[{"data":1,"prerenderedAt":2194},["ShallowReactive",2],{"hero-featured-research":3,"landing-all-guides":958},{"id":4,"title":5,"author":6,"authorCredibility":7,"body":8,"category":855,"changelog":856,"date":858,"description":860,"extension":861,"image":862,"keyFindings":863,"lastUpdated":858,"meta":881,"navigation":882,"path":883,"readTime":884,"seo":885,"sources":886,"stem":955,"subtitle":956,"__hash__":957},"research\u002Fresearch\u002Fbrowser-telemetry-audit.md","Edge Sent 160,588 Packets on First Launch. Tor Sent Zero DNS Queries. We Tested 7 Browsers.","The Threat Model","Based on packet-level network analysis of 7 browsers across 21 test phases using tcpdump and tshark",{"type":9,"value":10,"toc":829},"minimark",[11,15,18,24,29,41,60,70,73,77,82,88,91,98,102,130,133,137,143,150,156,162,166,169,172,176,180,183,190,199,228,240,256,261,272,283,287,292,297,314,318,321,326,343,347,350,355,361,370,388,409,413,416,421,426,447,453,459,472,481,484,513,531,535,538,543,561,565,572,575,580,594,597,605,608,612,616,619,625,637,647,658,678,691,703,719,723,731,737,745,749,755,761,773,790,796,802,806,814,817],[12,13,14],"p",{},"We set up a test lab, installed seven browsers on fresh systems, and captured every packet they sent across three phases: cold start, idle, and browsing. No interaction during the first two. Just launching the browser and watching the network.",[12,16,17],{},"The results span a range that's wider than we expected. On one end, Microsoft Edge generated 160,588 packets and contacted 24 Microsoft domains before we touched the keyboard. On the other, Tor Browser produced zero DNS queries across the entire test. Between those two extremes, the other five browsers revealed exactly how much of the \"privacy-focused\" marketing holds up when you look at the wire.",[19,20],"stat-callout",{"label":21,"value":22,"suffix":23},"packets generated by Edge on first launch - the most of any browser tested","160588","",[25,26,28],"h2",{"id":27},"background","Background",[12,30,31,32,36,37,40],{},"In 2020, Douglas Leith at Trinity College Dublin published \"Web Browser Privacy: What Do Browsers Say When They Phone Home?\" ",[33,34],"source-annotation",{"id":35},"2",", testing Chrome, Firefox, Safari, Brave, Edge, and Yandex. The study found Brave was in a class of its own for privacy, while Edge and Yandex transmitted hardware-linked identifiers that persisted across fresh installs ",[33,38],{"id":39},"11",". The paper received significant attention and remains widely cited.",[12,42,43,44,47,48,51,52,55,56,59],{},"Six years have passed. Every browser on that list has shipped major changes. Chrome abandoned its plan to deprecate third-party cookies in favour of a user-choice model in April 2025 ",[33,45],{"id":46},"10",". Firefox introduced OHTTP relays for suggestion queries, and Brave developed the STAR protocol for privacy-preserving analytics ",[33,49],{"id":50},"5",". Safari gained iCloud Private Relay ",[33,53],{"id":54},"6",". Meanwhile, Edge added Copilot integration and kept expanding its Microsoft services footprint ",[33,57],{"id":58},"7",".",[12,61,62,63,66,67,69],{},"The sizeof(cat) project published a 2025 update ",[33,64],{"id":65},"3"," counting startup connections across browsers: Ungoogled Chromium and Tor Browser made zero, Brave made 17, Firefox 29, Vivaldi 11, Chrome 25, and Edge 48 ",[33,68],{"id":65},". That test counted connections. Ours counts packets, extracts domains, and extends the analysis through idle and browsing phases.",[12,71,72],{},"What appears to be missing from the existing literature is a full three-phase capture on 2026 browser versions that includes idle behaviour and browsing-phase telemetry alongside the cold start. This is that study, with the addition of Tor Browser and Vivaldi to the tested set.",[25,74,76],{"id":75},"methodology","Methodology",[78,79,81],"h3",{"id":80},"test-environment","Test environment",[12,83,84,85,59],{},"Three browsers (Firefox 150.0, Brave 147.1.89.141, Vivaldi 7.9.3970.59) were tested in Ubuntu 24.04 ARM64 virtual machines running on UTM (Apple Virtualisation Framework) on a MacBook Air M3. Each browser was installed in a clean VM clone, never launched, then snapshotted. Tests started from these pristine snapshots ",[33,86],{"id":87},"1",[12,89,90],{},"Four browsers (Chrome 146.0.7680.80, Safari macOS 26.3.1, Edge 147.0.3912.72, Tor Browser 15.0.10) were tested natively on macOS 26.3.1 using a clean user account with no prior browser usage. Native testing was necessary because Chrome and Edge lack ARM64 Linux builds, Safari is macOS-only, and Tor Browser's macOS universal binary was the most practical option.",[92,93],"data-table",{":headers":94,":rows":95,":sortable":96,"caption":97},"[\"Browser\",\"Version\",\"Engine\",\"Platform\",\"Install Method\"]","[[\"Chrome\",\"146.0.7680.80\",\"Chromium\u002FBlink\",\"macOS 26.3.1 (native)\",\"Pre-installed\"],[\"Edge\",\"147.0.3912.72\",\"Chromium\u002FBlink\",\"macOS 26.3.1 (native)\",\"microsoft.com pkg\"],[\"Firefox\",\"150.0\",\"Gecko\",\"Ubuntu 24.04 ARM64 (VM)\",\"mozilla.org tarball\"],[\"Safari\",\"macOS 26.3.1\",\"WebKit\",\"macOS 26.3.1 (native)\",\"Built-in\"],[\"Brave\",\"147.1.89.141\",\"Chromium\u002FBlink\",\"Ubuntu 24.04 ARM64 (VM)\",\"apt repo .deb\"],[\"Vivaldi\",\"7.9.3970.59\",\"Chromium\u002FBlink\",\"Ubuntu 24.04 ARM64 (VM)\",\"vivaldi.com .deb\"],[\"Tor Browser\",\"15.0.10\",\"Gecko (Firefox ESR)\",\"macOS 26.3.1 (native)\",\"torproject.org\"]]","true","Table 1. Browsers tested, versions, and platforms.",[78,99,101],{"id":100},"capture-method","Capture method",[12,103,104,105,109,110,113,114,117,118,121,122,125,126,129],{},"All traffic was captured using ",[106,107,108],"code",{},"tcpdump"," on the host network interface: ",[106,111,112],{},"bridge100"," for VM browsers, ",[106,115,116],{},"en0"," for native macOS browsers. Captures were analysed with ",[106,119,120],{},"tshark"," to extract DNS queries (",[106,123,124],{},"dns.flags.response == 0",") and TLS Server Name Indication fields (",[106,127,128],{},"tls.handshake.extensions_server_name",").",[12,131,132],{},"Native macOS captures include some operating system traffic (OCSP checks, iCloud, NTP). We identified and excluded these from browser-specific findings by cross-referencing Apple system domains across all native tests.",[78,134,136],{"id":135},"three-phase-protocol","Three-phase protocol",[12,138,139,140,142],{},"Each browser went through identical phases ",[33,141],{"id":87},":",[12,144,145,149],{},[146,147,148],"strong",{},"Phase 1 - Cold start (5 minutes)",": Launch the browser for the first time. No keyboard or mouse interaction. Accept default settings where prompted. This captures everything the browser does on its own.",[12,151,152,155],{},[146,153,154],{},"Phase 2 - Idle (5 minutes)",": Browser remains open. No interaction. This captures background telemetry cadence: how chatty is the browser when you're not using it?",[12,157,158,161],{},[146,159,160],{},"Phase 3 - Controlled browsing (5-12 minutes)",": Navigate to 10 predetermined sites, 30 seconds each (45 seconds for Tor Browser due to network latency). Sites chosen for diversity: example.com, Wikipedia, BBC News, Reddit, GitHub, Amazon, DuckDuckGo, NYTimes, Stack Overflow, The Guardian. Navigation was automated via shell scripts to ensure identical timing.",[78,163,165],{"id":164},"default-settings","Default settings",[12,167,168],{},"Every browser was tested with its out-of-the-box defaults. Where setup wizards appeared, we accepted the defaults. This means Chrome's \"Send usage statistics\" was checked (it is by default), Edge's \"Send diagnostic data\" was checked (it is by default), and Vivaldi's crash reports were unchecked (it is by default). We recorded these choices but did not alter them. The point is to measure what happens to someone who clicks through the setup without reading it.",[19,170],{"label":171,"value":58},"browsers tested across 21 capture phases, producing 1.1GB of pcap data",[25,173,175],{"id":174},"findings","Findings",[78,177,179],{"id":178},"cold-start-what-happens-before-you-do-anything","Cold start: what happens before you do anything",[12,181,182],{},"This is the most consequential phase. Every packet here was generated by the browser, not the user.",[184,185],"research-chart",{":datasets":186,":labels":187,"caption":188,"type":189},"[{\"label\":\"Packets on Cold Start\",\"data\":[160588,61590,37026,36290,29943,29503,6888]}]","[\"Edge\",\"Chrome\",\"Brave\",\"Vivaldi\",\"Tor\",\"Firefox\",\"Safari\"]","Figure 1. Total packets captured during first 5 minutes after launch. Edge generated nearly 3x more traffic than Chrome.","bar",[12,191,192,193,195,196,198],{},"Edge is the clear outlier, though much of this traffic is its MSN news feed new tab page and component downloads. 160,588 packets generating a 192MB capture ",[33,194],{"id":87},". For context, Chrome - placed in the middle tier in Leith's 2020 study ",[33,197],{"id":35}," - produced 61,590 packets and 69MB. Edge generated nearly three times the traffic of the browser it's forked from.",[12,200,201,202,204,205,208,209,212,213,216,217,220,221,224,225,227],{},"Where does all that traffic go? Edge contacted 24 Microsoft-owned domains on cold start, including three separate telemetry pipelines ",[33,203],{"id":58},": ",[106,206,207],{},"self.events.data.microsoft.com",", ",[106,210,211],{},"functional.events.data.microsoft.com",", and ",[106,214,215],{},"browser.events.data.msn.com",". The main telemetry domain, ",[106,218,219],{},"edge.microsoft.com",", was queried 21 times in five minutes. Edge also loaded comScore analytics (",[106,222,223],{},"sb.scorecardresearch.com",") on its new tab page ",[33,226],{"id":87}," - a third-party tracker, on cold start, before the user visited anything.",[12,229,230,231,233,234,237,238,59],{},"Every single TLS connection on Chrome's cold start went to a Google-owned server ",[33,232],{"id":87},". All 15 domains, all Google. The ",[106,235,236],{},"optimizationguide-pa.googleapis.com"," endpoint alone was queried 12 times. Usage statistics and crash reports were opted in by default ",[33,239],{"id":87},[12,241,242,243,208,246,208,249,252,253,255],{},"And here's an odd detail: Edge also contacted Google. Three Google domains appeared in Edge's cold start (",[106,244,245],{},"clients2.google.com",[106,247,248],{},"www.googleapis.com",[106,250,251],{},"clients2.googleusercontent.com",") via inherited Chromium code ",[33,254],{"id":87},". So on first launch, Edge contacts both Microsoft and Google.",[184,257],{":datasets":258,":labels":259,"caption":260,"type":189},"[{\"label\":\"Vendor Domains Contacted\",\"data\":[24,15,25,12,10,3,0]},{\"label\":\"Google Domains Contacted\",\"data\":[3,15,1,0,0,9,0]}]","[\"Edge\",\"Chrome\",\"Firefox\",\"Safari\",\"Brave\",\"Vivaldi\",\"Tor\"]","Figure 2. Vendor-owned and Google-owned domains contacted on cold start. Edge and Chrome lead in vendor domains. Vivaldi contacts 9 Google domains via Chromium inheritance.",[12,262,263,264,266,267,269,270,59],{},"Safari was the quietest at 6,888 packets and 5.1MB ",[33,265],{"id":87},", though its Siri Suggestions start page loaded content from around 15 third-party sites generating 38 DNS queries: X (5 domains), Facebook (2), LinkedIn (2), Yahoo (3), BBC, Google, Bing, Weather.com, TripAdvisor, and Yelp among them. Firefox loaded 56 publisher domains via Pocket sponsored content on its new tab ",[33,268],{"id":87}," - a UK-focused selection including BBC, Guardian, Mirror, Independent, Sky, Al Jazeera, Polygon, and YouTube, suggesting geo-targeted content delivery. Brave and Vivaldi loaded no third-party content on their start pages ",[33,271],{"id":87},[12,273,274,275,278,279,282],{},"Tor Browser's 29,943 packets were almost entirely encrypted Tor circuit establishment traffic. Zero DNS queries. Zero vendor domains. The two TLS connections to non-Apple domains were Tor guard nodes using domain fronting with randomised hostnames (",[106,276,277],{},"www.l6juis72lup7e2epp4b6zgry.com",") ",[33,280],{"id":281},"13",". A network observer watching Tor Browser's cold start sees encrypted traffic to IP addresses. Nothing else.",[78,284,286],{"id":285},"default-telemetry-opt-in","Default telemetry opt-in",[12,288,289,290,59],{},"Every browser except Vivaldi and Tor Browser opted users into some form of telemetry by default ",[33,291],{"id":87},[92,293],{":headers":294,":rows":295,":sortable":96,"caption":296},"[\"Browser\",\"Telemetry Default\",\"What It Means\"]","[[\"Chrome\",\"Opted IN\",\"Send usage statistics checked by default\"],[\"Edge\",\"Opted IN\",\"Send diagnostic data checked by default; Copilot offered\"],[\"Firefox\",\"Opted IN\",\"Telemetry enabled by default; Pocket sponsored content active\"],[\"Safari\",\"Opted IN\",\"Siri Suggestions active; iAd SDK contacted\"],[\"Brave\",\"Opted IN (but private)\",\"P3A enabled by default, but uses privacy-preserving STAR protocol\"],[\"Vivaldi\",\"Opted OUT\",\"Crash reports checkbox unchecked by default on first launch\"],[\"Tor Browser\",\"No telemetry\",\"No telemetry options shown; no data collection mechanisms\"]]","Table 2. Default telemetry opt-in state across browsers.",[12,298,299,300,302,303,306,307,310,311,59],{},"Brave deserves a footnote here. Its P3A telemetry is on by default, but the implementation is meaningfully different from Chrome's or Edge's. P3A uses the STAR protocol ",[33,301],{"id":50},", which according to Brave aggregates responses cryptographically so that individual measurements cannot be linked to specific users ",[33,304],{"id":305},"4",". The system collects bucketed histograms, not raw data. Whether \"privacy-preserving telemetry\" is still telemetry is a philosophical question, but the network traffic is verifiably different: aggregated buckets sent to ",[106,308,309],{},"collector.bsg.brave.com",", not per-page pings to ",[106,312,313],{},"content-autofill.googleapis.com",[78,315,317],{"id":316},"safe-browsing-who-checks-the-urls","Safe Browsing: who checks the URLs",[12,319,320],{},"Every browser except Tor checked URLs against a phishing\u002Fmalware database. How they do it varies more than you'd expect.",[92,322],{":headers":323,":rows":324,":sortable":96,"caption":325},"[\"Browser\",\"Safe Browsing Provider\",\"Privacy Implication\"]","[[\"Chrome\",\"Google Safe Browsing (direct)\",\"URLs sent to Google servers\"],[\"Edge\",\"Microsoft SmartScreen (3 domains)\",\"URLs sent to Microsoft via data-edge, nav-edge, telem-edge\"],[\"Firefox\",\"Google Safe Browsing (direct)\",\"URLs sent to Google\"],[\"Safari\",\"Apple Safe Browsing (token.safebrowsing.apple)\",\"URLs checked via Apple, not Google - unique among tested browsers\"],[\"Brave\",\"Brave proxy (safebrowsing.brave.com)\",\"Google Safe Browsing data fetched via Brave proxy, not direct to Google\"],[\"Vivaldi\",\"Google Safe Browsing (direct)\",\"URLs sent to Google (inherited Chromium behaviour)\"],[\"Tor Browser\",\"None visible\",\"All lookups routed through Tor network\"]]","Table 3. Safe Browsing implementations. Safari is the only browser using a non-Google service. Brave proxies through its own servers.",[12,327,328,329,332,333,335,336,339,340,59],{},"Safari is the only browser that doesn't use Google's Safe Browsing service at all, routing lookups through ",[106,330,331],{},"token.safebrowsing.apple"," instead ",[33,334],{"id":87},". Brave uses Google's data but proxies the requests through ",[106,337,338],{},"safebrowsing.brave.com",", preventing Google from seeing the requesting IP. Chrome, Firefox, and Vivaldi all send Safe Browsing requests directly to ",[106,341,342],{},"safebrowsing.googleapis.com",[78,344,346],{"id":345},"idle-what-happens-when-you-walk-away","Idle: what happens when you walk away",[12,348,349],{},"Phase 2 measures background noise. The browser is open, the user isn't touching it.",[184,351],{":datasets":352,":labels":353,"caption":354,"type":189},"[{\"label\":\"Browser-Initiated Packets During 5-Minute Idle\",\"data\":[0,0,253,744,831,1290,1460]}]","[\"Vivaldi\",\"Tor\",\"Brave\",\"Edge\",\"Firefox\",\"Safari\",\"Chrome\"]","Figure 3. Browser-initiated traffic during 5-minute idle phase. Vivaldi and Tor Browser produced zero browser-initiated packets. Chrome was the noisiest. Note: Safari and Chrome figures may include some macOS system traffic that could not be fully separated.",[12,356,357,358,360],{},"Vivaldi produced zero packets. Tor Browser's 1,985 total packets were entirely macOS system traffic (Apple telemetry, location services) with zero from the browser itself ",[33,359],{"id":87},". Both browsers were completely silent when idle.",[12,362,363,364,366,367,369],{},"Brave produced 253 packets, all P3A telemetry beacons to ",[106,365,309],{}," and the STAR randomness server ",[33,368],{"id":305},". Firefox sat at 831, continuing Pocket ad refreshes and OHTTP suggestion relays. Safari hit 1,290 (some macOS system-level traffic mixed in). At the top: Chrome with 1,460 packets, the noisiest idle browser we tested.",[12,371,372,373,376,377,379,380,383,384,387],{},"This is where it gets interesting. Chrome contacted ",[106,374,375],{},"ogads-pa.clients6.google.com"," during idle ",[33,378],{"id":87},". The domain name suggests ad-related infrastructure (the ",[106,381,382],{},"ogads"," prefix and ",[106,385,386],{},"clients6.google.com"," pattern are consistent with Google's advertising services). The browser was sitting open on a blank tab, doing nothing, and it reached out to what appears to be an ad-related server. Chrome was the only browser to do this. It also checked the Chrome Web Store and Google Play Store during idle, unprompted.",[12,389,390,391,394,395,397,398,401,402,405,406,408],{},"Safari contacted ",[106,392,393],{},"iadsdk.apple.com"," during idle - Apple's advertising SDK ",[33,396],{"id":87},". Firefox continued refreshing Pocket ad content via ",[106,399,400],{},"ads.mozilla.org",". Edge produced just 744 packets and contacted only ",[106,403,404],{},"edge-http.microsoft.com"," ",[33,407],{"id":87},", making it surprisingly quiet after its massive cold start.",[78,410,412],{"id":411},"browsing-who-follows-you-around","Browsing: who follows you around",[12,414,415],{},"Phase 3 measured what happens when you actually use the browser. We visited 10 sites. The question: how many additional domains does the browser load beyond what the page itself requests?",[19,417],{"label":418,"value":419,"suffix":420},"ad-tech domains loaded by Edge during a 10-site browsing session - more than any other browser","54","+",[184,422],{":datasets":423,":labels":424,"caption":425,"type":189},"[{\"label\":\"Ad-Tech Domains Loaded During Browsing\",\"data\":[54,47,20,20,5,0,0]}]","[\"Edge\",\"Chrome\",\"Safari\",\"Firefox\",\"Vivaldi\",\"Brave\",\"Tor\"]","Figure 4. Third-party ad-tech and cookie-sync domains loaded during browsing. Edge loaded the most. Brave and Tor loaded zero.",[12,427,428,429,431,432,434,435,438,439,208,441,212,444,129],{},"Edge loaded 54 ad-tech domains during browsing ",[33,430],{"id":87},". Chrome loaded 47. The overlap is striking: 42 of those ad-tech domains appeared in both browsers and in no other browser we tested. Same Chromium engine, same advertising surface. The shared domains include the full programmatic advertising stack: Google DoubleClick, AppNexus, PubMatic, Rubicon\u002FMagnite, Taboola, Amazon Ads, comScore, and dozens of cookie-sync services like BidSwitch, Sharethrough, and LoopMe. On top of the shared 42, Chrome added 15 of its own (including ",[106,433,313],{}," and ",[106,436,437],{},"mail.google.com","), while Edge added 16 (including ",[106,440,219],{},[106,442,443],{},"www.bing.com",[106,445,446],{},"xpaywalletcdn-prod.azureedge.net",[12,448,449,450,452],{},"Chrome has no built-in tracker blocking. Edge has a \"Balanced\" tracking prevention mode enabled by default ",[33,451],{"id":58},", but it only blocks trackers from sites you haven't visited. Trackers embedded in the pages you actually browse still load.",[12,454,455,456,458],{},"The middle of the pack told a more nuanced story. Safari and Firefox each loaded approximately 20 ad-tech domains ",[33,457],{"id":87},". Both have some built-in tracking protection: Safari's Intelligent Tracking Prevention (ITP) limits cross-site cookie access, and Firefox's Enhanced Tracking Protection (ETP) blocks known trackers from the Disconnect list. Despite these features, 20 ad-tech domains still appeared in the capture for each, suggesting their protection focuses on limiting what trackers can do with cookies rather than blocking connections outright.",[12,460,461,462,464,465,434,468,471],{},"Vivaldi's tracker blocker, enabled during setup, let about 5 through ",[33,463],{"id":87},", including ",[106,466,467],{},"graph.facebook.com",[106,469,470],{},"cdn.cxense.com",". Effective, but not watertight.",[12,473,474,475,478,479,59],{},"Then the clean end of the spectrum. Brave blocked everything. Zero ad-tech domains. Shields, enabled by default, prevented connections to every tracker that Chrome and Edge loaded. The only domains visible in Brave's browsing phase were ",[106,476,477],{},"brave.com"," subdomains (the P3A collector, STAR server, and update checker) ",[33,480],{"id":87},[12,482,483],{},"Tor also loaded zero, but through a different mechanism. Rather than blocking trackers, Tor routes all traffic through its network. The trackers may have loaded inside the Tor circuit, but a network observer sees only encrypted traffic to guard nodes. From a network privacy perspective, the result is the same: zero visible tracking.",[12,485,486,487,489,490,492,493,496,497,499,500,503,504,434,507,510,511,59],{},"Chrome's most persistent browser-initiated domain during browsing was ",[106,488,313],{},", queried 42 times across 10 sites ",[33,491],{"id":87},". According to Google, autofill sends form field structure metadata to Google's servers to match saved data to form fields ",[33,494],{"id":495},"9",". Google states the data is obfuscated ",[33,498],{"id":495},", but the connection happens on every page load regardless of whether the page has forms ",[33,501],{"id":502},"16",". Chrome also contacted ",[106,505,506],{},"ep1.adtrafficquality.google",[106,508,509],{},"ep2.adtrafficquality.google"," during browsing - Google's ad traffic quality verification service ",[33,512],{"id":87},[12,514,515,516,518,519,521,522,524,525,527,528,530],{},"Edge was no quieter. ",[106,517,219],{}," was queried 24 times, ",[106,520,207],{}," 15 times, and ",[106,523,443],{}," 15 times ",[33,526],{"id":87},". We weren't using Bing. It also contacted ",[106,529,446],{},", its wallet and payment CDN, without any payment-related user action.",[78,532,534],{"id":533},"the-chromium-inheritance-problem","The Chromium inheritance problem",[12,536,537],{},"Four of the seven browsers tested are built on Chromium: Chrome itself, Edge, Brave, and Vivaldi. How each fork handles inherited Google infrastructure is a useful measure of how much work they've done to de-Google themselves.",[92,539],{":headers":540,":rows":541,":sortable":96,"caption":542},"[\"Browser\",\"Google Domains on Cold Start\",\"Approach\"]","[[\"Chrome\",\"15\",\"Native - all Google infrastructure intact\"],[\"Vivaldi\",\"9\",\"Inherited - Safe Browsing, update infrastructure, Cloud Messaging all contact Google directly\"],[\"Edge\",\"3\",\"Partially replaced - Microsoft services primary, but clients2.google.com and googleapis.com still present\"],[\"Brave\",\"0\",\"Fully replaced - Safe Browsing proxied, update infrastructure replaced, no Google domains contacted\"]]","Table 4. Google domain contact on cold start across Chromium-based browsers.",[12,544,545,546,548,549,552,553,556,557,560],{},"Brave is the only Chromium fork that contacted zero Google domains ",[33,547],{"id":87},". It replaced the update infrastructure, proxied Safe Browsing, and stripped Google Cloud Messaging. Vivaldi, despite having zero telemetry of its own, still contacted 9 Google domains through inherited Chromium code, including ",[106,550,551],{},"mtalk.google.com"," (Google Cloud Messaging) and ",[106,554,555],{},"android.clients.google.com"," (queried 12 times) ",[33,558],{"id":559},"12",". Edge replaced most Google infrastructure with Microsoft equivalents but still contacts three Google domains via inherited Chromium code.",[78,562,564],{"id":563},"the-dns-gap","The DNS gap",[12,566,567,568,571],{},"Blocking a tracker connection is not the same as hiding that you tried to load it. When a page embeds a resource from ",[106,569,570],{},"pagead2.googlesyndication.com",", the browser first resolves the domain via DNS, then opens a TLS connection. A tracker blocker can prevent the connection, but the DNS query has already happened. Your ISP, your corporate network, or your DNS resolver saw the lookup.",[12,573,574],{},"We compared DNS queries against TLS connections during the browsing phase. Any domain that appeared in the DNS capture but not in the TLS handshake was resolved but never connected to - a DNS-only leak.",[184,576],{":datasets":577,":labels":578,"caption":579,"type":189},"[{\"label\":\"DNS-Only Domains (resolved, no connection)\",\"data\":[52,24,23,17,17,17,0]},{\"label\":\"Connected Domains\",\"data\":[76,62,68,147,146,100,0]}]","[\"Safari\",\"Brave\",\"Vivaldi\",\"Chrome\",\"Edge\",\"Firefox\",\"Tor\"]","Figure 5. DNS-only vs connected domains during browsing. Safari had the most DNS-only lookups (52). Brave blocked connections but still leaked 24 domain lookups. Tor had zero DNS leakage because all resolution happens inside the Tor network. Chrome and Edge connected to nearly everything they resolved.",[12,581,582,583,585,586,208,588,212,591,593],{},"Safari tops the list with 52 DNS-only domains during browsing ",[33,584],{"id":87},". ITP prevented cookies from being shared across those connections, but the DNS queries still went out. Domains like ",[106,587,570],{},[106,589,590],{},"securepubads.g.doubleclick.net",[106,592,223],{}," all appeared in Safari's DNS capture without corresponding TLS connections. Your network observer knows which ad networks the pages you visited tried to load.",[12,595,596],{},"Brave and Vivaldi showed a similar pattern: 24 and 23 DNS-only domains respectively. Brave Shields blocked the connections, but the DNS prefetch had already fired. Chrome and Edge had 17 each, though this is less meaningful for them since they connected to most domains anyway.",[12,598,599,600,208,602,604],{},"Firefox also logged 17 DNS-only domains. Its ETP blocks known trackers from the Disconnect list, but several analytics domains (",[106,601,470],{},[106,603,570],{},") still got DNS lookups without connections.",[12,606,607],{},"Tor Browser is the only browser that avoids this entirely. All DNS resolution happens inside the Tor network. A network observer sees zero domain queries - not for visited sites, not for trackers, not for anything. The DNS gap doesn't exist when there's no local DNS.",[25,609,611],{"id":610},"discussion","Discussion",[78,613,615],{"id":614},"the-privacy-spectrum","The privacy spectrum",[12,617,618],{},"The data produces a clear ranking, but the gaps between browsers are more interesting than the order.",[184,620],{":datasets":621,":labels":622,"caption":623,"type":624},"[{\"label\":\"Tor Browser\",\"data\":[8,10,10,10,10]},{\"label\":\"Brave\",\"data\":[6,9,10,10,10]},{\"label\":\"Vivaldi\",\"data\":[6,10,8,10,3]},{\"label\":\"Safari\",\"data\":[10,7,4,8,10]},{\"label\":\"Firefox\",\"data\":[8,7,4,5,9]},{\"label\":\"Chrome\",\"data\":[3,5,1,3,1]},{\"label\":\"Edge\",\"data\":[1,7,1,2,8]}]","[\"Cold Start Quietness\",\"Idle Quietness\",\"Tracker Blocking\",\"Vendor Domain Count (inverted)\",\"Google Independence\"]","Figure 6. Multi-dimensional privacy comparison. Scores are editorial assessments normalised 1-10 based on the quantitative data above, where 10 is best for privacy. Tor and Brave lead across most dimensions. Edge and Chrome trail.","radar",[626,627,631],"tier-card",{":stats":628,"name":629,"tier":630},"[\"0 DNS queries\",\"0 vendor domains\",\"113,197 browsing packets\"]","Tor Browser","S",[12,632,633,634,636],{},"In a category of its own, as Brave was in Leith's 2020 study ",[33,635],{"id":35},". Zero DNS queries, zero vendor telemetry, zero visible browsing traffic. The trade-off is real. Tor adds latency to every request, and the browsing phase produced the highest packet count because all content funnels through circuit relays. This is a privacy tool, not an everyday browser for most people.",[626,638,641],{":stats":639,"name":640,"tier":630},"[\"0 Google domains\",\"0 ad-tech domains\",\"37,026 cold start packets\"]","Brave",[12,642,643,644,646],{},"Credit where it's due. Brave sends telemetry, but the P3A\u002FSTAR system is architecturally different from traditional analytics ",[33,645],{"id":305},". Zero Google domains. All trackers blocked. The 37,026 cold start packets look high, but most of that is component downloads (ad-block filter lists, HTTPS rules). The traffic that makes the blocking work.",[626,648,652],{":stats":649,"name":650,"tier":651},"[\"0 own telemetry\",\"0 idle packets\",\"9 Google domains via Chromium\"]","Vivaldi","A",[12,653,654,655,657],{},"A paradox. Vivaldi sends zero telemetry of its own, generates zero idle traffic, and leaves crash reports unchecked by default. But it still contacted 9 Google domains on cold start via inherited Chromium code ",[33,656],{"id":87},". The work to remove its own tracking is done. The work to excise Google's isn't. And the tracker blocker, while functional, isn't as aggressive as Brave Shields.",[626,659,663],{":stats":660,"name":661,"tier":662},"[\"6,888 cold start\",\"87,554 browsing\",\"20 ad-tech domains\"]","Safari","B",[12,664,665,666,405,668,671,672,674,675,677],{},"Safari's own Safe Browsing is a privacy-positive alternative to Google's, iCloud Private Relay ",[33,667],{"id":54},[33,669],{"id":670},"15"," is a genuine feature, and Intelligent Tracking Prevention limits cross-site cookie tracking by default. But there's a contradiction hiding in Safari's numbers. It had the quietest cold start of any browser (6,888 packets), then produced 87,554 during browsing - more than Chrome (68,081) or Edge (69,672) ",[33,673],{"id":87},". ITP restricts what trackers can do with cookies, not whether they connect, and 20 ad-tech domains still appeared. Add ",[106,676,393],{}," during idle, and the picture is more complicated than \"Apple = privacy.\"",[626,679,682],{":stats":680,"name":681,"tier":662},"[\"25 Mozilla domains\",\"56 Pocket publisher domains\",\"ads.mozilla.org on launch\"]","Firefox",[12,683,684,685,687,688,59],{},"25 Mozilla domains on cold start. Pocket loaded content from 56 publisher domains on the new tab page. ",[106,686,400],{}," was contacted on launch. The OHTTP relay system for suggestions is a genuinely good architectural choice, but Mozilla's own telemetry footprint is larger than you'd guess from a browser that markets itself on privacy ",[33,689],{"id":690},"17",[626,692,696],{":stats":693,"name":694,"tier":695},"[\"42 autofill queries\",\"47 ad-tech domains\",\"idle ad infrastructure\"]","Chrome","D",[12,697,698,699,702],{},"Chrome's 42 autofill queries, idle ad infrastructure contact, and 47 ad-tech domains during browsing are consistent with a browser that ships no built-in tracker blocking by default ",[33,700],{"id":701},"18",". No surprises here. Without built-in blocking, every tracker connection the page requests goes through.",[626,704,707],{":stats":705,"name":706,"tier":695},"[\"160,588 cold start\",\"54 ad-tech domains\",\"216x idle drop-off\"]","Edge",[12,708,709,710,712,713,405,716,718],{},"Edge does everything Chrome does and more: three telemetry pipelines, 160,588 cold start packets, 54 ad-tech domains, and comScore on the new tab page. One ratio puts it in perspective: Edge's cold-start-to-idle drop-off is 216x (160,588 to 744). Chrome's is 42x. Safari's is 5x. That cold start is a 533-packet-per-second burst ",[33,711],{"id":87},". The 2020 finding that Edge had the most extensive telemetry of any browser tested ",[33,714],{"id":715},"8",[33,717],{"id":39}," still holds six years later in our data.",[78,720,722],{"id":721},"what-changed-since-2020","What changed since 2020",[12,724,725,726,728,729,59],{},"Leith's 2020 study ranked browsers in three tiers ",[33,727],{"id":35},". Brave alone occupied the top tier. Chrome, Firefox, and Safari fell in the middle group, with varying degrees of telemetry. Edge and Yandex were the worst, transmitting persistent hardware-linked identifiers ",[33,730],{"id":39},[12,732,733,734,59],{},"Our 2026 data suggests the ranking has shifted. Brave has maintained its position and arguably improved it with the STAR protocol. Vivaldi, not in the 2020 study, slots in behind Brave as a low-telemetry Chromium option with an incomplete de-Googling. Safari has gained Private Relay but still loads trackers. Firefox remains talkative. Chrome remains Chrome. Edge remains the noisiest browser tested, in both our data and Leith's 2020 study. A 2024 academic study by Radivojevic et al. independently reached a similar conclusion, testing 14 browsers and placing Brave, LibreWolf, and Tor in the highest privacy tier, with Chrome and Edge in the lowest ",[33,735],{"id":736},"19",[12,738,739,740,742,743,59],{},"The sizeof(cat) 2025 connection count data ",[33,741],{"id":65}," aligns with our packet-level findings. Their Edge count of 48 startup connections maps to our observation of the largest cold start traffic of any browser ",[33,744],{"id":65},[78,746,748],{"id":747},"limitations","Limitations",[12,750,751,754],{},[146,752,753],{},"Platform inconsistency",": Three browsers were tested in Linux VMs, four on native macOS. The native macOS captures include operating system traffic (OCSP, iCloud, NTP) that's absent from the VM captures. We identified and noted these, but some contamination is possible. The ideal setup would test all browsers on the same platform, which ARM64 browser availability prevented.",[12,756,757,760],{},[146,758,759],{},"Single run",": Each browser was tested once. Network conditions, CDN routing, and server-side A\u002FB tests could affect results. A repeat test might produce slightly different numbers, though the domain lists and relative rankings would likely hold.",[12,762,763,766,767,769,770,772],{},[146,764,765],{},"No payload inspection",": We captured packet metadata (DNS queries, TLS SNI, packet counts) but did not decrypt HTTPS payloads for this study. We know Chrome contacted ",[106,768,313],{}," 42 times, but we did not inspect what was in those requests beyond what Google's documentation describes ",[33,771],{"id":495},". Future work with mitmproxy could reveal payload contents where certificate pinning allows.",[12,774,775,778,779,434,782,785,786,789],{},[146,776,777],{},"Browsing automation",": The ",[106,780,781],{},"open -a",[106,783,784],{},"osascript"," automation for native macOS browsers opened URLs in new tabs rather than navigating in the same tab. For VM browsers, ",[106,787,788],{},"xdotool"," typed URLs into the address bar. Both approaches are valid but produce slightly different browser behaviour (tab count, memory usage).",[12,791,792,795],{},[146,793,794],{},"Default settings only",": Every browser was tested with its out-of-the-box defaults. We did not disable telemetry, change privacy settings, or install extensions. Whether opting out actually stops the traffic is a separate question.",[12,797,798,801],{},[146,799,800],{},"Start page variability",": Safari and Firefox load content from third-party sites on their start pages (Siri Suggestions and Pocket respectively). The specific sites loaded may vary by region, time of day, and user. Our captures reflect what loaded in the UK on 23 April 2026.",[25,803,805],{"id":804},"what-you-can-do","What you can do",[12,807,808,809,813],{},"Chrome with default settings contacts dozens of vendor domains, loads ad infrastructure during idle, and has no built-in tracker blocking. Edge contacts even more vendor domains and, while its Balanced tracking prevention blocks some third-party trackers, still loaded 54 ad-tech domains in our test. Switching to ",[810,811,640],"a",{"href":812},"\u002Fcompare\u002Fbrowsers"," eliminates most of this. Switching to Tor Browser eliminates all of it, at the cost of speed.",[12,815,816],{},"For those who can't switch browsers, the minimum steps are: disable telemetry and crash reporting in settings, install a tracker blocker extension (uBlock Origin where supported), and turn off autofill if you don't use it. These won't achieve what Brave or Tor do architecturally, but they reduce the surface area.",[12,818,819,820,824,825,828],{},"For a broader assessment of your browser's privacy posture, try our ",[810,821,823],{"href":822},"\u002Ftools\u002Fprivacy-checkup","Privacy Checkup"," tool, or see our full ",[810,826,827],{"href":812},"browser comparison"," for detailed grades across all major browsers.",{"title":23,"searchDepth":830,"depth":830,"links":831},2,[832,833,840,849,854],{"id":27,"depth":830,"text":28},{"id":75,"depth":830,"text":76,"children":834},[835,837,838,839],{"id":80,"depth":836,"text":81},3,{"id":100,"depth":836,"text":101},{"id":135,"depth":836,"text":136},{"id":164,"depth":836,"text":165},{"id":174,"depth":830,"text":175,"children":841},[842,843,844,845,846,847,848],{"id":178,"depth":836,"text":179},{"id":285,"depth":836,"text":286},{"id":316,"depth":836,"text":317},{"id":345,"depth":836,"text":346},{"id":411,"depth":836,"text":412},{"id":533,"depth":836,"text":534},{"id":563,"depth":836,"text":564},{"id":610,"depth":830,"text":611,"children":850},[851,852,853],{"id":614,"depth":836,"text":615},{"id":721,"depth":836,"text":722},{"id":747,"depth":836,"text":748},{"id":804,"depth":830,"text":805},"Data Study",[857],{"date":858,"description":859},"2026-04-24","Initial publication. Methodology: packet capture (tcpdump) and TLS\u002FDNS extraction (tshark) on 7 browsers across three phases (cold start, idle, browsing), fresh profiles, April 2026.","We captured every packet 7 browsers sent on fresh installs. Edge: 160,588 packets. Tor: zero DNS queries. Brave: zero trackers. Full data.","md","\u002Fimages\u002Fresearch\u002Fbrowser-telemetry-audit.jpg",[864,868,871,875,878],{"text":865,"sourceIds":866},"Edge generated 160,588 packets on first launch, nearly three times Chrome's 61,590. Its cold start capture was 192MB.",[867],1,{"text":869,"sourceIds":870},"Tor Browser produced zero DNS queries across all three test phases. Every packet was routed through the Tor network, invisible to a network observer.",[867],{"text":872,"sourceIds":873},"Chrome's autofill service contacted content-autofill.googleapis.com 42 times during a 10-site browsing session, averaging over 4 queries per page.",[867,874],9,{"text":876,"sourceIds":877},"Edge loaded 54 ad-tech and cookie-sync domains during browsing, more than Chrome's 47. Neither browser's default settings prevented these connections.",[867],{"text":879,"sourceIds":880},"Brave blocked every third-party tracker during browsing. Vivaldi and Tor Browser also produced zero browser-initiated idle traffic.",[867],{},true,"\u002Fresearch\u002Fbrowser-telemetry-audit",12,{"title":5,"description":860},[887,891,894,897,901,905,909,913,917,920,924,928,931,935,939,943,947,951],{"id":867,"title":888,"url":889,"accessDate":890},"The Threat Model Browser Telemetry Lab - Extracted Data (DNS queries, TLS SNI, per-browser summaries)","\u002Fdata\u002Fresearch\u002Fbrowser-telemetry-audit.zip","2026-04-23",{"id":830,"title":892,"url":893,"accessDate":890},"Leith, D.J. 'Web Browser Privacy: What Do Browsers Say When They Phone Home?' - Trinity College Dublin (2020)","https:\u002F\u002Fwww.scss.tcd.ie\u002FDoug.Leith\u002Fpubs\u002Fbrowser_privacy.pdf",{"id":836,"title":895,"url":896,"accessDate":890},"sizeof(cat): Web Browser Telemetry - 2025 Edition (original site offline; summary via Privacy Guides Community)","https:\u002F\u002Fdiscuss.privacyguides.net\u002Ft\u002Fbrowser-connected-domains-telemetry-test-2025-by-sizeofcat\u002F26866",{"id":898,"title":899,"url":900,"accessDate":890},4,"Brave: Privacy-Preserving Product Analytics (P3A)","https:\u002F\u002Fbrave.com\u002Fblog\u002Fprivacy-preserving-product-analytics-p3a\u002F",{"id":902,"title":903,"url":904,"accessDate":890},5,"Brave: STAR - Privacy-Preserving Data Collection","https:\u002F\u002Fbrave.com\u002Fprivacy-updates\u002F19-star\u002F",{"id":906,"title":907,"url":908,"accessDate":890},6,"Apple: About iCloud Private Relay","https:\u002F\u002Fsupport.apple.com\u002Fen-us\u002F102602",{"id":910,"title":911,"url":912,"accessDate":890},7,"Microsoft Learn: User Data and Privacy in Microsoft Edge (Privacy Whitepaper)","https:\u002F\u002Flearn.microsoft.com\u002Fen-us\u002Fmicrosoft-edge\u002Fprivacy-whitepaper",{"id":914,"title":915,"url":916,"accessDate":890},8,"BleepingComputer: Research Finds Microsoft Edge Has Privacy-Invading Telemetry (2020)","https:\u002F\u002Fwww.bleepingcomputer.com\u002Fnews\u002Fmicrosoft\u002Fresearch-finds-microsoft-edge-has-privacy-invading-telemetry\u002F",{"id":874,"title":918,"url":919,"accessDate":890},"Google Chrome Help: How Chrome Protects Your Autofill and Password Data","https:\u002F\u002Fsupport.google.com\u002Fchrome\u002Fanswer\u002F14271924?hl=en",{"id":921,"title":922,"url":923,"accessDate":890},10,"Google: Next Steps for Privacy Sandbox and Tracking Protections in Chrome (April 2025)","https:\u002F\u002Fprivacysandbox.google.com\u002Fblog\u002Fprivacy-sandbox-next-steps",{"id":925,"title":926,"url":927,"accessDate":890},11,"CPO Magazine: Brave Ranked Most Private Browser, Edge and Yandex Least Private (2020)","https:\u002F\u002Fwww.cpomagazine.com\u002Fdata-privacy\u002Fbrave-ranked-the-most-private-browser-while-microsoft-edge-and-yandex-the-least-private-due-to-privacy-invading-telemetry\u002F",{"id":884,"title":929,"url":930,"accessDate":890},"Vivaldi Browser: Privacy Policy","https:\u002F\u002Fvivaldi.com\u002Fprivacy\u002Fbrowser\u002F",{"id":932,"title":933,"url":934,"accessDate":890},13,"Tor Project: Tor Browser Design Document","https:\u002F\u002Fspec.torproject.org\u002Ftorbrowser-design",{"id":936,"title":937,"url":938,"accessDate":890},15,"Apple: iCloud Private Relay Security Overview (December 2021)","https:\u002F\u002Fwww.apple.com\u002Ficloud\u002Fdocs\u002FiCloud_Private_Relay_Overview_Dec2021.pdf",{"id":940,"title":941,"url":942,"accessDate":890},16,"Stoutner Redmine: Bug #723 - Connects to content-autofill.googleapis.com When Tapping on an Input Field","https:\u002F\u002Fredmine.stoutner.com\u002Fissues\u002F723",{"id":944,"title":945,"url":946,"accessDate":890},17,"Mozilla Wiki: Telemetry Data Collection Policy","https:\u002F\u002Fwiki.mozilla.org\u002FTelemetry",{"id":948,"title":949,"url":950,"accessDate":890},18,"PCWorld: Chrome Tracks More Than You Realize - Here's How to Take Back Your Privacy (2025)","https:\u002F\u002Fwww.pcworld.com\u002Farticle\u002F2941324\u002Fchrome-tracks-more-than-you-realize-heres-how-to-take-back-your-privacy.html",{"id":952,"title":953,"url":954,"accessDate":890},19,"Radivojevic et al. 'Defending Novice User Privacy: An Evaluation of Default Web Browser Configurations' - Computers & Security, Vol 140 (2024)","https:\u002F\u002Fwww.sciencedirect.com\u002Fscience\u002Farticle\u002Fabs\u002Fpii\u002FS0167404824000853","research\u002Fbrowser-telemetry-audit","A packet-level network audit of Chrome, Edge, Firefox, Safari, Brave, Vivaldi, and Tor Browser on fresh install","xWvZBcSWeSts20lXt4nc6siZ1mjVPQWKWUgMhpJ8AWY",[959,1513,1877],{"id":960,"title":961,"author":6,"body":962,"category":1504,"date":1505,"description":1506,"extension":861,"image":1507,"meta":1508,"navigation":882,"path":1509,"readTime":910,"seo":1510,"stem":1511,"__hash__":1512},"guides\u002Fguides\u002Fstop-smart-tv-spying.md","How to Stop Your Smart TV From Spying on You",{"type":9,"value":963,"toc":1492},[964,968,971,974,977,981,991,994,997,1001,1004,1018,1033,1042,1045,1049,1056,1086,1099,1110,1114,1121,1145,1152,1155,1159,1162,1182,1192,1227,1249,1263,1267,1270,1335,1338,1342,1345,1361,1368,1371,1375,1378,1388,1392],[25,965,967],{"id":966},"the-problem","The Problem",[12,969,970],{},"You bought a television. The television also bought you, then bundled, profiled and resold you to advertisers without you noticing. The mechanism is called Automatic Content Recognition. Every major TV maker enables it by default through setup-time consent prompts that bundle it with other services.",[12,972,973],{},"The good news: the toggle to switch it off has existed for years. The bad news: it is buried four menus deep, named something innocuous, and on some firmware it switches itself back on after an update.",[12,975,976],{},"This guide covers what ACR actually does, why two American states have just intervened, and the exact menu path on every major brand.",[25,978,980],{"id":979},"what-acr-actually-does","What ACR Actually Does",[12,982,983,984,990],{},"Your smart TV takes a screenshot of whatever is on screen, roughly every 500 milliseconds. The Texas Attorney General's ",[810,985,989],{"href":986,"rel":987},"https:\u002F\u002Fwww.texasattorneygeneral.gov\u002Fnews\u002Freleases\u002Fattorney-general-paxton-secures-major-agreement-samsung-ensure-texans-are-protected-smart-tvs",[988],"nofollow","December 2025 complaint against Samsung"," describes precisely this cadence; independent academic work has documented similar or higher rates on other brands. The TV fingerprints the frame, compares it against a database, and identifies what you are watching. It does this regardless of source: cable box, games console, streaming app, USB stick, your laptop plugged into HDMI. Anything you put on the screen.",[12,992,993],{},"The viewing log is then tied to your TV's identifier and your IP address, packaged into a profile, and licensed to advertising networks and data brokers. Some manufacturers also use it to overlay \"more like this\" recommendations and ads. The largest ACR aggregators in the supply chain are Inscape (a Vizio subsidiary), Samba TV, and Nielsen, which according to industry disclosures ingest data from tens of millions of consumer TVs between them.",[12,995,996],{},"You consented to this. The consent screen appeared during initial setup, between two other prompts about Wi-Fi and account creation, and was titled something like \"Viewing Information Services\" or \"Live Plus\" or \"Smart TV Experience\". Most people accept the lot.",[25,998,1000],{"id":999},"why-this-matters-in-2026","Why This Matters in 2026",[12,1002,1003],{},"Two things changed this spring.",[12,1005,1006,1007,1011,1012,1017],{},"In February 2026, Samsung settled with the Texas Attorney General over its ACR practices. The ",[810,1008,1010],{"href":986,"rel":1009},[988],"Texas AG's announcement"," states the agreement requires Samsung to obtain Texas residents' \"express consent\" before collecting ACR viewing data, and to update its smart TVs with \"clear and conspicuous\" disclosure and consent screens. According to ",[810,1013,1016],{"href":1014,"rel":1015},"https:\u002F\u002Fwww.malwarebytes.com\u002Fblog\u002Fnews\u002F2026\u002F03\u002Fsamsung-tvs-stop-spying-on-viewers-in-texas-heres-how-to-disable-acr-anywhere",[988],"Malwarebytes' coverage of the settlement",", Sony, LG, Hisense and TCL are still being sued by the same office.",[12,1019,1020,1021,1026,1027,1032],{},"In March 2026, the Kentucky House passed ",[810,1022,1025],{"href":1023,"rel":1024},"https:\u002F\u002Fapps.legislature.ky.gov\u002Frecord\u002F26rs\u002Fhb692.html",[988],"HB 692"," unanimously (92-0); the Senate followed (38-0), and the bill was signed into law on 13 April 2026. According to ",[810,1028,1031],{"href":1029,"rel":1030},"https:\u002F\u002Fwww.hunton.com\u002Fprivacy-and-cybersecurity-law-blog\u002Fkentucky-classifies-smart-tv-data-as-sensitive",[988],"Hunton Andrews Kurth's analysis",", the bill amends the Kentucky Consumer Data Protection Act to add ACR data to the definition of \"sensitive data\" and prohibits controllers from collecting it without consumer consent. The effective date is 1 July 2027. Hunton describes it as the first US state law to specifically target smart-TV surveillance.",[12,1034,1035,1036,1041],{},"This is not new conduct. In 2017, Vizio paid the FTC and the New Jersey Attorney General ",[810,1037,1040],{"href":1038,"rel":1039},"https:\u002F\u002Fwww.ftc.gov\u002Fnews-events\u002Fnews\u002Fpress-releases\u002F2017\u002F02\u002Fvizio-pay-22-million-ftc-state-new-jersey-settle-charges-it-collected-viewing-histories-11-million",[988],"$2.2 million"," for collecting viewing histories from 11 million televisions without consent. The FTC complaint described tracking on a second-by-second basis and the sale of viewing profiles to advertisers. The settlement also required Vizio to delete the data it had already gathered.",[12,1043,1044],{},"Eight years on, the practice is industry-standard. Two states have started pushing back. The remaining 48 have not. These are US actions, but the firmware they target ships worldwide; the toggles below work on your TV regardless of where you bought it.",[25,1046,1048],{"id":1047},"disable-on-samsung","Disable on Samsung",[12,1050,1051,1052,1055],{},"Samsung's ACR toggle is called ",[146,1053,1054],{},"Viewing Information Services",". On 2020 and newer Tizen models:",[1057,1058,1059,1067,1080],"ol",{},[1060,1061,1062,1063,1066],"li",{},"Press ",[146,1064,1065],{},"Home"," on the remote",[1060,1068,1069,1070,1073,1074,1073,1077],{},"Settings → All Settings → ",[146,1071,1072],{},"General & Privacy"," → ",[146,1075,1076],{},"Terms & Privacy",[146,1078,1079],{},"Privacy Choices",[1060,1081,1082,1083,1085],{},"Switch ",[146,1084,1054],{}," off",[12,1087,1088,1089,1094,1095,1098],{},"Per ",[810,1090,1093],{"href":1091,"rel":1092},"https:\u002F\u002Fwww.consumerreports.org\u002Felectronics\u002Fprivacy\u002Fhow-to-turn-off-smart-tv-snooping-features-a4840102036\u002F",[988],"Consumer Reports",", older sets may locate the toggle under Settings → Support → Terms & Policy. On models from before 2018 the same feature was called ",[146,1096,1097],{},"SyncPlus","; the toggle is still there, just under the older name.",[12,1100,1101,1102,1105,1106,1109],{},"While you are in that menu, also switch off ",[146,1103,1104],{},"Interest-Based Advertising",", and switch off ",[146,1107,1108],{},"Voice Recognition Services"," if you do not use Bixby. The Texas settlement specifically targeted the consent screens, so if you set up your TV after February 2026 and you live in Texas, you may already see a redesigned prompt. Outside Texas, the defaults are unchanged.",[25,1111,1113],{"id":1112},"disable-on-lg","Disable on LG",[12,1115,1116,1117,1120],{},"LG's ACR feature is called ",[146,1118,1119],{},"Live Plus",". On current webOS:",[1057,1122,1123,1128,1140],{},[1060,1124,1062,1125,1066],{},[146,1126,1127],{},"Settings",[1060,1129,1130,1131,1073,1134,1073,1137],{},"All Settings → ",[146,1132,1133],{},"General",[146,1135,1136],{},"System",[146,1138,1139],{},"Additional Settings",[1060,1141,1142,1143,1085],{},"Toggle ",[146,1144,1119],{},[12,1146,1147,1148,1151],{},"Where Live Plus is missing from that menu (older webOS), look under Settings → All Settings → Support → Privacy & Terms → User Agreements, and uncheck the ",[146,1149,1150],{},"Viewing Information"," entry.",[12,1153,1154],{},"Users have reported Live Plus reactivating after some firmware updates. Worth re-checking after every system update.",[25,1156,1158],{"id":1157},"disable-on-roku-sony-vizio-hisense","Disable on Roku, Sony, Vizio, Hisense",[12,1160,1161],{},"Each has its own settings tree but the principle is identical: find the named toggle and switch it off.",[12,1163,1164,1167,1168,1171,1172,1175,1176,1181],{},[146,1165,1166],{},"Roku."," Settings → Privacy → ",[146,1169,1170],{},"Smart TV Experience"," → uncheck ",[146,1173,1174],{},"Use Info from TV Inputs",". ",[810,1177,1180],{"href":1178,"rel":1179},"https:\u002F\u002Fdocs.roku.com\u002Fpublished\u002Facrservicepolicy\u002Fen\u002FCA",[988],"Roku's own ACR service policy"," states that disabling this stops new collection but does not delete data already gathered, which Roku says it may continue to share with third parties. If you want it gone, follow the opt-out with a data deletion request via Roku's privacy portal.",[12,1183,1184,1187,1188,1191],{},[146,1185,1186],{},"Sony Bravia (Google TV)."," Sony licenses Samba TV for ACR. Settings → All Settings → ",[146,1189,1190],{},"Samba Interactive TV"," → off. On older Bravias running pre-Google-TV firmware, look under Settings → Initial Setup or Settings → System Settings → Samba Interactive TV.",[12,1193,1194,1197,1198,1201,1202,1207,1208,1211,1212,1215,1216,1218,1219,1222,1223,1226],{},[146,1195,1196],{},"Vizio."," Vizio calls it ",[146,1199,1200],{},"Viewing Data",". Per ",[810,1203,1206],{"href":1204,"rel":1205},"https:\u002F\u002Fsupport.vizio.com\u002Fs\u002Farticle\u002FSmart-Interactivity-Broadcast-Interactivity-FAQ-How-to-turn-Smart-Interactivity-Broadcast-Interactivity-on-or-off?language=en_US",[988],"Vizio's official support page",": press ",[146,1209,1210],{},"Menu"," on the remote, then System → ",[146,1213,1214],{},"Reset & Admin"," → highlight ",[146,1217,1200],{}," → press the right arrow to set it ",[146,1220,1221],{},"Off",". This does not disable ",[146,1224,1225],{},"Activity Data",", which Vizio collects from app interactions on its SmartCast platform. Vizio's terms state that declining Activity Data prevents SmartCast streaming, so users who want to avoid that collection in full may need to use the TV without SmartCast or choose a non-SmartCast model.",[12,1228,1229,1232,1233,1236,1237,434,1239,1242,1243,1248],{},[146,1230,1231],{},"Hisense (VIDAA)."," Settings → System → ",[146,1234,1235],{},"Advanced System Settings"," → Privacy → switch off ",[146,1238,1200],{},[146,1240,1241],{},"Ad Tracking",". Hisense's own ",[810,1244,1247],{"href":1245,"rel":1246},"https:\u002F\u002Fwww.hisense-usa.com\u002Fcompliance\u002Fenhanced-viewing-service-privacy-notice-(effective-date:-march-01,-2025)",[988],"Enhanced Viewing Service privacy notice"," describes what is collected. Hisense models running Roku TV or Google TV firmware use those operating systems' privacy menus instead.",[12,1250,1251,1252,208,1254,208,1256,208,1258,208,1260,1262],{},"If your menu does not match any of these, search for the named feature, ",[146,1253,1054],{},[146,1255,1119],{},[146,1257,1170],{},[146,1259,1190],{},[146,1261,1200],{},", rather than memorising a path. Manufacturers reorganise the menus across firmware versions.",[25,1264,1266],{"id":1265},"what-this-wont-fix","What This Won't Fix",[12,1268,1269],{},"ACR is the most invasive single feature, but it is not the only one. After switching it off, the following still happens:",[1271,1272,1273,1291,1309,1320],"ul",{},[1060,1274,1275,1278,1279,1284,1285,1290],{},[146,1276,1277],{},"Streaming apps still log everything."," Each major streaming platform collects its own viewing history per its published privacy policy. ",[810,1280,1283],{"href":1281,"rel":1282},"https:\u002F\u002Fhelp.netflix.com\u002Fen\u002Fnode\u002F100624",[988],"Netflix's data-disclosure help page"," says Netflix retains \"a history of your viewing activity\"; ",[810,1286,1289],{"href":1287,"rel":1288},"https:\u002F\u002Fprivacy.thewaltdisneycompany.com\u002Fen\u002Fcurrent-privacy-policy\u002F",[988],"Disney's privacy policy"," lists \"the content you view\" among the activity information collected; YouTube and Prime Video make similar disclosures in their respective policies. That data is governed by each app's privacy settings, not the TV's.",[1060,1292,1293,1296,1297,1302,1303,1308],{},[146,1294,1295],{},"Voice remotes still listen."," Per ",[810,1298,1301],{"href":1299,"rel":1300},"https:\u002F\u002Fwww.tomsguide.com\u002Ftvs\u002Fyes-your-tv-probably-has-a-microphone-in-it-heres-how-to-turn-it-off",[988],"Tom's Guide's overview of smart-TV microphones",", a remote with a microphone for voice search sends audio to the manufacturer (or to Google or Amazon, depending on the platform). The risk is not theoretical: in 2023, the ",[810,1304,1307],{"href":1305,"rel":1306},"https:\u002F\u002Fwww.ftc.gov\u002Fnews-events\u002Fnews\u002Fpress-releases\u002F2023\u002F05\u002Fftc-doj-charge-amazon-violating-childrens-privacy-law-keeping-kids-alexa-voice-recordings-forever",[988],"FTC fined Amazon $25 million"," for retaining children's Alexa voice recordings indefinitely after parents requested deletion. Each TV manufacturer has a separate setting for voice data; check the same privacy menu where you found the ACR toggle.",[1060,1310,1311,1314,1315,1319],{},[146,1312,1313],{},"HDMI fingerprinting may continue on some firmware."," The ",[810,1316,1318],{"href":1038,"rel":1317},[988],"original FTC complaint against Vizio"," described tracking that ran regardless of input source. There is no consumer-facing setting that reliably catches this; it requires either a firmware update from the manufacturer or network-level blocking.",[1060,1321,1322,1325,1326,434,1330,1334],{},[146,1323,1324],{},"Smart-speaker microphones in the same room"," are a separate problem. They are not part of the TV but they share your living room. See our ",[810,1327,1329],{"href":1328},"\u002Fguides\u002Fstop-google-tracking-you","Google tracking guide",[810,1331,1333],{"href":1332},"\u002Fguides\u002Fdelete-your-digital-footprint","digital footprint guide"," for adjacent steps.",[12,1336,1337],{},"The TV setting is the easy 80 percent. The remaining 20 percent is platform-by-platform.",[25,1339,1341],{"id":1340},"network-level-blocking-advanced","Network-Level Blocking (Advanced)",[12,1343,1344],{},"If you want a single switch that catches what the on-TV toggle misses, including telemetry that ignores the toggle on misbehaving firmware, block the telemetry endpoints at the network level.",[12,1346,1347,1348,1351,1352,1355,1356,59],{},"The simplest option is to point your home router or your TV at a DNS resolver that filters smart-TV beacons. ",[146,1349,1350],{},"NextDNS"," has a free tier and can apply a community blocklist with one toggle. ",[146,1353,1354],{},"Pi-hole"," is a self-hosted alternative that runs on a Raspberry Pi or any always-on Linux box, with the same blocklist available as an upstream feed from ",[810,1357,1360],{"href":1358,"rel":1359},"https:\u002F\u002Fgithub.com\u002FPerflyst\u002FPiHoleBlocklist",[988],"Perflyst's PiHoleBlocklist repository on GitHub",[12,1362,1363,1364,1367],{},"The trade-off is real. Blocking telemetry endpoints can break legitimate features. Pi-hole community reports describe Samsung apps and Samsung TV Plus failing when the broader ",[106,1365,1366],{},"samsungcloudsolution.net"," family is blocked, and similar interference has been reported for LG firmware updates and Roku channels. The blocklist's documentation lists which entries to whitelist if you hit these problems.",[12,1369,1370],{},"Short of disconnecting the TV from the internet entirely, this is the most reliable approach against firmware that ignores the on-screen toggle, and against a manufacturer silently re-enabling ACR in a future update.",[25,1372,1374],{"id":1373},"where-to-go-from-here","Where to Go From Here",[12,1376,1377],{},"The on-TV toggle is enough for most people. Five minutes per device, and the most invasive single feature is off. The Texas and Kentucky actions mean the consent prompts in front of you should keep getting clearer over the next year or two; until then the burden is on you to find the toggle.",[12,1379,1380,1381,1384,1385,1387],{},"For a quick scan of what else on your devices is leaking, run our ",[810,1382,1383],{"href":822},"privacy checkup tool",". If you are ready to go further, our ",[810,1386,1329],{"href":1328}," covers the second-largest data pipeline in most households.",[25,1389,1391],{"id":1390},"sources","Sources",[1057,1393,1394,1401,1408,1415,1422,1429,1436,1443,1450,1457,1464,1471,1478,1485],{},[1060,1395,1396,1400],{},[810,1397,1399],{"href":986,"rel":1398},[988],"Texas Attorney General: Paxton Secures Major Agreement with Samsung"," - primary source for the February 2026 Samsung settlement, including the 500ms screenshot allegation and \"express consent\" \u002F \"clear and conspicuous\" language",[1060,1402,1403,1407],{},[810,1404,1406],{"href":1014,"rel":1405},[988],"Malwarebytes: Samsung TVs stop spying on viewers in Texas"," - secondary coverage of the settlement and per-brand disable paths",[1060,1409,1410,1414],{},[810,1411,1413],{"href":1023,"rel":1412},[988],"Kentucky HB 692 (2026 Regular Session)"," - bill page and full text",[1060,1416,1417,1421],{},[810,1418,1420],{"href":1029,"rel":1419},[988],"Hunton Andrews Kurth: Kentucky Classifies Smart TV Data as Sensitive"," - legal analysis of the enacted HB 692",[1060,1423,1424,1428],{},[810,1425,1427],{"href":1038,"rel":1426},[988],"FTC v. Vizio (2017)"," - $2.2M settlement for ACR without consent",[1060,1430,1431,1435],{},[810,1432,1434],{"href":1091,"rel":1433},[988],"Consumer Reports: How to Turn Off Smart TV Snooping Features"," - per-brand settings paths",[1060,1437,1438,1442],{},[810,1439,1441],{"href":1178,"rel":1440},[988],"Roku ACR Service Policy"," - Roku's own statement that opting out does not delete already-collected data",[1060,1444,1445,1449],{},[810,1446,1448],{"href":1204,"rel":1447},[988],"Vizio Smart Interactivity \u002F Viewing Data FAQ"," - official Vizio settings path",[1060,1451,1452,1456],{},[810,1453,1455],{"href":1245,"rel":1454},[988],"Hisense Enhanced Viewing Service Privacy Notice"," - what Hisense collects via VIDAA",[1060,1458,1459,1463],{},[810,1460,1462],{"href":1358,"rel":1461},[988],"Perflyst PiHoleBlocklist (GitHub)"," - community-maintained smart-TV telemetry blocklist for Pi-hole, AdGuard Home and NextDNS",[1060,1465,1466,1470],{},[810,1467,1469],{"href":1281,"rel":1468},[988],"Netflix: What personal information Netflix holds about you"," - Netflix's own description of viewing-activity retention",[1060,1472,1473,1477],{},[810,1474,1476],{"href":1287,"rel":1475},[988],"The Walt Disney Company Privacy Policy"," - Disney's own disclosure of content-viewing data collection",[1060,1479,1480,1484],{},[810,1481,1483],{"href":1299,"rel":1482},[988],"Tom's Guide: Yes, your TV probably has a microphone in it"," - per-brand voice-data controls",[1060,1486,1487,1491],{},[810,1488,1490],{"href":1305,"rel":1489},[988],"FTC and DOJ Charge Amazon with Violating Children's Privacy Law (Alexa, 2023)"," - $25M settlement for retaining voice recordings after deletion requests",{"title":23,"searchDepth":830,"depth":830,"links":1493},[1494,1495,1496,1497,1498,1499,1500,1501,1502,1503],{"id":966,"depth":830,"text":967},{"id":979,"depth":830,"text":980},{"id":999,"depth":830,"text":1000},{"id":1047,"depth":830,"text":1048},{"id":1112,"depth":830,"text":1113},{"id":1157,"depth":830,"text":1158},{"id":1265,"depth":830,"text":1266},{"id":1340,"depth":830,"text":1341},{"id":1373,"depth":830,"text":1374},{"id":1390,"depth":830,"text":1391},"Guide","2026-04-25","Smart TVs use ACR to log everything you watch. Here's how to disable it on Samsung, LG, Sony, Roku and Vizio, and what it won't fix.","\u002Fimages\u002Fguides\u002Fstop-smart-tv-spying.jpg",{},"\u002Fguides\u002Fstop-smart-tv-spying",{"title":961,"description":1506},"guides\u002Fstop-smart-tv-spying","_kf7KZ020AZH0HHIBThXtBbrK-hxeH-SpBtkVO492W4",{"id":1514,"title":1515,"author":6,"body":1516,"category":1868,"date":1869,"description":1870,"extension":861,"image":1871,"meta":1872,"navigation":882,"path":1873,"readTime":902,"seo":1874,"stem":1875,"__hash__":1876},"guides\u002Fguides\u002Fis-your-phone-listening-to-you.md","Is Your Phone Listening to You?",{"type":9,"value":1517,"toc":1852},[1518,1522,1525,1528,1531,1535,1538,1570,1577,1581,1590,1593,1612,1616,1619,1623,1632,1641,1644,1648,1657,1660,1664,1679,1687,1691,1694,1698,1727,1734,1738,1765,1772,1776,1783,1797,1799,1802,1838,1841],[25,1519,1521],{"id":1520},"the-short-answer","The Short Answer",[12,1523,1524],{},"Probably not. But what's actually happening is arguably worse.",[12,1526,1527],{},"You mention dog food in conversation. An hour later, dog food ads. You talk about flights to Portugal, and suddenly every banner on the internet is selling you Lisbon. It feels like proof. Millions of people are convinced their phone is listening.",[12,1529,1530],{},"But security researchers, independent studies, and leaked internal documents consistently point to the same conclusion: your phone almost certainly isn't recording your conversations to serve you ads. It doesn't need to. The data it already collects is so comprehensive that it can predict what you want before you say it out loud.",[25,1532,1534],{"id":1533},"why-it-feels-like-your-phone-is-listening","Why It Feels Like Your Phone Is Listening",[12,1536,1537],{},"The real explanation is less dramatic but more invasive. Advertisers don't need your microphone because they already have:",[1271,1539,1540,1546,1552,1558,1564],{},[1060,1541,1542,1545],{},[146,1543,1544],{},"Your location history",". Your phone knows you walked into a pet store, visited a travel agency, or spent 20 minutes in a mattress showroom. GPS, Wi-Fi, and Bluetooth beacons track this continuously.",[1060,1547,1548,1551],{},[146,1549,1550],{},"Your search and browsing history",". Google and Meta know every search you've made, every link you've clicked, and every product page you've lingered on.",[1060,1553,1554,1557],{},[146,1555,1556],{},"Your purchase data",". Credit card transactions, loyalty cards, and online receipts are bought and sold by data brokers. If your friend bought dog food and you were at their house, the ad network may have linked your devices by shared location.",[1060,1559,1560,1563],{},[146,1561,1562],{},"Your social graph",". If your partner searched for a holiday destination, and you share a Wi-Fi network or are connected on social media, their interests can influence your ads. This is why you see ads for things people near you are interested in.",[1060,1565,1566,1569],{},[146,1567,1568],{},"Your advertising ID",". Both iOS and Android assign your phone a unique tracking identifier that lets ad networks follow your activity across every app. This single ID ties together everything you do.",[12,1571,1572,1573,1576],{},"This combination is so powerful that it creates uncanny coincidences constantly. You notice the hits (the ad that matched your conversation) and forget the thousands that didn't. This is ",[146,1574,1575],{},"confirmation bias",", and it's the primary engine behind the \"my phone is listening\" belief.",[25,1578,1580],{"id":1579},"the-evidence-against-listening","The Evidence Against Listening",[12,1582,1583,1584,1589],{},"A ",[810,1585,1588],{"href":1586,"rel":1587},"https:\u002F\u002Fgizmodo.com\u002Fthese-academics-spent-the-last-year-testing-whether-you-1826961188",[988],"2018 study by researchers at Northeastern University"," tested over 17,000 Android apps and found no evidence of any app secretly activating the microphone for ad targeting. (They did find something else unsettling: some apps were silently recording the screen and sending screenshots to third parties.)",[12,1591,1592],{},"The data usage alone makes it implausible. If apps were secretly recording and uploading audio, the bandwidth consumption would be enormous and easily detectable. In controlled tests, voice assistants during active listening consumed orders of magnitude more data than any of the tested apps at rest.",[12,1594,1595,208,1600,1605,1606,1611],{},[810,1596,1599],{"href":1597,"rel":1598},"https:\u002F\u002Fwww.apple.com\u002Fprivacy\u002F",[988],"Apple",[810,1601,1604],{"href":1602,"rel":1603},"https:\u002F\u002Fsafety.google\u002Fprivacy\u002Fads-and-data\u002F",[988],"Google",", and Meta have all denied using microphone data for ad targeting. Instagram head Adam Mosseri ",[810,1607,1610],{"href":1608,"rel":1609},"https:\u002F\u002Ftechcrunch.com\u002F2025\u002F10\u002F01\u002Finstagram-head-says-company-is-not-using-your-microphone-to-listen-to-you-with-ai-data-it-wont-need-to\u002F",[988],"stated in 2025"," that the company does not use microphones for ads, noting that AI-driven data analysis makes eavesdropping unnecessary. In other words: they don't need to listen. They already know.",[25,1613,1615],{"id":1614},"but-its-not-completely-made-up","But It's Not Completely Made Up",[12,1617,1618],{},"There are documented cases that keep this concern grounded in reality.",[78,1620,1622],{"id":1621},"the-cox-media-group-active-listening-pitch","The Cox Media Group \"Active Listening\" Pitch",[12,1624,1625,1626,1631],{},"In 2024, ",[810,1627,1630],{"href":1628,"rel":1629},"https:\u002F\u002Fwww.404media.co\u002Fheres-the-pitch-deck-for-active-listening-ad-targeting\u002F",[988],"404 Media obtained a leaked pitch deck"," from Cox Media Group revealing a program called \"Active Listening\" that claimed to use smart device microphones to capture \"real-time intent data\" for ad targeting. CMG listed Google, Meta, and Amazon as partners.",[12,1633,1634,1635,1640],{},"All three companies denied involvement. ",[810,1636,1639],{"href":1637,"rel":1638},"https:\u002F\u002Fwww.techdirt.com\u002F2024\u002F08\u002F29\u002Fcox-caught-again-bragging-it-spies-on-users-with-embedded-device-microphones-to-sell-ads\u002F",[988],"Google removed CMG from its Partners Program",". Meta said it was investigating potential terms-of-service violations. CMG later claimed the program used only \"third-party aggregated, anonymized data\" and not actual microphone recordings.",[12,1642,1643],{},"Whether CMG was overselling to attract clients or running a real program remains unclear. Either way, the incident revealed that at least some companies were, at a minimum, pitching the concept to potential clients.",[78,1645,1647],{"id":1646},"the-apple-siri-settlement","The Apple Siri Settlement",[12,1649,1650,1651,1656],{},"In January 2025, Apple ",[810,1652,1655],{"href":1653,"rel":1654},"https:\u002F\u002Fwww.npr.org\u002F2025\u002F01\u002F03\u002Fg-s1-40940\u002Fapple-settle-lawsuit-siri-privacy",[988],"agreed to a $95 million class-action settlement"," over allegations that Siri sometimes activated without a wake command and recorded conversations that were then reviewed by human contractors.",[12,1658,1659],{},"Apple did not admit wrongdoing but paid up to $20 per device to affected users. The case established that accidental voice assistant activations are a real and documented problem, even if the recordings weren't proven to be used for ad targeting.",[78,1661,1663],{"id":1662},"ultrasonic-cross-device-tracking","Ultrasonic Cross-Device Tracking",[12,1665,1666,1667,1672,1673,1678],{},"This one is real and ",[810,1668,1671],{"href":1669,"rel":1670},"https:\u002F\u002Fieeexplore.ieee.org\u002Fdocument\u002F7961950",[988],"verified by academic researchers",". Some apps and TV advertisements emit inaudible ultrasonic tones that your phone's microphone can pick up. These tones link your devices together: your TV plays a tone during a commercial, your phone detects it, and the advertiser now knows you watched that ad. ",[810,1674,1677],{"href":1675,"rel":1676},"https:\u002F\u002Fthehackernews.com\u002F2017\u002F05\u002Fultrasonic-tracking-signals-apps.html",[988],"Researchers found over 200 apps"," using this technique.",[12,1680,1681,1682,1686],{},"This technology doesn't record your speech, but it does use your microphone without making it obvious. So your phone isn't listening to ",[1683,1684,1685],"em",{},"you",". It's listening to your TV.",[25,1688,1690],{"id":1689},"how-to-lock-down-your-microphone","How to Lock Down Your Microphone",[12,1692,1693],{},"Even if mass ad surveillance via microphone is unlikely, there's no reason to leave permissions open that you don't need.",[78,1695,1697],{"id":1696},"on-iphone","On iPhone",[1057,1699,1700,1707,1714,1721],{},[1060,1701,1702,1703,1706],{},"Go to ",[146,1704,1705],{},"Settings > Privacy & Security > Microphone",". Review every app on the list. Turn off any app that doesn't need mic access.",[1060,1708,1709,1710,1713],{},"Watch for the ",[146,1711,1712],{},"orange dot",". When any app uses your microphone, iOS displays an orange dot in the top-right corner of your screen. If you see it when you're not on a call or recording, investigate.",[1060,1715,1716,1717,1720],{},"Check ",[146,1718,1719],{},"Settings > Privacy & Security > App Privacy Report",". This shows which apps accessed your microphone in the last seven days and how often.",[1060,1722,1702,1723,1726],{},[146,1724,1725],{},"Settings > Siri & Search",". If you don't use Siri, turn off \"Listen for 'Hey Siri'\" and \"Press Side Button for Siri.\" This eliminates the most common source of accidental activations.",[12,1728,1729,1730,59],{},"For a full walkthrough of iOS privacy settings, see our ",[810,1731,1733],{"href":1732},"\u002Fguides\u002Fbest-privacy-settings-iphone","iPhone privacy guide",[78,1735,1737],{"id":1736},"on-android","On Android",[1057,1739,1740,1746,1752,1758],{},[1060,1741,1702,1742,1745],{},[146,1743,1744],{},"Settings > Privacy > Permission Manager > Microphone",". Review and revoke access for apps that don't need it. Set the rest to \"Allow only while using the app.\"",[1060,1747,1709,1748,1751],{},[146,1749,1750],{},"green indicator",". On Android 12 and later, a green dot appears in the top-right corner when the microphone or camera is active. Tap it to see which app is responsible.",[1060,1753,1716,1754,1757],{},[146,1755,1756],{},"Settings > Privacy > Privacy Dashboard"," (Android 12+). This shows a timeline of which apps accessed your microphone in the last 24 hours.",[1060,1759,1760,1761,1764],{},"Disable Google Assistant's always-listening mode if you don't use it: ",[146,1762,1763],{},"Settings > Google > Settings for Google apps > Search, Assistant & Voice > Google Assistant > Hey Google & Voice Match"," and turn off \"Hey Google.\"",[12,1766,1767,1768,59],{},"For a full walkthrough of Android privacy settings, see our ",[810,1769,1771],{"href":1770},"\u002Fguides\u002Fbest-privacy-settings-android","Android privacy guide",[25,1773,1775],{"id":1774},"the-step-that-actually-matters-most","The Step That Actually Matters Most",[12,1777,1778,1779,1782],{},"Revoking microphone permissions is worth doing, but the single most effective step is ",[146,1780,1781],{},"disabling your advertising ID",". This is the identifier that lets ad networks build a profile across every app on your phone. Remove it and the \"eerily accurate\" ads get noticeably less precise.",[1271,1784,1785,1791],{},[1060,1786,1787,1790],{},[146,1788,1789],{},"iPhone",": Settings > Privacy & Security > Tracking > turn off \"Allow Apps to Request to Track\"",[1060,1792,1793,1796],{},[146,1794,1795],{},"Android",": Settings > Privacy > Ads > \"Delete advertising ID\"",[25,1798,1266],{"id":1265},[12,1800,1801],{},"Locking down your microphone won't stop the ads that feel like eavesdropping. That's because those ads were never based on your microphone. They're based on:",[1271,1803,1804,1810,1819,1828],{},[1060,1805,1806,1809],{},[146,1807,1808],{},"Location tracking"," (disabling this breaks maps and weather apps)",[1060,1811,1812,1815,1816,1818],{},[146,1813,1814],{},"Cross-site tracking"," (use a privacy-focused browser; see our ",[810,1817,827],{"href":812},")",[1060,1820,1821,1824,1825,1818],{},[146,1822,1823],{},"Data broker profiles"," (see our guide to ",[810,1826,1827],{"href":1332},"deleting your digital footprint",[1060,1829,1830,1833,1834,1818],{},[146,1831,1832],{},"Your IP address"," (a VPN hides this; see our ",[810,1835,1837],{"href":1836},"\u002Fcompare\u002Fvpns","VPN comparison",[12,1839,1840],{},"The uncomfortable truth is that modern ad targeting is so sophisticated that listening to you would be redundant. Your digital behaviour already tells advertisers what you want before you say it. Revoking microphone permissions is easy and worth doing, but the real privacy gains come from reducing the data trail you leave everywhere else.",[12,1842,1843,1844,1848,1849,1851],{},"Check what your browser reveals about you with our ",[810,1845,1847],{"href":1846},"\u002Ftools\u002Fbrowser-fingerprint","Fingerprint Test",", or run our ",[810,1850,823],{"href":822}," to see where you stand.",{"title":23,"searchDepth":830,"depth":830,"links":1853},[1854,1855,1856,1857,1862,1866,1867],{"id":1520,"depth":830,"text":1521},{"id":1533,"depth":830,"text":1534},{"id":1579,"depth":830,"text":1580},{"id":1614,"depth":830,"text":1615,"children":1858},[1859,1860,1861],{"id":1621,"depth":836,"text":1622},{"id":1646,"depth":836,"text":1647},{"id":1662,"depth":836,"text":1663},{"id":1689,"depth":830,"text":1690,"children":1863},[1864,1865],{"id":1696,"depth":836,"text":1697},{"id":1736,"depth":836,"text":1737},{"id":1774,"depth":830,"text":1775},{"id":1265,"depth":830,"text":1266},"Explainer","2026-04-21","Your phone probably isn't recording your conversations for ads. The reality is more unsettling. Here's what's actually happening.","\u002Fimages\u002Fguides\u002Fis-your-phone-listening-to-you.jpg",{},"\u002Fguides\u002Fis-your-phone-listening-to-you",{"title":1515,"description":1870},"guides\u002Fis-your-phone-listening-to-you","ZPZ2SgPS-R2HwYhHIAFAOpp-zk2ZefiDcwf_oOHm5mE",{"id":1878,"title":1879,"author":6,"body":1880,"category":1504,"date":2187,"description":2188,"extension":861,"image":2189,"meta":2190,"navigation":882,"path":1328,"readTime":921,"seo":2191,"stem":2192,"__hash__":2193},"guides\u002Fguides\u002Fstop-google-tracking-you.md","How to Stop Google Tracking You",{"type":9,"value":1881,"toc":2175},[1882,1884,1887,1890,1894,1902,1911,1915,1923,1949,1952,1956,1959,1976,1985,1989,1992,2024,2028,2031,2048,2052,2055,2060,2084,2087,2091,2094,2114,2118,2121,2144,2147,2149,2152,2172],[25,1883,967],{"id":966},[12,1885,1886],{},"Google tracks your searches, location history, YouTube watches, voice recordings, app usage, and browsing activity. All of this feeds into an advertising profile that follows you everywhere.",[12,1888,1889],{},"The good news: you can turn most of it off. The bad news: Google makes it deliberately confusing. This guide walks through every setting that matters.",[25,1891,1893],{"id":1892},"step-1-check-what-google-already-has-on-you","Step 1: Check What Google Already Has on You",[12,1895,1702,1896,1901],{},[810,1897,1900],{"href":1898,"rel":1899},"https:\u002F\u002Fmyactivity.google.com",[988],"myactivity.google.com",". This is everything Google has recorded. Searches, voice commands, places you've been, videos you've watched. Scroll through it. Take a moment to review what's there.",[12,1903,1904,1905,1910],{},"Now go to ",[810,1906,1909],{"href":1907,"rel":1908},"https:\u002F\u002Fadssettings.google.com",[988],"adssettings.google.com",". This is the advertising profile Google built from all that data. Your age, interests, income bracket, relationship status. Some of it is surprisingly detailed. Some of it is hilariously wrong. This profile data is used for targeted advertising.",[25,1912,1914],{"id":1913},"step-2-nuke-your-activity-controls","Step 2: Nuke Your Activity Controls",[12,1916,1702,1917,1922],{},[810,1918,1921],{"href":1919,"rel":1920},"https:\u002F\u002Fmyaccount.google.com\u002Factivitycontrols",[988],"myaccount.google.com\u002Factivitycontrols"," and turn off:",[1271,1924,1925,1931,1937,1943],{},[1060,1926,1927,1930],{},[146,1928,1929],{},"Web & App Activity",": This is the big one. It tracks everything you do across Google services and any site using Google ads or analytics (which is most of the internet). Turn it off. Also uncheck \"Include Chrome history and activity from sites, apps, and devices that use Google services.\"",[1060,1932,1933,1936],{},[146,1934,1935],{},"Location History",": Tracks everywhere your phone goes. Turn it off. Note: Google still collects \"approximate location\" from your IP even with this off, but it stops the detailed GPS timeline.",[1060,1938,1939,1942],{},[146,1940,1941],{},"YouTube History",": Every video you watch and search for. Turn it off if you want. This will make your recommendations worse, which is arguably a feature.",[1060,1944,1945,1948],{},[146,1946,1947],{},"Ad Personalization",": Turn it off. Your ads will become generic instead of eerily specific. This is a win.",[12,1950,1951],{},"After turning these off, click \"Delete activity\" on each one and choose \"All time.\"",[25,1953,1955],{"id":1954},"step-3-fix-chrome-or-better-yet-ditch-it","Step 3: Fix Chrome (or Better Yet, Ditch It)",[12,1957,1958],{},"Chrome is a Google product. It's fast, but it sends a significant amount of data back to Google by default. If you insist on using it:",[1057,1960,1961,1964,1967,1970,1973],{},[1060,1962,1963],{},"Go to Settings > Privacy and Security",[1060,1965,1966],{},"Turn off \"Help improve Chrome's features and performance\" (sends usage data to Google)",[1060,1968,1969],{},"Turn off \"Make searches and browsing better\" (sends URLs to Google)",[1060,1971,1972],{},"Set third-party cookies to \"Block third-party cookies\"",[1060,1974,1975],{},"Turn off \"Improve search suggestions\" (sends everything you type in the address bar to Google in real time)",[12,1977,1978,1981,1982,1984],{},[146,1979,1980],{},"Better option",": Switch to Firefox or Brave. Both are Chromium-compatible (your extensions still work on Brave) and don't phone home to Google. Check our ",[810,1983,827],{"href":812}," for a detailed breakdown.",[25,1986,1988],{"id":1987},"step-4-lock-down-android","Step 4: Lock Down Android",[12,1990,1991],{},"If you're on Android, Google is baked into the OS. You can't fully escape it without switching to a custom ROM (which most people won't do), but you can limit the damage:",[1057,1993,1994,2000,2006,2012,2018],{},[1060,1995,1996,1999],{},[146,1997,1998],{},"Settings > Privacy > Permission Manager",": Review which apps have access to your location, camera, mic, contacts. Revoke anything that doesn't need it. That flashlight app does not need your contacts.",[1060,2001,2002,2005],{},[146,2003,2004],{},"Settings > Privacy > Ads",": Delete your advertising ID and opt out of ad personalisation.",[1060,2007,2008,2011],{},[146,2009,2010],{},"Settings > Location",": Turn off location for any app that doesn't need it. Set the rest to \"Only while using the app\" instead of \"Always.\"",[1060,2013,2014,2017],{},[146,2015,2016],{},"Settings > Google > Manage your Google Account",": This takes you to the same activity controls from Step 2. Make sure they're off here too.",[1060,2019,2020,2023],{},[146,2021,2022],{},"Google Play Store > Settings",": Review data sharing and personalisation options and opt out where available.",[25,2025,2027],{"id":2026},"step-5-handle-google-maps","Step 5: Handle Google Maps",[12,2029,2030],{},"Google Maps is hard to replace because no alternative matches it for coverage and accuracy. But you can use it without feeding Google your entire travel history.",[1057,2032,2033,2042,2045],{},[1060,2034,2035,2036,2041],{},"Open Maps > tap your profile picture > Your Timeline > review and manage your location data. Google ",[810,2037,2040],{"href":2038,"rel":2039},"https:\u002F\u002Fblog.google\u002Fproducts\u002Fmaps\u002Fupdates-to-location-history-and-new-controls-coming-soon-to-maps\u002F",[988],"renamed Location History to Timeline"," and moved it to on-device storage in 2024.",[1060,2043,2044],{},"Use Maps without signing in (you can still search and navigate)",[1060,2046,2047],{},"For walking directions and simple lookups, try OpenStreetMap-based alternatives like OsmAnd or Organic Maps",[25,2049,2051],{"id":2050},"step-6-search-without-google","Step 6: Search Without Google",[12,2053,2054],{},"This is the easiest switch with the biggest impact. Your search history is one of the most revealing datasets about you.",[12,2056,2057],{},[146,2058,2059],{},"Alternatives that actually work:",[1271,2061,2062,2072,2078],{},[1060,2063,2064,2067,2068,2071],{},[146,2065,2066],{},"DuckDuckGo",": Doesn't track searches, good enough for 90% of queries. Add ",[106,2069,2070],{},"!g"," to any search to fall back to Google when you need it.",[1060,2073,2074,2077],{},[146,2075,2076],{},"Startpage",": Uses Google's results but strips out the tracking. Best of both worlds.",[1060,2079,2080,2083],{},[146,2081,2082],{},"Brave Search",": Fully independent index, no Google dependency.",[12,2085,2086],{},"Set your default search engine in your browser settings. You'll forget you switched within a week.",[25,2088,2090],{"id":2089},"step-7-limit-youtube-tracking","Step 7: Limit YouTube Tracking",[12,2092,2093],{},"If you still use YouTube (and let's be honest, you do):",[1057,2095,2096,2099,2108,2111],{},[1060,2097,2098],{},"Watch in a private\u002Fincognito window when you don't want something in your history",[1060,2100,2101,2102,2107],{},"Use ",[810,2103,2106],{"href":2104,"rel":2105},"https:\u002F\u002Ffreetubeapp.io\u002F",[988],"FreeTube"," on desktop for a privacy-respecting YouTube client",[1060,2109,2110],{},"On mobile, NewPipe (Android) lets you watch without a Google account",[1060,2112,2113],{},"If you must use the official app: Settings > History & privacy > Pause watch history and Pause search history",[25,2115,2117],{"id":2116},"the-nuclear-option","The Nuclear Option",[12,2119,2120],{},"If you want to go all the way:",[1057,2122,2123,2131,2138,2141],{},[1060,2124,2125,2126],{},"Download all your data from ",[810,2127,2130],{"href":2128,"rel":2129},"https:\u002F\u002Ftakeout.google.com",[988],"takeout.google.com",[1060,2132,2133,2134,1818],{},"Switch to a privacy-respecting email provider (see our ",[810,2135,2137],{"href":2136},"\u002Fcompare\u002Femail-providers","email comparison",[1060,2139,2140],{},"Move your files from Google Drive to a local or encrypted cloud solution",[1060,2142,2143],{},"Delete your Google account entirely",[12,2145,2146],{},"This is extreme and most people won't do it. But everything from Step 1 through Step 6 takes about 15 minutes and dramatically reduces what Google knows about you going forward.",[25,2148,1266],{"id":1265},[12,2150,2151],{},"Even with all of this done, some things are still out of your hands:",[1271,2153,2154,2163,2166],{},[1060,2155,2156,2157,2162],{},"If you use Gmail, Google scans your emails for spam filtering and, unless you opt out, for ",[810,2158,2161],{"href":2159,"rel":2160},"https:\u002F\u002Fsupport.google.com\u002Fmail\u002Fanswer\u002F10079371",[988],"smart features like Smart Reply and AI assistance",". Google stopped scanning emails for ad personalisation in 2017.",[1060,2164,2165],{},"Websites using Google Analytics and Google Ads still report your visits back to Google, even if you opted out of personalisation. Use an ad blocker like uBlock Origin to stop this.",[1060,2167,2168,2169,2171],{},"Google can still link your activity through your IP address even without cookies. A VPN helps here. Check our ",[810,2170,1837],{"href":1836}," if you're shopping for one.",[12,2173,2174],{},"Privacy isn't all-or-nothing. Every setting you change is one less data point in their profile.",{"title":23,"searchDepth":830,"depth":830,"links":2176},[2177,2178,2179,2180,2181,2182,2183,2184,2185,2186],{"id":966,"depth":830,"text":967},{"id":1892,"depth":830,"text":1893},{"id":1913,"depth":830,"text":1914},{"id":1954,"depth":830,"text":1955},{"id":1987,"depth":830,"text":1988},{"id":2026,"depth":830,"text":2027},{"id":2050,"depth":830,"text":2051},{"id":2089,"depth":830,"text":2090},{"id":2116,"depth":830,"text":2117},{"id":1265,"depth":830,"text":1266},"2026-04-19","Google knows more about you than your closest friends. Here's how to shut it down across Search, Chrome, Android, YouTube, and Maps.","\u002Fimages\u002Fguides\u002Fstop-google-tracking-you.jpg",{},{"title":1879,"description":2188},"guides\u002Fstop-google-tracking-you","7GlfujbIB49K1s74PZOwtpJw-4qYiXpLuMThNNWiOVM",1777303083206]