163
submitted 1 year ago* (last edited 1 year ago) by voxel@infosec.exchange to c/privacy@lemmy.ml

Warning to all Brave Browser Users

Blocking variations.brave.com which is used for A/B testing could potentially break Brave's functionalities. For me did Brave's "forgetful browsing" feature broke which seems to be disabled by default if you block this domain.

#brave #bravebrowser #privacy @privacy @privacyguides

you are viewing a single comment's thread
view the rest of the comments
[-] themoonisacheese@sh.itjust.works 109 points 1 year ago

Anyoneserioius about privacy should not be using a chromium browser, and should definitely not be using brave.

[-] ultratiem@lemmy.ca 54 points 1 year ago

Firefox is safer and tbh, has probably the best UX and aesthetics out of anyone. Brave is garbage.

[-] programmer_belch@lemmy.dbzer0.com 27 points 1 year ago

For incognito browsing I recommend Librewolf, a firefox fork. If you want anything more secure, you should start looking into tor

[-] MrPoopbutt@lemmy.world 9 points 1 year ago

Why is librewolf superior to our of the box Firefox? Or mullvad browser for that matter?

[-] programmer_belch@lemmy.dbzer0.com 12 points 1 year ago

It has included some privacy measures to resist fingerprinting like letterboxing and has more privacy focused search engines as default like searx. Also it takes out some firefox utilities like pocket which I don't really use

As for Mullwav browser I'm not really sure, it seems to be another reinforced firefox like librewolf

[-] KLISHDFSDF@lemmy.ml 5 points 1 year ago* (last edited 1 year ago)
[-] Linus_Torvalds@lemmy.world 2 points 1 year ago

Btw, here is a detailed, technical review. It is in German, but with transtae and all the code, it should be understandable.

TLDR: It's good.

I'm not really sure, I haven't used it. In fairness, I only use librewolf for incognito searches, not as a daily driver

[-] eya@lemmy.dbzer0.com 1 points 1 year ago

i prefer to use librewolf as my everyday browser, while using mullvad as my browser for other things that dont require tor i like to keep things separated, personally

[-] stifle867@programming.dev 3 points 1 year ago

As a Firefox user, the only thing Brave does that I wish Firefox would copy is their fingerprinting resistance. I know Firefox does have fingerprinting resistance but it's nowhere near the same level as Brave.

[-] the_lone_wolf@lemmy.ml 4 points 1 year ago

Use privacy badger extension

[-] Pantherina@feddit.de 2 points 1 year ago

No. Firefox with RFP, Arkenfox user.js, Librewolf or Tor-Browser unifies your fingerprint. Its universal among users. Brave scrambles it, while some may say that is actually not a real fingerprint and can be detected, making you stand out extremely

[-] stifle867@programming.dev 2 points 1 year ago

Just to be clear, are you saying Firefox with fingerprinting resistance used in conjunction with Arkenfox user.js provides fingerprint unification, similar to what Tor browser does? I'll have to check that out.

I think both approaches are valid tbh. Having a unique fingerprint obviously uniquely identified you, but if it's randomised then your browsing sessions can't (in theory) be linked.

[-] Pantherina@feddit.de 2 points 1 year ago

Yes. Arkenfox to my knowledge is 1:1 Tor configs. Librewolf is similar to arkenfox, no real differences afaik.

For regular browsing though, this means that everything is always deleted. So if you may change some configs, you mayyy be fingerprintable.

Good thing though, different from Tor-Browser is, that it deletes everything without using the private browsing mode. This means, that it has way more capabilities, and saving session for example has no fingerprinting effect really, as favicons and cache can be cleared.

The problem with randomized UserAgent is afaik, that in firefox it cant really fake a complete, real browser, fonts and all. So it would be very nice 90% of the time, but big tracking sites would know exactly who you are

[-] stifle867@programming.dev 1 points 1 year ago

I'll look into this. Thank you for the information.

[-] Stahlreck@feddit.ch 1 points 1 year ago

So if you may change some configs, you mayyy be fingerprintable.

You are fingerprintable either way unless you go all out. Going full on Arkenfox/Librewolf mode (with all settings enabled that decrease convenience) you can at most fool naive fingerprinting. For the more advanced one you need Tor.

And even for naive fingerprinting, unless you use Tor or a VPN (which you would have to trust) your IP alone + the fact that you use FF (which a few % of people worldwide do) along with some other basic info about your PC will make you very unique.

[-] Pantherina@feddit.de 1 points 1 year ago

A good VPN is a must of course.

[-] z3rOR0ne@lemmy.ml -2 points 1 year ago

The Chameleon extension could solve some of the fingerprinting issues as it can randomize the browser and OS info that is sent.

[-] stifle867@programming.dev 2 points 1 year ago

If anyone who downvotes wants to jump in and explain why instead of doing drive-bys that would be appreciated. I don't see any reason why this browser extension wouldn't be an effective tool if it does what it says.

[-] zwekihoyy@lemmy.ml 2 points 1 year ago
[-] ultratiem@lemmy.ca 7 points 1 year ago

Brave is just a shill for Google mothership. Firefox is leading privacy and security through browsers.

[-] zwekihoyy@lemmy.ml 4 points 1 year ago

Firefox has a weaker sandbox than chromium and less mature site isolation and therefore has lower security. privacy is a different story, but remember you're only as private as you are secure so Firefox is inherently not that private assuming a malicious site escapes the sandbox.

I'm fully against chrome's growing monopoly as well as Google surveillance capitalism but let's not be so dramatic with the "google mother ship" nonsense.

using chromium as a base does not equal data being sent back to Google, just like using Android as a base doesn't inherently send data back to Google.

i disagree ahola looks better but i still use iceraven on my phone and firefox on pc

[-] Boring@lemmy.ml 8 points 1 year ago

I disagree. Firefox is fine, but saying chromium is spyware because its primarily maintained by google is like saying android is spyware.

Additionally chromium browsers are arguably more secure than Firefox, and has more advanced sand boxing. So much so that graphine OS used chromium instead of Firefox for their vanadium browser.

Only thing I agree with is not using brave.. Cause well.. They fishy.

[-] JoeBidet@lemmy.ml 12 points 1 year ago* (last edited 1 year ago)
[-] the_lone_wolf@lemmy.ml 4 points 1 year ago

Those who don't know about it go and read GNU replicantOS blog and wikipedia page

[-] zwekihoyy@lemmy.ml 3 points 1 year ago

Android is not a single OS (?)

[-] AI_toothbrush@lemmy.zip 2 points 1 year ago

It is. Custom roms modify very little of the code and they are all based on aosp(it is open source but google controlls the changes). The whole point of aosp is to create the illusion of choice but if you really want to avoid using google spyware you have to give up on most apps or go to extreme lenghts to use an alternative. The grapheneos project is really cool and usefull but it only patches the inherent (intended)problems of android and doesnt provide a real solution.

[-] zwekihoyy@lemmy.ml 1 points 1 year ago

I'm unsure you have any idea what you're talking about.

[-] Boring@lemmy.ml 1 points 1 year ago

And I'm sure you only use twofish because the NSA backdoored AES when they standardized it.

[-] JoeBidet@lemmy.ml 5 points 1 year ago

what does it have to do with Google's business model being mass-surveillance, and/or them being caught several times collaborating with the NSA, the US army, etc.?

I agree that the NSA backdooring stuff is a problem too... (or even a different facet of the same problem...) Yet, one doesn't invalidate the other...

[-] Boring@lemmy.ml 2 points 1 year ago

I'm just saying that collaboration with or association with spooks or glowies isn't in itself a red flag.

Many privacy and freedom granting software is made by these people.

Take Tor for example, made by the navy to hide information from the public and anonymously attack networks of adversaries.. Yet now is the NSA's biggest obstacle in mass surveillance.

[-] JoeBidet@lemmy.ml 3 points 1 year ago

I beg to disagree: the global interception capacities of the NSA in 2012 (as showed in the very few 2013 documents from Ed. Snowden that were made public) clearly were enough to routinely de-anonymize tor. By owning a certain percentage of the global internet traffic, you de facto own tor (can very precisely correlate what comes in and what goes out, and do that retrospectively when needed).

and that was 10+ years aog....

Association with spooks is a red flag, for the multiple, endless ways they have been doing their shitfuckery, endangering the general public, the exceptional US citizens, and information/communication security at large... by weakening standards, by corrupting corporations to introduce (or leave open) some bugs, by infiltrating development teams, by pressuring operators to grant full access, by breaking and entering, etc..

Anyone who doesnt see that as a problem has to be considered as part of it. Simple, basic rule.

[-] darklordcrouton@lemmy.world 2 points 1 year ago

I truly appreciate the perspective of this post. I would like to switch fully to Firefox and support the cause. Unfortunately I have a PWA addiction and that is the only thing keeping me living my shameful hybrid browser life.

Is it a weak reason? Probably. But it's an honest one. If Mozilla hopped on PWAs, I'd be totally fine bouncing from Brave and joining the Chromium rebellion.

[-] Masterchief117@lemmy.world -1 points 1 year ago

But they’re the only ones blocking ads on YouTube for iOS 😞

[-] eya@lemmy.dbzer0.com 4 points 1 year ago

You can add something like AltStore to an unjailbroken iPhone and sideload a YouTube app with adblock built in.

[-] Waphles@lemmy.world 4 points 1 year ago

The only reason I still use it. I like Orion but it’s not quite there yet. Not really sure what other iOS alternatives there are to chose from.

[-] Boring@lemmy.ml 1 points 1 year ago

YouTube ads are served on the same server as the video.. So they would have to filter it through one of their servers and block the elements and stream it to you.

So if you're using them for privacy.. you better trust them a lot because they would have equivalent info as google.

this post was submitted on 06 Oct 2023
163 points (92.7% liked)

Privacy

32177 readers
482 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS