CHEF-KOCH's Microblog ✨

Brave, the false sensation of privacy - Nonsense article debunked with actual facts

Another smear campaign against Brave Browser to bait others that I debunk with actual competence and facts

The article Brave, the false sensation of privacy with the original title Brave is shit got lots of attention from Firefox advocates and created lots of hate because people used it to smear Brave Browser the Brave Team and their good reputation.

A lot of disrespectful articles especially from Firefox advocates flying around but I only picked this one here to show what was really going on, but I might start doing objective reviews if there is a bigger interest in that.

I wrote this small blog article here to debunk such respectless article with actual facts and debunk nonsense coming from an author who is highly based against Brave Browser and even at the bottom of his own article tries to convince others to use or switch to Firefox because he is using Firefox himself.

As of today the author of this disrespectful hate article never took the article down or corrected it, because this would bring and end to his smear campaign against Brave Browser or the Brave Team, who do a good job.

Claims without anything, reality looks different

Claims without anything.

Brave is by default - with default settings - more secure and private than Firefox. Multiple independent tests and reviews clearly indicating that. The overall conclusion in the privacy scene - as of today - is that Brave is only beatable regarding privacy with hardened Firefox versions. I put Tor Browser under same roof as hardened Firefox because at the end people trying to imitate Tor Browser in that aspect. There is nothing to argue or defend here. Of course Tor Browser is a bit special but lets make that easy on of us, this is more about Firefox and Brave and not Tor, nor other irrelevant belongings.

Personally I do not like such review pages because they do now show the whole picture but is a good first overview. Regarding privacy, every Browser usually evolves and they typically protect their users against new threats. Some users just do it better than others and some may have another focus or business model.

The chart clearly shows Brave and Tor Browser are the best. The chart also shows that the Browsers using default settings, which means they reflect the out-of-the-box user experience they get when they freshly install the Browser. There is nothing to argue here.

LibreWolf in that chart was added later and does not qualify, the Firefox hardened fork was added and requested to add by fans. LibeWolf has no official approval and is mainly driven once again by fans and not experts. Again, you can harden pretty much every Browser and add it into such a chart if that is a desire but this is not a point for normal users, they usually should go with the original unless there is sufficient evidence that a fork provides more. Coming preinstalled with uBlock among some config changes does not necessarily qualifies as privacy benefit because you can do this on your own, get a small learning effect and maybe even end up actually reading documents which makes more sense because it gives you an advantage how to deal with possible privacy related threats. I do not bash LibreWolf here but the usual average user sticks with official Browsers that are widely available across multiple Stores.

Forks are in general problematic and usually not used by 50+ Million people. Often abused by people who have an interest to smear others.However, we ignore here the fact that you can archive the same hardening with vanilla Firefox, it is just more effort - for you. But your actual learning curve could increase much more and possible even results in doing in general more research on privacy related topics, threats and encourage others in a privacy related conversation.

However, the show chart is only one example. Mozillas own review is a overall a bit more polite, hell someone could even argue that their own chart shows less bloatware on Braves end but this is subjective. Because no one says that Brave nor Firefox in further versions not getting more or less bloat. Regarding privacy, bloatware can play a role if it for example can leak your private data. But from my research Firefox and Brave are both in this regard pretty solid. They review their integrated extensions pretty well and update it regularly.

Ad-blocking

A view things on this

Fake drama about whitelistening Trackers

The story got huge attention because some bigger so-called security websites picked it up to make a clickbait story out of it. Nothing new, no research done, updates afterwards. Instead of waiting and doing research first.

The actual issue ticket on this CLEARLY shows that the code got very well documented, it said temporarily workaround until we find a better way. The underlying issue was that websites can break, examples on this are given in the comments. Privacy wise there was no issue here because those websites never fingerprinted you, at that time, there is also no evidence for this given, baseless claims, there might be some sites who did this but not the websites in question or on that list.

However, this simply got wrongly interpreted once again by people who are not experts on such a field, or did a research if those whitelisted page really can track and fingerprint you if 3rd party cookies are disabled. This however changed for those websites and they got more aggressive, Brave team closed this issue ticket and adopted a better workaround here, you can now allow embeds for Google, Twitter etc. in the Browsers settings and the code for this also got improved to reflect the changes Facebook and co made.

Facebook is, to name this as an example also not a sponsor of Brave Browser. Wrongfully assuming Facebook pays them to whitelist their tracking and fingerprinting is baseless accusation without any evidence at all and to smear Brave.

People do not understand Brave Rewards, so it must be evil

Brave rewards is OPTIONAL if you do not understand it, what forces you to enable and use it, no one.

The claim that Brave Rewards connects to domains without user consent is baseless, there is no proof given, he mention 3 domains and wrongfully comes to the conclusion that this correct and that there are some mysterious background connection.

Brave sends requests to numerous domains so it must be evil and paid by others, nope

Shockingly this section clearly shows that this user never did any research at all or does he understands core principles of how an Browser operates. He also swipes under the carpet that Firefox has most connections by default.

Brave Team has an interesting article on background connection, showing that Firefox connects to much more domains. The article is here.

It debunks his baseless claims and shows Firefox connects to more domains, tests can be verified, Browsers and numbers are mentioned, create a VM, download mentioned builds, check for yourself - because people will claim, oh Brave wrote it, so they must lie to defend their Browser, nope. Reality is that Brave does a fine job trying to reduce connections to a minimum compared to other Browsers. The view handful of connections that it must do are for update reasons, update checks - this is a good thing and not a bad thin and to update filter-lists, update some core, call them plugins, extensions that Chromium comes with, to simply maintain updates without that you need to update the whole Browser.

The baseless accusation that the connection to brave-core-ext.s3.brave.com installs 5 extensions is unproven and cannot even be verified afterwards since the author does not even mention the Brave version he tested or observed this assuming this would be true. It is not true and this is simply a lie..... but I do not want to go conspiracy here .... #meme. If you accuse others bring evidence that can be verified, Browser version so that someone can actually check it. Thanks.

Brave Today, the backdoor, oh wait no its not

Same like Rewards this is an optional feature which can be configured, enabled disabled and even customized. Is it potential bloatware to you, maybe. Same like others see Pocket as bloat, we could argue the same here. However, for some it is useful, secure and an privacy friendly alternative to using some random extensions or trust Google News.

I also do not use it, but this is not positive nor not negative, my own opinion and taste is to not use it, not because it is useless but because I use traditional RSS via Thunderbird because I have TB running anyway all day. The next step might be, that Brave, same like Opera back in the day maybe introduces some eMail system, that would be nice.

Brave’s “SafeBrowsing”

Safe-Browsing is practical a part of every Browser, even in Firefox, Vivaldi and Edge has some sort of Safe-Brosing mechanism. This is, as you guessed it right designed to protect the average user against potential dangerous downloads and websites in the first place.

The baseless claim that this would result in making you more unsafe is unproven. He talks of the hash controversy, which only applies to Edge and Chrome vanilla. Not Brave because Brave and Firefox handle things a bit different here due to privacy concerns, Brave proxy the connection, so nothing can be seen by Google. Or just check the source code, if you accusse someone, work on the source code and not about what you wrongfully speculate and guess.

Brave has a whole category to learn how Browser privacy and security work, I suggest you study it. It is https://brave.com/learn/ before you score with absolute no knowledge.

Brave makes requests to Google’s Gstatic

He simply repeats himself to make it look more than it is, he already mentioned connections under - Brave sends requests to numerous domains - why mention it again. It is debunked, you are wrong. The connections to Google are besides dummy connections or proxied, for eg Safe-Browsing and to avoid Google gets some data. This is also shown in Braves source code, it dummies some data that Chromium does, so even if there are connections it gets nothing at all. It even goes trough the effort to change user agent for some sites to avoid breakages so they put lots of effort into it, you just smear other peoples reputation and try to discredit them with something you do not understand yourself and might have picked up wrongly from others.

But Chromium is more secure than Firefox

Just read this and just shut up, you talk about privacy then you randomly mention security. Please stop. I am harsh here because this user undermines Brave Team entire work with nothing but smear.

Brave has been caught inserting affiliate codes

Brave browser CEO apologizes for automatically adding affiliate links to cryptocurrency URLs.

This story got a lot of attention, however it always was misleading and spread to gain clicks on behalf of Braves good reputation. The matter was resolved after around 7-8 hours and pushed within 12 hours as commit. The actual update got released within 24 hours. Some users had to wait 48 hours because this is how the distribution system handles and delivers updates to avoid huge pressure on the server or hit GitHub limitations.

If you actually dig deeper into discussions you often reveal duplicate posts that got removed and then angry folks coming to the wrong conclusion Brave wants to hide something, this is not the case. In most cases several things are disabled by default, however in this case Top Sites and Suggestions are enable to avoid crippling the experience for beginners but you have an option given to disable it within Braves Settings.

“That being said, I think there was a lot of misunderstanding of the situation. There was no privacy harm to users, and what was being done is similar to how most, if not all, browsers interact with search engines, to receive referral cash. Using DDG in Firefox, to give one example, tells DDG the query came from Firefox the "FFAB", or, guessing, "Firefox Address Bar"…”

“…The user was never able to be tracked, the site wasn't able to learn anything additional about you, etc.”

Source

It also should be noted that the system depended on several factors, you had to trigger specific keywords in order to activate the system. If you are a power-user you most likely disabled all Omnibox and top-sites suggestions anyway trough Braves integrates settings and or trough Brave flags.

Brave Team was very transparent, acted very fast and explained and showed everything in the commits and issue tickets. There was no secrecy because the source code is open for everyone to inspect.

Uphold

No one forces you to use or support Uphold, verification is optional. Uphold same like every other provider needs your data to prevent fraud. Or do you go into bank and use my account and my data, no because no there are verification systems in place, Sherlock.

Incompetence when implementing “privacy features”

There is no incompetence involved, the only incompetence I see is spread by people who obviously cannot read. Braves own their website clearly states that their project website that this is no replacement for Tor Browser. They fixed it btw, you you just swipe under the carpet which benefits your bias.

Firefox has much bigger history of incidents and scandals. Facts. Another fact is that mistakes will always be made because with more code complexity more problems will occur one way or another. This is a basic principle for every coder and Browser.

Possible scam and theft?

Baseless accusations flying around all the time, the author here picked that up because he thinks it benefits his opinion. There was no scam nor theft. The whole crypto system within the Browser is pretty new and mistakes can occur, you normally contact the support and sort this out in private and do not start a drama about every small fart.

The system is pretty transparent, even gives you a summary and estimate about what you might earn for next month. The system that is OPTIONAL is constantly be improved, updated and monitored. There is no fraud.

I got last month X bat and they came a bit later because the system from Uphold, this is not Brave, had issues. This is no fraud, it is simply something that needs to be improved on their end. Brave cannot enforce or influence it. Brave even in public announce and show if there are known issue, this is transparency and not the opposite.

Giant banners and Infos + warnings are at all times given if something is wrong. Just check the forum, Twitter or their subreddit. You do not need to register yourself on mentioned platforms, you can see that clearly and directly.

Braves Rewards system depends on Uphold, later Gemini too and those providers need to sync their transaction, status etc. and sometimes it takes longer, or sometimes the chain forgets things and need to re-validate things and verify bunch of things. This all got addressed, fixed and improved.

Brave Team was open on this from day one. Everyone with potential problems could go into the official forums, open a thread or contact the Team to review potential issues with the system. This can happen if you rely on third-parties. The underlying lesson is that it would have been better to build your own system and infrastructure but Brave is simply not yet big enough for that. This is why support can help resolving such problems.

There is absolute no evidence that there was some sort of fraud, scam etc involved, it is the opposite, go into the official forums, the team here does a fantastic job and are very supportive. Same like the Firefox support team btw. Such people usually help when they can if there are serious and legitimate problems.

People misinformed others and it got huge media attention for no reason at all. You solve problems by contacting the team, find the actual problems and then fix it, so that it helps everyone and you do not give up because there are some little flaws because you are upset that the world does not work like you expected it works.

Hostility towards forks

It is called preventing theft, smear and to avoid reputation damage. Most forks are useless. They offer nothing, you can just submit a patch and fix that in the original code.

The thing he is referring to is that some clowns tried to fork Brave, removed telemetry that never existed. Which I would also have taken down because it is to smear others and to promote your own project on behalf of dozens Brave volunteers and employees. There was also absolute no patch submitted to clear this misunderstanding, instead they just forked it which caused confusion within the community.

The logic to fork a Browser with one or two man development, claiming it is more secure than in comparison to a entire team original team that operates on a professional level is ridiculous. You usually try to contact the original author first and clear things out by submitting patches, ask for permission and none of this happened. There was no communication in advance, it was mainly an attempt to farm reputation on possible donations on behalf of Chromium and Brave.

The fork he defends was created by people that are connected to the nazi or alt-right scene. You did not saw this coming when you picked up the smear you found via Google did you...

Forks and Stores are often quickly abused to gain quickly attention in order to troll others which brings a negative light especially on those who are not even involved in such stupid fights. It makes things overall worse.

Not every fork is like that, or designed to spread hate but a lot of them and the chance is high that you install something that becomes quickly outdated because the maintainer has no interest in spending countless unpaid hours in doing the necessary work to keep it up-to-date.

Chromium and Google’s monopoly

The monopoly is created because people use Google products, it is that simple. If everyone uses Firefox would you say the same, nope.

Monopolies are in general something bad for normal daily consumer like us. This is a philosophical discussion and not an argument whenever society and government should allow and support it or not. What has this to do with privacy, right, nothing. It is a generalization question that politicians and society needs to solve and not Mozilla, Google or Brave.

Besides that, the author is once again proven to be entirely wrong, there exist multiple browser engines some are just not maintained anymore or there are no popular apps for it that made it into the bigger mass.

In retrospect

Am I a fanboy or advocate...

NO, I provide guidance for Chromium, Brave and Firefox.

My overall position was always - go with the best -, Brave here, in this regard provides a reasonable and strong all-in-one package for beginners and advance users that value privacy. This is and remains true.

I like to point to historic events and show the entire picture and not what benefits my own beliefs. I take things how they are not not how I want to see them, the difference between an amateur and professional.

Brave had things that could have been avoided, so did Firefox. I make mistakes, you do and you show how you deal with the problems, if you give up, continue and address this in a professional manner or not, the author of this article is unprofessional because even after the community and I prove him wrong he let this stand which speaks against him and brings a bad light on the Firefox community.

Fanboysim is and remains as of today Firefox biggest problem, the toxicity that this automatically creates brings lots of drama and problems alone with it that is not even worth it.

If you want to criticize or show historic events and point the finger on it, do it more professional and more objectively. But if your goal is to undermine others with claims then you should not be a part of the discussion because you already disrespect other peoples work, passion and dedication who just try to provide reasonable alternatives.

Competition is a good thing and not a bad thing, it can help the end-consumer and exactly creates the opposite of monopolies. Brave uses Chromium as upper layer, yes, but there are lots of reasons to support the decision. Security, lots of people inspecting the Chromium code and many more reasons that should be clear.

My overall advise to handle this

You can tweak pretty much every Browser, it is matter of research, effort, support, and if you are willingly to accept the challenge or not. Some Browsers focus entirely on that, others do not which does not mean they do not care but is not their task to deal with website breakages because web-masters use and defend tracking, ads and what we call today web-standards.

Do not enforce your bias and sympathy onto others and recommend anyone anything if you are highly based, this never ends up good for you, which is once again proven.

I am ashamed deeply that the Firefox community even defends and links such crap and allow smearing the competition. This is toxic on multiple levels.

The Firefox subreddit also loves to discredit Chrome, and other Browsers and link everything - what they think - benefits Mozilla, or what they think are failures from the competition, straight into their own subreddit to convince others aggressively of their own beliefs, like a religion. Problem with this is that it can create conflicts because it echo chambers opinions and not the whole picture, and why the Subreddit mods support such doings is beyond me. This also goes vice-versa, Vivaldi etc doing the same, which is IMHO unacceptable. If you really want to do that you also need to clearly point out your own failures, but that often falls down in the process, because making clicks or creating attention on behalf of others is easier than pointing out your own controversies and mistakes.

Objectiveness is IMHO only given if you mention everything and not only the parts that benefits you, your community or you beloved product. The sad story and thing here is that this never helped Mozilla nor the community at all because the more you mention Chrome and alternatives the more people have interest in inspecting it and using it to find out if the accusations are true, which often ends up with a NOPE, same like in this case.

That said there is nothing wrong with the Brave Browser that deserves such a disrespectful article.

I judge such people and their motivations because they aggressively want to convince other people that are no experts to use what they use.

What have we learned

Do not wrongfully accuses or smear others, otherwise you might get the same back and people like me even debunk you as highly based and amateur.


What I like to add in order to close this topic once and for all

I have no respect for smear, accusations, disrespect, intolerance and deliberately incompetent people who enforce their own point of views based on dirt they pick up on the internet onto others.

Brave Team, contributors and supporters doing a fine job, lots of efforts and research was put into Brave Browser which I am personally thankful for.


Greetings,

CK

#Brave #Browser