8
kiki
270d

Brave Browser.

There’s a reason why brave is generally advised against on privacy subreddits, and even brave wanted it to be removed from privacytools.io to hide negativity.

Brave rewards: There’s many reasons why this is terrible for privacy, a lot dont care since it can be “disabled“ but in reality it isn’t actually disabled:

Despite explicitly opting out of telemetry, every few secs a request to: “variations.brave.com”, “laptop-updates.brave.com” which despite its name isn’t just for updates and fetches affiliates for brave rewards, with pings such as grammarly, softonic, uphold e.g. Despite again explicitly opting out of brave rewards. There’s also “static1.brave.com”

If you’re on Linux curl the static1 link. curl --head
static1.brave.com,
if you want proof of even further telemetry: it lists cloudfare and google, two unnecessary domains, but most importantly telemetry domains.

But say you were to enable it, which most brave users do since it’s the marketing scheme of the browser, it uses uphold:

“To verify your identity, we collect your name, address, phone, email, and other similar information. We may also require you to provide additional Personal Data for verification purposes, including your date of birth, taxpayer or government identification number, or a copy of your government-issued identification
Uphold uses Veriff to verify your identity by determining whether a selfie you take matches the photo in your government-issued identification. Veriff’s facial recognition technology collects information from your photos that may include biometric data, and when you provide your selfie, you will be asked to agree that Veriff may process biometric data and other data (including special categories of data) from the photos you submit and share it with Uphold. Automated processes may be used to make a verification decision.”

Oh sweet telemetry, now I can get rich, by earning a single pound every 2 months, with brave taking a 30 percent cut of all profits, all whilst selling my own data, what a deal.

In addition this request: “brave-core-ext.s3.brave.com” seems to either be some sort of shilling or suspicious behaviour since it fetches 5 extensions and installs them. For all we know this could be a backdoor.

Previously in their privacy policy they shilled for Facebook, they shared data with Facebook, and afterwards they whitelisted Facebook, Twitter, and large company trackers for money in their adblock: Source. Which is quite ironic, since the whole purpose of its adblock is to block.. tracking.

I’d consider the final grain of salt to be its crappy tor implementation imo. Who makes tor but doesn’t change the dns? source It was literally snake oil, all traffic was leaked to your isp, but you were using “tor”. They only realised after backlash as well, which shows how inexperienced some staff were. If they don’t understand something, why implement it as a feature? It causes more harm than good. In fact they still haven’t fixed the extremely unique fingerprint.

There’s many other reasons why a lot of people dislike brave that arent strictly telemetry related. It injecting its own referral links when users purchased cryptocurrency source. Brave promoting what I’d consider a scam on its sponsored backgrounds: etoro where 62% of users lose all their crypto potentially leading to bankruptcy, hence why brave is paid 200 dollars per sign up, because sweet profit. Not only that but it was accused of theft on its bat platform source, but I can’t fully verify this.

In fact there was a fork of brave (without telemetry) a while back, called braver but it was given countless lawsuits by brave, forced to rename, and eventually they gave up out of plain fear. It’s a shame really since open source was designed to encourage the community to participate, not a marketing feature.

Tl;dr: Brave‘s taken the fake privacy approach similar to a lot of other companies (e.g edge), use “privacy“ for marketing but in reality providing a hypocritical service which “blocks tracking” but instead tracks you.

Comments
  • 1
  • 5
    As a brave user i have to say, i didn't know that and that is terrifying. I will look for alternatives immediately.

    Any suggestions?
  • 2
    if anyone actually cares about privacy, like REALLY cares about it, they'd just DL Mozilla source, make any changes they think they need, build it from source and use + URL blacklists on the OS level
    Brave is ok for the privacy a pleb needs, which roughly translates to "less ads, less trackers"
  • 3
    @thebiochemic Firefox! It’s resistFingerprinting spoofing feature is the best in class. Also, Firefox is the best A-list browser period, because Safari is a Mac exclusive + no freedom in extensions, and chrome with their new manifest will kill Adblockers.
  • 0
    Last time I tried mobile Firefox, it couldn‘t block YouTube ads as Brave does.
  • 0
    Also, read some other comments on that reddit post.
    There are claims that most of this post is not correct.

    I admit, I don‘t have the patience to go into that rabbit hole and check it myself but I also don‘t automatically accept everything as true.
  • 5
    @Lensflare i checked with Portmaster a few hours ago. Even if you have everything disabled, brave sends requests to static.ads.brave and geo.ads.brave amongst some other, that i dont find particularly suspicious like the updater.
    I just blocked them for now.
  • 1
    @Lensflare firefox on android has ublock origin, ublock origin blocks everything you can think of
  • 0
    @j0n4s I don‘t have android :)
  • 1
    @Lensflare ah sorry
  • 0
    This post has been cross posted on a lot of forums/subreddits already. I would recommend reading the response from brave regarding the points brought up and then make your own decision on whom you believe.
    https://reddit.com/r/brave_browser/...
    (this was the response on the brave subreddit where the poster deleted his own post later)
    If you don't want to believe anyone than you can read the the source code and check the requests made yourself. Please feel free to report back on your findings I am really interested in any results you may have.
  • 1
    @TheSilent I read that a long time ago. Dancing around obvious issues, touching on what can be easily disproven while ignoring the elephant in the room, with self-promotion on top. Brave DID to that crypto tokens thing. Brave DID offer advertisers to buy their ads back and get paid in crypto. Brave DID offer them an advanced analytics tool, as in Basic Attention Tokens. That’s all I needed to know to not touch brave with a ten-meter pole.
  • 0
    @kiki I don't know. I think it's difficult to pick a browser nowadays, especially if you are concerned with what it did do in the past. Firefox had the pocket debacle and stored (might have to check if it is still that way) a unique user identification string in the settings (pocket_id/impressionId). Brave did some things that people called shady. Chrome and edge attempt to associate your browser with an account as soon as possible. Vivaldi isn't fully open source. The list goes on. There is not perfect browser in my opinion.
  • 1
    @TheSilent issues of other browsers do not legitimize shady things brave did. Also, Firefox is the easiest browser to modify to be completely private. Just tweak some settings and call it a day.
  • 1
    @kiki What makes you believe I am defending brave? The point I wanted to make is that when it comes to deciding which browser to use, it is a lot about whom you trust or not, which in turn is based on your personal experience or the small bits of drama your heard about/stumbled over on the internet.
    I don't think I can wholeheartedly recommend any browser currently on the market because neither did I study the source code nor am I a security researcher specialized in browsers.
    I am a proponed of hearing both sides of the argument and forming your own opinion.
Add Comment