Hacker News new | past | comments | ask | show | jobs | submit login
What happens when you launch Google Chrome for the first time? (twitter.com/jonathansampson)
1041 points by ingve on Aug 27, 2019 | hide | past | favorite | 320 comments

"The http://mozilla.org tab discussing the importance of Privacy loads in the background, bringing along with it the Google Tag Manager and Google Analytics. Hello, Google."

Loved that part.

There is response from Mozilla's security engineer: "Thank you very much for pointing this out! We are investigating this and will report back." https://twitter.com/mozdeco/status/1166042350453497856

This is an interesting (closed) bug filed against their SSL config generator. https://github.com/mozilla/ssl-config-generator/issues/8

It demonstrates that support for Google Analytics is not unanimous within Mozilla, and even if someone removes it from a product page that action is detected by others and reversed.

Privacy aware users should block this sort of thing at their router using a hosts file, or Pi-hole, which is far more effective than calling companies out on Twitter and hoping for the best.

I think it's important to do both.

Privacy aware users should take all resonable steps to protect their on privacy, but it is also appropriate to call out Mozilla.

Mozilla (and advocates) promote Firefox as the privacy conscious browser while Mozilla repeatedly takes actions that would appear to go against that claim.

Representative comment: https://github.com/mozilla/ssl-config-generator/issues/8#iss...

> In this new era of looking for premium service opportunities I suspect there will be value in having metrics of some kind.

Yes, I was somewhat disappointed when I read that. The irony.

addons.mozilla.org also contains Google Analytics. And since addons are not allowed to act on addons.mozilla.org, you have no choice but to ping Google every time you load a page there.

Mozilla is either stupid or ill-intentioned. It's 2019 so they've lost the benefit of the doubt for me.

There is in fact a third option, which happens to be their stated position.

Part of their (written) agreement with Google is that none of the analytics data generated from Mozilla properties will contribute towards Google's tracking database.

"Mozilla has a legal contract with Google that prevents them from using our Google Analytics data for mining or from sharing it with third parties, among other privacy-protecting provisions."

"Mozilla went through a year long legal discussion with GA before we would ever implement it on our websites. GA had to provide how and what they stored and we would only sign a contract with them if they allowed Mozilla to opt-out of Google using the data for mining and 3rd parties." https://bugzilla.mozilla.org/show_bug.cgi?id=697436#c14

Great if you trust Google, not so much if you don't. Too bad Mozilla made that choice for us, and imho, the wrong one. Google has proved itself time and time again that they cannot be trusted with privacy.

"Mozilla went through a year long legal discussion with GA."

I wonder why. Implementing some basic analytics on a few pages shouldn't be that hard.

"Great if you trust Google, not so much if you don't. Too bad Mozilla made that choice for us, and imho, the wrong one. Google has proved itself time and time again that they cannot be trusted with privacy."

I believe this to be a lazy and ignorant opinion, and I think you are hoping no one will call you out for this.

"Google has proved time and time against they cannot be trusted with privacy". This is a contract between two businesses, which carries legal weight (and in some countries, carries more legal weight than just contract law), so could you source for me perhaps 2-3 (you said "time and time again", so 2-3 should be quite easy!) of your most iconic times that Google openly violated contract terms with major organizations regarding privacy controls?

Remember when they were "unintentionally" scanning and saving wifi data?

Broke the law.

If Google has a culture of "grab all the data, and use it in whatever way you can figure out to make money,"—and they do—then the real question is if they even have the institutional capability to not accidentally use this data the same way they use all the other data they have.

>"Remember when they were "unintentionally" scanning and saving wifi data? Broke the law."

I don't want to be a broken record of "this opinion sounds lazy and under-researched and I'm calling you out" but.....

* Google was cleared of wrongdoing under the Wire Tap Act after an investigation by federal law enforcement

* The wifi data capture was a 20% time engineer project which rolled out unintentionally, was never commingled with other data, and was destroyed without being used

* The DoJ and Federal Court of Appeals disagree on the details and the Supreme Court of the United States refused a petition to clarify any parts, so any assertion that they "Broke the law" is either ignorant or malicious, IMO, because to summarize a situation where law enforcement said "No law breaking " and an Appeals court said "Maybe law breaking" as "Law Breaking" can't be considered a rational and intellectual attempt at understanding

Well, as long as it's all legal I'm happy :D

While Google does collect a lot of data, the culture is to guard it rather zealously. Google has a lot of lawyers and all projects have to get a privacy review. The privacy folks take their jobs seriously. There is mandatory training about when you need a privacy review. There are a lot of internal rules and technologies built to guard security and privacy. There are researchers looking into ways to learn from data on mobile devices without actually collecting it. The security people are probably the best in the business. And so on.

Some of the procedures were put in place after the wifi scanning incident.

And that's not to say bad things can't still happen. One thing that sounded particularly bad about the now-cancelled Dragonfly project was that they were allegedly avoiding privacy review. This project was being kept secret from the rest of the company because it's not how things are usually done.

So, my guess as an ex-Googler is that they can guard it and probably will, at least under normal conditions.

We wouldn't know, since most of the incidents would never see the light. From the incidents that did come to light (e.g. Google spying on you through its assistant), we do know that they can and will bend the letter of the law to suit their purpose. So I think that it's your opinion that sounds hopelessly naive rather than OP's.

Most of the cases of Google "spying through home assistant" (along with the other assistants, Amazon, Apple included) while obviously invasions of privacy were generally (all?) legal.

At least in the US they weren't breaking any laws. I'm not saying they would never break any laws for financial gain, just that most of the breaches in privacy aren't technically illegal (thus the need for privacy laws)

> This is a contract between two businesses, which carries legal weight.

It’s like the Snowden revelations didn’t happen. I am pretty sure US intelligence agencies have access to your Firefox GA analytics.

So where is the external audit to Google's data centers, verifying that they actually do what they claim to do?

It is pretty unlikely that a company (Google) would break a contract with another relatively large organisation (Mozilla). Yes, Google vacuum up all your data and do shady stuff with it, but only because all of it is legal.

Plus, the amount of data that they get from Mozilla must be tiny compared to the amount of data that they collect through their search engine: it's only data on mozilla.org, not data of everyone that uses the browser at all times. It is not wise to risk a lawsuit over it.

> I wonder why. Implementing some basic analytics on a few pages shouldn't be that hard.

Maybe defining a contract to prevent use of Mozilla data without loopholes is harder.

It will be "anonymised" I imagine, enough to give Google all they want and still let Mozilla get paid and _say_ they don't give up user data.

There's surely no way to tell what they do with the data at the other end? It's Google and their serf, Mozilla, I can't imagine it's wholesome.

> It will be "anonymised" I imagine, enough to give Google all they want and still let Mozilla get paid

Do you have you any basis for this assertion?

For the assertion of my assumption? The post itself is evidence of it.

You can see from the screenshot in the linked bug report that the data won't be shared whatsoever if those boxes aren't checked.

It’s not entirely one sided as you describe. Google is one of the few companies that has also fought legal requests from governments trying to spy on their citizens, when the others giants caved immediately.

One of the things Google gets right. They know that data breaches, where someone does get the valuable ad profiles or data of Google users (while usually advertisers just get to target based off the data), are one of the few things that will actually cause the masses to think about their privacy settings and why they're giving Google their life story at all.

Which requires the user to trust Google to a) honor that agreement (somewhat simple, though we don't know the actual terms, i.e. what's on the line for Google) and b) not have bugs in their systems that accidentally leak information (to their own profiling services or third parties), and if they trust them on this, why not trust them in general when it comes to "we won't use your information for anything nefarious". Anti-Ad/Tracking-Plugins being among the most popular suggests that a lot of Mozilla's users don't want to rely on trust.

My bank argues the same way and uses Google Analytics to track their visitors, including inside the online banking system. Fine, so they trust Google to honor agreements and not connect profiles, but I'd still prefer Google to simply not know when and how often I'm logging in to check my account balance.

It's good that Mozilla goes the extra mile to get a custom contract, but I believe that most people aren't expecting a self-proclaimed privacy champion to use an anti-privacy-service by one of the largest corporate enemies of privacy. Explicit opt-in would be the right thing to do here.

Not only that, but Mozilla's Google opt-out is available to all GA customers, which is great for everyone.

It's not any good for users who don't have the choice to opt out.

If you personally want to opt out then use a content blocker? There's also an official way to completely opt out of GA, but this basically does the same thing.

Privacy isn't a zero sum game, there can be improvements.

What's the point? Why does Mozilla exist? If Google is good enough mozilla.org should redirect to google.com/chrome.

If Google is not going enough, Mozilla shouldn't use Google for analytics on the add-ons page when there are plenty of other options and an opportunity to do something valuable by building a site-private analytics product as part of their core mission of protecting the web.

Thanks for bringing that up. Im wondering why they went through all that trouble though. Are there no alternatives to GA?

According to the issues trackers, various forms of "self-hosting would be more work for a lesser product".

I'm not sure that would still be the case if the decision were being made today, and would quietly hope not, but I guess we can charitably say that the reason now is "inertia".

Personally, I think they may have underestimated (or failed to fully predict) the anti-google, pro-privacy sentiment in the wings, and it's clear even from this thread and the issues on bugzilla that it's probably cost them enough privacy-capital at this stage to have justified the extra work required to self-host.

But hindsight is 20-20. There are sunk costs now which also must play into the decisions.

Or just don't load any "analytics" scripts at all. Do you really need to know the aggregate mouse positions of every user on your addon page?

Definitely not, but I can see how it might be useful to know aggregates of the Firefox version and locale information for people visiting that particular page.

Sure, but you can do that with just your web server log.

> Personally, I think they may have underestimated (or failed to fully predict) the anti-google, pro-privacy sentiment in the wings, and it's clear even from this thread and the issues on bugzilla that it's probably cost them enough privacy-capital at this stage to have justified the extra work required to self-host.

Or maybe the "anti-google, pro-privacy sentiment" isn't really all that big. Could be a relatively small but vocal set of people.

> self-hosting would be more work for a lesser product".

The same argument applies to the whole of Firefox. It's more work and it's a lesser product. If Firefox can be a better product, than Mozilla Analytics could be too.

At this point it's clear that Mozilla is a business (with well paid management and staff) like Google that is using Privacy as a promo like Google used Don't Be Evil. Mozilla might be better in practice today, but it's not on a principled foundation. It looks like a Google Lite - Firefox vs Chrome, Rust vs Go, etc.

>Are there no alternatives to GA?

There is Matomo (formerly Piwik): https://matomo.org/

We use this one, paid version. Sometimes it's a slower load, the UI is less good than GA, other little issues but we still get the core data, and can trap page-level-events.

> legal contract with Google that prevents them

This misrepresents the ability of a contract.

No law can prevent a thing, no written agreement can prevent cheating. Law can only set out that such cheating might be illegal in the sense that it can be argued in court that penalties should apply.

I do see the point that you are making, and clearly prevents is not absolutely true, but the beauty of open companies like Mozilla is that this information is available at all. In an issue tracker no less.

We can be a little more charitable in not demanding legalese from someone who was casually paraphrasing somebody else, given the context (a bug report).

Mozilla is open? Which manager signed off on the Pocket implementation? Where are the minutes for the meetings in which that was agreed?

Mozilla make open source, they're not open like a publicly accountable body, are they?

Sorry, ironically I didn't mean to imply openness in any legal sense (although the foundation itself is publicly accountable in terms of what they spend their money on).

Open companies was probably a bad term to use because it might imply something beyond most/all(?) of their products being developed in the open, but I think the point stands well enough regardless.

I won't edit now, but please read my original "open" as "open source".

>No law can prevent a thing, no written agreement can prevent cheating. Law can only set out that such cheating might be illegal in the sense that it can be argued in court that penalties should apply.

This is asinine stuff. Contract law is one of the oldest parts of the legal system and contracts are protected. Violating contract terms leads to a discussion of damages. It's not about illegal contracts, it's about liability and damages.

No one before you was talking about "illegal contracts". You misread what you replied to. Contracts don't prevent things. Contracts determine (sometimes indefinite, but not infinite) prices for actions.

If you trust Google to always uphold its contract, than by the same logic you should trust the government to never abuse your encryption keys. But we don't, because insider access is (eventually) outsider access. Bits don't have color.

And I'm explicitly rejecting the theoretical discussion of "contracts not preventing things", a somewhat useful model of legal thinking for first year law students to understand one aspect, but an absolutely atrocious model for a layperson to understand general contract law.

This is like saying criminal law doesn't prevent crime, which again under some literalist and pointless definition sure a murderer isn't physically prevented from murder by a law, but the punishment of murderers does prevent many people from becoming murderers.

Similarly, contract law influences the behavior of people who agree to them by establishing damages and liabilities for various situations, and these incentives influence and control normal actors in predictable ways. A summary of the influences and controls on normal actors in contract negotiation could be "contracts prevent things".

My contract with my ISP prevents me from reselling my bandwidth to my neighbors. It doesn't physically prevent me, but it establishes a liability for me that I want to avoid.

My contract with my car insurance company prevents me from working for Uber. It doesn't physically prevent me from clicking Sign Up in the Uber app, but it establishes limits on my coverage such that I would be driving illegally if I were to continue, and I want to avoid that, so the contract prevents me from doing it.

Unless they believe they can get away with it.

Let's not be naive. The Big Brother agenda of Google didn't happen in a vacuum. They have government support and protection from some factions of our intelligence agencies to this day (although, perhaps not for much longer). The whole original concept of "Google" as a search engine (and tracking app) was originally a program of DARPA (same for Facebook - originally called "LifeLog"). Do you really think they cut all ties with the government when they went public? Neither Google or Facebook are what they appear to be.

"Privacy" in the sense that it pertains to selling your info to advertisers is just a sideshow; i.e. not the real problem.

> Violating contract terms leads to a discussion of damages.

No, being found in a court of law to have done so does, but when the contract terms are easy to violate without the other party being aware it is especially inaccurate to portray this as the violation itself leading to this result.

Thank God that Google is such trustworthy company on which we can depend with all our data and personal information. The company that would never deal with likes of China. The company which would never expose data of Google+ customers. The company which is always transparent with its policies and usage of user provided data.

> The company that would never deal with likes of China.

This is disingenuous. They basically locked themselves out of China voluntarily many years ago. They're really scary otherwise and I agree with you, but don't lessen your point by including exaggerations, in my opinion.

Expletive deleted. Project Dragonfly.


> Part of their (written) agreement with Google is that none of the analytics data generated from Mozilla properties will contribute towards Google's tracking database.

Do they really think people are that naive?

According to Hanlon's razor, the second choice is redundant.

Thanks for investigating. For comparison, I'd suggest trying something older --- perhaps IE6, Firefox 3.x, and Opera 9.x? For something newer, Dillo and NetSurf might make good contrasts too; I believe they don't make any network requests and just sit there with a blank window and the cursor focused on the address bar, which is IMHO the way a browser should behave the first --- or any --- time you run it. No further adverts or other attempts to get "promotional" material in your face, just a program that waits for and goes to whatever URL you choose.

(I really hate the "first-run experience" of a lot of "modern" apps these days. I don't need to be told "thanks for using our product" or anything similar, I'm already using your product --- just shut up and let me use it!)

Do Ungoogled Chrome next: https://github.com/Eloston/ungoogled-chromium

And if it's relevant Tor Browser

He's not going to do that because https://news.ycombinator.com/item?id=20806265, and it wouldn't fit his agenda. tl;dr: he works for Brave, has two personal Twitter accounts, both browser-related, yet posts these reviews from the account which magically has zero mentions of him being on Brave's payroll! The level of propaganda is simply unbelievable!


sleep $((5 * 24 * 60 * 60)) && chromium-review > /dev/null

Chromium vs Chrome would be really interesting.

Yeah, supposedly some but not all of the calling-home is only added in Chrome, not in chromium. I would also be curious to see just how google vanilla Chromium is.

Of course there's ungoogled-chromium, but I had some issues building that recently.

How about links?

http://links.twibright.com/ http://www.jikos.cz/~mikulas/links/

What happens when there is no internet connection on first launch?

What if there is no DNS?

Does the program keep trying on every launch?

Does the program have hard-coded IP addresses or an internal DNS client?

Interesting how one of the main selling points of Brave, the slightly-shady crypto currency thing, is not initialized on first start (unless it's hidden deep inside some JSON or done using a different kind of network protocol).

I suppose this is because they put it behind another layer of privacy agreements and terms of service. This is an improvement from the last time I tried it. They also added confirmation that a website is actually open to receiving tokens now, that's nice as well.

If Brave wasn't Chrome-based, I would've tried it. Sadly, the world seems to be converging on Google's One True Browser Engine and I don't want to support that.

You shouldn't see communication with ledger services until you opt-in to Brave Rewards. I did this last night, and monitored network activity. We run a tight ship

Do you plan on running a series on update cycles and what each browser does when it phones home to check for patches/updates?

I could. Those bits are fairly simple though. Often a small payload is sent to a server containing the version of the browser (and often the OS). The server responds with a link to download the newer bits (if necessary). A couple of the threads I shared touch on this briefly. The only difference, if I recall correctly, was that some of the browsers would check for updates to the updater too.

Why no Safari?

Proximity, mostly. I'm a Windows user. That said, I am planning on setting up a proxy connection to test Safari on my MacBook.

Isn't there a Safari for Windows? I remember ending up with it after installing iTunes a few years back.

Discontinued after May 9, 2012.

It's no longer supported, and the last released version is so old it's likely unsafe.

Thank you!

here's plain (in a good way:) webkit: https://surf.suckless.org

First launch: 0 bytes.

The note at the top of surf's page about the lack of tabs is missing some context, surf is composable, so if you want tabs, it comes with a script to use tabbed. Each window (or tab) runs in it's own process (skipping some details). It's also easy to enable/disable JS (per process) out of the box with it's keybindings.

Manpage: http://dpaste.com/1R3Q242.txt

I tried to use suckless software at some point but stopped in the end. In theory the idea is good, but sadly the software is not up to par. For a lightweight WebKit browser with minimal UI and vim mode included I’d recommend QuteBrowser https://qutebrowser.org/

Qute's realy nice. I should try it again just for the py-ness. Using Gentoo's -9999 ebuilds for dmenu and surf, both are solid and maintained.

Is there any way to easy run webkit on Windows?

I wouldn't say easy, but definitely possible to run the official nightly build.


I'm guessing because it's damned hard to run.

You have to have Apple hardware to run Safari.

Or a virtual machine

That, too, is hard without Apple hardware. KVM is probably the only virtual machine software that runs macOS with minimal fuss and patching outside of Apple hardware and it still requires a fair bit of work (though scripts exist to automate all of it.)

Many guides to creating Hackintosh setups hinge on having at least one existing Mac. The only saving grace for KVM is that people have developed tools to download macOS directly from the Mac App Store CDN and deal with the DMG image.

Thanks, these are the scripts I was thinking of. They’re really great.

I run VMWare for cross-platform development and I can tell you I have no problems running Apple OS'es since Mountain Lion 10 years. I have around 20 VM's with different MacOS'es that I use/used for testing/development. No Apple hardware at all, only my good old custom PC that houses all of them

Ah, I also have used VMware Workstation to run macOS, although my Workstation 15 license has mostly collected dust thanks to KVM.

Since you’ve been doing this for a while, perhaps you’ve simply forgotten that running macOS natively on VMware outside macOS actually requires patching? Granted, there is a tool[1] for this that is pretty popular and easy to use. But it’s still required when running without hacks.

Finally, where are you getting your installation media? Apple only allows downloads of macOS installation media via the Mac App Store.

I suspect you may possibly be referring to using pre-configured Hackintosh VMs that use EFI emulation and FakeSMC instead of running natively. Frankly, I just don’t trust OS images from random sketchy third parties.

[1]: https://github.com/DrDonk/unlocker

Actually I got an official Mountain Lion image from Apple way back 10 years ago, and ever since a new MacOS was out, I just copied my latest VM and run that one as a complete update. Couple hours later I was having their latest OS in new VM. So all my VM's have official Apple software, no 3rd party included. And yes, you are right, every time a new update for apps I use appear on store, I get hit with the message to update what I have. I simply just cancel and go on with my work. XCode is the most updated, I get hit with messages for it at least several times per week.

Oh, I see. Unfortunately I think it’s not as easy to bootstrap anymore. Having an existing Hackintosh VM obviously is a useful starting point, but getting one today is probably not super easy. So I can sympathize with folks who are having trouble.

AFAIK, MacOS licensing requires running on Apple hardware.

Notice that you'll find cloud providers offering Linux and Windows, but almost never MacOS virtual machines.

Thanks for the indepth information! Very interesting to see what is going on.

This was very interesting, thanks for posting your findings!

I didn't realise there was a competitor.

I wasn't promoting one over the other - just unaware alternatives existed.

Also didn't know it had ads, because all ads are blocked in my browser.

Last time I checked ThreadReader is an indie app developed by one or two developers. I've had no issues with them in the past.

The truth is, this service was acquired last year by a US company. They didn't mention it or share the news with their users and they keep marketing themselves as "indie developers", including on their patreon https://www.patreon.com/ThreadReaderApp. In addition to that the original creator left, he is not working on the product anymore.

With ads between the tweets? BS

I use an adblocker and support the developer of ThreadReader. So I don't see the ads.

> I use an adblocker and support the developer of ThreadReader

That sounds like a contradiction. If he uses ads it's so that his development gets supported this way.

View it in Brave ;)

I won't use this shady software.

How is Brave shady? Or are you just trolling?

I think that it's shady too. I don't know much about Brave and don't want to know. To me a huge red flag is that Brave tries to push its Basic Attention Token (BAT). BAT is a token of low quality because of the following reasons.

1. The developers try to make up a reason to create another coin for something, that doesn't need a coin; 2. The relationship between the browser and the coin is not cryptographically strong and will never be — it's impossible to prevent fraud when their system is just a program that checks for certain condition (an ad viewed) and communicates to its backend, instructing it to give some address a coin. 3. The developers created a billion of tokens out of thin air and now try to give it some value. And traders do believe that it has some value.

I personally don't tolerate shitcoins even the slightest. Thus, I see Brave as nothing, but a browser engine with a content filter and a shitcoin embedded.

I completely agree with all your points.

However, to me Brave is the least-worse browser because at least it has a step inside the territory of blockchain-based browsing. It's the first browser that will add an integrated wallet by default (mainstream will never accept using the weird developer-centric MetaMask extension).

I hoped at one point Brave would follow more of a patreon-like model - block ads on pages and give the site my money in exchange. Unfortunately they've gone for showing me different ads.

Brave does follow this patreon style model. There's a section in the Brave Rewards panel that mentions "Auto-contribute" which does what your describing.

You can also easily enable and disable Brave Ads while still contributing (though you'd need to fund your browser wallet)

Doesn't every single website have to opt in for this to receive any payment?

This is really hard to do because it involves a myriad of ad networks and payment systems. Others have tried to solve it but maybe Brave can? Dunno.

That'd be a really nice feature

It sounds like you have something against cryptocurrencies as a whole and not their tokenomics as to me it seems the reasons for creating your own token for this case is fairly clear.

Brave has a history of acting shady.

For a while they would take BAT "donations" for any website, and would just keep them unless the site owner signed up to receive them. This stopped a few months ago.

The whole monetization model of replacing a site's ads with their own is questionable.

The whole BAT thing seems like a scam, they offer ways to buy them but no way to sell them.

Really anything that uses a cryptocurrency for funding has that "con stink".

"The whole monetization model of replacing a site's ads with their own is questionable."

Just to be more concise, they are not exactly "replacing" ads on the site. The built-in adblocker remove all ads irrelevant of the sites and if you enable Brave Ads (the coin thing, opt in), you get up to 5 per hour (configurable) OS native notification. The notification contains a text ad with a link. Even if you don't click on the notification, you get the coin.

We are not replacing ads on any site right now, and we won't do it without the publisher as partner, getting 70% of the gross revenue.

You can sell BAT via any crypto exchange or website. Coinbase, Uphold, Binance, etc. You can even choose to have BAT automatically convert to USD, Euro, etc.

Probably the built-in cryptocurrency mining.

I think it's unfair to call it mining. You're simply able to be rewarded in their token if you allow ads. That is completely different from mining.


Brave and stunning.

“We value your privacy”

Always a good sign that they don’t.

Oh, but they do. The same way a group of muggers does when they stop you in a dark alley and say, "we value your money".

(Hell, they'll likely offer you an option to consent or proceed without consent to receive reduced experience.)

We value your privacy in much the same way fleas value dogs.

That's a nice analogy, can extend it a bit by offering a "reduced experience due to broken limbs"


"We value your privacy"

Click "Options" or whatever. Almost everything seems turned of (I guess it is an attempted dark pattern where they want me to believe it is off by default.)

Click "Third parties". See an somewhat complete list of shady "mainstream" tracker companies - or so I hope -there are literally hundreds of companies on that list, I counted by copying and pasting into a spreadsheet :-]

So much for valuing my privacy. Then again I guess it can be read to mean they value taking our privacy away.

"Your private information has value to us" would be a more honest wording.

They really do value it, though, at the price of the highest bidder.

Doesn't feel it's much different from original Twitter UI TBH.

Did you know that every Opera install on windows and mac using the net-installer gets a uniquely modified exe or zip file with information about the download so that Opera can track where/why a browser was downloaded?

On windows they modify the PE header of the exe, and adds extra information to a certificate table at the end of the file, without affecting the signature of the file. (Last 4 bytes of the file gives the size of the payload, giving you the offset to start reading a string that starts with OPR followed by a base64 encoded string, which contains a checksum and a json object. The json object contains country of origin, http_referrer of the download, a timestamp, UTM-parameters seen on the referrer, the user agent and a uuid assigned to the download. This uuid is kept for the life time of the browser install.)

On mac, the process is a bit different, but there they use appledouble (._-meta files) to modify the zip-file on the fly while downloading including the same type of data.

Everyone knows (or should know) Opera is adware/malware now, after the ownership changed.

If you liked Opera, try Vivaldi. It's made by some ex-opera people, reminds me of good old Opera 6.

This was implemented way before Opera changed ownership, and as far as I can see from the outside, not much has changed in this code. The main difference I see, is that they have removed the source IP from the JSON.

So, if any, they are tracking less data in that data blob after they changed ownership.

(I worked on this feature at Opera back in the days)

What was this information used for?

Statistics. We wanted to know how different campaigns worked, how the user retention from different partners was, and also benchmark how well the autoupdate system worked. While I worked for Opera this was strictly for internal use, and a very limited set of people had access to logs and raw data.

The same ex-opera people was the master minds behind the netinstaller tracking :) I was not implying that Opera is any more adware/malware than any other software.

Yeah Vivaldi is the best browser experience I have tried recently.

I have the Chrome engine, without all the Google trackers. And the best customizable experience (vertical tabs à la Firefox Tree Style Tab).

Dropped Google Chrome and Firefox.

What do you use for syncing bookmarks? That's one of the most infuriating thing about browsers that are not FF, Chrome or Safari. I want my bookmarks no matter what device I'm on. I could care less about other types of syncing.

I use Vivaldi as my main browser, but more often than not, it becomes sluggish. Sometimes Windows fail draw, which is annoying.


I worked on an app that did this, you digitally sign the exe and the signature includes the length of the signed data but not the length of the exe - you can the append whatever you want at the end and read it when you run the executable.

It is a great way to not have to resign every app but also allow for a “one click” install experience

A reality check to those who want to push apps and more workloads into the browser (via WASM, PWAs/excessive JavaScript, or whatever), with the browser becoming a gatekeeper. Not only is the browser a laughably complicated app runtime that isn't capable to do anything with local files (so you need "services" to store your eg. photos), it's also blatantly power-inefficient and a privacy catastrophe. Where has the idea of personal computing shared by a whole generation gone?

    a privacy catastrophe
Much less so than a native application.

Native applications can access the web in less restricted ways than websites.

Native applications have more access to your local machine than websites.

Websites for the win!

What we need is a user friendly browser.

No, what we need is a proper permissions model for desktop applications. The idea of permissions being per-user is almost useless in this day and age where most desktop machines have one user (or a small number of users sharing files) and where most applications are downloaded from untrusted sources.

We need proper automatic sandboxing of native apps, restricting file, network and resource access without prior permission from the user.

That is being worked on. On many fronts. Linux containers are getting better. iOS is sandboxing applications to some extend. Android too and is slowly adding finer and finer sandboxing settings. ChromeOS also does sandboxing. I don't know about Windows, but I guess something similar is happening over there.

My money is on the Browser. Because it has proven (via survival of the fittest) that it is the best platform for the modern age. It has what, 100% market share? Everybody I know can use websites.

Even if one of the desktop or mobile operating systems adds sufficient sandboxing in the future, I would not want to develop applications for it. Because it would restrict my creation to the people who use that one platform. And it would give the power to censor it or mingle with it to the platform operator.

>ecause it would restrict my creation to the people who use that one platform. And it would give the power to censor it or mingle with it to the platform operator.

But that's exactly what's happening with browsers. Suddenly, Google wants to raze ad blocking, and everyone else follows. All the good points for browsers are restrictions and standardisations, which are fully present in exemplary containers. I don't see how you can get vendor locked-in via docker or kubernetes, I can see how webkit and DRM can.

There is no vendor lock-in if you use standard, battle tested web technologies with a few exceptions. If you use the browser as a UI platform, then OP is right.

DRM video is a pretty big exception, and Google is already a de facto gatekeeper there.

That was I was thinking about, but DRM is flawed anyways. I don't think there's anything on Netflix for example that isn't available on torrents or other file sharing methods.

Windows has been on the sandbox path since Windows 8.

Every release gets a bit more of that, regardless how many feel about the store or UWP API in general.

I don't want to only use trusted sources from any software store. If UWP had provided sensible deployment options, it wouldn't be as dead as it is.

Hell, personal firewalls provide a better sandbox solution, at least for network access, even if that is not really their intended function.

Be that as it may, I think good privacy laws and holding software manufacturers accountable is part of a solution. That software more and more behaves like worms regarding to user data is a more recent development.

UWP is not dead, every Windows release adds more API space, React Native for Windows uses UWP, Windows 10 drivers now use UWP APIs as well (Universal drivers), WinUI uses UWP, XAML Islands use UWP, ...

WinUI is also the official replacement for MFC, which triggered the rewritte of some UWP components into C++/WinRT from .NET Native.

Windows store supports side loading since Windows 8.1, and MSIX packages have replaced APPX and MSI as the future of Windows package formats.

Win32 APIs are frozen in amber since Windows 7.

Maybe. I am not really happy with it to be honest. Win32 is old and I thought WPF would be a real alternative. It did many things better than classical APIs, but I was never really into XAML and it was dropped just after a few years. I took a quick look at UWP which uses XAML in a different way, but I wasn't really convinced by it.

I am not interested in side loading anything. I have just no interest to use an API that is abused to promote a proprietary store and an OS because I only see disadvantages in that. UWP may have changed by now, but for me it is too late. I have switched to other technologies and are pretty happy with them. If windows continues to be SaaS, I will not develop for it. Even if its legacy might continue for a few decades.

If the primary form of deployment is a store, I could as well use Apple. Although their store isn't really shining on Mac OS as well. I believe there are good reasons for that.

Windows as a platform had many advantages, but it seems to me that MS threw that away to emulate others. A futile strategy in my opinion.

Have you been paying attention regarding Apple platforms?

> Beginning in macOS 10.15, notarization is required by default for all software.

Taken from https://developer.apple.com/documentation/security/notarizin...

Web, iOS, watchOS, iPadOS, Android, ChromeOS all use some form of sandboxing.

So unless your alternatives are the 1% GNU/Linux desktop market, sandboxes are here to stay.

That will result in a lot less software for mac OS. Since there are many applications that certainly will not spend anything on developer ids, e.g. most open source software there will simply be less builds for the platform.

ChromeOS supports android apps, but yes, I would state that iOS, chromeOS and android are really bad operating systems.

Regarding ChromeOS:

"Linux for Chromebooks: Secure Development"

> Learn how Linux for Chromebooks (Crostini) gives you a secure sandbox for development. Through a variety of demos, this talk will explain the architecture underlying Linux for Chromebooks and the design decisions that keep it easy to use.


And Android:

"Adopting the Arm Memory Tagging Extension in Android"




"Improving Stability with Private C/C++ Symbol Restrictions in Android N"


"Android NDK Native APIs"


Great. Let me know when that fancy sandboxing tech works for applications I actually use though. Or when UWP catches up with the 1990s and supports portable applications.

Since the introduction of MSIX package format and infrastructure, sandboxing can also be applied to Win32 applications.

Didn't MSFT just announce they're moving away from UWP in favour of Win32?

Not at all.

That was press articles done by journalists without any clue what UWP is all about, and equate UWP with Windows Phone.

The BUILD 2019 sessions are freely available to anyone that cares to actually learn what the current state of Windows development actually looks like.

macOS Catalina is actually much more aggressive about this. Even in unsigned unsandboxed apps, the OS will pause the app and ask the user for permission when the app tried to access any directory it doesn’t have permission for, and this behavior is replicated across many other parts of the system too (webcam, mic, etc).

It’s a bit annoying initially but it’s nice knowing that the system will put control back into my hands whenever apps try to do something shady.

Good feature, kinda sad macOS isn't popular like Windows.

Linux apps supports permission management in flatpak, but the packaging can be a big headache.

Like iOS then?

Oh, evil golden cages, right?

False dichotomy. A cage restricting the rightful owner of a computer is not the same as a cage that the rightful owner can use to restrict untrusted software.

There is no reason why sandboxing needs to be evil. In fact this is already proven by the sandboxing efforts on linux where there is no mandatory repository and the user is always in control, its the applications that are not.

How do you think Apple are allowed to exist in China? Who gave you the impression that they're the exception to the rule for independence from the government's "oversight"?

Funny, but I can trust most of my locally installed apps. I trust Photoshop not to share my photos with Adobe, and so far it hasn't. It also doesn't share telemetry or any of that.

Same actually goes for most programs I use.

It's the browsers that have the habit of sharing sensitive information with the outside world, not other apps.

I'm talking desktop software. Mobile seems to have a lot more privacy invading apps.

The native applications I use are tamed in sandboxes, while offering much higher performance and better usage of hardware resources.

But then the browser is able to collect history across app usage though, which makes it more dangerous, not less.

We have to differentiate between platform (OS/Browser) and applicaion (native app/website)

The browser is the OS. The website is the application.

Browser and os can both track your history. An application / a website can not.

You might think websites can via tracking scripts connecting to third parties. But applications can connect to third parties even easier. As a user, you have even less power to prevent that.

That's why I want to be able to trust my OS privacy-wise.

A native app might be able to violate my privacy. But an OS that can do so is much more dangerous. The reason is the volume of data that can be collected by the gatekeeper.

That's why I wrote

    What we need is a user friendly browser
A browser we can trust. That is built to serve the user and hands all power to the user.

Yeah except TFA shows this is exactly not what browsers are doing (with the possible exception of Safari)

That's why I wrote

    What we need is a user friendly browser
Firefox is a step in the right direction.

The next step would be for some open source initiative to do the work and de-google Firefox completely. If that fork of Firefox gains traction, it might bring Mozilla on the right track so they drop their ties with Google to survive.

> The browser is the OS. The website is the application.

No, that's wrong.


How about the browser is an application, and the website is ... a website?

* Than

* Than

* Than

I am hoping that privacy and security concerns are about to push the local/remote pendulum back towards local again. An antidote to the Cloud madness is well overdue.

Of course, that does rely on having better security models and software installation and update systems in our desktop OSes, and particularly in the case of Windows, they are running at full speed in the opposite direction lately. :-(

> Not only is the browser a laughably complicated app runtime that isn't capable to do anything with local files (so you need "services" to store your eg. photos), it's also blatantly power-inefficient and a privacy catastrophe.

Yes, but there are no practical alternatives. No matter how inefficient it is, there is nothing to replace it. And the gatekeepers of the devices on which the browsers run won't let anything else replace it unless they are the ones controlling it.

> Where has the idea of personal computing shared by a whole generation gone?

I would say it was eaten by profit seeking corporations.

There are no practical alternatives for what? I've used local apps for everything on Linux and BSD for decades.

There are no practical alternatives for delivering appications especially for small companies.

Let's say you are small startup, which core business it not IT related, and you want to distribute an app your customers/partners. Are you gonna hire one person to write app for each platform? And how many platforms are you going to support?

How difficult that is depends on the framework(s) your app uses and how reliant on system APIs you are.

There are quite a few cross-platform frameworks in a number of different domains.

Ok, in that case I agree that browser-apps/database frontends are useful. I was thinking more about consumer apps.

In many cases there are no practical alternatives for slick UI/UX.

Bunk. This is entirely subjective and worthless to the argument. Compare: widget toolkits like Aqua, GTK3, Windows.Forms, etc. to the bedlam that is the web.

So let'say you use any of the toolkits you mention. How would you go about distributing your app to Windows, macos, android and ios? I am even leaving out the question that from all the toolkits mentioned none will let you do that.

How does Chrome get delivered to all these platforms?

It's not exactly rocket science.

well, it's already there when you buy/reinstall the device. Maybe not chrome but a web browser is preinstalled.

So then you only need to provide url to the users of your app, and they are ready to use it.

With distributing binaries it is much more complex story. And that's why projects using Electron get more and more popular, because they at least take part of this complexity away.

> And that's why projects using Electron get more and more popular, because they at least take part of this complexity away.

...no they don't. They're literally distributed the exact same was as native applications. They're developed differently, saving the developer time (theoretically), but they're distributed in the same old download-and-install (or just download and run) way that applications have been since forever.

I said "they at least take part of this complexity away."

They don't solve all of the problems, but they do solve two important ones. 1. The runtime is the same on all platform 2. They build installable binary packages for you

So only 2 is about distribution , and it is not a trivial task. If you have to make Installer for windows, DMG for macos and let's say deb and rpm for Linux.

I have a small opensource tool that I make, and I would say that building the installer for all the platforms have taken probably 20% of all the development time, and if you count in also the desktop integration code( like Explorer context menu for Windows) it's way more.

Installers for MacOS and Windows are piss easy. Hell, you don't even actually need installers for either, as both OSs support portable applications. I never even bother to make windows installers because you can just unzip to a folder and be done. If I ever distributed anything for Linux, I'd use AppImage to the same effect.

These are great write ups! Just a shame they are in the format of a twitter “conversation”. The readability really sucks and don’t let me get started on the UX :/

I've noticed multiple people pinging twitter.com/threadreaderapp at the ends of these threads. It rolls up the tweets into a more traditional single-page, blog format.

Sure that helps... Or they could've just written it in a sane format to begin with, and link to that on their twitter.

True, but what if that wouldn't have reached as many people and we wouldn't be having this conversation?

Huh? Loads of links on HN are not to twitter. Most of them in fact. I don't see how twitter is a prerequisite for us having the opportunity to discuss something here.

The reason people post stuff to twitter is because they have an addiction to the gamification of social media like/share statistics.

Did you sincerely think that the crux of my message was that Twitter links are a prerequisite for having the opportunity to discuss something here?

Well you did suggest that this discussion would go unhad, where it not for twitter, so yes?

Thanks. In that case I don't think it's worth carrying on more discussion, given that you are interpreting something entirely different from what I meant.

This conversation is about the medium, not the message, so we'd probably have been OK without this one. I agree that a Twitter thread is a pretty inefficient and painful way of reading a conversation.

I mean the entire conversation, not just this particular subthread.

Basically, what if doing something different would have impacted the reach of the discussion to the point where none of us would have heard about it. Is that better?

Thx for the tip!

I couldn't read it on mobile because Twitter wants to force me to install an app.

Disable JavaScript and Twitter magically becomes...almost useable. You can only view one image at a time. Other than that, proper conversations are readable. As someone who visits Twitter approximately every other month, it works for me.

Weird, I only browse Twitter in my mobile browser and I never had any issues. Which browser are you using?

Maybe install the app then?

How does anyone consider this to be a sensible format to publish content in?

I liked the Twitter presentation.

Author is a developer on Brave.

Yea the difference in his analysis of brave is really different: https://mobile.twitter.com/jonathansampson/status/1165391211...

Sure, all requests are now sent to one location, including (!!) extension (Tor, https everywhere, etc) downloads used by brave. What about the possibility of the brave folks modifying those extensions to suit their needs? If I am needing to trust Tor, I'm going to download Tor from the appropriate location, not from brave. Based on the language he used reviewing other browsers, I suspect if that behavior was seen on anything other than brave the prognosis would be different.

I don't hide the fact that I work for Brave; I mention it in numerous threads and responses. What do you feel I handled differently on account of my association with Brave? Will gladly correct any mistakes.

To your question, Brave couldn't get away with modifying extensions on the fly. This would cause integrity checks on the client to fail. Not to mention, the code to do this would have to land in our public repos on GitHub, where we would quickly be tarred and feathered.

If you're capable of running the Tor browser, we encourage you to do so. Brave isn't as good as the Tor browser if you're smart enough to use the later. That said, if you need a browser that can also make non-Tor connections, etc., then Brave is probably more ideal.

> What do you feel I handled differently on account of my association with Brave? Will gladly correct any mistakes.

Put it in your twitter bio. Just "working @brave". If I'm reading your opinion on software its helpful to know I'm reading the opinion of someone employed by a competitor without needing to dig through other parts of your twitter account.

He already does it on his other account — @BraveSampson.

Here's a screenshot of both accounts side-by-side, compare and contrast:

* https://twitter.com/Mcnst/status/1166520716826763264

Obviously, if this original review were to come from Brave or a Brave-employee directly, it probably would have been taken differently than coming from a "grass-roots" individual, hence the intentional deception on his part.

Twitter explicitly allows one to have multiple accounts as long as you use them for different purposes; in this instance, it's very difficult to see what purpose this Brave-less account has (other than intentionally misleading the public by hiding the Brave affiliation whilst still talking about browsers).

There's no intentional deception here. My followers on Twitter know for whom I work, but that doesn't mean every tech-related Tweet is a work item. I didn't pump this post, I wrote it for the people who follow me on Twitter. Be kind.

Thanks for the great analysis!

Side question: I use Brave on Android and have noticed that scrolling through the comments here on HN can be a bit finicky.

The first swipe tends to sometimes scroll the contents of a comment (not the page) up or down by a couple of pixels, then the next swipe with finger starting in same comment will let me scroll the page.

Just thought I'd mention it as I love Brave and am hoping this can be improved. Haven't noticed it on other mobile browsers. Cheers!

(Samsung S10 5G international version.)

Would you be able to capture a video of the issue? Either way, I'm happy to file an issue and investigate.

I'll get a video to you in the next day or so - thanks! :)

As a reader of the threads, I first assumed you were an independent security/privacy researcher. Only when I saw a reply of yours "that's being worked on" did I begin to suspect you were affiliated with brave (but assumed as a fan).

I was not able to quickly confirm your affiliation (bio was first place I looked). Not disclosing this more prominently felt icky.

(Disclosure: I am a user & fan of Brave)

For some context, I released this on Twitter, to my followers, who know I work for Brave. I mean, in my profile picture I'm seen wearing a Brave shirt and presenting at a Brave booth

The threads aren't hit pieces; they were the curious musing of a software engineer and browser builder. And it's worth noting that I spend time yesterday working with Mozilla on their telemetry bugs; so I'm not her to throw mud. Somebody else posted my thread here, and caused it to blow up. Don't lay that on me

Sorry, I didn't mean to imply ill intent whatsoever. It didn't come across to me that you were trying to do anything shady, and it also didn't seem like you were trying to damage a competitor.

Given that this did end up reaching a broader audience than your twitter following (it is a public forum), my feedback would be that it was too hard to tell that you were directly affiliated with Brave, and that it would feel much classier to disclose this clearly in your bio (just "eng @brave" or something, or even a top-level reply to your primary thread if you don't want to modify your bio).

Perhaps I'm less eagle-eyed or adept than most twitter users, but I actively suspected you were affiliated, looked for clues that you were, and could not find them. Given that it wasn't your intent to hide anything, but can accidentally give an impression that you are, it might go over better to be more proactive in disclosure.

Again, the thread itself was successful in achieving the tone of "just the curious musings of a software engineer", was great content, and IMO still reads well with knowledge of your horse in the race.

Thank you for the kind words. I tend to leave off my present employer on Twitter. That said, I'll give it some consideration. All the best!

> Not to mention, the code to do this would have to land in our public repos on GitHub, where we would quickly be tarred and feathered.

What is the status of reproducible builds for the Brave browser?

FYI we didn't have an issue open on the topic of reproducible builds until now[0]. While it has been discussed internally, we haven't focused on it. We will have to assess the work involved but will put it on our backlog.

[0] https://github.com/brave/brave-browser/issues/5830

Please clarify if I'm missing your point, but you can build Brave today. See github.com/brave/brave-browser. Let me know if you run into any issues.

I think "reproducible builds" usually refers to being able to build Brave yourself, then creating a hash of the resulting artefact, and that hash being exactly the same as that of the built version Brave distributes itself.

In other words, being able to verify that the source code that is included in the build of Brave that Brave distributes, is the same as the source code we can view publicly.

I don't see any mentions of reproducible builds over there.

If you're not familiar what reproducible builds are, I suggest you examine the following article:

* https://brendaneich.com/2014/01/trust-but-verify/

Mozilla, however, is different, in that all builds are posted to ftp.mozilla.org, in a versioned manner, and kept there for a while, which, at least in theory, makes it easier to verify or analyse the builds.

What is the situation with Brave? Can I download a version released a few months ago? As it is, the browser is not only not really versioned (at least in the binary form), but there's not even a way to disable it from automatically updating itself. Self-modifying code, where the user has no control over the channel under which the modifications are pushed, is inherently insecure from the reproducibility's perspective.

You can get older (and many incremental) builds from https://github.com/brave/brave-browser/tags. Hope this helps! There is desire within the team for reproducible builds, and I'll see to it that these coals are stoked. Our intent is to be as open, transparent, and accountable as we can be. Brave's mentality is "Can't be evil", as opposed to "Don't be evil." Thank you for the feedback!

Those are Git tags; they have nothing to do with reproducible builds, because you're not providing the executable binaries that are the ones being distributed. It's a huge downgrade in terms of reproducibility of builds compared to Firefox. (It works for Google with Google Chrome because they have an entirely different business model where the whole thing is a walled-garden by design.)

Yes, I know those are Git tags. Click on them to find associated binaries. For instance, https://github.com/brave/brave-browser/releases/tag/v0.71.44. Not all tags have binaries, but most do. Those that reach a build channel always do.

What a mess, seriously! What is the retention policy? How far into the past are the binaries stored?

Reproducibile builds would mean that anyone could download the code for a specific release and build a binary that is identical to the one you provide - byte for byte. Is that possible?

More info about reproducible builds is here:


> If you're capable of running the Tor browser, we encourage you to do so. Brave isn't as good as the Tor browser if you're smart enough to use the later.

May I ask what you mean by "if you're capable of running the Tor browser" and "if you're smart enough to use the later (sic)"? Is it about the person knowing that it even exists? I use Tor Browser sometimes, and it's no different from using any other browser (except for some differences in network speed and the fact that it isolates every tab). I don't see what specific capability or smartness is required to use it.

Sure, what I mean to say is that Tor is more of a super-user utility (IMHO). If you're looking for that degree of anonymity, you probably don't want to be in a browser that also supports traditional protocols (like HTTP, etc.). As such, Tor is more appropriate for a sub-set of users who are very interested in privacy/anonymity. For those who need it only occasionally, Brave is probably a better option.

You lose all the benefits of tor if you use some third party version.

You trade benefits. Which, for some people, is more ideal.

> If you're capable of running the Tor browser, we encourage you to do so. Brave isn't as good as the Tor browser if you're smart enough to use the later. That said, if you need a browser that can also make non-Tor connections, etc., then Brave is probably more ideal.

I'm confused about this? Tor browser installation isn't any different from any other major browser, presumably including Brave. There's no skill required to operate it that you don't need for Chrome.

Firefox recently upstreamed some fingerprinting protections from Tor.

Brave is relatively less trackable than most default browsers.

https://twitter.com/jonathansampson/status/11653912236932218... "thanks brave for proxying the content for me, no doubt google runs a global middleware on all requests to their domains to power their adtech machine!"

Your trust for privacy has to go somewhere - do you trust the megacorp with antitrust investigations and hundreds of perpetually pending lawsuits, or "Brave Software, Inc"? Security as well. Password sync is coming[1] - surely brave software, who controls that one domain "brave.com" and the entire process of install, update, and password sync, has security procedures that rival Google and Mozilla in preventing unauthorized or malicious code deploys.

1: https://twitter.com/jonathansampson/status/11653993492890173...

> Password sync is coming[1] - surely brave software, who controls that one domain "brave.com" and the entire process of install, update, and password sync, has security procedures that rival Google and Mozilla in preventing unauthorized or malicious code deploys.

How would I know? Is that code on GitHub? If not, why not? That would certainly give your words a lot more weight.

Also, to my knowledge there has never been a leak of Chrome sync data since the feature was first introduced in 2012.

I say this sarcastically - I don't think anything about Brave's security ops is flawed or even misconfigured [now], but Google and Mozilla have a lot more resources than Brave does dedicated to security and auditing of things like CI servers and access controls.

And the password sync thing was related to the server that runs sync - it's E2EE, but Brave controls the update process and could very well deploy a malicious update that exfiltrates sync data or leaves it open to attacks.

That's why my point is about where you place your trust - if you're not up to the task of building your own browser (or at least auditing and building chromium yourself) and running your own sync software, you have to trust someone; oftentimes this means giving up privacy (Google) or giving up security (Again, choosing Brave isn't really giving up the security of your sync data, you're just now trusting a company that might not have the same security procedures and amount of resources dedicated to audits).

Point of clarification: Brave supports Sync today, but passwords are not yet included. You can read about how we implement end-to-end encrypted sync here: https://github.com/brave/sync/wiki/Design

Nonsequitor here, but is there a timeline? It's been 'coming' since I first looked into it many months ago.

We began developing Sync during our "Muon" days, when our browser was a fortified fork of the Electron project. We then moved over to "Core", which is a soft-fork/patch of the Chromium code-base. As such, this required us to back-track just a bit, and recover some ground. Efforts were then directed at shipping a MVP of Sync across Windows, macOS, Android, and iOS. We succeeded in doing that not too long ago, and are now working towards expanding support for more data types. Hope this helps!

Any possible chance of supporting third party sync? I'd love to have Brave (my primary mobile browser) sync natively with Firefox (my primary desktop browser).

hey thanks for taking the time to reply. I'm eagerly awaiting that feature, it's the only thing keeping me away at the moment.

You're already trusting their browser - if they were going to maliciously modify the Tor extension, they could do it inside the browser instead of in the extension download (e.g. not load the actual Tor extension but do their nasty thing internally)

Yeah, I like how they pitch MITMing these requests to be a good thing.

My daily driver is Firefox (and I abandoned Google Chrome long ago), but if I have to choose, for whatever reason, between sending requests directly to Google and sending requests to Brave, I'd choose the latter. I do trust Brave more than I trust Google (yes, I'm also aware of the controversies with a rave about its founder and about its micropayments service). I wish Mozilla would actually proxy requests to Google, since I trust Mozilla a lot more.

We ought to expect more from Mozilla on this.

> We ought to expect more from Mozilla on this.

What you're advocating is for Mozilla to become a walled-garden, just like Brave and Chrome are.

Since when is a walled-garden a good thing?

If you trust Mozilla more than you trust Google, I think it follows that you should also trust their decision that NOT proxying and going directly to Google.com for this data is acceptable.

Not only that, but he has another account, @BraveSampson, which links to this one, @jonathansampson, but not the other way around. They used to have a nearly-identical pictures, and, IIRC, linked to each other, but not anymore.

Would I be the only one to find it fishy for someone to post such reviews for your competitors whilst pretending that you're an individual not on a payroll from Brave? Why should Mozilla proxy requests to Google through their own servers like Brave does? And the better question: Why IS Brave MITM proxying requests to Google and other services?

BTW, having multiple Twitter accounts is not against the rules if each account is for a separate purpose, but for someone working in the browser industry to be having two separate accounts where they write about browsers on each one, all whilst hiding their affiliation and pretending to be an unaffiliated individual on one of them?! Seriously?


Keep in mind that Brave and Chrome are the ultimate privacy violators, as it's not possible to disable autoupdates on either one; Brave developers repeatedly (see https://github.com/brave/browser-laptop/issues/1877) disregarded community's complaints about this issue (ironically, going against https://brendaneich.com/2014/01/trust-but-verify/); so, you're basically running a self-modifying binary, whether you like it or not. Any review anyone does is kinda meaningless, because there aren't any versions per se, and it can do whatever the hell it wants the next day, without any public record of what it did yesterday. With Mozilla, there's a public ftp directory with all the versions at `ftp.mozilla.org` — haven't seen anything like that for neither Brave nor Chrome.

In fact, many folks used various official guides from Google to disable Chrome from autoupdating itself, e.g., because the newer versions broke font support or other system-level features, only to find such officially-sanctioned settings completely ignored down the line.

How about doing a review of how much it costs in roaming fees to have Chrome/Brave download updates without your permission whilst you're travelling? Or how many hosts Brave does MITM to without any good reason?

Form the related firefox post:

"The tab discussing the importance of Privacy loads in the background, bringing along with it the Google Tag Manager and Google Analytics. Hello, Google."

The irony is palpable

The irony is that nobody bothers to look at things past their face value but then claims to care.

Mozilla has a custom contract protecting your privacy while using google's software: https://bugzilla.mozilla.org/show_bug.cgi?id=697436#c14

Mozilla had a contract seven years ago. No idea what has happened since then -- and I note that not only is DNT not honored there, the suggestion to properly support it by conditionally loading GA if DNT is or is not enabled was ignored and the ticket was hastily closed "fixed by switching to GA."

This does nothing to affect my faith in Mozilla's privacy practices, especially since GA is baked into the extensions page and cannot be disabled, even by installing extensions.

Honestly, for the amount of flak they still get because of it, they really should've dropped GA by now and wrote their own analytics backend. If they're serious about valuing privacy and preventing tracking, that custom backend wouldn't need to be complicated.

Does it matter if they get flak for it if their contract does actually protect privacy? Or is privacy only for marketing and not an actual principle they care about?

Writing an analytics backend is not a trivial thing, and more stuff like that means less resources for Firefox development. It's far more sensible to do what they did, which was negotiate a contract with those who know what they're doing.

From the point of view of their principles, the contract with Google is fine as long as it protects privacy. Some people will always be quick to jump to conclusions, but there's a practical problem when such people form a good chunk of your market (and can amplify their outrage via media).

It's a practical problem. On the one hand, you have people turned off by the perception of Mozilla betraying its principles. On the other hand, you have resources to be directed to substitute the analytics backend. The right thing to do would be to pick an option that maximizes the amount of resources available for Firefox development/Mozilla's mission.

My impression is that building and maintaining an analytics backend consistent with their mission would not require that much of resources, so the balance would fall in favor of doing it. But maybe (probably?) I'm wrong about this, and it's better to stick with Google for now.

From the point of view of their principles, the contract with Google is fine as long as it honored by Google. Hard to check that though, because you never know what Google really does with that data. Google also doesn't have a very good track record with privacy. So, yeah, the contract is fine, but there's also soo much wrong with it. Who trusts it? Mozilla? They seem to. Their target demographic? The people who are smart enough to understand that you can switch your browser, and who don't choose Chrome but Firefox? Those people, not so much.

I was more thinking about the fact that the loading of the tracking code, regardless of backend, is quietly loaded by the tab with the page discussing privacy

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact