Arc Browser, how private is it?
This writeup looks into how Arc phones home to log analytics without giving users a good way to opt-out.
Arc browser is one of the many Browsers to run Chromium (Blink) which includes browsers like Microsoft Edge, Brave and Opera.
It however is unique, being one of the only browsers that requires you log in before using it.
Mandatory login#
Their argument: “Sync data, provide support” - Its a tough ask, no matter how you spin it to require your users to be logged in to a service before using it. No matter if a user’s actions are anonymised, the way you use your browser is still logged. A scary fact is just like Google’s Chrome browser and Google, policies change over time. At this stage data may not be collected or synced, but the convenience of having tabs on your phone, or to remember that website you were searching for earlier on in the day on another device will be the downfall of privacy for Arc.
After logging in, you’re greeted by a ‘personalised’ Card with your name/alias.
Below is the first tab you’ll see using Arc (at V1.0.1). There are tabs open on the side with a Wikipedia page, and two other websites.
Phoning home#
These sites are all loaded in the system by the process Arc Helper, which is nice to be seperate from Arc itself, however the pages chosen starts to develop a unique fingerprint.
From the domains Arc loads on first launch, its evident the Arc team is very product-focused. With three major tools collecting user data: Segment, Sentry and Launchdarkly. As upfront as their Privacy Policy is, they are incredibly vague as to which platform, or how many they use in the browser. As you will see later on, its disappointing that there is a lack of opting out of sharing of any usage.
Preferences#
It was good to see some level above the standard chrome settings giving customisation to the browser. On the flip side, for a browser that talks a lot about privacy, mandating that users be signed in, and not providing an option to opt-out of providing device analytics (unless you block them at the DNS level) is disappointing.
Notice the absence of an option to log out of an account to continue using the browser, or opting out of sending analytics to the browser company.
Data being collected#
The following is an extract of a sample being logged and sent to Sentry in accordance with the Browser Company’s personal data collection policy.
Captured log - Sentry.io#
A few things to note here:
- Every user has an ‘anonymous id’ as well as a ‘user id’ which could be speculated as being linked to your e-mail address to ‘provide support’ or understand how you prefer to use the browser.
- Events are logged, as per their privacy policy. This means it sends an update to Sentry when you Command Tab to another app, and another log sent when you go back. Other events include things like viewing preferences, creating a space among many other features I didn’t test.
- The identifier of your Mac is sent. My one; Mac14,9 shows my model - MacBook Pro M2 2023 14in, with RAM config.
- Locale (Keyboard) and timezone are shared
- Interestingly, window dimensions are shared
- The network shows current connection, in my case WiFi, and although Bluetooth shows ‘false’ this refers to the network connection as Bluetooth was on.
- IP isn’t logged (at this build)
An example of another event being logged
Interestingly, there were some interesting bits of data captured. One of which included a variable to check if the user logged in was internal (I wonder what that was for)
Captured log - Launchdarkly#
There wasn’t much to decode from the Launchdarkly, with everything being encoded
Permissions#
Arc browser requests to see files on a few too many areas of you PC. Expect to get prompted if you plan on taking it for a spin.
Arc’s Privacy Policy, and the problem with trying to ‘sell’ privacy#
Arc’s Privacy Policy is upfront, being transparent that they are product-centric, wanting to understand their users behaviour.
“What we do care about when it comes to data is building the best, most reliable product we can. For instance, understanding which features our members are digging most (and which features they hate, oof). Keep reading to check out our full privacy policy.”
A few days later.. the true purpose of needing an account#
As with most products, the most valuable thing to an investor is measuring traction and growth. Having users sign up creates an asset of user details, which makes me wonder how The Browser Company is planning on monetising Arc or their future projects..
Result#
I guess Arc browser isn’t a privacy oriented browser. It has a unique take on developing an ‘all-in-one’ app to extend a web browser, heavily focused on user experience. Although, being Gecko based (Firefox) would have been a nice to see, the hype around Arc and Chromium isn’t going away any time soon, and is typically viewed as the more performant on the web.
It would be nice if Arc, or rather the browser company provided more options to control what data is being logged, or provided a simple opt-out of everything option. Its understandable that they only recently went V1.0 and ditched the invite only system, however to build trust with users, I believe that along with using it without an account are the main barriers to recommend jumping on the Arc wagon.
Arc ended up in the trash on my test machine.
👍 Comes with uBlock pre-installed
👎 Account is mandatory
👎 No way to opt-out of sending analytics
🤷 A bit over the top permissions needed to access folders / files for the average user
🤷 Based on Chromium
Disclosure: I work on an open-source theme of Firefox browser to make it look like Safari
Tools used in this writeup:
- Little snitch
- Proxyman
- AppCleaner
Let me know in the comments below your thoughts on Arc