Под прицелом разработчиков: какие данные хранит о пользователе глобальная паутина

Online presence on the Internet does not go unnoticed: every time we visit websites, we are being watched. This practice has become widespread — data collection is now integrated not only into web pages, but also into many applications. It remains to be seen what information developers of popular browsers collect and how much this affects our privacy.

According to OpenStat statistics, the most popular desktop versions in Russia are Chrome (almost 50%), Yandex Browser, Firefox and Opera. Safari for Windows is outdated and little used. The Edge browser, despite its low popularity (1.5%), and Internet Explorer (often masquerading as it) aroused the greatest interest in terms of "spy activity".

Legal invasion of privacy

Many users are used to the fact that their actions on the computer are tracked, but do not realize the amount of data transmitted. Human rights activists see a violation of privacy even in technical logs. The truth is in the middle.

Most people think that only "anonymous statistics to improve the product" are collected, as indicated in formal warnings. However, vague wording and phrases like "...and other information" give companies complete freedom of action.

Google knows about users' contacts, addresses and health. Microsoft identifies handwriting by handwritten input. Antiviruses can send any files. Browsers, although they seem less dangerous, also collect data, which can have consequences.

Google Chrome

When first launched, Chrome 56.0 establishes nine connections to Google servers in four subnets. One of them (in Russia, Rostelecom) receives data about the browser version, OS, and network activity. The other is used to verify Google.com certificates and its mirrors.

When opening new tabs, the same network infrastructure is used, and a common X-Client-Data identifier is generated for them. A connection to the storage.mds.yandex.net server is regularly observed, but no data is transmitted. The main part of the remaining network traffic is related to the Google SafeBrowsing service and update processes.

Yandex Browser

Yandex.Browser 17.3 behaves more actively, establishing many connections, including with servers of third-party companies (Mail.ru, VK, Google), probably due to partnership agreements offering alternative search and advertising. Part of the traffic comes from a system process with zero PID, connecting to the same addresses as the browser.

The browser sends detailed information about the configuration of the computer, browser, password manager and bookmarks to api.browser.yandex.ru. Information about other installed browsers is also recorded and determines the physical location of the device via HTTPS and the explorer process, using the Wi2Geo geolocation service to calculate coordinates.

Edge

Microsoft Edge (version 38.14 in Windows 10 build 1607) actively works in the background, establishing connections to Microsoft servers, even when it is not running. When launched, it also connects to the main Microsoft networks. No obvious suspicious activity was detected, only meager telemetry, User-Agent and cookies. With a clean launch, traffic is minimal, with the exception of a string with encoded DefaultLocation and MUID sent to msn.com. Studies show that this Edge behavior may be an illusion, as Windows 10 and other Microsoft OSs have many ways to collect detailed information about the user and their network activity.

Opera

When installing Opera 43.0, traffic goes not only to opera.com, but also to BitGravity and EdgeCast servers, transmitting anonymized identifiers, browser and OS versions. Each time the browser was launched, it showed ads, which is a standard monetization scheme.

A string from Booking.com was found in the intercepted traffic with a job offer for designers and developers in Amsterdam.

Opera also connects to the Dutch network WIKIMEDIA-EU-NET, transmitting security certificate verification packets and meager User-Agent information that did not match the browser version.

In general, Opera 43.0 behaved modestly, loading ads at startup, but then closing third-party connections and not disclosing personal data.

Firefox

Firefox developer, Mozilla Foundation, actively uses Amazon cloud services (compute.amazonaws.com) to download browser updates and add-ons, as well as to speed up search queries. Traffic is also used through Akamai, Cloudflare, EdgeCast and Google. A new tab displays links to Mozilla projects, images for which are downloaded from the network.

Firefox usage statistics are sent to telemetry.mozilla.org and look harmless. The user's location is determined via Mozilla Location Service only with their permission. No suspicious Firefox activity was detected, all traffic complies with the user agreement.

Lowering the blinds

It is easy to disable sending most of the statistics by Chrome, Firefox and Opera browsers. To do this, simply uncheck the box next to "Send usage information" (or similar), which is usually located in the installation wizard or in the "Privacy" section of the browser settings.

In the browser settings, you can enable tracking protection (do_not_track) and request permission to send geolocation data, as well as disable automatic sending of error information. Tracking protection adds a special header to the traffic, but its processing depends on the site.

Geolocation data: Sending on request increases security, but reduces convenience, as sites will not be able to automatically determine the location.

Problem information: Sending data about crashes (shutdown, connection problems) helps developers improve the browser if there are no non-standard extensions.

Conclusions

A study of popular browsers revealed that they send technical data from devices to developers and partners. This data, such as screen resolution, processor architecture, number of tabs, and synchronized passwords, is not personal or sensitive.

Although part of the traffic is encrypted, and the situation with the privacy policy may change, the collected technical information, even if it is general, forms a unique "digital fingerprint" of the user. This fingerprint makes it possible to reliably distinguish one user from another, but does not reveal the identity.