162
Warning to all Brave Browser Users
(infosec.exchange)
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 06 Oct 2023
162 points (93.5% liked)
Privacy
29784 readers
865 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
Chat rooms
-
[Matrix/Element]Dead
much thanks to @gary_host_laptop for the logo design :)
founded 4 years ago
MODERATORS
Anyoneserioius about privacy should not be using a chromium browser, and should definitely not be using brave.
Firefox is safer and tbh, has probably the best UX and aesthetics out of anyone. Brave is garbage.
For incognito browsing I recommend Librewolf, a firefox fork. If you want anything more secure, you should start looking into tor
Why is librewolf superior to our of the box Firefox? Or mullvad browser for that matter?
It has included some privacy measures to resist fingerprinting like letterboxing and has more privacy focused search engines as default like searx. Also it takes out some firefox utilities like pocket which I don't really use
As for Mullwav browser I'm not really sure, it seems to be another reinforced firefox like librewolf
any benefits over Mullvad's browser?
https://mullvad.net/browser
Btw, here is a detailed, technical review. It is in German, but with transtae and all the code, it should be understandable.
TLDR: It's good.
i prefer to use librewolf as my everyday browser, while using mullvad as my browser for other things that dont require tor i like to keep things separated, personally
I'm not really sure, I haven't used it. In fairness, I only use librewolf for incognito searches, not as a daily driver
As a Firefox user, the only thing Brave does that I wish Firefox would copy is their fingerprinting resistance. I know Firefox does have fingerprinting resistance but it's nowhere near the same level as Brave.
Use privacy badger extension
No. Firefox with RFP, Arkenfox user.js, Librewolf or Tor-Browser unifies your fingerprint. Its universal among users. Brave scrambles it, while some may say that is actually not a real fingerprint and can be detected, making you stand out extremely
Just to be clear, are you saying Firefox with fingerprinting resistance used in conjunction with Arkenfox user.js provides fingerprint unification, similar to what Tor browser does? I'll have to check that out.
I think both approaches are valid tbh. Having a unique fingerprint obviously uniquely identified you, but if it's randomised then your browsing sessions can't (in theory) be linked.
Yes. Arkenfox to my knowledge is 1:1 Tor configs. Librewolf is similar to arkenfox, no real differences afaik.
For regular browsing though, this means that everything is always deleted. So if you may change some configs, you mayyy be fingerprintable.
Good thing though, different from Tor-Browser is, that it deletes everything without using the private browsing mode. This means, that it has way more capabilities, and saving session for example has no fingerprinting effect really, as favicons and cache can be cleared.
The problem with randomized UserAgent is afaik, that in firefox it cant really fake a complete, real browser, fonts and all. So it would be very nice 90% of the time, but big tracking sites would know exactly who you are
I'll look into this. Thank you for the information.
You are fingerprintable either way unless you go all out. Going full on Arkenfox/Librewolf mode (with all settings enabled that decrease convenience) you can at most fool naive fingerprinting. For the more advanced one you need Tor.
And even for naive fingerprinting, unless you use Tor or a VPN (which you would have to trust) your IP alone + the fact that you use FF (which a few % of people worldwide do) along with some other basic info about your PC will make you very unique.
A good VPN is a must of course.
The Chameleon extension could solve some of the fingerprinting issues as it can randomize the browser and OS info that is sent.
If anyone who downvotes wants to jump in and explain why instead of doing drive-bys that would be appreciated. I don't see any reason why this browser extension wouldn't be an effective tool if it does what it says.
safer?
Brave is just a shill for Google mothership. Firefox is leading privacy and security through browsers.
Firefox has a weaker sandbox than chromium and less mature site isolation and therefore has lower security. privacy is a different story, but remember you're only as private as you are secure so Firefox is inherently not that private assuming a malicious site escapes the sandbox.
I'm fully against chrome's growing monopoly as well as Google surveillance capitalism but let's not be so dramatic with the "google mother ship" nonsense.
using chromium as a base does not equal data being sent back to Google, just like using Android as a base doesn't inherently send data back to Google.
what the fuck are you even talking about my guy? do I have to say "oh I use Firefox btw" for you to decide to not be a brick wall?
i disagree ahola looks better but i still use iceraven on my phone and firefox on pc
I disagree. Firefox is fine, but saying chromium is spyware because its primarily maintained by google is like saying android is spyware.
Additionally chromium browsers are arguably more secure than Firefox, and has more advanced sand boxing. So much so that graphine OS used chromium instead of Firefox for their vanadium browser.
Only thing I agree with is not using brave.. Cause well.. They fishy.
android is spyware
Those who don't know about it go and read GNU replicantOS blog and wikipedia page
Android is not a single OS (?)
It is. Custom roms modify very little of the code and they are all based on aosp(it is open source but google controlls the changes). The whole point of aosp is to create the illusion of choice but if you really want to avoid using google spyware you have to give up on most apps or go to extreme lenghts to use an alternative. The grapheneos project is really cool and usefull but it only patches the inherent (intended)problems of android and doesnt provide a real solution.
I'm unsure you have any idea what you're talking about.
And I'm sure you only use twofish because the NSA backdoored AES when they standardized it.
what does it have to do with Google's business model being mass-surveillance, and/or them being caught several times collaborating with the NSA, the US army, etc.?
I agree that the NSA backdooring stuff is a problem too... (or even a different facet of the same problem...) Yet, one doesn't invalidate the other...
I'm just saying that collaboration with or association with spooks or glowies isn't in itself a red flag.
Many privacy and freedom granting software is made by these people.
Take Tor for example, made by the navy to hide information from the public and anonymously attack networks of adversaries.. Yet now is the NSA's biggest obstacle in mass surveillance.
I beg to disagree: the global interception capacities of the NSA in 2012 (as showed in the very few 2013 documents from Ed. Snowden that were made public) clearly were enough to routinely de-anonymize tor. By owning a certain percentage of the global internet traffic, you de facto own tor (can very precisely correlate what comes in and what goes out, and do that retrospectively when needed).
and that was 10+ years aog....
Association with spooks is a red flag, for the multiple, endless ways they have been doing their shitfuckery, endangering the general public, the exceptional US citizens, and information/communication security at large... by weakening standards, by corrupting corporations to introduce (or leave open) some bugs, by infiltrating development teams, by pressuring operators to grant full access, by breaking and entering, etc..
Anyone who doesnt see that as a problem has to be considered as part of it. Simple, basic rule.
I truly appreciate the perspective of this post. I would like to switch fully to Firefox and support the cause. Unfortunately I have a PWA addiction and that is the only thing keeping me living my shameful hybrid browser life.
Is it a weak reason? Probably. But it's an honest one. If Mozilla hopped on PWAs, I'd be totally fine bouncing from Brave and joining the Chromium rebellion.
But they’re the only ones blocking ads on YouTube for iOS 😞
You can add something like AltStore to an unjailbroken iPhone and sideload a YouTube app with adblock built in.
The only reason I still use it. I like Orion but it’s not quite there yet. Not really sure what other iOS alternatives there are to chose from.
YouTube ads are served on the same server as the video.. So they would have to filter it through one of their servers and block the elements and stream it to you.
So if you're using them for privacy.. you better trust them a lot because they would have equivalent info as google.
@themoonisacheese If you think so 🤷♂️