Brave Browser's new privacy protections: time-based permissions and more
Brave added several privacy protection improvements to the company's Brave Browser recently.
One of them improves the permissions dialog that the browser displays when sites request access to certain information such as a user's location, camera or microphone.
Most Chromium-based browsers displays allow or block options in the dialog. Mozilla's Firefox web browser sets temporary permissions by default unless users check a box in the dialog. Apple's Safari browser offers a similar feature.
Brave, starting in version 1.25, displays a new option that enables users to select a period in which the permission is valid.
The options are "until I close the site", "for 24 hours", "for 1 week", and "forever". Forever works just like the allow button, but all three remaining options limit the granted permission to the specified time. The permission is revoked automatically by the browser once.
Brave notes that the all or nothing permissions approach leads to the oversharing of data as users have to revoke permissions actively to block future access to the information by the site in question.
Bounce Tracking Protections improvements
Recent versions of Brave Browser include improved bounce tracking protections. Sites may use bounce tracking to track users; this is done by adding parameters to the URL which is then passed to the destination. Facebook uses the system to track users across sites on the Internet.
Brave protected users from bounce trackers up until now by stripping tracking parameters from URLs.
Users of the browser who have enabled aggressive tracking in the browser's settings will receive prompts now when a "URL is suspected as a bounce tracker". The loading of the destination is blocked by default, but users may continue to the site or end the navigation at that point.
Brave plans to introduce the protections to all users, regardless of blocking setting status.
Other privacy improvements in Brave
Brave introduced ephemeral third-party storage some time ago in the browser which was designed to protect against tracking but without breaking sites, particularly sites that expected third-party storage to persist.
The feature caused issues on certain sites that used specific integrations, e.g. Single-Sign On. Brave cleared third-party storage of a site the moment the site was no longer open, but some workflows did not work as expected because of that.
To make sure that this does not happen anymore, Brave added a 30 second pause to the process, after which the data is removed.
The fourth and final improvement integrates new fingerprinting protections in the web browser.
- Dark Mode fingerprinting protections
- WebGL fingerprinting protection improvements.
You can check out the announcement on the Brave site.
Nice. I just wish they would add a few browsing & productivity features to distinguish itself from Chrome, like edge’s vertical tabs, opera’s workspace, flow etc.
Got to laugh at all this privacy options. There’s no privacy once you start browsing online. No matter what you do and what browser you use… They will still track you. lol
it’s not about being anonymous online (it’s almost impossible), it’s about denying advertisers free access to your data & hopefully making their unethical business model less profitable, and by that purging, bad content-creators from the web, as no one is willing to pay actual money for their s**t and need ad-revenue as a financial crutch. the future will belong to the value-4-value model, not greedy data harvesters & phony sellouts.
a adblocker like ublock Origin is all I have. Anything else waste of time. So what if this website ghacks knows my IP and what page I viewed, is that a crime? lol that’s all a browser and website knows about you. They can track me all they want. I will tell them right now…this advertisers will be bored to death with my browsing habits and in return no adds will I ever see..thanks to uBlock.
Truer words have not been spoken.
Chromium based browsers are insecure, riddled with holes and memory leaks. Here are eight zero-days USED IN THE WILD, patched this year alone
CVE-2021-21148 – February 4th, 2021
CVE-2021-21166 – March 2nd, 2021
CVE-2021-21193 – March 12th, 2021
CVE-2021-21220 – April 13th, 2021
CVE-2021-21224 – April 20th, 2021
CVE-2021-30551 – June 9th, 2021
CVE-2021-30554 – June 17th, 2021
CVE-2021-30563 – July 22nd, 2021
Browsers have the complexity of operating systems these days, every single one of them has security issues / bugs. However, just counting security issues is a thing a cretin would do, because:
– It fails to account for the severity of issues, the numbers alone don’t tell you this.
– It fails to take the popularity of software into account, Chromium is a very valuable target because almost everybody uses it, Firefox is irrelevant with 3% market share and receives far less scrutiny. Chromium is also a valuable target because it is the technology behind the default browsers of both Windows and Android, so it is also under heightened scrutiny for the purpose of breaches into the respective operating systems.
Believe it or not, eight zero-days in this year so far is NOT bad for a software with that kind of complexity and attention attached to it. Let’s take a look at Firefox / Gecko, shall we?
Ah yes, the security issues there seem to be few and far between. /s
Chromium has exploit mitigations that Firefox does not have:
As I said, counting security issues is for cretins, because, in addition to the things I’ve already said above, it also tells you nothing about the exploit mitigations that had to be circumvented / how hard the hack really was.
PS: Your nickname tells me that I am, in fact, living in your head rent-free. LOL.
If Brendan Eich didn’t get forced out, Firefox would be in a better shape today and would have all these features that Brave has and would be making money, instead of relying on Google. Their loss.
You’re assuming Mozilla does nothing but work on Firefox which isn’t remotely true. Brave on the other hand only has a hand few of other projects and therefore does not require the amount of funding Mozilla does.
Yes but all of Mozilla’s other products are shit. Except for Thunderbird but it’s not really developed at Mozilla anymore (and in fact there’s not much happening to Thundebird anymore). Their VPN is just resold Mullvad, Pocket is useless and a privacy nightmare, and their toxic political activism… well, I’d better not say what I think as I don’t have a 1st amendment in my country.
Mozilla chose a SJW lawyer instead of a Real Programmer. Her wage is doubling every year despite Firefox is losing marketshare more and more. Mozilla was about freedom in the future. It is publicly advocate “more than deplatforming” aka censorship now.
WebGL fingerprinting protection improvements are not related to privacy, but web compat instead according to their Github.
Dark mode fingerprinting protection is nice addition.
I am using Brave more and more on Android.
My favorite Brave feature: it can play YouTube videos in the background, or I if turn off the display to save battery.
I also like Brave’s concern for my privacy.