Set up a framework to fully man-in-the-middle my own browsers’ networking and see what they’re up to beyond just looking at their DNS queries and encrypted tcp packets. We force the browser to trust our mitmproxy cacert so we can peek inside cleartext traffic and made it conveniently reproducible and extensible.
It has containers for official Firefox, its Debian version, and some other FF derivatives that market a focus on privacy or security. Might add a few more of those or do the chromium family later - if you read the thing and want more then please let us know what you want to see under the lens in a future update!
Tests were run against a basic protocol for each of them and results are aggregated at the end of the post.
Posting with ambition that this can trigger some follow-ups sharing derived or similar things. Maybe someone could make a viral blog post by doing some deeper tests and making their results digestible ;)
What is this based on? Why not see if that assumption is true1? There’s quite a big difference in nature and quality here between them. This doesn’t really come through in the data aggregation put on display in the post but I hope more people will try to run this on their own. Zen and Mozilla are the only ones with significant (and it is significant) telemetry of their own at all between these while LibreWolf and Konform have 0 data going to the devs, for one.
The whole idea here is to be able to achieve more nuanced and accurate understanding so more educated decisions can be made and enlightening conversation be had. Not just keep rehashing the same memes we based on vibes and hearsay.
Was hoping more for answering questions or getting new input than shooting down uninformed takes 😅
1: Well, staying inside the system we can’t prove that no sharing with third-parties is going on if we only see one domain involved. But that is not the case everywhere here. We can easily see when separate servers operated by multiple parties are involved by looking at the URLs and looking up the domain names. And then we can go look at what’s being sent to where.