What kind of communication does the browser such as Chrome, Firefox, Edge do at the first startup


by

Thomas William

When Microsoft's former engineer Sampson first launched a web browser such as Google Chrome, Firefox, Microsoft Edge, etc., investigating what kind of communication is going on in the place where the user can not see and own Twitter Detailed data is released above.

Sampson (@jonathansampson) | Twitter
https://twitter.com/jonathansampson

◆ Google Chrome
When Google Chrome is launched for the first time on Windows 10, 32 requests are created and 7.26MB of data is downloaded.



The first communication that Chrome performs is to interact with the domain “googleapis.com”. Through this communication, information such as OS type, browser channel, and version is transmitted, and it seems that flags, functions, and other information (32KB) are received. In addition, it seems that the communication information exchanged by Chrome can not be completely understood even if the source of Chromium is confirmed, but some details were revealed by investigation.



Chrome communicates with Google account servers and domains such as 'clients2.google.com' to receive multiple extensions and app IDs in XML document format. After that, a request for a CRX file corresponding to the acquired ID is issued, and it seems that nine extensions are downloaded. In addition, the extended function to be downloaded has a very small data size, and it seems that it is mainly related to Google such as Google Drive, Google Docs, YouTube, Gmail, Chrome Cast, Google Pay.



Also, Chrome communicates with the domain “redirector.gvt1.com”, and this request seems to be related to Chrome Cast. This extension sends requests via a different route than other extensions, and the query written as “craw” linked to Google ’s web store payment also sends requests via a different route. It will be done. Sampson wrote, “I am interested in why these requests are different.”



According to Sampson, the 'redirector.gvt1.com' domain doesn't actually provide extensions. Instead, this domain seems to be redirecting as the name suggests. This redirect is familiar, but it seems unclear why it is used.

In subsequent communications, you will be asked to verify the first installed extension. The extension ID is sent and the 'googleapis.com' domain appears to respond with a bit of data to check its integrity. This seems to be communication related to all extensions. In addition, Chrome seems to communicate with the 'docs.google.com' domain, but the reason is unknown.

In addition, Chrome communicates with the “google.com” domain. This communication 'assums you are being asked for search data,' says Sampson.



◆ Microsoft Edge
Next, we will talk about the communication content of Edge, a genuine Microsoft browser. Edge seems to have sent over 130 requests to 50 endpoints. The various domains to which Edge sent requests are as follows. It seems that the communication will be completed in about 4 minutes, and it seems that it communicates with Google related domain, Google API, Double Click , Google advertising related service, Facebook, Twitter advertising related service, etc.



Edge has more information about users from the initial startup than other browsers. This user information is obtained from Windows, which is the OS of the PC used by the user. For example, Edge seems to have changed the icon of the account from the first startup, or the user name is inconsistent.



In the case of Edge, first communicate with multiple domains such as “speech.platform.bing.com” regarding the synthesized speech option and “clients2.google.com” related to Google. In addition, the design side such as CSS and fonts is read by communicating with the 'microsoftedgeinsider.com' domain.

Edge downloads scripts related to data collection, tracking and advertising from service-related domains such as Facebook, Reddit, and Google. All of these scripts seem to be executed when the browser is started for the first time.

◆ Firefox
When Firefox version '68.0.2' is started for the first time, dozens of communications are performed, and about 16MB is communicated.



The domains that Firefox communicated with are as follows. In addition to the Mozilla-related domains that are the developers of Firefox, there are also multiple Google-related domains.



In the initial communication, 5 requests are made to 'detectportal.firefox.com' to obtain information for detecting public networks such as free Wi-Fi in the coffee shop. Subsequently, communication related to the online certificate status protocol was executed as “ocsp.digicert.com”. The online certificate check is performed over two communications, but the reason is unknown.

Firefox also communicates with Google and downloads data related to “Google Tag Manager” and “Google Analytics”. In addition, Firefox downloads data for safe browsing from the Google API, but such communication is almost common in other browsers.

Sampson wrote, “Firefox is one of the browsers I recently researched and the most frequently communicated at first launch. This may be the only Firefox that can immediately collect telemetry data.” It is.



In addition, Mr. Sampson is investigating the communication contents when the browsers such as Opera , Vivaldi , Dissenter and Brave are started for the first time. Vivaldi is a very lightweight browser compared to Opera, and only 31 communications are performed at the first startup, and most of them are related to Vivaldi related domains.



Of the browsers that investigated the communication contents at the first startup, only Brave did not communicate with Google at all, Sampson said, `` I have 100% suppression of communication at the first startup of Brave. I ’m very happy to confirm that it ’s safe, and Brave will act as a surrogate if you need to communicate with a third party. ”



Related Posts:

in Software, Posted by logu_ii