==========

Brave

Brave Browser is a Chromium fork with many interesting features not found elsewhere, such as built-in Adblock and other extensions, fingerprinting protection, a cleaner Preferences menu compared to other Chrome forks, and the (opt-in) ability to automatically support (pay) the websites you visit. The developers describe it as "A browser with your interests at heart." with the built-in privacy protections.

Spyware Level: High

Brave is self updating software, uses Google as the default search engine, has built-in telemetry, and even has an opt-out rss-like news feed similar to Firefox Pocket. These shouldn't be the things that come to mind if someone were to imagine a privacy oriented browser.

Auto-updates

Brave will check for updates every time you run it, and you can't turn it off from the browser. Athough, it's on Brave's low priority list to add an option to do so. The reason why it's low priority would be because it's been over a year and there hasn't been an implementation of it yet.

Brave has built-in telemetry

While running, Brave will make lots of requests to the domain "p3a.brave.com" as telemetry. They claim they store the collected data for several days. This feature is an opt-out that can be disabled. This opt-out can be disabled.

Brave Today

Brave now has new feature similar to Firefox Pocket called Brave Today. If you don't know what Firefox Pocket is, it's basically an rss-like news feed that's shown in every blank tab. This feature Brave has is sadly an opt-out rather than an opt-in and sends lots of requests to Brave's servers. It can't seem to be disabled it in and of itself, but setting the tabs to blank seems to stop the requests.

SafeBrowsing

Brave uses SafeBrowsing. It's a feature that tries to "protect" the user from potentially unsafe websites and extensions. However, it sends requests to fetch the information required. Brave's SafeBrowsing is powered by google. This opt-out can be disabled.

Brave Rewards

Brave has a rewards program. At first glance it looks like the rewards program is an opt-in, but the browser makes requests to these domains regardless if you sign up or not:

A quick update: These requests have been reported as a bug and for the most part have been fixed (with a couple exceptions). I'll remove this section once the bug has been completely fixed.

Miscellaneous requests worth noting

Brave on first run sends a request to fetch the library used for checking spelling errors.

Brave on startup sends a request to "variations.brave.com". Brave uses this to turn on and off features. There isn't a way to disable this as of yet.

Brave fetches the list of affiliates through "laptop-updates.brave.com".

Brave makes a request to "static1.brave.com" every once and a while, which looks like it's used to fetch plugin information? When the url was placed into the browser, it was directed to Google's error 404 page.

A quick "curl --head static1.brave.com" shows that Brave uses Google's gstatic, which uses Cloudflare as well.

On the first run, Brave fetches five extensions from "brave-core-ext.s3.brave.com" and tries to install them.

Not spyware related, but worth noting

Anti-privacy search engine by default

Google is the default search engine of Brave. For a browser that claims to be privacy oriented, this is a red flag. They at least make it easy for you to change the default search engine on the first run.

==========

==========

Google Chrome

Google Chrome is a web browser developed and distributed by Google.

Spyware Level: EXTREMELY HIGH

Google Chrome is not fully open source

Large parts of Google Chrome are open source, however not all of them are, and this prevents people from checking the entire software for potential spyware features that are not disclosed.

Google Chrome tracks the user's search history

Google Chrome contains several spyware features that reply on the user's search history being uploaded to Google servers. This is confirmed by the language in the privacy policy, clarifying the spyware features that rely on this.

The first spyware feature is Google Chrome's integration with the "Google Account" spyware platform. "If you are signed in to a Google site or signed in to Chrome and Google is your default search engine, searches you perform using the address bar in Chrome are stored in your Google account."

Google Chrome also contains a spyware feature called "Search prediction service". It is explained that: "When you search using the address bar in Chrome, the characters you type (even if you haven’t hit "enter" yet) are sent to your default search engine. If Google is your default search engine, predictions are based on your own search history, topics related to what you’re typing and what other people are searching for."

There is also the spyware feature "Navigation Assistance" which states that: "When you can’t connect to a web page, you can get suggestions for alternative pages similar to the one you're trying to reach. In order to offer you suggestions, Chrome sends Google the URL of the page you're trying to reach."

Google Chrome profiles your computer usage

In the privacy policy, Google details the extreme spyware feature it labels "Usage Statistics and Crash Reports". What it does, is it sends very detailed information about your hardware and computer usage, which confirms that it definitely contains the following spyware features:

But, it can also be extrapolated from the vague language that Chrome could and probably does monitor what other programs you have open. Either way, it is an extreme amount of information being collected, since it can be used to recreate what the user is doing on their desktop at all times. Chrome clarifies that this information is being sent whenever a website is being "slow" or whenever Google Chrome crashes.

Google Chrome is integrated with Google Payments

Google Payments is a spyware service that records your banking information and sends it to Google. This service is integrated into the Google Chrome browser, which makes it another opt-in spyware feature in the software.

Google Chrome contains a keylogger

This was confirmed in multiple places. Basically, whenever you type into the search bar, that information is sent to Google. You can apparently turn it off by opting out of the "suggestion service".

Google Chrome records your voice

Google Chrome is confirmed to be constantly listening to any open microphones on your computer. This can be found in this statement in a privacy publication. "Voice & audio information may be collected. For example, if your child uses audio activation commands (e.g., "OK, Google" or touching the microphone icon), a recording of the following speech/audio, plus a few seconds before, will be stored to their account…" This feature is opt-in if you are using the "Google Accounts" spyware platform and specifically tell Google to build a profile of your child. It's unverified whether or not Google uploads information it listens too to its servers outside of this feature.

Google Chrome saves user passwords on Google Servers

Any password stored in Google Chrome's "password management" feature is uploaded to Google if you sign into the "Google Accounts" spyware platform.

Google Chrome profiles users in other various ways

According to the privacy policy, Google Chrome profiles what kinds of web forms you fill out, as well as what kind of language the content you consume is primarily in. Google Chrome also creates a unique identifier for each install you do. This unique identifier is sent to Google whenever you start the browser, so that Google can create a consistent user identity for you, undermining anonymity. Google also stores all of your settings on it's official servers when using the "Google Accounts" feature.

Google Chrome is self-updating software

Google Chrome has an updater which is constantly running in the background and syncing with Google servers to check for updates. The updater will download and run unverified binaries from Google when it updates Google Chrome. It is impossible for an automatic updater service such as this to verify that the updates are not spyware and/or do not contain additional spyware features.

==========

==========

Dissenter

Dissenter is a web browser and plugin released by the social network company Gab.

Spyware Level: High

The Dissenter browser is a fork of the Brave web browser. It phones home to Brave for autoupdates and safebrowsing, which is hosted by Brave. The default search engine is DuckDuckGo. The browser has two extensions preinstalled. One extension, "Shields", blocks certain advertisement scripts. The other, "Dissenter" allows you to access the Dissenter social network. This extension phones home to several places whenever you open it, including Google and Twitter. The Dissenter social network also inherently must collect more information about the user's browsing habits than the current alternatives that already exist. It also doesn't help that their privacy policy is basically empty.

Phoning home

When the Dissenter Browser is started, it will make several connections to Brave's autoupdate services

Every once in a while, the Browser will send a request to Brave's instance of the Google safebrowsing service

Whenever the Dissenter extension is opened, it will phone home to several companies

This includes:

This happens every time the extension is opened.

Opt-out telemetry

Dissenter will send crash reports to Gab automatically. This is on by default and you have to opt-out.

"When Gab crashes, it creates a report that can be sent to us to help us fix whatever caused the problem. This report contains technical information about your computer system which is typically distinctive. You can choose whether to send us these reports. Even if you have chosen to send reports in the past, you can turn off future reports in settings. Crash reports may contain personal information.".

Dissenter bypasses its own tracker filter

Dissenter comes with its own content blocker called Shields that is meant to block trackers as you browse the web. This content blocker can block requests made by regular websites, but it does not block content that is loaded by the Dissenter extension. The Dissenter extension makes requests to trackers that would have been blocked by its own filter- by it's own standards Dissenter makes connections to tracking websites that are not necessary and not private. The spyware site "googleads.g.doubleclick.net" is correctly blocked by Shields when a normal website tries to access it, but this connection is not blocked when Dissenter accesses it... This is an interesting double standard when it comes to privacy.

Inherent issues with Dissenter

Dissenter has the inherent problem that it associates the web pages you have visited with the discussions you are having or trying to have. If you want to check an article's comments on Dissenter, you have to tell Gab that you visited that article. This gives Gab a very good profile of what sites you visit and what articles you read. Currently, alternatives exist to this model that are already in place. For example, you can create a thread on an Imageboard, Reddit-like website, or other web forum format, which sets an archived link to the article as the topic of discussion. This format is much more private because the parties involved have much less information about what their users did. The news website has no idea who read its article, because the traffic went to the archival service. The forum that you can freely comment on also doesn't know what articles you looked at or what discussions you tried to have. If we only consider privacy, this method is a somewhat better way of achieving this goal.

==========

==========

Internet Explorer

Internet Explorer is a Web Browser distributed by Microsoft with most versions of the Microsoft Windows Operating system.

Spyware Level: EXTREMELY HIGH

Internet Explorer contains many serious spyware features, however all of these features appear to be "opt-out" features. It is not verified whether or not opting out will actually disable all of these features, or if there are other spyware features that are not known which cannot be opted out of. Internet Explorer can record your search history and location, and report that information to Microsoft. Internet Explorer is not the worst spyware, but it is still loaded with spyware features that can mine serious information from users.

Internet Explorer does not have available source code

Internet Explorer cannot be built from available source code. This means that it is impossible to prove that it is not a spyware program or that it does not have unknown spyware features inside of it.

Internet Explorer is self-updating software

Internet Explorer can be updated through spyware programs such as Windows Update. Automatic software updates are a spyware feature because they cannot be verified to be non-spyware by the user. Luckily, this spyware feature is opt-out and can be turned off.

Internet Explorer sends your search history to Microsoft

Internet Explorer contains a spyware feature called "flip ahead". Flip ahead will periodically send your browsing history to Microsoft. This spyware feature is opt-out and can be disabled. Microsoft claims that the information it receives is encrypted to protect user privacy and sanitized to prevent personal information from being stored. This is unverifiable. Microsoft confirms that it does use the information obtained from flip ahead to build statistical models of your browsing habits. Other spyware features such as "Smartscreen filter", and "Suggested Sites" also confirm that they send your internet history to Microsoft.

Internet Explorer can track your location

Internet Explorer has the spyware feature commonly referred to as "location services", which is a feature that allows it to track the location of the user. The privacy statement explains that your location is obtained through a "Microsoft Location Service". Which means that your location is sent to a Microsoft server. Microsoft does not elaborate on what it does with this data or whether it stores this data. This spyware feature is opt-out.

Internet Explorer has an anti-privacy search engine by default

The default search engine is Bing which datamines its users and sells that information to advertisers.

==========

==========

Falkon

Falkon is a KDE web browser using QtWebEngine rendering engine, previously known as QupZilla.

Spyware Level: Probably Not Spyware

When another contributor tested this browser on Linux, it made no unsolicited connections. When I ran it on Windows, it connected to a domain unrelated to the homepage (DuckDuckGo). But, i'm not sure what it was for, and it wasn't reproduced on Linux. This browser is probably fine, but you should run your own tests and email me about what you found or didn't find.

Phoning Home?

On the first run of Falkon, using the 32-bit Windows version, it connected to these addresses, even though I was on its homepage, which seems to be locally stored because it does not create any requests when I go to it normally. I don't know what these are for. Maybe it's a form of phoning home? The first IP is for the domain: github.map.fastly.net which seems to be part of a CDN.

==========

==========

Mozilla Firefox

Mozilla Firefox is one of the most popular and longest existing browsers. Its developers have earned it a reputation for being a "privacy and security-based browser, respecting the user" — but is it justified, or just marketing? In fact, over the years they have made several anti-privacy (and generally anti-user) decisions, but this article will focus exclusively on spying. Version tested: 52.5.0, with the default settings. Program used for testing requests: Mitmproxy.

Spyware Level: High

After following the mitigation guide, this software is Not Spyware.

It sends a lot of different data very often (some of which could uniquely identify you). All the "services" that it provides, such as its default search engines and Pocket, are anti-privacy. The rating isn't higher because at least you can turn off or modify most of it, though it often requires diving deep into about:config.

Phoning home

Whenever you start Firefox, it makes this request:

In fact, it makes it every time you go to a website, and even a few times in a row for a single website. So Firefox "phones home" all the time, without your knowledge. Can be disabled ONLY in about:config. But, since you've already started Firefox, it will make this request at least once.

Automatic connections to some websites you've visited, including their trackers

Websites you visit most often are added to the New Tab panel. When you then open a new tab, Firefox will sometimes make requests to the sites in there, including some of their trackers. I haven't determined how it works yet. Sometimes it doesn't make the requests at all; other times you end up with hundreds of images, scripts, trackers, etc. loaded simply because you opened a new tab (without visiting any website explicitly). Was NOT able to find a way to disable this, even in about:config.

Firefox tracks users with Google Analytics

Firefox has been integrated with the spyware platform called "Google Analytics"[1]. Firefox has been confirmed to now send analytics to Google. According to a Firefox developer the spyware in Firefox is "extremely useful to us and we have already weighed the cost/benefit of using tracking." and that Firefox will not remove Google Analytics support entirely.

"Safe" Browsing?

Allegedly used to protect you from "phishing" websites, but in the end, it makes a bunch of requests to Google every 30 minutes (according to Mozilla), including a POST request with your Firefox version and a unique, persistent, hidden cookie. Since whenever the current URL matches an entry in the cached local blacklist a request is made to Google servers, ostensibly to test whether that website is still on the master online blacklist, it allows Google to monitor specific websites transparently to the user by putting the URLs of interest on the local but not the online blacklist. Can be disabled ONLY in about:config.

Firefox Health Report

From the horse's mouth: "For example, FHR sends data to Mozilla on things like: operating system, PC/Mac, number of processors, Firefox version, the number and type of add-ons. The data collected by FHR is tied to a Document ID that corresponds to a browser installation (explained above in question #4) so that the data can be correlated across a limited window of time.". Also, according to Mozilla, new versions of Firefox will also collect telemetry data by default. Can be disabled through the GUI.

Anti-privacy search engines by default

Old versions of Firefox had Google as the default search engine, which is obviously anti-privacy. Firefox 57 is going back to Google again. If they really cared about your privacy, the default search engine would be StartPage (which gives the same results as Google, but anonymized) or DuckDuckGo.

Pocket — a privacy nightmare

Firefox has a Pocket button in its navigation bar, which allows you to "save any article, video or page from Firefox" and "View in Pocket on any device, any time.". Can be disabled in about:config.

Automatic updates

Not that bad compared to all of the above, I guess — but still installs something without your consent, with possible new privacy nightmares in there. There is no excuse to at least not make "Check for updates, but let me choose whether to install them" the default — it would still give the security benefit, but not take control away from the user. Can be disabled through the GUI.

Other issues

Firefox also sometimes makes a request to "self-repair.mozilla.org" which looks like this.

It includes "optimizelyEndUserID" which probably means it uniquely identifies you. Can be disabled ONLY in about:config.

It also makes this request every time you open the default home page.

The number after the Firefox version is, again, uniquely identifying. Can be disabled ONLY in about:config.

Firefox phones home about almost every single interaction you have with its UI

Firefox will send information about almost every basic operation that you do back to Mozilla. This is tagged with a unique client ID and an ID for your current session, and any relevant information related to this action. By default, the following uses of the UI are reported to Mozilla:

==========

==========

Iridium Browser

Iridium is a privacy-based fork of Google Chrome. From their website: "All modifications enhance the privacy of the user and make sure that the latest and best secure technologies are used. Automatic transmission of partial queries, keywords and metrics to central services is prevented and only occurs with the approval of the user." Unlike other browsers of its kind, this one is fully featured (has all the addons that are available for Chrome), and so is recommended for everyday usage.

Spyware Level: Low

After following the mitigation guide, this software is Not Spyware.

The only unsolicited request is for the Google SafeBrowsing feature, and can be easily turned off from the Preferences menu. Additionally, privacy enhancements unrelated to Google are added, such as blocking third party cookies by default, and deleting local storage on close.

Phoning Home

Iridium browser will make these requests to Google to update a blocklist of websites for its SafeBrowsing feature

Iridium browser will also download this blocklist from a mirror maintained by the developers. Since the web browser is always "phoning home" to either google or the developers servers, this is a form of spyware that can be used to monitor usage of the program, as well as collection of the User-Agent's of the program's users. This request is made 5 minutes after the program is started, and then updated every 30 minutes.

Inaccurate Privacy Claims

The Iridium developers make the claim that as one of the privacy enhancements of Iridium, it uses the Google SafeBrowsing spyware feature, but with their own mirror of Google's database, meaning that you can use the feature without constantly phoning home to google, but instead phoning home to the developers, which, while still being a form of spyware, is an increase in privacy for the user. At least it would be if this section was actually true. You can see that from the "Phoning Home" section of this article, this claim is simply not true, which is very bad because it undermines the credibility of the other privacy claims that Iridium makes.

According to another writer, in his tests the browser would only connect to iridiumbrowser.de. So it is possible that this privacy claim is true for some versions of Iridium, and false for other versions of Iridium. The version of Iridium that phones home to Google is Version 2018.4 for 64-bit Windows, tested on Windows 7, if you want to see this for yourself.

Not only is this privacy claim inaccurate, but a pull request has been open on the developers GitHub for OVER A YEAR with no response from the development team. It's pretty disappointing to see such a privacy concerned front to this project, but then a negligent attitude with long-standing privacy issues once you pull back the curtain and look a little deeper at the claims this browser makes.

==========

==========

Librewolf

Librewolf is a Firefox fork with the primary goals of privacy, security and user freedom.

Version tested: 95.0.2

Spyware Level: Low

Librewolf makes some calls on startup to "f.s.s.m.c.qjz9zk" which looks like an obliterated address, and "shavar.services.mozilla.com" which is intended (however it can be disabled by clearing the URL in browser.safebrowsing.provider.mozilla.updateURL). There is also an attempt to check for updates regarding the pre-installed uBlock Origin extension.

This is a big improvement compared to Firefox.

==========

==========

Netsurf

From their website: "NetSurf is a multi-platform web browser for RISC OS, UNIX-like platforms (including Linux), Mac OS X, and more". Version Tested: Netsurf 3.9.

Spyware Level: Low

Upon launch Netsurf makes a request to get the default search engine's icon, that default search engine is Google. This was tested with mitmproxy. Other than that, there are no unsolicited requests. After following the mitigation guide, this software is not spyware.

==========

==========

Opera

A web browser made by Opera Software, using the Blink engine. Has some interesting features like mouse gestures, a built-in ad blocker and VPN. It is the sixth most popular browser. But how does it look like in terms of privacy?

Version tested: 87.0.4390.36

Spyware Level: EXTREMELY HIGH

Opera makes about 83 unsolicited requests on its first run.

By default, it spies on all your browsing. Works closely with advertisers and trackers. It is integrated with Facebook/Meta, one of the biggest privacy violators in the world. Has Google as the default search engine. Closed source.

Geolocation

Opera makes geolocation requests.

Malware / Phishing protection

Anytime you visit a website, Opera will make a request like this to check if it is malicious. So it is literally spying on your whole browsing history.

This can be turned off in the settings ("Privacy & Security" → "Privacy" → "Protect me from malicious sites").

Facebook, Instagram and WhatsApp integration

Opera has a Facebook Messenger, WhatsApp and Instagram button on the sidebar, and Facebook/Meta (which owns WhatsApp and Instagram) and is one of the most anti-privacy organizations out there.

Opera's "Partners"

Opera has a list of "partners" — those are the websites that are in the Speed Dial by default.

If you click on one of them from there, they will know you visited from Opera's Speed Dial. Those requests also include unique user IDs.

Opera is closed source

And it will stay that way. From their FAQ (the message used to be there in 2017, they must have deleted it somewhere in 2018):

Opera has not officialy open sourced its browser. However, leaks of the old Presto web engine Opera used to use have appeared on the internet.

Even with that however, there could still other spyware might be hiding in there.

==========

==========

Pale Moon

Pale Moon is a fork of an old Firefox version, before the user interface change that put off many people. Version 28.4 was used to write this article.

Spyware Level: Medium

After following the mitigation guide, this software is Not Spyware.

Connects to analytics services, and these requests can only be avoided on subsequent runs. Has block lists, search suggestions, and auto-updates. Sends SSL certificates from the sites you visit.

Google Analytics on Homepage

By default, Pale Moon's home page is set to "https://palemoon.start.me", and it will automatically make a connection to it upon its first run. This page connects to Google Analytics, which can fingerprint and track you across the internet.

Auto-updates

Pale Moon will automatically update itself, addons and search engines, as well as its blocklist.xml file with the addons it considers "malicious". Some of these can be turned off from the GUI, and some only from about:config.

Search Suggestions

The default search engine is the privacy-respecting DuckDuckGo, however search suggestions are enabled by default, which could send a request for every letter you've typed, all while you think it stays in-browser until you press Enter. Can be turned off by right-clicking the search bar.

OCSP querying

Will automatically check every site's SSL certificate to see if it is valid, which necessitates sending it to a third party. Can be turned off from the GUI.

Not spyware related, but worth noting

Blocking privacy-enhancing addons

Pale Moon by default won't allow you to install the privacy-enhancing addon NoScript, citing this rationale for blocking such an important addon: "NoScript is known to cause severe issues with a large (and growing) number of websites. Unless finely tuned for every website visited, NoScript will cause display issues and functional issues.". To disable this blocklist, set "extensions.blocklist.enabled" to "false" in about:config.

==========

==========

SeaMonkey

SeaMonkey is a web browser, email client, news reader, HTML editor and an IRC client.

Spyware Level: Medium

SeaMonkey makes about 35 requests on first start, with a connection to Google SafeBrowsing recurring about every 30 minutes, though it can be disabled.

==========

==========

Slimjet

Slimjet is a clone of the SlimBrowser web browser from FlashPeak that uses the Chromium as a base.

Spyware Level: EXTREMELY HIGH

Slimjet's website claims that it is very committed to user privacy, and that it blocks Google tracking, unlike Google Chrome. However, this claim is not true. Slimjet is constantly sending information to google and connecting to google services. Slimjet claims to be concerned about privacy but ultimately retains just about all of the spyware features found in Google Chrome, as well as additional spyware added on by FlashPoint. In this way, Slimjet manages to implement all of the spyware that is found in browsers like Google Chrome, except instead of one company having this information, it's split up among several companies...

Phoning Home

Even though on its site, FlashPeak claims that: "Slimjet doesn't send any usage data back to Google like Chrome." the moment I turn it on with MITMproxy running, I am greeted with this

So, this claim just isn't true at all. It's still got a lot of Google's spyware in it, if it's still connecting to so many Google services. What's kind of surprising is that it didn't seem to connect to any servers explicitly operated by FlashPeak when I was testing it. Even though, it claims to collect information about its users for internal usage. So, it must be phoning home as well as sending information to Google. Maybe it sends information through some kind of Google web service?

Default Search Engine is Spyware

The default search engine is Bing, which sells your information to advertisers. If that isn't enough, it's "served from fpseek.com" which means that not only are you exposing your information to Bing, this is also being logged by fpseek, which has its own privacy policy. Whenever you search something using the default search engine, requests are sent to both Bing and fpseek

Collecting Information about Users

Slimjet claims to collect "some anonymous feature usage statistics information", and claims not to record your IP or sell that information to advertisers. However, it is still opt-out spyware.

Using the Microsoft BITS service to upload search history to Google servers

When you start Slimjet, it will begin using the BITS (Background Intelligent Transfer Service) which is designed to use spare bandwidth to transfer updates and other information. These requests are sent between Slimjet and a Google server, with confirmation from Process Monitor and MITMproxy

Obviously you can tell that any kind of service to sync your search history "in the cloud" is a privacy nightmare. Now both Google and Slimjet have access to your search history...

==========

==========

Sphere Browser

Sphere Browser is a privacy-focused web Browser made by Tenebris.

Spyware Level: Possible Spyware

This program was tested with MITMproxy on Linux. Sphere Browser itself does not contain any telemetry and really has removed all of the spyware from the chromium codebase that it is based on. However, it has two red flags- the default homepage has analytics, and you have to run analytics on your browser to download it. The software is fine. Just the settings and the way you have to download it and the lack of source code hold it back from the title of "Not Spyware". You can easily configure it to not connect to the default homepage, at least.

Tracking pixel on the default homepage

Sphere Browser is based around an "identities" feature that lets you change how your browser appears to the rest of the internet in a rather easy way- and then it by default loads the site "f.vision" which can identify your new identity in a pretty centralized way, and even includes a tracking pixel from the getclicky analytics service. If you want to use this browser, you really should not be using this default homepage. It contrasts with the privacy features of the browser rather poorly.

JavaScript from an Analytics company on the download site

Another problem is, you need to load JavaScript to download the browser itself at sphere.tenebris.cc/, which tries to load JS code from Tenebris as well as JavaScript from the same analytics company that has the tracking pixel on "f.vision". Why are these analytics here if the browser is so focused on privacy?

==========

==========

SRWare Iron

SRWare Iron is a free web browser, and an implementation of Chromium by SRWare of Germany.

Spyware Level: EXTREMELY HIGH

SRWare Iron claims to be a privacy respecting web browser that is an alternative to Google Chrome's spyware, and specifically brands itself as a privacy respecting web browser that aims to give users the Chrome experience without Google's spyware. However, when examining this program, these claims instantly melt away. SRWare Iron connects to an absolutely incredible amount of trackers and opens connections to an enormous amount of servers on its first run. It racks up a rough estimate of ~400-500 unsolicited connections, and it actually took several minutes for it to stop making new requests and connections. SRWare Iron uses the spyware search engine Bing as its default search engine, however it goes beyond that and routes your requests to Bing through its own servers so that it can spy on your internet searches as well. The bottom line is that this browser is just another false privacy initiative and is really no better than Chrome.

Version 69.0.3600.0 of SRWare Iron was tested on Windows 7 64-bit. MITMproxy, Microsoft Network Monitor 3.4, and Sysinternals ProcMon were used to monitor the behavior of this program.

False Privacy Initiative

SRWare Iron claims on its website that it is:

"Chrome thrilled with an extremely fast site rendering, a sleek design and innovative features. But it also gets critic from data protection specialists, for reasons such as creating a unique user ID or the submission of entries to Google to generate suggestions. SRWare Iron is a real alternative. The browser is based on the Chromium-source and offers the same features as Chrome, but without the critical points that the privacy concern."

The reality is that you are merely trading in one spyware product for another. Where Chrome's spyware has been removed, Iron's spyware is there to replace it. Which poison are you going to pick? The worst part is that people will read what is claimed on SRWare's website and believe it without doing any tests for themselves.

Massive amount of connections on first startup

When you first start SRWare Iron, it will immediately open the following two pages: "https://iron.start.me/us" and "https://www.srware.net/en/software_srware_iron.php". The most offensive page is the "start.me" domain which begins loading in an enormous amount of spyware from all over the internet. I did not count the specific amount of requests but it was somewhere in the 400-500 range (my software doesn't provide a great amount of automation... or maybe i'm not using it as well as I could). This image (at 1.06 MB- almost 1/4 of the size of the entire site as of writing!) should give you an idea of the amount of requests I was swamped by. It took a while for it to die down. On subsequent runs the amount of requests it sent was far less. It connected to spyware platforms like Google Analytics and Piwik, and executed their JavaScript payloads. There were a lot of redundant connections to Google Analytics so it's probable that multiple companies are able to send their own analytics payloads through this homescreen. Thus thoroughly fingerprinting and profiling your web browser and computer the moment you begin browsing the internet with your new "privacy respecting" browser — so that all of these advertising companies can track you everywhere you go!

Redirecting of internet searches through developer's domain

After you've finished identifying your web browser to just about every single spyware company on the internet, you can begin making internet searches with your new SRWare Iron browser. The default search engine is the spyware search engine Bing. However, it's not enough to just point you at a spyware search engine... when you try and actually run a search on Bing, this is what happens: basically, every time you make a search with this browser, your searches are sent through the developer's servers. So, the developer can know exactly what your internet history is, in this way. Your searches are also being sent through "wisesearches.com", but I don't know who they are. So now instead of giving up your search history to one spyware company, Google, you can give it to three spyware companies, by switching to this browser. This is a very similar tactic to the one that the spyware browser Slimjet uses, where it routes searches to Bing through its own domains.

==========

==========

Tor Browser Bundle

Version tested: 11.0.3

Tor is free software and an open network that helps you defend against traffic analysis, a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security. This article is about the desktop Tor Browser Bundle, which is based on Firefox. Tor itself can be used with any browser.

Spyware Level: Low

The Tor browser is a privacy focused web browser that is used to access the internet through the Tor Network. Connections through the Tor network are much more private than normal connections as you do not have an IP address that is associated with you. While spyware services can tell that you are connecting from the Tor network, their ability to identify and profile you is greatly reduced.

Tor Browser has automatic updates, and sends telemetry, albeit over Tor.

If you go to about:networking, you will see several addresses that are affiliated with Mozilla, even before Tor is connected. You can mitigate the spyware, but note that there is a chance that it will be overwritten by future updates.

==========

==========

Vivaldi

Vivaldi is a feature-full, customizable web browser made by some of Opera's old developers (since they were dissatisfied with the direction Opera was heading). Just like modern Opera, it is based on Chromium.

Version tested: 5.2.2623.48

Spyware Level: High

Vivaldi makes about 119 requests on startup, and continues to make unsolicited connections after. Anti-privacy Bing is the default search engine.

Even if you disable everything under "Google Services" and "Google Extensions" under "Privacy" in settings, it will still make automatic connections to Google. Also makes connections after first start up to "mirmir.vivaldi.com" and "downloads.vivaldi.com".

Vivaldi's web pages are Cloudflared

You will be blocked if using Tor, and be connected to "hcaptcha.cloudflare.org". You can disable this by simply changing the homepage.

Vivaldi Assigns you a unique ID

From the Privacy Policy: "When you install Vivaldi browser (“Vivaldi”), each installation profile is assigned a unique user ID that is stored on your computer. Vivaldi will send a message using HTTPS directly to our servers located in Iceland every 24 hours containing this ID, version, cpu architecture, screen resolution and time since last message. We anonymize the IP address of Vivaldi users by removing the last octet of the IP address from your Vivaldi client then we store the resolved approximate location after using a local geoip lookup. The purpose of this collection is to determine the total number of active users and their geographical distribution".

Cannot be built from source code

"However, it is only our Chromium work that is found on https://vivaldi.com/source. If you were to build it and run it, nothing will display as the HTML/CSS/JS UI is missing. This UI is only available as part of our end user packages, which is covered by the EULA (in which we also bundle with a compiled version of our modified Chromium).".

==========

==========

Waterfox Classic

Version tested was 2022.04.

Waterfox is a web browser that is a fork of Firefox.

Spyware Level: Medium

Waterfox is a fork of Firefox that claims to be more private and secure than Firefox. However, Waterfox contains telemetry and shares information about you with Mozilla, and has other spyware features.

Waterfox connects to spyware services when it is first run

If you start up Waterfox for the first time, it will make between 31 to 130 requests (most of them being version checks) to several spyware platforms, notably Matomo, and Mozilla online services like its Geolocation service, and several other Mozilla services, as well as Waterfox's own update service.

Waterfox is integrated into the "Firefox Accounts" spyware platform

The "Firefox Accounts" platform allows you to sync a lot of sensitive information, such as your internet history, across all of your devices. This is, of course, all being stored on Mozilla's servers. This feature is opt-in spyware, but it should still be mentioned. If you don't want your internet history to be uploaded to Mozilla servers, don't use this feature.

Waterfox is self updating software

Self updates are a spyware feature since they are usually ways for the developer of a program to put spyware into their software without presenting it in a prominent way where the user can understand what they are giving up when they download the update.

Other known spywares, like Chromium, make use of this method

Not spyware related, but worth noting

Anti-privacy search engine by default

By default Waterfox uses the search engine Bing. Why would a privacy-based Web Browser offer this search engine by default? The other offered search engines are not much better- we have the option of searching with Google, which also logs your internet searches, and Ecosia, which also logs your internet searches (but it gives them to Bing). The developers attitude towards these search engines is concerning:

"Bing is actually quite good for privacy as well (let's not forget Mozilla even suggested them as a more privacy focused search back in 2009).".

It's very clear that while the browser advertises itself as very privacy focused, the actual words and actions of the developers aren't consistent with this claim.

==========

==========

WebDiscover

WebDiscover is a web browser made by WebDiscover Media.

Spyware Level: EXTREMELY HIGH

WebDiscover uses the spyware search engine Yahoo as it's default search engine, but on its website it says it uses the spyware search engine Bing as it's default search engine. It is hard to review since every time I run it, it messes up MITMproxy so I can't see what it's doing. The privacy policy explains that it collects a large amount of personal information from its users, so it is at least not a secret that this browser is spyware. This program acts in a very suspicious way and the privacy policy contains a lot of language in it about the use of the information it collects that elevates it to a uniquely bad stance on user privacy and use of user information, so I would recommend staying far away from it.

WebDiscover installs itself onto users computers through installer bundling

WebDiscover is mostly installed through other programs as an opt-out. This means that most users did not want to install this browser, and were tricked into doing it by other software's installer programs.

WebDiscover collects a large amount of information about its users

According to its privacy policy, WebDiscover collects the following information about its users as its browser is downloaded and used:

Some of this information is typical of the kind of info that is collected by developers who write programs that phone home using the HTTP protocol. However, WebDiscover also collects the following information about its users which is more concerning:

"We may collect Personal Data and Anonymous Data when you download the Browser. We may also collect Personal Data when you send us information or communications directly. “Personal Data” means data that allows someone to identify or contact you including, without limitation, your name, physical address, electronic mail (email) address, phone number, and credit card information (collectively, your “Personal Data”) for the purposes of recording the transaction when you engage in activities on the Site or through use of the Browser."

So, WebDiscover will profile your computer, and WebDiscover Media will use every opportunity they get to collect information about you

WebDiscover sells information about its users

In this quote from the privacy policy:

"We may share Anonymous Data with selected third parties and business partners..."

Confirming that the information that WebDiscover collects about you will be sold to advertisers.

Phoning Home

When WebDiscover is started, it will begin making requests to "ec2-54-191-159-75.us-west-2.compute.amazonaws.com"

This is presumably how it collects a lot of the personal information about its users. This was discovered using Microsoft Network Monitor 3.4.

==========