I’ve been using Brave for the past three or so years but I do know that Linux/privacy enthusiasts tend to swear by Firefox. Wanted to get people’s thoughts on this topic to see if I should be making a potential switch. Thanks!
I haven’t done an audit of either but here are some points to consider:
- Brave is built on top of chromium, so it “by default” exposes lots of new APIs that Google is introducing that make fingerprinting easier if not outright invade your privacy. For example see https://mozilla.github.io/standards-positions/ and look at the “negative” items. Many of them such as Web NFC, Web Bluetooth and WebUSB API are against because they don’t have adequate protections against fingerprinting or other privacy or security concerns. Brave seems to do a pretty good job removing or disarming these APIs but they are basically trying to keep their balance on a shaky and antagonistic foundation.
- On a similar note Google pushing these APIs work because of the greater market share. Again, derivatives can provide some resistance by disabling these APIs but unless all of them block the same APIs they will still be available widespread. So using a Chromium-based browser harms the entire web over time by allowing Google to have control. Right now Firefox (and derivatives) and Safari are the only browsers that you can use to truly oppose Google’s control over the web platform.
As hard as it is for me to admit, and based on some tests, Brave had better fingerprinting resistance than Firefox. I don’t trust the guys behind Brave, but their product is good.
By default? I think so.
(these test are done with browsers at their defaults). Librewolf is on par with Brave, but I vehemently hate its interface and refuse to unfuck it wasting my time on CSS.
I’m on Brave as well since 2021, after almost 20 years of being an avid FF user and supporter. I don’t like how FF is evolving and what Mozilla is doing and I don’t buy the “Chromium domination” argument. If the sole reason to use FF is that “it is not Chromium”, well, the developers aren’t doing a great job.
However, let’s be real: privacy on a browser matters until you go to whatever website that track you on the server side (Google/Facebook/Youtube/Whatever), or when you write an email from from you Gmail account, or when you buy stuff on Amazon… And so on. Just use the browser that works best for you and don’t be paranoid.
Don’t forget that https://privacytests.org/ is run by a Brave employee!
That hasn’t do anything with the results. You can test everything yourself. Techlore also made a interview with him.
As I said in another comment, if you work for Brave you’re probably going to write tests that play to Brave’s strengths
There is enough evidwnce that this is wrong. I would recommend to watch Techlores Interview too.
Are you telling me that you don’t think a Brave employee would write tests based on the areas of expertise they have, that they may well already have implemented fixes for? Or, on a more sinister level, do you think Brave would allow their employee to have a web page up that made their browser look bad?
I’m not trying to be agro here, I’m just pointing out that you can’t really consider this an unbiased source even if you are happy with all the tests!
I would suggest checking the Interview that Techlore made, he ask the owner of the site similar questions.
Brave has tried one scam after another before. I wouldn’t trust it for a second for any use.
Please provide any evidence for your false claim.
Depends on what you call a scam. I am not sure it’s the right word, but duplicitous behavior and definite privacy violations (even if by negligence) are absolutely true.
They have sent out direct mailers that basically equated to a customer list leak; also I’d take a peek at the wikipedia entry about their business model, which mentions some stuff that isn’t the most savory:
… Brave earns revenue from ads by taking a 15% cut of publisher ads and a 30% cut of user ads. User ads are notification-style pop-ups, while publisher ads are viewed on or in association with publisher content.
On 6 June 2020, a Twitter user pointed out that Brave inserts affiliate referral codes when users navigate to Binance
In regards to the mailers, they messed up and passed blame,
In this process, our EDDM vendor made a significant mistake by not excluding names, but instead including names before addresses, resulting in the distribution of personalized mailers.
With regards to the CEO, he made a donation to an anti-LGBT cause when he was CEO of Mozilla in 2008. He lost his job at Mozilla due to his anti-LGBT stance.
He also spreads COVID misinformation.
Tbh. Mozilla wasn’t better in the past and as long it doesn’t affect the product I don’t mind the political views of the owner (it’s still concerning). As long Brave can provide me better privacy and security for my daily browsing I will continue using and recommending it. And listening to Wikipedia he stepped back, by himself.
Not OP, and these aren’t scams as such, but there was some controversy with Brave inserting affiliate links within web pages and also hijacking links to redirect to other URLs that would earn them money.
The CEO also has some controversial views on the Corona virus and LGBTQ rights.
The CEO was before CEO of Mozilla lmao, but stepped back, because the entire Internet hated Firefox, because of his political opinion.
The CEO also has some controversial views on the Corona virus and LGBTQ rights.
Completely unrelated to “security” or “privacy”.
I disagree, especially from a privacy perspective. Just as an example, if the CEO of the company goes on a full power trip (Elon, for example with banning users/censoring content that doesn’t align with his views), whose to say they won’t include nefarious changes to their product or service that could jeopardise users they don’t agree with, or start handing over data of their users?,
I’ll need to find the article again, but if I’m not mistaken in my recollection, I recall reading about an app collecting and handling over data to anti-abortion organisation.
Not the point. Using a chromium browser is a vote for Google domination of the web. Just no.
Brave is more secure, in terms of safety, because it’s base on chromium and has unique Privacy Features. If you won’t use Brave, LibreWolf or hardened Firefox is ur best choice.
Brave is so unsecure because it uses chromium. The only unique thing i saw on brave was the crypto miner included. Chrome can easily just change terms so that brave looses his licence for chromium. Firefox is more secure in the way it is more secure, because they are not focused on stealing your data and there is librewolf yeah that one is open source and is the most secure of those 3
While Chromium itself is a very solid platform, and correspondingly Chrome is a hard exploitation target, it’s quite easy to screw up a fork of it. Comodo Secure Browser was a chromium fork that was fixed to an old version of the renderer with known security issues and was built to disable the sandbox. It also added libraries that were compiled without ASLR that worsened security for every application that loaded them.
Chrome has an enormous security team behind it in addition to P0, so bounties on Chrome exploits are around $500k. FF bounties are a fifth of that, which is probably a portion of less security, and a portion of lower target market. Brave could be doing terrible things that without an audit would be unknown. Web3 code is pretty terrible on the whole, so adding that to a secure base may not be great…
Short version: Firefox on desktop, something chromium-based on Android. See https://www.privacyguides.org/en/tools/ for the long version!
I did not find any justification of why they arbitrarily did not considered Gecko browsers in privacyguides. They just made that statement. I am not surprised that certain chromium browsers are more secure simply because Google has a bigger budget, but I did not see any justification for it. Then again the EFF will say that Tor Browser is better then Brave so we can argue about these minor points forever.
Then again none of that minor stuff matters to me. I care more about the goals of the organizations themselves and I am not convinced that any of the Chromium browsers take us down a sane path. So I will be staying with Firefox thank you very much.
On Android, Firefox is still less secure than Chromium-based alternatives: Mozilla’s engine, GeckoView, has yet to support site isolation or enable isolatedProcess.
From this page (which has links to Mozilla if you want to read more)
Thanks, I did not see that before.
Other interesting thing is that about:config is disabled on mobile except maybe nightly. Wonder why?
The other advantage of Brave is that it is more secure out of the box. From privacy point of view that should be better at blending in to the crowd depending on user base size. In Firefox I usually add an extension and configure it and some about:config settings. Somewhat minimal but probably quite unique.
Not sure about
about:config
, though it’s the kind of discussion that pops up in !privacyguides@lemmy.one so you might have better luck asking there.I never know what to think of Brave. They do seem to have some serious privacy tooling available, but they also seem to get up to so much dodgy behaviour when it comes to money that I don’t really trust them.
Browsers are very complex and fast moving tech. This means expensive. This implies professional paid staff. Then comes how to raise money. The big companies have revenue streams. Smaller groups have to do it any way they can which is always compromising something.
Mozilla too makes compromises… setting default search to places I would not use. Trying to offer a subscription set of services which is actually not a bad plan but is not exactly to the point. So I trust them more and want to see them succeed but they have challenges too.
Some ways huge parts of tech relies on questionable income streams including the tracking, ad, and personal information broker business. Google of course but Mozilla is funded largely by Google as far as I know. Apple may get similar funding but larger. Microsoft even in Windows installs crapware from partners. So it is everywhere. HP laptops typically do too.