from ken@discuss.tchncs.de to privacy@lemmy.ca on 30 Jan 01:49
https://discuss.tchncs.de/post/53845514
Set up a framework to fully man-in-the-middle my own browsers’ networking and see what they’re up to beyond just looking at their DNS queries and encrypted tcp packets. We force the browser to trust our mitmproxy cacert so we can peek inside cleartext traffic and made it conveniently reproducible and extensible.
It has containers for official Firefox, its Debian version, and some other FF derivatives that market a focus on privacy or security. Might add a few more of those or do the chromium family later - if you read the thing and want more then please let us know what you want to see under the lens in a future update!
Tests were run against a basic protocol for each of them and results are aggregated at the end of the post.
Posting with ambition that this can trigger some follow-ups sharing derived or similar things. Maybe someone could make a viral blog post by doing some deeper tests and making their results digestible ;)
threaded - newest
So essentially, Mullvad is the only one out of the browsers tested that doesn’t leak notable amounts of data on first launch.
At least in most cases, the data is being leaked back to the developer and not third parties.
I don’t think the data supports that. I’m curious what makes you single it out. Mullvad is in the top-tier but it is not alone (or clearly #1 - like the post gets into - it gets nuanced and I think any attempt at general objective “top 5 ranking” will be reductive to the point of being misleading or plain wrong. So I’m not trying that here). Read again? :)
For example of nuance displayed in results:
You’re right—they’re all doing differently privacy impacting things, but there are no “winners”.