Study finds Brave to be the most private browser
Are you concerned about your web browser sending data back to the company that created it? A new study, Web Browser Privacy: What Do Browsers Say When They Phone Home?, looked at the six popular desktop web browsers Google Chrome, Mozilla Firefox, Microsoft Edge (Chromium-based), Apple Safari, Brave, and Yandex, to uncover what these browsers send back to the mothership.
If you just want the result, the study found that used out of the box, Brave "is by far the most private of the browsers studied" followed by Chrome, Firefox and Safari. Brave is the only web browser that did not use identifiers that allowed tracking of the IP address over time and did not share details of web pages visited to backend servers.
Chrome, Firefox and Safari used identifiers that are linked to the browser instance that persist over sessions and all three share web page details with backend servers via the browser's search autocomplete functionality.
The study found the Chromium-based Microsoft Edge web browser and Yandex to do worse than the other browsers of the test. Both send identifiers linked to the device hardware which means that the identifier persists even across installations. Edge sends the hardware UUID to Microsoft, and Yandex transmits a "hash of the hardware serial number and Mac address". Both also appear to send web page information to servers that "appear unrelated to search autocomplete".
The researcher logged all network connectivity on the devices the browsers ran on. Chrome connections using QUIC/UDP had to be blocked so that the browser would fall back to TCP. To inspect encrypted data, mitmdump was used and since leftovers can be an issue, extra care was used to delete all traces of previous installations from the systems.
The test design was repeated multiple times for each browser.
- Start the browser from a fresh install/new user profile.
- Paste a URL into the address bar, press Enter, and record the user activity.
- Close the browser and restart, record network activity.
- Start the browser from a fresh install/new user profile and monitor network activity for 24 hours.
- Start the browser from a fresh install/new user profile, type a URL and monitor traffic.
The conclusion
For Brave with its default settings we did not find any use of identifiers allowing tracking of IP address over time, and no sharing of the details of web pages visited with backend servers. Chrome, Firefox and Safari all share details of web pages visited with backend servers. For all three this happens via the search autocomplete feature, which sends web addresses to backend servers in realtime as they are typed. In addition, Firefox includes identifiers in its telemetry transmissions that can potentially be used to link these over time. Telemetry can be disabled, but again is silently enabled by default. Firefox also maintains an open websocket for push notifications that is linked to a unique identifier and so potentially can also be used for tracking and which cannot be easily disabled. Safari defaults to a poor choice of start page that leaks information to multiple third parties and allows them to set cookies without any user consent. Safari otherwise made no extraneous network connections and transmitted no persistent identifiers, but allied iCloud processes did make connections containing identifiers.
From a privacy perspective Microsoft Edge and Yandex are qualitatively different from the other browsers studied. Both send persistent identifiers than can be used to link requests (and associated IP address/location) to back end servers. Edge also sends the hardware UUID of the device to Microsoft and Yandex similarly transmits a hashed hardware identifier to back end servers. As far as we can tell this behaviour cannot be disabled by users. In addition to the search autocomplete functionality that shares details of web pages visited, both transmit web page information to servers that appear unrelated to search autocomplete.
Closing Words
The researcher analyzed the default state of the browsers and found that Brave had the most privacy friendly settings. At least some of the browsers may be configured to improve privacy by changing the default configuration, e.g. disabling autocomplete functionality.
Now You: what is your take on the study?
I think there are browsers that are much more private. The best browser for privacy is a browser with a preinstalled web proxy. Web proxies can help you bypass geo-restrictions and access content. Browser from UtopiaP2P ecosystem can provide you quick and anonymous access to any website.
Is chrome more private than firefox browser?
lol ..all this argument for nothing. Lets be honest here folks …all browsers do track their users…this is just a matter of who is doing less tracking…this is how all this browsers survive by tracking every one on line…it is their main income…if you think otherwise you’re a fool.
These LONG comments and often pointless arguments make me wonder: why would someone spend so much time with doing such?
Here’s the only reasons I can think of:
1) They are crazy.
2) The are getting paid.
3) The are devotees of some tech cult.
4) They are self-proclaimed tech messiahs.
5) They have some ulterior agenda.
6) The are psychopathic trolls who enjoy writing extraneous blather.
8) Some combination of the above.
Regardless of the reason(s), it sure can be an entertaining spectacle sometimes.
Thanks!
For anyone – Who thinks that Pale Moon is a secure alternative… Stop recommending it, the browser seems to be undone soone!
https://www.reddit.com/r/palemoon/comments/fk4fnl/attention_palemoon_is_going_to_die_most_likely/
More information here:
https://forum.palemoon.org/viewtopic.php?f=1&t=24004
https://freenode.logbot.info/binaryoutcast/20200314
Just wanting to say. As there is no fresh engine for them and this Google webcomponent thing seems too big, they are highly losing motivation and faith in their own survival.
Something vital which HAS to be shared for all who may still use Pale Moon!
I’d hoped to tip the ghacks.net site while using Brave, but no luck as apparently ghacks.net is not an associated site for BAT token purposes.
I was not aware of that setting, thanks for the precious information!
I did as you told… Extensions folders were erased at first restart!
That’s just another reason to avoid spygoogle products, and no, at the moment Brave is not more privacy respecting than any other chromium bigbro’browser or FF.
Well, that’s my PoV.
p.s.: in FF config you can disable xpinstall.signatures.required and extensions.blocklist.enabled.
@SpywareFan
> I was not aware of that setting, thanks for the precious information! I did as you told… Extensions folders were erased at first restart!
Well, which browser do you use? There are many Chromium-based browsers, saying “It didn’t work for me!” actually isn’t saying much. Anyway, there is yet another workaround:
https://old.reddit.com/r/chrome/comments/2ru1uy/help_extension_content_verification_can_it_be/cnk4t63/
> That’s just another reason to avoid spygoogle products, and no, at the moment Brave is not more privacy respecting than any other chromium bigbro’browser or FF.
Well, but Brave is more privacy-respecting: All it sends home is some basic telemetry and crash reports if you allow it, both can be disabled in the settings easily. Compare this to the kind of data Firefox and Chrome collect. Chrome itself can’t be silenced, while Firefox can, but with Firefox the amount of work you have to put in to achieve a somewhat privacy-respecting browser is substantial.
> in FF config you can disable xpinstall.signatures.required
In FF ESR, FF Developer Edition, and Nightly: Yes. In the ordinary release version, setting this to “false” has no effect.
> and extensions.blocklist.enabled
Well, yes. By default it is enabled, though. And by disabling it you are making a privacy vs. security tradeoff, since actual malicious extensions are on that list, too.
Oops, I forgot that I use and install on other PC’s FF 68.4.1ESR with GPO’s (newer versions sucks a lot)…
I only install gorhill extensions, since I block all connections to spygoogle servers (and other offenders) by default I need to install them manually, obviously for other people I won’t use the developer mode if not explicitely requested.
The solution was to move extensions from default\extensions to another folder, but it triggered the “disable developer mode extensions” pop-up… Yes, it’s gooogle to the bone! XD
https://github.com/brave/brave-browser/issues/1432
-Tested in both ‘Jaro and M$ w/o webextensions-
On Spydows 10
Services:
Brave Update Service (brave)
Brave Update Service (bravem)
Tasks:
BraveSoftwareUpdateTaskMachineUA
BraveSoftwareUpdateTaskMachineCore
Connections made by the browser:
-IP ranges
104.26.0.0-104.28.255.255, 151.101.0.0/16 (cloudflare, fastly)
-Addresses
updates.bravesoftware.com
*updates.brave.com
*updater.brave.com
p3a.brave.com
static*.brave.com
*updates-brave.com
crlsets.brave.com
safebrowsing.brave.com
Anti privacy/security settings:
allow google logins
allow facebook login
allow twitter embedded tweets
search: google
hangouts
webtorrent
save and fill payment methods
save and fill addresses
continue running background apps when brave is closed
Uninstallation leftovers: installation folder and services!!!
I’ve monitored connection attempts with WShark and Eset FW, with privacy settings enabled on this website Brave reported to have blocked nothing, while FF reported to have blocked all tracking cookies.
…But I have to dig deeper using the ‘Jaro machine (with no personal data stored)…
It’s more “private” than spyChrome? Maybe…
It’s more “private” than spyFox? With the right settings NO, with default settings maybe…
I’ve seen different phoning home, but it’s always phoning home.
I’ve seen startup tasks and automatic services (things that I don’t like for security reasons).
Probably I will reccommend it to spyChrome users that hate what FF has become, but I still prefer the about:config and userChrome.ccs power (until it lasts).
From my PoV in a browser privacy=security and viceversa, I see no winners, except Raymond.
Best regards.
@SpywareFan
> Oops, I forgot that I use and install on other PC’s FF 68.4.1ESR with GPO’s
Firefox ESR is better than the release versions at least, in that it only has to be de-spywared once per year.
> (newer versions sucks a lot)…
What will you do when Firefox 68 ESR support runs out?
> The solution was to move extensions from default\extensions to another folder, but it triggered the “disable developer mode extensions†pop-up… Yes, it’s gooogle to the bone! XD
Well, yes. It is Chromium, except that it doesn’t phone home to the Google mothership.
> Connections made by the browser: (…)
The fastly domain is Brave’s update server, so this is legitimate. Make sure that you also get rid of telemetry, Safe Browsing, and crash reports in the “Advanced” settings. Scroll down the settings page until you see “Advanced”.
> search: google
Depends on your country. In my country DuckDuckGo is the default. Anyway, it takes few clicks to change that.
> Uninstallation leftovers: installation folder and services!!!
Firefox leaves behind its entire profile folder as well, if you uninstall it. Not saying that this is good, just saying that all browsers I know of do that.
> I’ve monitored connection attempts with WShark and Eset FW, with privacy settings enabled on this website Brave reported to have blocked nothing, while FF reported to have blocked all tracking cookies.
Brave doesn’t block 1st party cookies, ads and trackers, only 3rd party ones. This being said, my Brave Shields block 5 trackers on gHacks, while uBlock Origin blocks 2 (the first party ones). All filter lists enabled on both. Have you made sure that you have enabled all Brave adblock lists under the hamburger menu -> Adblock?
> It’s more “private†than spyChrome? Maybe…
Most definitely…
> It’s more “private†than spyFox? With the right settings NO, with default settings maybe…
With a few settings changed Brave is very private. Making Firefox private takes much more effort. I mean, go to about:config and search for “telemetry”… A myriad of settings will appear, and we are not even talking about Firefox Experiments and Google SafeBrowsing yet. The range of connections Firefox establishes by default is also very high.
> I’ve seen startup tasks and automatic services (things that I don’t like for security reasons).
That’s the updater, I suppose.
> Probably I will reccommend it to spyChrome users that hate what FF has become, but I still prefer the about:config and userChrome.ccs power (until it lasts).
You know, Mozilla plans to gut both user.js support and userChrome.css support, I suppose both will be gone by the end of the year. There is not much reason to use Firefox past this point, and I don’t even use it now, because configuring it to respect my privacy (which Mozilla says it does by default, what a joke) is too tiresome for me. And as I said, its capabilities will only grow smaller.
The best browser in terms of not-being-spyyware is probably Ungoogled Chromium, it makes zero unsolicited requests out of the box. You may consider it, but I wouldn’t recommend it to noobs (has to be manually updated, adding extensions is not noob-friendly).
> From my PoV in a browser privacy=security and viceversa, I see no winners, except Raymond.
I do respect Raymond Hill, but IMHO the Nano Adblocker is a bit better. Honorable mentions should also go to the EFF devs (HTTPS Everywhere, Privacy Badger) and the Decentraleyes developer. I trust all of these.
Brave/Iridium and all Chromium browser: enjoy your google spyware! (just remember that you need to allow connections to google server to prevent your webext from being erased (extension content verification can’t be disabled).
FF w/o MozzRedQueen is what we need! ;)
“FF w/o MozzRedQueen is what we need! ;)”
Agreed, market share is now below 8% and shrinking, nice job Trampolina.
@SpywareFan
> enjoy your google spyware!
Enjoy your Mozilla spyware! Seriously, Firefox phones home a whole lot more than several Chromium-based browsers. Username checks out.
> (just remember that you need to allow connections to google server to prevent your webext from being erased (extension content verification can’t be disabled).
That’s BS, buddy. Chrome extension list –> Activate developer mode, then paste chrome://flags/#extension-content-verification into the address bar, press enter, select the “Bootstrap” option.
With all that being said, take a look at Firefox: Extensions need to be signed in order to run, except if you use the ESR version (which few people do). Their insistence on the signing requirement led to this embarassing incident:
https://www.ghacks.net/2019/05/04/your-firefox-extensions-are-all-disabled-thats-a-bug/
Mozilla maintains a blocklist, which Firefox downloads by default. By putting an extension on the blocklist for whatever reason, they can remove it from your Firefox installation easily, too. And needless to say, they also know which exact extensions you run, whenever your extensions check for updates.
> FF w/o MozzRedQueen is what we need! ;)
Yeah, but even if a better CEO were at the helm of Mozilla all of a sudden, he / she would still face problems:
1) Firefox’s market share is so far gone that a turnaround is unlikely even with competent leadership; that their “competitor” and sponsor Google has several major services of the web under its wing doesn’t help, either.
2) Mozilla depends on Google’s money to exist, so even if competent leadership were to take over, the freedom of decision making would still be as limited as it was before.
Not surprising at all, Brave implements proxy filtering the others don’t. You get a nice freeby with Brave. It’s easy to do with any browser at the system level or with extensions but the others, excepting a few such as Ungoogled Chromium, don’t offer it natively.
It would be interesting to see how much each browser can be shut down with just browser tweaks.
Privacy is best pursued outside browsers.
Has Opera’s CEO or whatever he’s supposed to be been put in jail yet? All all his usery apps still in the Play Store?
When browsers were something new, all the cool kids used Opera. Hah!
@ULBoom
> It would be interesting to see how much each browser can be shut down with just browser tweaks.
Ungoogled Chromium is extremely nice out of the box already (probably the best, literally zero unsolicited requests). I would use it, if it only could update itself. I think they threw the baby out with the bathwater here, gutting automatic updates is nuts when it comes to a browser.
Brave can be locked down easily as well, from its own settings. There is not much to shut down in the first place, so this is good. I use Brave because Ungoogled Chromium became too tiresome to update, at least as far as I’m concerned.
Firefox does phone home a lot out of the box, you have to invest a substantial amount of time to lock it down, and even then Mozilla adds new phoning home anti-features with almost each major update. If I had to use it (luckily, I don’t), I would probably go with the ESR version, as it only changes once per year, so the deactivating of the anti-features also has only to be done once pear year. Pale Moon and Basilisk are better out of the box, but lack behind in terms of web standard support.
Iridium and IceCat are good, but I don’t consider them worth mentioning until they are able to provide updates more often than they do now.
That’s how I see the browser landscape. As for browsers I would never use: Google Chrome, Opera, MS Edge, Yandex, Vivaldi (’cause closed source), and Firefox (non-tweaked).
Martin,
Have been using Brave since last year and find it the best browser to fit my needs. It blocks close to 100% after checking from Hitman Pro and MalwareBytes, plus the added enjoyment of being ad free.
Also using BrowsingHistoryView by Nirsoft.net but unable to export browsing history in Brave as it is the only browser not listed in their settings. Do you have any suggestions??
Keep up the good work!!
Thanks to Martin series of great articles I’ve updated my browsers
For all each search ‘autocomplete’ in about:config. Toggle settings!
Firefox 68+
Updated to uBlock Origin v1.25.0 which includes cname protection
Palemoon
added https://hostfiles.frogeye.fr/firstparty-only-trackers-hosts.txt
to https://github.com/gorhill/uBlock-for-firefox-legacy to filter lists—Custom
Waterfox
Added frogeye cname file as with Palemoon
Uninstalled dicey 2020 distributions using Synaptic Package Manager.
Uncompressed portable 2019.12 release into my Download directory. Created icon in sandboxed Firetools applet.
No more questionable ad/spyware ‘upgrades’. (Remember Alex stated there would only be security upgrades anyways right before the browser build process was transferred). 2019-12 build is my final version and then only for secondary usage.
Being unable to post a comment for this article because I posted a comment for another article the day before… posting “too quickly” …really? …two different articles?
There’s something wrong with your policies.
A truly stunning level of corruption in this reporting – Chrome gets brutally firewalled and they call it “out of the box”. Brave happily builds a local database that gets transmitted when it updates its advert repository and that just gets graciously ignored. They never even look for stealthy transmissions a la curl either.
This kind of “journalism” is kind of bound to exist, there have to be all types, but why oh why did the once great Ghacks have to become this kind of fake news agency?
I suggest reading this article on CNAME Cloaking and how private browsers arent really that private.
https://medium.com/nextdns/cname-cloaking-the-dangerous-disguise-of-third-party-trackers-195205dc522a
Every post ‘it’ gets a MozCo badge with Asa Dotzler’s face on it.?
Every 10 a MozFest 2020 reserved personal bean bag ?
The other day on the internet out of the first 10 comments
>>>
Iron Heart said on February 26, 2020 at 7:15 am
Iron Heart said on February 26, 2020 at 7:22 am
Iron Heart said on February 26, 2020 at 7:26 am
Iron Heart said on February 26, 2020 at 7:35 am
Iron Heart said on February 26, 2020 at 7:39 am
Iron Heart said on February 26, 2020 at 7:47 am
<<<
Holy shit, a fanatic is on his crusade … and that is just the beginning of this day ;~)
@99
> Holy shit, a fanatic is on his crusade … and that is just the beginning of this day ;~)
Holy shit, a Mozzarella Firefox fanboy creating a time protocol of my posts. I have nothing to hide, and it seems that you are in need of a hobby.
@Iron Heart: +1
So, what would happen if i activate autocomplete functionality in Brave?
I think Brave’s ad model is the BEST solution for now which will let let ad-supported websites live while keeping user’s privacy. But I didn’t like that it uses Chromium engine. No browser that claims to be privacy focused, supporter of monopoly-free internet shouldn’t use Chromium engine.
@Swat Valley: that’s nonsense. Chromium is open source so privacy violating code can be stripped out, like Brave, Ungoogled Chromium and Dissenter browser can do and do do. Therefore
there is absolutely no reason why that engine should not be used.
I spent nights modifying brower’s settings, but this out-of-the-box review is useful because it says what direction various devs take with their products. I can choose to make a pact with big brothers like google or yandex. I can choose to use Vivaldi that has a unique ID on every single installment. I can choose Mozilla that’s partnering more and more everyday. Or I can choose Palemoon, My Pal, Seamonkey or K-Meleon.
It really should have been noted in the article that the study was performed on MacOS, and that results on other operating systems would not necessarily be the same.
Brave may be more private out of the box, but it can never reach the level of custom firefox, as it does not have advanced privacy features such as third party isolation.
Chromium does have 3rd party isolation called “strict site isolation”
A browser that claims to support your privacy, but also contains a TORRENT CLIENT, can not be said to be any more than a malicious joke. ONE CLICK in the wrong place……
Since I don’t use browsers with their settings all at the default, “out of the box” comparisons like this don’t tell me what I want to know.
It’s not really for people like us. It’s for the *vast* majority of users who install a web browser and maybe touch the theme, and that’s it. For them, Brave Browser is the best out of the box.
@Apparition:
Of course. I was just answering the question in the article “what is your take on the study”. My take is that it doesn’t tell me anything that is meaningful to me, and so is of no value. That in no way implies that it isn’t meaningful to others.
I notice that Epic Browser wasn’t included.
I’ve been trying it for about two weeks and I like it. Yes, it’s another Chromium cousin, but several reviewers I’ve read prop it up against Brave and in tests it surpasses Brave. In fact, default settings are very restrictive, you have to go into settings and open the doors you want open. I like that . I’d rather have Epic protect me and let me choose what gets through than everything being open and I have to choose what to close.
Opera and Vivaldi would have been more interesting than Yandex.
Also, a comparison when you (a) have defaults on (as was done), (b) log in (e.g. Edge w/ MS account, Chrome w/ Google account), (c) change privacy-relevant settings to optimise the browser behaviour.
Not really. If you’ve been keeping up with opera news then you wouldn’t even consider it. Vivaldi is great when it comes to customization but does nothing more than chrome when it comes to privacy.
Bear in mind that this is out of the box privacy so can be improved. But if it’s meant to be a privacy respecting browser, yes I’m looking at you ff, you shouldn’t have to fiddle and moz know the majority won’t go in to setting and will never have heard about about:config. So it’s a fair test.
In general the report doesn’t surprise me. Brave is very good out of the box, Firefox pretends to be good but isn’t particularly and MS & Yandex spy on you, which is hardly a shock and why I will never be not touching the new Edge. The thing that does surprise me slightly is that in their testing, rather than random people on the internet parroting how bad it is, in reality chrome is about the same as ff and safari. I would have thought a bit worse.
The study methodology is flawed/limited in usefulness because it only focused on ‘out of the box’. While it would be harder to assess because of the privacy/performance tradeoffs involved, the study should have also assessed performance after easy to implement setting changes (of course a third variant could be more sophisticated changes such as about:config tweaks in Firefox) to improve privacy are implemented.
It’s not out of the box, they firewalled Chrome and they disregard the very shady origin of Brave.
That’s just twisting what they said. They didn’t simply block chrome connections to make it look better than it is they blocked some so it so it would fall back to using TCP so they could see what it was doing. I’ve read nothing of this so called shady origin of Brave’s. But don’t let facts get in the way.
@charger: +1
@Emil
> the very shady origin of Brave.
Care to elaborate? Or are you just again throwing dirt at Brave, hoping that something will stick? Oh boy, you FF fanboys are very desperate it seems.
@Iron Heart: +1
they arent easy to implement though, the whole thing is a mess. One groups ideal settings will conflict with anothers, there will be things you really need to check over because even safebrowsing or DoH is contested. Firefox employees and maybe employees lurking here (notanon) contest settings and try to get them weakened. After all that, settings get hidden, changed, removed, added from 1 version to the next.
Its just a total scattershot of things you have to change to start privacy, with no reliable concensus. Its so bad that you can’t have a list of settings that stay without leaks.
Its a fight which seems intentional.
But it’s a totally fair way to compare them. According to Mozilla a while back only a fairly small percentage actually use extensions, so few add anything to improve their privacy. Therefore you could safely presume they don’t go through settings to improve it either never mind config. Anyone with a so called privacy respecting browser should have them setup for optimal privacy at install, you shouldn’t have to rely on users to do that. That’s the difference between ff who pretend to be but have to keep google happy for the $ and ones that really do care.
“According to Mozilla a while back only a fairly small percentage actually use extensions,”
They’ve been using that line since 3.5 days, total BS and it was proved over and over, of course few use them now, that was the intention, Control.
If MozCo had half a brain it would have hired the best Theme/Extension developers, not shafted. them.
Step #1 – Martin post link to cryptic domain I’ve never heard of, expects me to download/view pdf.
NOT GOING TO HAPPEN, I DON’T OPEN STUFF FROM SKETCHY DOMAINS.
Step #2 – Martin NEVER TELLS US THE NAME OF THE SO CALLED RESEARCH GROUP (I guess you have to open the sketchy domain link).
STEP #3 – Somehow concludes that a Chromium based browser (Brave) is better than Firefox, because REASONS (ignore that Firefox is the only browser using DNS-over-HTTPS [no, Google hasn’t rolled out DNS-over-HTTPS, despite promising a general roll out months ago]).
I’m on Firefox with DNS-over-HTTPS, ESNI, Secure DNS, & TLS 1.3, which is superior to any configuration of the Brave browser.
Manifest v. 3 enforcement can’t come fast enough. I’ll be laughing at all the idiots on Brave forced to view ads, when I’m blocking them with uMatrix & uBlock Origin.
Centralized DNS over HTTPS is harmful for users and society. And that added up with the fact that the provider is Cloudflare, makes them even more untrustworthy. #StopMozilla #SquatFirefox
https://labs.ripe.net/Members/bert_hubert/centralised-doh-is-bad-for-privacy-in-2019-and-beyond
https://git.openprivacy.ca/you/stop_cloudflare
I wonder why Ghacks staff approves this type of comment such as those from notanonFUD.
1. You did download it and read it.
2. Youre too late, everyone else is reading it.
3. Doh has long been unmasked as a ploy to reroute and grab browser data, and tunnel out telemetry past network defences. (it breaks user and admin control, gives it to the browser and partners)
4. Firefox is going ahead with googles manifest v3 and its uncertain if firefox will eventually follow about blocking webRequest
5. Remove telemetry, google and uid’s from your product.
6. I think you work for mozilla and youre very dishonest.
Against all mainstream browsers btw.
@notanonFUD
> Manifest v. 3 enforcement can’t come fast enough. I’ll be laughing at all the idiots on Brave forced to view ads, when I’m blocking them with uMatrix & uBlock Origin.
Wow, you are still continuing to spread your FUD? Here we go again, time to debunk it once more: Some Chromium-based browsers, notably Brave and Opera, have built-in adblockers now. Those built-in adblockers do not make use of the webRequest API, which Google intends to cripple as part of Manifest V3. It is true that browser extensions like uBlock Origin rely on it and will thus either be crippled or fade away entirely, but this is NOT true for built-in adblockers since they do NOT rely on any extension APIs.
See here: https://twitter.com/flamsmark/status/1088170219695071232?s=09
FYI, the debunking of your BS I do in the interest of other readers, not in yours, since I am sure that you will continue to spread your lies about Brave no matter what.
PS:
> can’t come fast enough
Fast enough for what? Saving Firefox? Mozilla has sunk that ship already, it’s below 5% market share as of now (desktop and mobile combined), and deservedly so.
@Ironheart [Editor: please remain polite]
That’s the whole point of Manifest v. 3, if you remove webRequest API, you cripple ad blocking.
Any “ad blocker” based on anything else is VASTLY INFERIOR to uBlock Origin that uses webRequest API.
Martin posted an article explaining everything.
Read it, and educate yourself, [Editor: removed]. Here’s the link: https://www.ghacks.net/2019/01/22/chrome-extension-manifest-v3-could-end-ublock-origin-for-chrome/
Are you actually trying to pwn yourself????
ROTFLMAO!!!
@notanonFUD
> Any “ad blocker†based on anything else is VASTLY INFERIOR to uBlock Origin that uses webRequest API.
That’s not true, at all. There is no reason why an integrated adblocker can’t be as powerful as uBlock Origin. The webrequest API is not the holy grail.
> Martin posted an article explaining everything.
And? This will concern Chrome, not Chromium-based browsers with built-in adblockers.
> Are you actually trying to pwn yourself????
No, but it seems like you do.
Adblockers under the full control and interests of their owners:
https://www.bleepingcomputer.com/news/security/facebook-twitter-trackers-whitelisted-by-brave-browser/
It’s much better to use the ublock, and on top of that, to be able to use ublock or any other.
Firefox is objectively better for privacy (even if it is pitiful out of the box), for the simple fact of having many more tools to achieve it (even if they are hidden).
@asd
Read my reply to @smaragdus, there I have explained everything regarding the whitelist:
https://www.ghacks.net/2020/02/25/study-finds-brave-to-be-the-most-private-browser/#comment-4454862
That doesn’t mean that uBlock Origin isn’t worthwhile, though. Quite the contrary, one needs to have it for custom element blocking alone, if not for anything else.
@Iron Heart
>Fast enough for what? Saving Firefox? Mozilla has sunk that ship already, it’s below 5% market share as of now (desktop and mobile combined), and deservedly so.
They are still doing much better than Brave with its %0,1 market share I bet. Even Internet Explorer is doing better, which is telling.
Brave is more downloaded than Firefox in Spain. Yeah, 0,1% of marketshare, sure: https://www.fxstreet.com/cryptocurrencies/news/brave-overtakes-firefox-in-spain-201910250545
@Anonym
> They are still doing much better than Brave with its %0,1 market share I bet. Even Internet Explorer is doing better, which is telling.
1) Brave is at least growing, while Firefox is declining.
2) Brave is based on Chromium, do you know what Chromium even is? Once you have researched that, check out which browsers are based on Chromium, and have a look at their market share. Firefox is a dwarf compared to Chromium.
3) Bringing Internet Explorer into the discussion is pointless. For one, it has been around since the 1990s, while Brave has been around since 2016. Also, Internet Explorer is declining just like Firefox, while Brave grows.
Nothing more to add.
Why not, Brendan Eich’s always been a stand up guy, MozCo a should let him buy what’s left of Firefox before current mismanagement kills it, guess I made a good decision having Brave as my Android cell default. It was based on the character (yes it matters) and smarts of the owner.
Eich wanted Tor tabs in firefox, not long after being harassed out he was replaced by the one who gave us WebRTC who also assisted with the backdoored crypto standards thing a while ago. Brave got the Tor thing.
Nothing new here- advertisement disguised as study. All major browsers are privacy disasters and Brave is no exception no matter how many false claims its developers will make:
Facebook, Twitter Trackers Whitelisted by Brave Browser
https://archive.is/X98Xz
https://news.ycombinator.com/item?id=19129309
It seems that Brave developers are desperate as their market share is tinier than Opera and Vivaldi so they pay for all kinds of reviews and “studies” trying to convince the naive users that Brave cares for privacy.
@smaragdus
Are you aware why some of those trackers are whitelisted? They are whitelisted because blocking them results in broken websites, e.g. broken login forms. The Brave devs have stated that they would like to block them, but can’t, because Twitter, Facebook & Co. misuse them for basic functionality.
You can totally disable the whitelist in Brave’s settings easily.
I don’t think the study was bought, btw. Brave objectively has the least outgoing connection so of all browsers (except Ungoogled Chromium, Pale Moon, Basilisk – which were not in the test) by default, it also has some good website-facing protections.
Said another way: the fewer support functions provided by the browser [maker], the more “privacy” the user has.
I guess it depends on one’s paranoia quotient.
When you decide to uninstall Brave you will be spend lots of time removing all remanants. It does not go quietly into the night.
Left out Vivaldi too!
Noooo, my fellow mozillians, what are we going to do now? The Chromium Master Race humiliates us once more! Nooooo!!!!!!!11111eleven
Our browser cannot lose to them, we’re the privatest, the strongest, the diversest and speediest in the world!!
Oof, mu heartrate went through the skyroof!!.. or windshield.. or rooftop.. i don’t remember the exact idiom right now, that’s how tense i am upon reading these sad news :(
Yo Yuliya, looks like your higly promoted Yandex browser did no do very well. Sad news, eh?
@ Yuliya
Your post is extremely weird. Did you not take your medication today ?
They will dismiss it because: TeLemETRy goOD nOw!!2
their employees chant that on f/firefox, and in other subs when they crawl out to send reports.
This tells us something, firefox has failed, because they have no intention of ever removing telemetry. Firefox is by design not a private browser.
>their employees chant that on f/firefox, and in other subs when they crawl out to send reports
ikr, they even go outside of that shithole, sometimes on gHacks comments section with their pitchforks all risen up. Salty individuals, I must say. Every single time this kind of carnage is present, the article must have been posted there.
lo and behold: https://old.reddit.com/r/firefox/comments/f96421/what_do_people_think_of_this_new_browser_privacy/
rent free AHAHAHAHAHAHA
>>> Brave is the only web browser that did not use identifiers that allowed tracking of the IP address over time and did not share details of web pages visited to backend servers.
They don’t have to “share details to backend servers” …
… because the tracking happens right in your machine! They just call it euphemistic “transparent machine learning algorithms for assessing user interests”.
The result is targeted advertising.
in nuce:
Brave is just a tool/experiment to circumvent the impact of ad blockers on the global advertising market and explore the integration of cryptocurrency in browsers at the same time.
@99
I know that you are a Mozilla fanboy, so I question why I am even writing this, but:
Please explain how being served ads locally is worse than your data being processed on some server which you do not control? The ads being served locally is the only way to make them privacy-respecting in the first place. Plus, needless to say, Brave Ads / Rewards are fully opt-in, so someone using them means that said someone has made the conscious decision to do so. This is in stark contrast with the opt-out madness in Chrome and Firefox, IMHO.
>>> the opt-out madness in Chrome and Firefox, IMHO.
You wildy mingle telemetry and web analytics methods , an evident indication that you have no idea what you are talking about, let alone how the global advertising market works.
Any other of your questions was already answered in the first comment at 11:33 am.
*plonk*@99
> You wildy mingle telemetry and web analytics methods ,
No, I don’t. While telemetry must also be disabled of course, Firefox allows spying from advertisers, as well. I mean, their tracking protection is only enabled in private windows, they do allow HTML5 Beacons by default, allow session identifies by default, most fingerprinting vectors are not being closed, and they do allow TLS-related super cookies.
> an evident indication that you have no idea what you are talking about, let alone how the global advertising market works.
LOL. Joke’s on you.
> Any other of your questions was already answered in the first comment at 11:33 am.
Your initial comment was absolute BS, buddy.
@ Iron Heart
“so I question why I am even writing this”
If so, why did you not keep your fingers away from your keyboard Ungoogled Chrome fanboy.
@Gary D
> If so, why did you not keep your fingers away from your keyboard Ungoogled Chrome fanboy.
Because others might not see through the BS @99 spreads as easily as I do. Also, I use brave for the reasons I pointed out in my reply to @Klaas Vaak. but then again, there is nothing inherently wrong with Ungoogled Chromium.
@ Iron Heart
OOPS
I forgot that you are a Brave fanboy as well !
@Gary D
Do you have anything more to say or can we terminate this childish dialogue now?
Comparing a single orange with a bowl of apples.
No Pale Moon and Waterfox. That’s a pity.
If you, like me, prefer a page link to a direct download link:
https://www.scss.tcd.ie/Doug.Leith/
and
https://www.scss.tcd.ie/Doug.Leith/publications.php
(tcd = Trinity College Dublin, a respectable Irish university)
As a user of mostly Brave in recent weeks after Chrome instability on Linux and Firefox becoming a bloatware, I have to say I am impressed with stability and lower resources taken by the browser so far.
It has its share of issues, but one thing I am not sure where it sits in terms of privacy, I have noticed the browser adds “&t=brave” (sometimes &t=brave&ia=answer) to every search pattern you type in some search engines. My understanding that this is only browser id, nothing tied to user, nothing specific like fingerpirnting being sent to some search engines so that brave gets paid according to their deal with those search engines.
If you ignore that, or if someone managed to get around that, then Brave certainly outclasses the rest in privacy.
“what is your take on the study?”
I don’t care about it, because I don’t use default configurations/settings for my browsers. Hence the results do not apply to my use case.
Edge sends the hardware UUID to Microsoft, and Yandex transmits a “hash of the hardware serial number and Mac address”. Yikes, these browsers should be avoided at any cost by everybody.
I know that firefox makes little effort to move towards privacy, but it does, how can it be behind chrome when google is the enemy of privacy?!
The studio probably didn’t take into account issues like this:
https://github.com/w3ctag/design-reviews/issues/467#issuecomment-581944600
https://candid.technology/google-personalises-search-results-in-incognito-mode/
https://9to5google.com/2019/05/29/chrome-ad-blocking-enterprise-manifest-v3/
The first link is worrying. I wonder if this sort of tracking header is what the future Chrome “privacy sandbox” will look like as an alternative to tracking cookies. Then the funny part would be when Google explains that with webextension manifest v3, sorry but this header will not be included in the whitelist that extensions are allowed to modify or remove, because it would hurt adoption of this great great privacy alternative to cookies !
> how can it be behind chrome when google is the enemy of privacy?!
It says Firefox is in the same privacy group as Chrome according to its criteria, not behind Chrome.
> The studio probably didn’t take into account issues like this:
The second one seems more about the Google Search site allegedly using IP address and fingerprinting to track users than about Chrome, except maybe if you’re implying that Chrome should include a fingerprinter blocker feature like Firefox.
The fact that Chrome, the most non-private browser, comes out in 2nd place after Brave says enough about the quality of the research.
Why do you think Microsoft, Yandex and friends don’t spy on you as much as the can? The fact that they are desperate for a better marketshare makes them more maniacs to spy.
@Anonymous: who says Yandex and friends don’t spy? And where is it said?
I strongly doubt that blocking the secret protocol pings in Chrome really made it completely “fall back” to http as they claim. More likely it will just shut up when run behind a firewall.
I also don’t understand the FF and others autocomplete claim, as anyone in his right mind would only have that read from local data and always turn off search engine suggestions. Hey they firewalled chrome is it allowed to change a setting in FF?
And Brave? Well, it’s a dead and irrelevant product, sorry for the investors who still keep spamming, your enthusiasms are commendable but such obviously rigged “studies” are pretty desperate too.
The study seems highly questionable
@Emil
Ah, Emil the FF fanboy is back on track.
> And Brave? Well, it’s a dead and irrelevant product,
Dead? Nope, take a look at the very high development activity on GitHub. The company appears to be healthy as well. Bullshit on your part. Irrelevant? Also nope, once more bullshit on your part. Brave is rapidly growing:
https://brave.com/brave-passes-10m-mau/
> but such obviously rigged “studies†are pretty desperate too. The study seems highly questionable
Care to point out in how far the study is “rigged” and “questionable”? You are spouting out these terms and then leave it at that, not very credible. Come out and say what you mean in particular, otherwise this is also just BS.
Please stop calling others “fanboys”, it does not add any value to the discussion (this applies to everyone not just you). Thanks!
If you bothered to actually read it then it explains why. And it isn’t 2nd it’s joint second.
@Fred: joint 2nd is still 2nd.
Why on earth would you believe the russian search engine Yandex would be more private? Or MS Bing browser?
@Anonymous: I don’t know if your comment is meant to be a reply to me since it does not make sense, but if it is meant to be, then please show me where I mention that Yandex or Bing are more private.
Somebody pushing Brave very hardly…
University research paper and seems unbiased and methodical. All browsers were tested the same.
Edge and Yandex are particularly damned, transmitting hardware UIDs.
Chrome is sneaking data via a non standard protocol which had to be blocked for its test to work.
‘Coarse’ telemetry is transmitted by brave along with its update ping (but without uids).
Safari has a separate process trainsmit a persistent identifier on its behalf, even with iCloud and syncing disabled.
Firefox is deliberately linking all your past telemetry sessions in a way that gets around “anonymous technical data” and has identifiers which persist across browser restarts, along with uniquely identifying you via a push websocket that remains open.
Thats not even barely the tip. Its a well interesting read tbh.
They forgot to test Waterfox.
Waterfox was recently acquired by an ad company so I’d skip it on principle alone.
Source: https://www.ghacks.net/2020/02/14/waterfox-web-browser-sold-to-system1/
> Waterfox was recently acquired by an ad company so I’d skip it on principle alone.
That sucks, but wait until they actually do something nasty before skipping, if it ever happens. Until then alternatives like Firefox are still objectively worse, because their betrayal as a consequence of being in business with the ad industry has already been visible for years, and all Waterfox does compared to Firefox is undoing bad Mozilla choices.
Since Alex sold out he’s had a change of mind and is saying that WF it isn’t a privacy browser, which wasn’t what he used to say, he made a big thing about more private than ff. But then he also repeatedly insisted that system1 aren’t an ad company despite the system1 web site saying we are an ad company. I think he’s lost all credibility at this point.
I told you so. Brave rightfully wins out of the box, since it blocks ads + trackers, and 3rd party tracking cookies. It also comes with HTTPS Everywhere by default. As far as I can tell, it establishes connections to the server it pulls its updates from by default, as well as a telemetry connection and connections to Google Safebrowsing. I usually disable the telemetry connection and Google SafeBrowsing in the settings page, though I wouldn’t recommend disabling SafeBrowsing to inexperienced users, as it is an anti-malware protection.
Firefox establishes over 70+ connections by default, and its tracking protection by default only works in private windows. Getting rid of those connections entirely (save some necessary ones like update server etc.) requires extensive about:config tweaking. You#d also need uBlock origin + HTTPS Everywhere to match Brave.
So yes, I think Brave is the most private browser out of the box. The only one that I think is even better is Ungoogled Chromium (absolutely zero unsolicited requests), yet one has to know the downsides of using it: Ungoogled Chromium doesn’t update itself automatically, nor can it install and update extensions from the Chrome Web Store. You have to do both things manually, and knowing the frequency of browser and extension updates, I find this to be atrocious. You would also need to have uBlock Origin and HTTPS Everywhere extensions installed to match Brave’s website-facing protections. If you are willing to invest the time and nerves, Ungoogled Chromium wins, if not, Brave is almost as good after flipping a two prefs in the settings.
That Google Chrome comes in second in this test is ridiculous, by the way. It is, together with Opera, the greatest spyware on the browser market.
@Iron Heart: re Ungoogled Chromium:
Correct, it does not update itself automatically.
Re the extensions, you are wrong. You need to install an extension “Chrome Web Store”, and all extensions from the CWS can be installed, and 1 click on the toolbar icon, when an update is indicated, and the update is done.
Yes, you need uBlock Origin and HTTPS Everywhere, as well as a number of other ad killing and privacy enhancing extensions, but that is the case with every browser I have used so far, so it is standard practice as far as I am concerned. I admit I have not tried Brave for some other reasons.
As for the updates of UC, it keeps pace with Chromium’s updates pretty well.
So, my take on UC is that it is top notch, which Brave may be too, judging by your strong, positive views about it.
@Klaas Vaak
Yes, I think that Ungoogled Chromium still reigns supreme when it comes to privacy on Chromium-based browsers. Though my Brave setup is very close, I’d say:
In Brave Shields I have:
Ad and tracker blocking –> On
HTTPS Upgrades (HTTPS Everywhere) –> On
Script Blocking –> Off (breaks too many websites)
Cookie blocking –> Set to block known third party tracking cookies. Blocking all third party cookies would break too many websites.
Fingerprinting script blocking –> On
My other Brave settings (preferences panel):
Crypto Wallets –> Off
Hangouts –> Off
Media Router –> Off (should be set to On in case you own Chromecast-supporting hardware).
Widevine –> Off. DRM plug-in is closed source, and I don’t like such blackboxes in my browser. Must be set to On if you use Amazon Prime, Netflix etc. in the browser. I have an Apple TV in the living room and so I don’t need it.
Autocompletion of search requests –> Off
Google SafeBrowsing –> Off
WebRTC –> Disable Non-Proxied UDP (minimizes WebRTC IP leakage)
Brave product analysis telemetry –> Off
Remote debugging –> Off
Push notifications –> Off
Brave crash reports –> Off
Optics:
BAT icon in the address bar –> Off
New Tab Page Sponsored Images –> Off
New Tab Page Brave Rewards –> Off
—————–
What does Brave still do after that? It still checks for browser updates, I want that to happen. It still auto-updates adblocking rules and HTTPS Everywhere rules, I want that to happen as well. That’s it.
Now, Ungoogled Chromium doesn’t have a server for automatic updates, so it doesn’t establish any connection. it also disables Google SafeBrowsing by default. uBlock Origin and HTTPS Everywhere will check for their rule updates just like their counterparts do in Brave, in case you install them. Basically, Ungoogled Chromium wins against Brave because it doesn’t have an update server at all, but we have to keep in mind that this is a legitimate request. As I said before, Google SafeBrowsing enabled / disabled is a mixed bag (security vs. privacy), so I do not think that it makes much sense to discuss it. Overall Ungoogled Chromium > Brave, though IMHO contacting an update server for necessary browser updates is not a problem, so for me it’s Brave > Ungoogled Chromium. Thanks for the tip regarding extension updates in UC, I didn’t know that, though without automatic updates for the browser itself it would still be a no-no for me.
HTTPS Everywhere is completely redundant with Brave, since Brave has that built-in. uBlock Origin, though mostly redundant with Brave, is still installed here for the occasional custom element to block, and for its anti-malware domain filter lists (allows me to get rid of SafeBrowsing entirely). I also have Decentraleyes running here (obvious reasons), and Cookie AutoDelete (so that cookies can be set for correct operation of websites, but are removed upon closing the related tab).
I have noticed that I need to install uBlock Origin on Brave to not be served ads in Twitch and YouTube.
Thoughts on why they don’t just integrate uBlock Origin into Brave?
@Kyle
Brave Shields do block YouTube ads for me. Have you checked whether or not Brave Shields are active (click on Brave button in the address bar) while you are on YouTube? Have you enabled more (all) adblock lists (hamburger menu -> click on Brave Ad Block)?
https://3thlkd3wpu0u1x0qbt19cxc8-wpengine.netdna-ssl.com/wp-content/uploads/2019/10/BraveShields-1.png
https://user-images.githubusercontent.com/28145373/62010903-08c9a700-b13f-11e9-83e8-d72d9715fbd8.png
Recently I did a little research and found that the possible alternative to unGoogled Chromium is Iridium Browser. The last one at least offers automatic updates, although not too frequent.
@Anonymous: I agree Iridium is good, and Ungoogled Chromium uses some privacy enhancing settings/techniques developed by Iridium.
Nevertheless, the update schedule is not good, for Mac in anycase. It is still based on Chromium 70, whereas UC is already @ 80, in line with Chromium.
@Iron Heart,can you shed some more information on Opera.There is paranoia about this browser because it was bought by a chinese company.But it is still developed in Norway under strict EU law.
Is there anything else you know?
@Anonymous
Regarding Opera, check out their privacy policy:
https://old.reddit.com/r/privacy/comments/9r1lla/opera/e8dbwby/
https://www.opera.com/de/privacy
Don’t use it. Use anything but Opera and Chrome (and Edge, and Yandex). Browsers I can recommend for the desktop:
Ungoogled Chromium, Brave, Pale Moon, Basilisk, Waterfox (got bought by an ad company very recently, so might change for the worse in the future – nothing bad happened to it yet), hardened Firefox (Don’t use Firefox without knowing how to harden it…).
On Android: Bromite, Brave, Fennec F-Droid.
Interesting,but I expected Chrome to be last in the study.Who else thought that.But what about Opera,why did they leave it out.Its still a popular browser amongst the others listed & it would have been insightful to know how it would have faired to the other browsers.
“…followed by Chrome”
Yeah, OK.
“what is your take on the study?”
Evidently made by the kind of people who new that Hillary Clinton will win 45 states. Even the Washington Post called Chrome a load of spyware. This is a study with a limited scope, and hence misleading.
As a matter of fact: It is true that Firefox does, by default, use way too many dubious services, yet it also allows a significant amount of control. However, these services should be disabled by default, and the users should be asked to enable them.
Personally, I do care very little about basic (attention; basic) pings to the browser’s maker. These happen anyway when you check for updates, including those of your extensions. If you use Chrome, Google knows that you have Chrome anyway. And it will contact Google anyway, at least if you keep everything up-to-date.
On the other hand, if you use a Chromium-based browser you’ll rely on the Google Store, meaning that by not using Chrome you can’t actually get away from pinging Google.
When I write “basic pings” that does exclude any information about which websites I do access. They should be never shared with Mozilla or a third party, unless the users opt-in. And the existence of such “features” should be discussed and noted by users.
I commend Brave for winning.
The article is a good read for those who still trusted Mozilla to respect their privacy and are not receptive to factual arguments unless they are written in a research paper in exactly the same form. From the conclusion:
“Chrome, Firefox and Safari all share
details of web pages visited with backend servers. For all
three this happens via the search autocomplete feature, which
sends web addresses to backend servers in realtime as they are
typed. In addition, Firefox includes identifiers in its telemetry
transmissions that can potentially be used to link these over
time. Telemetry can be disabled, but again is silently enabled
by default. Firefox also maintains an open websocket for
push notifications that is linked to a unique identifier and so
potentially can also be used for tracking and which cannot
be easily disabled”
> “…followed by Chromeâ€
> Yeah, OK.
More exactly the article says “In the first (most private) group lies Brave, in the second Chrome, Firefox and Safari and in the third (least private) group lie Edge and Yandex.”. It does not say that Chrome is more private than Firefox (but neither that Firefox is more private than Chrome).
> Even the Washington Post called Chrome a load of spyware.
The article does not say that Chrome is not spyware, it says that it is in the same spyware category as Firefox, which I agree with.
> This is a study with a limited scope, and hence misleading.
I agree that the scope is limited, however I disagree that it makes it misleading and that a broader scope would change significantly the results. As examples of problems not considered in the study, Firefox leaking all DNS queries to Cloudflare by default in USA, and as far as I know they are the only one doing that, not even Chrome does. Firefox is more aggressive in other areas against the US users, I once heard that there are default Pocket ads on the homepage that are not there outside of US (sneaky, isn’t it ?), I don’t know if they did their tests on an Irish version only. They did not consider sync behavior which is slightly more private in Firefox than in Chrome, but it’s not default behavior anyway. They did not consider studies, on by default, and more generally rogue code installation like the Cliqz spyware in Firefox, which are a huge privacy threat, but do not necessarily affect 100% of users. They did not consider the default search engine chosen (which is probably very bad in all the selected browsers anyway). They did not consider the download protection, which is even less private than the URL safebrowsing. The mobile Firefox has more third-party trackers built-in, too. There would be many other privacy problems to consider.
> As a matter of fact: It is true that Firefox does, by default, use way too many dubious services, yet it also allows a significant amount of control. However, these services should be disabled by default, and the users should be asked to enable them.
What this means is that the 99% that trust the defaults will be screwed. Defaults matter.
> When I write “basic pings†that does exclude any information about which websites I do access. They should be never shared with Mozilla or a third party, unless the users opt-in. And the existence of such “features†should be discussed and noted by users.
Yes, search autocomplete leaks information by default about accessed websites as the article explains. This has made users angry, has been discussed and noted over and over, and Mozilla doesn’t give a f.ck. Being paid by a Google search deal may help understand how we got there. Even Waterfox maintains this behavior by default (although if users has insisted more the dev might have been more receptive than Mozilla in removing this, but he should have done that by default himself). Some private ungoogled chromium browsers made it quite explicit in their main description that such a behavior was unacceptable.
What’s missing in this article is an analysis of private forks of the big browsers. This is what users should be advised to use. Free software is useless if we are scared away from using forks that are designed to remove some of the malicious behavior.
I can’t help it, but I find the business model of Brave rather dubios
@zandro
It is not dubious at all. First things first, you can opt into(!) Brave ads, the browser doesn’t display ads by default at all, nor does it create a BAT wallet. By default, it is a far more private “Chrome” if you will, and that’s it.
If you decide to opt into Brave ads, up to five ads per hour (depending on the frequency you set) will be shown to you via a native notification of your OS. That means: Brave does not inject its own ads into websites, but rather uses a mechanism of your OS (Windows, macOS, Linux) to display them in an acceptable manner. You don’t have to click on them, the BAT will be deposited to your account just for the notification. It’s also worth noting that we are talking about local notifications here, no data regarding your browsing history is sent back to Brave or any middle men. I actually checked this by looking at the connections Brave establishes to servers, and didn’t find any fishy connections. It’s also evident that the content of the ads also have nothing to do with your browsing history.
You only get a certain share of the BAT for viewing ads, the rest goes to content creators (which you can tip as well), the company behind Brave (which has partnerships with the companies behind the ads). IMHO that’s a better way of making money (privacy-friendly, optional ads) than slurping off user data (Google Chrome) or being financially dependent on Google (Mozilla), which leads to some questionable decisions on Mozilla’s part.
> It is not dubious at all.
Of course it is. Brave is wholly built around the idea of an adware that displays its own ads, additionally targeted on browsing data, this is their target main business model, and because of that I would never use or recommend it. No amount of opt-in is going to make this forgivable, and they must not be allowed to grow to the stage of making this opt-out. Everybody had a good laugh when this provocatively user-hostile idea was first proposed, and only years of corporate propaganda ultimately funded by the ad industry slowly let slip through the idea that using it might be possible, even cool, in some minds. We must resist the infiltration of the ad business in every aspect of our lives because once they’re installed somewhere they become the norm and it becomes much more difficult to evict them.
And the local spying concept is still indirectly selling our browsing data to advertisers ; after all they never really needed private data sent to them, they only needed being able to manipulate us based on knowing us intimately, and Brave local spying sells this to them. This is an attack on privacy too.
> That means: Brave does not inject its own ads into websites, but rather uses a mechanism of your OS (Windows, macOS, Linux) to display them in an acceptable manner.
It doesn’t make it better from my point of view. That could even be worse.
> It’s also evident that the content of the ads also have nothing to do with your browsing history.
Ads are matched to the browsing history:
https://support.brave.com/hc/en-us/articles/360026361072-Brave-Ads-FAQ
“The browser uses local machine learning to determine the best time and opportunity to present an ad, and matches an ad from the catalog based on the content and intent of the user. Ads are matched locally to the most complete and direct data set, your browsing profile You end up with ads that are actually relevant to your experience.”
The dirty private data exploitation that advertisers used to do remotely behind closed doors is now happening directly inside our browser ? That’s not going to happen on mine.
@Anonymous
> Of course it is.
The way they make money is transparent, IMHO. “Dubious” would be the exact opposite, and is just not true in this case. The way they make money is not immoral, either.
> Brave is wholly built around the idea of an adware that displays its own ads, additionally targeted on browsing data, this is their target main business model, and because of that I would never use or recommend it.
I’d rather say Brave is built around the idea to make ads more privacy-friendly by serving them locally, and around the idea of making the current system more fair. Today, users do not profit at all from seeing ads. And publishers + ad companies do not profit anymore either, once users resort to adblockers in response. It’s a vicious cycle, the model of slurping user data, and websites then begging users to disable their adblockers once the users retaliate, is not sustainable. It could be better than this, and Brave tries to achieve it.
> No amount of opt-in is going to make this forgivable, and they must not be allowed to grow to the stage of making this opt-out.
If it is not even acceptable to you when it’s disabled by default, then that’s that. No point in arguing against it. There are many other good or even OK browsers one can use. Personally, something that is opt-in doesn’t concern me. If (and that’s a big IF) it should become opt-out, I might reconsider this.
> Everybody had a good laugh when this provocatively user-hostile idea was first proposed, and only years of corporate propaganda ultimately funded by the ad industry slowly let slip through the idea that using it might be possible, even cool, in some minds.
I don’t think optional, local serving of ads can be classified as user-hostile in any shape or form. Those who do not want it, do not have it by default, and those who want it, get it in its most privacy-respecting form possible.
> We must resist the infiltration of the ad business in every aspect of our lives because once they’re installed somewhere they become the norm and it becomes much more difficult to evict them.
I think the day Brave force-feeds its users anything will be the end of Brave. Brendan Eich knows this as well, he isn’t stupid. But let’s say it happens, then you can be sure that a fork or even an entirely new browser will take Brave’s place in no time.
> And the local spying concept is still indirectly selling our browsing data to advertisers ; after all they never really needed private data sent to them, they only needed being able to manipulate us based on knowing us intimately, and Brave local spying sells this to them. This is an attack on privacy too. (…) The dirty private data exploitation that advertisers used to do remotely behind closed doors is now happening directly inside our browser ? That’s not going to happen on mine.
So provided you did opt into Brave ads in the first place, what will happen is this: Your data will be examined locally, and ads will be served to you locally. No data leaves the browser towards the company behind Brave or any third party. This is private, IMHO. Once it leaves your PC, and this doesn’t happen with Brave as it stands, it’s not private anymore.
If you have a problem with it being opt-in and local processing even, then you have no choice but to use another browser, thus accepting the current model (your data being processed on a remote server, you countering it with an adblocker, websites locking you out because of your adblocker or erecting paywalls outright). I prefer Brave’s model to that, but to each their own, I guess.
> It doesn’t make it better from my point of view. That could even be worse.
So you think displaying non-permanent system notifications might be worse than manipulating websites? If so, wow.
> Ads are matched to the browsing history:
Yes, it happens locally. And still, results tend to be non-relevant so far, as Brave doesn’t have that many partners yet. but even if the number of partners should grow, it still happens locally. I have no problem with that.
Anonymous said: > Let’s see how you shill through that: …
Yes, I’m aware that Firefox has also its own targeted ads that do local spying on browsing interests (Pocket ads and the targeted ad tiles experiment before), and I have the same objections against Firefox for doing that as against Brave. Local spying is a new data exploitation gold rush and must be stopped.
Note that this is why Mozilla does not attack Brave on their ads and local spying first, but more on their choice of rendering engine. Because they agree on the worst part. After all Eich was from Mozilla before…
Iron Heart said: > No data leaves the browser towards the company behind Brave or any third party. This is private, IMHO.
This reasoning means that if you could be certain that your private data sent to advertisers was only processed by algorithms, not humans, and used only to advertise to you, you would not mind and you would find this private ? I disagree. The privacy problem is not just our private data being sent: it is our private data being *used* against us, locally or not. Would you not mind as anti-privacy your private discussions in the room, or the contents of your computer, being locally spied on to target ads ? Where would you start thinking that this is not private ?
You argue that at least local spying is a progress compared to remote spying. But I disagree. Accepting local spying is not going to kill remote spying, it is only going to extend the spying to an area that was relatively safer before, because we were keeping it clean by not accepting it there, objecting on the *principle* of it. If we accept it as a positive thing for pioneering software like Brave and Firefox, the dam breaks and we will see it everywhere.
All Firefox users which blame Brave are huge hypocrites. Mozilla has done the same things Brave did with ads and much worse, and opt-out on top of it.
https://www.cnet.com/news/mozilla-officially-kicks-off-ads-in-firefox/
https://www.cnet.com/news/mozilla-to-sell-new-tab-page-ads-in-firefox/
https://www.cnet.com/news/mozilla-acquires-pocket-app-mobile-web-discovery/
https://www.computerworld.com/article/2925309/coming-soon-to-firefox-more-ads.html
https://www.techradar.com/uk/news/mozilla-and-pocket-want-to-make-in-browser-advertising-ethical
https://www.theverge.com/2018/5/7/17326184/firefox-ads-sponsored-content-pocket-suggestions
https://venturebeat.com/2018/12/31/mozilla-ad-on-firefoxs-new-tab-page-was-just-another-experiment/
https://betanews.com/2019/01/01/firefox-snippets-ads/
https://www.neowin.net/news/firefox-640-is-now-showing-a-bookingcom-ad-in-the-new-tab-page
Let’s see how you shill through that:
https://www.theverge.com/2018/5/7/17326184/firefox-ads-sponsored-content-pocket-suggestions
https://www.cnet.com/news/mozilla-officially-kicks-off-ads-in-firefox/
https://www.cnet.com/news/mozilla-expands-advertising-experiment-to-many-more-firefox-users/
https://www.cnet.com/news/mozilla-to-sell-new-tab-page-ads-in-firefox/
https://www.techspot.com/news/55641-mozilla-to-sell-advertising-in-firefox-browser.html
https://www.computerworld.com/article/2925309/coming-soon-to-firefox-more-ads.html
https://www.cnet.com/news/mozilla-tries-ads-in-firefox-again-now-powered-by-pocket-website-recommendations/
https://www.theverge.com/2018/5/7/17326184/firefox-ads-sponsored-content-pocket-suggestions
https://www.cnet.com/news/mozilla-acquires-pocket-app-mobile-web-discovery/
https://www.techradar.com/uk/news/mozilla-and-pocket-want-to-make-in-browser-advertising-ethical
@Iron Heart
I would have given Brave a shot if not for obnoxious shills (like you) and the fact that it’s based on chromium. Brendan could have salvaged himself if he forked Firefox, but he became wannabe internet mafia instead, pirating content from all websites and then offering them a way to make money again, which of course he takes a share of with his dubious cryptocurrency. It’s outright thievery and unethical on so many levels.
Hilarious! Those ‘Firefox Forks’ (antique restoration) are doing great aren’t they…
What’s this devotion to Gecko, an inferior engine, all about; religious indoctrination?
Rolls Eyes.
@Anonymous
> I would have given Brave a shot if not for obnoxious shills (like you)
Thank you for the flowers. I am just one of millions of Brave users, just ask someone whom you like more. And no, I am not shilling Brave. Most of the time on gHacks I just defend it against malicious lies spread about it, like in the comments of @99 and @notanon, for example.
> and the fact that it’s based on chromium.
That by itself isn’t a big problem, IMHO. For one Chromium /= Chrome. There are Chromium-based browsers that have a bad privacy level (Chrome, Opera, Edge) and there are some with a better privacy level (Brave, Ungoogled Chromium, Iridium). If you don’t want to use a Chromium-based browser because it might have implications for the health of the web, then I do not think this is valid either. For one, Chromium is open source software, anyone can modify it. That means, if Google does something negative to the codebase, we aren’t just stuck with it. Other Chromium-based browsers will correct the issue, and already have in the past. Also, the competitors of Chromium are currently very weak anyway (Firefox has around 5% market share – desktop and mobile combined), whether or not they disappear is of no consequence at this stage, since they can’t influence anything with a market share like this.
> Brendan could have salvaged himself if he forked Firefox,
Why fork a browser which only a tiny minority of Internet users still uses? That would have implications for website compatibility as well, since web admins test less and less against Firefox.
> but he became wannabe internet mafia instead, pirating content from all websites and then offering them a way to make money again, which of course he takes a share of with his dubious cryptocurrency. It’s outright thievery and unethical on so many levels.
So, the current system is based on slurping user data, processing them on some remote servers and creating profiles of yourself. This evidently isn’t good for privacy, at all. Brave wants to change this by serving the ads locally, meaning the processing happens on your PC rather than some remote server, and ads are being served via system notification. No data leaves your PC towards Brave or any middle men. Users are granted their fair share via BAT (in the current system, they are the losers who are being spied on), the rest goes to content creators and the company Brave, which distribute it to their partners. This system is much more private and much more fair than what we have now. And there is nothing that stops other browsers from doing the same, it’s not like Brendan Eich has a monopoly on the method. But they won’t, since they currently profit from slurping user data and putting the user last. And what Brendan Eich is not “pirating”, of course. If anything, using an ordinary adblocker would be “pirating”. With Brave, the content creators receive their share of BAT as well, and I bet it’s more than what they earn with their other contracts.
If you want to see something truly nefarious, check out the way the Eyeo GmbH (company behind AdBlock Plus) makes money via their “Acceptable ads” program.
“Why fork a browser which only a tiny minority of Internet users still uses?”
I’m pretty sure way more people use Firefox than Brave.
@Kwasiarz
> I’m pretty sure way more people use Firefox than Brave.
I was talking about Chromium vs. Firefox. Research what Chromium is and then return to me.
> If you want to see something truly nefarious, check out the way the Eyeo GmbH (company behind AdBlock Plus) makes money via their “Acceptable ads†program.
That’s quite comparable to what Brave does. Both claim that we should accept “nice ads” instead of blocking them all because at the end it will make “not-nice ads” nicer. And both neglect that we have more to lose than to win in embracing such a compromise in their specific cases. And by coincidence, both make money from “nice ads” instead of more ethical revenue sources.
@Anonymous
> That’s quite comparable to what Brave does.
What the Eyeo GmbH does is in no way comparable to what Brave does. The business model of the Eyeo GmbH is based on some ad companies paying them to let ordinary ads through. So the user is still being remote-tracked by Eyeo’s partners, and the Eyeo GmbH blackmails the ad industry as a whole into paying them. What Brave does:
1) Brave makes ads privacy-friendly by serving them locally, no data is sent back to the company behind Brave or any middle men.
2) Any creators can partner with Brave for free, meaning they are not blackmailed into anything. Once they are a Brave partner, users can also tip them as they please. Plus, as compared to ordinary adblockers used by people out there (which leave content creators and ad companies in the dark), the system proposed by Brave is still advantageous.
3) Brave blocks user-hostile tracking and data collection that is the norm today. They give content creators and ad companies a different model to work with, but they do not have a monopoly on that. Other browsers could do it, too, but won’t, since they profit from the current system.
In short: Eyeo GmbH misuses the current system for blackmailing, Brave offers a different route that is more privacy-friendly and which is not based on blackmailing at all.
> The business model of the Eyeo GmbH is based on some ad companies paying them to let ordinary ads through.
Not ordinary ads, “acceptable ads”, they have some criteria why they’re nicer than the ordinary, it’s not just those paying them. The criteria are not claimed to be privacy related if I remember well but otherwise it’s the same general idea of favoring “nicer ads”.
@Anonymous
> Not ordinary ads, “acceptable adsâ€
They let any ads through if the ad network pays them. Their guidelines are a joke.
> it’s not just those paying them.
It is, I fear.
> The criteria are not claimed to be privacy related if I remember well but otherwise it’s the same general idea of favoring “nicer adsâ€.
Again:
1) Brave does not force its partners to pay them. You can retrieve your BAT for free. It is not blackmailing, like in case of AdBlock Plus.
2) The privacy aspect is the most important part of Brave ads, that’s why even the processing happens locally. You pretend that it’s totally unimportant for whatever reason.
3) Other browser makers are free to do it, as well. But they won’t, for known reasons.
> 1) Brave does not force its partners to pay them. You can retrieve your BAT for free. It is not blackmailing, like in case of AdBlock Plus.
Brave blocks ads by default and only displays their own ads that come from their advertising partners. I don’t think that it’s possible to advertise as a Brave partner without giving money to Brave, right ? That makes it the same type of blackmail of advertisers as in Adblock Plus.
> 2) The privacy aspect is the most important part of Brave ads, that’s why even the processing happens locally. You pretend that it’s totally unimportant for whatever reason.
I gave you the reasons why this local processing is privacy hostile in this discussion, first here
https://www.ghacks.net/2020/02/25/study-finds-brave-to-be-the-most-private-browser/#comment-4454725
and later here:
https://www.ghacks.net/2020/02/25/study-finds-brave-to-be-the-most-private-browser/#comment-4454770
And while I was glad to discuss how Brave attacks privacy by targeting ads on browsing, let us not forget the basics, that even if Brave ads were not targeted at all, it’s still an adware browser, which I consider as malware. The only good ad is a dead ad.
the fact that u feel the need to stroke ur ego on a Brave browser forum like they owe u money or hurt ur family truly makes me giggle @anonymous. if ur not watching ads & getting paid for it before 2020 then ur just a wack, lame, strange angry person that’s most likely a professional bum living in ur grammy & pop pop’s basement. “The only good ad is a dead ad” is the same as saying “the only good n*gger* is a dead one* so way to go there dummy – u really know how to show ur shiny inner douchebag w/ that racist double talk. FFS – be one nasty, miserable, self loathing POS to rant on & on about hating ads – which means you hate economics which our livelihoods depend on! I seriously doubt ur life is on the uptick spewing vitriol about one helluva profitable app! Way to pull ur own ‘broke @SS bum” card! *slow clap* Since ur super pressed w/ ur panties all wadded up deep in ur b*ttcrack that rests on top of ur shoulders, here’s one last jewel for ya u miserable sack of sh*t — 1 BAT = 81.96 USDC — so keep spewing that vitriol a**hat while ur pockets collect lint – sit all the way in the back, learn how to stfu while keeping ur two braincells from lashing out at those that are living their life & remember this, we #cryptojunkies enjoy being multi-millionaires/billionaires while u eatting potted meat, vienna sausages & stale cheap ass crackers wearing flip flops all year round while u reek of bologna & dispair.. GTFOH!
according to ”superbird” browser site every ID fingerprint seems to be disabled by default. too good to be true…
http://superbird-browser.com/sb_vs_gc.php?ln=en
This will be interesting.
I’m just gonna get some popcorn. :)
Get me some too please & make some room of the sofa there, let the games begin ;)
so Opera is definitely dead from now on… ?
I assume that no addon has been installed onto those browsers to prevent data from being sent to unknown servers.
I have recently seen too many topics related to telemetry leaking
it would be good if you summarize everything in a general topic about all settings that must be disabled right after a clean install about:config… about:\\flags…hosts…etc
if you don’t mind you can also make a tutorial for dummies and show us how to use those tracking tools
@estrella, I suggest to take a look into privacy tools which has really geat recomendations and guides.
https://www.privacytools.io
https://www.privacytools.io/browsers/#about_config
Thanks for asking the question @estrella, an bigger thanks to @thebrowser for the answer, sent me in exactly the right direction.
Since then have been applying some of advised measures.
Only quibble is with ‘privacy.resistfingerprinting=true’ which breaks functionality on some sites.
I don’t know about desktop Opera, but when I tried Opera and Opera Mini on my phone, they would try to send tons of telemetry data. Something like a dozen connection attempts for each page loaded. Caught them with Blokada, you can also see them with AdGuard or check with Addons Detector. Too sketchy for me even if I had nothing to hide.
Opera has been dead since 2016.
“Opera browser sold to a Chinese consortium for $600 million…”