browser-network-insights/README.md at main
codeberg.org
browser-network-insights - they have played us for absolute fools

Set up a framework to fully man-in-the-middle my own browsers’ networking and see what they’re up to beyond just looking at their DNS queries and encrypted tcp packets. We force the browser to trust our mitmproxy cacert so we can peek inside cleartext traffic and made it conveniently reproducible and extensible.

It has containers for official Firefox, its Debian version, and some other FF derivatives that market a focus on privacy or security. Might add a few more of those or do the chromium family later - if you read the thing and want more then please let us know what you want to see under the lens in a future update!

Tests were run against a basic protocol for each of them and results are aggregated at the end of the post.

Posting with ambition that this can trigger some follow-ups sharing derived or similar things. Maybe someone could make a viral blog post by doing some deeper tests and making their results digestible ;)

  • ken@discuss.tchncs.deOP
    11·
    4 days ago

    I don’t think the data supports that. I’m curious what makes you single it out. Mullvad is in the top-tier but it is not alone (or clearly #1 - like the post gets into - it gets nuanced and I think any attempt at general objective “top 5 ranking” will be reductive to the point of being misleading or plain wrong. So I’m not trying that here). Read again? :)

    For example of nuance displayed in results:

    ### Number of requests
119 firefox
81 firefox-esr
0 konform
7 librewolf
30 mullvad-browser
62 zen-browser
    • Em Adespoton@lemmy.ca
      2·
      4 days ago

      You’re right—they’re all doing differently privacy impacting things, but there are no “winners”.

      • ken@discuss.tchncs.deOP
        2·
        3 days ago

        There can still be winners, the good, the bad, and the ugly. It’s just that we have to engage a bit deeper than a quick scroll and a oneliner to figure it out1 than that.

        they’re all doing differently privacy impacting things, but there are no “winners”.

        The difference matters. Looking into the raw URLs and bodies involved is enlightening. Apart from that, which other queries can we run with jq (or other tools) can we add to the post to add more useful dimensions?

        1: The answer might be different for each of us and depend on what we’re doing at the moment. Different situations might call for different browsers.