Skip to main content

Is Your Secure Browser Spying on You? (Which Online Security Tool and Secure Browser are Spying on You?)

As people start thinking more about online security, they realize that Google Chrome is not the only browser in town.

Chrome is still (and will likely be for a very long time) the dominant web browser, with 81% of Internet users using it as of December 2021, according to W3Schools. However, in recent years, secure browsers are getting more noticed as users are less keen on the company collecting their browsing data and seeing their entire web browsing history.

And while their numbers are nowhere near what Google Chrome has, Brave browser, for example, announced recently that they passed 50 million active users and 15.5 million active daily users.
But here’s the question: are private browsers really as private and secure as they claim to be or are they in fact spying on you?

Unfortunately, nothing in the world is perfect and the truth about secure browsers might not be to your liking.

(Also, read here why private browsing mode is not really private and what “incognito mode” really means).

Avast Online Security and Avast Secure Browser are Spying on You
Avast is a family of freeware and proprietary Internet security programs and solutions for Microsoft Windows, macOS, Android and iOS that is used by over 400 million people.

Its secure browser is probably one of the last places you’d think that you would get spied on, but, this was discovered to be the case in 2019.

According to this article, the culprit here was Avast Online Security, which is installed in the Avast Secure Browser by default (meaning users don’t get to choose for themselves whether they want it or not).

To make matters worse, the AOS is hidden from the list of browser extensions so it’s impossible to uninstall it without going through some hoops.

But okay, why is this such a big deal? After all, shouldn’t AOS help make your browsing more secure?

This may be the case, but it also doesn’t make it more private.

According to the article, if you use the browser’s dev tools to look at its network traffic, the AOS extension sends a request to https://uib/ff/avast/com/v5/urlinfo every time the browser loads a new page in a tab.

Basically, what this does is that AOS sends binary data to that address and gets returning info if the page you want to visit is malicious or not.

So far nothing out of the ordinary, until you dig a little deeper and look at what data is being sent about you.

Here are the data fields and their contents that the author could find after stopping the AOS browser extension in the debugger:
This means that Avast can reconstruct your online browsing behavior, including what websites you visit, how many tabs you have opened, when you switch between tabs, how much time you spend on a page, what you click on, etc.

Now, if you’re wondering, not all of this data is actually needed for the extension to work, at least not to this extent. Other browser extensions don’t seem to need it. For example, Google Safe Browsing will locally download lists to find malicious websites instead of asking the server each time you visit a website.

The bottom line is that, even if we consider the storage requirement for this to be too high to store locally, this amount of data collection is still not necessary and AOS can simply send the hostname and the full address if there is a potential match.

What About Other Secure Web Browsers?

So what of other secure browsers, like Brave, Tor browser, or Epic Privacy Browser?

Are they any better for your privacy and online security?

While they are much better at blocking tracking ads and third-party cookies, even the most secure browsers can be guilty of spying on you.

Brave Browser
For instance, Brave had something of a scandal in 2020 when it was discovered that it was redirecting users to its referral links when they were navigating Coinbase and similar crypto-exchange platforms.

What happened was that users would attempt to access an exchange platform like Binance.us and Brave would redirect them to its referral link.

Naturally, this caused an outcry in the community, so Brendan Eich, CEO of Brave apologized and responded:

    We made a mistake, we’re correcting. Brave default autocompletes verbatim ‘http://binance.us’ in address bar to add affiliate code. We are a Binance affiliate, we refer users via the opt-in trading widget on the new tab badge, but autocomplete should not add any code.

It should be noted, however, that Brave quickly changed course and is no longer doing this, so that’s a big plus for them.

But let’s say this only affect you if you want to exchange cryptocurrencies. Is Brave otherwise a private browser?

According to the analysis by Neocities, not quite.

Here are their findings (it’s a short read, so we also recommend reading the whole article):

    Brave uses Google as the default search engine, though you can change that to a more private search provider like DuckDuckGo for instance (keep in mind that DDG gets its results from all over the place, including Google web services among others)
    It has built-in telemetry and stores collected data for several days. For those unfamiliar with the term, “telemetry”, means collecting data about your browsing.
    There’s an opt-out RSS news feed that sends requests to Brave’s web servers
    Brave also uses a feature called “SafeBrowsing” to protect visitors from potentially malicious websites and browser extensions. This is also powered by Google

Most of these features can be turned off, but for something that claims to be a privacy-focused browser, it is a bit worrying to see that it relies on Google to power so many of them.

That said, Brave offers built-in ad blocking and browser fingerprinting features (including randomized fingerprint Firefox also has) so it’s still a good option for privacy-oriented users.

Epic Privacy Browser
Of course, Brave isn’t the only option if you’re looking for private browsing and ad blocking.

Another relatively popular private browser is Epic Privacy Browser. This Chromium-based browser was created in 2014 by a company called “Hidden Reflex” from India and claims to prevent web tracking and block tracking ads.

One thing that a user on Medium found, however, is that Epic connects to Google on startup, which doesn’t paint it in the best light as a private browser. However, it does clear DNS cache on exit.

Another issue with Epic is that the company claims for it to be open-source, when in fact it’s closed-source. This is something that they’ve been claiming since 2014:

    Sorry again, there are a few issues preventing us from releasing all the source, but it’s certainly all visible/auditable. We hope to resolve those issues and release the code soon. Thanks for your support.

The Epic FAQ also states something similar to the question is Epic open source?

    All of Epic’s code is visible and auditable by anyone. We are committed to complete transparency (as you know from reading this page) about how Epic works and doesn’t work. We love open-source and Epic is built on open-source Chromium. If you would like to audit any files, please let us know.

So, Epic lets you audit any code if you request it, but that’s not the same as open-source. They still don’t have their code released in full.

The third problem with Epic privacy is their claim to offer a free VPN service, with servers in 8 countries that can stop Google tracking.

Again, the company is stretching the truth here (gotta love marketing) and what this instead does is have the browser route your traffic through a US-based proxy.

Finally, Epic also doesn’t use a private search engine like DuckDuckGo, but instead Google, with the explanation that they are “unable to believe they offer any meaningful privacy benefit versus using Bing, Google or Yahoo directly”.

Tor Browser
Now, I know what you’re thinking.

“Just use the Tor browser.”

Well, while definitely a good option for private browsing, even Tor browser isn’t 100% anonymous and secure as we covered in a previous article.

You can read the whole article and find out for yourself is Tor browser safe and completely anonymous to use, but here are the cliff notes if you’re in a hurry:

1. It can leak your IP address
2. The connection between the exit node and the destination server on HTTP websites is unencrypted. This, however, isn’t the case on a secure HTTPS encrypted connection
3. Some nodes are malicious and not everyone runs nodes with good intentions
4. Tor is funded by the US government and developers are often working with government agencies

Again, we recommend reading the whole article to get the entire picture about Tor the browser.

Will No Browser Protect You Out There?

Now, we realize that we didn’t exactly paint different web browsers in the best of light and in some instances we might be nitpicking.

However, the whole point is that there are is no truly 100% private and secure browser that can protect you from web tracking or keep your browsing history hidden. Almost every browser out there is tracking users with invisible trackers one way or another and collecting their data, regardless of what those browsers claim.

That said, do we recommend using private browsers or is the partial protection google chrome offers with private browsing mode enough?

Yes. In fact, here are the most secure browsers that we recommend to protect your privacy and online security.

If you want privacy, remember that Google Chrome is not the only browser out there. If you’re looking for privacy, consider changing your default browser to something like Brave or Epic Privacy Browser

All the browsers we mentioned here offer much better privacy than the Chrome browser and will do a lot better job of protecting you from browser fingerprinting and blocking tracking ads.

Conclusion

Of course, this all depends on the level of privacy that you want in your web browsing. If you don’t mind web tracking all that much and believe that data collection is a good tradeoff for what you get from your browser, by all means, use Google Chrome.

However, if you want privacy and browser security, don’t want invisible trackers or web tracking, then use secure browsers. It’s also a good idea to use a private search engine with it and a password manager to protect your passwords, plus a good VPN to encrypt your connection better.

Comments

Popular posts from this blog

How to hack wifi in Windows 7/8/8.1/10 without any software | using with cmd

How to Hack Wifi password using cmd Hello Friends, In this article we will share some tricks that can help you to hack wifi password using cmd. Youcan experiment these trick with your neighbors or friends. It’s not necessarily that this trick will work with every wifi because of upgraded hardware. But you can still try this crack with wifi having old modems or routers. 1: WEP: Wired Equivalent Privacy (WEP) is one of the widely used security key in wifi devices. It is also the oldest and most popular key and was added in 1999. WEP uses 128 bit and 256-bit encryption. With the help of this tutorial, you can easily get into 128-bit encryption and Hack WiFi password using CMD. 2: WAP and WAP2: Wi-Fi Protected Access is an another version of WiFi encryption and was first used in 2003. It uses the 256-bit encryption model and is tough to hack. WAP2 is an updated version of WAP and was introduced in 2006. Since then it has replaced WAP and is now been used mostly in offices and colle...

A Beginner’s Guide to Getting Started with Bitcoin

A man looks for Bitcoin Oasis If you have heard about blockchain or cryptocurrency, then the term that initially comes to mind is Bitcoin . Launched 12 years ago, it was the late 2017 bull run that created a media frenzy that propelled Bitcoin into the mainstream and our modern day lexicon. Often labeled as the “original” cryptocurrency, Bitcoin has been the catalyst (directly and/or indirectly) behind many new innovations in the blockchain and digital asset space, most notably Ethereum and Monero . Shortly after the late 2017 bull run lost its steam, interest in these new technologies started to fade ― but here we are in 2021 with Bitcoin having risen like a phoenix from the ashes. As you would assume, an appetite for the blockchain and digital asset space has returned and now it is more important than ever that we understand what exactly is behind this unique asset, Bitcoin. This article is meant to be a guide for individuals who are new to cryptocurren...

Copilot - Microsoft is gearing up to introduce its AI companion

 Microsoft is gearing up to introduce its AI companion, Copilot, this upcoming fall season. The highly-anticipated rollout is scheduled for September 26, with Copilot poised to seamlessly integrate with various Microsoft services, including Windows 11 and Microsoft 365. Additionally, enterprise customers can look forward to the availability of a new AI assistant, Microsoft 365 Chat, starting in November. Copilot, described by Yusuf Mehdi, Corporate Vice President and Consumer Chief Marketing Officer at Microsoft, as an "everyday AI companion," aims to make your daily workflow smoother and more efficient. Its primary goal is to embed an AI-powered "copilot" within Microsoft's most popular products, ensuring widespread accessibility. What distinguishes Copilot from other AI assistants is its focus on integration. Rather than operating in isolation within specific applications, Copilot promises a seamless user experience across multiple Microsoft products. This com...