Table of Contents
This project is a part of the paper "Defending Novice User Privacy: An Evaluation of Default Web Browser Configurations" published in Computers & Security journal. The paper can be found here.
Cyber novices often enter sensitive data into web browsers for routine activities such as online shopping and bill payments, making them targets for malicious entities, including cybercriminals and oppressive governments. The proliferation of online advertising technologies further exacerbates privacy concerns by exploiting user data for marketing or surveillance, frequently without explicit consent. It is crucial to regularly ensure the latest features of default configurations, which are most relevant for novice users, adequately address growing privacy demands given the centrality of web browsers to internet usage. Our work scrutinizes the privacy claims of desktop browsers and their default configurations.
Due to the frequent updates of browsers and operating systems, we provide this repository for future researchers to utilize our analysis script and evaluate and report discrepancies in future versions.
To evaluate the privacy of each browser, we leveraged in-browser tests from three different toolsets: PrivacyTests.org, BrowserLeaks, and Privacy Test Pages.
To conduct the experiment and ensure adequate experiment coverage, we recommend using different operating systems (we used an x86 CPU running Windows, version 11, and an Apple silicon M2 chip running MacOS, version Sonoma 14.1), since browsers use local storage differently based on their platform.
Download the repository from https://github.com/privacytests/privacytests.org. PrivacyTests.org, available on GitHub or static results visible on their site was created and open-sourced by Dr. Arthur Edelstein. Run the program as explained on the README page in the repo. Consider the tests provided in the Browser Metrics file.
The BrowserLeaks toolkit can be found at https://browserleaks.com/. It offers a wide range of privacy and privacy tests designed to determine if websites engage in one of a variety of problematic practices, such as storing information about user devices, leaking real IP addresses, or performing browser fingerprinting on users. Run the tests provided in the Browser Metrics file.
Privacy Test Pages can be found at https://github.com/duckduckgo/privacy-test-pages. Tests can also be found live at https://privacy-test-pages.site/. This repository created by DuckDuckGo (Slayter), is an open-source toolkit available on GitHub for testing privacy and privacy features of browsers and browser extensions. Consider the tests provided in the Browser Metrics file.
We analyzed four Potentially Intrusive Practices (Behavioral Profiling, Fingerprinting, Targeted Advertising, and Reporting and Analytics) previously suggested in the work of Smullen et al. (2021).
The script evaluates 14 browsers, it calculates metric scores of potentially intrusive particles and the composite score of privacy analysis. A higher score indicates more privacy in the default browser configuration.
Distributed under the Apache License. See LICENSE.txt for more information.
Kristina Radivojevic - [email protected]
Project Link: https://github.com/crcresearch/BrowserNovice