Follow

I've finished a blog post about Brave's false privacy. I give you arguments that will prevent yourself from falling for Brave’s marketing lies.

ebin.city/~werwolf/posts/brave

@werwolf in my brave I have uBO and privacybadger installed, and disabled all the coinswhatever nonsense.

Brave is a single browser that randomizes bunch of JS APIs that actually used for fingerprinting.

So it’s effectively all good parts of chrome, plus extra api randomization, minus FloC and google altogether.

@krom I achieve that with CanvasBlocker addons.mozilla.org/es/firefox/

Anyway, you can't mitigate Brave's privacy issues with uBlock and Privacy Badger.

And if you've read the article, you should know that uBlock (and Privacy Badger, which are redundant BTW) will stop working on Chromium soon.

Even if they found a workaround, you'll still have the problem with chromium being developed by Google. So no a real option.

@Werwolf :gnu: Do you recommend using IceCat? I stopped using it because it didn't receive any update since 2019.

@evanarkisto_hz it's based on Firefox ESR so it should be okay. It also has the safest defaults.

If you look at their git repository, there are recent commits, which aims to update to the newest ESR version. So it's being developed.
git.savannah.gnu.org/cgit/gnuz

Anyway, I recommend using hardened Firefox over Icecat since it's more frequently updated.

@Werwolf :gnu: I know it's based en Firefox ESR and I had seen the commits already, but I had a visualization issue with IceCat and Tor Browser, and TB solved it and I don't see it fixed in IceCat. Besides, I always see the same version in About section, so I don't see how it gets any update.

I use hardened FF over Tor, and used IceCat for sites I had to identify myself.

@werwolf OK, you've convinced me. I've been using in parallel firefox, brave and safari. Now I'll exclude brave and see if I miss it.

P.S.
Latest firefox UI update makes me want to use it more :D

@werwolf a good read, but I'm lacking alternatives on mobile devices. I'm using Brave with Blokada in the background and that's been ok for me so far.

@ttntm I'd recommend Fennec F-Droid or Mull (both of them Firefox based).

But if you need something chromium based, although I hate chromium, Bromite is much better than Brave in terms of privacy

Now that's scary, I had higher hopes on Brave.
Thanks for warning us.

@werwolf also, their "decentralized browser sync" communicates with their server to sync, lol

@menelkir I missed this fact. Do you have any source?

I guess that I could try to get the connections to the servers myself but I don't want to install Brave

@werwolf I can't find a source, but I remember my pi-hole having hits on an url related to this service, not sure if still a thing since I didn't use it further because I had my concerns (and I was right)

@menelkir I guess that you don't still have those pihole logs, because that would be great.

Anyway, thanks. I'll try to get something to proof it so I can add it to the article.

@werwolf Unfortunatelly no, I've just checked, I've cleaned the logs some time ago

@werwolf Thank you for this writeup. Chromium does have a couple of more advantages over Firefox - at least when it comes to exploit migitations. Not just SSI.

But don't be fooled. Chromium itself is still intertwined with the EvilCorp. Most forks (Brave, Vivaldi, etc) are severly outdated or disable security feats.

The two forks I (personally) deem acceptable: Ungoogled Chromium and Bromite.

Security can 'enforce' privacy _if_ done properly.

/just my 2 cents.

@werwolf Also, Firefox ism't the holy grail (no browser is) - they are in bed with Google. I don't have any problem with accepting donations, but Firefox goes much further. Default search engine, 'Google Safe Browsing' enabled by default etc.

@h3artbl33d yeah, I have a guide about how to mitigate Firefox's issues.

However, as you can see, on Brave you can't. There are a lot of issues that can't be disabled at all. Well, you could if you took the time to read the code and change those.

For me, not using Google's software is fundamental.

@werwolf I'm in Brave rn - welp. Guess I need to get a new browser - and completely overhaul my computer, for that matter....

Time to begum hackerman!

@Mojeek @werwolf Just like #DuckDuckGo, #Brave is good at marketing privacy not delivering privacy. You can always count on ppl to confuse the two.

@werwolf @Mojeek Note as well that #Brave collects charity money without telling the beneficiary: lowkey.party/objects/33550868- Might want to add that to your article.

@resist1984
I always had duckduckgo as a good privacy tool.

May I ask for some info regarding the other position, please? I would like to have a well formed opinion

@Mojeek @werwolf

@txusinho @resist1984

Indeed, I’d be interested as well to read what the issues with duckduckgo are…

btw, I think that Searx is a very good alternative.

@social.privacytools.io @Mojeek @werwolf

@resist1984
I can't thank enough this link.

Thank you so much.

What should we use, then? Searx?

@werwolf @Mojeek @jb

@txusinho @jb @Mojeek @werwolf the best search engine for privacy, for expert users, is Ss: sercxi.nnpaefp7pkadbxxkhz2agtb For novice users, there are a few decent searx instances (metasearch.nl, openworlds.info, search.disroot.org) as well as #mojeek & #gigablast. None of the choices I mentioned feed the tech giants.

Hi @resist1984 I haven't heard about Ss before, and the link https://sercxi.nnpaefp7pkadbxxkhz2agtbv2a4g5sgo2fbmv3i7czaua354334uqqad.onion/ it's unreachable with tor browser. What is it? Do you know another onion link to it? Thanks. @txusinho @jb @Mojeek @werwolf

@Bmz @txusinho @jb @Mojeek @werwolf Ss is the only search engine in the world that filters out #Cloudflare sites, which is essential to Tor users not using Tor Browser, & important to anyone who values privacy. Someone else told me they couldn't reach it with Tor Browser but I have no idea why. It works for me as long as I'm using a version that supports onion v3.

@werwolf @Mojeek @jb @txusinho @Bmz There is a clearnet-only link to Ss: sercxi.eu.org/ I've not used it, and I've heard someone say that doesn't work either. The only other thing to perhaps try is to add a ".to" to the end (*onion.to is an [insecure] bridge from clearnet to tor). Or maybe try booting a recent Tails Live OS.

@Bmz @txusinho @jb @Mojeek @werwolf if you can get it working, another cool feature of Ss is that non-Cloudflare sites that directly block Tor are listed with a strikethrough, so you can avoid them or you can click the favicon to visit an archive mirror of those sites. I hope Mojeek is listening so they can consider introducing the same features.

Thanks @resist1984 for your reply. I'm going to investigate about it, it's seems so interesting. @txusinho @jb @Mojeek @werwolf

@Mojeek @werwolf I saw your #Ratpoison article (ebin.city/~werwolf/posts/ratpo). I was recently considering installing it, but found maintenance has stopped some time ago.. that it's a dying wm. I suppose if you've been happily running it, there is no reason to jump ship but the days may be numbered. I'll be steering clear of it since it's a dormant project.

@resist1984
I thought it was Dissenter that was not being updated. I use Brave on my Debian box and it's uprating all of the time. I will have to look into this article. At the end of the day is it any worse than FF or Chrome?
@Mojeek @werwolf

@bufordk @werwolf @Mojeek I suggest #UngoogledChromium if you want something Chromium based (which the use of Brave implies). I wouldn't trust #Brave in light of them collecting donations without telling the so-called beneficiaries, & whitelisting Twitter ads. Note that ungoogled chromium is is a cocktail of mods that they see on other chromium forks like Brave.

@resist1984 @Mojeek ratpoison has received sporadic updates in the past, so we may see another one anytime. The devs said that it's feature complete. And I've been using it for 5 months as my only WM.

@werwolf @Mojeek thanks for the tip. Perhaps i'll still consider Ratpoison then. i have to decide between ratpoison & sway.

@Mojeek @werwolf i installed #ratpoison and quite liked it. But it looks like i have to ditch it since it doesn't do well with dual displays. The default resolution was lower than the native resolution of my LCD. When I increase it in xorg configs, the two frames overlap and mirror part of the other frame. So I guess i'll have to move to #sway

@werwolf Just read through this. Disappointed to find so much wrong with Brave. Back to Firefox I go!

@charlegmane @werwolf brave is shit but firefox isn't great either.(no browser is)
I like palemoon.
@charlegmane @werwolf note that while it's still relatively modern, there is shit it won't support. Only caused trouble for me once, but be aware.
@charlegmane @werwolf as for addons, palemoon uses a different system than firefox. My understanding is firefox switched from XUL to webextensions while palemoon kept XUL. I'd suggest eMatrix (fork of uMatrix), as well as decentraleyes, maybe an addon to force https.

@Hyolobrika @werwolf I've never been on the Brave is a privacy browser thing, but I'll take a look. I use Brave for the crypto

@BrodieOnLinux @Hyolobrika @werwolf what features does Brave offer, useful to you in this regard, if I may ask?

@werwolf there are some webkit browsers that aren't in bed with Google, epiphany being a pretty decent one.

@werwolf Some claims are far-fetched and you seem to conveniently avoid mentioning that Firefox is made with Google's money (and they happily take it). Firefox has repeatedly injected ads before without asking their users, and included proprietary extensions like Pocket. Let's not pretend Firefox is the privacy champion either, it's all relative.

@boilingsteam the article is about Brave and not about Firefox. I could surely do a similar one with Firefox's issues. But this one was about Brave

@boilingsteam @werwolf Mozilla is definitely a mixed bag of good & evil. Not as repugnant as Brave though. Luckily we can ditch both. Both FF and Chromium have FOSS forks to choose from, & Brave's mods (just the user-favorable ones) are likely incorporated into Ungoogled Chromium.

@werwolf why are you continuing to post this when it’s been so debunked that you had to add a disclaimer at the top admitting that you’re wrong and that you didn’t check your facts?

@mostly_linux I'm not posting it. It's other people who boost it. That's why I added the disclaimer, that way even if it continues to be shared everyone who read it will be warned

@werwolf gotcha. I suspect that given the nature of the fediverse that those people boosting it are in reality marketing agencies for Google, Microsoft, Facebook or Firefox (which is in bed with Google) 😂

Sign in to participate in the conversation
Fosstodon

Fosstodon is an English speaking Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.