diff --git a/news-preview.png b/news-preview.png index eb550b18..8940879a 100644 Binary files a/news-preview.png and b/news-preview.png differ diff --git a/news.html b/news.html index c74e3f9b..3dc889f0 100644 --- a/news.html +++ b/news.html @@ -1,13 +1,14 @@ - +
- + +In this issue, I have added Cromite to the Android browsers tested.
+On iOS:
+On Android:
+On Desktop:
On Desktop:
On Desktop:
On Desktop:
On Desktop:
This issue includes DNS privacy tests for the first time.
On Desktop:
On Desktop:
On Desktop:
On Desktop:
On Desktop:
On Desktop:
On Desktop:
On Desktop:
On Desktop:
On Desktop:
We are now testing whether Encrypted Client Hello has been enabled by default. Short answer: not in any browsers yet.
-On Desktop:
On Desktop:
On Desktop:
On Desktop:
On Desktop:
On Desktop:
On Desktop:
In this weeks' issue, we have expanded the cross-session tracking tests to Desktop builds. LibreWolf, Mullvad, and Tor Browsers show especially strong protection against tracking between browser sessions.
On Desktop:
In this week's issue, we have expanded the cross-session tracking tests to examine first-party tracking and third-party tracking in Nightly browser builds. In general, we see that websites and trackers are mostly able to track user across sessions, except if you are using Tor Browser, which deletes all history every time you quit.
On Desktop:
This week's issue introduces cross-session tracking tests. We begin by testing Desktop Nightly browser builds to examine whether data is leaked across browser sessions so that a website can re-identify you when you visit a second time.
On Desktop:
On Desktop:
On iOS:
On Desktop:
On Desktop:
On Desktop:
On iOS:
On Desktop:
On Desktop:
On Desktop:
On Desktop:
On Desktop:
On Desktop:
On iOS:
On Desktop:
On Desktop:
On Desktop:
On Desktop:
On iOS:
On Desktop:
On Desktop:
On Desktop:
On Desktop:
On Desktop:
We see on Safari Desktop that the favicon cache is now partitioned! In Safari, Blob URLs is the only remaining API we test that still leaks data across websites.
In addition, Brave Nightly is now passing screen fingerprinting.
On Desktop:
Last week's response to Vivaldi's claims is here.
On Desktop:
On Desktop:
On Desktop:
Today, for the first time, Brave is now passing all State Partitioning tests. Congratulations to the team at Brave who worked on this!
-On Desktop:
On Desktop:
On Desktop:
For the first time, fresh profiles of Firefox are now passing (nearly) all State Partitioning tests, thanks to the worldwide rollout of Total Cookie Protection. Congratulations to the Firefox team! I am informed that existing profiles will also receive Total Cookie Protection in the next few months.
-On Desktop:
On Desktop:
On Desktop:
It was brought to my attention that the "Tracker content blocking" test for Chartbeat was incorrectly reporting a "fail" for the DuckDuckGo Android browser. DuckDuckGo browser blocks third-party Chartbeat tracking scripts, but then provides the host page with a surrogate script to prevent breakage of the page's functionality. The original design of my test did not take into account this kind of surrogate, and so was incorrectly concluding that the original tracking script had been loaded into the page. I have now enhanced the test so it detects the presence of this surrogate and reports a "pass" for DuckDuckGo. Thanks to Peter Dolanjski for informing me of this problem.
-On Desktop:
In this issue I have added Mull to the set of Android browsers.
Brave 1.39 (currently Nightly) has introduced a new protection against system font fingerprinting. It works by randomizing the user-installed fonts that are exposed to a web page. I am investigating how to test this new protection, so no "pass" or "fail" decision has yet been made.
-New Desktop browser versions are:
The Brave team reported a bug that resulted in incorrect results for the Alt-Svc test on the Brave browser. Apologies for the bug; I have corrected the issue. Thanks to Aleksey Khoroshilov and Pete Snyder for alerting me to the issue.
In this issue, we have added Firefox Focus to the set of Android browsers.
-New iOS browser versions are:
New desktop browser versions are:
Desktop versions:
In Issue 10, we have added LibreWolf to the set of tested browsers. LibreWolf is a Firefox-based browser with some unique default privacy features not found in other browsers.
We have separated out Private Modes (aka Private Browsing, Incognito etc.) into their own tables for Desktop and Nightly browsers.
-Since last week, some browser versions have updated:
Again we have skipped testing of Firefox Nightly because of the browser crash.
Since Issue 7, Firefox has updated to version 95.0.
Because of a crash in Firefox Nightly, it is not included in this week's Nightly browser testing.
Since Issue 6, Opera has updated to 82.0 and Vivaldi to 5.0.
Because of a crash in Firefox Nightly, it is not included in this week's testing.
@@ -1894,7 +1921,7 @@Brave has introduced an important new partitioning behavior. HTTP1, HTTP2, and HTTP3 connections are now partitioned by first party. That means your web connections can no longer be used to correlate your visits between different websites.
Thanks and congratulations to the Brave team for this fix!
Since Issue 4, three browsers have updates:
These tests give a preview of future privacy developments in these browsers. And I hope it offers faster feedback for browser development teams as they land patches for new privacy protections.
-Since Issue 3, Firefox has updated to v. 94.0.
Since Issue 2, new browser releases include Chrome 95.0, Edge 95.0, and Safari 15.1.
Three new tests have been added. These are: