43
Is Firefox any more private/secure than Brave?
(sopuli.xyz)
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 06 Jul 2023
43 points (90.6% liked)
Privacy
30644 readers
1871 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
Chat rooms
-
[Matrix/Element]Dead
much thanks to @gary_host_laptop for the logo design :)
founded 4 years ago
MODERATORS
Brave is more secure, in terms of safety, because it's base on chromium and has unique Privacy Features. If you won't use Brave, LibreWolf or hardened Firefox is ur best choice.
While Chromium itself is a very solid platform, and correspondingly Chrome is a hard exploitation target, it's quite easy to screw up a fork of it. Comodo Secure Browser was a chromium fork that was fixed to an old version of the renderer with known security issues and was built to disable the sandbox. It also added libraries that were compiled without ASLR that worsened security for every application that loaded them.
Chrome has an enormous security team behind it in addition to P0, so bounties on Chrome exploits are around $500k. FF bounties are a fifth of that, which is probably a portion of less security, and a portion of lower target market. Brave could be doing terrible things that without an audit would be unknown. Web3 code is pretty terrible on the whole, so adding that to a secure base may not be great...
Brave is so unsecure because it uses chromium. The only unique thing i saw on brave was the crypto miner included. Chrome can easily just change terms so that brave looses his licence for chromium. Firefox is more secure in the way it is more secure, because they are not focused on stealing your data and there is librewolf yeah that one is open source and is the most secure of those 3
Yep. They definitly added a crypto miner into their opensource code. 👍
It was rumored sometime that they did or even thought about it.
It would be the stupidiest thing ever.
https://lemmy.world/post/1510069
LMAO something other happensd
If you read it, you realize it isn't bad as it sounds and has nothing to do with there browser and really less with trustworthyness of the company in terms of privacy and security. So instead of trying to find evidence why "Brave is bad" make a Pro and Con List for Brave and compare it with the google infected Firefox and you will see why I prefer Brave as the browser of trust and use LibreWolf as second, because it's like a real private version of Firefox.
Ok Chrome but in orange.
This is the reason why I left Reddit, nice to see that the toxicity also arrived Lemmy.
Sorry 😕
Unsecure how exactly? Being chromium makes the browser more standard. It blends in with other browsers easier which means it can add protections while still showing itself as chromium compatible. I'd like to learn more about how chromium can just kill forks by updating the license, last I heard it was a BSD compatible one and I wasn't aware of it retroactively restricting access. Of course google can just fork and deprecate chromium with a more restrictive license given their the key copyright holders but as their project that isn't surprising. Firefox isn't interested in harvesting your data but that isn't security, it's privacy. Most chromium forks are the same. Brave doesn't harvest your data. It did once (and it can be argued you should avoid it just for that) but you seem to care less about which browser is best for your online privacy and more for just shilling firefox. For reference I use and love librewolf, but I like to consider myself open minded enough to try the other options... such as they are.
Every browser that is chromium derived is depending on google. I tried before firefox chrome. But after the v3 manifest. That killed every "real" adblocker and script blocker. And that you cant block scripts is so secure :) ! Firefox IS the other option. F*** chrome browsers is my motto. As they are just poison. Because the fake "Polypol" google is creating with chromium.
Again, I use Firefox, for the most part because of the reasons you've described. But none of what you've said is really an argument for security or privacy against the browser. If you just wanna say Google = evil, so don't trust anything they make, that's fine. The chromium forks aren't google owned and they don't need respect what google tries to do. Case in point manifest v3 came and brave still has native ad blockers and intend to support both manifest 2 and 3 going forward. It's really just a matter of who has the bandwidth and funding to maintain a browser of the scale of chromium or Firefox. Google clearly does, mozilla does a decent job despite the iffy funding situation actively restricting donations purely for the browser. If its just small privacy enhancing tweaks atop chromium smaller vendors like brave can do that. End of the day chromium is a well optimised, standardised and frankly well written browser that is perfectly fine for anyone that wants to use it. Should Google be the entity in charge of chromium given their clear conflict of interest, obviously not. But no one else has stepped upto the plate and mozilla is clearly the inferior in regards to features or browser optimisations (just due to scale of support available). Don't get me wrong, Firefox is great and everyone should use it for their own sakes, but this just blind fear mongering of anything chromium related isn't productive.
Brave is more secure in terms of security. Security and safety are two entirely different attributes from a technical pov. And privacy and security are also not the same, though privacy is greatly impacted without security as you implied.
Firefox is more private than Brave but less secure. Neither is necessarily safer than the other, it depends on how much either app tends to misbehave within the constraints of your own use case. Since the use cases are different (privacy vs. security), it's harder to compare safety on an even playing field.
I would like to see evidence for your claim that Firefox is more private.
Exhibit A: The Tor Browser, which focuses on maximizing privacy, is based on Firefox rather than Chromium. They upstream a lot of their major stuff to regular Firefox.
Exhibit B: Firefox therefore has privacy features that Chromium-based browsers just do not have, like first-party isolation or letterboxing for example.
Brave's preconfiguration is a lot more private than Firefox out of the box, but hardened* Firefox is more private than Brave even with extra work put in.
*: Not just configuration (Arkenfox) but also patches. Like Librewolf (better) or Mullvad Browser (even better) or straight up Tor Browser (best).
Brave and Chromium itself has same good firstparty isolution as Firefox. If you check https://privacytests.org/ you can compare it with LibreWolf which is prehardened Firefox and hardened Brave is stronger then hardened Firefox, due the fact it don't need to have a lot of users to function + it uses the hide in the crowd effect + randomization at the same time which is stronger then only trying to make everyone looking the same.
Librewolf is not really prehardened Firefox, Librewolf is Firefox with the Mozilla stuff torn out. It's more private than regular FF but a long way out from Tor or Mullvad browser. You're right that out of the box Brave will provide better privacy than Librewolf, but everything else you said doesn't really make much sense.
You can't say that Mullvad or Tor are hardened Firefox Browser, that are completly different things and do have any arguments and evidence for what you say? That it doesn't make rly much sense? I mean it do. It seems more like your knowledge about Brave is pretty small while I do know a lot about both.
All right, here goes nothing.
I came to the conclusion that what you said didn't make much sense after you called Librewolf prehardened Firefox, which—while not a completely alien assertion—is not exactly very accurate as I explained in my previous comment.
What's worse though is that you continue making exotic assertions like the hide in the crowd + randomization theory without backing them up with anything, while simultaneously asking for arguments(?) and evidence supporting my relatively straightforward and popular position--both of which I have presented very clearly in my previous comments by the way.
What you fail to deliver in the meantime are explanations as to A) how Brave's approach is different or unique compared to anything that any hardened/forked/otherwise enhanced readily available Firefox could offer and B) why Brave's particular approach to privacy is then also objectively better than the multiple different approaches that various Firefox configs and forks offer.
But wait, I'm not done yet. You also fail to explain why you consider Mullvad Browser or Tor to be "completely different things" as you suggested just now. Brave is the best Chromium based thing out there in terms of privacy, shouldn't it then be fair to match it against the best of Firefox' class? Or is it because Tor Browser targets a very specific user base and is less fit for your average every-day surfing and that's why you think the comparison isn't sound. In that case I bear bad news about your deep well of knowledge on web browsers, because Mullvad Browser is based on Tor Browser but doesn't require any overlay network of any kind in order to function properly.
And since engaging with you has not yet led to anything of value, I will refrain from partaking in this discussion any further unless this changes.
While Chromium itself is a very solid platform, and correspondingly Chrome is a hard exploitation target, it's quite easy to screw up a fork of it. Comodo Secure Browser was a chromium fork that was fixed to an old version of the renderer with known security issues and was built to disable the sandbox. It also added libraries that were compiled without ASLR that worsened security for every application that loaded them.
Chrome has an enormous security team behind it in addition to P0, so bounties on Chrome exploits are around $500k. FF bounties are a fifth of that, which is probably a portion of less security, and a portion of lower target market. Brave could be doing terrible things that without an audit would be unknown. Web3 code is pretty terrible on the whole, so adding that to a secure base may not be great...
Just an FYI, looks like you double commented