Brave vs Trivalent Security

sha123 · March 12, 2025, 6:37am

Which security features would be missing in Brave compared to Trivalent?

Lukas · March 12, 2025, 8:03am

Disabled JIT and CFI? Plus some other patches from Vanadium.

sha123 · March 12, 2025, 8:55am

Type-based CFI is standard on Chromium browsers on desktop.

That’s something you can do any Chromium browser via start flags. Or use the V8 toggle to disable only two of three tiers.

Which of them are significant compared to what Brave has?

Cyber-Typhoon · March 12, 2025, 3:15pm

Not sure if if is completely accurate but here are some items:

Brave includes built-in ad-blocking and tracker-blocking features, which are enabled by default.

Brave also removes tracking-related query parameters from URLs.

Brave reduces the amount of information present in the referrer header, which can tell sites you might not trust about your browsing behavior.

Brave’s privacy protections are integrated into the browser and include features like partitioning, which improves upon the limited network-state partitioning in Chromium.

Brave’s sync feature encrypts data at the client level, ensuring that your data is hidden from the browser and much more secure.

There is a last one that is a bit polemic Brave has committed to maintaining Manifest V2 support.

Not sure what of those things were incorporated in the Trivalent browser.

Edit: adding some items that I missed:

Brave also includes built-in Shields that protect against malicious scripts, trackers, and intrusive ads, providing advanced protection.

Brave also integrates IPFS, a decentralized network for accessing and sharing content, and offers private browsing with Tor to enhance anonymity.

Brave encrypts every connection possible and includes On-by-default Global Privacy Control to stop websites from selling and sharing data.

RoyalOughtness · March 12, 2025, 3:30pm

Most of them if not all of them? Brave isn’t a security oriented browser. It doesn’t do much hardening I’m aware of, and actively de-hardens the browser in some aspects.

Cyber-Typhoon · March 12, 2025, 3:35pm

Never heard this, do you have an example?

sha123 · March 12, 2025, 3:46pm

Would you mind telling me a few significant ones which Brave or a default Chromium build does not have on desktop?

In which aspects?

Since the default builds for Linux and Android are different for Chromium did you check which of Vanadium’s patches are already included on desktop by default?

RoyalOughtness · March 12, 2025, 3:55pm

Re-enabling anarchic extension permissions, aka MV2 . If Android allowed all apps all permissions, with no mechanism to set granular permissions on a per-app basis, no one in privacy spaces would be using Android. Yet for some reason, browsers get a pass when it comes to doing the same for extensions.
Shipping an official flatpak, which they accomplish using zypak, which is both no longer maintained and a hack that replaces the layer 1 component of the otherwise robust chromium sandboxing with flatpak’s much weaker sandboxing. Even without zypak, this replacement is required for any flatpak chromium browser to ship, and it’s a major security degradation. Even if you don’t use the flatpak, this alone makes it evident that brave will make decisions that ignore security considerations.
As of the end of last year, Brave still defaulted to the X11 ozone backend, which Chrome et al don’t. I have no idea why they chose this and hopefully they’ve fixed it by now.
Brave adds additional services to enable their crypto wallets. However you feel about crypto, this is a significant attack surface increase
Brave’s built-in adblocker accepts arbitrary content, making it a source of significant attack surface. The method Vanadium (and Trivalent) uses to implement adblocking by preprocessing filter rules at build time mitigates this risk significantly: Subresource Filter

This is just ways security is reduced relative to upstream, and doesn’t cover hardening they’re missing.

RoyalOughtness · March 12, 2025, 3:57pm

a default Chromium build does not have on desktop?

All of them

Our build would fail if any of these were present upstream, since the patch won’t apply if the target content mismatches.

Since the default builds for Linux and Android are different for Chromium did you check which of Vanadium’s patches are already included on desktop by default?

We only included vanadium patches that are desktop relevant. Like I said above, every patch in that repo is necessarily not applied upstream.

Brave includes only some of this that I’m aware of, like some partitioning improvements.

RoyalOughtness · March 12, 2025, 3:59pm

The only thing in this list that’s a security feature is the partitioning. And adding back “permissions anarchy” aka MV2 is a security anti-feature.

edit: “Brave encrypts every connection possible” is also a security feature (aka kHttpsOnlyModeEnabled)

sha123 · March 12, 2025, 5:02pm

Sorry, not a native speaker, maybe I didn’t express myself as I intended to: Emphasis was on significant .

Reason being, I would only consider switching away from Brave in case of rather significant improvements, because I like the convenience of Brave’s excellent content blocker, cross-platform sync, its many privacy features and overall consider it secure enough with disabled JIT for most of my use cases.

Is this really a problem since it is written in Rust?

RoyalOughtness · March 12, 2025, 5:22pm

Emphasis was on significant .

It would be quicker to list the ones that are insignificant…

Is this really a problem since it is written in Rust?

Yes, Rust isn’t a panacea.

Pasta1634 · March 12, 2025, 6:10pm

Brave only allow installation of specific MV2 extensions AFAIK.

RoyalOughtness · March 12, 2025, 6:31pm

Good to know, that’s slightly less bad

anonfox · March 12, 2025, 6:38pm

The only patches I don’t know how to enable in Brave (if possible) are those related to blocking dynamic code generation

github.com/secureblue/Trivalent