If you search in this forum you may find some answers.
Like for example, Vivaldi has some closed source. Others may be to new to be trusted, projects come and go when it is a small team supporting it. Others may not be as feature rich like Brave.
2 Likes
Reddit isnât really the best place to hunt down objective facts based on Brave, (or any browser for that matter) and a lot of the links and information people share there end up being wildly misrepresented.
Take the 2020 URL injection incident, for example. It was a bug that should have only appeared in an âop inâ widget, (think Firefox, Opera, and other browsers that let you opt in to extra features.)
The problem was flagged by users right away, the Brave team responded within an hour, and a fix rolled out the next day. Yet, if you rely solely on Reddit, the story morphs into something that supposedly lingered for years, hidden in the code with the Brave team twirling their mustaches, laughing maniacally.
Or the âVPN serviceâ that never actually got installed. That, too, was a bug. Braveâs engineers walked us through exactly how it happened, a switch that was meant to be toggled on only for users who purchased the VPN. In practice it did absolutely nothing. Itâs like how sometimes things in your computer will sit in the background and only will enable, and download, once the user flip âswitch.â So no, no VPN actually ever got installed on your system.
They eventually stripped it out calm down peopleâs OCD. It never impacted anyone, but the rumors Reddit turned it into a permanent feature that got put on your system without your approval.
8 Likes
Brave is not a fingerprint resistant browser with all the best settings on alone, meaning there is not enough randomization to not re-identify a visitor and not enough bucketed data to not be sure if visitor x was also a visitor y and z. (Except when you disable webgl through noscript + change window size + change vpn, things start to look better but no one is doing all that manually each time)
With randomization approach you need to have everything randomized each time.
3 Likes
I donât think we can overstate enough that if you care about the most extensive fingerprinting you must only use Mullvad or Tor Browser.
What Brave does is provide a reasonable defense against the most basic trackers and ad networks. This is still a monumental improvement compared to Chrome and Edge. It never changes the first fact that it does not and can not protect against advanced fingerprinting, no matter your configuration. We do not recommend it for this purpose, so the fact that it isnât adequate for this purpose doesnât matter.
10 Likes
What @jonah said is 100% accurate.
Brave is obviously better than stock Edge or Chrome. But that doesnât make it somehow the best option.
The point of browser fingerprinting is to tie consistent use to data that reveal identity. So if a person uses 1 browser all the time, their fingerprint will reveal their habits eventually.
Look at this thread and youâll see a dozen or so browsers named. You can use them all. Just understand what data might be given up each time. I use 5 or 6 browsers and 10-20 VPN locations over the course of the day most days. It depends on how close I want to let something be to knowing itâs actually me. Anything with trackable data to me IRL is 1 browser, and 1 VPN location.
Need a Chromium browser? Great. Use Brave, with Vivaldi, Chromite, and even stock Chrome as your backups. If you use those backups sparingly for single-use things (like when WebGL or canvas is broken by sites where you need to upload images) then youâre not creating a habitual pattern of data that can be used to track you. Youâre giving up one data point one time, and if you use header blocking extensions, you arenât even giving up accurate data, just the flag that the data isnât accurate. That creates a dead end, errant data point.
Human habits are the vulnerability here. The browser part of this is covered.
2 Likes
I would not recommend using a browser based on Qt WebEngine like Falkon because you will be running an older Chromium version with cherry-picked security backports until a new Qt release, and then the cycle repeats.
4 Likes
So that would eliminate Falkon and Vilvadi because not fully open-source.
Cromite and Iridium are still left 
There are many points and gripes to pick at with Cromite, and it is mostly feature redundant with Brave which is more established, more feature rich, and better maintained. Not that Brave is a good option, but it has more to offer for less risk. Most of my criticisms about Brave equally apply here, some to greater degrees, some to lesser. Point is, this isnât any more a âsecurity-focusedâ option than Brave, and Brave really isnât security-focused.
Taken from here. It has a nice overview of chromium based browsers by a frequent contributor to Trivalent
2 Likes
Itâs pure ideology. Brave Software, Inc. is a forâprofit company tied to Brendan Eich. To many, thatâs an instant red flag and something to fight against. From there, a fantasy narrative is built that ignores the full picture and sometimes even the facts.
3 Likes
I made that statement because I think many people are under the false impression that brave is somehow superior anti FP browser which could be the case if it was truly fully randomized. Couple arkenfox profiles are great for work and research. For anonymity I treat mullvad browser as a tor alternative when Iâm stuck on tor @ a captcha and I say fuck this.
3 Likes
While concerning, security has increased since. Also, in recent CSAM sites bust, like
Operation Grayskull, no individuals that watched the content were charged.
This is minsinformation. It isnât proven to be a government honeypot.
They would be happy if they donât use Tor, since they wouldnât be anonymous 
Also: Brave does good job around fingerprinting. It has 100 million users/devices, so you donât get fingerprinted as much as other browser. Even using Vanadium will limit you to a small pool of less than a million people.
6 Likes
Also: Brave does good job around fingerprinting. It has 100 million users/devices, so you donât get fingerprinted as much as other browser. Even using Vanadium will limit you to a small pool of less than a million people.
Despite many users itâs no good as the webgl, system time and os version are hanging out in the wild as if itâs party time. (primarily these metrics are just off the top of my head)
He probably meant that it blends into a much larger mass. In my opinion, itâs currently the best and only option among Chromium-based browsers. But I truly hope Helium lives up to its promises. It just sounds too good to be trueâŚ
4 Likes
For desktop Im not sure there is one unfortunately. I think for any use case using a good Firefox fork like Tor or Mullvad is better than using a Chromium fork that has a track record of adding antifeatures. Chromium is harder to develop exploits for, but if youâre worried about an adversary that can readily deploy 0-days then the difference between Chromium or Firefox should not be relied on to save you.
While concerning, security has increased since. Also, in recent CSAM sites bust, like Operation Grayskull, no individuals that watched the content were charged.
Actually thats not true, there were allegedly ~450 people in Germany who accessed that particular website (Alice in Wonderland - now defunct) were recently deanonymized.
Hinter der Darknet-Plattform âAlice in Wonderlandâ verbarg sich das Grauen - FOCUS online
Its still a small amount in comparison to its userbase, and users who deployed extra protection measures (whonix, VPN > tor, qubes, snowflake, etc.) and kept decent OPSEC were probably still fine.
If Tor has already been proven time and time again to be just a government honeypot for arresting criminals,
The general vulnerabilities that Tor (network) has are openly stated by Tor Project and discussed by researchers. The fact that browsers themselves are easily exploitable by some government-level and corporate-level adversaries is also public knowledge. The anonymity of Tor (and how to use it correctly) is a complicated subject and I recommend reading my posts about it. The silver lining is that internet anonymity is still possible with Tor. But if youâre going on windows 10 and accessing forbidden content in a western country using Tor on your home WiFi, you are asking for your door to be kicked in.
1 Like
Would you mind linking them?
The idea behind Ungoogled Chromium isnât that you use it as it is, although itâs still better than most blink browsers in its raw form. Itâs offered as a template for users (or developers), to modify dependent upon their own prioritised requirements. So if your priority is privacy the end package will be different than someone elseâs UC that prioritised functionality.
As far as anti fingerprinting goes you can get extensions on Github, you can even find them on the playstore for which UC gives you a .crx file that allows you to download playstore apps without having to sign in to screwgle. You canât ask for more than that. OrâŚ. if you really want something special you can even build and integrate your own extensions into UC if you are up to it. If you want everything in a plug and play form just buy a chromebook, but if you want something better you have to be prepared to put a little effort in to it yourself. OrâŚ. just go with Brave and accept that uncertainty will always lurk in the background when you are using someone elseâs browser.
But u can also just go with Cromite. Still havenât seen a convincing reason not to⌠unlike with brave. A lot of the allegations against cromite that the grapheneOS author and that chromium hardening repo laid out were addressed by uazo (RKNF404 is the author of the chromium hardening guide)
Additionally, thanks to me raising a shitstorm, the author of the chromium hardening repo has edited the Cromite part GitHub - RKNF404/chromium-hardening-guide: Harden chromium (somewhat)
For example, it no longer says âavoidâ as u can see in the previous versions Commits ¡ RKNF404/chromium-hardening-guide ¡ GitHub
Tho uazo still doesnât agree with some of the things that the author of that guide and the grapheneOS author have stated about Cromite. For example, RKNF404 argues MV2 is bad, and sure it is, but it enables adblock extensions to work fully, which is ofc better for privacy but worse for security as it increases the attack surface. Eventually (by the end of the issue), they agreed to disagree and call it a day.
Imo, one of cromiteâs biggest issues is that it doesnât truly strip the tracking parameters like brave does, which i described here , however it also does many things brave doesnât like preventing the document.referrer request header from leaking which is used for sites to track u as u browse, brave doesnât do that.
4 Likes
That is so and so I use both as UCâs android release doesnât receive OTA updates, so I use Cromite on portable devices. Cromite is not available for Linux desktop so I use UC on my PCâs which in itself is a good anti fingerprinting measure.
For sure, but still you have a quite big pool. And browsers like Vanadium might spoof your OS version, but they know you use GOS. Plus, they know your timezone, so this narrows the pool even further.
And what about WebGL?
I donât think vanadium claims to make you completely anonymous. Neither does cromite. At the end of the day, unless you use tor/mullvad browser (and even then), thereâs always gonna be smth to identify u.
Btw, cromite randomizes the time zone and the webgl signature, so creepjs detects a new fpID on each page refresh. With other private browsers u have to completely exit the browser and restart it to get a new ID, but not with Cromite. On each F5 u get a new ID. Tho i donât think any browser (besides tor/mullvad) has defeated noscriptfingerprint.com yet (idk why its down now)