Home | News | Download | Packages | Forum | Wiki | Github

Recommendations: Webrowser other than Firefox


#41

Brave forks Chromium with privacy/security mods;

Why Brave? I think Iridium is.

Edit: ooh, I get it, Iridium is just cleanup version of Chromium, no mods added


#42

I mentioned Iridium in my previously discussed thread. It’s a good choice but if you ask me why I think Brave best read post 7 there.


(Steve) #43

Alphabet, and by extension Google, is arguably THE most untrustworthy company on the face of the planet. I find it extremely hard to trust anything they put out, including gmail and Chrome/Chromium. I’m not the best coder, but I would have to go through line-by-line their Chromium code before I trusted that browser, or anything based off it, security enhanced or not.

You can put a skirt on a pig, but in the end, it’s still a pig. That’s an allusion to Alphabet/Google/et al., in case you’re wondering! :stuck_out_tongue:


(Steve) #44

Brave doesn’t block ads well, in fact, many people have been requesting uBlock Origin as an addon.

Also, you cannot change the visited link text. I cannot find anything that allows one to disable WebGL, WebRTC and many other security problems.

This is not a secure browser; saying that it’s more secure than Chrome/Chromium isn’t saying much.

Here are a couple of screen shots showing difference between Brave & PM.


#45

As a rule, I like to recommend Qupzilla, but for some reason I cannot log into the Void Forums when I use it. :confused:

Other than that, it is a great browsers


#46

Your ad problems are simple to solve with Privoxy, if Brave doesn’t do if perfectly for your taste buds. Brave has dials for ad blocking. You can dial up and dial down. You can earn bitcoin for watching ads or turn them off.

At least Brave accepts the issues people file. Palemoon, not so much. Your perspective is mightily warped. There’s a tor dev on the team for the love of all things holy. If you think Palemoon with its history of brushing off security complaints is better, good luck with that, captain.

There’s a world of difference between Chromium and Chrome. The story isn’t ideal but Chromium with all its github forks and general activity has lots of eyeballs on it. Palemoon, not so much.


(Steve) #47

That ads test was with Brave’s settings at maximum; and, no I don’t like Pale Moon, either. It’s the best I’ve got though, after Firefox became so lame. If you take a look at the links I posted to Brave’s forums/git page, this is an issue that is well known, and even the devs discuss it.

Saying that there are a lot of eyes on it doesn’t really say much. Remember the bash exploit, Shellshock? How many sets of eyes had went over that for how long? According to Wikipedia, it had existed since 1989, bash 1.03.

I’m still looking for a fairly good replacement that can be made secure. There don’t seem to be any browsers that are able to be made as secure as (we thought) Firefox was.

Qupzilla, I’ll have to try that one out.

Edit: Google got caught and had to backpeddle on at least one Chromium security issue. This addon seemed hidden by design, as it did not appear in the addons page.


(Steve) #48

Brave Browser is definitely not secure. It bypasses system, or even router, DNS settings to contact Amazon’s DNS. I used Wireshark to capture the data.

Just a heads up.


(Luke Mulks) #49

Hello, I work at Brave.

Love seeing the recommend.

We are support 32bit Windows, but it is correct that the remaining OS support is 64bit.

That said, if you have an OS profile you would like to see Brave supported on, please copy paste or DM and I can have the team dig into it.

Couple of notes as I scroll top down on this thread, just as an FYI to onlookers:

  1. We block 3rd party ads and tracking by default.
  • we use a mix of methods to block ads: EasyList, custom filter list, site hacks, css injection overrides, and have regional block list and manual custom filter options.

  • for tracking protection, we use a mix of custom filters and disconnect.me by default. We are also experimenting with a stronger variation of ITP with more teeth.

  • the above are default global settings. We also have site level blocking controls and can range from block nothing to block all cookies of the user chooses.

  • we also have optional fingerprinting protection.

  • HTTPSeverywhere is enabled by default.

  • we do not enable flash, and if users choose to opt in to flash we require they go with the least dumpster fire approach as possible, but we essentially really discourage it.

  • we disable DRM, and do not like DRM, but do offer the option to opt in to Widevine for users that need it.

  • we are working on a Tor private tab integration.

  • we prompt the user prior to full screen playback and employ other defenses.

  • we are really good on mobile too.

  • we have DNT support, but it is not enabled by default. That said, DNT bets on promises that 3rd parties with an interest in tracking you don’t track you, many of which are also actively lobbying against privacy protection. Prior to Brave, I worked in digital ad products and ops for a long time and I can say with a high level of confidence that 3rd parties can easily get around DNT and many don’t follow thru on the promise. IMO, DNT is a nice effort, but not enforceable or monitored with any teeth. I like that it is around, but do not like that it almost provides a false sense of security or privacy protection. Just my few cents there, but we do have the option to enable DNT. We go beyond it by blocking tracking out of the gate.

Brave is open source, and when issues come up with ad blocking, webcompat, anything we work hard to fix and welcome bug reports. We also have a solid dev community in github.

We have a solid team of nice people that really care about privacy, and are working toward mainstreaming privacy protection with performance and a solid browsing experience. A lot of Linux users on the team, happy to pass along any requests or Linux feedback.

I know this is a bit of a novel, and am happy to help with questions etc if people have any.


(Luke Mulks) #50

If you believe you’ve found a security issue in our product or service, we encourage you to notify us at https://hackerone.com/brave or security@brave.com.

Please provide a capture along with the report. Happy to address any concerns and clear anything up. We take security seriously.

Note: edited to include support URLs and re-ordered capture text to include with report.


(Luke Mulks) #51

Fingerprinting Protection in brave blocks webRTC.
More on Fingerprinting protection. https://github.com/brave/browser-laptop/wiki/Fingerprinting-Protection-Mode

We block 3rd party ads by default. We allow first party ads from the same domain, provided that they do not proxy to a 3rd party ad request. We are working on options to allow element blocking in browsing context to match the uBO feature, but our position is that we support publishers and 1st party ads from a publisher from the same domain are no more of a risk than site-served images. We investigate questionable cases as they arise and apply custom blocking as needed.

We work to continuously improve on this ongoing, and release updates weekly.

If you have specific security issues, we have a bounty program and I am also happy to route into queue directly for investigation.

We also curate extensions to ensure we avoid security risks, and can block and apply stronger security from higher levels in the browser architecture than extensions can.

It’s laughable that Firefox is considered more secure or privacy protecting, especially given Google analytics and Cliqz issues of late.


(Steve) #52

Thank you for your reply, I appreciate your time. I have an open request in Brave’s forums about the Brave Browser using Amazon’s DNS server. It apparently cannot be changed in the browser, and, more importantly, this behavior is contrary to my network/system DNS settings.

Hope that information helps. I am in complete agreement about Firefox being insecure; the older versions of FF could be made to be privacy/security aware; however, Quantum, so far at least, is less so. But, the more I read about Brave, the more I believe it is insecure, as well.

Also, see my link above about the ad problems with Brave, compared to uBlock Origin. There really is no comparison. I’ve seen where some of the Brave devs have acknowledged that ad blocking is definitely an ongoing development priority.


#53

:-1: ads are :face_with_symbols_over_mouth: (censored)


(Masato the Empty) #54

Ads pay for servers and bandwidth.

Though I’m not sure I particularly trust any particular gatekeeper that decides what ads are OK and what ads are not, other than myself. (My policy is to block ads with a broad stroke on sites I have no intention of frequenting, and allowing them for those that I do. As long as I don’t feel a particular adhost is abusing my good will. And in general, one can tell when he’s being abused).

I’d at least want to be able to override the decision of the browser or plugin-maker as to what ads I put up with, first party or not.


(Steve) #55

If ads were just that, advertisements, then I don’t think that I would have as much problem with them as I do; however, Internet ads are primarily tracking apps capturing MY data with only implied consent, not explicit consent. It’s that specific fact with which I have a problem.

If they want to pay for bandwidth, then ask me to donate. For example, I’ve decided to stick with Void Linux; previously, I had been using SUSE for years, until I had a problem with systemd (well, many problems, and many of those were technical in nature). After the New Year’s, I plan on taking that money I would have spent on SUSE licenses and giving it to Void. That will pay for my non-ad access to Void’s repos, even though they offer them for free, I do not mind paying for something from which I get value.

duck ads, as they are designed they’re privacy invading tools to gather telemetry and data rather than as a tool to promote a business. At least, that’s been my experience.

ON TOPIC: Waterfox seems to be the best bet so far, I’ve not got any answers from Brave, neither here nor on their forums that address DNS concerns, inability to block ads, etc.; so, for me it will be Waterfox for now, either that or the console-based text-only browsers (lynx, links, et al.), which do not have a lot of the security holes built in.