Calls on first install of a browser

Post here if your message doesn't fit into another forum but is still about web development. Includes site critiques, web hosting and server questions, helpful software and resources, and more.
Post Reply
User avatar
MikeGale
Rank VI - Professional
Rank VI - Professional
Posts: 709
Joined: Mon Dec 13, 2004 1:50 pm
Location: Tannhauser Gate

Calls on first install of a browser

Post by MikeGale » Thu Aug 29, 2019 1:40 am

This is pretty specialised at the moment, but could conceivably become mainstream.

When a browser is first installed it typically goes out and makes a lot of calls, some to pretty odd places. If the general populace caught wind of what is going on it might change their browser habits.

Some of those calls, it turns out, are pretty surprising. Browsers that claim to be secure making obvious calls to surveillance / advertising sites. That presumably automatically infects machines with personally identifiable GUID's before the user even starts using it, may even be de-anonymised in advance.

I'm interested to see that a developer in the Brave browser team, is documenting this behaviour using the Fiddler debugging proxy.

He is getting some traction (on Twitter) with his work.

If anybody is interested, his ID on Twitter is @jonathansampson .

(I've caught browsers making automatic calls, that their support teams can't explain. Puts a new complexion on prosecuting people for using website X!)

Some of the write ups as Tweets:
  1. Safari https://twitter.com/jonathansampson/sta ... 0794388481
  2. Opera https://twitter.com/jonathansampson/sta ... 3308129281
  3. Vivaldi https://twitter.com/jonathansampson/sta ... 5922059266
  4. Brave https://twitter.com/jonathansampson/sta ... 1999518720
  5. Edge (Chromium version Beta) https://twitter.com/jonathansampson/sta ... 2509065218
  6. Chrome https://twitter.com/jonathansampson/sta ... 6441779200
  7. Firefox https://twitter.com/jonathansampson/sta ... 6176660480
The beta Edge version shows that MSFT does not have the equivalent of Mr Sampson on their team. They currently are reported to call Google APIs, Google, Double Click, Google Ad Services, Facebook, Twitter Ads among others. Presumably from a page that is automatically invoked. Not a smart move.

Post Reply