
Brave Isn't Bad - smnthermes
https://theprivacyguide1.github.io/why_brave_isnt_bad.html
======
colordrops
The comments in this thread are ironic considering the content of the post.

Brave exposes controls for all of its privacy and crypto features and you can
easily opt in or out of anything that concerns you, making it a great choice
for privacy.

It really smacks of hypocrisy that everyone is all for multitude of open
source solutions, except when it comes to browsers. Mozilla has made _many_
misteps regarding privacy and I've never seen attacks like this. To say that
browser wars are political is an understatement.

Even assuming the worst, that being that Brave is trying to track you and
build an ad network rivaling Google, that still seems in sum total a good
thing. Google has gone down a dark path completely unchecked with their
unimaginable omniscience and ad revenue, and I welcome an attack on their
monopoly.

~~~
nif2ee
Brave is not even a browser, it is just a rebranded Chrome that advertises
itself to users as a "browser" while its main publicity is nothing but an
unhinged attack on the very same company that built the browser it's
rebranding. On the other hand Firefox IS A browser and Mozilla is a non-
profit.

~~~
fredsanford
Nice revisionist history you got there...

Chrome is just a rebranded KDE Konqueror if your logic holds.

~~~
joshuamorton
Brave didn't make any changes to the underlying engine. Chrome has, at this
point, basically rewritten it.

~~~
vorticalbox
No but it made a lot of changes I terms of ad blocking and privacy.

------
thenewnewguy
> But Brave has a backdoor!

> No it doesn't. Brave is open source and there has been no backdoor ever
> found. Many people claim that Brave being able to use custom HTTP headers
> are a backdoor but this isn't true. HTTP headers are allowed as per RFC
> 7231. See Brendan Eich's response to this.

This has got to be a joke, right? Nobody's claiming that Brave 'using custom
HTTP headers' is not allowed in the HTTP spec, the problem is that _Brave
downloads a list of headers to inject into requests for specific websites_.

I'm not sure I'd call this a "backdoor", but considering it cannot (to my
knowledge) be disabled it at least deserves a conversation. Trying to minimize
the complaint with "it's allowed in the HTTP spec" is insane.

------
throwGuardian
Disclaimer: not associated with brave in any way.

Facts:

1\. Brave's tracking degree is little to none, compared to
Google/Microsoft(edge).

2\. Brave is the only browser that splits ad revenue with the user, and pays
creators a higher percentage, compared to the AdSenses of the world. On top of
that, brave ads aren't distracting, are generally of high quality and non
intrusive to the browsing experience.

I've personally earned more than $50 in aggregate this year using brave, and
tipped a 100% of that to sites and content I consume often. Both the creators
and I are happy costumers of brave.

~~~
sheogorath
The problem with brave is that it takes away creators freedom of choice when
it comes to revenue for their content. It's nicely summed up in this article:

[https://practicaltypography.com/the-cowardice-of-
brave.html](https://practicaltypography.com/the-cowardice-of-brave.html)

TL;DR: Creators have to sign-up to brave's BAT system in order to get revenue
for ads that Brave embeds on the creator's website. And even then there is a
competition upon creators for users to spend money on them which is not
correclating with the time users spend on creator's content.

~~~
pricci
The thing is that, in my experience, Brave does not embeds ads on the
creator's page. It shows system alerts with the ads.

------
liamcardenas
> But Brave is based on Chromium!

> Chromium is open source and all Google tracking can easily be disabled.
> Brave strips out all of this by default. Remember that Chromium is not the
> same as Chrome.

Sorry, but this is not a satisfactory explanation to me. Brave is marketed as
the pro-decentralization/good web citizen browser. Yet, it uses Chromium,
which contributes to Google’s dominance over the web — pushing developers to
further neglect Firefox and other browsers as a target.

Also, where is Brave’s innovation? I see none. Instead, I support Mozilla.

~~~
microcolonel
A key part of why Mozilla succeeded in somewhat resurrecting the web was that
it was _good_ , when compared with Internet Explorer.

Firefox is slow ( _especially on Linux_ ) when compared with Chromium. The
Firefox UI is more complex and not any more powerful; the excuse used to be
that they supported more deeply-integrated extensions, but that's mostly dead
now. With regard to "dominance over the web", Firefox is riddled with
compliance bugs and misbehaviours, many of which go unaddressed for years,
these bugs and incompatibilities have forced me to disable features for
Firefox users, or find workarounds, over the years.

> _Also, where is Brave’s innovation? I see none. Instead, I support Mozilla._

Where is Mozilla's innovation today? They maintain a broken, slightly-
differentiated Netscape clone, and have an unmistakable chip on their
shoulder; but there is no substantial benefit to using Mozilla, and there are
some serious drawbacks that Mozilla could avoid if they cared. Brave is at
least doing something interesting, with an innovative compensation model which
has some hope to reduce reliance on surveillance-driven advertising, and they
put a Tor client in the default distribution (even if the browser does not
implement some of the anti-fingerprinting measures that Tor Browser does).

On top of this all, Brave is differentiating on what matters, rather than
taking up the pointless task of maintaining similarly-licensed, lower quality
implementations of various web standards. If Google gains power over the web
with Chromium, in some vague way, then Mozilla's power move would be to base
Firefox on Chromium (or at least fork Chromium). Rust is a spectacular thing
they've done, but at the end of the day, any argument for using Mozilla should
begin with a long list of positive characteristics of the product, and not
with vague platitudes about implementation diversity.

~~~
thenewnewguy
> Firefox is slow (especially on Linux) when compared with Chromium.

People tell me this, but I genuinely can't tell the difference between Chrome
and FF's speed on linux. Both feel equally fast to me. My only real complaint
about FF on linux is a lack of hardware video decoding.

> Mozilla's power move would be to base Firefox on Chromium (or at least fork
> Chromium)

You can't be serious.

~~~
ReverseCold
> People tell me this, but I genuinely can't tell the difference between
> Chrome and FF's speed on linux.

It's pretty apparent in "web apps" \- plenty of SPAs grind Firefox to a halt
and not Chrome. The other major win for Chrome is battery life on laptops. I
know it's getting better for FF, but it's still not that close.

Safari actually does the best on (nearly) any hardware you can convince MacOS
to run on, but they broke extensions recently so it's not viable for me
anymore.

(I still run FF Nightly as my main browser.)

~~~
kick
_It 's pretty apparent in "web apps" \- plenty of SPAs grind Firefox to a halt
and not Chrome. The other major win for Chrome is battery life on laptops. I
know it's getting better for FF, but it's still not that close._

Is this because you're on Mac OS? Firefox has always had Mac as a third-class
OS, especially since they started pushing Metal. I can't remember the last
time I had Firefox crash, grind to a halt, or even stutter.

------
arkanciscan
> they use Google by default

I currently use DuckDuckGo as my primary search engine _because_ Brave's
Private mode uses it by default. I had heard of DDG before, but I assumed that
Google was better. When I saw that it really works just as well, I decided to
switch.

~~~
smitty1e
I like DDG but, when I'm looking for answers to technical questions, I sell my
soul to Sergey. Google gets me to the solution far more rapidly.

~~~
samantohermes
Isn't it better to search for technical questions and corresponding answers on
Q&A websites?

~~~
detaro
No, because they do not capture all the technical knowledge available online.
If they have relevant data, a search engine will hopefully surface it.

------
upofadown
I am unable to use _any_ Chrome/Chromium based browser due to one stupid and
trivial characteristic. When you spawn a new session of Chrome/Chromium the
resulting window/tab steals focus. That means that if you do so from some sort
of terminal based program you are pointlessly left sitting there with the
cursor still in the terminal window but with the focus on the browser window.
If you were hoping to spawn more than one new browser session (say from a RSS
reader), well, you are not doing that.

Firefox has an obscure option that can be used to turn off this obnoxious
behaviour. So I must use Firefox.

~~~
PhilippGille
What OS are you using? At least on Windows there's a Win32 API to change
window focus: [https://stackoverflow.com/questions/10898560/how-to-set-
focu...](https://stackoverflow.com/questions/10898560/how-to-set-focus-to-
another-window)

On macOS maybe this: [https://stackoverflow.com/questions/41309910/how-to-
regain-s...](https://stackoverflow.com/questions/41309910/how-to-regain-set-
focus-in-a-mac-os-swift-application)

------
johnpowell
[https://brave.com/wp-
content/uploads/2019/02/adshero_1.png](https://brave.com/wp-
content/uploads/2019/02/adshero_1.png)

That is a image from:

[https://brave.com/brave-ads-waitlist/](https://brave.com/brave-ads-waitlist/)

Notice the page is about the Grammys and the ad is about the Grammys. This is
important.

So Brave strips the ads from my site and inserts their own as (even more
annoying system notifications). And they are relevant to the page so now my
visitors might think I was the dick that triggered a notification that must be
dismissed.

And If I want a cut I have to sign up for some rando cryptocurrency company,
the bastions of ethics and security.

Please Brave. Use a unique user agent string so I can just block people using
your browser. And I don't care if people block ads, I do too. But when you get
desperate and start showing ads for dildos on my site discussing cross-cut
table-saw blades I'm not going to be a happy camper.

~~~
throwGuardian
Real original smear there - "Brave will get desperate, and start pushing NSFW,
and edgy ads."

I like this fake alternate strawnan universe where actual dildos head Brave,
where last ditch efforts to save a silicon valley VC funded startup is to push
wherever it is you dream they'll push. Because burning everything to the
ground is par-for-the-course, for both VCs and entrepreneurs in the valley?

Or - this is classic FUD-ing, backed by exactly zero evidence

~~~
wpietri
I guess you're new here. Personally, after 20+ years working in SF, I think
that's a perfectly plausible outcome. I mean, the whole internet ad market has
been a long slide to being as awful as they can get away with. The median
investor cares much, much, much more about ROI than how that return is
achieved. And a common outcome for content companies that aren't stars but
have nonzero revenue is to end up as zombies that do anything that juices
income a bit.

------
yellow_lead
> _But Brave whitelists Facebook and Twitter trackers!_

> _This is only partly true. Brave whitelists some Facebook and Twitter
> trackers because blocking them outright would break buttons on some websites
> (e.g. the Facebook like buttons). Brave is meant to be easy to use, breaking
> a lot of websites is not easy to use. Brave was never meant to be a max
> privacy solution._

> _The whitelist is now optional and can easily be disabled in the settings._

Opt out features like this don't respect your privacy.

~~~
huffmsa
Clicking on a Facebook button doesn't contribute to your privacy.

If you're going to click it, it needs to work. If you're not going to click
it, it doesn't matter.

Opt out is the best option here

~~~
SXX
If nothing has changed over years this is just not how it works. As long as
like button and it's scripts present on page Facebook will be tracking you.
You dont need to click on button to activate it and this is the problem.

~~~
Semaphor
we have fb like buttons at work (which gets disabled by the fb container
extension), but using the js version is a choice (by the website operator). An
fb like button can be a normal link with certain query parameters which we
have used for years.

~~~
SXX
I actually used social buttons without tracking for my own projects:

[https://sharingbuttons.io/](https://sharingbuttons.io/)

Problem is that most of websites just use default solutions that FB and
Twitter provide that do enable invasive tracking.

~~~
huffmsa
So developer error / laziness not user error (though they are using Facebook)

------
buboard
Brave is the most disruptive thing to happen on the web in 15 years. The
discussion about tracking is almost irrelevant - adblocking is the bait that
brave uses which will take us from google's web to a web where every visitor
can directly pay the creator to read anything on the web. It's almost comical
to watch HN melting against brave because it's threatening the profits of
their bosses. I personally hope the best for them and i 'll be doing my best
to promote it.

~~~
dang
> HN melting against brave because it's threatening the profits of their
> bosses

That breaks the site guidelines. Please read and follow them, no matter how
wrong you feel other commenters are.

[https://news.ycombinator.com/newsguidelines.html](https://news.ycombinator.com/newsguidelines.html)

------
mindfulhack
This had the effect of making me realise Brave is not the answer. If you don't
mind some UI inferiority, Firefox is the answer.

~~~
Semaphor
what ui inferiority?

~~~
mindfulhack
I can't re-arrange add-on icons with a simple drag and drop of the mouse. That
limitation alone holds me back.

~~~
U8dcN7vx
Yes you can, but you need to select "customize..." first, i.e., you want to
customize the interface.

~~~
mindfulhack
That's what I'm talking about, it's way too inconvenient to have to enter that
clunky 'Customise' window (and then close it ooff) just in order to drag an
icon out of the way of my existing corner icons. I try new add-ons all the
time for temporary or small functions. It's little things like this that make
the everyday experience a deal-breaker. FF has come a long way - e.g. not
requiring restarts for add-ons anymore - but there's still more things to fix.
I literally check this one feature (draggability of add-on buttons) about once
a month, because there's a great to deal gain with Firefox due to privacy.

~~~
Semaphor
I just checked Chrome, apparently it doesn't support moving anything but
extension icons? I far prefer the FF approach (also because of accidental
moving)

------
brobinson
Does Brave still fail fingerprinting tests in a comically bad fashion? Last
time I looked at Brave, it appeared to be pretty bad for privacy
fingerprinting-wise compared to Firefox and (surprisingly) Chrome.

~~~
pes10k
Hi, I do privacy research at Brave. Our fingerprinting protections are still
being improved (our second round of FP defenses should hit nightly in Jan),
but the comments here are wrong; our defenses are much better than Firefox and
Chrome.

We don't consider as part of our threat model preventing sites from knowing
you're using Brave. I'm not aware of any browser or tool that considers this
as part of their privacy threat model either (including the terrific Tor
Browser Bundle). Our goal is to prevent sites from distinguishing between
Brave users.

My claim is that our fingerprinting protections are strictly stronger than
Firefox and Chrome. A partial list of fingerprinting protections that are
enabled by default in Brave are at [1].

Fingerprinting is tricky, and we're tacking the problem in on multiple
dimensions. We need to go further, and expect to have v2 of our defenses in
nightly in the next month or two [2], but we're also leading efforts in W3C to
address fingerprinting in standards (I'm snyderp, those are my / Brave issues
identifying privacy harm in standards) [3], and we're pushing hard to prevent
web standards and privacy efforts from being eaten up by vaporware [4].

So, all that is to say, Brave has the most aggressive fingerprinting
protections of any general purpose browser, and is getting better. The
naysayers are welcome to backup their claims ;)

1: [https://github.com/brave/browser-
laptop/wiki/Fingerprinting-...](https://github.com/brave/browser-
laptop/wiki/Fingerprinting-Protection-Mode)

2: [https://github.com/brave/brave-
browser/issues/5614](https://github.com/brave/brave-browser/issues/5614)

3: [https://github.com/w3cping/tracking-
issues/issues](https://github.com/w3cping/tracking-issues/issues)

4: [https://brave.com/brave-fingerprinting-and-privacy-
budgets/](https://brave.com/brave-fingerprinting-and-privacy-budgets/)

------
saagarjha
> Their home page (their website, not the browser's home page) contains
> analytics because they want to see what type of users are using their
> service, how many etc. Analytics are used virtually everywhere and are a
> nice way to gain information about how much traffic your website is
> recieving. Additionally, Brave's tracker blocker blocks this tracker anyway.

Then why have it? Just because “everyone is doing it, so we should too, even
though it’s antithetical to our goals”?

------
te_chris
Just use Firefox. The fact that these posts are even needed says everything
about the choice you’re making.

~~~
samantohermes
Herd mentality much?

------
Simon_says
Ads in and of themselves are bad, even without tracking. My time and attention
are the only truly limited resources I have. Hijacking those to make me desire
things I don’t need reduces my quality of life. Secondarily, ads corrupt every
media outlet they touch. To hell with all of them.

~~~
buboard
brave uses ads to generate revenue for _users_. But the tokens might be used
in the future to incentivize more direct behaviors, e.g. incentivize users to
sign up or post quality content or buy a product. This would completely bypass
the advertising ecosystem and the nuissances it creates, connecting users and
makers directly. It's still marketing, but direct. There are many
possibilities when payments are frictionless.

~~~
Simon_says
Realistically, what kind of money are we talking about? There is some amount
of money I would sell my attention for, but it’s somewhere in the multiple
hundreds of dollars per hour. Less than that, and my effort is more
efficiently spent on other things. More than that, and I’m extremely
suspicious of the motives of who would pay that and why.

Get real. Ads are disgusting.

~~~
buboard
there are already "offer walls", i.e. incentivized actions that reward users
with small amounts of money. Or users could e.g. be rewarded if their amazon
reviews are highly rated. there is an incentive for websites to do that. it
doesnt even have to be about ads

------
onyva
Basically every reasoning they give for why Brave is not as bad as it seems,
seems to demonstrate exactly that point. Literally. Starting with “they
clearly state in their privacy policy that their ads do not track you”. Great.
Sure. Argument won decidedly.

------
SimplePotato
Any developers out there, using it day to day?

~~~
ironarm
Yes, I am. It's been my primary browser for the last 14 months. It works the
same as chrome for web development.

I like the built in privacy features, but still use ublock, umatrix and
privacy badger in conjunction with built in features. It's extremely snappy.

I have some qualms about their BAT model, but I am opted into ads and have set
wikipedia and several favorite sites to auto donate. I've also cashed out
about half of it myself (about $30 of $60 this year).

The ads themselves are crudely targeted. They claim the browser profiles your
visits locally. Basically, visit opted in programming sites, get programming
ads. It doesn't feel spooky and the ads are not intrusive.

I would use this without the BAT model or crypto wallets, but use both of
those features all the time but it's just a bonus.

The most important thing to me is that it's chrome dev tools without Google.
Chrome is straight up scary.

* Also, native tor windows are handy for testing ;)

------
nif2ee
If I am going to use Chrome/Chromium then I am just going to use
Chrome/Chromium and spend 10 more seconds and install ublock. No reason to use
a themed Chromium by a company that literally announces itself to investors
(among which Peter Thiel who has obviously personal issues with Google
founders) as an advertising platform with a cryptoscam if it didn't work.

~~~
turblety
I'm not too sure what ublock does entirely, but it seems to focus more on
blocking content of the site. Like images, iframes, scripts, etc.

Chrome does a lot of calling home. Like, a LOT [1][2]. For example, it checks
sites are "safe" (as according to Google's standards) running every website
you visit through their servers.

Brave tries to disable most of this.

1\. [https://github.com/Eloston/ungoogled-
chromium](https://github.com/Eloston/ungoogled-chromium)

2\. [https://brave.com/brave-tops-browser-first-run-network-
traff...](https://brave.com/brave-tops-browser-first-run-network-traffic-
results/)

~~~
lern_too_spel
Brave uses the same safe browsing implementation as Chrome.

> running every website you visit through their servers.

That's not how it works.

~~~
turblety
Feel free to add some more facts/sources/links to prove your claim please.

Brave proxies requests [1] to Google to ensure they do not get the details of
the website you are visiting.

1\. [https://github.com/brave/brave-browser/wiki/Proxy-
redirected...](https://github.com/brave/brave-browser/wiki/Proxy-redirected-
URLs)

~~~
lern_too_spel
The proxy doesn't modify the request. It just hides who it is coming from.
That just means Brave knows who it is coming from instead of Google.

