Brave reveals why it is disabling Google's FLoC in the browser
When Google announced FLoC, an attempt to replace interest-based advertising that is based on cookies with something else, it was clear from the get-go that Google's plans would face heavy opposition. The Electronic Frontier Foundation published an article criticizing Google's take on the next generation of interest-based advertising, and DuckDuckGo updated its browser extension to block FLoC outright.
Several browser makers confirmed already that they won't support FLoC in their browsers, even if Chromium-based, because they believe it is a bad idea for user privacy.
Brave, maker of Brave browser, published a new post on the official company blog in which the company reveals why Brave browser won't support FLoC. The arguments are not new, but they may help understand why everyone, besides Google and other advertising companies, think that FLoC is bad for privacy.
Brave focuses on three aspects of FLoC that it believes make the Web head in the wrong direction:
- Sites are informed about browsing habits, even if users never visited them -- this is a very strong argument, considering that sites did not know anything about a user if that user never visited the site; this is especially true for users who disable third-party cookies in their browsers, and use other protective means. For the average user, FLoC will still reveal more about their interests than before.
- FLoC adds a strong identifier for fingerprinting -- FLoC's cohorts are made up of thousands of users, but that is a tiny group when it comes to fingerprinting. Coupled with other fingerprinting techniques, it could pave the way for improving fingerprinting accuracy.
- Google should not be the one determining what is sensitive and what is not -- Google wants to exclude sensitive categories, such as race, religion, sexual orientation, and others from being used by FLoC, to avoid creating cohorts made up of these groups. To exclude these, Google somehow needs to know about these, as it would not be able to make the determination otherwise.
Brave removed FLoC in the Nightly versions of the browser for Android and the desktop, and will remove FLoC code from all Brave releases this week.
Vivaldi revealed this week that it will disable FLoC in the Vivaldi browser as well.
Closing Words
All in all, it is a good time to consider moving away from Google Chrome, either to one of the available Chromium-based browsers, or to Firefox. Browser extensions like uBlock Origin do block FLoC as well.
Quote: “Browser extensions like uBlock Origin do block FLoC as well”. As I understand it, having followed your link to the uBlock Origin issues discussion on GitHub, the issue at present is that uBlock does _n o t_ yet block FloC by default, and that there is not even a clear consensus on a custom user filter that users might apply in uBlock to block FloC for now?
It’s already working by default in the Development version.
https://github.com/gorhill/uBlock/releases/tag/1.34.1b4.
Code may change however.
The FLoC blocking feature is included in version 2021.4.8 and newer of the DuckDuckGo extension
Brave stole my Tor mode usage. Canvas still leaks after over a year. Brave steals my client side CPU to create a profile on me because they are an advert company backed by venture capitalists. They whitelist the biggest trackers on the internet like google, facebook and twitter. They even hijacked typed urls. They even stole BATshits from content creators.
Make no mistake, privacy is a marketing gimmick to these guys. Take for example the shitshow of limiting cookies to a lifespan of seven days – this is cookies set via JS and does nothing for prolongation attacks and cookies set via HTTPS. Even Mozilla thought about this and decided it was a waste of time, and the real answer was full partitioning. Another example is the Tor mode… absolute shit show: the fingerprinting and implementation is shite, even Tor Browser devs think it’s a joke. If Brave was serious about anonymity, they would just point users to Tor Browser.
Brave is an advertising company: that’s their WHOLE purpose, to make money via adverts. They just throw gimmicky marketing patches on google’s anti-privacy engine. The whole thing is becoming unwieldy and wonky as fuck. As soon as google do some major refactoring, Brave is fucked – they can’t engineer an engine. They’re beholden to google.
@Anonymous
> Brave stole my Tor mode usage.
No. There was a historical bug, which is now fixed. It was clearly unintentional.
If you use Brave as a Tor Browser Bundle replacement, you are plain stupid. Because of engine differences, Brave can’t produce Tor’s common fingerprint. You are already f*cked because of that before DNS even comes into question. They do mention that when you open a Tor mode window, by the way.
> Canvas still leaks after over a year.
Great when complex problems can be so simple at times. Dude, every browser has leaks. Firefox leaks unique extension IDs via simple fetch requests. They are working on it.
> Brave steals my client side CPU to create a profile on me because they are an advert company backed by venture capitalists.
After you have opted into Brave Rewards, lol… And that is not a privacy issue and is also not resource intensive.
> They whitelist the biggest trackers on the internet like google, facebook and twitter.
The usual lies, you are very creative indeed. Here, your desperately needed reality pill:
https://nakedsecurity.sophos.com/2019/02/12/privacy-browser-braves-user-concern-over-facebook-whitelist/
The libraries you are referring to are NOT getting blocked by Firefox’s internal tracking protection, uBlock Origin, and AdBlock Plus either for the very same reason that Brave cites.
> They even hijacked typed urls.
Nope. They legitimately used a referral on official partner websites which are related to crypto. Firefox uses a referral for every Google search URL because of their official partnership. By the way, every f*cking browser does that at least in relation to search, hypocrite.
> Make no mistake, privacy is a marketing gimmick to these guys.
But still more private than the competition, lol.
> Even Mozilla thought about this and decided it was a waste of time, and the real answer was full partitioning.
Every browser moves in that direction, not just Mozilla. Apple does this since 2013, from where do you think Mozilla got the idea? Chromium moves in this direction as well.
> Another example is the Tor mode… absolute shit show
The only thing that is a shit show are your expectations directed at a browser which specifically states that it is NOT a Tor Browser Bundle replacement, but a general use browser.
> Brave is an advertising company: that’s their WHOLE purpose, to make money via adverts.
At least they are standing on their own feet by pioneering a privacy-respecting model of advertising, whereas certain competitors survive by being the leeches of surveillance capitalism.
> As soon as google do some major refactoring, Brave is fucked – they can’t engineer an engine.
And this will be happening because…? You do not seem to realize how complex Chromium is, it’s like an operating system at this stage. They need a good reason for a major refactoring and I am not seeing one currently. Even if so, projects based on Chromium would adjust.
@Iron Heart – I think you protest to loud – where you (think) you can debunk ‘Annonymous’ you blow straight in, otherwise you fall back on ‘everyone else does it’ – face it, any browser provider with no, or limited, other hardware or software offerings MUST rely on advertising to pay the bills irrespective of PR BS. Everyone wants a ‘free’ internet, there’s a price to be paid.
I didn’t understand most of that either way .lol am I fucked? I really just want a safe browser that is able to find the shit show of stuff I’m looking for ? I really wish I understood this conversation especially now that I’m speaking on it ( scratching my head) I’d just like you to know that I’m counting on you to do your best and respect my privacy .Google just seemed to be getting dumber by the day an they have a program for everything . Plus when my identity was stolen they only helped the thieves by locking me out of my own acts for over six months( fb did too )and never responded talk about a shit show am I right . Anyways I like using brave and I plan to continue.thanks God bless
Very, very good. Kudos Brave and Vivaldi. And thanks a lot Martin for keeping track and writing about several of the popular alternative browsers not made by Google/MS/Apple, and what these browser devs decide on every privacy issue that pops up, like this one, and how they will handle it in their browser. Obey or not.
If anyone would like to read the whole blog post by Brave, see:
Why Brave Disables FLoC
https://brave.com/why-brave-disables-floc/
I still have not downloaded Brave, but might do that once they release the next stable release without all FloC crap this week, as they write.
made the change yesterday and I don’t regret it at all (FF user since the big bang)
@walker
Haha! I loved your comment.
“FF user since the big bang” 😂
Firefox for android is fast very fast secure good browser very fast internet good privacy fast very
Yes firefox is very fast
Brave already has it’s own built in advert distributor, because Brave is an advertising company masquerading as a browser maker that cares about privacy
@Anonymous: a couple of steps you should have taken before posting your comment.
1. you should have looked up the word “masquerading” in a dictionary;
2. you should have checked how Brave’s advertising is done. You would have seen that it is open about it, is disabled by default, and allows users to opt in.
@Klaas Vaak
The problem is that people see the word “advertisement” and automatically assume a privacy intrusion, because that is what they are accustomed to. Brave is pioneering a new model of advertising and they are transparent on how it works:
https://brave.com/intro-to-brave-ads/
That the browser is open source (and thus auditable) and that Brave Rewards are disabled by default is also being ignored. Truly, no argument can be stupid enough as long as it goes against Brave.
PS: They are also obvious hypocrites based on the fact that Firefox uses the very same mechanism for its Pocket Stories (which are enabled by default in FF).
@Iron Heart: ðŸ‘
“Pocket Stories (which are enabled by default in FF)”
Care to elaborate on this claim? I have been using Firefox as my main browser since the dark ages, and have never come across a feature called “Pocket Stories”.
@matthiew
It’s the “Recommended by Pocket” section of the New Tab Page, take a look:
https://www.howtogeek.com/684486/how-to-disable-recommended-by-pocket-stories-in-firefox/
Hiding this from the New Tab Page is not enough, by the way (contrary to what the article suggests). You need to nuke anything in related to Pocket in about:config.
@matthiew
These settings are especially relevant (other than the usual Pocket settings) in Firefox:
// System pref to allow Pocket stories personalization to be turned on/off.
browser.newtabpage.activity-stream.discoverystream.recs.personalized –> Set this to “false”
// System pref to allow Pocket sponsored content personalization to be turned on/off.
browser.newtabpage.activity-stream.discoverystream.spocs.personalized –> Set this to “false”
source: https://hg.mozilla.org/mozilla-central/rev/f527c3d9dd7f5ab33cae09754648a4806e4032c2
Imagine being so butthurt about a company wanting to work through advertisement.
it’s not like Brave is doing it the Google way where you are forced to use the adblocker because if not, you don’t have a voice if you want the ads or not, but you are also tracked about them.
Brave ads are not required to use in order to use Brave browser, people are choosing to use them, it’s people’s choice, and Brave ads won’t track you.
So I don’t know why people like you complain so much about it and are so butthurt, when the problems are not even ads themselves, ads have been done for centuries, the problem about internet ads is that they are implemented to track people, they are everywhere, you don’t have a choice to not see them or not in most cases.
The ONLY reason people are allowing ads in Brave is because the think they will earn something. Once they realise it’s peanuts, the ads will be removed. Donations to websites are laughable.
Braves ‘innovative’ strategy folds in on itself.
@DrKnow
They seem to be doing fine. Also, why do you care?
@Iron Heart: The same reason why you would care about Firefox?
@Unknown person
At least I provide sources, you provide hearsay speculation or just pure hypocrite bullshit. If you guys come here and troll under Brave articles, you shouldn’t complain when I feed you your own medicine (at least doing my due diligence in the process, posting sources for my claims).
uBlock is too aggressive, it often does more harm (breaks things) than good. That’s why I use AdGuard.
You can fiddle with ublock, add exceptions, etc., to make it do whatever (almost) you want.
I use the system version of AdGuard; it’s much faster than an extension and can filter any program, not just browsers.
Seems a blocker that works well takes some trial and error at first, then ongoing to meet your needs. They change constantly as data scraping methods evolve.
@me: Same as for Gerard, that hasn’t been my experience — and I have a pretty healthy complement of uBlock Origin blacklist subscriptions. I’ve found that its effectiveness and usefulness *far* outweigh any occasional annoyances. (I quite like uBlock’s element picker for durably zapping screen-hogging banners and overlays.)
“uBlock is too aggressive”? I am a long-time uBlock Origin user and have not noticed that.
Can you elaborate?
> All in all, it is a good time to consider moving away from Google Chrome
I fully agree, but how do I convince my girl-friend who works and lives in a country of which she doesn’t speak its language? I have installed Firefox and Ungoogled Chromium on her computer, but she still uses Chrome because it translates web sites into her own mother tongue on the fly via the Google Translate API. Unfortunately, she requires this feature quite often. Can Firefox, Ungoogled Chromium, Brave or Vivaldi browser (I consider these as the only more or less privacy-friendly alternatives) provide this feature (either via extension or natively)?
Vivaldi introduced native support recently: https://www.ghacks.net/2021/03/24/vivaldi-gets-a-privacy-preserving-translation-service/
Mozilla is working on Project Bergamot, but it will take some time before it lands: https://www.ghacks.net/2021/04/04/you-can-now-test-firefoxs-local-translation-implementation/
For Firefox you might try “Translate Web Pages”:
https://addons.mozilla.org/en-US/firefox/addon/traduzir-paginas-web/
Does inline translation of pages, like Chrome does and translation of selected text in a popup.
Martin and Nico, many thanks for your answers to my question and providing possible solutions. I think, (for my girl-friend) it’s best to wait for the Vivaldi translation option or the Mozilla Bergamot project to become mature enough and switch then. My main concern is that I want her to get away from any Google services, thus using “Translate Web Pages” on Firefox is more or less the same as using Google Translate directly in Chrome itself (since the privacy policy of the extension states that it utilizes the Google services); hence no benefit in privacy with “Translate Web Pages”. I should note that I already “forced” her to use Chrome with extensions such as Umatrix, Ublock Origin, ClearUrls, SkipRedirect, CookieAutodelete, LocalCDN etc.
Hopefully, Vivaldi (or even better Brave) or Mozilla with Bergamot can fully substitute Google translation services soon.
@Anonymous: This is a bit of a red herring, but does uMatrix (still?) work okay in Google Chrome? Raymond Hill archived the project several months ago and is no longer actively developing it.
@Peterc: [JFTR: I’m still the original anonymous poster] Well, from what I can say: Yes, up to now uMatrix 1.4.0 continues to work perfectly with Google Chrome as far as I can see (on her computer). The settings on her computer are a bit more relaxed, whereas I myself use uM 1.4.0 with Ungoogled Chromium and 1.4.1b6 (because of cname-reveal) with Firefox, both in hardcore mode, only allowing 1st party cookies, 1st party css and 1st party images by default. Three broken, no more updated default host lists have to be deactivated (as well as the no more existing ruleset recipes). However, I’m using other uM-compatible host lists and uM does its job pretty well. Of course I hope that gorhill is going to re-activate development in the future. :-)
@Anonymous
> because of cname-reveal
Brave can do it, too:
https://brave.com/privacy-updates-6/
In Brave you will be able to enable “Offer to translate pages that aren’t in a language you read” which will install Google translate extension and it works fine.
Yes, it is google extension, but in Brave, Brave has built the browser to be able to proxy the connection to google services that can’t be turned off or you decide to enable and have no replacement by Brave, like the extensions’ updates.
Brave explains it like: “Google does not receive any information about which client is performing these requests (not even your IP address).” so they can’t track it back to you.
so even if you are using Google services you are a little more protected than using them through google or any other browser. In the proxied endpoints they include translate.googleapis.com stuff, so it should work as expected even if you turn the translation extension on.
@Lazzardius: Oh, many thanks for this info! I wasn’t aware of this option in Brave. If the requests for the Google translation service really go through some kind of proxy, this would already be a solution for “my” (read: her) privacy problem.
Oh, another Google-sponsored Firefox user. Provide sources for your claims.
Martin, why do you allow users of other browsers spread misinformation here, but when someone else posts anything based on facts from official sources your team censors them most of the time? Is Ghacks a place where everyone has equal rights to discuss stuff without being censored, or Google-sponsored Firefox users have a priority? Would be fun if my comment doesn’t appear now.
Without comment on what was right or wrong (I haven’t done my research), responses to incorrect information is educational.
Martin’s allowing *you* to spout misinformation too with your dumb “Google-sponsored Firefox user” defamatory wisecrack that cites no proof.
My comment is aimed at the Anonymous user of the Google-sponsored Firefox who said Brave is an advertising company.
Adjective Man! Yay! Seems your bizarre comment did appear.
Brave? The company that desperately tries to get you to add even more advertising to your internet experience?
Brave? The browser that is known to be abused by losers who run multiple instances to illegitimately generate extra income at the expense of others? (Who sometimes brag about it here in the comments on gHacks. Search for it amongst the many deleted comments, if you have the time and want to write an interesting article about this possible fraud, Martin.)
Brave? The company that is completely dependent on Google to develop the majority of their browser code?
Brave? Not interested.
@Sven, yep, makes sense you’re not interested, you have no idea what you’re talking about, just repeating what you know from hearsay. Mind you, that is a strategy too. Enjoy.
No idea what an internet experience may be nor how to search deleted comments without being a mod or admin.
FF gets most of their funding, some of which pays for code development, from Google and has since the 2000’s but so what?
You may find contrived principles don’t affect much beside yourself.
I agree with Sven on this and can see the obvious contradiction here and just like him, i am not really interested in Brave because it is relying on code developed by primarily google. Even as a matter of principle just boycotting google as much as possible feels good.
There is a big difference between google sponsoring a product to implement an easily changed search engine deal than literally relying on a project where 90% of commits come from “google-affiliated chromium devs” following the directions, interests and commands of Alphabet Inc/Google.
I see the naivete of Brave and Vivaldi in thinking they can control such a monster. Its like a mouse thinking its safe with a cat.
Its one thing after the other with Googleville as regards chromium, its a monopoly that is not healthy for the end-users, it gives lack of alternatives.
@Anon7
> i am not really interested in Brave because it is relying on code developed by primarily google.
“Code developed by Google” does not yet indicate, or even imply, privacy issues. That’s like saying de-googled Android is still problematic even after all connections to Google were stripped from it. Totally idiotic is what this is.
> Even as a matter of principle just boycotting google as much as possible feels good.
I guess you use Safari, then.
> There is a big difference between google sponsoring a product to implement an easily changed search engine deal than literally relying on a project where 90% of commits come from “google-affiliated chromium devs†following the directions, interests and commands of Alphabet Inc/Google.
No, Google sponsorship to such a degree obviously also has other implications. For example, when Google tries to nuke adblocking (even system level and network level adblocking that takes place outside of the browser) via “web bundles”, Mozilla, the Google slave, deems it “non-problematic”, while e.g. Brave opposes it:
https://www.ghacks.net/2020/08/30/google-proposed-web-bundles-could-threaten-the-web-as-we-know-it/
Chromium-based browsers can choose to disable Google-crafted web standards while Firefox can choose to both implement and enable them. This is what you refuse to understand. That Firefox has its own engine is not a guarantee for anything.
> I see the naivete of Brave and Vivaldi in thinking they can control such a monster. Its like a mouse thinking its safe with a cat.
They wouldn’t be any safer with Mozilla. Mozilla follows Google’s lead and their browser would have to be heavily unmozillaed as well. Plus, it’s just dying, which in itself is a good reason for not choosing FF.
> Its one thing after the other with Googleville as regards chromium, its a monopoly that is not healthy for the end-users, it gives lack of alternatives.
Show me the “opposition”, then. Mozilla has not prevented anything major at the W3C yet, their opposition theater is not yielding any results. And hasn’t for ages.
@IH
> Code developed by Google†does not yet indicate, or even imply, privacy issues. That’s like saying de-googled Android is still problematic even after all connections to Google were stripped from it. Totally idiotic is what this is.
It seems you missed the part where a Brave employee below is talking about how chromium is so difficult to keep private and how chromium is impeding their efforts for more privacy. As usual, you really do have no idea what you’re on about.
As for android, it has always been problematic, its a google project and its ecosystem is built around google playstore. Forking it is stupid IMO. De-googled phones are not the answer, there is poor hardware compatibility, it can not be used on the majority of phones. There are also google proprietrary chips on lots of the phones that forks of android like Graphene can only be used on.
People need REAL-LINUX-OS-CELL PHONES (not psuedo linux like android and its modified kernel) phones with hardware support, kill switches and their own linux app eco system.
Its not there yet, but Librem are the answer, albeit very expensive. People should want better and not settle for android.
> No, Google sponsorship to such a degree obviously also has other implications. For example, when Google tries to nuke adblocking (even system level and network level adblocking that takes place outside of the browser) via “web bundlesâ€, Mozilla, the Google slave, deems it “non-problematicâ€, while e.g. Brave opposes it:
> Chromium-based browsers can choose to disable Google-crafted web standards while Firefox can choose to both implement and enable them. This is what you refuse to understand. That Firefox has its own engine is not a guarantee for anything.
Those web standards were a proposal from googleville, nothing is final, there will likely be serious resistance against such proposals when googleville starts REALLY pushing it. As long as there are ads, people WILL want to BLOCK them. One way or the other. As long as people will use FF lots of them will want to block ads.
Googleville wishes ads could not be blocked, but the internet is pandoras box at this stage. “ITS CLOSING THE STABLE DOOR AFTER THE HORSE HAS BOLTED”
Some Mozilla devs PROPOSED that such a PROPOSAL was non problematic, So what? nothing is final and if FF did go that way, it really would kill itself off. It would lose loads of users. Its good to keep an eye on it, but nothing is final yet, its only proposals. Users would cause a backlash and mozilla could cater to the users.
> Mozilla follows Google’s lead
Mozilla follows their own lead. If they followed googles lead then they would be using chromium instead of Gecko.
> Show me the “oppositionâ€, then. Mozilla has not prevented anything major at the W3C yet, their opposition theater is not yielding any results. And hasn’t for ages.
Anything not Google/M$/Apple/Facebook/ is opposition in theory.
Mozilla is the lesser evil, for now at least. I still think Mozilla should end the search deal with Google and rid themselves of any such sponsorship.
But GOOGLE wants it all, its like they are pinning down FF with financial control. Thats why FF is under threat. If that would be gone, then what alternative is there ro google browser code? Basically little to none, which make googleville a total monopoly which would be a complete disaster.
Brave would hardly be an alternative since they literally are relying on google code.
You seem to care little about such matters, you even said on some other article that you are running ads on your browser so Brave can pay you.
You don’t even have ads turned off! So what the hell are you on about ads and telemetry for?
@Anon7
> It seems you missed the part where a Brave employee below is talking about how chromium is so difficult to keep private and how chromium is impeding their efforts for more privacy.
I didn’t. I never said that making Chromium private is effortless. Making Firefox private isn’t effortless, either. Ask the Tor devs.
> As for android, it has always been problematic, its a google project and its ecosystem is built around google playstore.
Ever heard of F-Droid and microG?
> De-googled phones are not the answer, there is poor hardware compatibility, it can not be used on the majority of phones.
LineageOS is degoogled and has a wide range of hardware compatibility. I call bullshit on that one.
> There are also google proprietrary chips on lots of the phones that forks of android like Graphene can only be used on.
Those are in any smartphone. Nothing you can do about it unless you manufacture the hardware as well.
> People need REAL-LINUX-OS-CELL PHONES
…will never take off.
> Those web standards were a proposal from googleville, nothing is final, there will likely be serious resistance against such proposals when googleville starts REALLY pushing it.
Maybe from Apple, but certainly not from Mozilla. If history is any indication, that is.
> As long as there are ads, people WILL want to BLOCK them. One way or the other. As long as people will use FF lots of them will want to block ads.
Funny that you mention it: Mozilla is not a strong supporter of adblocking. They could have done the same thing Brave has done (maybe by employing, or collaborating with, Raymond Hill), that is including an adblocker natively. Why didn’t they? It’s an easy way to improve their user’s privacy, after all… Oopsie, that’s right, Google sponsors them. I am sure it has nothing at all to do with the decision making at the Mozilla HQ.
Firefox’s tracking protection uses one of the weakest lists they could possibly find (Disconnect), which is an absolute joke in its own right. Their response to Manifest V3 was extremely weak and they will probably implement it as well, if only to maintain API parity with Chromium.
They are silent on the matter of FLoC and actively approve of shit like Web Bundles.
Face it, your white knights are compromised by the Google handouts they receive.
> Some Mozilla devs PROPOSED that such a PROPOSAL was non problematic, So what?
So you think their dev team approving of Web Bundles is unproblematic? LOL.
> nothing is final and if FF did go that way, it really would kill itself off. It would lose loads of users.
“We have to enable it! More and more websites are using it!” – This will be their excuse, wait and see. Face it, they are ultimately no better than Chromium forks. Chromium forks can disable Web Bundles, but if more and more websites start adopting this, e.g. Brave will have little choice but to enable it. Mozilla too, will then implement and enable it. Use your brain.
> Mozilla follows their own lead.
LOL, their track record so far tells you otherwise.
> If they followed googles lead then they would be using chromium instead of Gecko.
Not necessarily, they are still useful as pseudo-opposition for people like you, people who fail to realize that they will be implementing whatever Google comes up all the same.
> Anything not Google/M$/Apple/Facebook/ is opposition in theory.
But only “in theory”. Again, show me their track record of stuff they have successfully opposed. I’ll gladly listen.
> But GOOGLE wants it all, its like they are pinning down FF with financial control. Thats why FF is under threat. If that would be gone, then what alternative is there ro google browser code?
There would still be Safari, but ultimately, it doesn’t matter. Google can strongarm Firefox into implementing things just like they can strongarm Chromium forks into enabling things.
> Basically little to none, which make googleville a total monopoly which would be a complete disaster.
How would it differ from the current situation? I am being serious here, Mozilla hasn’t successfully opposed anything, and I doubt that they even want to.
> Brave would hardly be an alternative since they literally are relying on google code.
It doesn’t matter. As I said, Firefox can be forced to implement and enable things just like Brave can be.
> You seem to care little about such matters, you even said on some other article that you are running ads on your browser so Brave can pay you.
I care, but I am a realist and not a dreamer who can’t point to any viable track record and still claims some uninformed BS like “We are the opposition!” and so on and so forth…
I can enable Brave Rewards just like any other Brave user can, but believe me, the financial incentive (amounting to 5 bucks per month, if that) is not my motivation when I refute your BS, because the $$$ per longwinded bullshit refutation ratio would be abysmal.
> You don’t even have ads turned off! So what the hell are you on about ads and telemetry for?
Brave’s internal Ads are not the same as online ads, there is no technical similarity. But hey, ignorance is bliss. And again, nobody is forced to use this in Brave, it’s disabled by default.
@Iron Heart, actually your buddy site opposes to use LineageOS and microG. https://madaidans-insecurities.github.io/android.html It says to use GrapheneOS which is fine but actually resist users to use LineageOS and microG. Wow also that article suggest to use the most ungoogled smartphone on earth-Pixel 3. To say that site is interesting is an understatement.
@Yash
You need microG if any of the applications you run require Google Play Services. Simple as that, if none of your applications need it, then you don’t need to install it and the discussion is moot. GrapheneOS is of no use to you if your smartphone is not a Pixel (for which GrapheneOS is the best choice). This discussion, too, might be moot depending on your model.
The world is only as complex as you make it out to be, apparently.
Every App requires Google Play Services, so naturally also microG if one has removed Play Services.
@Yash
> Every App requires Google Play Services, so naturally also microG if one has removed Play Services.
Factually wrong. Read up on F-Droid and then we’ll talk.
@Iron Heart
If you want to use every functionality of an app assuming someone has F-Droid and Aurora Store, because let’s face it there are many apps which are Play Store exclusive which also need Play Services for even some basic tasks then you need microG. Signal is a prime example of not dependent on Play Services if somene has removed it from system but not all apps not even some basic ones are same, but I suppose if someone is living in a bubble using only select apps from F-Droid then you don’t need microG but then thats not what microG is all about, is it?
@Yash
As I said, if one does need microG, then any discussion of its weaknesses is pretty much moot (or pure theory without practical consequences). When you need it, you need it. Nothing wrong with that. Not sure what you are on about.
@Iron Heart
Now you said it “pure theory without practical consequences”. I have absolutely no problem with anyone using anything or saying anything but when Its for other people, I would rather back it up with real world scenario. The site you mention for most things says something in the lines of This is not secure or it doesn’t have sandbox containers. Clearly that website guy is in love with sandbox container word as he/she suggest to basically use Windows or Mac but not Linux because of some weird issue, Pixel 3 or iPhone devices but not anything else. I mean XDA guys are jerks who develop custom ROMs for different models and check everything to make sure its secure if I go with that website wording you mention. Https is everything, VPNs especially No Logs Ram disk mode are a waste according to that website.
You use whatever you want and share anything you want but maybe try to atleast take a look at different picture and check real world scenario or better real world incidents.
@Yash
I actually don’t know what you want to hear from me. What you say is logical and I never argued against that.
If you need to use something, you need to use something. It’s OK, you probably have your reasons. What you use may have security issues (and I think madaidan is accurate in his analysisI), but this is only relevant when there is an actual alternative doing the very same thing (e.g. Firefox vs. Chromium), not in such cases like microG.
@IH
> Making Firefox private isn’t effortless, either. Ask the Tor devs.
Standard FF has improved because of privacy toggles designed by the tor project.
Privacy resist fingerprinting came from tor. If Mozilla did not care about privacy features then they would not have implemented that config option.
Meanwhile back in googleville, chrome implements none of the privacy respecting features that brave has done with chromium.
Mozilla = Lesser evil.
> Ever heard of F-Droid and microG?
Ever heard of not depending on a product of google (android) and its shit eco-system thats locked in. F-Droid and such are band aids to google chaos!
Why even use google if theres nothing else available, i would rather use nothing than something built around googles ball court.
> LineageOS is degoogled and has a wide range of hardware compatibility.
De-googled phones largely depend on old hardware and have to wait a year or two for new hardware compatibility. Loads of proprietrary chips and no hardware kill switches. No assured shut off for bluetooth at the hardware level. Dumbphones are not built for privacy. Librem are the exception.
> Those are in any smartphone. Nothing you can do about it unless you manufacture the hardware as well.
Librem are an exception to the rule, there is more oversight on the hardware involved.
> will never take off.
It has already taken off as many have placed orders from purism for such a product. There is clearly a demand for a superior dumbphone.
> Maybe from Apple
Apple are not resistance to big tech, they are big tech.
> Mozilla is not a strong supporter of adblocking.
If that was truth, then they would not allow UBO to be advertised all over their addon site. FF is all about the extensions, mozilla knows its base.
Meanwhile grumpy google is finding all sorts of ways to impede the UBO extension in sneaky ways.
> white knights are compromised by the Google handouts they receive.
Google has their claws in, but not compromised because FF is technically superb as a browser. All mozilla needs to do is shake off google search deal, their looking into other sorts of revenue like VPN is a start.
Your doom and gloom BS is way off to be honest.
> So you think their dev team approving of Web Bundles is unproblematic? LOL.
Nothing is final and nothing will be like how you describe. Proposals are just proposals, there will be resistance and FF will cater to it most likely. Or else it loses its users. Simple as.
> We have to enable it! More and more websites are using it!†– This will be their excuse, wait and see. Face it, they are ultimately no better than Chromium forks. Chromium forks can disable Web Bundles, but if more and more websites start adopting this, e.g. Brave will have little choice but to enable it. Mozilla too, will then implement and enable it.
Its not going to be what you think, you fear merchant.
As long as there are ads, people will find ways to block them effectively. As long as tech-gods like Gorhill are around there will be a way.
Your doom and gloom is very negative, no positive outlook at all.
> they will be implementing whatever Google comes up all the same.
Thats funny, last time i checked FF was using Gecko not chromium.
> But only “in theoryâ€. Again, show me their track record of stuff they have successfully opposed
They have successfully opposed being a closed source browser like the smelly ogre that is chrome and the pile of shit that chrome was built from, “chromium”
> There would still be Safari,
Safari is big tech. Big tech are all in bed together.
Funny how you think that all these big tech companies are not carbon copies of each other with the exact same agendas AI AI AI AI its off to AI They go, Surveillance everywhere as long as you use their shit.
> How would it differ from the current situation? I am being serious here, Mozilla hasn’t successfully opposed anything, and I doubt that they even want to.
Lesser evil.
> Firefox can be forced to implement
Last time i checked, Google does not own mozilla.
> the financial incentive (amounting to 5 bucks per month, if that) is not my motivation
Then why did you say you get paid by Brave in the other article? Why have them on at all if there is no financial incentive? LULZ.
> And again, nobody is forced to use this in Brave, it’s disabled by default.
Are downloading of ad lists off by default? If they are not then there should be a toggle to turn it off before the browser is ever online.
@Anon7
> Privacy resist fingerprinting came from tor. If Mozilla did not care about privacy features then they would not have implemented that config option.
Except that you are only sticking out if you enable this. RFP should have stayed in Tor where it belongs, where it is enabled by default for a reason… As it is, a minuscule amount of Firefox users enable this and are pretty much unique with that on the websites they visit (plus they might differ for other settings in detectable ways). It is detectable on the network level that they don’t use Tor.
> Mozilla = Lesser evil.
Bought and paid for by Google. They are just a proxy of the original evil, a weak fake opposition existing for people like you.
> Why even use google if theres nothing else available, i would rather use nothing than something built around googles ball court.
Short answer: Third party app support.
Which is ridiculous on Linux smartphones compared to Android. Same reason why Windows Mobile died back in the day – no apps.
> Dumbphones are not built for privacy. Librem are the exception.
Librem is hampered by Linux (no apps).
> It has already taken off as many have placed orders from purism for such a product. There is clearly a demand for a superior dumbphone.
I am not saying that there aren’t any enthusiasts buying this, I am saying that it will never go beyond 1% market share because no apps.
> Apple are not resistance to big tech, they are big tech.
…and still opposes Google at the W3C more often than Mozilla does. What does that tell you? Besides, there are conflicts of interest. Apple hates web apps because that threatens their App Store revenue. Google’s power wouldn’t be harmed by a transition to web apps. Just one example.
> If that was truth, then they would not allow UBO to be advertised all over their addon site. FF is all about the extensions, mozilla knows its base.
Their silence over FLoC and their support for Web Bundles is damning. They never included uBlock Origin or any other adblocker natively, which would greatly enhance the usage numbers o adblockers. Brave did. Because they are standing on their own feet financially and don’t have to appease Google for funds.
> Google has their claws in, but not compromised because FF is technically superb as a browser.
It’s a failing browser for a reason.
> All mozilla needs to do is shake off google search deal, their looking into other sorts of revenue like VPN is a start.
Their VPN will never go anywhere. It’s actually run by Mullvad, not by Mozilla, they are just slapping their brand onto it. So the biggest share of the revenue generated also goes to Mullvad as per the deal they brokered. It’s a “new” VPN entering into a saturated market and is not even available in most regions. Another DOA project for the Mozilla project graveyard, this will never replace the Google search deal. Not by a long shot.
Which is ironic, considering that Mozilla was around at the time when VPNs were taking off. They could have carved out a share of the pie for themselves 15 years ago, but alas stupidity. 2021 is definitely too late for this, at least if it’s meant as a main source of revenue.
> Nothing is final and nothing will be like how you describe. Proposals are just proposals, there will be resistance and FF will cater to it most likely. Or else it loses its users. Simple as.
Wait and see, another entry in the Mozilla history of turning against user interests is about to be added. I already told you why.
> As long as there are ads, people will find ways to block them effectively. As long as tech-gods like Gorhill are around there will be a way.
There are limits for Gorhill as well. Manifest V3 is a limit for his extension that he can’t overcome because the APIs no longer allow for it. The idea of Web Bundles is to serve the website as if it were a PDF, as a monolithic entity. Including the ads and tracking, obviously. You’d have to reverse-engineer every website to block this if that is even feasible. It will be the end of adblocking, even adblocking at the system or network level yet unaffected by Manifest V3. Mozilla is supportive of this. Browser of the people.
> Thats funny, last time i checked FF was using Gecko not chromium.
And? That doesn’t help you one iota. They can implement and enable Web Bundles all the same, just in Gecko instead of Blink. They have also implemented DRM despite claiming they never would, lol.
> They have successfully opposed being a closed source browser like the smelly ogre that is chrome and the pile of shit that chrome was built from, “chromiumâ€
Chromium is not closed source. The open source nature of Firefox does not mean that they won’t implement Google’s proposals. Totally unrelated.
> Lesser evil.
Google-sponsored Deplatformingfox is not the lesser evil compared to virtually anything.
> Then why did you say you get paid by Brave in the other article?
Because that is possible for every Brave user out there, look up “Brave Rewards”.
> Why have them on at all if there is no financial incentive? LULZ.
OK, what does the small amount of BAT have to do with the time I uselessly invest debunking your bullshit? If you think the former can possibly be the incentive for the latter, please compare the amount of BAT possible per month with the time sink that is debunking your bullshit and draw your conclusions.
> Are downloading of ad lists off by default? If they are not then there should be a toggle to turn it off before the browser is ever online.
Do you realize that the feature needs a current list of “ads” (that is, in Brave’s case, system notifications) in order to be operational when enabled, right? Anyhow, I don’t think you have any right whatsoever to whine about Brave Rewards when the same thing is happening in Firefox (Pocket Stories). That is still hypocrisy of the highest order, I hope you realize that.
Company Overview & Core Offering
Brave is the first global digital ad platform built for privacy, offering advertisers the opportunity to participate in a premium, brand safe, and opt-in ad ecosystem, designed for a future without 3rd party cookies
Media Kit — https://brave.com/brave-ads/assets/Brave_Media_Kit.pdf
Stop whining & spreading false narratives about censorship
Brave is a lot more private than Google-sponsored Firefox. Keep praying Google doesn’t stop paying Mozilla’s bills so you can keep dreaming you’re using a private browser. What a joke.
> Brave is a lot more private than Google-sponsored Firefox.
FF/Tor is more private than Brave will ever be. As of now the most private browser is Tor browser (In the opinion of privacy professionals) and it uses firefox.
Hardened basic FF with all outbound connections stopped is more private aswell than Brave depending on platform.
FF can be set up to literally do nothing privacy invasive.
Brave was leaking DNS through their shit tor implentation. They make out their browser to be this privacy juggernaut but yet it leaked its users behind crap implementation of the tor network.
Lots of incompetence for something that calls itself a privacy browser.
@Anon7
> FF/Tor is more private than Brave will ever be.
The Tor Browser Bundle? Yes, it’s a special purpose browser after all. Privacy is paramount there, even if websites break as a result. Not surprising that it is the most private.
Default Firefox? LOL, nope. Privacy nightmare.
Modified Firefox? Fingerprinting magnet. Enjoy being unique as fuck.
That’s the truth.
> As of now the most private browser is Tor browser (In the opinion of privacy professionals) and it uses firefox.
I have told you this repeatedly already, and I am doing it once more, although I know that it’s in vein and a total waste of time: The SOLE reason why Tor uses Firefox is because the project PREDATES Chromium, the choices back then were literally Firefox and Internet Explorer. Internet Explorer was out of the question due to its closed source nature and its integration with Windows. Leaving only Firefox.
Since then, they have written their patchsets for Firefox and have no reason to undergo a rewrite of all their patches for Chromium, until the day Mozilla terminates Firefox development.
Technical considerations in regards to Chromium played NO ROLE because they are STUCK with Firefox.
If anything, Firefox’s lack of non-theater exploit mitigations has led to the de-anonymization of Tor users via malware more than once. Firefox is an easy target and comes back to bite Tor again and again. Not that such irrelevant details are of any importance to you, just saying…
> Hardened basic FF with all outbound connections stopped is more private aswell than Brave depending on platform.
“Hardened Firefox” = Happy Fingerprinting for advertisers. Stupid as fuck idea. Hence why Tor exists with a – compared to Firefox, anyway – sane default configuration, which is NOT to be changed precisely to avert the fingerprinting risk.
Here, learn something (just kidding, I know the chance is low):
https://old.reddit.com/r/privacytoolsIO/comments/iepjwh/wont_reducing_your_browser_fingerprint_have_the/
> FF can be set up to literally do nothing privacy invasive.
You can set it up to be fingerprintable as fuck but not much else.
> Brave was leaking DNS through their shit tor implentation. They make out their browser to be this privacy juggernaut but yet it leaked its users behind crap implementation of the tor network.
Dude, at least they fixed the bug upon reporting. Bugs do happen, please understand that. Firefox still leaks its unique extension IDs and Mozilla fails to fix this so far:
https://bugzilla.mozilla.org/show_bug.cgi?id=1405971
https://bugzilla.mozilla.org/show_bug.cgi?id=1372288
That’s as bad, if not worse, as the historical Brave bug, yet no fix in sight. Perhaps you should clean up your own house first before dilluting the next.
Besides, since Tor is currently STUCK with Firefox and since a Chromium-based browser CANNOT generate the fingerprint of a Gecko-based browser no matter the competence of the devs (and before you ask, no, this is not because Gecko is somehow “superior”, this is just because the two engines differ significantly in their rendering), you would be STUPID to consider Brave as a Tor replacement. The “Tor mode” is just for hiding the IP address of the user, nothing more, nothing less. They even explicitly say that once you open the Tor window of Brave. It’s not a secret.
Brave is a general use browser. So is Firefox. They are NOT Tor.
> Lots of incompetence for something that calls itself a privacy browser.
Still more private than Firefox in terms of the defaults. Happy fingerprinting if you change FF’s defaults.
On a more personal note: Your clueless rants are becoming tiresome. In the least thread, where you mindlessly ranted the very same things like a broken record, I didn’t even bother to reply anymore. Which is saying a lot considering that I am usually trying to reply to points people raise in response to my comments. You should read up on various topics. You really, really should. You should also be able to provide sources for your lofty claims if they are being requested. Until this happens, I categorically refuse to take you seriously. The claims you come up with out of nowhere and your repetitiveness of those uninformed claims is just annoying.
@IH
> Default Firefox? LOL, nope. Privacy nightmare.
Privacy nightmare? Nope!
A default FF with its basic tracking protection and most of the telemetry turned off in the general GUI? It is still a secure and generally private browser even in noob mode than lets say to chrome, edge or opera.
FF has also been audited by security experts and the consensus is that its a good secure browser. I’ll trust these experts over your nonsensical drivel “IH”
> Modified Firefox? Fingerprinting magnet. Enjoy being unique as fuck.
Scaremongering BS!
IP and Mac address are the true identifiers.
Browser fingerprinting is largely irrelevant, most of it useless without javascript enabled and depending on browser and what config it has.
Those browser fingerprinting sites have a tiny data set of which to test the fingerprint of a browser. They usually only have a few million in the data set, those tests are not accurate and do not paint the complete picture, there are billions of browsers across the web so loads upon loads in theory share more or less the same fingerprint. Those testing sites are a load of shit!
Oh some advertising company is tracking your newest browser across some sites. The world has ended OMG please not the fingerprint lol.
Browsers can be compartmentalised.
Also the less unique your browser is anyway, the more likely you are using a more common noob browser set up, with a less private configuration, which is in theory far less private and far less secure than a heavily modified one.
As usual you have little to no knowledge about such things.
> That’s the truth.
Your truth! Believe what you want, it does not mean its true.
> The SOLE reason why Tor uses Firefox is because the project PREDATES Chromium
BS! They use it because it suits their needs. If they thought it was not private and secure they would have used something else a long time ago. They still stick with Gecko!
> Hardened Firefox†= Happy Fingerprinting for advertisers.
The less unique your browser is, the more likely you are using a more common browser set up, with a less private configuration, which is in theory far less private and far less secure than a heavily modified one.
You think fingerprinting is everything, ITS NOT! and FF has good fingerprint protection ALREADY with “Privacy resist fingerprinting”
Your technical knowledge around browsers and threat models is a JOKE!
You believe fingerprinting to be end all and be all. You have been brainwashed around tech. You think that if some supposed technical expert recommends something, that it must be done. It does not have too, a recommendation is only a recommendation, it does not mean its 100% truth.
> Brave is a general use browser. So is Firefox. They are NOT Tor.
FUD, Tor is used as a general browser by millions everyday.
You think you know things, but you really don’t. All you provide is hyperbole.
And yes, i do agree that i sound like a broken record and a parrot when replying to you, because you have no cognitive understanding about how things operate.
Your wall of hyperbole text is some of the stupidest shit i have ever seen on a comment section lol.
@Anon7
> Privacy nightmare? Nope!
Yes it is. It shares your location and download hashes with Google. it uses Google Analytics internally. It has a weak tracking blocker (using the shit Disc connect lists). It allows most forms of prefetching. Fingerprinting defenses are inactive by default. It installs system level telemetry that spies on your default browser even if it isn’t Firefox. It has a backdoor that allows for remote code execution (called “Firefox Experiments” / Normandy). Its Sync requires E-Mail addresses. Leaks unique extension IDs via simple fetch requests. Connects speculatively to websites as you type addresses in the address bar. Uses Cloudflare for DoH (I am sure the DNS entries are safe in their hands!) etc.
Or in short: It’s shit.
> A default FF with its basic tracking protection and most of the telemetry turned off in the general GUI?
“Telemetry off” is not the default. The tracking protection is weak and insufficient even when enabled. Doesn’t even block tracking scripts in non-private windows, which has nothing to do with Google I am sure.
> FF has also been audited by security experts and the consensus is that its a good secure browser. I’ll trust these experts over your nonsensical drivel “IHâ€
Experts admit that Firefox’s exploit mitigations are shite. They didn’t even compete at pwn2own at times because it was literally too easy to, well, pawn and own Firefox.
> IP and Mac address are the true identifiers.
Too unreliable in case of IP address. MAC address yes, but this is insufficient as a sole identifier. It gives you no further hardware information and doesn’t help with website interaction data.
> Browser fingerprinting is largely irrelevant, most of it useless without javascript enabled and depending on browser and what config it has.
It’s a growing tracking technique:
https://www.nytimes.com/2019/07/03/technology/personaltech/fingerprinting-track-devices-what-to-do.html
That JavaScript is off is in itself an identifier. Fingerprinting can happen based solely on CSS:
https://matt.traudt.xyz/posts/how-css-alone-can-help-track-you-YF4ciVY6/
> Browsers can be compartmentalised.
Yes, and it should be done, but this is not the topic here, is it?
> Also the less unique your browser is anyway, the more likely you are using a more common noob browser set up, with a less private configuration, which is in theory far less private and far less secure than a heavily modified one.
Or you use browsers enabling fingerprinting defenses by default, lol. And “less secure” is a nice buzzword, I have not yet seen users make their browsers more or less “secure” (as in: weaken or strengthen exploit mitigations). Less private maybe, depending on browser choice.
> Your truth! Believe what you want, it does not mean its true.
I have substantiated it, it’s not just “my truth”. And you fail to come up with an argument against it that makes any sense.
> BS! They use it because it suits their needs.
No, they use it for historical reasons because it was literally the only choice back then.
> If they thought it was not private and secure they would have used something else a long time ago.
No, that would require them to rewrite all their patches. How feasible this would be in terms of manpower and finances and R&D is anyone’s guess.
Firefox is not private hence why it gets so heavily modified by the Tor project. Firefox’s security (or lack of it) has come back to bite Tor users more than once. Why don’t they drop Firefox then? Read the penultimate sentence.
> You think fingerprinting is everything, ITS NOT! and FF has good fingerprint protection ALREADY with “Privacy resist fingerprintingâ€
It’s off by default and can be used to re-identify you when enabled (ironically), because advertisers can tell on the network level that you are not using Tor yet still use RFP. How many Firefox users have this hidden setting enabled in the wild? Enjoy being highly unique.
> Your technical knowledge around browsers and threat models is a JOKE!
But not as big a joke as yours. At least I can substantiate what I say with credible sources.
> You think that if some supposed technical expert recommends something, that it must be done.
I am perfectly capable of evaluating whether or not an argument makes sense. And their arguments do make sense.
> FUD, Tor is used as a general browser by millions everyday.
Nah. Cloudflare and their Tor blocking alone is a good reason why this can’t be true.
> You think you know things, but you really don’t. All you provide is hyperbole.
Says the one who can’t substantiate any argument.
> And yes, i do agree that i sound like a broken record and a parrot when replying to you, because you have no cognitive understanding about how things operate.
As you would say, that is just “your truth”. Perhaps you should, you know, refute any of the sources I provide, before accusing me of not knowing anything.
> Your wall of hyperbole text is some of the stupidest shit i have ever seen on a comment section lol.
Funny you say that, I thought the same thing about you. And continue to think that.
@IH
> Yes it is. It shares your location and download hashes with Google. it uses Google Analytics internally. It has a weak tracking blocker (using the shit Disc connect lists). It allows most forms of prefetching. Fingerprinting defenses are inactive by default. It installs system level telemetry that spies on your default browser even if it isn’t Firefox. It has a backdoor that allows for remote code execution (called “Firefox Experiments†/ Normandy). Its Sync requires E-Mail addresses. Leaks unique extension IDs via simple fetch requests. Connects speculatively to websites as you type addresses in the address bar. Uses Cloudflare for DoH (I am sure the DNS entries are safe in their hands!) etc.
Yet, it still has been audited by security experts to be a secure and efficient browser. Technical computer professionals, not some whiny ghacks commenter like you IH.
FF at default is still more private than those whose market share is higher. FF is also open source unlike those whose market share is higher.
All that doom and gloom, FF must really have you scared lol. Btw any website that reccommends FF usually has a detailed tutorial to make it hardened and more private. Its not as if its some obscure knowledge to fix mozillas antics.
> Telemetry off†is not the default
Yet a simple toggle is provided to turn it off. The toggle stops a lot of it. Its open source anyway, its not as malicious like you make it out to be. Mr fear merchant.
> Experts admit that Firefox’s exploit mitigations are shite. They didn’t even compete at pwn2own at times because it was literally too easy to, well, pawn and own Firefox.
German experts beg to differ. And mozilla actively rewards people who can find bugs that they can fix.
Your severe hatred of FF is really over the top.
> MAC address yes, but this is insufficient as a sole identifier.
FUD, your technical knowledge is a complete joke.
A mac address is very indentifiable, because they get mapped from cell phones GPS. And cell phones are literally everywhere. Devices using WIFI broadcast their MAC to these dumbphones and that mac gets sent to google and the like because of android and apple phones actively scanning for nearby devices that are broadcasting their mac when they have wifi on.
Geolocation of mac address through using gps on dumbphones.
Thats why if you want privacy don’t use WI-FI use an ethernet capable.
> And “less secure†is a nice buzzword, I have not yet seen users make their browsers more or less “secure
A browser can be made more secure if its set up and hardened correctly. The fingerprint may be more unique, but you are getting better security as a result of increased hardening.
Common sense. Its a trade off.
And fingerprinting sites are very inaccurate. Fingerprinting is not used on every website.
If you want real privacy, stay offline.
> No, they use it for historical reasons because it was literally the only choice back then.
Thats your ignorance again. If they thought it was not good enough, then they would use something different.
You must think them to be clowns? How stupid.
> Enjoy being highly unique.
You do realise that fingerprinting test sites have a tiny data set and their tests are not very accurate?
There are billions of users across the web. So many fingerprints are the same. Also browser compartmentalization.
You are a real fear merchant IH.
> credible sources.
madaidan is not a credible source, its simply a dumbfounded opinion. That is the link you spam the most.
> Nah. Cloudflare and their Tor blocking alone is a good reason why this can’t be true.
Tor has statistics of millions of users connecting to the network through TBB every month. Many use it as their main browser.
All you have is FUD as usual IH.
> Funny you say that, I thought the same thing about you. And continue to think that.
Ok.
Google-sponsored Firefox is in fact so private that it does more third-party connections than their sugar daddy’s Chrome browser and Microsoft’s Edge browser.
https://brave.com/popular-browsers-first-run/
And if you think the article is wrong, go ahead and prove the otherwise, everyone would love to see it.
> Google-sponsored Firefox is in fact so private that it does more third-party connections than their sugar daddy’s Chrome browser and Microsoft’s Edge browser.
Useless test, that was not dynamic and does not tell us a whole lot as it failed to take into consideration different browser set ups.
Their test never took into mind the millions of users who use hardened-FF with all telemetry and outbound connections to mozilla or google dropped.
The attraction to FF for many users remains its strong customization. Brave obviously never took such things into mind because they have an obvious agenda to promote brave as some privacy juggernaut when many beg to differ.
PR fluff and psuedo tests. Cryptocurrency? still no thanks.
@Anon7
> Their test never took into mind the millions of users who use hardened-FF with all telemetry and outbound connections to mozilla or google dropped.
Why would they? You can reduce the connection count of many browsers, not just Firefox. Only the defaults make sense to evaluate. That’s also how most people use their browsers btw.
> The attraction to FF for many users remains its strong customization.
No more XUL extensions, userChrome.css declared “legacy”, killed about:config and most extensions on Android…
> Brave obviously never took such things into mind because they have an obvious agenda to promote brave as some privacy juggernaut when many beg to differ.
Still more private than Firefox.
> Cryptocurrency? still no thanks.
Free money bad! Also, nobody is forced to use Brave Rewards (which are, contrary to Pocket Stories, disabled by default).
@IH
> Why would they? You can reduce the connection count of many browsers, not just Firefox. Only the defaults make sense to evaluate. That’s also how most people use their browsers btw.
When you evaluate a browser you should evaluate not just the default settings but what can be tweaked under the hood. It gives a more complete picture.
That test that brave done does not apply to the millions who modify FF. But thousands or millions must be insigificant going by your logic right?
It was a PR test nothing more to convince noobs about this cool new privacy browser with a cartoon lion for its logo.
Btw a fox is more cunning than a lion. A fox is more private and illusive than a lion. The FF logo and animal of choice is more badass to be honest.
Chuckle.
> No more XUL extensions, userChrome.css declared “legacyâ€, killed about:config and most extensions on Android…
Cry me a river!
> Still more private than Firefox.
You wish!
> nobody is forced to use Brave Rewards
But you feel compelled to turn on all those ads though so you can get free money at the expense of your privacy from using cryptocurrencies likely tied to a non-anonymised wallet.
Enjoy your ads and your crypto party.
@Anon7
> That test that brave done does not apply to the millions who modify FF. But thousands or millions must be insigificant going by your logic right?
Yes, it’s insignificant. Even in relation to Firefox’s overall user count.
And you can’t really compare “modified” browsers because a) anybody could modify it differently even within the browser, so what would be the precise basis of comparison b) where do you think modifications end, does that include external tools like Wireshark and c) ultimately, this is not how most people use their browsers.
> It was a PR test nothing more to convince noobs about this cool new privacy browser with a cartoon lion for its logo.
It’s still more private than FF and a cartoon lion is better than an ever fading fox doing whatever with the globe (wow, what a level of conversation to be had).
> Btw a fox is more cunning than a lion. A fox is more private and illusive than a lion. The FF logo and animal of choice is more badass to be honest.
https://www.telegraph.co.uk/multimedia/archive/01418/lion-fox_1418003i.jpg
> Cry me a river!
You said Firefox is very customizable, but fail to back it up with facts. I highlight recent developments where Mozilla killed customization options and you have nothing to say in response. Nothing more to add, eh?
> But you feel compelled to turn on all those ads though so you can get free money at the expense of your privacy
Don’t think so:
https://brave.com/intro-to-brave-ads/
Anyway, it’s crazy how you ride a non-problematic opt-in(!) feature to death, a feature that uses a technique which Mozilla also uses for Pocket in their browser. You seem to like being an obvious hypocrite.
> Enjoy your ads and your crypto party.
Enjoy Pocket which does the same thing without giving you any benefit in the process.
@IH
> Yes, it’s insignificant. Even in relation to Firefox’s overall user count.
Going by your logic, no one at all uses a hardened FF.
Those users are tiny and don’t matter according to you, even though such numbers are in the thousands if not millions.
Countless websites just post hardened FF tutorials for the fun of it going by your logic.
Your crusade against FF is rather pathetic to be honest with you. Pure fear merchant drivel.
I usually don’t comment because my english is little weak but Thank you and it’s great to finally see someone who understands whats he talking about.
Its a good thing that Brave never even allowed FLoc in the first place just like Bromite. But I use Firefox and the main reasons I don’t use Brave(by the way I have Android as my daily driver) is, 1. No option to change timezone which Bromite has, 2. User agent shows device name in default settings, actually in one version(I think it was four weeks ago) Brave started to show only android version but then in next update again started showing Device name in next update, and I know I can change User agent in chrome://flags but its the default setting I’m talking about just like in Bromite because then I can also change things in Firefox if I go in customisation options, 3. Showing a pop up for downloading apks when I have turned off Safebrowsing, 4. Using Password manager in Brave, Bromite or even in Chrome is nightmare as Bitwarden can’t read website and don’t tell me its more secure this way, 5. No option to turn off optimized versions of sites it loads like in Chrome when clicking through Google search, by the way Bromite loads full version just like Firefox, 6. No option to turn off Connections which are visible in Browserleaks.com javascript page and also no option to turn off referrer.
I use Fennec from F-droid with all the options enabled in about:config from Restoreprivacy Firefox guide and PrivacyTools Firefox guide and also use only one add-on, Ublock origin in hard mode. I also use Tor Browser(not as daily driver) and Firefox for login and Bromite as backup if a website is not loading properly in Firefox(so far only website which doesn’t load properly in Firefox is wizardingworld home page but then its login page doesnot load normally in Chromium browsers especially its Patronus page, so its a lose-lose situation).
I have no hate against Brave but if someone has knowhow of its functions more, feel free to help in above mentioned points.
Brave shuts off what they can in Chromium and filters the rest with a proxy. IOW, your requests go through a Brave server/filter before moving on.
Nothing wrong with this approach, it’s common. AdGuard does the same thing and works with any browser.
Chromium’s an ad server, the code can’t be changed much. No telling what a page will display on a phone. They’re ad servers, too, browsing on one is miserable regardless of browser. Scroll, scroll, scroll…
The combo we’ve found works best is Android AdGuard and Focus. Focus has become more complete but is still very basic and we just don’t browse much on phones.
AdGuard and Bromite might be what you want; I found that combo worked well.
Some advice. If you need Tor, don’t use it on a phone. Consider anything done on a phone to not be private no matter what precautions are taken; they’re regulated differently than computers.
Thanks @ULBoom, but my phone is a bit older so it doesn’t support Adguard, infact in some heavy websites it started crashing maybe a year ago and then after that I started paying attention to ads, trackers and reducing performance.
Yeah I normally don’t use Tor, infact its used by me in maybe once or twice a month, but I still don’t understand how someone here in comments section can say Hardened FF is more unique, I mean last time I visited Browserleaks.com with Brave, its fingerprint was closer to Chrome than Bromite, and since I use Ublock origin in hard mode in Fennec all the trackers also get blocked which saves me a whole lot of internet usage, plus in Deviceinfo.me, Fennec’s information is much closer to Tor Browser than say any Chromium one. Funny isn’t this.
Also when some people say Firefox is sending telemetry and all that, I use TrackerControl from F-Droid and so after turning off Telemetry and Leafplum or whatever, I have yet not seen them getting active again even after multiple updates.
Big “Tech” has become a malevolent nation-state. This stuff is going to get worse and worse.
“Tech” is now despised more than politicians. Maybe when terrorists look good compared to these ad companies, something will be done.
Or not.
@ULBoom: In some countries (*ahem*), Big Tech at least *appears* to be giving politicians their marching orders. The unchecked power to *erase you* from dominant platforms is not something to be trifled with. Conglomerate-busting and a common-carrier approach (Net neutrality, Web neutrality, hosting neutrality, and platform neutrality) are the solutions, but I wouldn’t hold my breath waiting for certain governments (*ahem*) to pursue them.
Brave Inc. Marketing Gibberish whistling past the graveyard:
versus REALITY
@Emil Brausewetter: It could be confirmation bias talking, but that quote from the House Antitrust Report struck me as hitting the nail squarely on the head. Brave (and Tor Browser and tiny Pale Moon) seem to at least be *trying* to mitigate Alphabet/Google’s monopolistic, privacy-demolishing takeover of the Web, with no help from antitrust-enforcement authorities so far.
@Emil Brausewetter
Thanks for that.
> We urge Google to join the other browsers, experts, and activists working to make the Web user-first.â€
— brave.com/why-brave-disables-floc/
Naivete in action. They actually must believe they can control Aplphabet Inc/Google?
As if Google cares for the end users privacy? Please! Google are balls deep into surveillance and AI projects.
This all goes to show how naive Brave is. Its like the mouse telling a cat to not be the cat.
A mouse is no match for the cat.
“Chuckle”
>>> “They actually must believe they can control Aplphabet Inc/Google?”
No!
You have to distinguish between the marketing and development departments, the latter is certainly very aware of what the bell has rung.
Assuming @Anonymus comment is genuine, you should note that both quotes are from employees of Brave Inc. and demonstrate how perceptions can vary even within an organization.
Not to mention the confused perception on this forum, a forum, which is systematically torpedoed by a certain ignorant faction, leaving any approach of fair debate to moulder in the mire of the browser war trenches. This nonsensical battles fools you back into that bygone era.
Today we are faced with the following circumstances. The top five US companies by market capitalization are all tech companies. Of the five, two are the pioneers of surveillance capitalism: Google and Facebook. Two began as more traditional sales-oriented firms that later diversified into surveillance capitalism: Microsoft and Amazon. The fifth, Apple, has been reluctant to embrace surveillance capitalism. Apple’s current move into digital services will reveal a great deal about its resolve on this front.
Even more important than the world-historic wealth amassed by these companies is the public’s growing sense of the secrecy and vast complexity of their operations that have so far eluded any form of control.
And this control is not achieved by ghacks pundits crusade lamenting about “3 pixel monitor real estate” …
I work for Brave (I am the “Senior Privacy Researcher and Director of Privacy”, the title is a mess), so take this with a grain of salt, but you might be interested to know that the quote you pulled from the “US House Antitrust Report” is literally (in the true definition of literally) from me, during my time at Brave.
All these things are true:
– Google makes it hard to do privacy on the web and in Chromium
– Brave makes large changes to make Chromium dramatically more privacy respecting [1]
– We could do even more privacy protection if we didn’t have to deal with so much crap from upstream
1: https://github.com/brave/brave-browser/wiki/Deviations-from-Chromium-(features-we-disable-or-remove)
@ Brave’s “Senior Privacy Researcher and Director of Privacy”
why are you still leaking canvas over a year after implementation
> why are you still leaking canvas over a year after implementation
…and dead silence… crickets… tumbleweeds… what a shit show
Just a quick spell check autocorrect issue…
would **fine** heavy opposition I think it’s FIND, but it might be nice if it really was a fine!
Keep up the good work. Always an email summary I read daily!
If you want privacy you don’t use a browser based on Chromium.Hardened Firefox leaves Brave in the dust.
@Tony
“Hardening Firefox” – a great idea? More info here:
https://madaidans-insecurities.github.io/browser-tracking.html#configuring-the-browser
https://old.reddit.com/r/privacytoolsIO/comments/iepjwh/wont_reducing_your_browser_fingerprint_have_the/
https://old.reddit.com/r/GrapheneOS/comments/ciizae/vanadium_and_bromium_privacy/ev6m2ot/
> If you want privacy you don’t use a browser based on Chromium.
You also don’t use Firefox.
Look Iron Heart guy, I have absolutely no problem that you use Brave and tell people its benefits. Atleast you’re not telling them to use Opera or Chrome. But since you are anti-firefox I would love to know why Brave fingerprint in Browserleaks.com is much closer to Chrome than Bromite in Android phone. Also you say Tor is based on Firefox because its team back then had no choice. So you’re trying to say if some other people form their own organisation backed by money from good sources then they would achieve same level of anonymity if they use open source Chromium as a Tor Browser base. How ironic!
Also you always mention certain links, when I visited the website madainwhatever, it says an up-to-date Iphone is comparable to Graphene OS in Pixel 3 https://madaidans-insecurities.github.io/security-privacy-advice.html, wow very insightful. Your reddit threads also can’t prove anything especially about content blockers.
I use Fennec with some tweaks in about:config from restoreprivacy and privacytools page with Ublock origin hard mode and that takes only 10 minutes to set up. And I only trust Bromite as only Chromium browser. Brave is good but stop spreading hate. Brave doesn’t even hide device name in user string like Bromite by default, let alone referrer information, connection information and what not.
@Yash
> But since you are anti-firefox I would love to know why Brave fingerprint in Browserleaks.com is much closer to Chrome than Bromite in Android phone.
Please be more specific, which exact results are you referring to? Maybe then I can try and discuss it (or point you to articles that discuss it).
> Also you say Tor is based on Firefox because its team back then had no choice. So you’re trying to say if some other people form their own organisation backed by money from good sources then they would achieve same level of anonymity if they use open source Chromium as a Tor Browser base. How ironic!
It’s not ironic at all. Tor could be based on Chromium. There would be roadblocks, but since Chromium is open source, it would fall within the responsibility of the Tor team to resolve those in their own fork. Nobody else will do it for them. Not sure what amount of work would be required, but I am rather certain that it won’t be seriously considered anyway until the day Mozilla terminates Firefox development (because Tor can run off of Firefox until then).
> Also you always mention certain links, when I visited the website madainwhatever, it says an up-to-date Iphone is comparable to Graphene OS in Pixel 3 https://madaidans-insecurities.github.io/security-privacy-advice.html, wow very insightful.
It is a comparison of the state of hardened Android vs. iOS, but yes, there are more detailed and more insightful comparisons:
https://old.reddit.com/r/GrapheneOS/comments/bddq5u/os_security_ios_vs_grapheneos_vs_stock_android/ekxifpa/
> Your reddit threads also can’t prove anything especially about content blockers.
Yeah, because they are not about content blockers. They are about the fingerprinting consequences of “hardening Firefox” and give some insight on why this might be a bad idea. There is this wrong concept out there that reducing your attack surface (e.g. by shutting down fingerprinting vectors) will protect you from fingerprinting, which is not entirely correct, because “0” or “no result” are also recordable results and you are likely unique with those because hardly anyone else bothers in the same manner you do. Reducing the attck surface has its place but it is not doing what some people think it’s doing.
> I use Fennec with some tweaks in about:config from restoreprivacy and privacytools page with Ublock origin hard mode and that takes only 10 minutes to set up. And I only trust Bromite as only Chromium browser.
Good. Nothing wrong with that.
> Brave is good but stop spreading hate.
I am confronted with non-arguments that makse me angry, sorry to hear that it sounds like hatred. I think many things uttered here in this thread are factually wrong.
> Brave doesn’t even hide device name in user string like Bromite by default, let alone referrer information
As far as device name (model name) goes, I am not sure if it’s better to hide it provided that you use a popular phone. You likely stick out by hiding that info, and in most cases it would be better to reveal it. Not sure what Bromite’s motivations there are, would have to look into it.
As far as referrers go, I think all current Chromium-based browsers including Brave are adhering to a strict origin when cross origin policy:
“Referrer values are capped to strict-origin-when-cross-origin and can only be tightened by referrer policy, not weakened.”
source: https://github.com/brave/brave-browser/wiki/Deviations-from-Chromium-(features-we-disable-or-remove)#modified-features-and-functionality
Further reading:
https://brave.com/privacy-updates-5/
> connection information
What do you mean? Please be more precise? IP address? Type of network?
If you mean the IP address, then this can’t be resolved without a VPN or routing through the onion network. That is not the browser’s responsibility.
@Iron Heart, I believe you would have seen that tweet from Edward Snowden when he said about browsing in Smartphone and the last line was “Still I would be better off with Laptop” well I believe that if certain big organisation want to track me, it eventually will regardless of whether I’m using laptop or smartphone, simple default setting in any browser or even a hardened one. But what I can do is change few setting and then save my bandwidth and even if they are tracking me, show them finger and Big F by installing content blocker and blocking their content.
Brave by default should atleast hide device name, connection type like 3g or 4g or wifi and should give atleast an option to disable webgl along with hiding referrer information. It also shows warning when I download apk like Chrome even though I have safebrowsing disabled. I have no problem with its Ads system because I can disable it, simple as that like telemetey in Firefox.
And then about that madainwhatever website, when I said very insightful I was being sarcastic. Look that website admin is more intelligent than me, but he seems to me more like making an opinion first and then juggling the facts around. He even said to use Pixel 3, I mean that’s hilarious. He says to not use microG, LineageOS, Linux, even VPN as in one article he said https is everything.
I usually visit restoreprivacy.com and it recommends Hardened Firefox and Brave along with Bromite for smartphone users. And I go along that route. Plus Firefox is not that evil as you think. There are advantages of using certain measures to stop fingerprinting and content blocker. My old smartphone felt shiny new and blazing fast to me when I started giving attention to privacy and taking measures to reduce my fingerprint and memory usage of browser by switching away from Chrome and then going to this route of using private and secure browsers.
@Yash
> I believe you would have seen that tweet from Edward Snowden when he said about browsing in Smartphone and the last line was “Still I would be better off with Laptop
In principle, yes, because computers are much more configurable and there is a greater variety of (more advanced) privacy protection including a wider OS choice. However, there are VERY private smartphone operating systems like GrapheneOS, so I think better privacy protection is possible there as well.
> certain big organisation want to track me, it eventually will regardless of whether I’m using laptop or smartphone, simple default setting in any browser or even a hardened one.
That’s true in case of a three letter agency, yes. The precautions to prevent this (if at all possible) would have to be extreme. However, what is typically discussed here at gHacks is protection from advertisers on the WWW and I think you can shield yourself relatively well from that.
> Brave by default should atleast hide device name, connection type like 3g or 4g or wifi and should give atleast an option to disable webgl along with hiding referrer information.
My main man, I am not sure if all of what you propose is a good idea.
1) Model name
Typically, the user agent on Android would contain the model you use. If it’s a very popular model like the Samsung Galaxy series, you can rest assured that millions of people will share this user agent string (with included model). Now, if you hide the model name from the user agent string, like Bromite does, this can be seen by the website you are visiting. They won’t know which model you use (unless they do advanced hardware fingerprinting), however, you stick out with that! I am not sure that this is a privacy improvement, in most cases it would be better to state the model because millions of people share this user agent, whereas you will be (almost) alone with the model hidden.
2) Connection type
That too, is usually revealed. And millions of people provide the same information. If you hide it, you stick out. Same problem as the model name all over again. Not sure how this is a privacy improvement, denying them this info at the cost of sticking out?
3) WebGL disabled
…is a recordable result and you stick out with that. I think it’s better to randomize here, in theory. To provide slightly different values in each session.
4) Hiding referrer information
Not necessary, IMO. Brave is already strict origin when cross origin, meaning that the website you are coming from is already shielded from the website you visit next. Do you mean sending no referrer at all? Again, you are sticking out (this time for no reason, because the relevant part is already hidden) and this might(!) also break stuff.
> It also shows warning when I download apk like Chrome even though I have safebrowsing disabled.
While annoying, I think this is unproblematic considering that it’s not SafeBrowsing. This is clearly done for noobs who cluelessly download malicious APKs. But yeah, perhaps they should offer an option to disable the warning UI. Have you reported this on their GitHub, they are usually responsive there…
> And then about that madainwhatever website, when I said very insightful I was being sarcastic.
I know, and there are more elaborate articles on each topic most certainly, but the general idea of madaidan is usually correct and reasonable.
> He even said to use Pixel 3, I mean that’s hilarious.
Why is it hilarious? Pixel phones are very custom ROM friendly. And some variants like GrapheneOS are very privacy-oriented. I think we do not need to discuss the default ROM from Google, right? Pixels are interesting because of custom ROMs.
There are also hardware-related reasons why e.g. GrapheneOS only runs on Pixels:
https://old.reddit.com/r/GrapheneOS/comments/htwm9t/why_is_grapheneos_supported_only_on_pixels/fyjjq9z/
Now, what you can’t undo is the device’s firmware, but then again, you also can’t undo this in any other Android smartphone, either. I see no reason to trust e.g. Samsung, Huawei, or OnePlus any more or less with this than Google (who might still be involved regardless).
Linux smartphones are a joke because no apps.
> He says to not use microG, LineageOS, Linux, even VPN as in one article he said https is everything.
I don’t think this is an accurate reflection of what he says. He is hinting of security issues of each of these and he also hints at their wrong application in everyday use, for example, VPNs are not a replacement for Tor.
In the end, if you need to use something, even a critique of specific issues might be moot. If an Android app requires Play Services, you’ll need microG on a Custom ROM at least. Simple as that. Even if there are issues, you’ll need it. Full stop.
The only time where it is not moot is when there are viable alternatives doing the same thing, e.g. Firefox vs. Chromium.
> I usually visit restoreprivacy.com and it recommends Hardened Firefox and Brave along with Bromite for smartphone users.
Which is correct per se. I’d say Fennec F-Droid over Firefox because…
https://old.reddit.com/r/privacy/comments/blt6ft/mobile_firefox_app_shares_your_data_with/
…but other than that, yes.
> Plus Firefox is not that evil as you think.
Default Firefox definitely has privacy issues, hence the mitigation guides you find everywhere. Browsers like Brave have better defaults. Whether this qualifies for the term “evil” in case of Firefox is debatable, I’d rather call it “dishonest” considering the fuss they make around privacy while failing to provide better defaults.
@Iron Heart
I am not copy pasting and I’m going along with your above quotes in numbers because hey you made that easy for me since you said everything above in points.
1. Everyone has an opinion about how private we can become on web and that’s good. And so yeah privacy can be achieved.
2. Since you mentioned protection from advertisers on WWW, I think I can achieve that by hardening Firefox. Brave is not good in this regard because some websites instruct to disable adblocker which I didn’t face in Firefox in any site(Fennec I’m talking about to be precise).
3. Some people have an opinion that a Browser should be plain and simple so as to prevent fingerprinting. Chrome is that one and we can be easily tracked, I think we can agree on that. Brave by default makes changes in Canvas, WebGL, Battery and maybe some more. Surely with all these changes my Browser fingerprint becomes different from someone that is using same Device Model and using Chrome. Afterall that’s what you said about User agent and connection type that with those values not changed we would look to websites like using Chrome but having Brave privacy benefits or have I misunderstand that? Bromite by default hides device name but can’t hide connection type because its a Chromium issue. Brave also doesn’t allow to change timezone which is not ideal because I set timezone to Etc/Gmt in Bromite. That’s why I hardly use VPN in Brave. Also if you have noticed in recent chromium updates, Bitwarden can’t read site and please don’t tell me its because of security because then surely you don’t allow autofill also if its a security issue. That’s an example of a giant monopoly making subtle changes majority of users didn’t notice at first but it affected every browser based on Chromium even Bromite.
4. For which website is good and which smartphone is good, I don’t have a personal preference. I read why Firefox is good and why it is bad, same with Brave and basically everything because hey there’s no harm in it.
5. About Fennec is better over Firefox
Well I use TrackerControl from F-Droid and so the thing Firefox send from default state is telemetry data but then when I disabled it, I have yet not find any connection made to the telemetry, leafplum whatever. I then disconnected WiFi and then started Firefox again after clearing all data but I disabled telemetry before making any connections and from that moment until now I have yet not find any data sent in form of telemetry until now.
Fennec on the other hand didn’t made any connection from default, same goes for Iceraven. You’re more than welcome to give suggestions of where I’m wrong.
Also Fennec doesn’t have DRM but then Brave, Bromite, Firefox have it so I think its no big deal.
6. Default Firefox can be set to not send any data with a couple of clicks. When I saw the Brave article when It says look how many few connections Brave made compared to Firefox I think its factual but its a prime example of showing Facts the wrong way, as I said above I didn’t find anything with TrackerControl after I disabled telemetry which took 10 seconds.
I believe in one thing- what is going from my browser to website and what is coming from that way and I find Brave is good but not quite perfect in that regard. You mention why Firefox did that and whatnot, I want to know why Brave didn’t apply many more filters from UBlock origin if its working with the creator of that add-on. Afterall what’s the point of adblocker If I have to disable it in every other websites and doesn’t work perfectly especially on notorious websites(P**n ones) even with adblocker on.
Also why Brave loads optimized versions of websites when searching a website from google search. Bromite and Firefox(any fork of it) doesn’t do that.
>Hardened Firefox leaves Brave in the dust
anyway it is not worth the effort to tinker all those knobs
@Tony
Well said,
Hardened FF is indeed the technically more efficient choice.
ignore IH and madaidan BS!
IH spams that link in nearly every article! No one takes it seriously.
By the way Tony, whonix uses FF-Tor as the browser of choice. So madaidan makes no sense at all. Just theatre and drama looking for attention.
The madaidan dude does not recognise that
The less unique your browser is
the more likely you are using a more common browser set up, with a less private configuration, which is in theory far less private and secure than a heavily modified one.
Fingerprinting is rare.
And since FF can be used with “Privacy resist fingerprinting” enhancements from the tor project turned on, then you already can stop a lot of fingerprinting.
Fingerprinting sites are BS since the data set is so small.
Dont use EFF’s one because they only want you to use their privacy badger lulz. Their data set is miniscule when compared to the billions of browsers out there. Tons share the same fingerprint!
@Anon7
> ignore IH and madaidan BS!
Can you refute madaidan or can you not? I am waiting, the technical arguments are on the table, show me where he got it wrong.
> IH spams that link in nearly every article! No one takes it seriously.
…and no one can refute it at the same time, lol. I post it again because you claim Firefox is more secure than Chromium which is clearly BS, and this link simply is one of the best refutations out there.
> the more likely you are using a more common browser set up, with a less private configuration, which is in theory far less private and secure than a heavily modified one.
It’s neither less private nor less “secure” (What does that even mean in your context? Are you talking about exploit mitigations or…?). You are an easy target for fingerprinting with a heavily modified Firefox.
> Fingerprinting is rare.
LOL, nope:
“The team took a list of the top websites ranked by Alexa and ran them through FP-Inspector’s detector. They found that browser fingerprinting was present on more than 10% of the top 100,000 websites, and on more than a quarter of those in the top 10,000.”
source: https://portswigger.net/daily-swig/browser-fingerprinting-more-prevalent-on-the-web-now-than-ever-before-research
> And since FF can be used with “Privacy resist fingerprinting†enhancements from the tor project turned on, then you already can stop a lot of fingerprinting.
You are rather making yourself more fingerprintable with this, not less. You are sticking out with this, it is detectable that you are not using Tor, but a modified Firefox (And how many people do that?). That option should have stayed in Tor where it’s enabled by default and thus belongs.
> Tons share the same fingerprint!
Just no.
Why not use Linux and the LibreWolf browser? It’s FF and privacy hardened by that team. I’ve used it and it is pretty nice not having to change a bunch of privacy stuff myself.
There are several things Google can do to stop privacy respecting forks from progressing:
1. Google can privatize parts of the code so that compiling the source doesn’t result in a compatible or useful browser compared to Chrome. For example, they can move parts of the browser’s functionality online and only accessible through an API that is only accessible by using Chrome.
2. Google can modify the code to an extent that it’s unreasonable for a small fork team to handle. They can obfuscate code or make difficult changes with each build that Google’s coders have in-house tools to get around, but the fork developers don’t. They don’t have to make fork development impossible, just nonviable given the resources and time frame for each build.
3. Even if a group manages to modify the code to respect privacy, google’s monopoly on web standards can ensure that the resulting browser will be less compatible or broken on many websites. This has a knock on effect for all non-chromium browser engines.
No matter what your flavor, the walls are closing in.
@common sense computing: if Google can do all these things, why haven’t they done so? After all, they are aware of the likes of Brave and Vivaldi.
@Klaas Vaak
The takeaway here is that most people here have never written a single line of code in their entire life. Because if they did, they would know that a codebase as complex as Chromium is not the place to fight a war on. You don’t just cripple parts of the browser for the lolz, this has consequences for Google as well.
Some of the highlights:
> Google can privatize parts of the code so that compiling the source doesn’t result in a compatible or useful browser compared to Chrome.
They are currently withdrawing their services from the code base anyway:
https://blog.chromium.org/2021/01/limiting-private-api-availability-in.html
This is good because it reduces the amount of “ungoogling” that has to be done by forks, plus forks have implemented their own Sync anyway, because why would a privacy-conscious fork use the Google account platform!?
> For example, they can move parts of the browser’s functionality online and only accessible through an API that is only accessible by using Chrome.
This would be a huge and unrealistic performance hit (especially for those with slow Internet speeds, which is a big part of the world). Won’t happen for this reason alone already.
> Google can modify the code to an extent that it’s unreasonable for a small fork team to handle. They can obfuscate code or make difficult changes with each build that Google’s coders have in-house tools to get around, but the fork developers don’t.
If they don’t use internal kill switches anymore, they deprive themselves of the option to disable features in case of breaking bugs or security-related bugs. No developer would do that voluntarily, lol.
> Even if a group manages to modify the code to respect privacy, google’s monopoly on web standards can ensure that the resulting browser will be less compatible or broken on many websites.
That’s hard to do and not worth the effort. If they can’t do it via user agent, then they would have to do feature detection…
Plus, I don’t see how e.g. Firefox would be any better off there. If Google starts to use a web standard on their own websites without which those websites break, Firefox would implement it as well, so that its users are not effectively banned from Google websites. The same would be true for Chromium-based browsers that disable those features, they would have to enable them. You can’t help it as long as Google has popular service like Search, Maps, GMail, YouTube etc. under its belt, but this has nothing to do with Chromium forks. Alternative, non-Chromium browsers would be in the same boat.
This is so delusional that I really don’t want to further comment on it anymore. Common sense computing, if only…
@IH
> If Google starts to use a web standard on their own websites without which those websites break
Antitrust! You think google won’t be challenged? You don’t think there are ways around things.
Scaremongering BS! As usual from you.
Oh fingerprinting oh not the big bad fingerprint. The world has ended!
FF bad bad, fingerprint bad bad lol Thats IH for you 24/7
His knowledge around tech is a complete joke.
Chuckle.
> Google websites.
Seems our genius wannabe coder IH has failed to realise that there is literally an alternative to every single google website these days.
Whats the point in even using google websites anymore like youtube when there is so much censorship.
There will always be means and ways to get away from google.
@Anon7
> Antitrust! You think google won’t be challenged?
They won’t be challenged. Especially not if they go the extra mile and have their ideas codified at the W3C, turning them into official standards (with Mozilla’s blessing, as per usual).
> Seems our genius wannabe coder IH has failed to realise that there is literally an alternative to every single google website these days.
I realize this but also realize that they are nowhere near as popular as their Google counterparts. Due to their many popular services, Google can strongarm Firefox and anyone else, because I don’t think most FF users would accept “Well, use DuckDuckGo then!” as the solution to the problem. People want to use Google services, that’s just a reality even if you or I disapprove of it.
> Whats the point in even using google websites anymore like youtube when there is so much censorship.
Same goes for Firefox’s attitude, haha. Deplatformingfox.
The only browser that promotes decentralized concepts like IPFS is, well, Brave.
> There will always be means and ways to get away from google.
Yes, but how many people will go down that route. You seem to mistake your wishes “how the world should be” with reality and what’s realistic to do.
@Iron Heart:
> The only browser that promotes decentralized concepts like IPFS is, well, Brave.
I know you’re not a big fan, but Opera is the other – and only – browser with native support for IPFS (already live in Android and iOS, and coming up for desktop).
@ShintoPlasm
I didn’t know that. Noted.
@Iron Heart: thanks for the explanation.
@common sense computing
> Google can modify the code to an extent that it’s unreasonable for a small fork team to handle.
Exactly why i don’t trust smaller companies to be able to neutralise chromium from google shenanigans. I don’t trust chromium to begin with, it auto downloaded binary blobs in 2015 that were invasive to privacy. Debian users found it downloading crap from google.
Smaller groups have nowhere near the resources or man power to control something from google going forward.
@Anon7
> it auto downloaded binary blobs in 2015 that were invasive to privacy.
Yeah, and it is not the only one:
https://www.zdnet.com/article/firefox-tests-cliqz-engine-which-slurps-user-browsing-data/
However, Chromium forks (other than Chrome itself) neutralize this threat by replacing the URL from which those blobs are being fetched with gibberish. Step No. 1 of ungoogling, basically.
Firefox still has its similar backdoor (FF Experiments / Normandy) activated by default, hypocrite.
> Smaller groups have nowhere near the resources or man power to control something from google going forward.
Strange that Ungoogled Chromium exists, isn’t it, Mr. Speculativus?
@Anon7
So delusional that it’s not worth it discussing anything with you. Keep praying Google will keep paying Mozilla’s bills so you can keep the illusion you are using a private browser.
When you claim something is wrong, go ahead and prove it. All Google-sponsored Firefox fanboys over here and on Reddit only know to repeat the exactly same stuff. While Brave’s market share is going up, the market share of the Google-sponsored Firefox is going down, it’s that good of a browser. I can’t wait until Mozilla take away the possibility to do about:config modifications, just what they did on their mobile version, which comes with trackers you can’t disable because Mozilla loves privacy.
@Anonymous
I am debunking @Anon7, but truth be told, it’s tremendously tedious.
@IH
> I am debunking
You are debunking?
The only thing you debunk is your BS all by yourself time and time again with the odd Brave user agreeing with you.
FF has been audited by people in germany with professional technical computer knowledge way beyond your capacity.
It has been deemed a private and secure browser by technical professionals.
I will trust them over your BS anyday.
The audacity of you to lecture us about privacy anyway when you are running ads by choice.
@Anon7
> FF has been audited by people in germany with professional technical computer knowledge way beyond your capacity. It has been deemed a private and secure browser by technical professionals.
Blah blah blah… I have not yet read any refutation of maidaidan (and similar arguments raised) and even Mozilla sees these problems, hence their clumsy attempts to frankenstein Project Fission onto an age old codebase.
And as always: sOuRCe?
> The audacity of you to lecture us about privacy anyway when you are running ads by choice.
Still clinging to the false equivalency “Ads = privacy intrusion”? I thought so. You could inform yourself, but if you don’t, you are bound to repeat the same asinine statements again and again, ad nauseam.
https://brave.com/intro-to-brave-ads/
Provide details regarding the “privacy breach” you see in this concept, I am all ears.
@Anonymous
> I can’t wait until Mozilla take away the possibility to do about:config modifications
You will be waiting.
Btw i don’t care about dumbphones!
Dumbphones are a privacy invasion unless its a librem.
@Iron
I don’t think it’s worth it. The majority of Google-sponsored Firefox * [Editor: removed, please stay polite] are taught to repeat the exactly same stuff from those “privacy” communities on Reddit, which eventually makes them unable to do their own researches when it comes to other browsers. It’s easier to repeat rather than thinking on your own.
No matter how many true facts you give them, they won’t change because it’s cool to hate on Chromium-based browsers, despite Google being the sole reason we’re talking about Firefox in a present tense, and ironically it’s something all those privacy communities avoid talking about, for them Google is awful as long as it doesn’t come to Mozilla’s bills.
> Google-sponsored Firefox * [Editor: removed, please stay polite]
You are so cool bro.
Here is a correction for you.
Google-owns Chromium*
Google-does not own Mozilla-Firefox-Gecko*
You are being further away from Google when you do not use google chromium products.
Anyone that would want to see Mozilla a free software project go downhill does not care about FOSS or alternatives.
Anon7…I have a rule set in uBlock Origin,so i don’t see all this mumbo jumbo the ultimate Brave shill posts on here.He should write down my name so he can stop wasting his time,because he sure isn’t wasting mine.
@Tony
Do you also have a ruleset for the Firefox subreddit BS?
https://brave.com/why-brave-disables-floc/
“it is disappointing to see Google, instead of taking the present opportunity to help design and build a user-first, privacy-first Web, proposing and immediately shipping in Chrome a set of smaller, ad-tech-conserving changes, which explicitly prioritize maintaining the structure of the Web advertising ecosystem as Google sees it.”
“The worst aspect of FLoC is that it materially harms user privacy, under the guise of being privacy-friendly.”
“FLoC tells sites about your browsing history in a new way that browsers categorically do not today.”
“FLoC Promotes A False Notion of What Privacy Is, and Why Privacy Is Important”
“FLoC is Harmful to Sites and Publishers”
Funny, all of this is true for Brave too.
@Anonymous
> Funny, all of this is true for Brave too.
Not at all. Funny that you don’t provide proof just like all the other trolls.
I prefer Ungoogled Chromium to Brave.
@meh
Ungoogled Chromium has weaker fingerprinting defenses and can’t do CNAME uncloaking. They will be without viable adblocker once Manifest V3 hits and cripples extensions like uBO (Brave’s internal adblocker will continue to work because it’s not an extension). Those are my reasons for not using it, it’s an OK browser though.
I recommend not interacting with the obvious gHacks trolls. Just block their comments with a little script or CSS, and they disappear forever.
I won’t mention any names, but the trolls know exactly who they are, even though they will undoubtedly claim it’s everyone else.
I can’t imagine what it must be like to have so much free time, and place such a low value on my time, that I would want to waste it trolling on gHacks for years (a quick look shows that a couple of these trolls have been at it for years). Furthermore, I can’t imagine being so selfish as to repeatedly waste the time of others. I guess some people really get off on hunching over their computer monitor for hours on end just posting the same old ridiculous arguments over and over and over again.
You would think they would learn that after ranting about their bizarre ideas over and over again, and others explaining the obvious errors and biases, that perhaps they would learn that they don’t understand things as well as they insist they do.
Or maybe they are untreated narcissists who believe they are so smart and knowledgeable that they understand everything better than everyone else? Naw, that can’t be it. I can’t think of anyone like that in recent history.
Using Deplatformingfox = moral bankruptcy.
I am deaf for your whining. You deserve worse for what you are doing here.
Glad that people like you don’t read my comments. Shame that you still had to comment.
@Cone Head
Here’s my theory:
Much of these so-called trolls who proclaim extreme imparitives are religious fanatics.
Spreading disinformation is a common practice among many evil cults.
They don’t care if you believe them, they just want you to think that they believe in what they say.
For example, if you think Flat Earthers actually believe in what they say, then their preliminary goal has been achieved.
Where it gets tricky is when they spin half-truths, but a lie is still a lie, and they all clearly lie.
Firefox with always private mode, no phone-home,disable auto-anything and look-ahead, and falsing devtools works ok.
Toss in uBlock,ClearURL, and CSSexfil,and you’re doing pretty good. JMHO
Private mode what? Firefox? what are you talking about.
First, Mozilla supports censoring and deplatforming of people, so many extensions and features they added are about people giving them information to “make the web better”.
Also, unless you disable so many things, it won’t be private and being tied to Google, getting millions of millions each year, do you think they will turn off everything?
Like when they sent a push notification to android users to support Facebook boycott because “Facebook is not censoring enough” kind of garbage, do you think sending a push notification is being a pro-privacy browser? Imagine all the info Google got from it as well. So Firefox didn’t care about users and just wanted to impose their view on other users.
I can’t wait the day when Firefox will start hiding and removing site content as a browser feature, adding one more layer of censorship on top of what google and microsoft, facebook and twitter other silicon valley companies do, because they believe they are the kinds of the web and they should impose their views on users.
But talking about other privacy stuff, do you even know what fingerprinting is? fingerprinting protection is pretty bad in Firefox, but the only browser working to try to combat it better is Brave so even Brave native adblocker is better and closer to uBlock features, features that most people won’t use anyway, but they are working on them and seeing how Firefox doesn’t care about its users… do you think they will not follow Google money and implement a manifest v3 for firefox or something similar that will cripple adblocking extensions? also, running extensions vs native implementation makes a big difference.
You might love Firefox, and it is obvious fanboys have to say it loud even if this is about why Brave wrote a blogpost against Google’s FLOC and somehow some people jump and talk about other browsers or start the “Orange Lion Browser Bad” baseless arguments.
But Firefox is not private, they don’t care about the users, they want to control the web and it is the only browser company that openly supports Censorship and Deplatform while advocating for “web for all” lies, they do anything, extensions, programs, implementations that go against anything privacy, I mean, even their telemetry is opt-out instead of opt-in. Brave telemetry which is opt-out is only about crashes but Brave rarely crashes even on nightly version so I doubt it would make much use, you can even use how long that kind of data would last.
Plus… Brave doesn’t need phone numbers or emails or anything to sync between devices, while for other browsers you need to give some sort of data.
Again, stop being a fanboy, saying Firefox is better 1000 times won’t make it true when Mozilla is the most dangerous browser company today with their “we want to control the web content” while saying it should be open and free for everyone which is a big lie.
Again, are you use Firefox is not giving anyone anything or you just think so? first I doubt you completely disabled all auto updates since extensions and a bunch of features will always try to update and connect to some server, but I doubt the super privacy mode you are talking about in Firefox is impossible to achieve because they really don’t care about users. For example, Brave, when it can’t remove features from Google, it will proxy the connection like Safe Browsing or Extension updates, while google may get info, they can’t trace it back to you or do much with it. That’s the kind of thing I am talking about, you know what the browser is doing vs “I am a fanboy and I believe Firefox is better than anything else” even if they keep losing more and more users because of their actions.
If you don’t care about privacy issues, then I think Edge is the best browser now.
I tried Brave, but I didn’t like the unremovable advertising is has in that toolbar, which nags you to opt-in to those services. I get why they do do that, and sure I could opt-in to remove those nags, but I still don’t like it.
If you are going to stop using a browser because of that reason, then you really need to check stuff, BAT or Brave rewards icon can be disabled in all browsers. Some people always talk about how “oh an advertising company” but they let you choose if you want or not want to see the ads and any reminder of it. I disabled all that and I never get reminded about it. Maybe next time you should look more in the settings because I doubt you did, especially when Brave settings has the settings organized in a better way, so it is easy to find that kind of thing under Appearance.
But Edge is “better” because Edge is adding consumer features, like the Download button, The vertical tabs and all that, and they don’t care about the privacy and future of the web.
Brave is adding stuff that will help you protect your privacy and make your web “better” like recently in release they added the site blocking feature so now the adblocker is closer and closer to what uBlock is, I even saw they are testing an adblocker picker like uBlock but they disabled it quickly, they focus on some consumer features but they surely spend more time in stuff that most users won’t use like IPFS for example, not bad but for some it is not good.
It’s always the same familiar argumentative austics flooding the comments with wall of text on this site. I suppose the browser wars still rages going on, in the hearts and minds of nerds.
Fingerprinting protection is pretty bad in Firefox, but the only browser working to try to combat it better is Brave so even Brave native adblocker is better and closer to uBlock features, features that most people won’t use anyway, but they are working on them and seeing how Firefox doesn’t care about its users… do you think they will not follow Google money and implement a manifest v3 for firefox or something similar that will cripple adblocking extensions? also, running extensions vs native implementation makes a big difference.