Brave (iOS)

Check this box to affirm you have no conflict of interest.

on

Website

Short description

Brave needs no introduction: Privacy-focused web browser, we currently recommend it for Desktop & Android.

Why I think this tool should be added

Following our discussion here on revising the iOS browser criteria (Splitting this off to a separate topic per @redoomed1’s request):

I feel that Brave warrants a recommendation per my reasoning here:

Specifically:

Brave:

Is Open Source

Has stronger & more effective content blocking than AdGuard + Safari (Easy example of this off the top of my head is speedtest.net 1 - On Safari, I see a banner asking to install the app even with AdGuard (& Annoyances filters enabled), meanwhile on Brave I don’t).

Brave’s content blocking on iOS also has support for removing URL tracking parameters - Apple appears to have added some form of this functionality to Safari fairly recently, but their list can’t be expanded and likely isn’t as effective as using a filter like AdGuard’s URL Tracking Protection (& potentially Actually Legitimate URL Shortener Tool if that’s now supported as well, need to test…)

Supports adding custom filter lists & other basic functionality that AdGuard’s extension either lacks or locks behind a paywall

Supports toggling JavaScript per-site

Automatically redirects AMP pages

Supports Global Privacy Control

Allows adding custom search engines… (It is literally only possible to use 1/4 of the search engines we recommend on Safari without buying some kind of extension, which also even further increases attack surface & trust in another party…)

Etc…

@BionicBison also proves further reasoning:

In particular:

With that out of the way, my thoughts on recommending Safari as the sole iOS browser largely echo yours. I also don’t quite understand the reasoning that using Brave adds trust rather than transferring it. Unless this is more complicated than I believe it to be, isn’t it a similar situation to Brave using Chromium on other platforms? It’s not like we would recommend using Chrome over Brave since “you’re trusting Google anyway.” Brave genuinely brings a lot to the table as previously mentioned (custom search engines being huge as Safari is directly incompatible with some of the search engine recommendations), which warrants adding it to the iOS browser recommendations in my opinion. I’m actually not opposed to it joining Safari rather than replacing it as Safari is pretty decent, though I’d understand if Safari was removed should an open-source requirement be added.

I feel that Brave offers meaningful privacy benefits over Safari, and that it would be a worthwhile addition to our iOS Browser Recommendations. Curious what the community thinks on this.

Section on Privacy Guides

Mobile Browsers

I disagree that brave really offers anything over Safari but I don’t see the harm in recommending it on iOS I suppose.

On your points:

Safari’s engine, WebKit, is open source. And anyway the source model is irrelevant for privacy/security imo.

You’re free to use a different content blocking app if you want, adguard isn’t the only option. The app download banner you brought up actually isn’t an ad it’s a specific feature of Safari Promoting Apps with Smart App Banners | Apple Developer Documentation so not really related to content blocking at all.

Like you mention, Safari has the URL tracking parameter removal functionality. I guess you can try and compare which one you think is better but I’d like to see some tests.

Custom filter lists make you more fingerprintable, you should really be using the defaults.

On Brave iOS I can’t seem to find where you can disable JS per site, seems like all or nothing. Makes sense since it’s running WebKit as well.

I’d argue AMP doesn’t matter for privacy and it’s mainly a setting to turn on if you don’t like Google’s monopoly over the web, but sure it’s nice to have.

Global Privacy Control is just another fingerprintable flag like DNT, it’s better not to support it.

Custom search engines are nice but it doesn’t stop you from actually using the search engines, it just doesn’t use them if you type in the URL bar. You can just bookmark your favorite one and use the page itself. I do hope Apple adds custom search engine support though.

Safari’s engine, WebKit, is open source.

So is Chromium… so would you consider Google Chrome & Microsoft Edge open source as well?

And anyway the source model is irrelevant for privacy/security imo.

I partially agree, but I’d rather not get into that. I will just say that PG in general seems to value open source.

You’re free to use a different content blocking app if you want, adguard isn’t the only option.

True, but I was just basing that off of PG’s current recommendations.

The app download banner you brought up actually isn’t an ad it’s a specific feature of Safari Promoting Apps with Smart App Banners | Apple Developer Documentation so not really related to content blocking at all.

Thanks for the elaboration, I wasn’t aware of that. Still seems like a great example of why we should look to recommend other browsers like Brave though, since this seems to be a form of advertising/app promotion that can’t be blocked on Safari.

Custom filter lists make you more fingerprintable, you should really be using the defaults.

This isn’t black and white. Can custom filter lists potentially aid fingerprinting? Yes.

Are websites actively using this as a metric for fingerprinting? Unlikely, at least not that I’m aware of.

Can custom filter lists potentially improve privacy & security? Yes, due to the fact that additional lists can provide stronger & more effective content blocking. This is evident by the fact that even PG recommends tweaking filter lists for users of uBlock Origin. PG’s suggestions there technically increase fingerprintability… but also provide real-world benefits & improve uBo’s tracking protection.

I’d rather not get too into this because it’s another topic entirely as well, but I think it depends on the user and what they value: Stronger content blocking or less potential fingerprintability. I’m not trying to say that everyone should add custom filters (In general I think it’s a good idea to keep your lists to a minimum), but the fact is that adding more lists can have benefits.

I’ll also add that users with more extreme threat models who need advanced fingerprinting protection can’t get that from browsers like Brave anyways, best option for them on iOS is Onion Browser, though even that isn’t on the same level as Tor Browser.

On Brave iOS I can’t seem to find where you can disable JS per site, seems like all or nothing. Makes sense since it’s running WebKit as well.

It’s the “Block Scripts” option under Shields:

image712×1242 86.9 KB

I’d argue AMP doesn’t matter for privacy and it’s mainly a setting to turn on if you don’t like Google’s monopoly over the web, but sure it’s nice to have.

I disagree. See Brave’s blog post here. I’d argue that it does provide privacy & security benefits.

Global Privacy Control is just another fingerprintable flag like DNT, it’s better not to support it.

Yeah, I have to disagree. Unlike DNT, GPC is showing to be legally enforceable in some jurisdictions.

Fingerprinting concerns also aren’t really relevant here since Brave enables it by default for everyone.

Custom search engines are nice but it doesn’t stop you from actually using the search engines, it just doesn’t use them if you type in the URL bar. You can just bookmark your favorite one and use the page itself. I do hope Apple adds custom search engine support though.

You’re technically correct… but can we really expect users to go through that every single time they want to make a search? That’s just silly to me. Through Safari’s implementation like this, users will be much more likely to use less privacy-respecting search engines, since they won’t want to go through this trouble every time they want to make a search. We have to remember usability here. This is hacky at best.

I’ll just state that I wouldn’t have a problem keeping Safari: Apple seems to be generally reputable from a privacy perspective (Probably a controversial opinion here though lol) & Safari does offer benefits (like Lockdown Mode integration & Profiles), but I feel like it’d be silly to ignore the benefits that Brave does in fact provide.

They are mostly open source yes. My issue with them is that they don’t offer many privacy features vs other options like Safari, Firefox, or Brave. The fact that they have closed source components is irrelevant to me.

Ah didn’t see that, good to know.

Good points, like I said I like brave and I don’t see any issue with it being recommended on iOS.

Holi s***, i was about to suggest Brave for iOS today, and there it is

Brave is better than Safari from the usability perspective. Safari’s take on tabs is weird, Safari generates a lot of cache (sometimes, multiple gigabytes!)And iOS seems to be hiding how much cache it generates. Hence, at least I always installed another browser

One really annoying (to me) disadvantage of Brave is: huge UI elements, compared to Chrome. But, I guess that’s not really affecting privacy, so it’s OK

Have you tried adding more filters in adguard?
In addition to custom blocklists, you can enable a variety of built-in blocklists.

Do you use separate profiles? Because it stores separate cache for each so that will add up over time.

I agree (though I disagree on GPC, and a couple other minor points)

Global Privacy Control is just another fingerprintable flag like DNT, it’s better not to support it.

I think this is a misunderstanding.

1. GPC is legally enforceable in some important jurisdictions. It is not an empty request in the way DNT was.
2. Also, you are right it is fingerprintable. But it’s a binary (on or off), Brave enabling it by default for all users, or another browser disabling it by default for all users are similarly fingerprintable. At least that is my understanding.

I don’t think that should be a deciding factor because:

1. Safari + Adguard doesn’t just have Safari’s URL tracking protection, it also gives you access to Adguard’s URL tracking blocklist.
2. Both Adguard and Brave allow custom blocklists (so if you prefer anything other than Adguard filters, you just need to add those lists).

Thanks for the elaboration, I wasn’t aware of that. Still seems like a great example of why we should look to recommend other browsers like Brave though, since this seems to be a form of advertising/app promotion that can’t be blocked on Safari.

I don’t consider that to be unwanted advertising.

If you go to the speedtest[.]net mobile site, there is a reasonable chance you may want to be aware of the speedtest[.]net mobile app (lots of users prefer apps to websites on mobile). It seems like overkill automatically block by default, a notice that is essentially saying “hey, this webapp is also available as a native app as well” (that doesn’t seem conceptually different from ‘install as a PWA’ notices, which we don’t treat as ads) I’d consider this a useful notice at best and an annoyance at worst.

I do think Brave has some preferable aspects, being open source is one of them. But realistically if you are willing to accept a closed source operating system from Apple and a suite of closed source apps, Safari also being (partially) closed source probably doesn’t change the equation much.

AdGuard’s custom filter lists are behind a paywall… and even then, they still ex. limit the amount of lists we can add.

I don’t consider that to be unwanted advertising.

I definitely have to disagree there. Even Apple refers to this feature as advertising/promotions:

Promoting Apps with Smart App Banners
Create a banner to promote your app on the App Store from a website.

This is by every meaningful definition an advertisement. I would also argue this poses privacy concerns, as it likely pushes users to install apps for privacy-invasive services (ex. Facebook or even speedtest(.)net in this example, which is known to include lots of ads, tracking, & other nastiness…) that they otherwise might not, granting them more access to their device & digital life.

But realistically if you are willing to accept a closed source operating system from Apple and a suite of closed source apps, Safari also being (partially) closed source probably doesn’t change the equation much.

Respectfully, I’m struggling to understand why Safari & iOS are being held to such a different standard than any other browser & platform. I don’t think I’ve heard anyone in these communities ever refer to Chrome or Edge as “partially closed source”… they’re closed source, no way around it, just like Safari. But that’s besides the point anyways, open source is just one benefit Brave provides and I don’t have any problem if we keep recommending Safari.

This is where I’m struggling here:

So far I haven’t seen anyone make compelling reasons not to recommend Brave… other than “Safari is good enough™️”. That’s great if Safari works for you! Keep using it, it’s not a bad choice by any means. But I see no reason why that should stop us from striving for better or recommend other browsers like Brave when they provide real-world benefits over Safari.

If this is really the criteria we’re going to use when making recommendations, then I think we need to look back & revise nearly everything we recommend thus far. That’s just silly. Why should we recommend Tor Browser or Mullvad Browser? Firefox & Brave are good enough™️… See what I mean? This line of thinking just isn’t productive IMO, and goes back to my point of the weird double standard I feel like I’m seeing here.

The browsing situation on iOS currently sucks, there’s no way around it… but IMO Brave on iOS has come a long way & I believe it’s worth a second look.

I tried Brave on my iPad, and I’m definitely not going back to Safari.

One thing to note is that if you want AdGaurd to even come close to Brave in terms of content filtering, then you need to pay, if you don’t, then AdGuard doesn’t even block YouTube ads.

I would suggest anyone reading to try Brave and Safari + free (or even paid) AdGuard and compare them side by side. Brave is a no-brainer choice, unless you’re worried about fingerprinting, then you should stick with Safari.

I would like to say that Safari actually redirects AMP pages too, it’s just not documented anywhere, but try it.
Since I can’t upload videos, here: Watch unnamed | Streamable
Watch unnamed | Streamable