Sampson @jonathansampson Building the web since the mid-90's. Regional Manager of The Office references. Former Microsoft engineer, Stack Overflow moderator no. 4. 🇧🇷🇺🇸 Aug. 24, 2019 1 min read

Next up, the Dissenter browser. This browser is a recent fork of @brave; their first-run is nearly identical to what you'd see in slightly older builds of Brave. What sets them apart is their built-in Dissenter extension. As such, I'm going to check its network activity too.

As I stated in the previous Tweet, Dissenter is a fork of Brave. As such, their first-run experience consists largely of internal resources. Most of the initial network activity comes when you open their extension UI.

Calls to brave, YouTube, Twitter, FontAwesome, Google & more.

The call to  http://crxdownload.brave.com  is for the PDF.js extension, IIRC. Initial call to  http://safebrowsing.brave.com  gets them the Safe Browsing list (via the Brave proxy to mask end users).

Like Opera, Dissenter also sends a Referer header to third parties, which identifies me as a new user of the Dissenter browser.

I'm noticing now too that they're using version 75.0.3x of Chromium. That version is a couple months old. I'll have to revisit Opera and Vivaldi too.

Dissenter informs Twitter, Font Awesome,  http://Gab.com , Cloudflare, and Google that I am new Dissenter user. YouTube sets a couple cookies as a result: VISITOR_INFO1_LIVE and YSC. Unclear what these are. Gab also sets a cookie: __cfduid. Looks like a distinct ID.

There's a call to  http://dissenter.com  for the /discussion/begin-extension path. Along with it, a query string that appears to carry the current URL. Checking this from another page confirms the URL is sent in the clear to Dissenter's servers when expanding the extension.

I suspected the early calls to Twitter (which setup a cookie on my device) might be problematic. Later visits to Twitter continue to identify me as a Dissenter user via an iframe referer header.

Also interesting is something I'm [not] seeing in these results. Unlike our previous browsers, there is no initial check for updated versions. Dissenter doesn't auto-update, which makes the already-months-old Chromium bits even more alarming.


You can follow @jonathansampson.



Bookmark

____
Tip: mention @threader_app on a Twitter thread with the keyword “compile” to get a link to it.

Enjoy Threader? Sign up.

Threader is an independent project created by only two developers. The site gets 500,000+ visits a month and our iOS Twitter client was featured as an App of the Day by Apple. Running this space is expensive and time consuming. If you find Threader useful, please consider supporting us to make it a sustainable project.