Sampson
+ Your AuthorsArchive @jonathansampson Building the web since the mid-90's. Regional Manager of The Office references. Microsoft Alumni, Stack Overflow mod no 4. Building a better Web @brave 🇺🇸🇧🇷 Aug. 24, 2019 1 min read

Next up, the Dissenter browser. This browser is a recent fork of @brave; their first-run is nearly identical to what you'd see in slightly older builds of Brave. What sets them apart is their built-in Dissenter extension. As such, I'm going to check its network activity too.

As I stated in the previous Tweet, Dissenter is a fork of Brave. As such, their first-run experience consists largely of internal resources. Most of the initial network activity comes when you open their extension UI.

Calls to brave, YouTube, Twitter, FontAwesome, Google & more.

The call to  http://crxdownload.brave.com  is for the PDF.js extension, IIRC. Initial call to  http://safebrowsing.brave.com  gets them the Safe Browsing list (via the Brave proxy to mask end users).

Like Opera, Dissenter also sends a Referer header to third parties, which identifies me as a new user of the Dissenter browser.

I'm noticing now too that they're using version 75.0.3x of Chromium. That version is a couple months old. I'll have to revisit Opera and Vivaldi too.

Dissenter informs Twitter, Font Awesome,  http://Gab.com , Cloudflare, and Google that I am new Dissenter user. YouTube sets a couple cookies as a result: VISITOR_INFO1_LIVE and YSC. Unclear what these are. Gab also sets a cookie: __cfduid. Looks like a distinct ID.

There's a call to  http://dissenter.com  for the /discussion/begin-extension path. Along with it, a query string that appears to carry the current URL. Checking this from another page confirms the URL is sent in the clear to Dissenter's servers when expanding the extension.

I suspected the early calls to Twitter (which setup a cookie on my device) might be problematic. Later visits to Twitter continue to identify me as a Dissenter user via an iframe referer header.

Also interesting is something I'm [not] seeing in these results. Unlike our previous browsers, there is no initial check for updated versions. Dissenter doesn't auto-update, which makes the already-months-old Chromium bits even more alarming.


You can follow @jonathansampson.



Bookmark

____
Tip: mention @threader_app on a Twitter thread with the keyword “compile” to get a link to it.

Enjoy Threader? Sign up.

Since you’re here...

... we’re asking visitors like you to make a contribution to support this independent project. In these uncertain times, access to information is vital. Threader gets 1,000,000+ visits a month and our iOS Twitter client was featured as an App of the Day by Apple. Your financial support will help two developers to keep working on this app. Everyone’s contribution, big or small, is so valuable. Support Threader by becoming premium or by donating on PayPal. Thank you.


Follow Threader