If you are using Chrome as your internet browser, consider yourself right in the middle of privacy standards, according to a new study on web browser privacy.
The research gave the highest accolades to Brave, an upstart browser, while Microsoft Edge received the lowest rating.
The study conducted by Douglas J. Leith of the School of Computer Science & Statistics in Dublin, Ireland, was published on February 24, 2020, and measures the connections to back-end servers by six different browsers.
New web browser privacy research
Leith's team explained that previous privacy studies assumed that the browser itself is trustworthy, hence creating an assumption to investigate in their study.
The team wanted to assess the privacy risks associated with back-end data exchange during general web browsing.
The findings can be broken down into the following three categories.
Web browser privacy: the most private browser
When Brave is being used with all its default settings, the study didn't find any use of identifiers allowing tracking of IP addresses over time, and no sharing of the details of the web pages visited with back-end servers. Brave has auto-complete disables by default and makes no network connections as one types into the top bar.
Web browser privacy: the middle tier
Chrome, Firefox, and Safari all tag requests with identifiers that are linked to the browser instance. All three share details of web pages visited with back-end servers via the search auto-complete feature.
Google Chrome sends a persistent identifier with website addresses allowing them to be linked.
Mozilla Firefox uses four identifiers to communicate with push services, including client_id and impression_id values which are set by the browser. The content isn’t the worry in this case, but rather that they carry client IP address (rough location) as metadata.
Apple Safari defaults to a choice of start page that leaks information to third parties and allows them to cache pre-fetched content without user consent. Besides the start page, Safari was found to be safe, making no extraneous network connections.
Web browser privacy: the least private
Edge and Yandex are at the bottom compared to the other browsers from a privacy perspective.
Both send identifiers that are linked to the device hardware, and so persist across fresh browser installs, and can also be used to link different apps running on the same device.
Microsoft Edge also sends the hardware UUID of the device to Microsoft, and Yandex transmits a hashed hardware identifier to back-end servers.
What's more troubling, the research team could not find a way to disable these "features."
Conclusions
It was only five months ago that a different study found Firefox to be the most secure browser. Can we assume the browsers' functionalities and focus on privacy (or lack thereof) are rapidly changing, or is the research becoming more stringent?
Related podcast: privacy and cybersecurity strategy for organizations
Individual U.S. states are creating new cybersecurity and privacy laws all the time, leading to a complex environment for compliance.
In this episode of The SecureWorld Sessions podcast, cyber attorney Jordan Fischer explains how to think about this challenge, how to start tackling it, and the legal exposure for companies who ignore it.
