Why does Brave Browser get a free pass?

Questions
1

I have a friend who was looking for a chromium-based browser and I recommended Brave based on what I see here.

He linked me with this: Reddit - The heart of the internet

These ones are particularly shitty:

In 2020, Brave got caught injecting URLs with affiliate codes when users tried browsing to various websites.

Also in 2020, they silently started injecting ads into their home page backgrounds, pocketing the revenue. There was a lot of pushback: “the sponsored backgrounds give a bad first impression.”

In 2023, Brave got caught installing a paid VPN service on users’ computers without their consent.

Also in 2023, Brave got caught scraping and reselling people’s data with their custom web crawler, which was designed specifically not to announce itself to website owners.

Sooo… what’s up with all of this?

2

I don’t think it does get a free pass, but in some categories like web browsers and mobile operating systems your choices are going with the least bad option, or not using them at all. What’s the better Chromium-based browser out there?

16 Likes
3

Possibly Mullvad Browser?

1 Like
4

it’s based on Firefox, not Chrome

5 Likes
5

This.

Outside of Trivalent and Vanadium, which are both specific to niche OSes, Brave is the “least bad” chromium based browser available.

9 Likes
6

And the Mullvad browser doesn’t make sense in many situations. You shouldn’t install other extensions and should use it exactly as you use Tor, without changing anything or almost anything.

Brave is the best option for those who want a good browser that can be used to log into different websites and have some privacy, security, and convenience (alongside Firefox or some other version like Zen).

2 Likes
7

Cromite no doubt. When i use it on windows 11 every time i google smth google asks me to solve a captcha with like pick the bicycles pick the bridges etc. Cromite is so good at thwarting fingerprinting it makes ur browser look like a bot. I guess the fact i block first party cookies also helps me look like one. And no one is interested in tracking a bot, so they probably don’t bother. And yeah i tried mullvad leta but after the 10th search in 30 secs it gives me error 429 rate limited, so it’s unusable fot me.

Cromite on android, despite it being where 95% of people use it, is actually worse than cromite on windows. While the latter is basically strictly superior to brave on windows, cromite on android is not strictly superior to brave on android. For example, it lacks the ability to truly clean URL tracking parameters pre-request like i described here Support for Extensions? · Issue #256 · uazo/cromite · GitHub however despite this, it is the only mobile browser that makes CreepJS get a completely new ID every time u refresh the page. It also has lots of useful flags like #cleartext-permitted if u set this to Disabled, cromite becomes literally incapable of loading http traffic no matter what it is. U don’t even get the choice to override the warning, it just says Nope no can do. Development is not very fast cuz it’s just 1 guy but for being 1 guy, he has done wonders. Btw, it’s also the only browser that can prevent document.referrer from spying on u when visiting a web page, no other browser has this functionality, not even Tor Imgur: The magic of the Internet

8

Brave certainly doesn’t get a free pass, but for some reason it has this fanboy cult following. I’m always shocked to see people still professing it as the absolute best browser, but I think it’s maybe also the “Fisher Price My First Privacy Thing” zealots.

1 Like
10

I hate using it, but it is the lesser evil compared other Chromium based browsers on Windows. I wish there was another Chromium browser without all the bloatware and uBlock Origin support, or something similar to Brave Shields.

2 Likes
11

I’ve gone back and forth between Brave and FF so many times now, I don’t even know why I keep using either one.

But Like @jonah said, what else are you going to do? Unless Ladybird becomes real and stable, we got no choice. One known problem for another. Dealer’s choice.

2 Likes
12

There’s simply not good enough options for Chromium based browsers. For Firefox based ones, there is Tor/Mullvad, Librewolf/Arkenfox, and vanilla Firefox itself too.

For chromium based browsers, there is ungoogled-chromium(no antifingerprinting, just debloated and degoogled), Bromite(no longer maintained), Cromite(fork of Bromite), Brave, Helium, Throrium, Vanadium(only available on GOS), etc. While I do think that Brave might be the least bad option, it still has a long way to go. Hope to see more chromium alternatives in the future

4 Likes
13

Once you follow the configuration recommended by privacy guides, brave becomes the best chromium browser available.

3 Likes
14

I was actually kind of disappointed by the replies here.

But then, I went into each articles and there isn’t anything that bad actually. Everything, was addressed and most of them seem to have been bugs which happen everywhere.

The only one that I’m not sure is this one:

Also in 2023, Brave got caught scraping and reselling people’s data with their custom web crawler, which was designed specifically not to announce itself to website owners.

Brave replied with this:

Hello Alex,

Thanks for reaching out for comments about your article, but in the future we would appreciate it if you would check in with us before publishing your piece in order to fact-check your assumptions. There are several items in your article that are inaccurate and which lead to unnecessary confusion.

The rights being mentioned are not rights to content, copyrighted or not, as the article misleadingly seems to imply. The rights are to the output of the API request, which is a set of results to a query sent by the API user. Brave Search has the right to monetize and put terms of service on the output of its search-engine. The “content of web page” is always an excerpt that depends on the user’s query, always with attribution to the URI of the content. This is a standard and expected feature of all search engines.

Where you see Brave Search API as a way to shamefully make money, we see it as a service to all the people who want to innovate on search and LLMs, who could use only Microsoft Bing Search API, which is in reality a monopoly (Google’s search API is not open-access). This is a pretty different take, not as clickbait-y though.

There are also some doubts towards how crawling is done, which could have been solved by asking before publishing.

Brave Search has a crawler which is partially powered by information provided by users enrolled in the Web Discovery Project (WDP) option in Brave browser’s search settings, which is an off-by-default AKA opt-in, privacy-preserving system with multiple mechanisms to prevent Brave from knowing who is contributing what (WDP is open-source for inspection by anyone).

The reason we do not expose a crawler user-agent is practical: we do not have the resources to contact all domain-owners, who rightfully or not, discriminate against anyone but Google. If a domain or page is not crawlable by any search engine (it has a no-index tag), or if it is not crawlable by googlebot, then Brave Search’s bot will not crawl it either.

Regards,

Josep M. Pujol
Chief of Search at Brave

Which the journalist added these comments:

This initial email doesn’t do a great job of answering things like:

  • How does Brave handle various licenses? Is there an automated system to check a site’s license and then skip things like showing 260-word blurbs of word-for-word copy/pasted content? For example, if I was to add a CC BY-NC-ND license to this site, how would Brave handle it? This particular license clearly states that the content cannot be used for commercial purposes.
  • Brave’s reasoning for not disclosing their Search Crawler is that it is for “practical reasons” as they don’t have the resources to contact all domain owners who “block” or “discriminate” against them. That doesn’t make any sense whatsoever and feels like a red flag of bypassing websites explicitly blocking their crawler. Unless, of course, you choose to block Google’s crawler, and then that will make Brave happy.

And as far as calling my article an assumption goes, it quite literally says on their Brave Search API page that you get “Rights to use data for AI inference”. That same page does not explain licenses, as it stands – their API is a pipeline that you can use to gather fine-grained data.

Brave doesn’t care if it’s licensed one way or another; apparently, they can monetize other people’s licensed content because they’re a search engine.

I’m genuinely curious how “content” and “output of the API request” are two different things, particularly when I already showcased that they give you word-for-word “extra snippets”.

Any inputs from the community on that particular one?

As for Chromium based-browsers, the person went with Vivaldi. But it seems Cromite is also suggested by others here?

What about Iridium? or Falkon?

1 Like
15

I thought Iridium died are they keeping it up-to-date? I remember they was pretty bad at it years ago, they was always 2 versions behind Chromium.

16

Cromite is not just suggested by “others” (aka me), it is also suggested by Privacy Guides themselves on the mobile browser recommendation web page. However, for some reason it is not recommended on the desktop page, which i think is a mistake as cromite is just as good there if not better than it is on android. For me personally, it is the best chromium-based browser bar none.

Tor has been compromised many times and is funded by the feds (i wonder why cough)

Tor-attack-NSA
Tor-attack-NSA700×318 32 KB

fbi-tor-browser-
fbi-tor-browser-1100×1106 167 KB

Backdore galore

is-tor-safe-2
is-tor-safe-21202×1178 147 KB

Tor devs working closely with the US government

Since this makes Tor a non-starter for privacy, i thought maybe i can try Mullvad browser as an option. Unfortunately, after running Speedometer 3.1 (the go to benchmark for browser speed), i got a score less than half of what i get on stock chrome. And in general, mozilla/gecko browsers are painfully slow. I thought removing the onion network from tor would make mullvad faster, but alas, it is not really viable for daily use unless u like really slow browsing. And because chrome has like 90% market share on windows pcs, web devs often don’t test if their website works on firefox properly. Which led me back to chromium-based browsers and thus Cromite.

17

This is non-issue for me on many levels. The basic premise is anti-AI, and weird article by the author to push their own anti-AI ideology as something like license or user violation. Whether it is a license violation or not is currently being litigated, with some cases ending in settlements (Link) meaning no legal precedent set. No user data is harmed. Once the law if clear, we can talk license violation and the like. I personally dislike the de-growth and anti-AI crowd and consider them modern Luddites.

As for naming of bots, Brave is often forced to change their crawler name since a lot of website whitelist bots like google and openai, but block everything else further monopolising the web. They should either give everyone a seat at the table or to none at all. Random blogs afraid of DDoS should not dictate the future of internet.

2 Likes
18

This felt weird to me, so I looked a bit deeper. The cyberinsider article used decades old data, and the breaks it highlighted were all patched and Tor Browser is harder to de anonymize than ever. I am not even sure why incidents from 2014 get a second look a decade+ later. The Ars article is also old, and not relevant now. Very weird thing to cite here. Tor has gone through multiple iterations since then.

The rest of the accusations of Tor working with USG are the same old slop sent around non-technical circles for years now. Guilty by mere association with USG would render any tech unusable, and people concerned about this would do well to read: https://www.cs.cmu.edu/~rdriley/487/papers/Thompson_1984_ReflectionsonTrustingTrust.pdf

Cromite is also a terrible choice overall according to security experts like GraphenOS (https://xcancel.com/GrapheneOS/status/1810883909514674555#m), but I personally do not know much about them outside of they lagged behind in updates for a long while before cleaning up their act (or maybe it was some other niche browser).

Please feel free to flag this if it seems off topic here. It feels off topic to me, but I could not help but look into what seemed concerning to me.

7 Likes
19

It’s not from 2014. For example, this one is from 2017:

2017 court case proves FBI can de-anonymize Tor users

“The means by which the FBI is able to de-anonymize Tor users and discover their real IP address remains classified information. In a 2017 court case, the FBI refused to divulge how it was able to do this, which ultimately led to child abusers on the Tor network going free. From the Tech Times: “

In this case, the FBI managed to breach the anonymity Tor promises and the means used to collect the evidence from the dark web make up a sensitive matter. The technique is valuable to the FBI, so the government would rather compromise this case rather than release the source code it used.

“The government must now choose between disclosure of classified information and dismissal of its indictment,” federal prosecutor Annette Hayes said in a court filing on Friday.

“The cat is out of the bag. The FBI (and presumably other government agencies) has proven to be fully capable of de-anonymizing Tor users. Most Tor promoters simply ignore these different cases and the obvious implications.”

If Tor has already been proven time and time again to be just a government honeypot for arresting criminals, and a surveillance tool for bad actors hosting nodes, why do u think something suddenly changed in the last few years? As the saying goes, the wolf may change his skin, but not his nature. And yeah i decided to post this cuz i saw the title “why does brave browser get a free pass” and it really made me think, well why does tor get a free pass? Tor being anonymous is exactly what the US government wants u to think. How else are they gonna catch the pedos?

1 Like
20

2017 was also fixed. It is also 8 years old now.

No evidence, just speculation from some very paranoid non-experts. “Proven” usually means “beyond reasonable doubt” and not “I was convinced”.

The Tor project has done some nice work here if you care about it: Malicious relays and the health of the Tor network | The Tor Project and Detecting route manipulation by Guard nodes (Path Bias) - Tor Specifications , etc.

They are not in denial about it. It is a very hard problem to solve. I think it is quite sad that energy is spent maligning tor instead of contributing to make it better, especially when done while promoting alternatives that do not even solve the same problem (Cromite et al). Tor is as associated with the USG as internet, silicon chips, radio, etc and as associated as Sonar is with British government.

6 Likes
21

Cromite seems to have frequent updates: Releases · uazo/cromite · GitHub

Iridium as well: News | Iridium Browser

Falkon as well: Tags · Network / Falkon · GitLab

and Vivaldi as well.

I’m sure there are good reasons they are not recommended though. I’m not an expert.