I’ve been trying out the engine for a few weeks now. At first I was impressed, and Goggles are a neat feature. But somehow the more I use it the more I realise how much I am going back to Bing or Google because Brave couldn’t show me even one useful result for a niche error or question. Maybe I’m doing something wrong but even using Reddit or forum Goggles sometimes it will show me only shitty article sites, more than Google does.
For further explanation of any point, please hit me up :)
It is Chromium based
It has used dubious methods in the past (replacing links with affiliate links, the whole ad/crypto thing, …)
Brave’s business model relies on ads (I think)
[This is a weak point, but at least in the privacy community, Brave isn’t super popular. It feels more geared towards the “hyped crypto early adopters”. ^[1]^ It might be “fine” for someone switching from Chrome (which is always a good thing) but going all the way would be a modded Firefox.]
TL;DR For most provacy concious Brave users, Brave is a step in their journey towards more privacy, and not the final destination.
[1] The “dumb AF tech youtubers” you mentioned in another post are typically the Brave hype crowd. This is not meant to discredit Brave; it’s just that a share of their users are this way.
All good points but I’d like to point out that the first one is likely the biggest reason not to use it - it’s based on Chromium and continues to give Google/Chrome the browser market share to dictate the direction of the web.
I’ve been using Firefox for years, and recently switched over to Brave because it was able to provide a unique fingerprint result on EFF’s fingerprint tool. Even if I used the same plugins, Firefox had a unique fingerprint.
I ignore all the silly crypto and ad bs. Why should I use FF over Brave
@Ado@Linus_Torvalds The main reason I prefer FF is diversity of engine. Brave is based on Chromium, as are basically all other browsers but Safari. FF still uses their own rendering engine, and provides superb privacy as well. Given that @leo is also a proponent, I feel comfortable with #firefox.
If I were to switch browsers, though, it would be to #bravebrowser.
FIngerprinting is not super easy. E.g. you might have a ‘unique’ fingerprint with FF but if it changes every time, than I would consider it actually a privacy feature. Did you have the same addons installed on BRave and FF while testing (as Addons play a part in Fingerprinting)? And finally: A lot of fingerprinting techniques can be blocked before they even start (no JS, …). I feel like your opinion is rather one-sided.
As to why FF> Brave: Basically the Chromium argument. Diverse engines are better for the health of the web.
The author of the site works for Brave. The results need to be taken with a grain of salt. Is is more private than Chrome? Absolutely. Is it the best browser for privacy? Ehhh…
People don’t like the creator of Brave because he’s supposedly anti-trans. He donated to some anti-trans political group iirc.
The browser also has some crypto stuff (web advertisment replacement, block chain based decentralized browser sync), and a lot of people hate crypto these days.
Personally I think it’s a good browser, the web needs advertising revenue to function and it’s solution to replacing web ads with optional browser ads that still pay the websites you visit seems like a decent solution. I respect the push to use a non-chromium browser, but personally I rely too much on browser tab groups to use anything Firefox based.
To anyone wondering about the whole “homophobe thing”, here is a (hopefully neutral? If you have different sources please share them as well!) wiki link to the drama.
I’ve tried both of those, tree style tabs kinda works, but isn’t ideal. It’s also not an option on mobile at all, and I prefer to use the same browser for mobile and desktop for tab sync/etc.
I used Firefox on desktop and mobile for a few months this past year, but never got as nice of a work flow going as I had with Brave. Then a Firefox update for mobile broke the browser for a week or two (crashed on launch, resetting app data/reinstalling didn’t help) and I went back to Brave, and realized how much I missed tab grouping and some other stuff.
I’m keeping Firefox installed, and I’d be happy to switch back someday if tab grouping gets ported over.
It’s a free country, you can use whatever you like. Respect yourself and your own intuition :)
The current situation (summer July–Sept 2023) is, you better switch to any browser that is not Chromium-based. The reason is “Web Environment Integrity” (WEI), which seems to mean, basically, Google is trying to DRM-lock the whole Internet to make sure you see their ads and they can track everyone. Freedom-loving users obviously don’t like that.
At the same time Firefox is getting more and more annoying, yet it’s better than Google. A safe bet for a general user might be LibreWolf. Another new option is Mullvad Browser.
Firefox's answer, at the bottom of the article, smells like pure BS to me. Disabling an extension with something like a full browser-modal pop-up to warn users of the possibility of an untrustworthy Extension? Sure, fine, whatever, and maybe make that warning capable to be disabled by default, but why make the decision for us - silently - that Extensions are not to be trusted? Do we trust the website that asks if we pwetty please should allow the showing of ads, or maybe the malware provider that please should just disable all security Extensions and allow their malicious code to run, if you would be so kind?
I can think of one use for this: to disable malware to substitute clicking on a link to install your Extension of choice with one of their choice instead - although isn't the Extensions store already treated specially by default anyway?
Otherwise, I don't favor taking control away from the users. Especially if users cannot disable this new "feature". There is far too much potential for misuse of this.
Which will fragment the Chrome & Chromium-alternative market further, if people cannot trust Firefox anymore.
Which will slow development of alternatives to Chrome.
It's not like Google would ever take over anything - like let's say oh I dunno, Android - and kill it from the inside. Remember how it said that its motto is don't be evil? Oh wait...
Sadly my experience is that when it comes to security measures, user control often runs contrary to security. While we definitely should have the choice, you have to make it a bit difficult and non-obvious to disable security features, or people will unwittingly disable them for all sorts of bad reasons.
Thank you for the link. I understand somewhat what you mean about security, but also I get the other side too - security for who, and for what purpose? Google seems to have decided that it wants security to deliver ads to your browser, and also to track you everywhere you go (while offering no paid options to surf the internet without ads or tracking afaik?). This may fall under the umbrella of "security", but not for the sake of the users, whose traffic is being monetized, and the only option is to go over to some other browser like Firefox, which now, conveniently for Google, seems to be doing the same? Or at least could, if anyone could spoof the service and pretending to be Firefox, ask for security adons to be disabled? Maybe I'm simply too jaded to easily trust anymore:-P.
Security for the user is obviously what we are talking about. Regular people do not have the knowledge or patience to make informed decisions regarding their technical security; any model that relies on that is going to fail because people will click whatever they need to make stuff work. Even people who do understand the technology do stuff like disabling SSL verification, rather than going through the effort of adding the new CA to their cert list.
Firefox is not doing the same as Chrome. Firefox is adding a feature to disable unverified add-ons on particular domains to stop attacks from malicious add-ons. Chrome is adding a feature that tracks the sites you visit and shares them with other sites to improve ad tracking.
That is correct—or at least they said so. Brave might be an option too, except if you open their pages, analytics.brave(.)com may be loaded instead of google-analytics(.)com…
I agree that their search engine may be sometimes helpful. Having their own index is awesome.
While I don’t completely understand the use cases for Mozilla’s add-on domain blocklist, I also don’t see any reason to assume malicious intent. Malicious add-ons are a very real and serious threat and it’s obvious that Mozilla need a way to quickly and remotely protect users. Doing so on a domain level is much less impactful than completely shutting down an add-on.
Since it is obvious to the user if this is triggered, and the user has the option of disabling it per add-on or completely, what’s the real problem?
(That said I think it’s great that people are being skeptical even of Mozilla)
Edit: Sorry I misunderstood how this is displayed, it is not as obvious as I thought. Hopefully this will be improved. Though doing so might come with the drawback of making unwitting users more likely to disable the protection.
The current use cases are for Brazilian banking sites. Although free (libre) software users don’t like to be remotely monitored their browsing real-time, the technology itself can be helpful if used right.
The context is, even though Firefox is getting more and more annoying with telemetry, phoning home, etc. (imho the last good version was v52 ESR), it is still much better than Google. So use Firefox, if you don’t like other options.
Mozilla is financially supported by Google, and perhaps they can’t continue their projects without Google, so it’s kind of inevitable that sometimes they have to support that giant. Nevertheless, they still try not to be evil, explicitly against WEI.
Please do support Firefox and/or its forks (LibreWolf, Tor Browser, …). Stop cooperating with Google. They can do evil things because of their monopoly power. We can make Google less powerful, if we refuse to use their products, if we escape from their privacy-invading services.
That’s interesting. The first site on the list is the self-service login page for Banco do Brasil. Doing a little bit of digging suggests that attacking the users local environment to steal money via self-service is a widespread problem in Brazil. That would explain the need to block all add-ons that are not known safe for a page like this so they can’t swap that login QR-code. Here’s an (old) article detailing some of these types of attacks securelist.com/attacks-against-boletos/66591/
I wish Mozilla would be more transparent about this, but I speculate that they might be provided these domains under NDA from the Brazilian CERT or police.
TBH I think malicious add-ons are the new frontier of cybercrime. Most classic attacks methods are well mitigated these days, but browser add-ons are unaffected by pretty much all protections and all the sensitive business happens in the browser anyway.
remotely monitored their browsing real-time
it’s kind of inevitable that sometimes they have to support that giant
What more specifically are you talking about here? The functionality we are talking about can not be used for remote monitoring. Are you saying Mozilla added this feature under duress from Google?
Thanks for taking time to dig deeper and share the results. It’s ironic if big search engines are practically assisting those scams.
The main thing behind my previous comment is the SREN bill and Mozilla’s blog post about it.
I hope I am wrong, but I feel that Mozilla, while being against browser-side censorship, is strongly supporting Google-side restrictions. The situation becomes clearer if you actually read SREN, Art. 6, which is based on the premise that browser providers can and will monitor each user’s activity (my post about this on Lemmy). Conceptually similar to WEI.
The technology that restricts what a user can do can be useful, if unquestionably bad things are blocked. The fundamental problem is, in order for this to work, someone has to decide what is “bad” for you, and has to monitor your activities directly or indirectly so that you may not visit “bad” websites. Protecting users from malware may be important, but I don’t want forceful “protection” by for-profit big tech companies, especially when their OSes/services are not really privacy-respecting, if not themselves spyware. While “protection” might not involve real-time monitoring or anything privacy-invasive, the current situation feels preposterous. We should be free to customize programs, free to block what we don’t need; it’s not like they have freedom to block us from accessing info, to force us to use/view what they want us to.
But that post is Mozilla clearly speaking out against SREN because they do not want to be compelled to block certain sites.
Are you then talking about Google Safe Browsing? Which is enabled by default in Firefox, but which does not “monitor your activities”. It compares the site you are about to visit to a downloaded list of known bad ones and warns you if it’s on the list. Hardly an Orwellian nightmare. Just turn it off or ignore the warning if you do not want it. I keep it on because I’ve never seen a false positive on that list and I understand that even I’m vulnerable to attack.
We should be free to customize programs, free to block what we don’t need
And you are. If you don’t want to use safe browsing, turn it off, is right there in the menu. They have given you a default that’s best for most people and the option to customize.
Further, since it’s free software there’s really no limit to your power to customize or get rid of what you don’t need. (I understand that this is not possible for most people, but that’s why you have the menu options, this is just a final line of defense.)
I’ve been a long time Mozilla-supporter, since forever—since much before Firefox was even born. Every browser I use now is also Firefox-based [EDIT: one of them is SeaMonkey, not firefox-bsed but from Mozilla too]. As such, I wouldn’t like to say bad things about Mozilla. While I could clarify what I was trying to say, let’s just say several other people prefer LibreWolf to Firefox (I’m not a LibreWolf user, though).
In the big picture, we don’t want to be abused by big tech companies like Google, and relatively speaking, Firefox is a much better choice. Also, you’re absolutely right about how free software is supposed to work (at least in principle). Like I said, I really hope I’m totally wrong here.
The original (initial) post is a question about Brave, and we’re getting so off-topic now. Besides it seems that most Lemmy users don’t even read anything older than a week anyway, too busy to have a slow, deep conversations. So let’s call it a day. What I was trying to say in passing might become painfully clearer soon enough, or perhaps—hopefully—I’m just overly worrying about nothing. Although maybe Mozilla as an organization can’t exist anymore without Google’s financial supports (and so not in a position to keep saying “No!” to Google for a long time), as you pointed out, let’s hope that the philosophy of free (libre) software will prevail in the end.
Follow up question.  I’ve been using ff since probably 20 years or so but for some sites (usually work related) that demands chromium based browser I use brave since I don’t know what the “least bad” chromium browser is. Any insights?
So much with anything privacy comes down to trust. Any piece of software’s technical ability to keep you private is of course important but when it comes to a very large (in terms of code and use) piece of software, being able to trust the motivations and intent of the people behind it is also very important.
It’s now reached the point that I personally don’t feel I can trust the person leading the company, or the intent behind the software(s) the company makes.
Brendan Eich is a homophobe and an antivaxxer. It’s hard to trust in the common sense of a man who thinks in these ways.
Brave has been caught inserting affiliate links and ads that track and just recently of selling other people’s data. Any one of these things, taken in isolation is bad enough but this is now a pretty much established pattern of very questionable behaviour.
I also forsee a time when the browser is going to have to make some concessions to it’s Chromium base. I know they’ve said the change from Manifest v2 to 3 won’t affect ad blocking as their Shield won’t be an extension but built in and that they’ll also carry on supporting v2 but the issue goes beyond merely adblocking and they’ve been unclear on exactly how and for how long they’ll support v2. As long as they’re Chromium based browser, they are dependent on Chromium and the whims of Google developers. It’s hard to see a good future for Brave.
Librewolf with minimal extensions is the only browser one should use, but I must add that too much of restrictions will break websites. Like not allowing JS
Meh, most websites will still function if you use NoScript and only allow the most common scripts necessary for a site to function. Simply enabling the setting to allow scripts from the top level domain is enough for the average website to function. After about a week of enabling specific scripts from trial and error, you barely have to touch it anymore.
I use Librewolf daily, and for the most part, I have done the method of trial and error. However, it does become a pain if you have to do it for every website, especially if you don’t visit it often
One of the issues in its favor imo is it is the best in terms of obfuscating fingerprints. I can’t comment on the other aspects like how it supports itself via private measurement but I would argue its the least bad option if not moderately recommendable. I would still use your own VPN to obscure your IP and anything that needs to be anonymous with other options but as a daily driver, you could do a lot worse.
Changing your browser fingerprint without also masking your IP with a VPN is kinda pointless. It's like wearing a disguise but leaving your driver's license at the scene of the crime.
Most residential connections in my experience don't change ips unless you disconnect the modem/router for long enough to lose the DHCP lease from the ISP. I guarantee most people are not going to bother doing that.
This is just plain misinformation. Brave doesn’t replace in-site ads: it removes them. Brave ads are presented in system notifications, not in the sites. Also, you wouldn’t even need mitm attacks to do that anyway. Fucking liar
Looking into privacytests.org, the main developer behind it is someone who contributes to Brave source code. He may not be officially affiliated with the company, but it would be hard to ignore any sort of bias towards Brave.
I’ve been seeing a lot of techy “privacy” blog posts, even here on Lemmy. It’s a little annoying when they muddy up the waters like this. People new to privacy will come across them and head off in the wrong direction.
We need more comments calling them out and linking to proper resources. The site linked in this post even has a confusingly similar name to the actual recommended resource:
(And a quick sidenote: privacyguides is the same team from privacytools. There was a name change after the original owner for the domain came back and fought over the project. PrivacyTools is now a paid advertising site, and it is NOT recommended. www.privacyguides.org/en/about/privacytools/ )
Edit: while I’m at it, here’s the official community on Lemmy
Even Privacy Guides has its own set of controversy, where basically one group completely took over the community from its founder (who themselves wasn’t squeaky clean, either).
The article on privacyguides I linked above touches on some of this as well. I haven’t read through this one, but seems like the less verifiable one in a “x said y said” situation?
Tbh I don’t really care enough either way. But I would lean a little more towards privacyguide’s account of things, while I still don’t fully trust their judgement either. I can’t remember why now but there was something they were very fanboy-like over which I disagreed with, and since then I haven’t been following their advice, let alone their drama.
PrivacyTests actually started prior to him joining Brave. Brave contacted him, and used that resource as a kind of checklist, to try and improve their browser. Despite the guy now working there, it remains an independent project.
There is no clear indication of bias, from PrivacyTests, just accusations.
If the tools and tests ARE open source (which they are), they can be checked for bias/cheating. Someone could also expand (fork) upon them to give more of a rounded opinion.
A better defense against accusations of bias is a group or persons transparency.
Simply having an open source methodology and code base isn’t transparency either, since it takes a much, much deeper and more developed skill set to audit both software source code and testing methodology than it takes to raise an eyebrow at sus circumstances.
That website is run by an employee of Brave, who rates the privacy of browsers based on their default settings (which Brave tends to perform best in). If browsers prompt the user to select their privacy settings on a first run, he scores them based as if the user had selected the worst privacy options.
If he actually spent a few minutes setting up each browser, as is always recommended within the privacy community, that table will look a lot different. But then Brave wouldn’t stand out as much…
He’s launching a self-test tool, for anyone to use. It’s still unfinished (last time I checked), but tweaking some values doesn’t make a huge amount of difference. Where it does, he included a Browsers similar to those settings, pre applied (eg: Librewolf, Mullvad Browser). Plus by that logic you should also test Brave on Aggressive mode, which by default, is set to Standard.
Add comment