I noticed that the .crx file that os downloaded from the Chrome Web Store is now blocked for “security reasons", essentially rendering extensions install impossible. Brave should still allow (untested) installation of uBo, NoScript, uMatrix from the settings (they say they will keep supporting tbpse privacy extensions)
This is either a mistake or Brave cares more about security than supporting these extensions.
Anyway, use uBO Lite.
1 Like
The Manifest v3 Revolution and its consequences have been disastrous for the Web.
This is referencing this meme.
1 Like
The biggest security problem with uBO Lite is that due to MV3 design, lists can’t be updated without updating the extension. This mean you stay days or weeks without blocking new security/privacy threats.
Plus, with uBOL, you can’t block all scripts and frame from third parties (this is called Medium Mode). The medium mode, is the best approach to privacy and security.
11 Likes
Read this post, and especially the link in the post, to understand why.
Out of curiousity, why would anyone be using uBlock Origin, NoScript, uMatrix, or AdGuard when you have Brave Shields? In my opinion, I don’t see the point to maintaining them on Brave.
1 Like
uBlock Origin is (or, at least for Mv2 uBO, was) much more powerful. In fact, Brave Shields literally use uBlock filterlists, along with some others.
3 Likes
gorhill has always been very mindful about what fumctionnality he put in uBo, and the potential risks associated with new features. For example, when ABP introduced a anti-tracking feature that could redirect url.com/parameters/theurlis=example.com to any other website (it should be example.com, but ABP allowed any website), uBlock Origin held back, as a malicious list could redirect user to any (malicious) website.
It was later discovered hackers did just what was feared.
While I understand the concerns about broad permission, this isn’t a big deal as it might seem.
After all, doesn’t Brave shields in Brave technically have every permission since it’s built in the browser ?
Brave browser could be compromised with malicious code, and so could uBlock Origin.
2 Likes
Summary: Agree to disagree.
[details=“Longer Response”]
I do agree with most you’re saying, but it’s unnecessary for Brave. PrivacyGuides explicitly stated, which is valid:
Don’t install extensions which you don’t immediately have a need for, or ones that duplicate the functionality of your browser. For example, Brave users don’t need to install uBlock Origin, because Brave Shields already provides the same functionality.
I agree that uBlock Origin has its advantages over Brave’s ad blocker. But it does not have robust fingerprinting protection like Brave has, with its fingerprinting protection. Why do you think we use Firefox FPP/RFP alongside uBlock Origin, for instance. Just see this as an example.
That doesn’t matter. It shows the filter lists are good, otherwise Brave wouldn’t use them. Furthermore, Brave Shields is fine for most people. uBlock Origin is not a replacement for Brave’s ad blocker in Brave, because its’ unnecessary and can increase one’s fingerprinting.
To prove my claim, there was a study conducted by the University of Illinois at Chicago, which showed that they could fingerprint users based on their installed extensions.
Of course with Tor Browser, everyone has the same amount of extensions, and Mullvad Browser, so it would be hard to distinguish any users easily.
With Firefox, uBlock Origin is a fine option, for content blocking, and uBlock Origin Lite as well.
I’m not here to argue whether Brave’s ad blocker - and Shields in general - is better than uBlock Origin, and vice-versa, but simply state facts.
1 Like
Agreed, but there’s the existence of malicious filter lists or compromised ones that Gorhill has no control of. I trust Gorhill, but don’t trust him with my browsing history, cookies, and everything I type and do on websites, due to issues like this.
Here’s another example.
Again, read this post that Jonah shared. Regarding that, I know many filter list maintainers are genuine, but I don’t want to risk my security for extra features.
I haven’t seen that brought up. Maybe a post could be created from that, since I’ve never considered that and probably others have neither as well.
Could be just a bug, it is a nightly after all.
Updating to uBO 1.60 on stable via chrome webstore worked fine 2 weeks ago.
Did you try this in a fresh new profile?
Agreed. I think for most people the built-in blocker is a reasonable choice. For casual users, its more than enough, and the type of advanced or DIY minded user who would have a strong preference for uBO and the level of control and featureset it provides, isn’t exactly the target audience for Brave, most of these users are likely already using Firefox + uBO anyway.
But [uBO] does not have robust fingerprinting protection like Brave Shields
I think you are getting confused on this point. Apart from what can be done with traditional adblocking methods, Anti-fingerprinting isn’t really the role or goal of adblocking extensions. They aren’t the best tool for the job. Not uBlock Origin, and not Brave’s built-in adblocker.
Comprehensive anti-fingerprinting is out of scope for uBlock Origin. This is something better achieved at the browser level–not by a browser extension.
I think you may be confusing Brave’s umbrella term ‘Shields’ with their built-in adblocker. But ‘Brave Shields’ doesn’t refer specifically and only to the adblocker, ‘Shields’ is a term they use to brand a bunch of different privacy features of Brave Browser as well the UI they build around those features.
Brave’s fingerprinting protection is an element of ‘Brave Shields’ but not primarily related to the adblocker and afaik, they operate independently of one another so you could disable the adblocker and replace with uBO without disabling the browsers built-in moderate fingerprinting protections.
Some other thoughts, on related points
Agreed, but there’s the existence of malicious filter lists or compromised ones that Gorhill has no control of
I think this would apply equally to Brave’s adblocker or any other that uses 3rd party blocklists.
The core of both uBO’s and Brave’s adblocking is Easylist + EasyPrivacy + the uBO filterlists + Pete Lowe’s blocklist + Malicious domains blocklist from URLhaus. Brave also has some of its own supplemental lists.
showed that they could fingerprint users based on their installed extensions.
I think this is a valid (at least theoretical) consideration. Though for this to be relevant, you’d need to have already addressed the ‘lowhanging fruit’ (something Brave will not adequately do out of the box). Most users concerned with preventing sophisticated forms of fingerprinting like this will likely already be using Mullvad or Tor Browser, not Brave.
3 Likes
Because (some of) the tools work better than Brave’s builtin one
Then you shouldn’t use his privileged addons
(edit) easylist is maintained by uBO, no? (Even if it isn’t, Brave also uses it and not their own so you must trust extra parties for the lists anyway)
What about Tails’s Tor Browser vs the regular Tor Browser? Tails has uBlock Origin added so I would assume it would make it distinguishable from other Tor users.
Or in the words of Brave’s own founder:
“uBO does more by default, and has more knobs for its users, than Brave shields has or will likely ever have.”
“[uBO is] a really strong model of the kind of mentality and approach the space should bring to user privacy"
On a related note, I just saw a small psa for Brave browser users in one of the filterlists that I use (which is also one of PG’s recommended lists):
As of 15/03/2024, this list does not work properly in Brave Browser, due to Brave missing several critical features this list uses. Please use this list only with uBlock Origin or AdGuard.
No. At least not to my knowledge
But Easylist (and Fanboy’s list) has a track record and reputation that goes back much further than either uBlock Origin or Brave.
I believe this is correct. (though fwiw, it seems that the Tor Project is sloooowly moving towards the inclusion of a content blocker, and with Tails now part of the Tor Project officially, I assume there will likely be convergence around a single configuration).
If I am correctly interpreting the latest label they applied to the gitlab issue, it seems they are aiming for Q2 2025.
2 Likes
About trust, if you don’t trust uBO, you should not use Brave Shield either. Because Brave Shield uses uBO’s lists with full trusted system, i.e able to use all trusted filters (filters with more capabilities but can tamper to the websites more). And not only uBO, all other non-uBO lists have the same capability by default. Not even uBO or Adguard allow that (by default uBO only allows its internal lists to use these trusted filters, if users want to allow other lists to have the same privilege, they need to do it manually). And I doubt Brave has enough manpowers to manually review each commit from all of the lists listed in Brave Shield.
2 Likes
supply chain issues.
It probably makes sense to lessen the parties of trust - if you already use the Brave browser, then it is better to trust Brave Shields, because in the theoretical situation that Brave gets compromised, they won’t just be messing with Shields.
If one is relying on content filtering for their privacy and security, then they seriously need to go back to the drawing board.
Content filtering is a convenience feature, and relying on it for privacy and security is wrong. It can act as an icing on the cake when it comes to PrivSec, but it definitely isn’t the cake itself.