What kind of communication does the browser such as Chrome, Firefox, Edge do at the first startup
When Microsoft's former engineer Sampson first launched a web browser such as Google Chrome, Firefox, Microsoft Edge, etc., investigating what kind of communication is going on in the place where the user can not see and own Twitter Detailed data is released above.
Sampson (@jonathansampson) | Twitter
◆ Google Chrome
When Google Chrome is launched for the first time on Windows 10, 32 requests are created and 7.26MB of data is downloaded.
What happens when you launch Google Chrome for the first time on a Windows 10 machine?— Sampson (@jonathansampson) August 25, 2019
I Launched Google When Chrome For The First Time (And Let It Sit For A Minute), 32 Requests Were Made, And 7.26 MB Of Data Downloaded. Pic.Twitter.Com/UpmrQBUceK
The first communication that Chrome performs is to interact with the domain “googleapis.com”. Through this communication, information such as OS type, browser channel, and version is transmitted, and it seems that flags, functions, and other information (32KB) are received. In addition, it seems that the communication information exchanged by Chrome can not be completely understood even if the source of Chromium is confirmed, but some details were revealed by investigation.
Chrome communicates with Google account servers and domains such as 'clients2.google.com' to receive multiple extensions and app IDs in XML document format. After that, a request for a CRX file corresponding to the acquired ID is issued, and it seems that nine extensions are downloaded. In addition, the extended function to be downloaded has a very small data size, and it seems that it is mainly related to Google such as Google Drive, Google Docs, YouTube, Gmail, Chrome Cast, Google Pay.
Also, Chrome communicates with the domain “redirector.gvt1.com”, and this request seems to be related to Chrome Cast. This extension sends requests via a different route than other extensions, and the query written as “craw” linked to Google ’s web store payment also sends requests via a different route. It will be done. Sampson wrote, “I am interested in why these requests are different.”
According to Sampson, the 'redirector.gvt1.com' domain doesn't actually provide extensions. Instead, this domain seems to be redirecting as the name suggests. This redirect is familiar, but it seems unclear why it is used.
In subsequent communications, you will be asked to verify the first installed extension. The extension ID is sent and the 'googleapis.com' domain appears to respond with a bit of data to check its integrity. This seems to be communication related to all extensions. In addition, Chrome seems to communicate with the 'docs.google.com' domain, but the reason is unknown.
In addition, Chrome communicates with the “google.com” domain. This communication 'assums you are being asked for search data,' says Sampson.
◆ Microsoft Edge
Next, we will talk about the communication content of Edge, a genuine Microsoft browser. Edge seems to have sent over 130 requests to 50 endpoints. The various domains to which Edge sent requests are as follows. It seems that the communication will be completed in about 4 minutes, and it seems that it communicates with Google related domain, Google API, Double Click , Google advertising related service, Facebook, Twitter advertising related service, etc.
What happens when you install the Edge (Chromium) Beta build and run it for the first time? I was curious.— Sampson (@jonathansampson) August 27, 2019
On first-run, Edge fired off 130+ requests to nearly 50 endpoints. Here they are, sorted by total calls.
Time to take a closer look.pic.twitter.com/kIVaKIUNbJ
Edge has more information about users from the initial startup than other browsers. This user information is obtained from Windows, which is the OS of the PC used by the user. For example, Edge seems to have changed the icon of the account from the first startup, or the user name is inconsistent.
In the case of Edge, first communicate with multiple domains such as “speech.platform.bing.com” regarding the synthesized speech option and “clients2.google.com” related to Google. In addition, the design side such as CSS and fonts is read by communicating with the 'microsoftedgeinsider.com' domain.
Edge downloads scripts related to data collection, tracking and advertising from service-related domains such as Facebook, Reddit, and Google. All of these scripts seem to be executed when the browser is started for the first time.
When Firefox version '68.0.2' is started for the first time, dozens of communications are performed, and about 16MB is communicated.
What happens when you launch a fresh install of Firefox? I was curious, so I did so with version 68.0.2, and monitored my network activity.pic.twitter.com/kTglccO7Qy — Sampson (@jonathansampson) August 26, 2019
Here's what I learned…
The domains that Firefox communicated with are as follows. In addition to the Mozilla-related domains that are the developers of Firefox, there are also multiple Google-related domains.
In the initial communication, 5 requests are made to 'detectportal.firefox.com' to obtain information for detecting public networks such as free Wi-Fi in the coffee shop. Subsequently, communication related to the online certificate status protocol was executed as “ocsp.digicert.com”. The online certificate check is performed over two communications, but the reason is unknown.
Firefox also communicates with Google and downloads data related to “Google Tag Manager” and “Google Analytics”. In addition, Firefox downloads data for safe browsing from the Google API, but such communication is almost common in other browsers.
Sampson wrote, “Firefox is one of the browsers I recently researched and the most frequently communicated at first launch. This may be the only Firefox that can immediately collect telemetry data.” It is.
Of all browsers I've reviewed recently, Firefox is one of the most active upon installation.I think it may be the only one to immediately collect telemetry data too.— Sampson (@jonathansampson) August 26, 2019
I would like to see them proxy calls to Google endpoints, and avoid the initial https://t.co/8BsrgBsr1u tab.
In addition, Mr. Sampson is investigating the communication contents when the browsers such as Opera , Vivaldi , Dissenter and Brave are started for the first time. Vivaldi is a very lightweight browser compared to Opera, and only 31 communications are performed at the first startup, and most of them are related to Vivaldi related domains.
From today:— Sampson (@jonathansampson) August 24, 2019
What happens when you first open the Opera browser? Https://t.co/BPMxF2oumW
And Brave? Https://t.co/337Elo5ced
If you enjoy these threads, I'll consider doing more later ????
Of the browsers that investigated the communication contents at the first startup, only Brave did not communicate with Google at all, Sampson said, `` I have 100% suppression of communication at the first startup of Brave. I ’m very happy to confirm that it ’s safe, and Brave will act as a surrogate if you need to communicate with a third party. ”
That covers pretty much everything I see Brave doing when it first runs.I'm very pleased to see that 100% of the calls are controlled, and secure.And that Brave serves as a proxy for calls that need to reach out to third parties . Very nice ????— Sampson (@jonathansampson) August 24, 2019
in Software, Posted by logu_ii