• Knusper@feddit.de
    link
    fedilink
    arrow-up
    260
    ·
    1 year ago

    What hasn’t been said as explicitly yet: It being Chromium-based means there’s tons of implementation details that are bad, which will not be listed in any such comparison table.

    For example, the Battery Status web standard was being abused, so Mozilla removed their implementation: https://www.bleepingcomputer.com/news/software/battery-status-api-being-removed-from-firefox-due-to-privacy-concerns/
    Chromium-based browsers continue to be standards-compliant in this regard.

    And this is still quite a high-level decision. As a software engineer, I can attest that we make tiny design decisions every single day. I’d much rather have those design decisions made under the helm of a non-profit, with privacy as one of their explicit goals, than under an ad corporation.

    And Brave shipping that ad corp implementation with just a few superficial patches + privacy-extensions is what us experts call: Lipstick on a pig.

  • Voytrekk@lemmy.world
    link
    fedilink
    English
    arrow-up
    202
    ·
    1 year ago

    Looking into privacytests.org, the main developer behind it is someone who contributes to Brave source code. He may not be officially affiliated with the company, but it would be hard to ignore any sort of bias towards Brave.

    • Otter@lemmy.ca
      link
      fedilink
      English
      arrow-up
      52
      ·
      edit-2
      1 year ago

      I’ve been seeing a lot of techy “privacy” blog posts, even here on Lemmy. It’s a little annoying when they muddy up the waters like this. People new to privacy will come across them and head off in the wrong direction.

      We need more comments calling them out and linking to proper resources. The site linked in this post even has a confusingly similar name to the actual recommended resource:

      https://www.privacyguides.org/en/desktop-browsers/

      (And a quick sidenote: privacyguides is the same team from privacytools. There was a name change after the original owner for the domain came back and fought over the project. PrivacyTools is now a paid advertising site, and it is NOT recommended. https://www.privacyguides.org/en/about/privacytools/ )

      Edit: while I’m at it, here’s the official community on Lemmy

      • TWeaK@lemm.ee
        link
        fedilink
        English
        arrow-up
        13
        ·
        1 year ago

        Even Privacy Guides has its own set of controversy, where basically one group completely took over the community from its founder (who themselves wasn’t squeaky clean, either).

        • Otter@lemmy.ca
          link
          fedilink
          English
          arrow-up
          8
          ·
          edit-2
          1 year ago

          Isn’t that the same controversy, just worded in favor of privacytools?

          I’m trying to judge based on what I’ve read from each party, and I’m still leaning towards the privacyguides account of what went down

          The recommendations are probably the biggest factor for me. See the VPN pages on each site

          • TWeaK@lemm.ee
            link
            fedilink
            English
            arrow-up
            2
            ·
            1 year ago

            Tbh I don’t really care enough either way. But I would lean a little more towards privacyguide’s account of things, while I still don’t fully trust their judgement either. I can’t remember why now but there was something they were very fanboy-like over which I disagreed with, and since then I haven’t been following their advice, let alone their drama.

          • Otter@lemmy.ca
            link
            fedilink
            English
            arrow-up
            2
            ·
            1 year ago

            The article on privacyguides I linked above touches on some of this as well. I haven’t read through this one, but seems like the less verifiable one in a “x said y said” situation?

      • TWeaK@lemm.ee
        link
        fedilink
        English
        arrow-up
        28
        ·
        1 year ago

        The project technically being independent does not mean it isn’t biased towards one browser.

            • Platform27@lemmy.ml
              link
              fedilink
              English
              arrow-up
              2
              ·
              1 year ago

              You can but:

              1. There is no clear indication of bias, from PrivacyTests, just accusations.
              2. If the tools and tests ARE open source (which they are), they can be checked for bias/cheating. Someone could also expand (fork) upon them to give more of a rounded opinion.
              • bloodfart@lemmy.ml
                link
                fedilink
                arrow-up
                1
                ·
                1 year ago

                A better defense against accusations of bias is a group or persons transparency.

                Simply having an open source methodology and code base isn’t transparency either, since it takes a much, much deeper and more developed skill set to audit both software source code and testing methodology than it takes to raise an eyebrow at sus circumstances.

  • ExtremeDullard@lemmy.sdf.org
    link
    fedilink
    arrow-up
    125
    ·
    1 year ago

    I don’t run Brave because Brave runs a crypto scam right in the browser.

    I don’t care that you can disable it, I don’t care that it might be the only way they found to make a buck out of free software: anyone who dabbles in crypto is instantly sketchy. And I don’t want to run a piece of software as critical as a browser made by someone who’s not 100% trustworthy.

    • null@slrpnk.net
      link
      fedilink
      arrow-up
      12
      ·
      1 year ago

      What makes it a “crypto scam” and what makes “dabbling” in crypto inherently “sketchy”?

      • CoderKat@lemm.ee
        link
        fedilink
        English
        arrow-up
        25
        ·
        1 year ago

        Come on mate, there’s no way you’d be aware of crypto in an online space like this without being well aware of why most people consider it a scam.

        • null@slrpnk.net
          link
          fedilink
          arrow-up
          13
          ·
          1 year ago

          On the contrary, I’d expect people in these spaces to be more capable of separating the signal from the noise with crypto and not default to “crypto bad”.

          • cxx@lemmy.world
            link
            fedilink
            arrow-up
            16
            ·
            1 year ago

            Crypto is bad though. If you can’t see it, you’re either one of the scammed or one of the scammers (in which case you can see it but pretend you don’t).

              • t8d@lemmy.ml
                link
                fedilink
                arrow-up
                6
                ·
                1 year ago

                Honestly I agree, quite sad to see such hostility to a relatively harmless technology, although Brave’s implementation is a bit meh. I like the idea as a concept, to have websites and content creators to have a source of income without compromising privacy, but using BAT as the median currency kinda sucks. I’d have much rather Brave have chosen a more mainline currency. Thankfully by default, it isn’t even used, only icons/new-tab-page are there to activate/use it… having it be an opt-out solution would have soured me more. Default is essentially advertising its use, the ‘disabling’ is just hiding the references, which I do ofc.

                That said, I don’t care enough about this to take action. I still use it as my secondary for Firefox. I do actually use the brave search though, even on Firefox, as it seems to be better than DDG these days. Also not based/reliant on Bing.

            • Saki@monero.town
              link
              fedilink
              English
              arrow-up
              3
              ·
              1 year ago

              Money is bad—it is used for a lot of bad things like trading drugs or hiring killers…? Money is the root cause of mugging, scams, exploitation, killing, corruption…?

              Money is good—it can be used to help people…?

              Perhaps money is not good nor bad; a person who uses it may be ethical or unethical. Please do not confuse pure mathematics or technology (such as public key cryptography) with its users/abusers.

    • Stumblinbear@pawb.social
      link
      fedilink
      arrow-up
      11
      ·
      1 year ago

      I wouldn’t really call it a crypto scam if they aren’t demanding or asking you buy it, just giving you free crypto

      • Feydaikin@beehaw.org
        link
        fedilink
        arrow-up
        22
        ·
        edit-2
        1 year ago

        just giving you free crypto

        If being alive for 40-some years has taught my anything, it’s that companies “Just giving you free anything” should raise red flags.

        Even if it is benevolently intended, I’d be suspicious and very cautious about using their products.

      • Mullvad accepts crypto as payment; there aren’t many other options for anonymous online payment methods today. What Mullvad aren’t doing us creating and running their own cryptocoin in support of their advertising wing. The two are not equivalent.

            • Devjavu@lemmy.dbzer0.com
              link
              fedilink
              arrow-up
              2
              ·
              1 year ago

              How did I make a false equivalency when the op literally called any project that “dabbles in crypto” a possible scam? That includes Signal as well as Mullvad. Op’s comment does not in any way indicate the use of one’s own currency, simply abolishing all services using crypto.

              • Don’t you recognise a difference between creating a cryptocurrency to use it to encourage people to watch ads, and allowing people to pay with for a service with an existing cryptocurrency in the cause of anonymity? There’s a fundamental difference, right? If not, then fair enough - them taking exception to Brave but supporting Mullvad is hypocracy in your eyes.

                FWIW, I believe no defender of !privacy should be opposed to cryptocurrencies; for better or worse, they’re the only option for online anonymous payments. But I also object to the proliferation of bespoke shitcoins, most of which are truly pyramid schemes in intention amd execution. But it’s a fine line, I’ll admit.

                • Devjavu@lemmy.dbzer0.com
                  link
                  fedilink
                  arrow-up
                  1
                  ·
                  1 year ago

                  Of course I recognize the idfference. And I hate brave for somewhat abusing their users like they do. Still, that is not what op said. I won’t repeat it again, but that fundamental difference you are speaking of was not highlighted by them. Possibly leading other people to believe that cryptocurrency is bad to use as a whole, which as yourself has said is not right if one repsects privacy.

  • TWeaK@lemm.ee
    link
    fedilink
    English
    arrow-up
    113
    ·
    1 year ago

    The product isn’t all that bad, but the company behind it have proven they’re not trustworthy many times over.

    • auth@lemmy.ml
      link
      fedilink
      arrow-up
      9
      ·
      edit-2
      1 year ago

      Their search engine is great… Never used the browser though.

      • IronKrill@lemmy.ca
        link
        fedilink
        arrow-up
        2
        ·
        1 year ago

        I’ve been trying out the engine for a few weeks now. At first I was impressed, and Goggles are a neat feature. But somehow the more I use it the more I realise how much I am going back to Bing or Google because Brave couldn’t show me even one useful result for a niche error or question. Maybe I’m doing something wrong but even using Reddit or forum Goggles sometimes it will show me only shitty article sites, more than Google does.

  • Ilandar@aussie.zone
    link
    fedilink
    arrow-up
    90
    ·
    1 year ago

    That website is run by an employee of Brave, who rates the privacy of browsers based on their default settings (which Brave tends to perform best in). If browsers prompt the user to select their privacy settings on a first run, he scores them based as if the user had selected the worst privacy options.

    If he actually spent a few minutes setting up each browser, as is always recommended within the privacy community, that table will look a lot different. But then Brave wouldn’t stand out as much…

    • hruzgar@feddit.de
      link
      fedilink
      arrow-up
      12
      ·
      1 year ago

      almost nobody does that though. And after a certain amount of time even power users are like “yeah. f* it”. So default settings ARE important imo

      • TWeaK@lemm.ee
        link
        fedilink
        English
        arrow-up
        11
        ·
        1 year ago

        They are, but when you explicitly have to go through the options you probably won’t select the weaker ones.

    • Platform27@lemmy.ml
      link
      fedilink
      English
      arrow-up
      4
      ·
      1 year ago

      He’s launching a self-test tool, for anyone to use. It’s still unfinished (last time I checked), but tweaking some values doesn’t make a huge amount of difference. Where it does, he included a Browsers similar to those settings, pre applied (eg: Librewolf, Mullvad Browser). Plus by that logic you should also test Brave on Aggressive mode, which by default, is set to Standard.

  • Linus_Torvalds@lemmy.world
    link
    fedilink
    arrow-up
    80
    ·
    edit-2
    1 year ago

    For further explanation of any point, please hit me up :)

    • It is Chromium based
    • It has used dubious methods in the past (replacing links with affiliate links, the whole ad/crypto thing, …)
    • Brave’s business model relies on ads (I think)
    • [This is a weak point, but at least in the privacy community, Brave isn’t super popular. It feels more geared towards the “hyped crypto early adopters”. [1] It might be “fine” for someone switching from Chrome (which is always a good thing) but going all the way would be a modded Firefox.]

    TL;DR For most provacy concious Brave users, Brave is a step in their journey towards more privacy, and not the final destination.

    [1] The “dumb AF tech youtubers” you mentioned in another post are typically the Brave hype crowd. This is not meant to discredit Brave; it’s just that a share of their users are this way.

    • ᗪᗩᗰᑎ@lemmy.ml
      link
      fedilink
      arrow-up
      44
      ·
      1 year ago

      All good points but I’d like to point out that the first one is likely the biggest reason not to use it - it’s based on Chromium and continues to give Google/Chrome the browser market share to dictate the direction of the web.

    • Ado@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      I’ve been using Firefox for years, and recently switched over to Brave because it was able to provide a unique fingerprint result on EFF’s fingerprint tool. Even if I used the same plugins, Firefox had a unique fingerprint.

      I ignore all the silly crypto and ad bs. Why should I use FF over Brave

      • Martin Moran :coffeev:@mstdn.ca
        link
        fedilink
        arrow-up
        3
        ·
        1 year ago

        @Ado @Linus_Torvalds The main reason I prefer FF is diversity of engine. Brave is based on Chromium, as are basically all other browsers but Safari. FF still uses their own rendering engine, and provides superb privacy as well. Given that @leo is also a proponent, I feel comfortable with #firefox.

        If I were to switch browsers, though, it would be to #bravebrowser.

      • Linus_Torvalds@lemmy.world
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        FIngerprinting is not super easy. E.g. you might have a ‘unique’ fingerprint with FF but if it changes every time, than I would consider it actually a privacy feature. Did you have the same addons installed on BRave and FF while testing (as Addons play a part in Fingerprinting)? And finally: A lot of fingerprinting techniques can be blocked before they even start (no JS, …). I feel like your opinion is rather one-sided.

        As to why FF> Brave: Basically the Chromium argument. Diverse engines are better for the health of the web.

        • Ado@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          My comment says I had the same plugins.

          My comment says I used Firefox for years and now am trying brave. It cannot be less one sided.

          Are you suggesting my Firefox fingerprint changes every time? Where is the info on that?

  • Leraje@lemmy.blahaj.zone
    link
    fedilink
    English
    arrow-up
    63
    ·
    1 year ago

    So much with anything privacy comes down to trust. Any piece of software’s technical ability to keep you private is of course important but when it comes to a very large (in terms of code and use) piece of software, being able to trust the motivations and intent of the people behind it is also very important.

    It’s now reached the point that I personally don’t feel I can trust the person leading the company, or the intent behind the software(s) the company makes.

    Brendan Eich is a homophobe and an antivaxxer. It’s hard to trust in the common sense of a man who thinks in these ways.

    Brave has been caught inserting affiliate links and ads that track and just recently of selling other people’s data. Any one of these things, taken in isolation is bad enough but this is now a pretty much established pattern of very questionable behaviour.

    I also forsee a time when the browser is going to have to make some concessions to it’s Chromium base. I know they’ve said the change from Manifest v2 to 3 won’t affect ad blocking as their Shield won’t be an extension but built in and that they’ll also carry on supporting v2 but the issue goes beyond merely adblocking and they’ve been unclear on exactly how and for how long they’ll support v2. As long as they’re Chromium based browser, they are dependent on Chromium and the whims of Google developers. It’s hard to see a good future for Brave.

  • kingthrillgore@lemmy.ml
    link
    fedilink
    arrow-up
    62
    ·
    edit-2
    1 year ago

    The man who is CEO is a shitter who gave us the blessing/curse that is JavaScript

    They’re relying on a cryptocurrency for growth

    They use Chromium/Blink

  • Spudwart@lemmy.world
    link
    fedilink
    English
    arrow-up
    60
    ·
    1 year ago

    Brave as a browser is fine for now.

    But they’re crypto bros with concerning views and it’s just yet another chromium browser.

    We really have an issue with the monoculture of web browsers.

    • Linus_Torvalds@lemmy.world
      link
      fedilink
      arrow-up
      6
      ·
      edit-2
      1 year ago

      Damn, it really is a monoculture! I knew about this problem for years, but this is the first time, I had someone call it out as ‘monoculture’. This is amazing, I’m stealing it!

  • benpo@lemmy.ml
    link
    fedilink
    arrow-up
    47
    ·
    1 year ago

    That’s just browsers with default settings. Firefox doesn’t have a built in ad block, so it will always perform worse in that test. I guess FF + ublock origin + hardened settings (such as arkenfox) would perform like brave, if not better. For example, if you check android browsers, you see that Mull (a hardened fork of Firefox) performs great, even without ublock (that you can install as extension anyway).

      • benpo@lemmy.ml
        link
        fedilink
        arrow-up
        2
        ·
        edit-2
        1 year ago

        Yes, I think that’s the point. Most browsers can be hardened, easily or not, but only few have actually good defaults.

  • 👁️👄👁️@lemm.ee
    link
    fedilink
    English
    arrow-up
    44
    ·
    1 year ago

    Judging by a default browser is also really misleading. Firefox is by far the most private with extensions, no competition.

      • Tenkard@lemmy.ml
        link
        fedilink
        arrow-up
        21
        ·
        1 year ago

        This is just my personal list

        • Ublock origin in advanced mode to block js like matrix did (or in basic mode on mobile/if you don’t want to waste time fixing broke websites)
        • Decentraleyes to avoid loading libraries
        • Cookies autodelete to you guess it
        • Consent O Matic to auto consent gdpr banners
        • Link cleaner to clean copied urls from tracking queries
        • Redirector to redirect famous websites to their alternative front-ends (YouTube to piped etc)
      • 👁️👄👁️@lemm.ee
        link
        fedilink
        English
        arrow-up
        11
        ·
        1 year ago

        I go pretty hard core while making sure it “just works”. People will mention LibreWolf, but the fingerprint resistance causes too much breakage for me. I install uBlock Origin no matter what, enable every single filter except the language lists. I install Dark Reader and set it to a timed schedule which is comfy for me.

        Then I install NoScript then enable “Temporary set top level sites to trusted” and enable media under the trusted tab. This fixed majority of the breakage, but you sometimes need to tweak it. You can just not use NoScript if it’s too much of a hassle, uBlock Origin does basically everything you need anyways.

        Also of course if you’re using stock Firefox, make sure to turn off analytics and telemetry in the settings, go to about:config and set pocket.enabled (or something like that, idr) to false. Then I set my default search to duckduckgo.

      • Floey@lemm.ee
        link
        fedilink
        arrow-up
        3
        ·
        1 year ago

        uBlock and the right Firefox settings is good enough in my opinion, you can go really crazy with just those two things but you’ll also break a lot of sites, I found a middle ground that I like.

    • Mubelotix@jlai.lu
      link
      fedilink
      arrow-up
      3
      ·
      1 year ago

      This is just plain misinformation. Brave doesn’t replace in-site ads: it removes them. Brave ads are presented in system notifications, not in the sites. Also, you wouldn’t even need mitm attacks to do that anyway. Fucking liar