Vivaldi browser and privacy
Vivaldi Technologies AS was accused recently of incorporating spyware in the browser. A user claimed that Vivaldi Technologies incorporated spyware in the browser because the browser connects to https://update.vivaldi.com/stats/piwik.php regularly.
Piwik is a self-hosted analytics software that companies and individuals like to install if they don't want to use third-party hosted services such as Google Analytics. The main advantage of Piwik and other self-hosted solutions is that no one but the company hosting the solution gets access to the data.
It is a fact that the Vivaldi browser transfers data to Vivaldi's self-hosted analytics server. The following paragraphs look at the data that is transferred and how the data is used by Vivaldi.
Vivaldi is open about privacy
The "other data", is the browser version, CPU architecture, screen resolution, time since last message and the first three octets of the IP address.
When you install Vivaldi browser (â€œVivaldiâ€), each installation profile is assigned a unique user ID that is stored on your computer. Vivaldi will send a message using HTTPS directly to our servers located in Iceland every 24 hours containing this ID, version, cpu architecture, screen resolution and time since last message.
The company uses the data in the following manner:
- Unique ID: Only used to get an approximate count of users.
- IP address: Vivalid uses the three octets to get an approximate location using a local geoip solution. The company uses the data to "determine the total number of active users and their geographical distribution". Vivaldi turned off logging on updates.vivaldi.com so that it does not store IP addresses of users connecting to the server.
- Browser version: Used to make sure that part of the userbase is not left behind due to update issues.
- Screen resolution and CPU architecture: Vivaldi uses the information to set up test systems to test the browser on.
The data is sent over an encrypted HTTPS connection.
Privacy conscious Vivaldi users may object to the generating of a unique ID and the lack of an opt-out option the most. This is understandable as companies used IDs in the past to track users.
Vivaldi promises to use the ID only for counting the overall number of users. The company could use different means for that, for instance, the number of devices requesting an update plus an estimate of the number of devices without automatic updates turned on.
It is easy enough to delete the ID though and it is different anyway if you use Vivaldi on multiple devices.
Now You: What's your take on this?