Web Browser telemetry

Sunday, December 19, 2021    Post   979 words   5 mins read

This is not an article about which web browser is the best (there is no such thing) but an article about which browser has the most connections after a fresh install. The results shouldn’t be a surprise, really.

Of course, not everything is telemetry per se, some of the connections are from the ‘New Tab’ pages that include Youtube videos but I strongly believe that is the same thing: the software leaks information about you and/or your computer without you actually accepting the data exchange (because you don’t have a way to accept or deny the connection since it’s the first time you’re running the browser).

All web browsers tested are the latest versions available today, test device is a MacBook M1 laptop (so, macOS but the results should be similar regardless of the operating system) with a clean profile, all network connections blocked, application-level network connection whitelisting and only Little Snitch installed. So it’s actually Little Snitch that does all the heavy-lifting, I’m just the robot that is parsing the data.

Running Microsoft Edge on macOS was extra challenging because the download comes as a .pkg installer with preinstall and postinstall scripts, so I just extracted the .app from the package. Beware the preinstall and postinstall scripts leak additional information.

Mozilla Firefox

Direct download URL
Version: 95.0.1
Connections: 15

  • firefox.settings.services.mozilla.com on TCP port 443
  • contile.services.mozilla.com on TCP port 443
  • push.services.mozilla.com on TCP port 443
  • shavar.services.mozilla.com on TCP port 443
  • detectportal.firefox.com on TCP port 80
  • location.services.mozilla.com on TCP port 443
  • www.mozilla.org on TCP port 443
  • accounts.firefox.com on TCP port 443
  • normandy.cdn.mozilla.net on TCP port 443
  • r3.o.lencr.org on TCP port 80
  • contile-images.services.mozilla.com on TCP port 443
  • ocsp.digicert.com on TCP port 80
  • tracking-protection.cdn.mozilla.net on TCP port 443
  • safebrowsing.googleapis.com on TCP port 443
  • ocsp.pki.goog on TCP port 80

Brave

Direct download URL
Version: 1.33.106
Connections: 7

  • laptop-updates.brave.com on TCP port 443
  • variations.brave.com on TCP port 443
  • go-updater.brave.com on TCP port 443
  • componentupdater.brave.com on TCP port 443
  • brave-core-ext.s3.brave.com on TCP port 443
  • crlsets.brave.com on TCP port 443
  • ftx.com on TCP port 443

Ungoogled Chromium

Direct download URL
Version: 92.0.4515.131
Connections: 0

Vivaldi

Direct download URL
Version: 5.0.2497.32
Connections: 13

  • 239.255.255.250 on UDP port 1900
  • mimir.vivaldi.com on TCP port 443
  • update.vivaldi.com on TCP port 443
  • downloads.vivaldi.com on TCP port 443
  • vivaldi.com on TCP port 443
  • www.gstatic.com on TCP port 80
  • www.youtube-nocookie.com on TCP port 443
  • fonts.gstatic.com on TCP port 443
  • www.google.com on TCP port 443
  • yt3.ggpht.com on TCP port 443
  • i.ytimg.com on TCP port 443
  • update.googleapis.com on TCP port 443
  • edgedl.me.gvt1.com on TCP port 80

Tor Browser

Direct download URL
Version: 11.0.2
Connections: 0

Opera

Direct download URL
Version: 82.0.4227.33
Connections: 21

  • autoupdate.geo.opera.com on TCP port 443
  • sitecheck.opera.com on TCP port 443
  • redir.opera.com on TCP port 443
  • 239.255.255.250 on UDP port 1900
  • speeddials.opera.com on TCP port 443
  • sd-images.operacdn.com on TCP port 443
  • weather.opera-api.com on TCP port 443
  • features.opera-api.com on TCP port 443
  • exchange.opera.com on TCP port 443
  • android.clients.google.com on TCP port 443
  • extension-updates.opera.com on TCP port 443
  • merchandise.opera-api.com on TCP port 443
  • desktop-dna.osp.opera.software on TCP port 443
  • download3.operacdn.com on TCP port 443
  • update.googleapis.com on TCP port 443
  • download5.operacdn.com on TCP port 443
  • mtalk.google.com on TCP port 5228
  • addons-extensions.operacdn.com on TCP port 443
  • edgedl.me.gvt1.com on TCP port 80
  • addons.opera.com on TCP port 443
  • get.geo.opera.com on TCP port 443

Google Chrome

Direct download URL
Version: 96.0.4664.110
Connections: 9

  • 239.255.255.250 on UDP port 1900
  • accounts.google.com on TCP port 443
  • clients2.google.com on TCP port 443
  • tools.google.com on TCP port 443
  • clients2.googleusercontent.com on TCP port 443
  • edgedl.me.gvt1.com on TCP port 80
  • clientservices.googleapis.com on TCP port 443
  • www.googleapis.com on TCP port 443
  • www.gstatic.com on TCP port 443

Chromium

Direct download URL
Version: 99.0.4775.0
Connections: 12

  • www.google.com on TCP port 443
  • 239.255.255.250 on UDP port 1900
  • www.gstatic.com on TCP port 443
  • accounts.google.com on TCP port 443
  • apis.google.com on TCP port 443
  • ogs.google.com on TCP port 443
  • optimizationguide-pa.googleapis.com on TCP port 443
  • ssl.gstatic.com on TCP port 443
  • fonts.gstatic.com on TCP port 443
  • play.google.com on TCP port 443
  • update.googleapis.com on TCP port 443
  • edgedl.me.gvt1.com on TCP port 80

Microsoft Edge

Direct download URL
Version: 96.0.1054.62
Connections: 21

  • nav.smartscreen.microsoft.com on TCP port 443
  • 239.255.255.250 on UDP port 1900
  • config.edge.skype.com on TCP port 443
  • ntp.msn.com on TCP port 443
  • www.bing.com on TCP port 443
  • edge.microsoft.com on TCP port 443
  • arc.msn.com on TCP port 443
  • self.events.data.microsoft.com on TCP port 443
  • smartscreen-prod.microsoft.com on TCP port 443
  • assets.msn.com on TCP port 443
  • img-s-msn-com.akamaized.net on TCP port 443
  • api.msn.com on TCP port 443
  • bing.com on TCP port 443
  • browser.events.data.msn.com on TCP port 443
  • img-prod-cms-rt-microsoft-com.akamaized.net on TCP port 443
  • msedge.b.tlu.dl.delivery.mp.microsoft.com on TCP port 80
  • r.bing.com on TCP port 443
  • r.msftstatic.com on TCP port 443
  • deff.nelreports.net on TCP port 443
  • go.microsoft.com on TCP port 443
  • microsoftedgewelcome.microsoft.com on TCP port 443

Apple Safari

Direct download URL (good joke, heh?)
Version: 15.2
Connections: 6
Note: Safari does some tricks by delegating connections to additional daemons, like parsecd or com.apple.safari.safebrowsing.service.

  • token.safebrowsing.apple on TCP port 443
  • www.apple.com on TCP port 443
  • securemetrics.apple.com on TCP port 443
  • securemvt.apple.com on TCP port 443
  • gateway.icloud.com on TCP port 443
  • api-glb-euc1b.smoot.apple.com on TCP port 443

Librewolf

Direct download URL
Version: 95.0.2-1
Connections: 3

  • addons.cdn.mozilla.net on TCP port 443
  • shavar.services.mozilla.com on TCP port 443
  • tracking-protection.cdn.mozilla.net on TCP port 443

Yandex Browser

Direct download URL
Version: 22.1.0.2500.28989
Connections: 15

  • browser.yandex.com on TCP port 443
  • bro-bg-store.s3.yandex.net on TCP port 443
  • browser.yandex.ru on TCP port 443
  • sba.yandex.net on TCP port 443
  • yandex.ru on TCP port 443
  • collections.yandex.ru on TCP port 443
  • yastatic.net on TCP port 443
  • avatars.mds.yandex.net on TCP port 443
  • favicon.yandex.net on TCP port 443
  • mail.yandex.ru on TCP port 443
  • storage.ape.yandex.net on TCP port 443
  • api.browser.yandex.com on TCP port 443
  • zen.yandex.ru on TCP port 443
  • yabs.yandex.ru on TCP port 443
  • zen-yabro-morda.mediascope.mc.yandex.ru on TCP port 443

Conclusion

I won’t draw a conclusion because this is not the Washington Post. But I do believe that’s a huge amount of connections for some of the browsers since it’s actually the first start after installing. Huge.