Brave Browser

[TommyTran732]

So I have been using Brave on desktop awhile now and I think we should add it, it is pretty much the best Chromium based browser on desktop right now.

1. It does have a bit of fingerprinting randomization and it is very tolerable (in fact I don't get annoyed using it at all)
2. All of the crypto stuff can be disabled anyways, I don't think they affect security or privacy that much
3. You don't need any additional extensions - the brave shield blocks tracker just fine (yes, I know it is a bit less granular than uBO)
4. It works surprisingly well on Wayland now (was buggy a few weeks ago)
5. It inherits whatever security benefits chromium browsers have over firefox

I think the old recommendation card we had when the browser PR was worked on was pretty good. The only thing I would add is that the user can add the --incognito flag to the launch option to always launch it in incognito mode and they can also use --enable-features=UseOzonePlatform --ozone-platform=wayland to enable wayland.

Also, I am aware of the previous discussion about their business model and whatever. I generally don't care about it, and I think we should just focus on discussing the tech instead of having another train wreck of a discussion.

Pull request: privacyguides/privacyguides.org#456

[FSG-Cat]

Well I think we should consider how well it works on Windows together with how well it works on Linux because lets be real. Most of the PG audience will run Windows and not give a rats as fuck about how it works with Wayland. Tho great that we do bring up linux support.

Now lets get to a real bit of critique. Seriously brave you have to fucking configure launch params to get easy always start as private mode. I mean if you are in private mode you dont care about storing cookies and the like so then FF has the better aproatch since History Retention = NONE makes FF always be in private browsing mode. Brave common just copy FF on this one its one of the things it could do better. Yes this is a minor thing but its still valid to point out it could be better.

Also i will say that Brave has 1 plus over most Chromium browsers. They maintain their own built in Adblocking that is better than nothing but not as good as Firefox uBO but still nothing can be as good as FF uBO on chrome unless its essentially uBO for Chrome on a moddified Chrome browser that allows the Chrome uBO to do all the things FF uBO can do. (Chrome is the more restrictive browser towards extensions in the adblocking space atleast after Manifest v3)

Proper education can deal with the other problems like how TOR mode is not worth using unless you dont care about fingerprinting what so ever for example.

[TommyTran732]

Firefox when configured for no history retention automatically launches in incognito was my point.

Yeah, that sadly isn't an option with brave outside of the param. Anyhow, what do you think of the PR so far? privacyguides/privacyguides.org#456

[ghost]

I really like the preview. Seems to have included all necessary info.

[ghost]

Just one thing:

We do not believe the fingerprint protection Brave offers is not as strong as that of a well-configured Firefox.

I think this sentence is quite difficult to understand. I'm not a native english speaker...
I recommend changing to "We believe the fingerprint protection Brave offers is as strong as that of a well-configured Firefox."

[TommyTran732]

Just one thing:

We do not believe the fingerprint protection Brave offers is not as strong as that of a well-configured Firefox.

I think this sentence is quite difficult to understand. I'm not a native english speaker... I recommend changing to "We believe the fingerprint protection Brave offers is as strong as that of a well-configured Firefox."

Oh I made a typo. There is an extra "not". It is supposed to be "We do not believe the fingerprint protection Brave offers is as strong as that of a well-configured Firefox."

I will fix that right up

[HACKERALERT]

@TommyTran732 Just letting you know about the PR, you may want to include that WebGL animations will break when Brave is set to strict mode. Other than that, it looks good to me at the moment.

[namazso]

the Tor "support" they have is a terrible idea and a terrible implementation. I don't think it should be recommended because of that simply existing presents a danger to an unsuspecting user.

[FSG-Cat]

Well i assumed in my comment that the feature does 1 job and one job alone. Act as a way to access TOR and after that you dont give a fuck about the security.

[TommyTran732]

the Tor "support" they have is a terrible idea and a terrible implementation. I don't think it should be recommended because of that simply existing presents a danger to an unsuspecting user.

I will add a note that Tor on Brave should not be used whatsoever if it does end up getting added.

[danarel]

They have been hostile to the privacy community and I am still convinced they use "privacy" as a marketing slogan that gets people in the door to their product so they can sell ads and push their crypto. The fact their developers won't even listen to privacy focused community and just shut down immediately says a lot, imo.

Shady from top to bottom. Not to mention one of their largest VC funders is Peter Thiel, who is a bad enough person on his own, but also sits on the Facebook board.

[Peacock365]

A referral link is not equal to a search partnership or URL parameter.

It's absolutely the same thing, even if you don't want to acknowledge it. In both cases URLs get modified with a static referral. There is no technical difference.

A search partnership has mutual benefit to both parties, while a referral link benefits only the referrer, not the person referred.

That is not true either. Let's make the comparison, shall we?

Firefox: Gets money based on the number of Google searches performed in their browser.
Google: Gets the traffic and associated search data which they analyze and monetize.

Brave: Presumably gets money based on the number of Binance visits performed in their browser.
Binance: Gets the traffic and may get new permanent user thanks to this.

In both cases, the companies are officially partnered. You seem to imply that Brave added the referral without the knowledge of Binance, but them being official partners and the fact that Binance benefits from the traffic indicates otherwise. Binance also ran ad campaigns in Brave, I guess they wanted to know how successful these were and thus a way was needed to designate that you use Brave, thus the referral.

We can't talk about privacy unless we get Brave's ethics correct.

What ethics? If you want to discuss ethics, you would have to show me which negative impact the referral had on users. The sole change (compared to the "ordinary" Binance link, if you will) consisted of the fact that you got designated as a Brave user, not even individually, but statically / en masse (as said, all Brave users used the same referral). Again, the same happens when you perform a Google search with Firefox, Firefox modifies the resulting URL with its referral designating you as a Firefox user - the resulting URL would also totally work without the referral, needless to say. Do you get all worked up over this as well? Should we discuss the ethics of this when there is no measurable user impact? My guess is "No.", it is a monetary agreement between the companies that are partnered and the impact on me, the user, is nil, nada, zilch in practice.

They have a blog post about their search partnerships and how they mutually benefit them and the search engine. Firefox is also transparent -- their funding comes from Google. Brave? Yes, there are transparent parts, but referral links are not one of them.

Brave is also transparent, you just don't acknowledge it. They get a small commission fee whenever someone donates BAT in the browser, they get money from search deals, and there are official partner websites like Binance where they get paid for associated traffic. And no, the Brave - Binance partnership was not a secret, even if you make it out to be one. It was all on the company's blog and official announcements in advance.

They're inserting referral links without the user's consent, didn't tell anyone, and doesn't give users a way to disable it (like how you can choose DDG as default in FF).

It is not the user's consent that is required here. Firefox didn't ask my consent for their search referrals either. Only Brave Software and Binance needed to agree on the referral, and I have not heard anything about Binance not agreeing to it. Further, the "didn't tell anyone" part is not true, Brave and Binance were officially partners before. Brave Software announced it on their blog and you could have known about it, same like Mozilla announces the Google search deals. And last but not least, the "doesn't give users a way to disable it" part isn't true either, there is a clear and explicit setting for turning off referrals under brave://settings/appearance - which is more than I can say about Firefox, I am not aware of any method to turn their referral off while using Google (not that I would want to, the impact on me the user, as said, is more or less nil), i.e. without switching to a different search engine.

They're (ab)using their power to benefit themselves, whereas FF gives more users to Google in return for funding, and Vivaldi promotes search engines while getting funded. From an ethical point of view, Brave is at the very bottom.

Again, where is the "abuse" from the user's point of view? Is it "abuse" when I get designated as a random Brave user on a tiny number of official partner websites? Because that was the only difference to the normal Binance link. That is not abusive, in fact, this is a rather non-invasive way to fund the browser which users should ultimately support, since they could also monetize the browser by collecting and selling user data. Again, if you want to discuss the ethics, you would have to make clear to me where you see the negative impact on users.

As far as I can tell:

...user agreement for the referral is not required, only Brave Software and Binance need to agree on this.
...this partnership was not hidden at all.
...the referral was not hidden at all, but rather visible in the address bar.
...there is no privacy or monetary impact on the user.
...and you were able to turn it off despite it having no discernible impact.

Discuss the ethics of it, if you will, but I fail to see the issue. There is a reason why nobody complains about Firefox's Google referral code. It has no impact on the user and there are worse ways to monetize, one should advocate that this remains in place rather. Why this is suddenly an issue for Brave but not for others escapes me.

Creating a browser to promote their own coin, inserting referral links to make money off of potential BAT buyers, and requiring KYC to withdraw/convert their BAT.

Promoting their own coin is neither good nor bad in my book. If I support this coin it is rather great, if not then it is bloat which can be disabled. As for your second point, if anything, they "made money off of" Binance, and Binance agreed to it since there is mutual benefit here (see above). Firefox "makes money off of" people's searches as well going by the same definition.

When you make a search on Google with Firefox, it can be undone if you switch to using DDG.

No, that is not actually the fix. The "fix" for this non-consequential and non-essential problem would be Firefox offering a setting to turn their referral off on Google. It doesn't have one such setting, contrary to Brave. Don't get me wrong, I don't hate Firefox for not having the setting either, because I think this discussion is rather pointless, as there is no discernible negative impact a referral would have on the user.

When you go to Binance on Brave, there is no option to "disable affiliate code injecting".

There is, stop spreading nonsense.

If Brave wants to make money, well, they already have their ads. Why do this shady business?

As I said, Binance ran ad campaigns in Brave. They wanted to find out how successful those were, and Brave users had to be collectively (not individually!) identified when they visited their website, hence the referral.

Requiring the user to disable it manually means Brave's crypto is opt-out, not opt-in.

No, this is not at all what it means. Brave Rewards, i.e. the actual ad notifications, are opt-in. The triangle hints at the existence of the feature which - from Brave Software's point of view - is legitimate, since they need it to fund the browser, and users would perhaps miss it if it was buried in the settings.

But as it stands, there is no reason to recommend it over FF+uBO other than the fact that it's Chromium, but there is really no point in Gecko vs Chromium.

That's the point - recommending a Chromium-based browser is useful for people having to use either extensions that are not available for Firefox or people encountering websites that don't work with Firefox. There isn't a more privacy-respecting Chromium-based browser than Brave, other than perhaps Bromite (which is only on Android though, so not a desktop option).

[HACKERALERT]

Okay fine, I give up. I use Chrome anyways.

[Peacock365]

@HACKERALERT

Sorry if this annoyed you, and lengthy explanations shouldn't be necessary. I just don't get why you get worked up over something everyone does. I also don't get where the referral "wronged" you (or Brave users), so to speak, because only if there is a genuine, provable grievance, can a discussion regarding "ethics" take place. There has to be privacy impact, monetary impact, virtually any impact on the user, as otherwise the discussion revolves around a nothing burger...

[HACKERALERT]

I guess you're right. It's just that the whole BAT stuff that seems fishy to me. I mean, Brave is the first browser brave enough to integrate crypto so deeply. Thus, it could go very well for them, or very bad. While they may not be heading downroad, I don't think they're going up either. Thus, I would be hesitant to add it when FF is trusted and a pioneer in the space.

[Ja-ngolo]

I agree, while I've been mostly using brave for the past year or so, I still have huge doubts about their crypto integrations and advertising platform. Yeah, you can disable it, yeah you don't have to participate on that and just bock ads, but it still seems fishy.

[ghost]

We have to admit that, after disabling all the crypto stuff and their Tor mode, Brave is the best Chromium-based browser available. I think we should add it!

[HACKERALERT]

Hmm, I guess you are right about that too. The "best" browser is pretty subjective to personal preference, but in terms of being FOSS and private OOTB, Brave does do that well. I just don't like the crypto bloatware that is stuffed into it. If there wasn't the crypto stuff, I would advocate for Brave on day one.

[CZTeo]

Why not ungoogled chromium

[HACKERALERT]

@CZTeo it doesn't have privacy protection like Brave does OOTB.

[TommyTran732]

Why not ungoogled chromium

It breaks CRLSet which is important for security. Ungoogled Chromium will never be recommended until it fixes up its security.

[guardant1]

It takes more time and effort to disable Brave's crypto stuff than to install uBO on FF...

No because the crypto is opt in not opt out. Secondly, Firefox needs more than uBlock Origin these days.

[dngray]

I'm not confident in adding a product which we basically describe ¾ of it's features as "you really don't need this". There also doesn't seem to be an easy way change these things (like a user.js) which means users have to manually press all the buttons. We do know that a browser with more "stuff" has a larger attack surface.

To me it seems like they've put a lot of effort into marketing gimmicks and ticking boxes. I do think their priority is trying to develop an ecosystem around BAT, which makes sense from the perspective of trying to make their cryptocurrency more valuable. To actually get the BAT you need to do KYC, which in general I don't think is very privacy friendly.

[Peacock365]

As far as I can see, you said "How does that tribalism work for you? Downvote because I don't hate Brave and upvote @\dngray because his non-arguments were so fantastic to read? Grow up, my team - your team is for children" first.

So you scanned my comments with your razor sharp mind, looking for insults, and this is the best you can come up with? Guess I am a decent person after all, for these are not insults. If they legitimately are from your point of view, and if you are not just the bad actor I believe you to be, then I really have to ask how you managed to get by until now, if these legitimately offend you already?

I don't see what tribalism has to do with privacy, nor do teams and children

Look, @efb4f5ff-1298-471a-8973-3d47447115dc upvotes every single comment directed against me, no matter the content, no matter the quality. It just has to be directed against me (the only common denominator), it earns his upvote. Needless to say, he is not coming up with any worthwhile argument of his own while doing this. This is the definition of tribalism, this is the definition of childish behavior. What I wrote was and remains accurate (he did it again just now...), but the tribalistic and childish upvoting behavior distorts legitimate voting behavior, so I criticize him for it.

so @TommyTran732 was rightfully calling you a clown IMO.

Listen, think about me what you want. I don't care. You entered the thread with FUD that I had the honor to clean up, and you revealed your lack of knowledge about the topic at the same time, and @TommyTran732 failed to contribute anything that hasn't already been said so far. If the two of you dislike me, I think I'll manage.

If you don't accept the rules, then don't participate. Simple.

The rules need to apply to everyone. If the mod does not respect them, then I don't have to. It's called not being a hypocrite. I live by the example the mods set here, is that wrong?

But privacy and security are very much about behaviour because you need to make the decision to not use Facebook or Google.

Yes, and? The point of discussing security is evaluating what happens when something goes wrong. It is unavoidable for many if not most people at some point, and this is why a discussion of the material security is worthwhile in any case.

Can you give me a practical example where FF would be hacked but not Chromium? Good luck.

Any security issue for which Chromium has mitigations but Firefox doesn't. Example? Sandbox escapes on Android. Happy now?

Nice assumptions. But you know what? They're incorrect. I used Brave exclusively for about 6 months in 2020 before I stopped because of the bloatware.

You do realize that this is not making it much better though, and that this is not really affecting my argument, right? Fact of the matter is, you obviously don't know much about Brave, you are not even familiar with its settings which are a fairly basic part of the browser. What did you do with it? Casual browsing? Looking at the new tab page? Whatever it was, you lack awareness of the state of the browser, yet you thought you could contribute, which per se is not bad (anyone may contribute), but it's an issue when your first post already contains FUD.

I am usually not one to reprimand people, but I had the honor to clean up behind you already, and your thanks consists of malicious word twisting. I don't need to talk to you as if you are a little puppy at this point.

If you laugh at me for using Chrome, I'll laugh at you for laughing at someone who was using something that worked best for them and was the most productive.

Don't be so confident in your assumptions.

Unless you have something productive to say, don't reply again.

What productive thing did you say in your prior comment? It was pure bashing of myself, thank you for the flowers, your contributions remain at zero so far.

[merodiro]

I used Brave exclusively for about 6 months in 2020 before I stopped because of the bloatware

I also used Brave for a while but stopped for the same reason. the UI for turning all this bloat off is not intuitive unlike Firefox where it was really easy for me to turn off pocket and whatever I don't like

I would prefer that Firefox stays as the top choice because of Brave's crypto stuff

I second that. Firefox currently is the only recommended choice, but it will be nice to add a second option without changing anything about firefox

[Peacock365]

I second that. Firefox currently is the only recommended choice, but it will be nice to add a second option without changing anything about firefox

This is where I am coming from as well, kinda. There will increasingly be web compatibility or rendering issues for Firefox, but people in the end do use what works for them. Out of the Chromium space, Brave is probably the best desktop option and is leagues ahead of Chromium alternatives like Chrome or Edge (I think we can all agree on that). I don't think privacyguides.org is here to fight Mozilla's battles - while rendering engine diversity has its benefits, privacyguides.org is here to promote privacy, not engine diversity. I think the matter will increasingly become pressing anyway due to web compatibility reasons and recommending Brave as a secondary option is actually preventing people from switching to Chrome or Edge (yikes) while still being able to get their work done on websites that don't support Firefox.

[HACKERALERT]

@Peacock365 What's the point? Why are you continuing an argument that I am trying to stop? My previous post was purposefully short because I wanted the argument to stop so we could move on. I pointed out your incorrect assumption you made and clarified some topics. Then I ended the comment as quickly as possible so that we could get over it and move on. I ended the post suggesting you to not make another post targeting me to get the point across.

But no, you immediately follow up with a long post insulting:

• me (my experiences, my usage of Brave, my intelligence)
• @efb4f5ff-1298-471a-8973-3d47447115dc (for being "childish" by reacting to your posts)
• @TommyTran732 (for not contributing anything, but he created the thread with a constructive goal)
• The mods (@dngray) and their rules (if your boss sweared at you, would you swear back for revenge and lose your job? Respect people of authority, that's how society works)

You have not cleaned up this mess. You have replied with a post that is 80% insults instead. I will clean up this mess by not replying to your points and keeping this comment short and to the point. Some of your points are not correct and vague, but I will not respond to them; I will take the honour and first step to stop this mess. Argue with me all you want, but things are obvious. You've insulted a lot of people and you are not being constructive. I've at least pointed out legitimate shortcomings of Brave.

This is the end of it, I don't want to hear any more insults directed toward me or anyone else. I will not talk about you anymore and you will not insult me anymore. I don't want to see another long post of insults after writing this message -- I will report you if I do.

Now, back on track.
@merodiro Glad to hear someone with similar experiences as me :). I think we both agree that Brave can be listed, but Firefox should still reign as king. Looks like the most optimal scenario to me.

Edit: typo, grammar

[Peacock365]

@HACKERALERT

My last post didn't even contain any insult (other than in your imagination, I guess), stop this bad acting and victim playing at my expense. The only one who hurled an insult was, well, you, when you agreed that I am supposedly a clown. That was also the only thing worth reporting, so go on, report me, for I will report you in kind. The worst thing that could happen to me is losing a GitHub account that is free of charge, I am not afraid of your meager threats at all.

This whole thread here is not constructive, everything important was already said in the prior thread and is being repeated here for no apparent reason. What I said about the people you mentioned was and is 100% correct and not an insult in the slightest.

Look at your last post again, it contained zero on topic argument but rather was only concerned with me. And you are saying that you are aiming to bring things back on track? Do you even listen to yourself when you write things like this? You entered this thread with fear, uncertainty, and doubt, and I fear you will leave without having brought any argument to the table.

I am done with you as well, and would prefer if you ignored me going forward. I have wasted enough time here and from my point of view, you are a nuisance by now.

PS: To answer your question, I would not work in an environment where my "boss" hurls insults at me. But the admins here are hardly my bosses. They are random strangers I can totally do without and I am willingly sacrificing my time here because, contrary to you who has brought nothing to the table yet, I was and am trying to further this topic out of interest and willingness to help, even if you try to derail it.

[youdontneedtoknow22]

I read here and there that some people do need a chromium-based browser on their desktop. So without discussing why we shouldn't add brave, is there a better chromium-based browser? If not, It actually makes sense to add Brave in the list and telling the users that Firefox is still a better option. But for people who need a chromium-based browser, Brave is a good option.
I didn't read a lot about this, but we might want to compare it with Vivaldi for example.

[ghost]

Although it is closed-source, so it's probably out of the game.

Correction: It's partially closed source (5%), the majority of Vivaldi is open-source (95%) - Source.

[samuel-lucas6]

Vivaldi seems to be one of the better browsers, but they do ping clients to establish how many users they have and where they're located in the world, as explained here. Hopefully the upcoming DuckDuckGo desktop browser will be something that can be recommended.

[ghost]

Yes, but as they say, they remove the last octet of the user's IP address, it doesn't makes it tied to that specific person, rather a bunch of people, falling in the same IP starting digits and location, so if you aren't uniquely revealed, there's not much privacy harm.

[samuel-lucas6]

Something similar happened in Zorin OS, and that caused a minor uproar. It's now an opt-out, but it should be an opt-in. The same is true here. It's a connection that cannot be disabled as far as I'm aware, and they were supposedly going to stop doing it.

[ghost]

Yes, I agree on Vivaldi should've an option to disable it.

[freddy-m]

Have been mulling over this for a while. After some deliberation, there seems to be little reason not to list it. We want to cater to those of every threat model (see #184), and, for some, setting up Arkenfox is too complicated (or just breaks too many things). We want privacy to be simple. Regarding the issue of cryptocurrency, it is annoying, yes, but harmless. We need to be pragmatic above all else when it comes to our decisions. As a Browser, it's pretty neat. Built in ad-blocking, very simple and familiar UI to those used to Chrome. Would prefer not to list it, for reasons mentioned already in this thread, however that shouldn't matter. If it is good software, which it pretty much is, then it should be listed. IDK.

[dngray]

and, for some, setting up Arkenfox is too complicated (or just breaks too many things).

We should probably mention in the Firefox card you can use multiple profiles, as you can in chromium browsers.

Regarding the issue of cryptocurrency, it is annoying, yes, but harmless.

In the draft card @TommyTran732 and I wrote privacyguides/privacyguides.org#456 (which was moved out of the main browser legacy upgrade PR) we think we've covered disabling everything that you really don't need.

Built in ad-blocking

Which may become more important should ManifestV3 cause issues there. It's also likely it doesn't suffer from the deficiencies that extension-based approaches do. That would mean Brave would make a lot more sense than something like Ungoogled Chromium.

[Gunther0042]

I personally used hardened Firefox for browsing, but when less tech savvy friends/family ask me about privacy stuff, I recommend Brave. Ya, it has some yellow flags with the cryto stuff, but most people want a browser as similar to Chrome as possible and I don't think that there is a more secure and private out-of-the-box Chromium browser than Brave, even if it isn't perfect.

[samuel-lucas6]

Perhaps we should wait until there are more details on the DuckDuckGo desktop browser. I have recommended Brave to people in the past, but I'm far from happy with it (e.g. the bloat), and you still need to change the default settings, like with Firefox. The main advantage over Firefox is that most websites work properly unless you start using Aggressive/Strict blocking. As already mentioned, Teams is the perfect example. GitBook is another personal example that no longer works for me on Firefox due to my settings. Therefore, you can make a decent case for adding it from that average user perspective. People shouldn't be expected to follow guides on about:config either.

[ghost]

No browser is perfect, or perhaps its perfect in someone's opinion and the other is a bloatware, but even if it's extra (not required) features don't harm user privacy, then I don't have much problem in it, and even if it's abusive from a privacy stand of point, it must have the ability to disable it, which both Brave and Firefox do, so in my opinion, we can have both, and let the user decide what they want to use. Can't say about DuckDuckGo desktop browser, but hope they seem to acknowledge their own web engine security and write most parts of the browser in a memory safe language like Rust, but yeah, this is off-topic, but we'll see.

[HACKERALERT]

I agree with @samuel-lucas6 that we should wait for DDG's browser, which I am very excited for. I heard that it will use the platform's native renderer, so on Windows at least, it will use WebView2 which uses Chromium. I don't think DDG will put in any bloat at all, so if all goes well, I think DDG'S browser could be an excellent choice that will probably be better than Brave, and possibly even better than FF.

For macOS and Linux, though, Brave might still be a choice because the native renderer on macOS is WebKit, which is not Chromium, and I'm pretty sure it is the same case for Linux. We'll have to see I guess.

[ghost]

@HACKERALERT I think it'll be too early to recommend DDG desktop browser, it'll not straight up get a lot of users, and a lot of websites we'll recognize it uniquely due to it's custom and unique user agent I believe, so it'll have fingerprinting issues, and it'd need much audit in the security sphere, to see if it actually be recommended. Hope DDG could make the better between Chromium and Gecko, but would seriously wait to see how they write the browser.

[HACKERALERT]

That's a good point. If DDG desktop browser progresses well though, I think it should be put above Brave, assuming it has adequate protection. For now though, I'm okay listing Brave.

[DeiAsPie]

Brave is a good recommendation if we assume that people use it out the box as it already has ad blocking and decent fingerprint randomization. But ad blocking is not the only thing that makes a browser private if that were the case then people would have been better of with using ungoogled-chromium chromium ( has fingerprint randomization from bromite and uBO can be installed directly from github ).

A recommendation would not make sense if the users need to do more or less the same work for which they could have got Hardened FF. Besides unlike FF, Brave users would have to be warned to constantly look for new features and changes that destroy their older work.
Eg. If users did this

And then did this

Then the next time they restart the browser then all their shield settings would fall to default values as brave somehow tends to store site and shields data together

---

So I would suggest that unless the target audience is willing to find bugs, inconsistencies, or issues themselves along with disabling every new crap that brave adds very often along with using uBO to block other web based nuisance other than ads, they are better of using hardened FF/Tor for their browsing. And just for that one case where they need to make a payment and their FF would just not load the damn site just make an ephemeral FF profile.

[DeiAsPie]

In order to retain the shield settings they would also have to retain site settings. Which is not a great idea for privacy concerned users.

[DeiAsPie]

Apart from that last I checked Brave violated many of the points mentioned in privacyguides/privacyguides.org#231 especially the telemetry one.

[m77e4t]

Brave Browser creates personal ID after turning Brave Rewards ON:-

Brave Rewards for a new Brave install is OFF by default.
But if a user turns it ON even for a second (accidentally or just to look at what exactly it is) a personal ID is created by the program. Afaik, the ID cannot be removed by just turning the rewards program OFF, it permanently stays within the browser/files which may be considered anti-private in nature (due to ID). The data can be seen in brave://rewards-internals

This post is made as browser revamp issues are discussed within this community every week and brave browser is a hot topic in it. So, "if" brave browser is listed on PG website, a note should be made below it suggesting users to never turn Brave Rewards Program ON, if the user is using brave specifically for its privacy features and has a high threat level.

[Dyrimon]

Brave Rewards for a new Brave install is OFF by default.
But if a user turns it ON even for a second (accidentally or just to look at what exactly it is) a personal ID is created by the program. Afaik, the ID cannot be removed by just turning the rewards program OFF, it permanently stays within the browser/files which may be considered anti-private in nature (due to ID). The data can be seen in brave://rewards-internals

Can't this unique identifier be purged if you delete the brave wallet and disable it?

[m77e4t]

As per my research, NO. Afaik, the ID is not exactly attached with a wallet, but with the whole brave rewards program. With this ID, the entire brave rewards program functions (properly) while dealing with 3 custodial wallet providers and the internal wallet which stores fake or virtual BAT (vBAT).

[ghost]

@m77e4t AFAIK this ID is stored locally, and not collected by Brave, as you can't find this ID collected by Brave in their telemetry wiki, thus don't see any harms related to it.

[Ja-ngolo]

In the light of the reporting of Firefox creating a unique identifier for each new installation as shown in surveillance report 80. See https://www.ghacks.net/2022/03/17/each-firefox-download-has-a-unique-identifier/. I think brave should at least be considered as another alternative. And listed with the proper recommendations, mainly not using anything bat related and never using the Tor window.

I'm not very knowledgeable on the technical details of this, but If these Firefox thing is not an issue please correct me.

[d4rklynk]

Yeah and like they say in ghacks article : we should add the recommendation to download firefox from ftp servers https://ftp.mozilla.org/pub/firefox/releases/

For Brave Browser, this is the only good chromium-based out-there that is not google. I think it would be a good recommendation, because Brave is still way better than Google chrome in terms of privacy. If I was a Google-chrome power-user, or I'm just used to chrome store and all. I think I'll pick Brave as an alternative. If I see on internet that Brave browser is not recommended because of privacy, I'll just stick to Chrome.
Firefox has its own privacy problem too. And you have a lot of recommendations to disable that. For now Brave isn't yet the devil, I would still recommend it for anyone who hates Firefox and like Google Chrome.

[d4rklynk]

For what it's worth, I don't like Brave. I'm used to Firefox, I love it, and I'll probably always be on Firefox-based browsers. But still, I prefer hear someone says that he uses Brave than Google Chrome. Because Google chrome is a nightmare about privacy.

[Ja-ngolo]

Yeah completely agree there, I'm used to Firefox, I love it's UI (yeah, I know, not everyone's cup of tea), like its customization options and more. I've tried brave, and as a more privacy friendly alternative to chrome, it is VERY good. Its not gonna be perfect, just as Firefox isn't perfect.

That's to say that Firefox at least lets you change up thing in about:config to your liking, with the risk of being a bit more unique and stand out more form the crowd. But that completely depends on one's threat model and approach to privacy. Brave could be one of said approaches.

[IkelAtomig]

Time to close the Discussion as it is now live in the Website. For Reference : privacyguides/privacyguides.org#1233