by Alessandro Ebersol (Agent Smith)
"Three times faster than Chrome. Better privacy by default than Firefox. Uses 35% less battery on mobile." This is how Brave Browser presents itself. But, is it really true?
Brave browser was created as a derivative of Chromium, the open source version of Google Chrome Browser. It was released in 2016, and came with many promises: Privacy, speed, and rewards for users, BAT's (Basic Attention Tokens), a form of cryptocurrency, which, according to the browser's creators, rewards creators and users.
Brave, designed to be a browser that respects the user's privacy
The Brave browser uses the motto: "You are not a product". It focuses on improving the privacy and security of its users. Brave also brings a new approach to the advertising ecosystem, ensuring that both advertisers and users benefit from ads by decreasing the amount of disruptive ad content. Advertisers are introduced to a more relevant range of users, while users are offered the opportunity to convert their advertising experience into a source of revenue.
However, over time, the mechanics of the Brave browser have gradually changed in a way that exposes the personal data of its users, and ultimately betrayed their trust, in Brave's initial motto.
Strange practices began to surface
On February 10, 2019, a Twitter message directed to Brendan Eich asked what a significant change in Brave's source code meant:
And the change was
This whitelist variable is associated with code in the tracking_protection_service.cc file that adds various Facebook and Twitter hostnames to the whitelist variable so that they are not blocked by Brave's Tracking Protection feature.
The list of whitelisted URL's is:
- connect.facebook.net
- connect.facebook.com
- Staticxx.facebook.com
- www.facebook.com
- scontent.xx.fbcdn.net
- pbs.twimg.com
- scontent-sjc2-1.xx.fbcdn.net
- platform.twitter.com
- syndication.twitter.com
- cdn.syndication.twimg.com
The response from the Brave browser team was that the developer team decided to whitelist Facebook and Twitter tracking scripts because blocking them would affect the functionality of many sites. One of the Facebook features that would be broken includes Facebook logins.
Now, that was a very convenient response, which has a basis in truth. However, such trackers, being left off the hook, can also identify and deliver users' browsing habits to third parties. And, Facebook (Meta now) is known to abuse the personal data of its users.
But, that's not all. With the involvement of the company Brave Software, Inc. with cryptocurrencies, other "strange" incidents have happened.
The browser has started showing, on its homepage or new tab, a new form of monetization for Brave: sponsored images. Sponsored images were introduced in 2020, and according to Brave's blog "These branded images will appear in the form of large, beautiful background images within our new tab. The sponsored images will bring in additional revenue to support Brave's mission and give users a new reason to turn to Brave Rewards so they can be compensated for their attention. These images will begin appearing in our mobile and desktop browsers in the coming months."
However, there was no opt-out setting for this Etoro cryptocurrency system, with the user who opted in to Brave Rewards automatically being taken to the Etoro affiliate program.
It turns out that it was only thanks to the opening of a ticket on github about this "problem" that there was a change to make it an opt-in.
And the ad blocker?
According to Werwolf from the Black Gnu website: "Their ad blocker is just a fork of uBlock Origin, which is not necessarily bad, but another reason to avoid using Brave is that uBlock Origin works best in Firefox and there is nothing Brave can do about that.
Another side effect of using a browser that is made by Google is that Google will make decisions that benefit its advertising business, such as making it impossible to use ad blockers in any Chrome-based browser. And, of course, this will affect Brave."
However here, doing a deeper analysis, although Werwolf's statement is true, at its source, there are advantages to Brave's integrated ad blocker: "Since Brave's ad blocker is integrated directly into the browser (i.e. it's not an extension), the limitations of Manifest V3 don't apply." - according to user wmitty, from the Hacker News site.
The controversy with Tom Scott
In 2018 there was a serious controversy with British YouTuber Tom Scott. Popular British YouTuber, Tom Scott, prides himself on not asking for donations or crowdfunding on any platform.
However, in 2018, he discovered that Brave browser was using his name and image to collect donations on his behalf. Since Scott had not requested or consented to this, he asked Brave to stop, and to refund any donations made. Brave replied that "we will see what we can do," but that "refunds are impossible."
Of course, refunds should really be impossible, given the alleged anonymous nature of Brave's tips. But asking for donations "for" someone, without their consent, is highly questionable, if not downright fraudulent. It really doesn't help that the pop-ups, which appear on Scott's YouTube channel and personal website, are so deceptively designed.
Conclusions: To use or not to use Brave?
Well, with several arguments against Brave, and further checking the technical nature of several problems, I still think Brave is better than Google Chrome.
It consumes less memory, is faster, does not load the system as much, and with some adjustments, it can become better than it already is.
And how to do that?
Let's see.
Tweaking Brave to decrease sending data to third parties
The first thing to do is to disable the automatic sending of data to Brave, Inc.
How? Do this: Go to Settings -> Advanced settings -> Privacy and security -> Automatically send totally private product reviews to Brave. Set it to disabled.
Also, in the same section, disable "Send usage statistics to improve Brave browser".
Now to block those strange URLs we can do one thing: Edit the hosts file in /etc.
The hosts file intercepts known addresses and translates them into IPs, without the need to consult a DNS server. It already has one address registered, which is the ip of localhost (127.0.0.1).
So we can add the following addresses to the list:
127.0.0.1 static.brave.com
127.0.0.1 crlsets.brave.com
127.0.0.1 brave-core-ext.s3.brave.com
127.0.0.1 safebrowsing.brave.com
127.0.0.1 static1.brave.com
127.0.0.1 laptop-updates.brave.com
127.0.0.1 variations.brave.com
127.0.0.1 grant.rewards.brave.com
127.0.0.1 api.rewards.brave.com
127.0.0.1 rewards.brave.com
127.0.0.1 p3a.brave.com
127.0.0.1 go-updater.brave.com
127.0.0.1 componentupdater.brave.com
Of course it must be done with a pure text editor, and as root. After adding the addresses, save the hosts file and Brave will never phone home again.
I hope you enjoyed this review of the Brave browser, and don't be scared of Brave browser stories. It is a pretty good browser, and with a little tweaking it gets even better.
|