Brave 1.38 launches with improved Shields panel and De-AMP privacy feature
Brave Software released Brave 1.38, a new stable version of the company's Chromium-based browser, on April 27, 2022. The new version of Brave introduces De-AMP, a technology to redirect Google AMP pages to their real destinations among other things.
Brave 1.38 is already available. Most installed copies of Brave will receive the update automatically. Users who don't want to wait for it to arrive may select Menu > About Brave to run a manual check for updates. The new update should be installed automatically at this point by the browser.
De-AMP Functionality
De-AMP is part of desktop and mobile versions of Brave. It is an attempt to redirect Google AMP pages to the website that the content was published on originally. Brave Software considers AMP to be harmful to user privacy, security and the experience.
Brave redirects AMP pages automatically when they are encountered. Brave Browser parses AMP links to redirect requests automatically if possible. If not, Brave will intercept requests to redirect these to the publishers website instead.
Brave users may disable the functionality under Menu > Settings > Shields.
Brave Shields panel refresh
Brave Shields is the browser's main protective feature. It is used to block advertisement, trackers, fingerprinting attempts and other tracking techniques and annoyances on the Internet.
The Shields panel is displayed on the right side of the address bar. A click displays Shield-related information, including whether Brave's blocking functionality is active on the given site.
The panel gives users control over the blocking functionality. Users may turn off Shield functionality completely, or modify some options instead.
Brave Software added design components to Shields and switched to using the mojom API.
From a user perspective, one of the main changes appears to be that the full Shields menu is not displayed anymore by default. Users need to activate the "advanced controls" button to display customization options. A link to the Filter lists has been added to the full Shields panel.
There does not seem to be an option to load the full panel on activation of the Shields icon.
Other changes in Brave 1.38
Brave 1.38 was updated to a new Chromium build. Brave users who use the crypto-features of the browser may now connect a Gemini account to Brave Rewards.
Most changes listed in the changelog are related to Brave Wallet and the browser's crypto implementations.
Closing Words
Brave 1.38 is a solid release. The main new feature is the implemented De-AMP redirection option that is enabled by default. The redesigned Shields panel lacks an option to display the advanced controls automatically, like it was before.
Now You: Do you use Brave? What is your opinion on these changes?
Martin thanks for the headup, I allready saw it in Brave, but had forgotten the new De-AMP Functionality.
Brave is my daily browser. Vivaldi is the second one, because it is a bit too slow for me. But their sidepanel, translation mode, and their reading list offer much convience, so in Vivaldi I store all articles, video’s remarkable citations in newspapers, forums etc.
Their privacy options are good and easy to mantain.
Brave for me is very fast and good enough for daily browsing. The option to add filterlists is good. I still use ublockorigin and have 4 different profiles. Works for me. It is quite a job setting up but once done is very easy in practice. I have youtube, whatsapp, Flickr and “general” profiles.
Please don’t shoot me…
I spoke too soon. The shortcut trick mentioned above did not stop the auto-updating behavior. Even with Brave turned off, not even running, BraveUpdate.exe started spamming my out-going firewall to phone home and “update”.
There is still no obvious way to disable this. I don’t want to do a hacky way to stop the behavior. In the past I changed the settings in Services, changed settings in the Task Scheduler, renamed files, etc. There were repercussions like making it harder to manually update or having to make the changes after every update.
But thanks to everyone who tried to help. I will uninstall yet again. Maybe if Brave comes up with a native way to let the user control the update process I will try again.
@GoodMeasure
You are making life too hard on yourself in this case. Why do you rely on disabling processes which is definitely an unreliable method of stopping updates?
You already have a firewall, right? Then just block the following URL:
updates.bravesoftware.com
Block it in your router if you want to block Brave’s updates network-wide, block it in your PC’s firewall if you want to block Brave’s updates device-wide. A competent firewall should also allow you to disable notifications when a specific connection gets blocked, if your firewall does not allow for that, then frankly, it is likely crap. A HOSTS file is a potential alternative to a firewall software here.
Obligatory hint at the fact that disabling browser updates is a horrible idea due to the security updates that go along with those browser updates. The browser is one of the most attacked software classes. You also probably should not use software from a provider you wouldn’t trust to update said software without messing with you.
Thanks for the reply, Iron Heart. You have tried to help me with this before, and I had hoped something had changed. While I understand what you are saying, and I could easily do that (use a 3rd party firewall or pi-hole/HOSTS to block outgoing connections), that still leaves that process running on my PC. And that just bugs me.
I apologize for being stubborn, but Brave should allow user control.
@GoodMeasure
Brave doesn’t do auto-updates on Linux, this is all handled by the package manager of your distro which doesn’t need to be set to automatically apply updates. Brave does auto-update on Windows and macOS though. On Android, automatic updates of Brave (as with any other app) will depend on your Play Store settings.
Your point is somewhat fair, however, I would never disable updates on a browser of all things, it is a likely entry point into your system. You could take a look at Vivaldi or Ungoogled Chromium, Vivaldi allows disabling auto-updates and Ungoogled Chromium has no updater to begin with (which, however, in turn means that you can’t enable updates when you need them either, it has to be done manually there).
Systems are vulnerable to malware if they are connected to the internet and arbitrary files can alter system resources, such as occurs during a browser update. These browser creators have to realize security conscious types require manual updates while systems are offline; when it is safe to drop hardened computer defenses for an update. Anyway, this is what I am doing…
Avoiding the services and tasks nonsense by using the portable version, avail here…
https://github.com/brave/brave-browser/releases/tag/v1.38.109
Wireshark is not required, using LiveTcpUdpWatch & IPNetInfo to monitor works for this sort of analysis.
https://www.nirsoft.net/utils/live_tcp_udp_watch.html
https://www.nirsoft.net/utils/ipnetinfo.html
Add hosts entries where brave shouldn’t connect (C:\Windows\System32\drivers\etc\hosts)
127.0.0.1 variations.brave.com
127.0.0.1 go-updater.brave.com
127.0.0.1 updates.bravesoftware.com
127.0.0.1 laptop-updates.brave.com
As long as that distracting green button stays away, I’m OK. Every time I looked up to click a bookmark and saw that green button, my mind momentarily went into a different train of thought which usually included a curse word. Distractions are a deal breaker for me but so far, that shortcut seems to have fixed the green button. But even with the portable version, when the browser is running, Brave still calls home to check version numbers.
PS: I haven’t looked into it yet, but one of my protections is blocking Brave from frequently executing scripts from the temp dir.
“Avoiding the services and tasks nonsense by using the portable version, avail here…
https://github.com/brave/brave-browser/releases/tag/v1.38.109”
Wow, there are a lot of versions of Brave at that link! Which one do I want that is portable?
Thanks!
For 32 bit, this one
brave-v1.38.109-win32-ia32.zip
For 64 bit, this one
brave-v1.38.109-win32-x64.zip
Before you download it though, your original fear remains valid even with the portable version – brave forces updates even if you block update call home methods. Apparently brave uses a timer to dictate when to display that green update flag. I had been running brave browser several days without quitting it. The green update flag displayed this morning even though there was no possible way brave could know its update status. So upon wasting even more time with more research on brave, I found forced updating is an issue users of brave have been complaining about for a long time. Brave corporate forces users to take forced updates with no options to actually disable the distracting nag hag.
Wow, thanks Steve99! This seems to have done it! Brave does not seem to be going online when I am not running it!
In the past when I installed this browser it kept triggering my 3rd party firewall saying Brave wanted to go online and check for an update several times a day. I think it was a service that was always running. I tried some hacks to turn that off, but it was not very satisfactory. I don’t like extra stuff going online and phoning home all the time. I keep my browsers updated myself. I have installed and uninstalled Brave a few times.
Now, what should I do about “Microsoft Edge Update” always running in the Task Manager? I don’t even use that browser. I am still mostly using Waterfox Classic and Vivaldi.
REM Kill Brave 1
net stop “brave”
sc delete “brave”
REM Kill Brave 2
net stop “bravem”
sc delete “bravem”
schtasks /Delete /TN “BraveSoftwareUpdateTaskMachineCore” /f
schtasks /Delete /TN “BraveSoftwareUpdateTaskMachineUA” /f
The problem with Brave is how they don’t release anything relevant to improve users’ experience.
The Shields is just a skin, it doesn’t add anything important about what we had in the past. So, the adblocker’s log is still bad, using DevTools might be better but you don’t know what is blocking what.
Also, Brave doesn’t give you any freedom, they don’t let you turn off whatever internal lists you want to turn off, you have to block and run whatever they say, whatever they whitelisted like DuckDuckCrap analytics go through same as Startpage ones and many others and you can’t block them because you can’t create a block rule in adblock page for them, you can only whitelist a blocked network filter.
You don’t get access to all the features internal list do, all the scriptlets injections are only done by the internal lists and they are not the same you get with uBlock or Adguard or ABP so you will not be able to block the same you can with an extension like uBlock or Adguard.
Brave still doesn’t support procedural cosmetics and while they are aware they don’t care much, I mean, how hard is to do it? probably not easy, but if uBlock, Adguard and ABP offers it, why Brave still doesn’t?
To make people understand, procedural cosmetics are selectors the browser still doesn’t support, so Brave would have to create javascripts to create those advanced selectors, if Brave adblocker is based on uBlock origins in some ways, they should have an idea how to create them but they just don’t do it.
I mean, they took 2 years to release a mediocre sidebar so that should tell you their priorities and how they released cryptocrap wallet (and updates to it) in few months.
I mean, you can get better features in Edge, Vivaldi, Opera and Yandex, the only thing Brave has is the out of the box decent adblocker and few features here and there but for normal web browser, it is like… not great at all.
A bit OT: does anyone know if disabling the shields also makes the CNAME cloaking go away?
@Anonymous
> does anyone know if disabling the shields also makes the CNAME cloaking go away?
Yes, disabling the adblocking of Brave Shields also takes away the browser’s ability to perform CNAME uncloaking, since the browser is doing the CNAME uncloaking based on the entries of adblocking lists (which you disable when you disable the adblocking of Brave Shields).
Extensions like uBlock Origin can’t do CNAME uncloaking on Chromium-based browsers currently due to an API limitation.
@Iron Heart got it, tx!
@ShadowCarnage
> Also, Brave doesn’t give you any freedom, they don’t let you turn off whatever internal lists you want to turn off
You can control most of Brave’s lists (including custom ones you added) under brave://adblock/
Brave uses some other default lists not listed there, you can find them here: https://github.com/brave/adblock-resources/blob/master/filter_lists/default.json
If you ask me, their default lists are the bare minimum short of not using an adblocker at all, those really shouldn’t break anything for you.
> whatever they whitelisted like DuckDuckCrap analytics go through same as Startpage ones
Not blocking ads on search engine results pages is part of search engine deals. You don’t get search engine deals if you insist on blocking their ads. However, you do know how DuckDuckGo and StartPage do ads, right? They are only contextual towards your current search term and nothing else, they are not profiling you.
But if this still bothers you, perhaps for optics’ sake, by all means, there are other ways to block these ads outside of Brave Shields. For example, you can use a DNS provider that blocks those, or you can disable the adblocking part of Brave Shields and run uBlock Origin in Brave (yes, Brave is IMHO still worth it outside of the native adblocking, it also does things like fingerprinting protections, De-AMP, the browser is fully degoogled etc.)
> Brave still doesn’t support procedural cosmetics and while they are aware they don’t care much, I mean, how hard is to do it? probably not easy, but if uBlock, Adguard and ABP offers it, why Brave still doesn’t?
Because Brave is not just an adblocker, it’s an entire browser and they prioritize accordingly. Brave Shields is already good enough for most people without procedural cosmetics so it is being considered mid- to low-priority. As I said, nothing stops you from running uBlock Origin or AdGuard or even ABP (ugh, ABP) in Brave, Brave is worth it outside of its adblocker too in my opinion.
> if Brave adblocker is based on uBlock origins in some ways
It isn’t. Brave’s adblocker is a totally different implementation written in Rust. It uses some publicly available uBlock Origin lists by default but uses none of its actual code.
> I mean, they took 2 years to release a mediocre sidebar so that should tell you their priorities and how they released cryptocrap wallet (and updates to it) in few months.
OK, but that’s not the only two things they did. I paid attention and noticed that they introduced various privacy features as well, like improved FP protections, De-AMP and others.
> Edge, Vivaldi, Opera and Yandex, the only thing Brave
Ugh, all data collection hell with the exception of Vivaldi. Why do you care about tracking protection when using these browsers? They are already tracking the hell out of you themselves (again, with the exception of Vivaldi)!?
> for normal web browser, it is like… not great at all.
Depends on your needs. Most people are happy with the UI and features of Chrome, Brave shares Chrome’s UI and features (minus the data collection anti-features, obviously). Most people who use Chrome would equally be able to use Brave with the same results. If you need something else, perhaps something more customizable, you already know where to look. Vivaldi is a great option in this case.
@Klaas Vaak:
If you see that green button in Brave and you *don’t* manually click on it, is the green button still there after you restart Brave? If it *isn’t*, then I’m pretty sure that auto-update is still on.
Even though Brave is my main fallback browser (when a page doesn’t work in Pale Moon), I’m still not very familiar with its Settings pages. That said, I don’t recall ever coming across an in-browser setting for controlling automatic browser updating. To disable automatic Brave updates in Windows, you might have to change both “Brave Update Service” entries [(brave) and (bravem)] to “manual” or “disabled” in Services, and/or disable both “BraveSoftwareUpdate” tasks (MachineCore and Machine UA) in Task Scheduler. (I haven’t done that for Brave, so I can’t speak to the results or to whether auto-updating remains turned off after a manual update. I *have* used that type of approach to turn off automatic updating for *other* browsers and apps that I either don’t use very often or don’t really trust, but I’ve never had an unpleasant surprise after Brave was auto-updated. As for the apps I disabled auto-updating for, I run SUMo a couple of times a day, and I find out soon enough when an update is available and whether it’s worth installing.)
I’m guessing Iron Heart has a more definitive answer!
I’ve been away a while. Does anyone know if Brave finally allows us to easily turn off the always running auto-update yet?
Thanks!
@GoodMeasure
1. Browsers auto-update because of supposed vulnerabilities and all that.
2. if you complain about auto-updates in 2022 maybe you should learn some computing and use a firewall?
There are literally like 10 ways to turn it off. With a firewall, disabling the Task Schedulers (and services if you installed Brave as admin), with command line switches, removing the update exe… anything will make it. So, stop complaining.
Other browsers have more control about their updates, it doesn’t mean anything in the end because it doesn’t make sense not to auto-update especially if you run nightly or beta like some people run and complain about.
With any browser the first thing I do is disable auto-update. I’m new to Brave, so was displeased to see Brave’s green indicator that updates were avail (you know, look at this bright green button and not at what your trying to accomplish). That was almost a deal breaker for me. Thankfully, Brave respects their users so provides an easy method to disable auto-update. To do so, create a shortcut to Brave, then edit it to pass in this flag:
–disable-auto-update
For instance, for my box…
“C:\Program Files\brave\brave.exe” –disable-auto-update
If you are running the auto-update service, disable it for good measure and use that shortcut whenever you need to use Brave. Brave will no longer auto update nor nag you via distraction. Firefox was one of the worst offenders in this arena, with their gigantic billboard update nagging.
IMPORTANT: don’t use the above example exact. Create your own shortcut then add the flag to the end. Because all boxes are different and the example will not work on all boxes.
Notice fix, my comment got auto formatted. In that disable flag, the hyphens got auto formatted to one large dash, which is the wrong prefix. The flag should start with two hyphens followed by the words disable-auto-update.
@GoodMeasure: I am not aware of an auto-update, and in any case it can be turned off, which must be my case, because I always get a green button in the top right-hand corner when the browser needs to be updated.
I use the Dark Reader extension available here:
https://chrome.google.com/webstore/search/dark%20reader
Does the De-AMP functionality mean I can remove the “Redirect AMP to HTML” extension?
@Klaas Vaak
Yes, you can remove the extension. The browser handles this natively now.
@Iron Heart: howdy, good talking to you again. How are you keeping? Lately, you do not seem to have had too much grief from the usual suspects here, although there has been some.
Over the past few months I used Librewolf because I liked what I thought was a certain smoothness/easiness/handling of webpages. I was also encouraged by the fact that all FF’s egregious telemetry was taken out.
However, little things started to irritate me, not least of which was that I found the number of webpages that were broken by it was too high.
So, a week ago I reverted to Brave, and I can tell you that the so-called smoothness/easiness/handling of webpages was a purely subjective feeling. Now that I am back to Brave, I do not at all feel it is any less.
Cheers.
Off topic but – your screen caps of the ghacks site show wonderful dark mode pages. How can I get that? Doesn’t automatically go dark if using dark mode on my PC.
@45RPM
It depends on whether or not a website has a native dark mode. If the website naturally has a dark mode but you are getting light mode in Brave, even though Brave (or your operating system as a whole) is set to dark mode, then this might be due to Brave’s fingerprinting protections being set to “Strict” in your installation:
https://github.com/brave/brave-browser/issues/15265
You should lessen the fingerprinting protections to “Standard” as that will give you dark modes of websites again, if they natively have those. Note that reverting to “Standard” also lessens other fingerprinting protections.
If a website doesn’t natively feature a dark mode, but you want to force one all the same, then yes, Dark Reader would be your best shot:
https://chrome.google.com/webstore/detail/dark-reader/eimadpbcbfnmbkopoojfekhnkhdbieeh
Try the dark reader extension.
These recent updates to Brave are proof, once again, that the Brave Browser is The Best and Most Secure main stream browser available today.
(by main stream I mean you don’t need to know how to code to use it, and it works well on all websites)
Good Job Brave!
You’ve probably never heard of Bromite. It has uBlock built in which is way more effective than the crippled ad blocker Brave uses. It does not try to push some privacy invasive cypto trading companies on you. It does not use Google Play like Brave does, it has it’s own updater and F-Droid repo.
I think it’s funny how Brave fanboys say Brave is against Google when it is even more closely tied to Google than Firefox is. Brave uses Google Chromium, Google Play, and Google extension store but is somehow free of Google.
@Brodozer
> It has uBlock built in which is way more effective than the crippled ad blocker Brave uses.
As the comment above mine already stated correctly, Bromite does not run uBlock Origin. The only Chromium-based browser on Android that can run uBlock Origin is the Kiwi browser.
Bromite’s native adblocker by default is generally considered to be worse than the one of Brave, though this may change for you depending on the adblock lists you are using in Bromite.
> Brave uses Google Chromium
So does Bromite, and I don’t see how that is bad. Chromium is an open source project that anyone may use to create a browser, some are better and some are worse.
> Google Play
So do 99% of all Android apps, this is unrelated to Brave specifically. The Google Play Store is just an app delivery system, get over it. Use either F-Droid or better yet the Aurora Store if you don’t like Google Play. Problem solved.
> Google extension store
You mean the Chrome Web Store? Similarly to Google Play, this is just a delivery system for browser extensions. Does the connection Brave establishes towards the Chrome Web Store to auto-update extensions bother you? If so, your worries are baseless. Brave proxies (anonymizes) this connection, Google is not getting an overview of your installed extensions.
>You’ve probably never heard of Bromite. It has uBlock built in which is way more effective than the crippled ad blocker Brave uses.
That’s not correct, Bromite uses the Chromium subresource filter for content blocking, not uBO. It doesn’t even support cosmetic filtering or CNAME uncloaking
https://github.com/bromite/bromite/wiki/AdBlocking
>It does not try to push some privacy invasive cypto trading companies on you.
Neither does Brave
>It does not use Google Play like Brave does, it has it’s own updater and F-Droid repo.
You can download Brave with FFUpdater or with an APK
AMP and ‘improved shields’ (which is just a skin) doesn’t have anything to do with security…
AMP actually doesn’t even have anything to do with PCs, it only applies to mobile so it will affect really few people, like seriously, tell me when was the last time you got an AMP redirect to really care about it?
Compare features from other major browsers to Brave and you will find the experience way worst with brave… Opera offers so much more out of the box, Yandex does as well, Vivaldi even with their slow closed source UI offers a lot more, and even Edge.
Some adblocking out of the box still inferior to an extension like uBlock or Adguard or crypto updates that people complain about everyday how they didn’t get their BATs, isn’t and will never be a reason to say Brave is better.
Brave is not the browser for the normal user who just wants to browse the web, it doesn’t offer screenshot, sidebar sucks, no personalization besides color of main window.
Still no extensions store even if they say how against manifest v3 they are, so it won’t matter because if you have to use Chrome extensions store then by now Google is not accepting a non-manifestv3 extension and developers won’t be able to update their extensions in a year unless they are manifestv3. So, Brave’s position about it won’t matter, they don’t even try to support other chromium extensions store like Opera or Microsoft.
So I don’t understand the blind love about Brave, I used to use it for many years until I saw they are not focusing their browser so much on the user experience, they are only here for the money, which is fair, but when they release multiple updates about wallets and crypto and then they release a crappy sidebar and they wasted time re-skinning the Shields UI which doesn’t matter at all, then I went to use other browsers.
Brave as a company is in the flipflops side anyway, while on one side they were saying how they want to fight censorship and big tech and blabla.
They removed RT from their news sources and said it wasn’t censorship because it was to avoid trouble even if they weren’t asked to do it by any government, they also said they will do what any government says about censorship and the ‘goggles’ system in Brave search is pretty much going to make censorship worst since government can use it to do that even worst than they already do it.
So how can you trust a company like that? They don’t release updates to improve the experience, they don’t fight censorship and are just like others, they keep building their crypto empire full of bugs where people complain about them every single day and how they didn’t get the BATs, so they are stealing people’s money apparently, if people see the ads and they don’t get the promised money, and unless they fix it, it will be a scam, but they have had 5 years and no fix yet.
While the synching had a nice idea to avoid sharing your personal information like name or email or phone number, it is buggy and barely works. Plus they still use AWS for their servers, so all your information (while encrypted, supposedly) is stored in Amazon’s servers, which is strange way to promote privacy.
They have done a lot so supposedly google can’t track you when you update extensions and stuff like that, but to be honest, that will never be a real reason to not use another browser with better features like Opera offers with VPN and screenshots and adblocking out of the box as well, and workspaces and a useful sidebar etc etc (not going to talk about operaGX, which offers some nice features but I don’t use it because it is dumb the ‘gaming’ neon crap)
@SilverMob
There’s a lot to unpack here, I’ll limit myself to your key sentences.
> AMP actually doesn’t even have anything to do with PCs, it only applies to mobile so it will affect really few people, like seriously, tell me when was the last time you got an AMP redirect to really care about it?
AMP 2.0 will be for PCs also. And on mobile, especially news outlets are using AMP, so it is not hard to run into an AMP link at all.
> Compare features from other major browsers to Brave and you will find the experience way worst with brave…
Well, Brave’s focus is not customization. If you want to heavily customize the UI, use Vivaldi or perhaps Firefox (with CSS tweaks). Brave’s focus is privacy protection on the web and introducing a privacy-preserving ad delivery mechanism (Brave Rewards).
> Some adblocking out of the box still inferior to an extension like uBlock or Adguard
I doubt it. When I still ran uBlock Origin here on Brave (you can do this, btw, if you really are unhappy with Brave’s adblocking), it didn’t block anything more than Brave Shields.
> Still no extensions store even if they say how against manifest v3 they are (…) So, Brave’s position about it won’t matter, they don’t even try to support other chromium extensions store like Opera or Microsoft.
Did you actually take a look at Opera’s and Microsoft’s stores? Those are ghost towns compared to the Chrome Web Store. So obviously having your own extension store is likely a failure going by experience. Plus, you can actually install CRX files from other sources as well, not just “official stores”.
Last but not least, what would you download from a hypothetical Brave Extension Store that you can’t already find on the Chrome Web Store? An adblocker? Brave has an adblocker, so that would be moot.
> they are only here for the money
They are for-profit, yes. I don’t begrudge them their profits if they can really succeed with a privacy-preserving ad delivery systems. Ad networks (main one being Google) are the cancer of the Internet, and collecting and processing user data is their business model. Hopefully Brave can be a part of stopping this. I think it is also important that they are financially self-sufficient and don’t just leech off search engine deals and are thus beholden to one benefactor, like Mozilla is.
> I used to use it for many years until I saw they are not focusing their browser so much on the user experience
They deliver in areas where they’ve promised to deliver, that is improving user privacy on the Internet and developing a privacy-preserving ad delivery mechanism. That’s it. Brave is not about UI customization, you have Vivaldi or Firefox for that.
And that they were only developing the crypto features and the sidebar recently like you claim, is not accurate at all. They have also introduced defenses against font & language fingerprinting, this D-AMP feature, they have dealt with Google Topics etc.
> They removed RT from their news sources
You make it look like they received some mean looks and immediately removed it out of fear, but that’s not accurate either. The EU has decided to ban all forms of RT broadcast. So they were legally obliged to remove it since they are doing business within the EU – if they hadn’t, I am sure there would have been consequences, since being part of a default selection of news sources most certainly counts as “broadcasting” RT.
It is what it is, there were legal reasons for the removal. If you want RT to be part of your default news sources, you can still add it back yourself. It’s just no longer part of the defaults for the reason mentioned.
> where people complain about them every single day and how they didn’t get the BATs
There is this common misunderstanding that when you select “Show me up to 10 ads per hour” in Brave, Brave is obliged to show you 10 ads per hour + the associated BAT, not any more or less. That’s not how it works. Brave analyzes your browsing locally and picks ads from a general list of ads (downloaded for all users). If your interests hardly match any of the ads, you can maybe be shown 1 – 2 ads per hour even if you selected “UP TO 10 ads per hour” (“up to” already implies that it can be less depending on your interests, in how far the y match with the ads). I think people are ignorant regarding how this works and are then complaining.
> Plus they still use AWS
As does half the Internet, hosting your own server-infrastructure is expensive too. How does this matter? Brave’s sync is end-to-end encrypted, Amazon is being used as a cheap storage provider.
> use another browser with better features like Opera offers with VPN and screenshots and adblocking out of the box as well, and workspaces and a useful sidebar etc etc
Opera is blatant spyware and got bought out by a Chinese company a few years ago. You may find some of Opera’s features neat, but from a privacy perspective, it is crap. They are likely collecting user data on their VPN (hardly more than a proxy) as well if their browser already does this too. I can recommend Opera to absolutely no one.
PS: If you want a halfway decent VPN: https://www.privacyguides.org/vpn/
Your cheer leading is appreciated but the German government says differently.
https://www.zdnet.com/article/germanys-cyber-security-agency-recommends-firefox-as-most-secure-browser/
But don’t worry I’m sure some random blog written by some self pro-claimed “security” researcher will say what is in their best financial or political interests.
Remember to send a picture of yourself holding your national id card to get that uphold account brave wants you to open because privacy.
@Aluminium
1) This article is from 2019, three years ago.
2) Look at their criteria. They check whether browsers nominally support various features, some of which don’t even have anything to do with security.
4) The reality of Firefox’s security: https://madaidans-insecurities.github.io/firefox-chromium.html (which is actually an in-depth look at the code unlike the superficial check list the BSI did)
Lol, still falling for madaidan. Year old stale coffee and links to articles from 2015. Real dangerous stuff there!
Reminder about real facts:
https://www.cvedetails.com/product/3264/Mozilla-Firefox.html?vendor_id=452
https://www.cvedetails.com/product/15031/Google-Chrome.html?vendor_id=1224
https://github.com/gorhill/uBlock/wiki/uBlock-Origin-works-best-on-Firefox
@Aluminium @Frankel
Wow, such a gargantuan amount of BS. I mean, I usually reply to comments even if I consider them to be stupid, but your stuff is making even me weary.
> The blog link has some issues, stop spamming people with it every time someone dares question the glory that is Google/Brave.
Well, if you can’t refute any of the blog’s contents, of course the next best thing you can do is to attack superficial aspects like a private blog not meeting scientific criteria. Kind reminder that this is a private blog, and I don’t really think you are interested in these criteria either, it’s just the best you’ve got at this point.
I think the content of the blog is sufficient ot inform the vast majority of users of the actual security of browsers, and even though it repeatedly comes up even in Firefox forums and the FF subreddit, nobody has come up with a credible refutation of the actual content. It’s pretty telling.
And Chromium (and therefore Brave) being more secure than Firefox has nothing to do with any supposed “glory” (LOL). It’s either more secure, or it isn’t. I want to discuss the facts and not “glory”.
> The citations are not properly done in any recognizable format. Many of the references are from twitter feeds, not research papers.
It’s a private blog, what do you expect? Nevertheless, a research paper would tell you the same thing. We both know it.
> Many of the people quoted work for Firefox competitors.
How does this render the information incorrect? If it was incorrect, you could refute it. Silly mudslinging and looking for excuses on your part.
> He also does not disclose any conflicts of interest he may have personally.
He is a developer of Whonix. Do you know what Whonix is? Hint: Whonix has to use Tor, and the Tor Browser Bundle. The Tor Browser Bundle is based on Firefox. So if anything, madaidan should be biased towards Firefox.
> He does not disclose his methodology, all his conclusions are theoretical. A credible researcher would disclose such things.
It’s a private blog. And I think you are looking for excuses because you can’t actually refute anything he says in reality.
> He also seems to think sandboxes are the be-all and end-all of security.
No, you should actually read the article. While he discusses the sandbox, it is not all the only point he discusses. Silly strawman of yours.
> I get Chrome has a majority of the market, like IE did back many years ago, but IE did not have nearly as many 0-days in its heyday.
IE in its heyday also supported below 10% of the web standards Chromium supports today. If you don’t support anything, this reduces the attack surface of course. Invalid comparison.
> I disagree with his and your assertion that browser mono-culture is a good thing just because it has a sandbox.
In the end, I just let the better product win. That’s it. If Firefox can’t compete then it is and should be on its way out. And that Firefox is less secure than Chromium has nothing to do with browser monoculture, what does Chromium have to do with the base security of Firefox’s code? Answer: Nothing.
Chromium is open source and has to remain so due to licensing requirements (and because it benefits from outside contributions). Anyone can base their browser on it. I don’t see a problem with it being the dominant browser. Chromium derivatives are like Android ROMs and so far, as far as phones are concerned, we have managed without Linux phones (which is what Firefox is in the browser world by comparison). There is simply no reason for Linux phones to exist when Custom ROMs exist. So it is with Firefox.
> I think the author is too short on details but just for fun, here is a link saying that Firefox is the most secure browser because of its sandbox.
Nice Firefox ad, however, madaidan addresses this in his blog and the current sandbox implementation is still inferior to Chromium’s implementation. I wouldn’t outright call the content of the article you posted fake news, because Firefox got better than it was before, but the headline is definitely misleading at least.
> Here is another link explaining the importance of knowing who is supporting security researchers to come up with their conclusions and why methodology and full disclosure is important.
Again, you are discussing about the person of the security researcher… Why? Just address the points he raises if you think you can. And as I said, since he is a Whonix dev, if anything, he should be biased towards Firefox. I also doubt that a project as respected as Whonix would promote Google (they don’t, actually, they are discussing the Chromium open source base, not Google Chrome).
> The original Mandalorian link is from 2020, two years ago. He makes the exact same rants about sandboxes as he does now.
Mandalorian? Really? Trolling the nickname of the Whonix dev because you have zero arguments to offer against him, that’s fairly pathetic. And yes, in his “rant” (calling factual information a rant, LOL again) he stated the same thing in 2020 and is still stating it now because the problem STILL PERSISTS. Why change it when it’s still true?
> Your past posts used the same criteria, albeit with a different conclusion
No, I never post superficial comparisons.
> Use a better researched, less biased source. The German source has less reason to be biased.
How is it badly researched? How is it biased (if anything, he should be biased towards Firefox because that’s what Tor uses)? You can’t answer these questions yourself.
And the BSI report you posted is not a source in my opinion. It is superficial trash. As I said, they look at some criteria, e.g. “Does the browser have a sandbox?”. If there is a sandbox, then they check their checkbox and move on. They never compare the implementations themselves in any kind of depth, which is not surprising, since the “comparison” you’ve posted was undertaken by bureaucrats and not developers, and yes, it shows. Your source has neither credibility nor legitimacy because it totally lacks methodology, it lacks any kind of depth, it’s just a superficial checklist that you misleadingly post here.
@Frankel
Now that I’ve dealt with the Bs claims from @Aluminium, I can come to your uninformed nonsense.
> Lol, still falling for madaidan. Year old stale coffee and links to articles from 2015. Real dangerous stuff there!
The article was last updated on March 19th, 2022, but OK, whatever you say. If you want to bash the article at least get your facts straight.
> Reminder about real facts:
LOL, those are your facts? CVE counting, a method of amateurs that fails to account for the popularity of the software attacked and the actual severity of each given issue? Really? So you are telling me here, that Firefox with its meager 3% market share attracts less scrutiny and less interest from the bad guys than Chromium with its 80% market share? Is that your argument? If yes, then how is this related to the base security of the actual Firefox code? The more popular software will always have more CVE if the difference is as large as it is here, this proves nothing.
Your second “source” is gorhill’s Firefox promo piece where he says that the Firefox version of his extension is superior to the Chromium version of his extension. He ruminates the known fact that there are greater limits on what extensions can do on Chromium, which would include adblockers. The question is… A) What does that have to do with browser security? Like, at all? and B) Why should I care as a Brave user? Brave has an adblocker, I don’t need to care about the Chromium version of uBlock Origin and its limitations. The native adblocker of Brave does CNAME uncloaking, for example (which gorhill says his uBO on Chromium lacks). I don’t give a shit, because why would I?
1) The original Mandalorian link is from 2020, two years ago. He makes the exact same rants about sandboxes as he does now.
https://web.archive.org/web/20201001000000*/https://madaidans-insecurities.github.io/firefox-chromium.html
2) Your past posts used the same criteria, albeit with a different conclusion
3) Use a better researched, less biased source. The German source has less reason to be biased.
The blog link has some issues, stop spamming people with it every time someone dares question the glory that is Google/Brave.
The citations are not properly done in any recognizable format. Many of the references are from twitter feeds, not research papers. Many of the people quoted work for Firefox competitors. He also does not disclose any conflicts of interest he may have personally. He does not disclose his methodology, all his conclusions are theoretical. A credible researcher would disclose such things.
He also seems to think sandboxes are the be-all and end-all of security. As long as you have a sandbox, then nothing else matters. If that was true Java would be the most secure software on the planet, Sandboxie would rule the world and Chrome would not have so many 0-days in such a short period of time. I get Chrome has a majority of the market, like IE did back many years ago, but IE did not have nearly as many 0-days in its heyday.
I disagree with his and your assertion that browser mono-culture is a good thing just because it has a sandbox.
I think the author is too short on details but just for fun, here is a link saying that Firefox is the most secure browser because of its sandbox.
https://www.techrepublic.com/article/the-new-firefox-95-might-be-the-most-secure-web-browser-on-the-market/
Here is another link explaining the importance of knowing who is supporting security researchers to come up with their conclusions and why methodology and full disclosure is important.
https://www.computerworld.com/article/2500372/researchers-accuse-google-of-plotting-to-undercut-firefox.html
Thanks for being on the ball, Brave.
Lot to likem except..
Brave Shields panel refresh requires one more click to see WHAT links are being blocked, that makes up to 3 clicks as one have to click a 2nd time only to unfold the FULL view of the Shields panel, sounds trivial but clicking so many times every day on kind s of things, including users like me who constantly wants to see what links are blocked, this change sucks!
@BRAVE DEV TEAM
please fix this, thanks.
@click suckers
Put the following two entries into the address bar after each other and press Enter:
chrome://flags/#brave-shields-v1 –> Switch to “Enabled”
chrome://flags/#brave-shields-v2 –> Switch to “Disabled”
Then restart the browser. Problem solved. No idea how long this workaround will be operational though.