What about these takes on Brave. Are they still real today or is it quite unclear what are brave intentions?
Article is either out of date, or mischaracterizes things.
The problem comes when you realise that it has a hardcoded whitelist
You can change this though we recommend you don’t as it will modify your fingerprint from other Brave users and may increase attack surface. It’s not the first time adblockers have been used maliciously (mentioned in the uBO description).
Another problem with their built-in adblocker is that it’s better for extensions to be separated from the core of the browser, since they don’t follow each other’s update cycles. This means that you need to update the entire browser to fix a bug in the adblocker. Stupid, isn’t it?
Yeah that’s not how things work, it has out of band definition updates too, mostly from the same places as uBO.
Brave sends requests to numerous domains
So does Firefox by default, and our guide provides guidance to disable telemetry.
Our guide disables that functionality, it’s enabled by default so that third-party sites which have login buttons work.
You can add other lists which our guide mentions, though that may not be recommended, you don’t have to use Brave Rewards (it’s opt-in).
I think this might be Brave News, it can be disabled and you can add your own RSS feeds.
And it wouldn’t be too far-fetched of Brave to use Google’s SafeBrowsing
It does, and they proxy those requests for privacy.
Brave makes requests to Google’s Gstatic
Yeah okay so what who cares. That is simply Google’s CDN. If you are worried about Google seeing your IP then you should be using a VPN or Tor. I never understood this obsession to never hit a google IP address from privacy people. Like use the right tool for the job. If you’re that obsessed about degoogling, set up your firewall to block all of Google’s IP ranges, good luck using certain websites or sites that use GCP though
Brave has been caught inserting affiliate codes
Now this was an issue in the past, but Mozilla has had missteps too.
You may have seen in the past a fork of Brave which removed telemetry and other shady practices from Brave. It was called Braver.
Well, that project was given countless lawsuits by Brave, they were forced to rename the project and finally they had to give up out of fear.
That’s completely reasonable as it was trademark infringement. They could have called it something else entirely but decided not to. Mozilla would probably do the same thing if you called your browser “Firefoxes”.
Chromium and Google’s monopoly
There we have it, I knew that would be present, and that’s what this author’s main beef is.
His hardening guide is also badly informed too.
A privacy respecting, fully free (as in freedom), metasearch engine. It’s selfhostable so you can use your own instance or one of the public ones.
We warn about this, as you really don’t know who is running a Searx instance, it’s not “instant privacy” like he makes out, because you don’t know who is running it or what modifications they may have made to their instance.
No. We point this out in our blog article, as does Arkenfox.
For more paranoid people (like me, lol) who don’t want their passwords to be stored on a server, we have KeePassXC which is also free software and gratis.
More elitist bullshit “I’m so paranoid because I do XYZ thing which is worser UX”.
It has the advantage that your passwords are only stored in a local, strongly encrypted database so they won’t ever leave your computer if you don’t want to. You can use Syncthing to sync them between your different machines without any server.
Which is also crap if you have multiple devices, syncthing really isn’t designed for that. If for some reason you edit a password on one of your nodes, and then it doesn’t sync back, and you edit another one on another device, you may lose passwords.
TLDR post is “free software” elitist bullshit, which is incorrect, pay it no attention.
Thanks for this detailed and argumented answer. I think it should serve as a reference.