This is not an article about which web browser is the best (there is no such thing) but an article about which browser has the most connections after a fresh install. The results shouldn’t be a surprise, really.

Of course, not everything is telemetry per se, some of the connections are from the ‘New Tab’ pages that include Youtube videos but I strongly believe that is the same thing: the software leaks information about you and/or your computer without you actually accepting the data exchange (because you don’t have a way to accept or deny the connection since it’s the first time you’re running the browser).

All web browsers tested are the latest versions available today (December 19, 2021), test device is a MacBook M1 laptop (so, macOS but the results should be similar regardless of the operating system) with a clean profile, all network connections blocked, application-level network connection whitelisting and only Little Snitch installed. So it’s actually Little Snitch that does all the heavylifting, I’m just the robot that is parsing the data.

Running Microsoft Edge on macOS was extra challenging because the download comes as a .pkg installer with preinstall and postinstall scripts, so I just extracted the .app from the package. Beware the preinstall and postinstall scripts leak additional information.

Mozilla Firefox

Direct download URL
Version: 95.0.1
Connections: 15

  • firefox.settings.services.mozilla.com on TCP port 443
  • contile.services.mozilla.com on TCP port 443
  • push.services.mozilla.com on TCP port 443
  • shavar.services.mozilla.com on TCP port 443
  • detectportal.firefox.com on TCP port 80
  • location.services.mozilla.com on TCP port 443
  • www.mozilla.org on TCP port 443
  • accounts.firefox.com on TCP port 443
  • normandy.cdn.mozilla.net on TCP port 443
  • r3.o.lencr.org on TCP port 80
  • contile-images.services.mozilla.com on TCP port 443
  • ocsp.digicert.com on TCP port 80
  • tracking-protection.cdn.mozilla.net on TCP port 443
  • safebrowsing.googleapis.com on TCP port 443
  • ocsp.pki.goog on TCP port 80

Brave

Direct download URL
Version: 1.33.106
Connections: 7

  • laptop-updates.brave.com on TCP port 443
  • variations.brave.com on TCP port 443
  • go-updater.brave.com on TCP port 443
  • componentupdater.brave.com on TCP port 443
  • brave-core-ext.s3.brave.com on TCP port 443
  • crlsets.brave.com on TCP port 443
  • ftx.com on TCP port 443

Ungoogled Chromium

Direct download URL
Version: 92.0.4515.131
Connections: 0

Vivaldi

Direct download URL
Version: 5.0.2497.32
Connections: 13

  • 239.255.255.250 on UDP port 1900
  • mimir.vivaldi.com on TCP port 443
  • update.vivaldi.com on TCP port 443
  • downloads.vivaldi.com on TCP port 443
  • vivaldi.com on TCP port 443
  • www.gstatic.com on TCP port 80
  • www.youtube-nocookie.com on TCP port 443
  • fonts.gstatic.com on TCP port 443
  • www.google.com on TCP port 443
  • yt3.ggpht.com on TCP port 443
  • i.ytimg.com on TCP port 443
  • update.googleapis.com on TCP port 443
  • edgedl.me.gvt1.com on TCP port 80

Tor Browser

Direct download URL
Version: 11.0.2
Connections: 0

Opera

Direct download URL
Version: 82.0.4227.33
Connections: 21

  • autoupdate.geo.opera.com on TCP port 443
  • sitecheck.opera.com on TCP port 443
  • redir.opera.com on TCP port 443
  • 239.255.255.250 on UDP port 1900
  • speeddials.opera.com on TCP port 443
  • sd-images.operacdn.com on TCP port 443
  • weather.opera-api.com on TCP port 443
  • features.opera-api.com on TCP port 443
  • exchange.opera.com on TCP port 443
  • android.clients.google.com on TCP port 443
  • extension-updates.opera.com on TCP port 443
  • merchandise.opera-api.com on TCP port 443
  • desktop-dna.osp.opera.software on TCP port 443
  • download3.operacdn.com on TCP port 443
  • update.googleapis.com on TCP port 443
  • download5.operacdn.com on TCP port 443
  • mtalk.google.com on TCP port 5228
  • addons-extensions.operacdn.com on TCP port 443
  • edgedl.me.gvt1.com on TCP port 80
  • addons.opera.com on TCP port 443
  • get.geo.opera.com on TCP port 443

Google Chrome

Direct download URL
Version: 96.0.4664.110
Connections: 9

  • 239.255.255.250 on UDP port 1900
  • accounts.google.com on TCP port 443
  • clients2.google.com on TCP port 443
  • tools.google.com on TCP port 443
  • clients2.googleusercontent.com on TCP port 443
  • edgedl.me.gvt1.com on TCP port 80
  • clientservices.googleapis.com on TCP port 443
  • www.googleapis.com on TCP port 443
  • www.gstatic.com on TCP port 443

Chromium

Direct download URL
Version: 99.0.4775.0
Connections: 12

  • www.google.com on TCP port 443
  • 239.255.255.250 on UDP port 1900
  • www.gstatic.com on TCP port 443
  • accounts.google.com on TCP port 443
  • apis.google.com on TCP port 443
  • ogs.google.com on TCP port 443
  • optimizationguide-pa.googleapis.com on TCP port 443
  • ssl.gstatic.com on TCP port 443
  • fonts.gstatic.com on TCP port 443
  • play.google.com on TCP port 443
  • update.googleapis.com on TCP port 443
  • edgedl.me.gvt1.com on TCP port 80

Microsoft Edge

Direct download URL
Version: 96.0.1054.62
Connections: 21

  • nav.smartscreen.microsoft.com on TCP port 443
  • 239.255.255.250 on UDP port 1900
  • config.edge.skype.com on TCP port 443
  • ntp.msn.com on TCP port 443
  • www.bing.com on TCP port 443
  • edge.microsoft.com on TCP port 443
  • arc.msn.com on TCP port 443
  • self.events.data.microsoft.com on TCP port 443
  • smartscreen-prod.microsoft.com on TCP port 443
  • assets.msn.com on TCP port 443
  • img-s-msn-com.akamaized.net on TCP port 443
  • api.msn.com on TCP port 443
  • bing.com on TCP port 443
  • browser.events.data.msn.com on TCP port 443
  • img-prod-cms-rt-microsoft-com.akamaized.net on TCP port 443
  • msedge.b.tlu.dl.delivery.mp.microsoft.com on TCP port 80
  • r.bing.com on TCP port 443
  • r.msftstatic.com on TCP port 443
  • deff.nelreports.net on TCP port 443
  • go.microsoft.com on TCP port 443
  • microsoftedgewelcome.microsoft.com on TCP port 443

Apple Safari

Direct download URL (good joke, heh?)
Version: 15.2
Connections: 6
Note: Safari does some tricks by delegating connections to additional daemons, like parsecd or com.apple.safari.safebrowsing.service.

  • token.safebrowsing.apple on TCP port 443
  • www.apple.com on TCP port 443
  • securemetrics.apple.com on TCP port 443
  • securemvt.apple.com on TCP port 443
  • gateway.icloud.com on TCP port 443
  • api-glb-euc1b.smoot.apple.com on TCP port 443

Librewolf

Direct download URL
Version: 95.0.2-1
Connections: 3

  • addons.cdn.mozilla.net on TCP port 443
  • shavar.services.mozilla.com on TCP port 443
  • tracking-protection.cdn.mozilla.net on TCP port 443

Conclusion

I won’t draw a conclusion because this is not the Washington Post. But I do believe that’s a huge amount of connections for some of the browsers since it’s actually the first start after installing. Huge.