The paper is here: https://www.scss.tcd.ie/Doug.Leith/pubs/browser_privacy.pdf. Should we change the URL to it above?
The comments are pretty tied to the claims of the current article at this point.
I would say no, more information here:
I don't use BAT, but I use Brave. I like that Brave is the best for respecting your privacy: https://www.scss.tcd.ie/Doug.Leith/pubs/browser_privacy.pdf
Here is an analysis how well various browsers respect privacy:
If your main concern is privacy, Firefox is not the best browser for most people right now:
> Technologists like us and archive.org should be boycotting it. Cryptocurrency nonsense, swapping ads with their own, soliciting donations for creators without their permission... Brave is a known bad actor in the browser market.
I disagree. Existing browsers are "good actors" in an online wasteland devoid of privacy , and Brave is a "bad actor" in this context because they're trying to disrupt this awful status quo. Per Krishnamurti, "It is no measure of health to be well adjusted to a profoundly sick society." So it is with the browser landscape.
No doubt they will make some missteps, that's typical of any novel approach to finding a balance of privacy vs. viability of free content. The ad model is perfectly sensible in this context.
Which browser is best for respecting user privacy?
We study six browsers: Google Chrome, Mozilla Firefox, Apple Safari, Brave Browser, Microsoft Edge and Yandex Browser.
For Brave with its default settings we did not find any use of identifiers allowing tracking of IP address over time, and no sharing of the details of web pages visited with backend servers.
Chrome, Firefox and Safari all share details of web pages visited with backend servers. For all three this happens via the search autocomplete feature, which sends web addresses to backend servers in realtime as they are typed. In addition, Firefox includes identifiers in its telemetry transmissions that can potentially be used to link these over time. Telemetry can be disabled, but again is silently enabled by default. Firefox also maintains an open websocket for push notifications that is linked to a unique identifier and so potentially can also be used for tracking and which cannot be easily disabled.
Safari defaults to a poor choice of start page that leaks information to multiple third parties and allows them to set cookies without any user consent. Safari otherwise made no extraneous network connections and transmitted no persistent identifiers, but allied iCloud processes did make connections containing identifiers.
From a privacy perspective Microsoft Edge and Yandex are qualitatively different from the other browsers studied. Both send persistent identifiers than can be used to link requests (and associated IP address/location) to back end servers. Edge also sends the hardware UUID of the device to Microsoft and Yandex similarly transmits a hashed hardware identifier to back end servers. As far as we can tell this behaviour cannot be disabled by users. In addition to the search autocomplete functionality that shares details of web pages visited, both transmit web page information to servers that appear unrelated to search autocomplete.
(Paragraph breaks added for readability)