What hasn’t been said as explicitly yet: It being Chromium-based means there’s tons of implementation details that are bad, which will not be listed in any such comparison table.
For example, the Battery Status web standard was being abused, so Mozilla removed their implementation: https://www.bleepingcomputer.com/news/software/battery-status-api-being-removed-from-firefox-due-to-privacy-concerns/
Chromium-based browsers continue to be standards-compliant in this regard.And this is still quite a high-level decision. As a software engineer, I can attest that we make tiny design decisions every single day. I’d much rather have those design decisions made under the helm of a non-profit, with privacy as one of their explicit goals, than under an ad corporation.
And Brave shipping that ad corp implementation with just a few superficial patches + privacy-extensions is what us experts call: Lipstick on a pig.
brave owns that domain, I believe. Of course they are going to rate their browser te best
Not exactly, the guy who runs it became a brave employee shortly after starting it. but they claim to continue to run it independently.
They were not rated that well in the beginning. Brave contacted the guy who runs the website and asked about the tests he was running, then patched their browser accordingly until it passed all the tests it does today.
The product isn’t all that bad, but the company behind it have proven they’re not trustworthy many times over.
Their search engine is great… Never used the browser though.
I’ve been trying out the engine for a few weeks now. At first I was impressed, and Goggles are a neat feature. But somehow the more I use it the more I realise how much I am going back to Bing or Google because Brave couldn’t show me even one useful result for a niche error or question. Maybe I’m doing something wrong but even using Reddit or forum Goggles sometimes it will show me only shitty article sites, more than Google does.
I don’t run Brave because Brave runs a crypto scam right in the browser.
I don’t care that you can disable it, I don’t care that it might be the only way they found to make a buck out of free software: anyone who dabbles in crypto is instantly sketchy. And I don’t want to run a piece of software as critical as a browser made by someone who’s not 100% trustworthy.
I don’t care that you can disable it
It’s opt-in.
Mullvad and Signal support crypto
Mullvad accepts crypto as payment; there aren’t many other options for anonymous online payment methods today. What Mullvad aren’t doing us creating and running their own cryptocoin in support of their advertising wing. The two are not equivalent.
Well then maybe don’t call anyone who “dabbles in crypto” sketchy
I didn’t; that was someone else. But you did make the false equivalency.
I’m not anti-crypto myself, incidentally…
And of course, my mistake. Didn’t mean to falsely accuse you.
No problem. All social media apps on mobile have this issue of obscuring the chain. It’s the nature of the beast.
How did I make a false equivalency when the op literally called any project that “dabbles in crypto” a possible scam? That includes Signal as well as Mullvad. Op’s comment does not in any way indicate the use of one’s own currency, simply abolishing all services using crypto.
Don’t you recognise a difference between creating a cryptocurrency to use it to encourage people to watch ads, and allowing people to pay with for a service with an existing cryptocurrency in the cause of anonymity? There’s a fundamental difference, right? If not, then fair enough - them taking exception to Brave but supporting Mullvad is hypocracy in your eyes.
FWIW, I believe no defender of !privacy should be opposed to cryptocurrencies; for better or worse, they’re the only option for online anonymous payments. But I also object to the proliferation of bespoke shitcoins, most of which are truly pyramid schemes in intention amd execution. But it’s a fine line, I’ll admit.
test post
What makes it a “crypto scam” and what makes “dabbling” in crypto inherently “sketchy”?
Come on mate, there’s no way you’d be aware of crypto in an online space like this without being well aware of why most people consider it a scam.
On the contrary, I’d expect people in these spaces to be more capable of separating the signal from the noise with crypto and not default to “crypto bad”.
I wouldn’t really call it a crypto scam if they aren’t demanding or asking you buy it, just giving you free crypto
just giving you free crypto
If being alive for 40-some years has taught my anything, it’s that companies “Just giving you free anything” should raise red flags.
Even if it is benevolently intended, I’d be suspicious and very cautious about using their products.
They give it in return for showing ads
Point still stands.
Everyone has to figure out what they will/will not tolerate for themselves in the internet ecosystem.
I’m mostly just advocating caution.
deleted by creator
Well, I’m fairly certain calling people ‘morons’ and ‘fucking stupid’ isn’t changing anyones minds either.
Quite the contrary. Antagonizing tends to turn people against you.
deleted by creator
That website is run by an employee of Brave, who rates the privacy of browsers based on their default settings (which Brave tends to perform best in). If browsers prompt the user to select their privacy settings on a first run, he scores them based as if the user had selected the worst privacy options.
If he actually spent a few minutes setting up each browser, as is always recommended within the privacy community, that table will look a lot different. But then Brave wouldn’t stand out as much…
almost nobody does that though. And after a certain amount of time even power users are like “yeah. f* it”. So default settings ARE important imo
They are, but when you explicitly have to go through the options you probably won’t select the weaker ones.
He’s launching a self-test tool, for anyone to use. It’s still unfinished (last time I checked), but tweaking some values doesn’t make a huge amount of difference. Where it does, he included a Browsers similar to those settings, pre applied (eg: Librewolf, Mullvad Browser). Plus by that logic you should also test Brave on Aggressive mode, which by default, is set to Standard.
That website is run by an employee of Brave
Like, for real? That’s kinda funny.
So much with anything privacy comes down to trust. Any piece of software’s technical ability to keep you private is of course important but when it comes to a very large (in terms of code and use) piece of software, being able to trust the motivations and intent of the people behind it is also very important.
It’s now reached the point that I personally don’t feel I can trust the person leading the company, or the intent behind the software(s) the company makes.
Brendan Eich is a homophobe and an antivaxxer. It’s hard to trust in the common sense of a man who thinks in these ways.
Brave has been caught inserting affiliate links and ads that track and just recently of selling other people’s data. Any one of these things, taken in isolation is bad enough but this is now a pretty much established pattern of very questionable behaviour.
I also forsee a time when the browser is going to have to make some concessions to it’s Chromium base. I know they’ve said the change from Manifest v2 to 3 won’t affect ad blocking as their Shield won’t be an extension but built in and that they’ll also carry on supporting v2 but the issue goes beyond merely adblocking and they’ve been unclear on exactly how and for how long they’ll support v2. As long as they’re Chromium based browser, they are dependent on Chromium and the whims of Google developers. It’s hard to see a good future for Brave.
The man who is CEO is a shitter who gave us the blessing/curse that is JavaScript
They’re relying on a cryptocurrency for growth
They use Chromium/Blink
Its the same guy who made firefox though?
He is
Chromium, Crypto, Trash UI
That’s just browsers with default settings. Firefox doesn’t have a built in ad block, so it will always perform worse in that test. I guess FF + ublock origin + hardened settings (such as arkenfox) would perform like brave, if not better. For example, if you check android browsers, you see that Mull (a hardened fork of Firefox) performs great, even without ublock (that you can install as extension anyway).
Isn’t that enough (default part). The vast majority of people won’t change defaults.
Yes, I think that’s the point. Most browsers can be hardened, easily or not, but only few have actually good defaults.
Judging by a default browser is also really misleading. Firefox is by far the most private with extensions, no competition.
Removed by mod
This is just plain misinformation. Brave doesn’t replace in-site ads: it removes them. Brave ads are presented in system notifications, not in the sites. Also, you wouldn’t even need mitm attacks to do that anyway. Fucking liar
Librewolf and Mullvad does the same thing Brave does, and doesn’t contribute to Google’s monopoly on the web by using chromium.
The author of the site works for Brave. The results need to be taken with a grain of salt. Is is more private than Chrome? Absolutely. Is it the best browser for privacy? Ehhh…
it is not even true that “privacytests.org rate it as the best”, if you look close enough, librewolf is best rated, which is an amazing browser BTW.
It’s a free country, you can use whatever you like. Respect yourself and your own intuition :)
The current situation (summer 2023) is, you better switch to any browser that is not Chromium-based. The reason is “Web Environment Integrity” (WEI), which seems to mean, basically, Google is trying to DRM-lock the whole Internet to make sure you see their ads and they can track everyone. Freedom-loving users obviously don’t like that.
At the same time Firefox is getting more and more annoying, yet it’s better than Google. A safe bet for a general user might be LibreWolf. Another new option is Mullvad Browser.
Firefox’s answer, at the bottom of the article, smells like pure BS to me. Disabling an extension with something like a full browser-modal pop-up to warn users of the possibility of an untrustworthy Extension? Sure, fine, whatever, and maybe make that warning capable to be disabled by default, but why make the decision for us - silently - that Extensions are not to be trusted? Do we trust the website that asks if we pwetty please should allow the showing of ads, or maybe the malware provider that please should just disable all security Extensions and allow their malicious code to run, if you would be so kind?
I can think of one use for this: to disable malware to substitute clicking on a link to install your Extension of choice with one of their choice instead - although isn’t the Extensions store already treated specially by default anyway?
Otherwise, I don’t favor taking control away from the users. Especially if users cannot disable this new “feature”. There is far too much potential for misuse of this.
Which will fragment the Chrome & Chromium-alternative market further, if people cannot trust Firefox anymore.
Which will slow development of alternatives to Chrome.
Which only benefits Google.
You can absolutely disable this feature, Mozilla provides instructions for how in their article https://support.mozilla.org/en-US/kb/quarantined-domains
Sadly my experience is that when it comes to security measures, user control often runs contrary to security. While we definitely should have the choice, you have to make it a bit difficult and non-obvious to disable security features, or people will unwittingly disable them for all sorts of bad reasons.
Thank you for the link. I understand somewhat what you mean about security, but also I get the other side too - security for who, and for what purpose? Google seems to have decided that it wants security to deliver ads to your browser, and also to track you everywhere you go (while offering no paid options to surf the internet without ads or tracking afaik?). This may fall under the umbrella of “security”, but not for the sake of the users, whose traffic is being monetized, and the only option is to go over to some other browser like Firefox, which now, conveniently for Google, seems to be doing the same? Or at least could, if anyone could spoof the service and pretending to be Firefox, ask for security adons to be disabled? Maybe I’m simply too jaded to easily trust anymore:-P.
It’s almost like firefox get almost all their funding from google.
It’s not like Google would ever take over anything - like let’s say oh I dunno, Android - and kill it from the inside. Remember how it said that its motto is don’t be evil? Oh wait…
Brave will not support WEI
While I don’t completely understand the use cases for Mozilla’s add-on domain blocklist, I also don’t see any reason to assume malicious intent. Malicious add-ons are a very real and serious threat and it’s obvious that Mozilla need a way to quickly and remotely protect users. Doing so on a domain level is much less impactful than completely shutting down an add-on.
Since it is obvious to the user if this is triggered, and the user has the option of disabling it per add-on or completely, what’s the real problem?
(That said I think it’s great that people are being skeptical even of Mozilla)
Edit: Sorry I misunderstood how this is displayed, it is not as obvious as I thought. Hopefully this will be improved. Though doing so might come with the drawback of making unwitting users more likely to disable the protection.
The current use cases are for Brazilian banking sites. Although free (libre) software users don’t like to be remotely monitored their browsing real-time, the technology itself can be helpful if used right.
The context is, even though Firefox is getting more and more annoying with telemetry, phoning home, etc. (imho the last good version was v52 ESR), it is still much better than Google. So use Firefox, if you don’t like other options.
Mozilla is financially supported by Google, and perhaps they can’t continue their projects without Google, so it’s kind of inevitable that sometimes they have to support that giant. Nevertheless, they still try not to be evil, explicitly against WEI.
Please do support Firefox and/or its forks (LibreWolf, Tor Browser, …). Stop cooperating with Google. They can do evil things because of their monopoly power. We can make Google less powerful, if we refuse to use their products, if we escape from their privacy-invading services.
That’s interesting. The first site on the list is the self-service login page for Banco do Brasil. Doing a little bit of digging suggests that attacking the users local environment to steal money via self-service is a widespread problem in Brazil. That would explain the need to block all add-ons that are not known safe for a page like this so they can’t swap that login QR-code. Here’s an (old) article detailing some of these types of attacks https://securelist.com/attacks-against-boletos/66591/
I wish Mozilla would be more transparent about this, but I speculate that they might be provided these domains under NDA from the Brazilian CERT or police.
TBH I think malicious add-ons are the new frontier of cybercrime. Most classic attacks methods are well mitigated these days, but browser add-ons are unaffected by pretty much all protections and all the sensitive business happens in the browser anyway.
remotely monitored their browsing real-time
it’s kind of inevitable that sometimes they have to support that giant
What more specifically are you talking about here? The functionality we are talking about can not be used for remote monitoring. Are you saying Mozilla added this feature under duress from Google?
Thanks for taking time to dig deeper and share the results. It’s ironic if big search engines are practically assisting those scams.
The main thing behind my previous comment is the SREN bill and Mozilla’s blog post about it.
I hope I am wrong, but I feel that Mozilla, while being against browser-side censorship, is strongly supporting Google-side restrictions. The situation becomes clearer if you actually read SREN, Art. 6, which is based on the premise that browser providers can and will monitor each user’s activity (my post about this on Lemmy). Conceptually similar to WEI.
The technology that restricts what a user can do can be useful, if unquestionably bad things are blocked. The fundamental problem is, in order for this to work, someone has to decide what is “bad” for you, and has to monitor your activities directly or indirectly so that you may not visit “bad” websites. Protecting users from malware may be important, but I don’t want forceful “protection” by for-profit big tech companies, especially when their OSes/services are not really privacy-respecting, if not themselves spyware. While “protection” might not involve real-time monitoring or anything privacy-invasive, the current situation feels preposterous. We should be free to customize programs, free to block what we don’t need; it’s not like they have freedom to block us from accessing info, to force us to use/view what they want us to.
But that post is Mozilla clearly speaking out against SREN because they do not want to be compelled to block certain sites.
Are you then talking about Google Safe Browsing? Which is enabled by default in Firefox, but which does not “monitor your activities”. It compares the site you are about to visit to a downloaded list of known bad ones and warns you if it’s on the list. Hardly an Orwellian nightmare. Just turn it off or ignore the warning if you do not want it. I keep it on because I’ve never seen a false positive on that list and I understand that even I’m vulnerable to attack.
We should be free to customize programs, free to block what we don’t need
And you are. If you don’t want to use safe browsing, turn it off, is right there in the menu. They have given you a default that’s best for most people and the option to customize.
Further, since it’s free software there’s really no limit to your power to customize or get rid of what you don’t need. (I understand that this is not possible for most people, but that’s why you have the menu options, this is just a final line of defense.)
It’s a few months yet till summer, although it will be a hot one by all indications, it’s warm enough now.
Sorry, fixed that North hemisphere-centric expression. Next time I’ll be more careful. Thanks for pointing that out.
