache or plugins. Every browser was started without any pre-configuration or cache.
At the same time tcpdump was running. I disabled IPv6 for simpleness. I made sure no other network capable program was active and made tcpdump listen to the outgoing network interface.
I started the browser, kept it open for about 10 seconds without any interaction or usage and then closed it. After that I filtered out the http and https traffic and DNS-Queries from the results. And here they are:
Firefox ESR
39 DNS-Queries, 15 HTTP(S)-Requests
DNS-Queries A? accounts.firefox.com. (38) A? classify-client.services.mozilla.com. (54) A? content-signature-2.cdn.mozilla.net. (53) A? detectportal.firefox.com. (42) A? firefox-settings-attachments.cdn.mozilla.net. (62) A? firefox.settings.services.mozilla.com. (55) A? location.services.mozilla.com. (47) A? mozilla.org. (29) A? normandy.cdn.mozilla.net. (42) A? ocsp.digicert.com. (35) A? ocsp.sectigo.com. (34) A? push.services.mozilla.com. (43) A? raw.githubusercontent.com. (43) A? shavar.services.mozilla.com. (45) A? snippets.cdn.mozilla.net. (42) A? tracking-protection.cdn.mozilla.net. (53) A? www.ebay.de. (29) A? www.facebook.com. (34) A? www.mozilla.org. (33) A? www.reddit.com. (32) A? www.wikipedia.org. (35) A? www.youtube.com. (33) PTR? 0.140.228.54.in-addr.arpa. (43) PTR? 113.159.226.13.in-addr.arpa. (45) PTR? 113.178.168.192.in-addr.arpa. (46) PTR? 1.178.168.192.in-addr.arpa. (44) PTR? 139.228.240.44.in-addr.arpa. (45) PTR? 14.159.226.13.in-addr.arpa. (44) PTR? 158.168.210.34.in-addr.arpa. (45) PTR? 195.208.245.63.in-addr.arpa. (45) PTR? 219.101.19.2.in-addr.arpa. (43) PTR? 22.159.226.13.in-addr.arpa. (44) PTR? 244.145.40.52.in-addr.arpa. (44) PTR? 29.220.184.93.in-addr.arpa. (44) PTR? 34.164.18.104.in-addr.arpa. (44) PTR? 36.75.98.34.in-addr.arpa. (42) PTR? 55.159.226.13.in-addr.arpa. (44) PTR? 64.159.226.13.in-addr.arpa. (44) PTR? 9.11.124.104.in-addr.arpa. (43) HTTP(S): 104.18.164.34.https 36.75.98.34.bc.googleusercontent.com.https 93.184.220.29.http a104-124-11-9.deploy.static.akamaitechnologies.com.http a2-19-101-219.deploy.static.akamaitechnologies.com.https ec2-34-210-168-158.us-west-2.compute.amazonaws.com.https ec2-44-240-228-139.us-west-2.compute.amazonaws.com.https ec2-52-40-145-244.us-west-2.compute.amazonaws.com.https ec2-54-228-140-0.eu-west-1.compute.amazonaws.com.https mozilla-org.public.mdc1.mozilla.com.https server-13-226-159-113.dus51.r.cloudfront.net.https server-13-226-159-14.dus51.r.cloudfront.net.https server-13-226-159-22.dus51.r.cloudfront.net.https server-13-226-159-55.dus51.r.cloudfront.net.https server-13-226-159-64.dus51.r.cloudfront.net.https
Brave
21 DNS-Queries, 5 HTTP(S)-Requests
DNS-Queries: A? brave-core-ext.s3.brave.com. (45) A? componentupdater.brave.com. (44) A? crlsets.brave.com. (35) A? espyjtqpdn. (28) A? espyjtqpdn.Speedport_W_724V_Typ_A_05011603_06_003. (67) A? go-updater.brave.com. (38) A? laptop-updates.brave.com. (42) A? pbcdpnhu. (26) A? pbcdpnhu.Speedport_W_724V_Typ_A_05011603_06_003. (65) A? raw.githubusercontent.com. (43) A? static.brave.com. (34) A? tracking-protection.cdn.mozilla.net. (53) A? xebbpckcsb. (28) A? xebbpckcsb.Speedport_W_724V_Typ_A_05011603_06_003. (67) PTR? 110.114.101.151.in-addr.arpa. (46) PTR? 113.178.168.192.in-addr.arpa. (46) PTR? 1.178.168.192.in-addr.arpa. (44) PTR? 217.114.101.151.in-addr.arpa. (46) PTR? 7.113.101.151.in-addr.arpa. (44) PTR? 7.13.101.151.in-addr.arpa. (43) PTR? 91.161.67.172.in-addr.arpa. (44) HTTP(S) 151.101.113.7.https 151.101.114.110.https 151.101.114.217.https 151.101.13.7.https 172.67.161.91.https
Midori
10 DNS-Queries, 4 HTTP(S)-Requests
DNS-Queries: A? redirector.gvt1.com. (37) A? r5---sn-4g5ednls.gvt1.com. (43) A? raw.githubusercontent.com. A? i.picsum.photos. PTR? 1.178.168.192.in-addr.arpa. PTR? 113.178.168.192.in-addr.arpa. PTR? 78.16.217.172.in-addr.arpa. PTR? 75.163.194.173.in-addr.arpa. PTR? 133.12.101.151.in-addr.arpa. PTR? 163.74.67.172.in-addr.arpa. HTTP(S): 151.101.12.133.https 172.67.74.163.https 173.194.163.75.https ham11s01-in-f14.1e100.net.https
Vivaldi
31 DNS-Queries, 13 HTTP(S)-Requests
DNS-Queries: A? clients2.google.com. (37) A? csbxoiwwuhent. (31) A? csbxoiwwuhent.Speedport_W_724V_Typ_A_05011603_06_003. (70) A? downloads.vivaldi.com. (39) A? isrg.trustid.ocsp.identrust.com. (49) A? ocsp.int-x3.letsencrypt.org. (45) A? ocsp.pki.goog. (31) A? play.google.com. (33) A? r5---sn-4g5e6nze.gvt1.com. (43) A? redirector.gvt1.com. (37) A? ssl.gstatic.com. (33) A? s.w.org. (25) A? update.vivaldi.com. (36) A? vihruybnbef. (29) A? vihruybnbef.Speedport_W_724V_Typ_A_05011603_06_003. (68) A? vivaldi.com. (29) A? yuzalmrsyoabesy. (33) A? yuzalmrsyoabesy.Speedport_W_724V_Typ_A_05011603_06_003. (72) PTR? 109.69.22.104.in-addr.arpa. (44) PTR? 113.178.168.192.in-addr.arpa. (46) PTR? 1.178.168.192.in-addr.arpa. (44) PTR? 202.187.194.173.in-addr.arpa. (46) PTR? 206.213.58.216.in-addr.arpa. (45) PTR? 233.236.139.151.in-addr.arpa. (46) PTR? 29.220.184.93.in-addr.arpa. (44) PTR? 5.137.209.31.in-addr.arpa. (43) PTR? 55.217.107.104.in-addr.arpa. (45) PTR? 64.217.107.104.in-addr.arpa. (45) PTR? 67.16.217.172.in-addr.arpa. (44) PTR? 75.163.194.173.in-addr.arpa. (45) PTR? 78.16.217.172.in-addr.arpa. (44) HTTP(S) 104.22.69.109.https 151.139.236.233.https 173.194.163.75.https 173.194.187.202.http 5-137-209-31.business.hringdu.is.https 93.184.220.29.http a104-107-217-55.deploy.static.akamaitechnologies.com.http a104-107-217-64.deploy.static.akamaitechnologies.com.http ham02s15-in-f206.1e100.net.https ham11s01-in-f14.1e100.net.http ham11s01-in-f14.1e100.net.https ham11s01-in-f3.1e100.net.http ham11s01-in-f3.1e100.net.https
epiphany
5 DNS-Queries, 2 HTTP(S)-Requests
DNS-Queries: A? safebrowsing.googleapis.com. (45) PTR? 113.178.168.192.in-addr.arpa. (46) PTR? 1.178.168.192.in-addr.arpa. (44) PTR? 74.16.217.172.in-addr.arpa. (44) PTR? 96.90.31.104.in-addr.arpa. (43) HTTP(S): 104.31.90.96.https par03s13-in-f74.1e100.net.https
Comments
August 31, 2023 07:32
Your post’s format is amazing and engaging! I appreciate how valuable and instructive it is, and I look forward to your next message. The Password Game