Chrome Firefox Safari

Mattias recently tweeted that his website can now be served over HTTP/3 'even though no browser supports it yet'.

Versions 1.0 and 1.1 both over a decade old will be disabled and no longer supported by Google Chrome, Mozilla Firefox, Internet Explorer, Microsoft Edge, and Apple Safari. TLS or the Transport Layer Security is a cryptographic protocol used to establish a secure and encrypted communications channel between servers and clients.

• Make new tabs active in Firefox. Similar to Safari, Firefox gives you this setting as a checkbox as well. Open Firefox and go to the Preferences from the menu bar or Firefox menu button on the top right. 1) In your Firefox Preferences, select General on the left.
• Google Chrome and Mozilla Firefox both have their extension stores. This helps in enhancing the browser experience and add features that are not readily available. Firefox takes a lot of care when adding any application into their store. It limits applications that are remotely hosted.
• Firefox was created by Mozilla as a faster, more private alternative to browsers like Internet Explorer, and now Chrome. Today, our mission-driven company and volunteer community continue to put your privacy above all else.

While it's true that no browser supports it out of the box right now, there are options to enable HTTP/3. Here's how.

🧪 As with all experimental technolgy/features: things might break! Be warned!

~

Google Chrome

If you search chrome://flags you'll find an option named 'Experimental QUIC Protocol' which you can enable:

That alone however won't do. You'll also need to enable a specific HTTP3 version, apparently. This extra change cannot be done through chrome://flags, but only through a command line option.

To fully enable HTTP/3 in Chrome, you must launch it with the command line options --enable-quic --quic-version=h3-27 :

Firefox

Set network.http.http3.enabled to true in about:config

At least Firefox 75 is required.

Safari

Safari Technology Preview Release 104 which was just released has added HTTP3 as an experimental feature. To enable it, you'll first need to enable the 'Develop' menu through its settings.

If you're running (the unreleased) macOS 10.16 / iOS 14, you can now use the Develop menu and underneath Experimental Features enable it.

🙏 Thanks to Kai for digging up the fact that macOS 10.16 is required.

~

How to test this?

Chrome Firefox Download

A good site to test your connection is https://www.litespeedtech.com/. Visit that site and open the DevTools of your browser (SHIFT+CMD+I). In the Network tab enable the protocol column and refresh the page.

Here's an example of Firefox:

quic.rocks is also a good site you can use. I did notice that Firefox for example sometimes loads that site using HTTP/1.1 and sometimes using HTTP/3 … experimental features, right? 😉

~

I don't do this for profit but a small one-time donation would always put a smile on my face. Thanks!

Microsoft Edge received the lowest privacy rating in a recently published study that compared the user information collected by major browsers. Yandex, the less-popular browser developed by the Russian Web search provider Yandex, shared that dubious distinction. Brave, the upstart browser that makes privacy a priority, ranked the highest.

The rankings were revealed in a research paper published by Trinity College Dublin computer scientist Doug Leith. He analyzed and rated the privacy provided by Google Chrome, Mozilla Firefox, Apple Safari, Brave, Edge, and Yandex. Specifically, the study examined the browsers' sending of data—including unique identifiers and details related to typed URLs—that could be used to track users over time. The findings put the browsers into three categories with Brave getting the highest ranking, Chrome, Firefox, and Safari receiving a medium ranking, and Edge and Yandex lagging behind the rest.

In the paper, Leith wrote:

From a privacy perspective Microsoft Edge and Yandex are qualitatively different from the other browsers studied. Both send persistent identifiers that can be used to link requests (and associated IP address/location) to backend servers. Edge also sends the hardware UUID of the device to Microsoft and Yandex similarly transmits a hashed hardware identifier to back end servers. As far as we can tell this behaviour cannot be disabled by users. In addition to the search autocomplete functionality that shares details of web pages visited, both transmit web page information to servers that appear unrelated to search autocomplete.

Strong, enduring identifiers

If you search chrome://flags you'll find an option named 'Experimental QUIC Protocol' which you can enable:

That alone however won't do. You'll also need to enable a specific HTTP3 version, apparently. This extra change cannot be done through chrome://flags, but only through a command line option.

To fully enable HTTP/3 in Chrome, you must launch it with the command line options --enable-quic --quic-version=h3-27 :

Firefox

Set network.http.http3.enabled to true in about:config

At least Firefox 75 is required.

Safari

Safari Technology Preview Release 104 which was just released has added HTTP3 as an experimental feature. To enable it, you'll first need to enable the 'Develop' menu through its settings.

If you're running (the unreleased) macOS 10.16 / iOS 14, you can now use the Develop menu and underneath Experimental Features enable it.

🙏 Thanks to Kai for digging up the fact that macOS 10.16 is required.

~

How to test this?

Chrome Firefox Download

A good site to test your connection is https://www.litespeedtech.com/. Visit that site and open the DevTools of your browser (SHIFT+CMD+I). In the Network tab enable the protocol column and refresh the page.

Here's an example of Firefox:

quic.rocks is also a good site you can use. I did notice that Firefox for example sometimes loads that site using HTTP/1.1 and sometimes using HTTP/3 … experimental features, right? 😉

~

I don't do this for profit but a small one-time donation would always put a smile on my face. Thanks!

Microsoft Edge received the lowest privacy rating in a recently published study that compared the user information collected by major browsers. Yandex, the less-popular browser developed by the Russian Web search provider Yandex, shared that dubious distinction. Brave, the upstart browser that makes privacy a priority, ranked the highest.

The rankings were revealed in a research paper published by Trinity College Dublin computer scientist Doug Leith. He analyzed and rated the privacy provided by Google Chrome, Mozilla Firefox, Apple Safari, Brave, Edge, and Yandex. Specifically, the study examined the browsers' sending of data—including unique identifiers and details related to typed URLs—that could be used to track users over time. The findings put the browsers into three categories with Brave getting the highest ranking, Chrome, Firefox, and Safari receiving a medium ranking, and Edge and Yandex lagging behind the rest.

In the paper, Leith wrote:

From a privacy perspective Microsoft Edge and Yandex are qualitatively different from the other browsers studied. Both send persistent identifiers that can be used to link requests (and associated IP address/location) to backend servers. Edge also sends the hardware UUID of the device to Microsoft and Yandex similarly transmits a hashed hardware identifier to back end servers. As far as we can tell this behaviour cannot be disabled by users. In addition to the search autocomplete functionality that shares details of web pages visited, both transmit web page information to servers that appear unrelated to search autocomplete.

Strong, enduring identifiers

Both Edge and Yandex send identifiers that are tied to device hardware, the study found. These unique strings, which can also link various apps running on the same device, remain the same even after fresh installs of the browsers. Edge sends the universally unique identifier of a device to a Microsoft server located at self.events.data.microsoft.com. This identifier can't easily be changed or deleted. The researcher said that the Edge autocomplete, which sends details of typed sites to a backend server, can't be disabled. As Ars reader karinto pointed out in a comment, however, instructions for disabling the feature are here.

Yandex, meanwhile, collected a cryptographic hash of the hardware MAC address and details of visited websites through the autocomplete function, although the latter could be disabled. Because Edge and Yandex collect identifiers that are linked to the hardware running the browsers, the data persists across fresh browser installs and can also be used to link various apps running on the same device. These identifiers can then be used to track IP addresses over time.

'Transmission of device identifiers to backend servers is obviously the most worrisome since it is a strong, enduring identifier of a user device that can be regenerated at will, including by other apps (so allowing linking of data across apps from the same manufacturer) and cannot be easily changed or reset by users,' the paper warned.

A Microsoft representative provided a response on condition she not be named and the response not be quoted. She gave no reason for this requirement. She said that Edge asks for permission to collect diagnostic data that's used to improve products. She said this collection can be turned off. While the data 'may' contain information about visited websites, it isn't stored with users' Microsoft accounts.

Browser syncing

When users are signed into Edge, they can sync their browser history to make it available on other devices. Users can view and delete this history on the privacy dashboard located at privacy.microsoft.com. Microsoft's Defender SmartScreen—a Windows 10 feature that protects against phishing and malware websites and the downloading of potentially malicious files—works by inspecting URLs that users intend to visit. This default functionality can be disabled through the Edge Privacy and Services settings.

The unique identifier allows Edge users to use a single click to delete associated diagnostic data stored on Microsoft servers.

At the other end of the privacy spectrum was Brave. The study found the default Brave settings provided the most privacy, with no collection of identifiers allowing the tracking of IP addresses over time and no sharing of the details of webpages visited with backend servers.

In between

Chrome, Firefox, and Safari fell into a middle category. The autocomplete feature in all three browsers transmitted details of visited sites in real time as the URLs are being typed. These default settings, however, can be disabled. Other potentially privacy-harming behaviors included:

• Chrome: sends a persistent identifier along with website addresses, allowing the two to be linked
• Firefox: includes identifiers in telemetry transmissions that can link these things over time (telemetry is on by default but can be disabled). Firefox also opens a persistent websocket for push notifications. The websocket, the researcher said, is linked to a unique identifier and can potentially be used for tracking that's not easily disabled.
• Safari: Defaults to a start page that can leak information to 'multiple third parties' who can preload pages containing identifiers to the browser cache. What's more, associated iCloud processes made connections containing identifiers.

Which Is Better Firefox Or Chrome

Apple officials declined to comment on the report, but did point out that Safari by default provides blocking of third-party cookies and a complementary feature known as Intelligent Tracking Prevention, both of which limit the information third-party websites can obtain about users.

In a statement, Mozilla officials wrote:

Browsing history is only sent to Mozilla if a user turns on our Sync service, whose purpose is to share data across a user's devices. Unlike other browsers, Sync data is end-to-end encrypted, so Mozilla cannot access it.

Firefox does collect some technical data about how users interact with our product, but that does not include the user's browsing history. This data is transmitted along with a unique randomly generated identifier. IP addresses are retained for a short period for security and fraud detection and then deleted. They are stripped from telemetry data and are not used to correlate user activity across browsing sessions.

Chrome Firefox Safari

As the study itself points out, 'transmission of user data to backend servers is not intrinsically a privacy intrusion.' By limiting collection and retention of data and safeguarding the data users do share with us through encryption and anonymization, Firefox works to protect people's privacy and provide a secure browsing experience. Clear and publicly available practices and processes reinforce our commitment to putting users' needs first.

Representatives of Googledidn't immediately provide responses to the findings. This post will be updated if responses come later. The research analyzed behavior of Chrome version 80.0.3987.87, Firefox 73.0, Brave 1.3.115, Safari 13.0.3, Edge 80.0.361.48, and Yandex 20.2.0.1145.

As Apple's background comment suggests, the study takes a narrow view of browser security, because it didn't take into account features that block third-party tracking. Still, the paper makes a good case why people using Edge, users of Chrome, Firefox, and Safari may want to disable the website autocomplete feature, which I've never found to be all that useful anyway. Microsoft's response above provides ways to curb some of the other data transmissions as well. While the browser comes with enhanced security measures that are resistant to exploits, users who prioritize privacy should consider disabling default behaviors or using a different browser.

Story updated to add comment from Apple and Mozilla.