Profile picture
, 13 tweets, 5 min read
Curious what happens when you fire up a web browser for the first time? Me too. I often do this for @brave to make sure things are staying neat and tidy.

Today I would like to do it for a few other web browsers. First, let's take a look at Opera.
Launching Opera (and leaving it in its default state for a few minutes) resulted in the following calls being made.

Calls to opera and operacdn made sense. But 19 calls to yandex.ru was a surprise. Note also Amazon, FB, Walmart, Kayak, Ebay, Ali Express, and more.
Some of these are fairly heavy calls too; here's a subset ordered by their response size (descending). Overstock sets a dozen cookies. Amazon, Kayak, Ali Express, and more set me up with novel session IDs as well. Google is there too. Ready to monitor my movement across the Web.
On a fun note, booking.com apparently knew that we'd inspect their headers 😉
Back to Yandex though. Opera not only pings them, but informs them that I am setting up a new profile with Opera (via the referer header and query string). This header also goes to Facebook, Google, and hotjar. All of these now know that I am a fresh Opera user.
A closer look reveals that Opera is sending extra bits too, including my native resolution, browser window size, and a lot more. Unfortunately, it isn't clear what the other bits are representing. One parameter is called "gdpr" with a value of 14. I wonder what that one is.
Another call is made to android.clients.google.com, and includes a unique user ID, as well as a distinct device and sender ID. Why is Opera sending this information to Google?
Just as a reminder, this is a fresh profile. No previous activity. And no activity taken beyond opening the browser up for the first time.
Ah, I forgot to mention the call to walmart.com over HTTP, which responds with a 301 redirect. AFAIK, that's an opportunity for trouble.
Compared to Opera, Vivaldi is very lightweight. Firing up a fresh profile in Vivaldi resulted in only 31 or so calls (most of which are to vivaldi.com).

This looks pretty standard. It downloads the SafeBrowsing database, some 835K extension, and a domain blacklist.
Unlike Opera, Vivaldi doesn't inform others that I am a fresh user (via the Referer header).
The extension they download appears to be for Chrome Cast. This, too, is expected for compat reasons. I'd say Vivaldi gets a clean bill of health based on this cursory glance. Nice job, @vivaldibrowser!
Note, again, that I am only reviewing the first-run experience. Not making any claims about how privacy/secure things are beyond that.
Missing some Tweet in this thread? You can try to force a refresh.

Enjoying this thread?

Keep Current with Sampson

Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

More from @jonathansampson see all

Profile picture
Sampson
@jonathansampson
Curious what happens when Safari launches with a new profile? Me too, so I fired up a proxy, and watched.

Here is what I found…
To kick this thread off, lets take a close look at that initial loading screen. For setup, I temporarily set aside the Library/Safari folder, thus giving myself a fresh profile on the subsequent launch. Check out those icons. Where do you think they're hosted/stored?
Safari launches with default 'favorites', each represented by a favicon. I assumed these would be local resources—I was wrong. Here's a look at the structure of requests produced by the proxy application. You'll notice overlaps between hosts and earlier favicons.
Read 14 tweets
Profile picture
Sampson
@jonathansampson
What happens when you install the Edge (Chromium) Beta build and run it for the first time? I was curious.

On first-run, Edge fired off 130+ requests to nearly 50 endpoints. Here they are, sorted by total calls.

Time to take a closer look.
Here are all of the sessions for the 4 minutes or so I let the browser run. I see numerous connections to MSFT properties, but connections to non-MSFT properties too: Google APIs, Google, Double Click, Google Ad Services, Facebook, Twitter Ads, and more.
I should note, right from the start, that Edge knows more about me than any other browser can during the first-run experience. It gets this insight from Windows. As such, I'll pay closer attention to what it shares, and with whom.
Read 25 tweets
Profile picture
Sampson
@jonathansampson
What happens when you launch a fresh install of Firefox? I was curious, so I did so with version 68.0.2, and monitored my network activity.

Here's what I learned…
Note, this doesn't involve any interaction beyond opening the browser and waiting a few minutes.

What I found were dozens of requests, which loaded nearly 16 MB in data. Lets break down what I saw.
Let's first look at which endpoints were hit, and how often. Firefox launched with a mozilla.org tab opened in a blurred tab. Resources loaded from there would explain the 26 calls. Some of these other hosts should be familiar, if you've read my other browser threads.
Read 21 tweets

Related threads

Profile picture
Wojtek Kopczuk
@wwwojtekk
Time for my substantial comments about the @gabriel_zucman and Emmanuel Saez tax series. I'll run with numbers for top 0.01%, over 1962-2014. I'm still to fully digest top 400 and projections to 2018. So, first things first: the QJE and the paper show different patterns:
Just to make sure it is not missed: these are very different patterns. Between 1962 and 2014, the QJE series shows 3.3pp drop. The book one shows 18.7pp drop. Volatility differs to.
What makes them different? This (improved) animation illustrates and the thread goes over it more slowly:
Read 34 tweets
Profile picture
foone
@Foone
Today's discovery: In the 1996 film Gamera 2: Attack of Legion, midway through the film a science instructor wants to learn more about Gamera, so she pulls up the "GAMERA WORLD" website!
hmm, about the girl who communicated with Gamera? plot points by web! possibly for the first time in a kaiju film.

Also: Netscape Navigator.
Also, check this out:
Windows logo on the tower.
Read 45 tweets
Profile picture
Mudge
@dotMudge
Today is the anniversary of the testimony I and other members of the l0pht gave to the US Senate in 1998.

It was the first time the US Govt. publicly referenced “hackers” in a positive context.

The coverage was national and even international.

Come behind the scenes.

/Thread
I dislike flying, so we rented a Dodge Ram 3500 15 passenger van to drive down to the US Senate.

As a bonus, we could stop by the NSA Crypto Museum!

We met at the L0pht around 4am to load up.

Group picture (L to R): Brian Oblivion, Stefan, Weld, Tan, Kingpin, Spacerog, Mudge
We decided to do some signals collection on the drive from Boston to DC. Remember it was 1998 so not your modern war driving.

We had RF experts in the L0pht, so we were equipped ;)

There was a veritable antenna farm on the roof.
Read 23 tweets
Profile picture
Tony Connelly
@tconnellyRTE
Varadkar address to EPP congress: "Today one of the biggest challenges we face in Europe is the challenge of Brexit. For the first time a member state is leaving, so we need to make sure we get it right.
"Peace on the island of Ireland was borne out of a European ideal, by people coming together, not growing apart. We cannot allow that to falter now. So we're determined to protect the GFA, which means peace in Britain and Ireland, powersharing in NI, and ever closer cooperation..
"...between North and South. We're determined to avoid the re-emergence of a hard border on our island. We also want an orderly exit for the UK and a transition period so that citizens can prepare for the changes which will take place.
Read 4 tweets
Profile picture
Fight for the Future
@fightfortheftr
THREAD: At 3pm, the Senate will vote on a resolution to block the FCC’s #NetNeutrality repeal and restore basic protections that prevent companies like Comcast and AT&T from censoring online content, slowing down websites and apps, and charging expensive new fees.
Our work for Internet freedom will continue long after today, but the outcome of this vote will affect the battlefield that we are fighting on for years to come.
This is the most important thing for everyone to understand: we’re facing off with some of the most politically powerful corporations in the world. We’re fighting an uphill battle. But in the big picture, we are winning on #NetNeutrality.
theverge.com/2017/12/11/167…
Read 18 tweets
Profile picture
Sarah / @RealScientists
@realscientists
TODAY IS BRAIN DAY. I AM EXCITED.
Nothing is on fire, tea is forthcoming AND NOW IT'S TIME TO TALK BRAINS.
For today, we're going to be going over how the brain processes bits of information, and how it puts it together into coherent thoughts and responses. This is, broadly, cognitive neuroscience!
Read 31 tweets

Trending hashtags

#BradyBunch #FACT #Epstien #SaudiGov #happenstances #GoshDarn #QB #FUBAR #BradyRule #AEI #buttplug #MOTHERFUCKERS #POLICE #agreements #profuse #OMITTED #dumb #SquadGoals #Gulen #ISupportClarissa #ElvisCostello #PascoProud #CLASSY #ChildTrafficking #whodunnit
Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!