• Knusper@feddit.de
    link
    fedilink
    arrow-up
    3
    ·
    1 year ago

    What hasn’t been said as explicitly yet: It being Chromium-based means there’s tons of implementation details that are bad, which will not be listed in any such comparison table.

    For example, the Battery Status web standard was being abused, so Mozilla removed their implementation: https://www.bleepingcomputer.com/news/software/battery-status-api-being-removed-from-firefox-due-to-privacy-concerns/
    Chromium-based browsers continue to be standards-compliant in this regard.

    And this is still quite a high-level decision. As a software engineer, I can attest that we make tiny design decisions every single day. I’d much rather have those design decisions made under the helm of a non-profit, with privacy as one of their explicit goals, than under an ad corporation.

    And Brave shipping that ad corp implementation with just a few superficial patches + privacy-extensions is what us experts call: Lipstick on a pig.

  • kingthrillgore@lemmy.ml
    link
    fedilink
    arrow-up
    2
    ·
    edit-2
    1 year ago

    The man who is CEO is a shitter who gave us the blessing/curse that is JavaScript

    They’re relying on a cryptocurrency for growth

    They use Chromium/Blink

  • danhab99@programming.dev
    link
    fedilink
    arrow-up
    2
    ·
    1 year ago

    Unless someone wants to disagree with me

    All the code is opensource and no one has ever raised a privacy alarm in a merged pull request. There’s nothing to fear

  • Thom Gray@lemmy.dbzer0.com
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    I use Brave as recommendation for my friends still using Chrome, since I tell them it’s built on the same code. Most of them are so scared to leave Google’s toxic ecosystem that they think just installing LibreWolf will get them on a gov watchlist, hell they’re probably right. 🫢

  • ExtremeDullard@lemmy.sdf.org
    link
    fedilink
    arrow-up
    2
    arrow-down
    1
    ·
    1 year ago

    I don’t run Brave because Brave runs a crypto scam right in the browser.

    I don’t care that you can disable it, I don’t care that it might be the only way they found to make a buck out of free software: anyone who dabbles in crypto is instantly sketchy. And I don’t want to run a piece of software as critical as a browser made by someone who’s not 100% trustworthy.

    • null@slrpnk.net
      link
      fedilink
      arrow-up
      0
      ·
      1 year ago

      What makes it a “crypto scam” and what makes “dabbling” in crypto inherently “sketchy”?

      • CoderKat@lemm.ee
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        Come on mate, there’s no way you’d be aware of crypto in an online space like this without being well aware of why most people consider it a scam.

        • null@slrpnk.net
          link
          fedilink
          arrow-up
          1
          ·
          1 year ago

          On the contrary, I’d expect people in these spaces to be more capable of separating the signal from the noise with crypto and not default to “crypto bad”.

    • Stumblinbear@pawb.social
      link
      fedilink
      arrow-up
      0
      ·
      1 year ago

      I wouldn’t really call it a crypto scam if they aren’t demanding or asking you buy it, just giving you free crypto

      • Feydaikin@beehaw.org
        link
        fedilink
        arrow-up
        2
        ·
        edit-2
        1 year ago

        just giving you free crypto

        If being alive for 40-some years has taught my anything, it’s that companies “Just giving you free anything” should raise red flags.

        Even if it is benevolently intended, I’d be suspicious and very cautious about using their products.

      • Mullvad accepts crypto as payment; there aren’t many other options for anonymous online payment methods today. What Mullvad aren’t doing us creating and running their own cryptocoin in support of their advertising wing. The two are not equivalent.

            • Devjavu@lemmy.dbzer0.com
              link
              fedilink
              arrow-up
              0
              ·
              1 year ago

              How did I make a false equivalency when the op literally called any project that “dabbles in crypto” a possible scam? That includes Signal as well as Mullvad. Op’s comment does not in any way indicate the use of one’s own currency, simply abolishing all services using crypto.

              • Don’t you recognise a difference between creating a cryptocurrency to use it to encourage people to watch ads, and allowing people to pay with for a service with an existing cryptocurrency in the cause of anonymity? There’s a fundamental difference, right? If not, then fair enough - them taking exception to Brave but supporting Mullvad is hypocracy in your eyes.

                FWIW, I believe no defender of !privacy should be opposed to cryptocurrencies; for better or worse, they’re the only option for online anonymous payments. But I also object to the proliferation of bespoke shitcoins, most of which are truly pyramid schemes in intention amd execution. But it’s a fine line, I’ll admit.

  • 👁️👄👁️@lemm.ee
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    Judging by a default browser is also really misleading. Firefox is by far the most private with extensions, no competition.

  • satanmat@lemmy.world
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    From the JDLR dept… notice how brave is listed first, and passes every test (except a very few)

    This report just looks biased. Even if it is totally legitimate, and many users have pointed out how it isn’t , it looks biased.

    It looks like every sales pitch for a product where they list everything their product does and how it’s better than the other things.

    I vote librewolf

  • Fubarberry@sopuli.xyz
    link
    fedilink
    English
    arrow-up
    0
    ·
    edit-2
    1 year ago

    People don’t like the creator of Brave because he’s supposedly anti-trans. He donated to some anti-trans political group iirc.

    The browser also has some crypto stuff (web advertisment replacement, block chain based decentralized browser sync), and a lot of people hate crypto these days.

    Personally I think it’s a good browser, the web needs advertising revenue to function and it’s solution to replacing web ads with optional browser ads that still pay the websites you visit seems like a decent solution. I respect the push to use a non-chromium browser, but personally I rely too much on browser tab groups to use anything Firefox based.

  • nxn@lemm.ee
    link
    fedilink
    English
    arrow-up
    0
    ·
    1 year ago

    Follow up question.  I’ve been using ff since probably 20 years or so but for some sites (usually work related) that demands chromium based browser I use brave since I don’t know what the “least bad” chromium browser is. Any insights?

  • Saki@monero.town
    link
    fedilink
    English
    arrow-up
    0
    ·
    edit-2
    1 year ago

    It’s a free country, you can use whatever you like. Respect yourself and your own intuition :)

    The current situation (summer July–Sept 2023) is, you better switch to any browser that is not Chromium-based. The reason is “Web Environment Integrity” (WEI), which seems to mean, basically, Google is trying to DRM-lock the whole Internet to make sure you see their ads and they can track everyone. Freedom-loving users obviously don’t like that.

    At the same time Firefox is getting more and more annoying, yet it’s better than Google. A safe bet for a general user might be LibreWolf. Another new option is Mullvad Browser.

    • kattfisk@lemmy.dbzer0.com
      link
      fedilink
      arrow-up
      0
      ·
      edit-2
      1 year ago

      While I don’t completely understand the use cases for Mozilla’s add-on domain blocklist, I also don’t see any reason to assume malicious intent. Malicious add-ons are a very real and serious threat and it’s obvious that Mozilla need a way to quickly and remotely protect users. Doing so on a domain level is much less impactful than completely shutting down an add-on.

      Since it is obvious to the user if this is triggered, and the user has the option of disabling it per add-on or completely, what’s the real problem?

      (That said I think it’s great that people are being skeptical even of Mozilla)

      Edit: Sorry I misunderstood how this is displayed, it is not as obvious as I thought. Hopefully this will be improved. Though doing so might come with the drawback of making unwitting users more likely to disable the protection.

      • Saki@monero.town
        link
        fedilink
        English
        arrow-up
        0
        ·
        edit-2
        1 year ago

        The current use cases are for Brazilian banking sites. Although free (libre) software users don’t like to be remotely monitored their browsing real-time, the technology itself can be helpful if used right.

        The context is, even though Firefox is getting more and more annoying with telemetry, phoning home, etc. (imho the last good version was v52 ESR), it is still much better than Google. So use Firefox, if you don’t like other options.

        Mozilla is financially supported by Google, and perhaps they can’t continue their projects without Google, so it’s kind of inevitable that sometimes they have to support that giant. Nevertheless, they still try not to be evil, explicitly against WEI.

        Please do support Firefox and/or its forks (LibreWolf, Tor Browser, …). Stop cooperating with Google. They can do evil things because of their monopoly power. We can make Google less powerful, if we refuse to use their products, if we escape from their privacy-invading services.

        • kattfisk@lemmy.dbzer0.com
          link
          fedilink
          arrow-up
          0
          ·
          1 year ago

          That’s interesting. The first site on the list is the self-service login page for Banco do Brasil. Doing a little bit of digging suggests that attacking the users local environment to steal money via self-service is a widespread problem in Brazil. That would explain the need to block all add-ons that are not known safe for a page like this so they can’t swap that login QR-code. Here’s an (old) article detailing some of these types of attacks https://securelist.com/attacks-against-boletos/66591/

          I wish Mozilla would be more transparent about this, but I speculate that they might be provided these domains under NDA from the Brazilian CERT or police.

          TBH I think malicious add-ons are the new frontier of cybercrime. Most classic attacks methods are well mitigated these days, but browser add-ons are unaffected by pretty much all protections and all the sensitive business happens in the browser anyway.

          remotely monitored their browsing real-time

          it’s kind of inevitable that sometimes they have to support that giant

          What more specifically are you talking about here? The functionality we are talking about can not be used for remote monitoring. Are you saying Mozilla added this feature under duress from Google?

          • Saki@monero.town
            link
            fedilink
            English
            arrow-up
            1
            ·
            edit-2
            1 year ago

            Thanks for taking time to dig deeper and share the results. It’s ironic if big search engines are practically assisting those scams.

            The main thing behind my previous comment is the SREN bill and Mozilla’s blog post about it.

            I hope I am wrong, but I feel that Mozilla, while being against browser-side censorship, is strongly supporting Google-side restrictions. The situation becomes clearer if you actually read SREN, Art. 6, which is based on the premise that browser providers can and will monitor each user’s activity (my post about this on Lemmy). Conceptually similar to WEI.

            The technology that restricts what a user can do can be useful, if unquestionably bad things are blocked. The fundamental problem is, in order for this to work, someone has to decide what is “bad” for you, and has to monitor your activities directly or indirectly so that you may not visit “bad” websites. Protecting users from malware may be important, but I don’t want forceful “protection” by for-profit big tech companies, especially when their OSes/services are not really privacy-respecting, if not themselves spyware. While “protection” might not involve real-time monitoring or anything privacy-invasive, the current situation feels preposterous. We should be free to customize programs, free to block what we don’t need; it’s not like they have freedom to block us from accessing info, to force us to use/view what they want us to.

            • kattfisk@lemmy.dbzer0.com
              link
              fedilink
              arrow-up
              1
              ·
              1 year ago

              But that post is Mozilla clearly speaking out against SREN because they do not want to be compelled to block certain sites.

              Are you then talking about Google Safe Browsing? Which is enabled by default in Firefox, but which does not “monitor your activities”. It compares the site you are about to visit to a downloaded list of known bad ones and warns you if it’s on the list. Hardly an Orwellian nightmare. Just turn it off or ignore the warning if you do not want it. I keep it on because I’ve never seen a false positive on that list and I understand that even I’m vulnerable to attack.

              We should be free to customize programs, free to block what we don’t need

              And you are. If you don’t want to use safe browsing, turn it off, is right there in the menu. They have given you a default that’s best for most people and the option to customize.

              Further, since it’s free software there’s really no limit to your power to customize or get rid of what you don’t need. (I understand that this is not possible for most people, but that’s why you have the menu options, this is just a final line of defense.)

              • Saki@monero.town
                link
                fedilink
                English
                arrow-up
                1
                ·
                edit-2
                1 year ago

                I’ve been a long time Mozilla-supporter, since forever—since much before Firefox was even born. Every browser I use now is also Firefox-based [EDIT: one of them is SeaMonkey, not firefox-bsed but from Mozilla too]. As such, I wouldn’t like to say bad things about Mozilla. While I could clarify what I was trying to say, let’s just say several other people prefer LibreWolf to Firefox (I’m not a LibreWolf user, though).

                In the big picture, we don’t want to be abused by big tech companies like Google, and relatively speaking, Firefox is a much better choice. Also, you’re absolutely right about how free software is supposed to work (at least in principle). Like I said, I really hope I’m totally wrong here.

                The original (initial) post is a question about Brave, and we’re getting so off-topic now. Besides it seems that most Lemmy users don’t even read anything older than a week anyway, too busy to have a slow, deep conversations. So let’s call it a day. What I was trying to say in passing might become painfully clearer soon enough, or perhaps—hopefully—I’m just overly worrying about nothing. Although maybe Mozilla as an organization can’t exist anymore without Google’s financial supports (and so not in a position to keep saying “No!” to Google for a long time), as you pointed out, let’s hope that the philosophy of free (libre) software will prevail in the end.

  • Ilandar@aussie.zone
    link
    fedilink
    arrow-up
    0
    ·
    1 year ago

    That website is run by an employee of Brave, who rates the privacy of browsers based on their default settings (which Brave tends to perform best in). If browsers prompt the user to select their privacy settings on a first run, he scores them based as if the user had selected the worst privacy options.

    If he actually spent a few minutes setting up each browser, as is always recommended within the privacy community, that table will look a lot different. But then Brave wouldn’t stand out as much…

    • hruzgar@feddit.de
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      almost nobody does that though. And after a certain amount of time even power users are like “yeah. f* it”. So default settings ARE important imo

    • bbbhltz@beehaw.org
      link
      fedilink
      arrow-up
      0
      arrow-down
      1
      ·
      1 year ago

      That website is run by an employee of Brave

      Like, for real? That’s kinda funny.