I would usually choose Brave but it isn’t on the Mac app store, therefore not required to be sandboxed, while Safari is.
Considering everything, which one to choose for mac?
The general consensus among security researchers seems to be that chromium-based browsers are more secure. Both browsers offer a lot of great features, some that the other doesn’t offer, but I think overall brave likely has Safari beat in terms of security. Not that either one is necessarily insecure.
2 Likes
Yeah im aware that chromium is considered the best overall. But asking for macOS only, where the added bonus of Safari being sandboxed by the system itself can come into consideration?
Well Brave does use the system sandboxing it’s just not for absolutely everything. It doesn’t use the “App Sandbox” per se but if you check in activity monitor most of the processes are sandboxed.
3 Likes
Im also thinking of this: Brave could get compromised in the future or sth, and since it isn’t required to be sandboxed like Safari is, it could stop using the sandbox. How realistic of a threat is this?
Do you think I should stick to Brave on mac even after taking into account these things?
I guess it’s possible but doesn’t seem likely. It would be hard for an attacker to push out a malicious update that disables the sandboxing without getting caught I would think.
Yes.
2 Likes
Does that mean that Brave browser is more secure than if used on Linux?
Brave has privacy features which can result in better security. The built in content blocker reduces your attack surface from malicious advertisements. Brave AI features can be disabled or removed since it is free software. Chromium plays well with YouTube etc.
I’m not a Mac user and typically install multiple browsers for different purposes. There is no reason you can’t use both then add LibreWolf and Tor Browser.
The privacy features don’t necessarily improve security. The built in content blocker actually increases attack surface. A much safer way to block malicious ads is to use a dns based content blocking solution like nextdns pihole adguard home or mullvad’s dns with content blocking.
I use DNS blocking from my hosts file and on my router. Brave content blocking is built in, which is better than an extension. The attack surface may be increased in terms of code but I was thinking more along the lines of human error. Clicking a malicious ad pretending to be something else is more hazardous than blocking all ads.
1 Like
I actually have and use Safari, Mulvad, Brave and Tor browsers. For sites that I trust and have accounts for (my bank, etc.) I use Safari. For general browsing I use Mulvad unless the site breaks on it in which case I use Brave, and so on. I don’t have plug-ins or add ons for any of the browsers but I do have my home router setup to use NextDNS which deals with a lot of ad and tracker stuff.
I personally use Brave for mac, don’t trust Safari this much. Plus more settings.
It may be over the top but nobody has mentioned virtualisation yet. You can create your own sandbox or use Whonix on Mac.