> But Brave whitelists Facebook and Twitter trackers!
> This is only partly true. Brave whitelists some Facebook and Twitter trackers because blocking them outright would break buttons on some websites (e.g. the Facebook like buttons). Brave is meant to be easy to use, breaking a lot of websites is not easy to use. Brave was never meant to be a max privacy solution.
> The whitelist is now optional and can easily be disabled in the settings.
Opt out features like this don't respect your privacy.
If nothing has changed over years this is just not how it works. As long as like button and it's scripts present on page Facebook will be tracking you. You dont need to click on button to activate it and this is the problem.
we have fb like buttons at work (which gets disabled by the fb container extension), but using the js version is a choice (by the website operator). An fb like button can be a normal link with certain query parameters which we have used for years.
If I am going to use Chrome/Chromium then I am just going to use Chrome/Chromium and spend 10 more seconds and install ublock. No reason to use a themed Chromium by a company that literally announces itself to investors (among which Peter Thiel who has obviously personal issues with Google founders) as an advertising platform with a cryptoscam if it didn't work.
I'm not too sure what ublock does entirely, but it seems to focus more on blocking content of the site. Like images, iframes, scripts, etc.
Chrome does a lot of calling home. Like, a LOT [1][2]. For example, it checks sites are "safe" (as according to Google's standards) running every website you visit through their servers.
uBlock is the go-to "it just works" ad-blocker for Chrome. Everyone used to use AdBlock Plus, but then they started running a protection racket where advertisers could buy whitelisting.
> Chromium is open source and all Google tracking can easily be disabled. Brave strips out all of this by default. Remember that Chromium is not the same as Chrome.
Sorry, but this is not a satisfactory explanation to me. Brave is marketed as the pro-decentralization/good web citizen browser. Yet, it uses Chromium, which contributes to Google’s dominance over the web — pushing developers to further neglect Firefox and other browsers as a target.
Also, where is Brave’s innovation? I see none. Instead, I support Mozilla.
A key part of why Mozilla succeeded in somewhat resurrecting the web was that it was good, when compared with Internet Explorer.
Firefox is slow (especially on Linux) when compared with Chromium. The Firefox UI is more complex and not any more powerful; the excuse used to be that they supported more deeply-integrated extensions, but that's mostly dead now. With regard to "dominance over the web", Firefox is riddled with compliance bugs and misbehaviours, many of which go unaddressed for years, these bugs and incompatibilities have forced me to disable features for Firefox users, or find workarounds, over the years.
> Also, where is Brave’s innovation? I see none. Instead, I support Mozilla.
Where is Mozilla's innovation today? They maintain a broken, slightly-differentiated Netscape clone, and have an unmistakable chip on their shoulder; but there is no substantial benefit to using Mozilla, and there are some serious drawbacks that Mozilla could avoid if they cared. Brave is at least doing something interesting, with an innovative compensation model which has some hope to reduce reliance on surveillance-driven advertising, and they put a Tor client in the default distribution (even if the browser does not implement some of the anti-fingerprinting measures that Tor Browser does).
On top of this all, Brave is differentiating on what matters, rather than taking up the pointless task of maintaining similarly-licensed, lower quality implementations of various web standards. If Google gains power over the web with Chromium, in some vague way, then Mozilla's power move would be to base Firefox on Chromium (or at least fork Chromium). Rust is a spectacular thing they've done, but at the end of the day, any argument for using Mozilla should begin with a long list of positive characteristics of the product, and not with vague platitudes about implementation diversity.
> Firefox is slow (especially on Linux) when compared with Chromium.
People tell me this, but I genuinely can't tell the difference between Chrome and FF's speed on linux. Both feel equally fast to me. My only real complaint about FF on linux is a lack of hardware video decoding.
> Mozilla's power move would be to base Firefox on Chromium (or at least fork Chromium)
> People tell me this, but I genuinely can't tell the difference between Chrome and FF's speed on linux.
It's pretty apparent in "web apps" - plenty of SPAs grind Firefox to a halt and not Chrome. The other major win for Chrome is battery life on laptops. I know it's getting better for FF, but it's still not that close.
Safari actually does the best on (nearly) any hardware you can convince MacOS to run on, but they broke extensions recently so it's not viable for me anymore.
It's pretty apparent in "web apps" - plenty of SPAs grind Firefox to a halt and not Chrome. The other major win for Chrome is battery life on laptops. I know it's getting better for FF, but it's still not that close.
Is this because you're on Mac OS? Firefox has always had Mac as a third-class OS, especially since they started pushing Metal. I can't remember the last time I had Firefox crash, grind to a halt, or even stutter.
> People tell me this, but I genuinely can't tell the difference between Chrome and FF's speed on Linux.
It's a bit hard to compare, and part of the difference in perception is Firefox's weird animation function for smooth scrolling on stepped scroll wheels (it takes longer, and feels unnatural). Firefox regularly hitches on webpages that never miss a frame in Chromium-based browsers for me (and several other people share this experience, anecdotally, as you mention). When looking at most decent benchmarks, there is a clear quantitative difference, if anecdotes are not your jam. I've never gathered metrics or frame timings for both Firefox and Chromium, but I don't see why it would disagree with my experience.
In my experience, slightly interesting CSS on documents, or scripts and layout on SPA-style applications, can cause Firefox to miss hundreds of milliseconds of frames. I've become accustomed to 144/165Hz with few or no missed frames, while I noticed Firefox missing frames even when I was on 60Hz monitors.
> My only real complaint about FF on linux is a lack of hardware video decoding.
Generally speaking, this is of little to no importance on a laptop or desktop. But yeah, that is a bit of a bummer.
> You can't be serious.
I'm fully serious; you won't convince me they wouldn't come out ahead, without some hard reason.
There's an unstable and unofficial patch some people use, but no upstream Chromium does not. This isn't a "Chromium is better than FF" complaint, just a complaint about FF on linux in general.
This is a thought-provoking response and does make me reconsider my position. It doesn’t please me, but perhaps we do need to encourage market pressures that force Mozilla to create a better product.
However, as I said in my above post, my objection to Brave largely stems from how it is marketed and promoted. I’ll re-iterate: People try to sell it as the “pro-decentralization” and “good web citizen” browser. Brave isn’t doing anything compelling enough to earn that status in my eyes.
I am not going to argue about how much Mozilla innovates. Rust is pretty cool — I agree they could do more. The people pushing me to use Brave seem to want me to do so as an act of charity. I will re-evaluate my choice to charitably direct my web traffic through Firefox, but, to be honest, my first choice otherwise still would not be Brave.
> they put a Tor client in the default distribution
Something that Mozilla is also doing[0], albeit with significantly more attention paid to the privacy-minded patches to Firefox made by the Tor Project. The end goal is to mainline these patches, such that Firefox gains the same privacy properties as the former-- they're working with the Tor team on this. If I wanted to use Firefox to access the Tor network, I'd just start a client locally and have the browser proxy traffic through it. Tor Browser's anti-fingerprinting measures are half the reason it's useful.
It's half-baked "features" like this that turn me away from Brave; there's this feeling that it's marketed towards the sort of well-meaning crowd that won't know the difference between "Tor tabs" and Tor Browser. This isn't a bad thing; rather, it's the misleading material surrounding such features published by the developers. Just look at the relevant page[1]; there's just a vague mention near the end of the article about using Tor Browser if you need "leakproof privacy", and the rest of the page carefully tiptoes around the fact that this really only prevents websites from knowing your IP address (and likely not even that, considering the similar fingerprinting properties of normal tabs and Tor tabs).
Excerpt:
"Also, web destinations can no longer easily identify or track a user arriving via Brave’s Private Tabs with Tor by means of their IP address."
To non-technical users, this reads more like "Brave (with Tor tabs) prevents websites from knowing who you are". It's lawyer-y, if that makes sense-- the whole thing just rubs me the wrong way. This is, of course, assuming said users even read the linked post; most will probably see 'Tor' and draw the relevant conclusions.
> even if the browser does not implement some of the anti-fingerprinting measures that Tor browser does
It's laughably easy to fingerprint Brave browser users, even compared to Firefox and its rather basic fingerprinting protections (at the moment). Though this is likely because Brave has a far smaller userbase.
> Firefox is slow (especially on Linux) when compared with Chromium.
No. Just, no.
I want to share something that I experienced very recently.
I use Firefox and Chrome (just for using Taskboard) at work. I also use Firefox at home. Both systems are Debian. The perceived browser speed was Chrome (Work) > Firefox (Work) > Firefox (Home). I always thought it was about DNS resolution, so I started running DNSMasq at home on an OrangePi Zero but, it didn't make much difference.
Two days ago, my home ADSL modem suddenly died. I replaced it with a more modern version and everything about speed has changed. Now The speed of Firefox at home is equal with the speed of Chrome at Work, Firefox at work is slightly behind.
It can be said that Firefox is much more sensitive to network parameters like DNS response times, but its rendering engine and other capabilities are not behind Chrome.
I wish it wasn't true, but Firefox seems heavier on low-spec Linux laptops. A while back I was writing code on the road on a $200 HP Stream running Ubuntu, and I needed multiple tabs open with audio to debug. Switching from Firefox to Chrome was a noticeable improvement, where the UI remained responsive in all the tabs.
When did you last use Firefox? I do mobile app development and observed when I use brave, it spins a bunch of tiny processes plus it's memory intensive as chrome. With Firefox I can open up multiple tabs + run Android studio without slowing down my machine
Innovation is dead as consolidation started about five years ago, so now we’re down to three layout engines as it appears to great a task for smaller entities to make the engines themselves. I could be wrong but it’s sounding like the dollars are not there to make it worthwhile or it’s too a mammoth task.
> Yet, it uses Chromium, which contributes to Google’s dominance over the web — pushing developers to further neglect Firefox and other browsers as a target.
The only solution is to create a new web standards organization, since Google controls W3C. For instance, WebAssembly has a lot of privacy issues.
Didn't they use to use Mozilla's engine in the past? Brave is a payments shell on top of a browser ui. Maybe in the future they can afford to have both. I think focusing on the rendering engine is missing the point.
Ads in and of themselves are bad, even without tracking. My time and attention are the only truly limited resources I have. Hijacking those to make me desire things I don’t need reduces my quality of life. Secondarily, ads corrupt every media outlet they touch. To hell with all of them.
Yeah, no. The ad model driven by broken financial incentives and broken browsers that leak privacy everywhere is what broke the web. Fixing those incentives and fixing the browser fixes the actual problem.
Free content still costs money to host. If I can't write about cool programming or science projects for free, like having my hosting paid by ads, I very likely won't write it at all, and the web would be all the poorer for it if everyone in similar shoes reaches the same logical conclusion.
brave uses ads to generate revenue for users. But the tokens might be used in the future to incentivize more direct behaviors, e.g. incentivize users to sign up or post quality content or buy a product. This would completely bypass the advertising ecosystem and the nuissances it creates, connecting users and makers directly. It's still marketing, but direct. There are many possibilities when payments are frictionless.
Realistically, what kind of money are we talking about? There is some amount of money I would sell my attention for, but it’s somewhere in the multiple hundreds of dollars per hour. Less than that, and my effort is more efficiently spent on other things. More than that, and I’m extremely suspicious of the motives of who would pay that and why.
there are already "offer walls", i.e. incentivized actions that reward users with small amounts of money. Or users could e.g. be rewarded if their amazon reviews are highly rated. there is an incentive for websites to do that. it doesnt even have to be about ads
That's what I'm talking about, it's way too inconvenient to have to enter that clunky 'Customise' window (and then close it ooff) just in order to drag an icon out of the way of my existing corner icons. I try new add-ons all the time for temporary or small functions. It's little things like this that make the everyday experience a deal-breaker. FF has come a long way - e.g. not requiring restarts for add-ons anymore - but there's still more things to fix. I literally check this one feature (draggability of add-on buttons) about once a month, because there's a great to deal gain with Firefox due to privacy.
I just checked Chrome, apparently it doesn't support moving anything but extension icons? I far prefer the FF approach (also because of accidental moving)
I currently use DuckDuckGo as my primary search engine because Brave's Private mode uses it by default. I had heard of DDG before, but I assumed that Google was better. When I saw that it really works just as well, I decided to switch.
DDG works for most stuff, but I've found Google to be better for niche topics and for anything related to a forum content. When searching for "reddit" + something else Google does a better job.
My understanding is that Duck Duck Go is more or less a non personalized Bing search with paid upranking for Amazon products. As it is Bing is pretty solid, though the privacy boost DDG provides is not worth the drop in quality.
Does Brave still fail fingerprinting tests in a comically bad fashion? Last time I looked at Brave, it appeared to be pretty bad for privacy fingerprinting-wise compared to Firefox and (surprisingly) Chrome.
Yes. Despite their efforts, it remains trivial to detect Brave as well as fingerprint individual users.
I’m pretty sure the only reason they don’t expose it in the UA is because you can then calculate just how much of a scam it is. Their payouts are laughably low.
This is the sole reason it should be evident to anyone how Brave is just a scam. They took a Browser made tracking it easier and then released it as a private browser. And people genuinely fall for it.
Hi, I do privacy research at Brave. Our fingerprinting protections are still being improved (our second round of FP defenses should hit nightly in Jan), but the comments here are wrong; our defenses are much better than Firefox and Chrome.
We don't consider as part of our threat model preventing sites from knowing you're using Brave. I'm not aware of any browser or tool that considers this as part of their privacy threat model either (including the terrific Tor Browser Bundle). Our goal is to prevent sites from distinguishing between Brave users.
My claim is that our fingerprinting protections are strictly stronger than Firefox and Chrome. A partial list of fingerprinting protections that are enabled by default in Brave are at [1].
Fingerprinting is tricky, and we're tacking the problem in on multiple dimensions. We need to go further, and expect to have v2 of our defenses in nightly in the next month or two [2], but we're also leading efforts in W3C to address fingerprinting in standards (I'm snyderp, those are my / Brave issues identifying privacy harm in standards) [3], and we're pushing hard to prevent web standards and privacy efforts from being eaten up by vaporware [4].
So, all that is to say, Brave has the most aggressive fingerprinting protections of any general purpose browser, and is getting better. The naysayers are welcome to backup their claims ;)
Notice the page is about the Grammys and the ad is about the Grammys. This is important.
So Brave strips the ads from my site and inserts their own as (even more annoying system notifications). And they are relevant to the page so now my visitors might think I was the dick that triggered a notification that must be dismissed.
And If I want a cut I have to sign up for some rando cryptocurrency company, the bastions of ethics and security.
Please Brave. Use a unique user agent string so I can just block people using your browser. And I don't care if people block ads, I do too. But when you get desperate and start showing ads for dildos on my site discussing cross-cut table-saw blades I'm not going to be a happy camper.
Not only that, but the token they use was distributed via ICO, meaning it is highly centralized and potentially will be subject to securities legislation in the future. Completely ignores the ethos crypto currencies started with.
It feels like these "debunks" aren't debunking the claims but rather explanations trying to put you at ease.
For example, "Auto-updates are not directly anti-privacy" is obvious, but some people want to disable auto-updates since they might not want new, potentially privacy-violating updates added to the browser. You can't look through the changelog (or better: the GitHub diff) before downloading an update if you can't disable auto-update. Same for "But Brave has a backdoor!", auto-update is by definition a backdoor for running code the user hasn't ran before. The only reason most people are fine with Google's auto-updates and weary of Brave's auto-updates is because Brave isn't as trustworthy or well-established in terms of "does this company have incentive to push malicious code to my machine or will they potentially be compromised or bought out".
I made a comment a while ago about how when IE6 was destroying computers (~2003) I charged a lot of money to fix people computers unless they switched to Firefox. But if they used FF I would help for free. That was the beauty of my plan. I didn't care about money I just hated fixing my families computers. And using FF solved nearly all my problems.
And then a guy said he would go as far as putting the IE icon on FF so people wouldn't have to really do anything different. Ideally they just wouldn't notice.
So now that there is a stupid token I wonder how many installs of brave are actually legit. Seems trivial to just install it on families computers and fake it as Chrome and use your account to collect the tokens.
My experience in brave ads is that I had to opt in to them. I knew how they work (I knew, you, website creator, did not create the notification). I didn't keep the ads on for long as I found them annoying, but i don't feel like brave was forcing me to use them anyway...
Is that really the best option: blocking based on UA header
What do users think about websites that try to tell them what browser to run. There are sites like this one giving "advice" on which browser to use (https://theprivacyguide1.github.io/browsers.html), sites that display messages that tell the user to switch browsers and sites that try to block the user's choice of browser by reading User-Agent headers. Headers are trivial to add/delete/modify
All in the name of online advertising. It is a shame this is what the www (and now the "browser") has become. A medium for delivering ads.
Real original smear there - "Brave will get desperate, and start pushing NSFW, and edgy ads."
I like this fake alternate strawnan universe where actual dildos head Brave, where last ditch efforts to save a silicon valley VC funded startup is to push wherever it is you dream they'll push. Because burning everything to the ground is par-for-the-course, for both VCs and entrepreneurs in the valley?
Or - this is classic FUD-ing, backed by exactly zero evidence
I guess you're new here. Personally, after 20+ years working in SF, I think that's a perfectly plausible outcome. I mean, the whole internet ad market has been a long slide to being as awful as they can get away with. The median investor cares much, much, much more about ROI than how that return is achieved. And a common outcome for content companies that aren't stars but have nonzero revenue is to end up as zombies that do anything that juices income a bit.
I don't agree here with your premise. You claim not to care if people block ads, but that's the default behavior. "Brave Rewards" is opt in.
Additionally, as they show ads as system notifications, I've never equated them whatsoever with what I'm browsing, and I'd assume that's by design.
I use Brave because (for me) Firefox is slow, and Chrome is Google. As someone who's quite fond of you for example on HN, I'd love to not be blocked, but I'm not switching browsers for the privilege...
> No it doesn't. Brave is open source and there has been no backdoor ever found. Many people claim that Brave being able to use custom HTTP headers are a backdoor but this isn't true. HTTP headers are allowed as per RFC 7231. See Brendan Eich's response to this.
This has got to be a joke, right? Nobody's claiming that Brave 'using custom HTTP headers' is not allowed in the HTTP spec, the problem is that Brave downloads a list of headers to inject into requests for specific websites.
I'm not sure I'd call this a "backdoor", but considering it cannot (to my knowledge) be disabled it at least deserves a conversation. Trying to minimize the complaint with "it's allowed in the HTTP spec" is insane.
The comments in this thread are ironic considering the content of the post.
Brave exposes controls for all of its privacy and crypto features and you can easily opt in or out of anything that concerns you, making it a great choice for privacy.
It really smacks of hypocrisy that everyone is all for multitude of open source solutions, except when it comes to browsers. Mozilla has made many misteps regarding privacy and I've never seen attacks like this. To say that browser wars are political is an understatement.
Even assuming the worst, that being that Brave is trying to track you and build an ad network rivaling Google, that still seems in sum total a good thing. Google has gone down a dark path completely unchecked with their unimaginable omniscience and ad revenue, and I welcome an attack on their monopoly.
Brave is not even a browser, it is just a rebranded Chrome that advertises itself to users as a "browser" while its main publicity is nothing but an unhinged attack on the very same company that built the browser it's rebranding. On the other hand Firefox IS A browser and Mozilla is a non-profit.
Isn’t one of the main benefits of open source projects - like Chromium - that you don’t have to reinvent the wheel, and can instead focus on innovation or differentiation beyond the status quo?
Once they secured their monopoly, they stopped maintaining the facade that they were anything but what you described, which allows them to get away with a lot more.
I don't use Brave and I'm not either the author of the article in question, but it's funny the fact you appointed. If only those people read Mozilla and Firefox privacy policies ...
I am using firefox and I dismiss Brave because Chrome already is a monopoly. Firefox only has a tiny minority in total traffic and it's mostly from more technical users (a "technical user" would be anyone able to download an install a different browser). It is impossible to fight the current monopoly which spans across devices. The only chance we have right now. There is no way Brave or any other browser can gain enough market share to counter this except FF and even for FF the odds are slim.
The second reason I dismiss Brave is that it doesn't really provide anything innovative. It's not just about ad-tracking. We need also decentralization and new ideas on how we consume and organize information. Brave is just another for-profit organization which also makes a poor root of trust. (while Mozilla isn't any better here and also depends on questionable sources for funding the point is Brave doesn't disrupt here).
I'm not saying Brave is bad because any contender that can reduce the share of requests from Chrome vs the "Rest" is welcome. Maybe one day we have a world where 50% or less is Chrome and the rest is a mix of many different implementations. For this to happen the whole web would have to be re-envisoned because right now companies can't even bother to support the testing of more than one browser. So practically with how things are right now we will probably not have more than 2-3 contenders at any one time. And for this reason my personal vote is for FF.
The standards are created by many organisations, not just Google. And then more than one major browser must implement and provide feedback on a proposed standard. We just hear more about Google’s input since they are by far the biggest and have a much larger engineering team than most.
I don't directly know of any, but I think there is concern of the possibility of privacy issued due to the compiled, non-available source code that web assembly presumably provided.
1. Brave's tracking degree is little to none, compared to Google/Microsoft(edge).
2. Brave is the only browser that splits ad revenue with the user, and pays creators a higher percentage, compared to the AdSenses of the world. On top of that, brave ads aren't distracting, are generally of high quality and non intrusive to the browsing experience.
I've personally earned more than $50 in aggregate this year using brave, and tipped a 100% of that to sites and content I consume often. Both the creators and I are happy costumers of brave.
The problem with brave is that it takes away creators freedom of choice when it comes to revenue for their content. It's nicely summed up in this article:
TL;DR: Creators have to sign-up to brave's BAT system in order to get revenue for ads that Brave embeds on the creator's website. And even then there is a competition upon creators for users to spend money on them which is not correclating with the time users spend on creator's content.
sheogorath is right - Brave doesn't pay creators anything unless they enter a business relationship with them, but it nevertheless collects that revenue
> Their home page (their website, not the browser's home page) contains analytics because they want to see what type of users are using their service, how many etc. Analytics are used virtually everywhere and are a nice way to gain information about how much traffic your website is recieving. Additionally, Brave's tracker blocker blocks this tracker anyway.
Then why have it? Just because “everyone is doing it, so we should too, even though it’s antithetical to our goals”?
I am unable to use any Chrome/Chromium based browser due to one stupid and trivial characteristic. When you spawn a new session of Chrome/Chromium the resulting window/tab steals focus. That means that if you do so from some sort of terminal based program you are pointlessly left sitting there with the cursor still in the terminal window but with the focus on the browser window. If you were hoping to spawn more than one new browser session (say from a RSS reader), well, you are not doing that.
Firefox has an obscure option that can be used to turn off this obnoxious behaviour. So I must use Firefox.
Anyone using Brave should be aware that Brave are known to use Bots on HN and on 4chan to spam pro Brave messages. If that isn't enough of an indicator how trustworthy their business is then I don't know.
Currently there is not a singular reason to use Brave over Chrome. The only thing Brave does is bundle an adblocker and Brave is slightly easier to fingerprint than Chrome. There is no other difference.
By default you will have less privacy with Brave than with Chrome due to fingerprinting.
So did I say anything about user agents? Why are people that desperate to defend Brave? I get there are lots of Brave bots but apparently there also are genuinely disillusioned users.
Brave is way way way easier to fingerprint than Chrome. This alone makes it worse to use than Chrome without an adblocker at all.
Yes, I am. It's been my primary browser for the last 14 months. It works the same as chrome for web development.
I like the built in privacy features, but still use ublock, umatrix and privacy badger in conjunction with built in features. It's extremely snappy.
I have some qualms about their BAT model, but I am opted into ads and have set wikipedia and several favorite sites to auto donate. I've also cashed out about half of it myself (about $30 of $60 this year).
The ads themselves are crudely targeted. They claim the browser profiles your visits locally. Basically, visit opted in programming sites, get programming ads. It doesn't feel spooky and the ads are not intrusive.
I would use this without the BAT model or crypto wallets, but use both of those features all the time but it's just a bonus.
The most important thing to me is that it's chrome dev tools without Google. Chrome is straight up scary.
* Also, native tor windows are handy for testing ;)
Brave is the most disruptive thing to happen on the web in 15 years. The discussion about tracking is almost irrelevant - adblocking is the bait that brave uses which will take us from google's web to a web where every visitor can directly pay the creator to read anything on the web. It's almost comical to watch HN melting against brave because it's threatening the profits of their bosses. I personally hope the best for them and i 'll be doing my best to promote it.
Basically every reasoning they give for why Brave is not as bad as it seems, seems to demonstrate exactly that point. Literally. Starting with “they clearly state in their privacy policy that their ads do not track you”. Great.
Sure. Argument won decidedly.
reply