Why is the Brave browser bad

Researcher: Brave best browser for privacy, criticism of data hunger from Edge

The web browser is part of the fixed program inventory of modern PCs. With it we open up a lot of the content of the World Wide Web - ranging from simple text pages to browser-based games to video streaming. It is accordingly important how the surf tool handles our data, as we use it to enter all kinds of information that can reveal a lot about us.

Researchers at the University of Dublin have now compared five popular browsers in terms of data protection. Google's Chrome, Apple's Safari, Mozilla's Firefox, the new Chromium-based edition of Microsoft Edge, the Brave Browser, which is also based on Chromium, and the Yandex Browser, which is based on the same and is developed by the Russian online service provider of the same name . There was a clear winner.

Brave "ex works" best

According to the research, Brave is the most careful with data users. This shouldn't come as a complete surprise, given that the developers place great emphasis on privacy. Brave offers by far the best protection "ex works" insofar as it communicates significantly less data to the developers' servers than its competitors.

There was no evidence whatsoever that identifiers were used that could make it possible to track surfing behavior over the long term via the user's IP address. In addition, the browser does not provide any more detailed information about the websites accessed.

At Brave, meanwhile, they are working on another feature that should guarantee additional data protection. In future, the browser is to generate a random "fingerprint" for every website access, in order to make it more difficult for website operators to track the surfing behavior of users.

Safari, Chrome, Firefox with room for improvement

With Safari, Firefox and Chrome, on the other hand, it was found that telemetry data are transmitted that can be assigned to the respective running browser. The developers can therefore analyze how users interact with their surfing tool, even if it is restarted. Telemetry data are usually used to determine how well the user interface of a software works.

However, all three browsers also send home extended information about websites that have been accessed. Namely via the autocomplete function, which allows entries in the search bar to run through the provider's server in order to offer search terms or Internet addresses as suggestions. However, users can switch off this feature, which is activated by default.

Firefox also found an open web socket that is used for push notifications. This is linked to a unique identifier, which in turn could be misused for tracking. Safari is praised for its relatively good privacy settings, but it is criticized that the preset start page contains several third-party trackers. In general, Safari, Firefox and Chrome are criticized for offering better standard settings. You can eliminate the annoyances yourself, but the variety of changes required is too complex for average users.

Criticism of Edge and Yandex Browser

The scientists are not very enthusiastic about the Yandex Browser and Microsoft Edge. Both work with unique identifiers that are derived from the user's hardware - and therefore only change when important system components are replaced. The user behavior can thus not only be assigned after restarting the browser, but also after a complete reinstallation. Yandex also sends a hash of the hardware serial numbers and the MAC address to its servers. This behavior cannot simply be switched off in both browsers.

But you don't only see a problem with this hardware fingerprint. In addition to the transmission of website information based on the autocomplete function, Edge and Yandex also send home data about websites that most likely did not involve autocomplete when they were accessed. Accordingly, there should be another level of tracking.

methodology

To examine the browser, the researchers recorded what data a browser transmits in five scenarios: When starting for the first time after a reinstallation, when closing and restarting, when inserting a URL in the input bar, when entering a URL in the bar and when the browser is open is open but is not currently in active use.

The complete study can be read in an online available paper (PDF). (gpi, March 10, 2020)