Web browsers are the most common tool nowadays. Therefore, they are most popular target for any kind of bad people: malware authors, attackers and others.
Further, there is also a huge interest from companies to get data from users. They want to get all kinds of data. And since web browsers are the most common tools, the most obvious way is to cooperate with browser manufacturers to get data.
So far, this are the facts which are known to most privacy concerned people. But since no one can avoid using a browser, most are willing to do a compromise. But which browser does leak the fewest data of all? Method
The premise was, that the browser is free software (open source), with one exception (Vivaldi). Although some proprietary browsers do a good job from a pure technical perspective, most security and privacy experts do agree, that using free and open source software is essential for secure and privacy-aware networking.
The testing was done on Debian 10 on amd64 with some packages from Antix and MX Linux.
The following browsers were tested:
- Firefox ESR 78.3.0
- Midori 1.1.4 (Electron version)
- Vivaldi 3.4.2066
- Brave 1.15.72
- Epiphany 3.32.1.2
The method itself was relatively simple. I created a new user with an empty home directory, so there were no cache or plugins. Every browser was started without any pre-configuration or cache.
At the same time tcpdump was running. I disabled IPv6 for simpleness. I made sure no other network capable program was active and made tcpdump listen to the outgoing network interface.
I started the browser, kept it open for about 10 seconds without any interaction or usage and then closed it. After that I filtered out the http and https traffic and DNS-Queries from the results. And here they are:
Firefox ESR
39 DNS-Queries, 15 HTTP(S)-Requests
DNS-Queries A? accounts.firefox.com. (38) A? classify-client.services.mozilla.com. (54) A? content-signature-2.cdn.mozilla.net. (53) A? detectportal.firefox.com. (42) A? firefox-settings-attachments.cdn.mozilla.net. (62) A? firefox.settings.services.mozilla.com. (55) A? location.services.mozilla.com. (47) A? mozilla.org. (29) A? normandy.cdn.mozilla.net. (42) A? ocsp.digicert.com. (35) A? ocsp.sectigo.com. (34) A? push.services.mozilla.com. (43) A? raw.githubusercontent.com. (43) A? shavar.services.mozilla.com. (45) A? snippets.cdn.mozilla.net. (42) A? tracking-protection.cdn.mozilla.net. (53) A? www.ebay.de. (29) A? www.facebook.com. (34) A? www.mozilla.org. (33) A? www.reddit.com. (32) A? www.wikipedia.org. (35) A? www.youtube.com. (33) PTR? 0.140.228.54.in-addr.arpa. (43) PTR? 113.159.226.13.in-addr.arpa. (45) PTR? 113.178.168.192.in-addr.arpa. (46) PTR? 1.178.168.192.in-addr.arpa. (44) PTR? 139.228.240.44.in-addr.arpa. (45) PTR? 14.159.226.13.in-addr.arpa. (44) PTR? 158.168.210.34.in-addr.arpa. (45) PTR? 195.208.245.63.in-addr.arpa. (45) PTR? 219.101.19.2.in-addr.arpa. (43) PTR? 22.159.226.13.in-addr.arpa. (44) PTR? 244.145.40.52.in-addr.arpa. (44) PTR? 29.220.184.93.in-addr.arpa. (44) PTR? 34.164.18.104.in-addr.arpa. (44) PTR? 36.75.98.34.in-addr.arpa. (42) PTR? 55.159.226.13.in-addr.arpa. (44) PTR? 64.159.226.13.in-addr.arpa. (44) PTR? 9.11.124.104.in-addr.arpa. (43) HTTP(S): 104.18.164.34.https 36.75.98.34.bc.googleusercontent.com.https 93.184.220.29.http a104-124-11-9.deploy.static.akamaitechnologies.com.http a2-19-101-219.deploy.static.akamaitechnologies.com.https ec2-34-210-168-158.us-west-2.compute.amazonaws.com.https ec2-44-240-228-139.us-west-2.compute.amazonaws.com.https ec2-52-40-145-244.us-west-2.compute.amazonaws.com.https ec2-54-228-140-0.eu-west-1.compute.amazonaws.com.https mozilla-org.public.mdc1.mozilla.com.https server-13-226-159-113.dus51.r.cloudfront.net.https server-13-226-159-14.dus51.r.cloudfront.net.https server-13-226-159-22.dus51.r.cloudfront.net.https server-13-226-159-55.dus51.r.cloudfront.net.https server-13-226-159-64.dus51.r.cloudfront.net.https
Brave
21 DNS-Queries, 5 HTTP(S)-Requests
DNS-Queries: A? brave-core-ext.s3.brave.com. (45) A? componentupdater.brave.com. (44) A? crlsets.brave.com. (35) A? espyjtqpdn. (28) A? espyjtqpdn.Speedport_W_724V_Typ_A_05011603_06_003. (67) A? go-updater.brave.com. (38) A? laptop-updates.brave.com. (42) A? pbcdpnhu. (26) A? pbcdpnhu.Speedport_W_724V_Typ_A_05011603_06_003. (65) A? raw.githubusercontent.com. (43) A? static.brave.com. (34) A? tracking-protection.cdn.mozilla.net. (53) A? xebbpckcsb. (28) A? xebbpckcsb.Speedport_W_724V_Typ_A_05011603_06_003. (67) PTR? 110.114.101.151.in-addr.arpa. (46) PTR? 113.178.168.192.in-addr.arpa. (46) PTR? 1.178.168.192.in-addr.arpa. (44) PTR? 217.114.101.151.in-addr.arpa. (46) PTR? 7.113.101.151.in-addr.arpa. (44) PTR? 7.13.101.151.in-addr.arpa. (43) PTR? 91.161.67.172.in-addr.arpa. (44) HTTP(S) 151.101.113.7.https 151.101.114.110.https 151.101.114.217.https 151.101.13.7.https 172.67.161.91.https
Midori
10 DNS-Queries, 4 HTTP(S)-Requests
DNS-Queries: A? redirector.gvt1.com. (37) A? r5---sn-4g5ednls.gvt1.com. (43) A? raw.githubusercontent.com. A? i.picsum.photos. PTR? 1.178.168.192.in-addr.arpa. PTR? 113.178.168.192.in-addr.arpa. PTR? 78.16.217.172.in-addr.arpa. PTR? 75.163.194.173.in-addr.arpa. PTR? 133.12.101.151.in-addr.arpa. PTR? 163.74.67.172.in-addr.arpa. HTTP(S): 151.101.12.133.https 172.67.74.163.https 173.194.163.75.https ham11s01-in-f14.1e100.net.https
Vivaldi
31 DNS-Queries, 13 HTTP(S)-Requests
DNS-Queries: A? clients2.google.com. (37) A? csbxoiwwuhent. (31) A? csbxoiwwuhent.Speedport_W_724V_Typ_A_05011603_06_003. (70) A? downloads.vivaldi.com. (39) A? isrg.trustid.ocsp.identrust.com. (49) A? ocsp.int-x3.letsencrypt.org. (45) A? ocsp.pki.goog. (31) A? play.google.com. (33) A? r5---sn-4g5e6nze.gvt1.com. (43) A? redirector.gvt1.com. (37) A? ssl.gstatic.com. (33) A? s.w.org. (25) A? update.vivaldi.com. (36) A? vihruybnbef. (29) A? vihruybnbef.Speedport_W_724V_Typ_A_05011603_06_003. (68) A? vivaldi.com. (29) A? yuzalmrsyoabesy. (33) A? yuzalmrsyoabesy.Speedport_W_724V_Typ_A_05011603_06_003. (72) PTR? 109.69.22.104.in-addr.arpa. (44) PTR? 113.178.168.192.in-addr.arpa. (46) PTR? 1.178.168.192.in-addr.arpa. (44) PTR? 202.187.194.173.in-addr.arpa. (46) PTR? 206.213.58.216.in-addr.arpa. (45) PTR? 233.236.139.151.in-addr.arpa. (46) PTR? 29.220.184.93.in-addr.arpa. (44) PTR? 5.137.209.31.in-addr.arpa. (43) PTR? 55.217.107.104.in-addr.arpa. (45) PTR? 64.217.107.104.in-addr.arpa. (45) PTR? 67.16.217.172.in-addr.arpa. (44) PTR? 75.163.194.173.in-addr.arpa. (45) PTR? 78.16.217.172.in-addr.arpa. (44) HTTP(S) 104.22.69.109.https 151.139.236.233.https 173.194.163.75.https 173.194.187.202.http 5-137-209-31.business.hringdu.is.https 93.184.220.29.http a104-107-217-55.deploy.static.akamaitechnologies.com.http a104-107-217-64.deploy.static.akamaitechnologies.com.http ham02s15-in-f206.1e100.net.https ham11s01-in-f14.1e100.net.http ham11s01-in-f14.1e100.net.https ham11s01-in-f3.1e100.net.http ham11s01-in-f3.1e100.net.https
epiphany
5 DNS-Queries, 2 HTTP(S)-Requests
DNS-Queries: A? safebrowsing.googleapis.com. (45) PTR? 113.178.168.192.in-addr.arpa. (46) PTR? 1.178.168.192.in-addr.arpa. (44) PTR? 74.16.217.172.in-addr.arpa. (44) PTR? 96.90.31.104.in-addr.arpa. (43) HTTP(S): 104.31.90.96.https par03s13-in-f74.1e100.net.https
Comments
December 6, 2020 07:42
@senioradmin
interesting!
总结一下:
测试时间:不晚于2020年10月7日(具体未知)
系统环境:Debian 10 on amd64 (小版本号未知)
软件来源:未知,部分来自Antix 、 MX Linux。
测试的浏览器版本:
Firefox ESR 78.3.0
Midori 1.1.4 (Electron version)
Vivaldi 3.4.2066
Brave 1.15.72
Epiphany 3.32.1.2
测试方法:
1、创建一个新用户。
2、禁用 IPv6。
3、确保没有其它程序产生网络请求。
4、使用 tcpdump 在传出 interface 上进行抓包。
5、打开浏览器,并保持10秒(不进行任何互动)后关闭。
6、分析抓包结果。
测试结果:
见原文
该测试可能存在的一些问题:
1、没有说明桌面环境。一些桌面组件也会产生网络请求,可能干扰实验结果。
2、对于第3步确保没有其它程序产生网络请求说明不足。因此无法验证与保证没有其它程序产生网络请求。
3、环境说明不足,DNS的设置是什么,环境变量是什么。排除代理,排除衍生DNS请求。
4、今天(2020年12月6日)对于文中提及的浏览器,在Debian官方仓库中的状态:
- Firefox ESR:firefox-esr (78.5.0esr-1~deb10u1) https://web.archive.org/web/20201206072408/https://packages.debian.org/buster/firefox-esr
- Midori:官方仓库中没有文中提及的 Electron version,只有 midori (7.0-2) https://web.archive.org/web/20201206072639/https://packages.debian.org/buster/midori
- Vivaldi:官方仓库中没有该软件
- Brave:官方仓库中没有该软件
- Epiphany:epiphany-browser (3.32.1.2-3~deb10u1) https://web.archive.org/web/20201206072849/https://packages.debian.org/buster/epiphany-browser
测试比较了五款浏览器,有三款都来源不明。
5、对于第5步打开浏览器说明不足。
五款浏览器是分别创建了5个新帐户进行测试,还是共用一个新帐户?
打开关闭浏览器,是测试完上一个浏览器后就直接开始下一个浏览器的测试吗?
如果是测试上一个浏览器,然后就立刻进行下一个浏览器的测试,由于DNS缓存的存在,后测试的浏览器会获得额外优势。
September 10, 2024 01:56
Every time I play Suika game I am attracted by fruits and love them more and more.
August 31, 2023 07:30
Your post’s format is amazing and engaging! I appreciate how valuable and instructive it is, and I look forward to your next message. The Password Game
April 23, 2024 01:28
Pokemon Infinite Fusion features a wide range of achievements that players can unlock by completing various tasks and challenges. These achievements offer bragging rights and additional rewards for dedicated players.
September 23, 2024 08:19
The testing was conducted Pizza Tower on a Debian 10 system (amd64) with some additional packages from Antix and MX Linux. Various browsers were compared based on how much data they potentially leak to external parties “out of the box,” meaning without additional user customizations or privacy add-ons.