Nobody likes the idea of a big brother watching over them as they surf the web. Yet, as web browsers evolve, various features can disclose information to third parties about which sites you are surfing and when.
For example, when surfers access an HTTPS site, the browser receives the server’s certificate and queries the designated OCSP (online certificate status protocol) servers as to whether it is valid or has been revoked. In essence, a query to an OCSP responder for a website certificate is essentially telling the certificate issuer that the user is in the process of accessing that site.
Default browser “start” pages are another privacy leak. Every time users start a web browser, Microsoft, Apple, Opera or Mozilla are informed. The start pages themselves may seem innocuous but are, in fact, laden with third-party ads and metrics that set tracking cookies and collect the browser’s information.
Many browsers have recently added anti-phishing and safe surfing features that essentially query a database to see if a website is a known offender and, thus, should be blocked. Some browsers use local databases stored on the user’s computer. This is ideal, as it doesn’t expose the nature of the lookups to a third party. However, Opera’s SiteCheck function – enabled by default and meant to warn surfers when they try to access a site that hosts malware – sends a real-time request to sitecheck2.opera.com for every new site surfed. Simply put, Opera obtains a list of websites surfed, and then has the ability to maintain a historical record.
All of these features can be disabled in the individual’s web browser, but many are meant to provide a security benefit. Therefore, disabling them means the computer user possibly loses security protections. Each and every web surfer needs to decide for themself what’s more important: Security or privacy.