Can someone please explain why not to use Brave browser ?
An open-source privacy audit of popular web browsers.
https://privacytests.org rate Brave as the best browser.
What hasn't been said as explicitly yet: It being Chromium-based means there's tons of implementation details that are bad, which will not be listed in any such comparison table.
For example, the Battery Status web standard was being abused, so Mozilla removed their implementation: https://www.bleepingcomputer.com/news/software/battery-status-api-being-removed-from-firefox-due-to-privacy-concerns/
Chromium-based browsers continue to be standards-compliant in this regard.
And this is still quite a high-level decision. As a software engineer, I can attest that we make tiny design decisions every single day. I'd much rather have those design decisions made under the helm of a non-profit, with privacy as one of their explicit goals, than under an ad corporation.
And Brave shipping that ad corp implementation with just a few superficial patches + privacy-extensions is what us experts call: Lipstick on a pig.
God this is the answer I wanted. I could never put it all into words like you did. This answer, I'm stealing it.
Looking into privacytests.org, the main developer behind it is someone who contributes to Brave source code. He may not be officially affiliated with the company, but it would be hard to ignore any sort of bias towards Brave.
I've been seeing a lot of techy "privacy" blog posts, even here on Lemmy. It's a little annoying when they muddy up the waters like this. People new to privacy will come across them and head off in the wrong direction.
We need more comments calling them out and linking to proper resources. The site linked in this post even has a confusingly similar name to the actual recommended resource:
https://www.privacyguides.org/en/desktop-browsers/
(And a quick sidenote: privacyguides is the same team from privacytools. There was a name change after the original owner for the domain came back and fought over the project. PrivacyTools is now a paid advertising site, and it is NOT recommended. https://www.privacyguides.org/en/about/privacytools/ )
Edit: while I'm at it, here's the official community on Lemmy
Please use universal links
PrivacyTests actually started prior to him joining Brave. Brave contacted him, and used that resource as a kind of checklist, to try and improve their browser. Despite the guy now working there, it remains an independent project.
brave owns that domain, I believe. Of course they are going to rate their browser te best
Not exactly, the guy who runs it became a brave employee shortly after starting it. but they claim to continue to run it independently.
They were not rated that well in the beginning. Brave contacted the guy who runs the website and asked about the tests he was running, then patched their browser accordingly until it passed all the tests it does today.
just the non private mode protection from brave vs librewolf...
The product isn't all that bad, but the company behind it have proven they're not trustworthy many times over.
Their search engine is great... Never used the browser though.
I've been trying out the engine for a few weeks now. At first I was impressed, and Goggles are a neat feature. But somehow the more I use it the more I realise how much I am going back to Bing or Google because Brave couldn't show me even one useful result for a niche error or question. Maybe I'm doing something wrong but even using Reddit or forum Goggles sometimes it will show me only shitty article sites, more than Google does.
I don't run Brave because Brave runs a crypto scam right in the browser.
I don't care that you can disable it, I don't care that it might be the only way they found to make a buck out of free software: anyone who dabbles in crypto is instantly sketchy. And I don't want to run a piece of software as critical as a browser made by someone who's not 100% trustworthy.
I don't care that you can disable it
It's opt-in.
I wouldn't really call it a crypto scam if they aren't demanding or asking you buy it, just giving you free crypto
For further explanation of any point, please hit me up :)
TL;DR For most provacy concious Brave users, Brave is a step in their journey towards more privacy, and not the final destination.
[1] The "dumb AF tech youtubers" you mentioned in another post are typically the Brave hype crowd. This is not meant to discredit Brave; it's just that a share of their users are this way.
All good points but I'd like to point out that the first one is likely the biggest reason not to use it - it's based on Chromium and continues to give Google/Chrome the browser market share to dictate the direction of the web.
I’ve been using Firefox for years, and recently switched over to Brave because it was able to provide a unique fingerprint result on EFF’s fingerprint tool. Even if I used the same plugins, Firefox had a unique fingerprint.
I ignore all the silly crypto and ad bs. Why should I use FF over Brave
@Ado @LinusTorvalds The main reason I prefer FF is diversity of engine. Brave is based on Chromium, as are basically all other browsers but Safari. FF still uses their own rendering engine, and provides superb privacy as well. Given that @leo is also a proponent, I feel comfortable with #firefox.
If I were to switch browsers, though, it would be to #bravebrowser.
FIngerprinting is not super easy. E.g. you might have a 'unique' fingerprint with FF but if it changes every time, than I would consider it actually a privacy feature. Did you have the same addons installed on BRave and FF while testing (as Addons play a part in Fingerprinting)? And finally: A lot of fingerprinting techniques can be blocked before they even start (no JS, ...). I feel like your opinion is rather one-sided.
As to why FF> Brave: Basically the Chromium argument. Diverse engines are better for the health of the web.
So much with anything privacy comes down to trust. Any piece of software's technical ability to keep you private is of course important but when it comes to a very large (in terms of code and use) piece of software, being able to trust the motivations and intent of the people behind it is also very important.
It's now reached the point that I personally don't feel I can trust the person leading the company, or the intent behind the software(s) the company makes.
Brendan Eich is a homophobe and an antivaxxer. It's hard to trust in the common sense of a man who thinks in these ways.
Brave has been caught inserting affiliate links and ads that track and just recently of selling other people's data. Any one of these things, taken in isolation is bad enough but this is now a pretty much established pattern of very questionable behaviour.
I also forsee a time when the browser is going to have to make some concessions to it's Chromium base. I know they've said the change from Manifest v2 to 3 won't affect ad blocking as their Shield won't be an extension but built in and that they'll also carry on supporting v2 but the issue goes beyond merely adblocking and they've been unclear on exactly how and for how long they'll support v2. As long as they're Chromium based browser, they are dependent on Chromium and the whims of Google developers. It's hard to see a good future for Brave.
The man who is CEO is a shitter who gave us the blessing/curse that is JavaScript
They're relying on a cryptocurrency for growth
They use Chromium/Blink
Its the same guy who made firefox though?
He is
Chromium, Crypto, Trash UI
Brave as a browser is fine for now.
But they’re crypto bros with concerning views and it’s just yet another chromium browser.
We really have an issue with the monoculture of web browsers.
Damn, it really is a monoculture! I knew about this problem for years, but this is the first time, I had someone call it out as 'monoculture'. This is amazing, I'm stealing it!
That's just browsers with default settings. Firefox doesn't have a built in ad block, so it will always perform worse in that test. I guess FF + ublock origin + hardened settings (such as arkenfox) would perform like brave, if not better. For example, if you check android browsers, you see that Mull (a hardened fork of Firefox) performs great, even without ublock (that you can install as extension anyway).
Isn't that enough (default part). The vast majority of people won't change defaults.
Yes, I think that's the point. Most browsers can be hardened, easily or not, but only few have actually good defaults.
Judging by a default browser is also really misleading. Firefox is by far the most private with extensions, no competition.
What extensions would you recommend?
This is just my personal list
I go pretty hard core while making sure it "just works". People will mention LibreWolf, but the fingerprint resistance causes too much breakage for me. I install uBlock Origin no matter what, enable every single filter except the language lists. I install Dark Reader and set it to a timed schedule which is comfy for me.
Then I install NoScript then enable "Temporary set top level sites to trusted" and enable media under the trusted tab. This fixed majority of the breakage, but you sometimes need to tweak it. You can just not use NoScript if it's too much of a hassle, uBlock Origin does basically everything you need anyways.
Also of course if you're using stock Firefox, make sure to turn off analytics and telemetry in the settings, go to about:config and set pocket.enabled (or something like that, idr) to false. Then I set my default search to duckduckgo.
uBlock and the right Firefox settings is good enough in my opinion, you can go really crazy with just those two things but you'll also break a lot of sites, I found a middle ground that I like.
From the JDLR dept… notice how brave is listed first, and passes every test (except a very few)
This report just looks biased. Even if it is totally legitimate, and many users have pointed out how it isn’t , it looks biased.
It looks like every sales pitch for a product where they list everything their product does and how it’s better than the other things.
I vote librewolf
And under misc. tests, neither Mullvad nor Tor are identified as being Tor enabled? Say what now?
I agree it can look biased, until you check the initial of each browser.
What comes out ? They are listed by name.
Please forgive me, I'm going to keep asking this everywhere I can until hopefully get an answer.
I love librewolf and I want to use it, but I can't get it to render the symbols that some websites use to make their UI work. I've tried downloading fonts but they're all mapped to private use area. I think they need to be downloaded on a per website basis but librewolf seems to categorically refuse.
I really want to stop using brave and I honestly don't want to figure out arkenfox.
Since LibreWolf is libre software, it’s likely that a user has freedom to tweak this maybe via about:config. You just need to ask this directly in the LibreWolf community.
I think I know what you’re talking about, though. Perhaps CSS @font-face is forbidden, because many sites use Google fonts, which allows them to track you.
If Tor Browser is acceptable, give it a try. While TB too has very strict font restrictions to avoid finger-printing (so that a remote site may not know which fonts your system already has), web fonts are allowed by default. It’s relatively harder to distinguish/track individual Tor users, since TB hides your real IP & by default cookies are per session only.
LibreWolf shows your real IP, so it’s understandable and reasonable that it wants to be more careful about fonts. Still a user should be given freedom to do whatever, at their own risk. That’s what free software is all about, after all. Just a thought…
I’m not sure I understand… The symbols?
Could you give an example?
Librewolf has stuff cranked down for a reason putting privacy before usability
No it isn't. It's just listed in alphabetical order. It's not bias lol. People will see evil intent where just to confirm their own biases and beliefs.
Just install Librewolf
Why not Firefox?
Librewolf has privacy defaults and a few features that are different.
The website is run by an employee of Brave, but if you look past the order, even by their criteria Mullvad is ahead.
And Librewolf as well (except for blob isolation).
Librewolf and Mullvad does the same thing Brave does, and doesn't contribute to Google's monopoly on the web by using chromium.
The author of the site works for Brave. The results need to be taken with a grain of salt. Is is more private than Chrome? Absolutely. Is it the best browser for privacy? Ehhh...
It’s a free country, you can use whatever you like. Respect yourself and your own intuition :)
The current situation (summer July–Sept 2023) is, you better switch to any browser that is not Chromium-based. The reason is “Web Environment Integrity” (WEI), which seems to mean, basically, Google is trying to DRM-lock the whole Internet to make sure you see their ads and they can track everyone. Freedom-loving users obviously don’t like that.
At the same time Firefox is getting more and more annoying, yet it’s better than Google. A safe bet for a general user might be LibreWolf. Another new option is Mullvad Browser.
Firefox's answer, at the bottom of the article, smells like pure BS to me. Disabling an extension with something like a full browser-modal pop-up to warn users of the possibility of an untrustworthy Extension? Sure, fine, whatever, and maybe make that warning capable to be disabled by default, but why make the decision for us - silently - that Extensions are not to be trusted? Do we trust the website that asks if we pwetty please should allow the showing of ads, or maybe the malware provider that please should just disable all security Extensions and allow their malicious code to run, if you would be so kind?
I can think of one use for this: to disable malware to substitute clicking on a link to install your Extension of choice with one of their choice instead - although isn't the Extensions store already treated specially by default anyway?
Otherwise, I don't favor taking control away from the users. Especially if users cannot disable this new "feature". There is far too much potential for misuse of this.
Which will fragment the Chrome & Chromium-alternative market further, if people cannot trust Firefox anymore.
Which will slow development of alternatives to Chrome.
Which only benefits Google.
You can absolutely disable this feature, Mozilla provides instructions for how in their article https://support.mozilla.org/en-US/kb/quarantined-domains
Sadly my experience is that when it comes to security measures, user control often runs contrary to security. While we definitely should have the choice, you have to make it a bit difficult and non-obvious to disable security features, or people will unwittingly disable them for all sorts of bad reasons.
Brave will not support WEI
That is correct—or at least they said so. Brave might be an option too, except if you open their pages, analytics.brave(.)com may be loaded instead of google-analytics(.)com…
I agree that their search engine may be sometimes helpful. Having their own index is awesome.
While I don't completely understand the use cases for Mozilla's add-on domain blocklist, I also don't see any reason to assume malicious intent. Malicious add-ons are a very real and serious threat and it's obvious that Mozilla need a way to quickly and remotely protect users. Doing so on a domain level is much less impactful than completely shutting down an add-on.
Since it is obvious to the user if this is triggered, and the user has the option of disabling it per add-on or completely, what's the real problem?
(That said I think it's great that people are being skeptical even of Mozilla)
Edit: Sorry I misunderstood how this is displayed, it is not as obvious as I thought. Hopefully this will be improved. Though doing so might come with the drawback of making unwitting users more likely to disable the protection.
The current use cases are for Brazilian banking sites. Although free (libre) software users don’t like to be remotely monitored their browsing real-time, the technology itself can be helpful if used right.
The context is, even though Firefox is getting more and more annoying with telemetry, phoning home, etc. (imho the last good version was v52 ESR), it is still much better than Google. So use Firefox, if you don’t like other options.
Mozilla is financially supported by Google, and perhaps they can’t continue their projects without Google, so it’s kind of inevitable that sometimes they have to support that giant. Nevertheless, they still try not to be evil, explicitly against WEI.
Please do support Firefox and/or its forks (LibreWolf, Tor Browser, …). Stop cooperating with Google. They can do evil things because of their monopoly power. We can make Google less powerful, if we refuse to use their products, if we escape from their privacy-invading services.
It's a few months yet till summer, although it will be a hot one by all indications, it's warm enough now.
Sorry, fixed that North hemisphere-centric expression. Next time I’ll be more careful. Thanks for pointing that out.
it is not even true that "privacytests.org rate it as the best", if you look close enough, librewolf is best rated, which is an amazing browser BTW.
The owner being a homophobe would be reason enough for me even without the crypto/affiliate link scandals
Librewolf with minimal extensions is the only browser one should use, but I must add that too much of restrictions will break websites. Like not allowing JS
Meh, most websites will still function if you use NoScript and only allow the most common scripts necessary for a site to function. Simply enabling the setting to allow scripts from the top level domain is enough for the average website to function. After about a week of enabling specific scripts from trial and error, you barely have to touch it anymore.
I use Librewolf daily, and for the most part, I have done the method of trial and error. However, it does become a pain if you have to do it for every website, especially if you don't visit it often
That was recently fixed. It should not be a concern now
There is a summary linked here also: https://lemmy.ml/post/4077614
All the code is opensource and no one has ever raised a privacy alarm in a merged pull request. There's nothing to fear
People don't like the creator of Brave because he's supposedly anti-trans. He donated to some anti-trans political group iirc.
The browser also has some crypto stuff (web advertisment replacement, block chain based decentralized browser sync), and a lot of people hate crypto these days.
Personally I think it's a good browser, the web needs advertising revenue to function and it's solution to replacing web ads with optional browser ads that still pay the websites you visit seems like a decent solution. I respect the push to use a non-chromium browser, but personally I rely too much on browser tab groups to use anything Firefox based.
It wasn't specifically anti-trans, it was donating to a cause looking to block same sex marriage as a whole, which obviously isn't any better
I respect the push to use a non-chromium browser, but personally I rely too much on browser tab groups to use anything Firefox based.
Out of interest, are your needs not covered by Simple Tab Groups or Tree Style Tab? Both are monitored by Mozilla as "Recommended Extensions".
I've tried both of those, tree style tabs kinda works, but isn't ideal. It's also not an option on mobile at all, and I prefer to use the same browser for mobile and desktop for tab sync/etc.
I used Firefox on desktop and mobile for a few months this past year, but never got as nice of a work flow going as I had with Brave. Then a Firefox update for mobile broke the browser for a week or two (crashed on launch, resetting app data/reinstalling didn't help) and I went back to Brave, and realized how much I missed tab grouping and some other stuff.
I'm keeping Firefox installed, and I'd be happy to switch back someday if tab grouping gets ported over.
To anyone wondering about the whole "homophobe thing", here is a (hopefully neutral? If you have different sources please share them as well!) wiki link to the drama.
I don't use Brave simply because it's too buggy. Half the websites I visit don't load properly.
This isn't an endorsement for brave, but the websites aren't loading properly because they are full of the trash that brave blocks, not due to bugs in the browser.
Follow up question.  I’ve been using ff since probably 20 years or so but for some sites (usually work related) that demands chromium based browser I use brave since I don’t know what the “least bad” chromium browser is. Any insights?
Thanks. I’ll look into this
I use Brave as recommendation for my friends still using Chrome, since I tell them it’s built on the same code. Most of them are so scared to leave Google’s toxic ecosystem that they think just installing LibreWolf will get them on a gov watchlist, hell they’re probably right. 🫢
One of the issues in its favor imo is it is the best in terms of obfuscating fingerprints. I can't comment on the other aspects like how it supports itself via private measurement but I would argue its the least bad option if not moderately recommendable. I would still use your own VPN to obscure your IP and anything that needs to be anonymous with other options but as a daily driver, you could do a lot worse.
Looks scam to me. Tooooo much X on chrome, some even hardly possible.
No chrome is just that much of a spyware tool.
No broooo noooo
Recently tried moving from Chrome to Firefox, and found that on some websites, Firefox bogged down like I'd never seen it do on Chrome, to the point of making some sites like Mastodon Advanced Web interface, and Tumblr, unusable, no matter what I did. Downloaded Brave after seeing this post, imported all my settings, and both those above mentioned sites are behaving normally again, so until Google does something to break all chromium bases browsers I think I'll be checking out Brave for a while, really wanted Firefox to work, but it just didn't
I suspect something else is going on there. I made that switch years ago and haven't found a site that doesn't play nice with Firefox in that time.
A sidebar on some service's website wouldn't scroll on Firefox and I got an arrogant response from the devs, basically “we test on Chrome and Safari, use a mainstream browser”. Too bad I didn't know enough HTML back then to recreate the div and report the issue to Mozilla.
Lol really? Working for me without any issues.
hopping on the bandwagon, firefox works fine for me on the mastodon advanced web interface. Maybe you could try waterfox or librewolf?
Yeah, no such problem running Firefox here...
