News

Issue 59: 2023-06-02

New browser versions

On Desktop:

• Brave 1.52
• Chrome 114.0
• Librewolf 113.0

On iOS:

• Duckduckgo 7.75
• Firefox 113.2
• Yandex 2305.3

On Android:

• Duckduckgo 5.159

Issue 58: 2023-05-26

New browser versions

On iOS:

• Brave 1.51
• Duckduckgo 7.74
• Firefox 113.1

On Android:

• Brave 1.51
• Edge 113.0
• Firefox 113.2
• Focus 113.2
• Opera 75.3
• Samsung 21.0
• Yandex 23.5

Issue 57: 2023-05-20

New browser versions

On Desktop:

• Firefox 113.0
• Librewolf 113.0-1
• Opera 99.0

On iOS:

• Edge 113.1774
• Firefox 113.0
• Focus 113.0
• Yandex 2305.2

On Android:

• Mull 113.0

Issue 56: 2023-05-13

New browser versions

On Desktop:

• Ungoogled 113.0

On iOS:

• Brave 1.50
• Chrome 113.5672
• Yandex 2305.0

On Android:

• Duckduckgo 5.158

Issue 55: 2023-05-06

New browser versions

On Desktop:

• Brave 1.51
• Chrome 113.0
• Edge 113.0

On iOS:

• Yandex 2303.7

On Android:

• Chrome 113.0
• Duckduckgo 5.157
• Edge 112.0

Issue 54: 2023-04-28

New browser versions

On iOS:

• Firefox 112.2
• Safari 16.4
• Yandex 2303.6

On Android:

• Firefox 112.2
• Focus 112.2
• Mull 112.1
• Opera 74.3
• Vivaldi 6.0

Issue 53: 2023-04-20

New browser versions

On Desktop:

• Librewolf 112.0
• Opera 98.0
• Ungoogled 112.0
• Vivaldi 6.0

On iOS:

• Edge 112.1722
• Firefox 112.0
• Focus 112.0
• Opera 3.6
• Yandex 2303.5

On Android:

• Duckduckgo 5.156
• Firefox 112.1
• Focus 112.1
• Opera 74.2

Issue 52: 2023-04-14

New browser versions

On Desktop:

• Brave 1.50
• Firefox 112.0
• Librewolf 112.0-1

On iOS:

• Brave 1.49

On Android:

• Brave 1.50
• Duckduckgo 5.155

Issue 51: 2023-04-07

New browser versions

On Desktop:

• Chrome 112.0
• Edge 112.0
• Mullvad 12.0
• Ungoogled 111.0

On iOS:

• Chrome 112.5615
• Firefox 111.2
• Opera 3.5
• Yandex 2303.4

On Android:

• Chrome 112.0

Issue 50: 2023-04-01

On Desktop:

• Librewolf 111.0

On iOS:

• Edge 111.1661
• Firefox 111.1
• Focus 111.1
• Yandex 2303.3

On Android:

• DuckDuckGo 5.154

Issue 49: 2023-03-24

New browser versions

On Desktop:

• Librewolf 111.0-2
• Opera 97.0

On iOS:

• Yandex 2303.1

On Android:

• Duckduckgo 5.153
• Firefox 111.1
• Focus 111.1
• Mull 110.1
• Opera 74.1
• Yandex 23.3

Issue 48: 2023-03-17

New browser versions

On Desktop:

• Edge 111.0
• Firefox 111.0

On iOS:

• Chrome 111.5563
• Firefox 110.2
• Yandex 2303.0

On Android:

• Brave 1.49
• Chrome 111.0
• Opera 74.0

Issue 47: 2023-03-11

New browser versions

On Desktop:

• Brave 1.49
• Chrome 111.0

On iOS:

• Brave 1.48
• Firefox 110.1
• Opera 3.5
• Yandex 2301.8

On Android:

• Duckduckgo 5.152

Issue 46: 2023-03-03

New browser versions

On iOS:

• Yandex 2301.7

On Android:

• Duckduckgo 5.151
• Firefox 110.1
• Focus 110.1
• Yandex 23.1

Issue 45: 2023-02-23

New browser versions

On Desktop:

• Opera 96.0
• Vivaldi 5.7

On iOS:

• Brave 1.47
• Chrome 110.5481
• Duckduckgo 7.72
• Edge 110.1587
• Firefox 110.0
• Focus 110.0
• Yandex 2301.6

On Android:

• Duckduckgo 5.150
• Opera 73.3
• Samsung 20.0
• Vivaldi 5.7

Issue 44: 2023-02-18

On Desktop:

• Brave 1.48
• Chrome 110.0
• Edge 100.0
• Firefox 110.0
• Librewolf 110.0-1
• Ungoogled 110.0

On Android:

• Brave 1.47
• Chrome 110.0
• Duckduckgo: 5.149
• Firefox 110.0
• Focus 110.0

Issue 43: 2023-02-03

New browser versions

On Desktop:

• Librewolf 109.0
• Opera 95.0
• Ungoogled 109.0

On iOS:

• Yandex 2301.4

On Android:

• Duckduckgo 5.148
• Firefox 109.2
• Focus 109.2
• Opera 73.2

Issue 42: 2023-01-27

New browser versions

On Desktop:

• Firefox 109.0
• Safari 16.3

On iOS:

• Firefox 109.0
• Focus 109.0
• Opera 3.5
• Safari 16.3
• Yandex 2301.2

On Android:

• Brave 1.47
• Firefox 109.1
• Mull 109.1
• Opera 73.1

Issue 41: 2023-01-19

New browser versions

On Desktop:

• Chrome 109.0
• Edge 109.0
• Librewolf 109.0-1

On iOS:

• Chrome 109.5414
• Duckduckgo 7.71
• Safari 16.2
• Yandex 2301.0

On Android:

• Chrome 109.0
• Duckduckgo 5.146
• Edge 109.0
• Focus 109.1
• Mull 108.1
• Opera 73.0
• Yandex 23.1

Issue 40: 2023-01-08

New browser versions

On iOS:

• Brave 1.46
• Edge 108.1462
• Focus 108.1
• Yandex 2211.8

On Android:

• Firefox 108.2
• Focus 108.2

Issue 39: 2022-12-23

New browser versions

On Desktop:

• Firefox 108.0
• Librewolf 108.0
• Opera 94.0
• Safari 16.2
• Ungoogled 108.0

On iOS:

• Firefox 108.1
• Focus 108.0
• Safari 16.1
• Yandex 2211.7

On Android:

• Duckduckgo 5.145
• Edge 108.0
• Firefox 108.1
• Focus 108.1
• Opera 72.5
• Vivaldi 5.6

Issue 38: 2022-12-08

New browser versions

On Desktop:

• Brave 1.46
• Chrome 108.0
• Edge 108.0
• Librewolf 107.0
• Tor 12.0
• Vivaldi 5.6

On iOS:

• Chrome 108.5359
• Firefox 107.2
• Focus 107.1
• Opera 3.4
• Yandex 2211.5

On Android:

• Brave 1.46
• Bromite 108.0
• Chrome 108.0
• Duckduckgo 5.144
• Firefox 107.2
• Focus 107.2
• Mull 107.2

Issue 37: 2022-11-25

New browser versions

On Desktop:

• Chrome 107.0
• Firefox 107.0
• Librewolf 107.0-1
• Opera 93.0

On iOS:

• Brave 1.45
• Edge 107.1418
• Firefox 107.0
• Focus 107.0
• Opera 3.3
• Yandex 2211.3

On Android:

• Duckduckgo 5.143
• Firefox 107.1
• Focus 107.1
• Opera 72.3

Issue 36: 2022-11-10

New browser versions

On Desktop:

• Firefox 106.0
• Tor 11.5
• Ungoogled 107.0

On iOS:

• Brave 1.44
• Chrome 107.5304
• Duckduckgo 7.70
• Firefox 106.1
• Safari 16.1

On Android:

• Brave 1.45
• Chrome 107.0
• Duckduckgo 5.142
• Edge 107.0
• Focus 106.1
• Opera 72.2
• Samsung 19.0
• Yandex 22.11

Issue 35: 2022-10-28

New browser versions

On Desktop:

• Brave 1.45
• Chrome 107.0
• Edge 107.0
• Firefox 104.0
• Librewolf 106.0
• Opera 92.0
• Safari 16.1

On iOS:

• Focus 106.0
• Yandex 2209.7

On Android:

• Bromite 106.0
• Chrome 106.0
• Duckduckgo 5.141
• Edge 106.0
• Firefox 106.1
• Mull 105.1
• Opera 72.1
• Samsung 18.0
• Tor 102.2
• Vivaldi 5.5
• Yandex 22.9

What's new

DuckDuckGo Desktop Beta (on MacOS) is now being tested -- results are shown in the Nightly section.

We see on Safari Desktop that the favicon cache is now partitioned! In Safari, Blob URLs is the only remaining API we test that still leaks data across websites.

In addition, Brave Nightly is now passing screen fingerprinting.

Issue 34: 2022-10-11

New browser versions

On Desktop:

• Chrome 106.0
• Edge 106.0
• Librewolf 105.0
• Opera 91.0
• Ungoogled 106.0
• Vivaldi 5.5

On iOS:

• Firefox 105.1
• Safari 15.7

On Android:

• Duckduckgo 5.138
• Firefox 105.2
• Focus 105.2

Response to Vivaldi

Last week's response to Vivaldi's claims is here.

Issue 33: 2022-09-20

New browser versions

On Desktop:

• Firefox 104.0
• Librewolf 104.0
• Safari 16.0

On iOS:

• Chrome 105.5195
• Firefox 104.2

On Android:

• Bromite 105.0
• Chrome 105.0
• Duckduckgo 5.136
• Edge 105.0
• Firefox 104.2
• Focus 104.2
• Opera 71.3
• Tor 99.0
• Yandex 22.9

Issue 32: 2022-09-06

New browser versions

On Desktop:

• Chrome 105.0
• Edge 105.0
• Librewolf 104.0-1
• Ungoogled 105.0

On iOS:

• Brave 1.42
• DuckDuckGo 7.70
• Edge 104.1293
• Firefox 104.1
• Focus 104.0
• Yandex 2209.1

On Android:

• Brave 1.43
• Bromite 104.0
• Duckduckgo 5.135
• Firefox 104.1
• Focus 104.1
• Mull 104.1
• Opera 71.2

Issue 31: 2022-08-23

New browser versions

On Desktop:

• Brave 1.42
• Opera 90.0
• Safari 15.6
• Vivaldi 5.4

On iOS:

• Chrome 104.5112
• Duckduckgo 7.69
• Firefox 103.1
• Safari 15.6
• Yandex 2207.8

On Android:

• Brave 1.42
• Bromite 102.0
• Chrome 104.0
• Duckduckgo 5.133
• Edge 104.0
• Mull 101.1
• Samsung 18.0
• Vivaldi 5.4

Issue 30: 2022-08-08

Today, for the first time, Brave is now passing all State Partitioning tests. Congratulations to the team at Brave who worked on this!

New browser versions

On Desktop:

• Brave 1.41
• Chrome 104.0
• Edge 104.0
• Firefox 103.0
• Librewolf 103.0
• Ungoogled 104.0

On iOS:

• Brave 1.41
• Firefox 102.2
• Focus 103.0
• Yandex 2207.4

On Android:

• Duckduckgo 5.131
• Firefox 103.2
• Focus 103.2

Issue 29: 2022-07-26

New browser versions

On Desktop:

• Firefox 102.0
• Librewolf 102.0
• Tor 11.5

On iOS:

• Brave 1.41
• Duckduckgo 5.130
• Tor 99.0

On Android:

• Edge 103.1264
• Yandex 2207.2

Issue 28: 2022-07-11

New browser versions

On Desktop:

• Librewolf 102.0-2
• Opera 89.0

On iOS:

• Brave 1.40
• Firefox 102.0
• Opera 3.3
• Yandex 2207.1

On Android:

• Bromite 102.0
• Chrome 103.0
• Firefox 102.2
• Focus 102.2
• Mull 101.1
• Opera 70.3

Issue 27: 2022-06-30

Firefox improvement

For the first time, fresh profiles of Firefox are now passing (nearly) all State Partitioning tests, thanks to the worldwide rollout of Total Cookie Protection. Congratulations to the Firefox team! I am informed that existing profiles will also receive Total Cookie Protection in the next few months.

New browser versions

On Desktop:

• Brave 1.40
• Chrome 103.0
• Edge 103.0
• Opera 88.0
• Ungoogled 103.0

On iOS:

• Brave 1.40
• Duckduckgo 5.129
• Edge 103.0
• Firefox 102.1
• Yandex 22.7

On Android:

• Chrome 103.5060
• Duckduckgo 7.68
• Firefox 101.1
• Yandex 2207.0

Issue 26: 2022-06-16

New browser versions

On Desktop:

• Firefox 101.0
• Librewolf 101.0

On iOS:

• Brave 1.39
• Edge 102.1245
• Firefox 101.0
• Yandex 2205.6

On Android:

• DuckDuckGo 5.128
• Firefox 101.2
• Focus 101.2
• Mull 98.2

Issue 25: 2022-06-05

New browser versions

On Desktop:

• Edge 102.0
• Librewolf 101.0-2
• Opera 87.0
• Safari 15.5
• Ungoogled 102.0
• Vivaldi 5.3

On iOS:

• Chrome 102.5005
• Safari 15.5
• Yandex 2205.4

On Android:

• Brave 1.39
• Bromite 101.0
• Chrome 102.0
• DuckDuckGo 5.127
• Edge 102.0
• Firefox 101.1
• Focus 101.1
• Opera 69.3
• Vivaldi 5.3

Issue 24: 2022-05-25

A faulty test fixed

It was brought to my attention that the "Tracker content blocking" test for Chartbeat was incorrectly reporting a "fail" for the DuckDuckGo Android browser. DuckDuckGo browser blocks third-party Chartbeat tracking scripts, but then provides the host page with a surrogate script to prevent breakage of the page's functionality. The original design of my test did not take into account this kind of surrogate, and so was incorrectly concluding that the original tracking script had been loaded into the page. I have now enhanced the test so it detects the presence of this surrogate and reports a "pass" for DuckDuckGo. Thanks to Peter Dolanjski for informing me of this problem.

New browser versions

On Desktop:

• Brave 1.39
• Chrome 102.0

On iOS:

• Brave 1.38
• Edge 101.1210
• Focus 100
• Yandex 2205.3

On Android:

• DuckDuckGo 5.125
• Firefox 100.3
• Focus 100.3
• Opera 69.2

Issue 23: 2022-05-16

New Desktop browser versions are:

• Firefox 100.0
• LibreWolf 100.0
• Opera 86.0

New iOS browser versions are:

• Firefox 100.1
• Focus 99.0

New Android browser versions are:

• DuckDuckGo 5.124
• Firefox 100.1
• Focus 100.1
• Opera 69.1
• Samsung 17.0

Issue 22: 2022-05-03

New test

This issue includes a new test for whether the Cookie Store API can be used to track users across sites in each browser. Thanks to Steven Englehardt for creating this test!

Updated browsers

New Desktop browser versions are:

• Brave 1.38
• Chrome 101.0
• Edge 101.0
• Ungoogled Chromium 101.0

New iOS browser versions are:

• Chrome 101.4951
• DuckDuckGo 7.67
• Edge 100.1185
• Firefox 99.3
• Yandex 2203.7

New Android browser versions are:

• Brave 1.38
• Chrome 101.0
• DuckDuckGo 5.123
• Edge 101.0

Issue 21: 2022-04-22

New Desktop browser versions are:

• Firefox 99.0
• Librewolf 99.0

New iOS browser versions are:

• Brave 1.37
• Chrome 100.4896
• Edge 2203.6
• Yandex 2203.6

New Android browser versions are:

• DuckDuckGo 5.121
• Firefox 99.2
• Focus 99.2
• Opera 68.3

Issue 20: 2022-04-07

New browser

In this issue I have added Mull to the set of Android browsers.

System font fingerprinting in Brave

Brave 1.39 (currently Nightly) has introduced a new protection against system font fingerprinting. It works by randomizing the user-installed fonts that are exposed to a web page. I am investigating how to test this new protection, so no "pass" or "fail" decision has yet been made.

New browser versions

New Desktop browser versions are:

• Brave 1.37
• Chrome 100.0
• Edge 100.0
• LibreWolf 98.0
• Opera 85.0
• Ungoogled 100.0
• Vivaldi 5.2

New iOS browser versions are:

• DuckDuckGo 7.66
• Firefox 98.2
• Focus 98.1
• Safari 15.4

New Android browser versions are:

• Brave 1.37
• Bromite 100.0
• Chrome 1.00.0
• DuckDuckGo 5.119
• Edge 100.0
• Firefox 99.1
• Focus 98.3
• Opera 68.2
• Vivaldi 5.2

Issue 19: 2022-03-22

Correction

The Brave team reported a bug that resulted in incorrect results for the Alt-Svc test on the Brave browser. Apologies for the bug; I have corrected the issue. Thanks to Aleksey Khoroshilov and Pete Snyder for alerting me to the issue.

New browser

In this issue, we have added Firefox Focus to the set of Android browsers.

New browser versions

New iOS browser versions are:

• Brave 1.36
• Chrome 99.4844
• Firefox 98.1
• Focus 98.0
• Yandex 2203.2

New android browser versions are:

• Brave 1.36
• Bromite 99.0
• DuckDuckGo 5.116
• Firefox 98.2
• Yandex 22.3

Issue 18: 2022-03-11

New browser versions

New desktop browser versions are:

• Chrome 99.0
• Edge 99.0
• Firefox 98.0
• Ungoogled 99.0

New Android browser versions:

• Chrome 99.0
• DuckDuckGo 5.115
• Edge 99.0
• Firefox 98.1
• Samsung 16.2

New iOS browser version:

• Edge: 99.1150

Issue 17: 2022-03-04

New "tracking cookie protection" category of tests

Today I am publishing a set of new "tracking cookie protection" tests for desktop browsers. In these tests, we check whether the browser allows cookies from 19 of the top tracking domains to be shared across websites. The test works as follows:

1. A web page from test site A is loaded with third-party tracking subresources, one from each tracking domain. A mitm proxy is used to inject a "Set-Cookie" header for each tracker.
2. A second web page from test site B is loaded, with the same set of tracking subresources. The MITM proxy is again used to test whether it can read back the same cookies that were set for those tracking domains in step 1.

New browser versions

Desktop versions:

• Brave 1.36
• Opera 84.0

New Android browser versions:

• Brave 1.35
• Bromite 98.0
• Chrome 98.0
• DuckDuckGo 5.113
• Edge 98.0
• Firefox 97.2
• Opera 67.1
• Tor 11.0
• Vivaldi 5.1

New iOS browser versions:

• Brave 1.35
• Edge 98.1108
• Safari 15.3
• Yandex 2201.6

Issue 16: 2022-02-16

New cookie test

I have expanded general cookie testing to examine both cross-site tracking via HTTP cookies and cross-site tracking via JavaScript cookies (aka document.cookie).

New versions

New desktop browser versions are:

• Edge 98.0
• Firefox 97.0
• Librewolf 97.0-2
• Ungoogled Chromium 98.0
• Vivaldi 5.1

New Android browser version:

• DuckDuckGo 5.112

New iOS browser versions:

• Chrome 98.4758
• Firefox 97.0
• Focus 97.0

Issue 15: 2022-02-03

After a brief pause to investigate an inconsistency in test results, we are back with Issue 15:

New desktop browser versions are:

• Brave 1.35
• Chrome 98.0

On Android, one browser updated:

• Firefox 96.2

On iOS, updates are:

• Brave 1.34
• Chrome 97.4692
• Firefox 96.0
• Yandex 2201.3

Investigation of inconsistency in four cache partitioning tests

Over the past week, I investigated puzzling behavior in four partitioning tests: CSS cache, font cache, image cache, and prefetch cache. Chromium-based browsers were passing these privacy tests, but, surprisingly, running the same tests manually or via a different testing framework resulted in failures. I wanted to understand why I was getting these inconsistent results, to make sure the published results are correct going forward.

Whether these tests passed or failed (i.e, isolation or sharing of data between websites) turned out to depend on how two pages from different websites were loaded. If the two pages are loaded completely independently, we see isolation, but if one page is loaded in a child tab of the other page, or if one page navigates to a second page, we see that the two pages can share cache data. That indicates that Chromium browsers are weakly isolating these caches, but not isolating them under all circumstances.

I decided to take the more stringent testing approach, on the principle that browsers should always isolate websites' data from one another except under user consent. So in this issue, the testing framework has been updated such that we see these tests newly failing for several Chromium-based browsers.

Thanks to Steven Englehardt for alerting me to this problem and providng helpful guidance.

Issue 14: 2022-01-21

This week, Opera Desktop has updated to version 83.0.

On Android, new browser versions are:

• DuckDuckGo 5.109
• Fireofx 96.2
• Yandex 22.1

Issue 13: 2022-01-14

This week, new desktop browser versions include:

• Firefox 96.0
• LibreWolf 96.0
• Safari 15.2
• Ungoogled Chromium 87.0

On iOS, new browser versions are:

• Edge 97.1072
• Yandex 2201.0

And on Android, we have:

• Brave 1.34
• DuckDuckGo 5.107
• Edge 97.0
• Opera 66.2
• Samsung 16.0

Issue 12: 2022-01-07

This week, new desktop browser versions include:

• Brave 1.34
• Chrome 97.0
• Edge 97.0

Issue 11: 2021-12-31

New browsers

This week we have added the privacy-oriented Bromite browser to our Android tests, and Ungoogled Chromium to our desktop tests.

Issue 10.1: 2021-12-26

Issue 10.1 fixes a problem in Issue 10 where Alt-Svc and H3 connection tests weren't operating properly.

Issue 10: 2021-12-24

(Desktop, Private modes, Android, iOS, Nightly, Nightly private modes)

Introducing LibreWolf tests

In Issue 10, we have added LibreWolf to the set of tested browsers. LibreWolf is a Firefox-based browser with some unique default privacy features not found in other browsers.

Updated layout

We have separated out Private Modes (aka Private Browsing, Incognito etc.) into their own tables for Desktop and Nightly browsers.

New browser versions

Since last week, some browser versions have updated:

• Android: Brave 1.33, DuckDuckGo 5.106, Firefox 95.2, Opera 66.2.
• iOS: DuckDuckGo 7.65, Firefox 40.1, Safari 15.2, and Yandex 2111.7.

Desktop versions haven't updated this week.

Added test

I have separated the Global Privacy Control test into "GPC enabled first-party" and "GPC enabled third-party."

Issue 9: 2021-12-16

(Desktop, Nightly, Android, iOS)

Introducing mobile web browser testing

This issue adds two additional platforms for browser testing: Android and iOS. The new browsers are:

• Android: Brave, Chrome, DuckDuckGo, Microsoft Edge, Firefox, Opera, Samsung, Tor, Vivaldi, Yandex
• iOS: Brave, Chrome, DuckDuckGo, Edge, Firefox, Firefox Focus, Opera, Safari, Yandex

A new suite of tests for tracker content blocking

Some web browsers maintain a blocklist of tracking domains. Third-party content (such as tracking pixels and tracking scripts) from these domains are blocked by the browser so that they are not loaded into the page. To see which browsers carry out this form of blocking, and what domains they block, Issue 9 introduces tracker content blocking tests. For 20 of the most common tracking domains reported by whotracks.me, the tests attempt to load a tracking script or image. A browser passes the test if it blocks the script or image from being loaded.

In this first run: Brave, DuckDuckGo, Firefox Private Mode and Firefox Focus were found to do substantial tracking content blocking.

Known issue

Again we have skipped testing of Firefox Nightly because of the browser crash.

Issue 8 (Desktop, Nightly: 2021-12-09)

New browser versions

Since Issue 7, Firefox has updated to version 95.0.

Known issue

Because of a crash in Firefox Nightly, it is not included in this week's Nightly browser testing.

Issue 7 (2021-12-02)

New browser versions

Since Issue 6, Opera has updated to 82.0 and Vivaldi to 5.0.

Known issue

Because of a crash in Firefox Nightly, it is not included in this week's testing.

Issue 6 (2021-11-24)

New browser version

Since Issue 5, Edge has updated to version 96.0

A privacy improvement in Brave

Brave has introduced an important new partitioning behavior. HTTP1, HTTP2, and HTTP3 connections are now partitioned by first party. That means your web connections can no longer be used to correlate your visits between different websites.

Thanks and congratulations to the Brave team for this fix!

Issue 5 (2021-11-17)

New browser versions

Since Issue 4, three browsers have updates:

• Brave 1.32
• Opera 81.0
• Tor Browser 11.0

Issue 4 (2021-11-09)

Testing of nightly builds added

I have now added testing of the Nightly build channel (or the nearest equivalent) for all monitored desktop browers. These include:

• Brave Nightly
• Chrome Canary
• Edge Canary
• Firefox Nightly
• Opera Developer
• Safari Technology Preview
• Tor Browser Nightly
• Vivaldi Snapshot

These tests give a preview of future privacy developments in these browsers. And I hope it offers faster feedback for browser development teams as they land patches for new privacy protections.

New browser versions

Since Issue 3, Firefox has updated to v. 94.0.

Issue 3 (2021-11-02)

New browser versions

Since Issue 2, new browser releases include Chrome 95.0, Edge 95.0, and Safari 15.1.

New tests, new results

Three new tests have been added. These are:

1. Alt-Svc. When you visit a website for the first time, an Alt-Svc header may be sent to your browser to indicate that the same website can be fetched in another location or using another protocol. For subsequent, visits, the browser may use that alternate location or protocol instead of the one it originally used on the first connection. A common use of Alt-Svc is for the website suggest to the browser to upgrade the connection from HTTP/2 to HTTP/3. Unfortunately this protocol can leak information about which websites you have visited in the past and even be abused to track you across sites.

2. Stream isolation. In Tor Browser, every website gets its own circuit such that all first-party requests and third-party embedded requests for that website are on a separate stream from those of any other website. This helps to reduce the ability of adversaries to correlate a browser's connection to two different websites.

3. System Font fingerprinting. If you install a new font on your computer, most browsers will helpfully use that font if it is ever requested by a website you visit. Unfortunately, that reveals to the website that you have installed the font. That information leak turns out to be quite an important source of fingerprinting entropy, making it easier to track you on the web Today's results show that Safari and Tor Browser protect against this type of fingerprinting.

Issue 2 (2021-10-25)

Correction

The first issue of PrivacyTests.org had an important error in the results, incorrectly indicating that Safari does not stop tracking via third-party cookies. Safari cookie protections were assigned an when it should have been a . This incorrect results seems to have happened because the Selenium Webdriver library I had been using to launch and control the various web browsers likely disables Safari's Intelligent Tracking Protection feature. This new issue of PrivacyTests.org results shows the correct for cookie protections in Safari.

My apologies for the error. Thanks to John Wilander and Steven Englehardt for bringing this issue to my attention.

Code updates

Major updates have been made to the testing code. Because of the error mentioned above, I decided to discontinue the use of Selenium Webdriver altogether in the PrivacyTests.org. Instead, the code has now been extensively rewritten to launch each web browser by executing a shell command, and to direct the web browsers to testing pages via shell commands as well. This new approach has the advantage of more closely mimicking a web browser in its "natural" state. The new code also makes it possible to launch Safari in both standard windows and Private Windows.

Follwing this rewrite, the PrivacyTests.org testing code now runs on macOS only. I plan to extend the new code to be compatible with Linux and Windows in the future.

New results

Due to popular request, I have added Vivaldi (currently version 4.3) to the roster of tested browsers. In addition, since Issue 1, some browsers have been updated to the latest release versions, including Brave 1.31, Edge 95.0, and Safari 15.0.

Thank you

Thanks to everyone who gave feedback following the launch. Everyone's comments and suggestions for future improvements are much appreciated!

Issue 1 (2021-10-13)

PrivacyTests.org went live for the first time, presenting desktop browser privacy test results for Brave 1.30, Chrome 94.0, Edge 94.0, Firefox 93.0, Opera 80.0, Safari 14.1, and Tor 10.5.