Brave Privacy update changes how the browser handles Google Sign-In requests
Brave is changing how the company's web browser is handling Google sign-in requests. The privacy change gives users more control over sign-in prompts in the desktop and Android versions of Brave.
To better understand the change, it is necessary to take a look at how Brave browser handles these prompts currently. Third-party websites and services may use single sign-on (SSO) systems for authentication. These systems, offered by Google, Facebook and other major Internet companies, offer several advantages both to the site and to the user.
Most Internet users have accounts at Google, Facebook and other major sites already. Using these to sign-up to a service is a straightforward process that speeds up account creation and eliminates the need to remember yet another secure password. Security-wise, it is often the case that these large companies offer better protective and security features.
While these sign-in options offer benefits, they do come with risks. One of them is privacy related. The big tech sites gain insights on the sites that a user uses, at the very least. Depending on how the system is designed, additional use data may also be available to the SSO providers.
Brave Browser, up until now, had a single switch to allow or block Google login buttons on third-party sites. Enabled by default, users could disable it to prevent these sign-ins from working. Under the hood, Brave blocked third-party cookies for Google's SSO system, if the setting was disabled.
When users kept it enabled, an exception to Brave's third-party cookies handling was made for all sites that used the Google Sign-in system. Third-party cookie access is needed, as it powers the functionality.
The exception is limited to URLs used for Google logins; other Google systems, including those used for analytics or ads, were not allowed.
Brave users may load brave://settings/socialBlocking in the address bar to configure the current setting.
Brave's privacy change regarding Google Sign-In requests
Starting in Brave Browser 1.51, Brave removes the setting under Soccial Blocking. The developers have created a site permission, called Google Sign-In, which handles the functionality per site.
The default permission is set to ask, which prompts users whenever a site requests to use the Google Sign-In system. As is the case with permissions, users may switch it to allow or block instead. Allow gives all sites permission to use the system, block prevents sites from using it. It is still possible to define exceptions, even if the preference is set to allow or block.
The main privacy gain for users is that the system is no longer an all or nothing approach. Now, they may allow some sites to access the Google Sign-In systems, and prevent all other sites from using it.
Brave launched several other important improvements in its browser recently, or plans to launch them. To name a few: disabling open in app prompts, a new AI summarizer in Brave Search, and HTTPs by Default functionality.
Brave considers its system for Google Sign-In prompts superior to that of other third-party browsers. The main differentiating factor is that Brave's system is specific, while the system that browsers such as Firefox, Safari or Edge use is not.
Brave plans to launch the improvement in Brave 1.51, which will be released in the coming months.
Now You: do you use Single Sign-On?Advertisement