alle 7 tage den cookieconsent erneuern, darauf freu ich mich auch schon.

Abstract—We measure the connections to backend servers made by six browsers: Google Chrome, Mozilla Firefox, Apple Safari, Brave Browser, Microsoft Edge and Yandex Browser, during normal web browsing. Our aim is to assess the privacy risks associated with this back-end data exchange. We find that the browsers split into three distinct groups from this privacyp erspective. In the first (most private) group lies Brave, in the second Chrome, Firefox and Safari and in the third (least private) group lie Edge and Yandex.

I. Introduction

[…]

Safari defaults to a choice of start page that prefetches pages from multiple third parties (Facebook, Twitter etc, sites notwell known for being privacy friendly) and so potentially allows them to load pages containing identifiers into the browser cache. Start page aside, Safari otherwise made no extraneous network connections and transmitted no persistentidentifiers, but allied iCloud processes did make connections containing identifiers.
In summary, Chrome, Firefox and Safari can all be configured to be more private but this requires user knowledge (since intrusive settings are silently enabled) and active intervention to adjust settings.

[…]

D. Apple Safari

Figure 6(a) shows the connections reported by appFirewall when a fresh install of Safari is first started and left sitting at the startup window shown in Figure 6(b). By default Safari displays a “favorites” page. Resources are fetched for each of the 12 services displayed. This results in numerous connections being made, most of which respond with multiple set-cookie headers. These cookies are scrubbed and not resent in later requests to the prefetched pages. However, we also saw evidence of embedding of identifiers within the prefetched html/javascript, which may then be passed as parameters( rather than as cookies) in requests generated by clicking on the displayed icon.

Once startup was complete, the URL http://leith.ie/nothingtosee.html was pasted into the browser top bar. In addition to connections to leith.ie this action also consistently generated a connection to configuration.apple.com by processcom.apple.geod e.g.


This extra connection sent no identifiers.
Safari was then closed and reopened. No data is transmitted on close. On reopen Safari itself makes no network connections (the leith.ie page is displayed, but has been cached and so no network connection is generated) but a related process nsurlsessiond consistently connects to gateway.icloud.com onbehalf of com.apple.SafariBookmarksSyncAgent e.g.
This request transmits an X-CloudKit-UserId header value which appears to be a persistent identifier that remains constant across restarts of Safari. Note that iCloud is not enabledon the device used for testing nor has bookmark syncingbeen enabled, and never has been, so this connection isspurious. From discussions with Apple it appears this request is unexpected and so may well be a bug. In summary, Safari defaults to a choice of start page that leaks information to third parties and allows them to cache prefetched content without any user consent. Start page aside, Safari otherwise appears to be quite a quiet browser, making no extraneous network connections itself in these tests and transmitting no persistent identifiers. However, allied processes make connections which appear unnecessary. We have proposed to Apple that (i) they change Safari’s default start page and (ii) unnecessary network connections by associated processes are avoided.

[…]

VII. Data Transmitted by Search Autocomplete

In this section we look at the network connections made by browsers as the user types in the browser top bar. As before, each browser is launched as a fresh install but now rather than pasting http://leith.ie/nothingtosee.html into the top bar the text leith.ie/nothingtosee.html is typed into it. We try to keep the typing speed consistent across tests.

In summary, Safari has the most aggressive autocomplete behaviour, generating a total of 32 requests to both Google and Apple. However, the requests for Google contain no identifierand those to Apple contain only an ephemeral identifier (which is reset every 15 mins). Chrome is the next most aggressive, generating 19 requests to a Google server andthese include an identifier that persists across browser restarts. Firefox is significantly less aggressive, sending no identifiers with requests and terminating requests after the first word, so generating a total of 4 requests to Google. Better still, Brave disables autocomplete by default and sends no requests at all as a user types in the top bar. In light of these measurements and the obvious privacy concerns they create, we have proposed to the browser developers that on first start users be given the option to disable search autocomplete.

[…]

VIII. Conclusions

We study six browsers: Google Chrome, Mozilla Firefox,Apple Safari, Brave Browser, Microsoft Edge and Yandex Browser. For Brave with its default settings we did not find any use of identifiers allowing tracking of IP address over time, and no sharing of the details of web pages visited with backend servers. Chrome, Firefox and Safari all share details of web pages visited with backend servers. For all three this happens via the search autocomplete feature, which sends web addresses to backend servers in realtime as they are typed. In Chrome a persistent identifier is sent alongside these web addresses, allowing them to be linked together. In addition, Firefox includes identifiers in its telemetry transmissions that can potentially be used to link these over time. Telemetry can be disabled, but again is silently enabled by default. Firefox also maintains an open websocket for push notifications that is linked to a unique identifier and so potentially can alsobe used for tracking and which cannot be easily disabled. Safari defaults to a choice of start page that potentially leaks information to multiple third parties and allows them to preload pages containing identifiers to the browser cache. Safari otherwise made no extraneous network connectionsand transmitted no persistent identifiers, but allied iCloud processes did make connections containing identifiers.

From a privacy perspective Microsoft Edge and Yandex are qualitatively different from the other browsers studied. Both send persistent identifiers than can be used to link requests (and associated IP address/location) to back end servers. Edge also sends the hardware UUID of the device to Microsoft and Yandex similarly transmits a hashed hardware identifier to back end servers. As far as we can tell this behaviour cannot be disabled by users. In addition to the search autocomplete functionality that shares details of web pages visited, both transmit web page information to servers that appear unrelated to search autocomplete.

[…]
Leith’s paper also calls out Safari, which it said allows all the third-party sites listed on its start page to set cookies without user consent. It also phones home to icloud.com even from machines that aren’t registered with that Apple service, the paper warns, calling this connection “spurious”.

Apple was also the most aggressive browser when it came to sending data that users typed into the address bar back to Apple servers for autocomplete purposes, the paper warned:

Apple didn’t respond to our request for comment.
[…]