Brave, the false sensation of privacy - Nonsense article debunked with actual facts
Another smear campaign against Brave Browser to bait others that I debunk with actual competence and facts
The article Brave, the false sensation of privacy with the original title Brave is shit got lots of attention from Firefox advocates and created lots of hate because people used it to smear Brave Browser the Brave Team and their good reputation.
A lot of disrespectful articles especially from Firefox advocates flying around but I only picked this one here to show what was really going on, but I might start doing objective reviews if there is a bigger interest in that.
I wrote this small blog article here to debunk such respectless article with actual facts and debunk nonsense coming from an author who is highly based against Brave Browser and even at the bottom of his own article tries to convince others to use or switch to Firefox because he is using Firefox himself.
As of today the author of this disrespectful hate article never took the article down or corrected it, because this would bring and end to his smear campaign against Brave Browser or the Brave Team, who do a good job.
Claims without anything.
Brave is by default - with default settings - more secure and private than Firefox. Multiple independent tests and reviews clearly indicating that. The overall conclusion in the privacy scene - as of today - is that Brave is only beatable regarding privacy with hardened Firefox versions. I put Tor Browser under same roof as hardened Firefox because at the end people trying to imitate Tor Browser in that aspect. There is nothing to argue or defend here. Of course Tor Browser is a bit special but lets make that easy on of us, this is more about Firefox and Brave and not Tor, nor other irrelevant belongings.
Personally I do not like such review pages because they do now show the whole picture but is a good first overview. Regarding privacy, every Browser usually evolves and they typically protect their users against new threats. Some users just do it better than others and some may have another focus or business model.
The chart clearly shows Brave and Tor Browser are the best. The chart also shows that the Browsers using default settings, which means they reflect the out-of-the-box user experience they get when they freshly install the Browser. There is nothing to argue here.
LibreWolf in that chart was added later and does not qualify, the Firefox hardened fork was added and requested to add by fans. LibeWolf has no official approval and is mainly driven once again by fans and not experts. Again, you can harden pretty much every Browser and add it into such a chart if that is a desire but this is not a point for normal users, they usually should go with the original unless there is sufficient evidence that a fork provides more. Coming preinstalled with uBlock among some config changes does not necessarily qualifies as privacy benefit because you can do this on your own, get a small learning effect and maybe even end up actually reading documents which makes more sense because it gives you an advantage how to deal with possible privacy related threats. I do not bash LibreWolf here but the usual average user sticks with official Browsers that are widely available across multiple Stores.
Forks are in general problematic and usually not used by 50+ Million people. Often abused by people who have an interest to smear others.However, we ignore here the fact that you can archive the same hardening with vanilla Firefox, it is just more effort - for you. But your actual learning curve could increase much more and possible even results in doing in general more research on privacy related topics, threats and encourage others in a privacy related conversation.
However, the show chart is only one example. Mozillas own review is a overall a bit more polite, hell someone could even argue that their own chart shows less bloatware on Braves end but this is subjective. Because no one says that Brave nor Firefox in further versions not getting more or less bloat. Regarding privacy, bloatware can play a role if it for example can leak your private data. But from my research Firefox and Brave are both in this regard pretty solid. They review their integrated extensions pretty well and update it regularly.
A view things on this
- uBlock is not written in Rust, Braves ad-blocking solution is not just a fork, it is partially written in Rust programming language. It is true that they forked it from uBlock but it is modified and improved into Browsers Core which makes things more secure because attacking, compromising or running into malware extension is a serious problem these days, the Google Stores is full of fake uBlock clones with other logos and names. Integrating this into the Browser directly is the best thing you can do security and privacy wise, since you do not need to connect and trust yet another store for yet another extension. I complain since years that Mozilla does not simply hire Gorhill and adopt this in the Core.
- Rust is proven to be modern and considerable secure, there are like with every language problems but it is faster, has a smaller footprint and the reason why Brave Team uses it is mainly because of security reasons.
- Firefox supports some other APIs, this argument goes vice-versa. This is also not about uBlock, Braves ad-block is integrated so why mention it. To try to say that Chrome, on purpose refuses to accept those APIs. Well then please backup such a claim. The interest here are some others. It is about performance, security and from a developer perspective also not entirely correct. Gorhill developer of uBlock advocates Firefox himself, mainly because of controversial decisions coming from Chrome Developer Team and of course he needs to protect his legacy and extensions and work. The benchmark Gorhill provides is outdated and not reproducible and some of the stuff mentioned are already implemented in Brave, for example debouncing which vanilla Chrome does not support. Other things are in Braves todo list which you publically can check and review. uBlock has overall more benefits, benefits only handful of people entirely utilize or actual need. Brave defends the position here that they only integrate things that most people use. Not much people that are connected to the - I call it blocking and filter-list scene - need to work with debugging, inspecting analyzing. Most people just want to serve and cosmetic block a view things they find annoying, this is what Brave offers and their design goal. The rest is optional bonus candy and no argument for nor against uBlock but the underlying point is that most people just want to browse without ads and that is it.
- Source Code does not work like - it is dependent on - factors. Just because Chrome integrates Manifestv3, does not mean you cannot revert or patch it. You create a patch, apply it and build the Browser. It is that easy, the hard part is to keep up with changes and adjust such a patch. Brave, to just say this here, does not support Manifestv3, in this regard they do not depend on Google. The percentage he mentioned is number which cannot be verified nor debunked, Brave includes several unique features and the code for such features is created on their own and does not depend on Chrome. They just use the upstream from Chromium, patch the stuff out they do not like, apply their own Code and build the Browser. This is how it actually works, simplified spoken.
Fake drama about whitelistening Trackers
The story got huge attention because some bigger so-called security websites picked it up to make a clickbait story out of it. Nothing new, no research done, updates afterwards. Instead of waiting and doing research first.
The actual issue ticket on this CLEARLY shows that the code got very well documented, it said temporarily workaround until we find a better way. The underlying issue was that websites can break, examples on this are given in the comments. Privacy wise there was no issue here because those websites never fingerprinted you, at that time, there is also no evidence for this given, baseless claims, there might be some sites who did this but not the websites in question or on that list.
However, this simply got wrongly interpreted once again by people who are not experts on such a field, or did a research if those whitelisted page really can track and fingerprint you if 3rd party cookies are disabled. This however changed for those websites and they got more aggressive, Brave team closed this issue ticket and adopted a better workaround here, you can now allow embeds for Google, Twitter etc. in the Browsers settings and the code for this also got improved to reflect the changes Facebook and co made.
Facebook is, to name this as an example also not a sponsor of Brave Browser. Wrongfully assuming Facebook pays them to whitelist their tracking and fingerprinting is baseless accusation without any evidence at all and to smear Brave.
People do not understand Brave Rewards, so it must be evil
Brave rewards is OPTIONAL if you do not understand it, what forces you to enable and use it, no one.
The claim that Brave Rewards connects to domains without user consent is baseless, there is no proof given, he mention 3 domains and wrongfully comes to the conclusion that this correct and that there are some mysterious background connection.
- There are no background connections unless for update checks for the extensions. Brave will also integrate all extensions in the Browsers Core due to speed, security and update reasons to make LESS connections.
- No Brave Browser is mentioned, so I cannot verify the - 3 background connections are made so it must be evil - argumentation here. However I will debunk this later below.
- Rewards can be used without that you verify your identity. You are then just not verified, there is nothing private invasive or shady ongoing. Like every extension it needs updates and those happen in the background. This is due to security reasons and to update you reward status to avoid fraud and tampering + manipulation against the system. Nothing shady is going on.
Brave sends requests to numerous domains so it must be evil and paid by others, nope
Shockingly this section clearly shows that this user never did any research at all or does he understands core principles of how an Browser operates. He also swipes under the carpet that Firefox has most connections by default.
Brave Team has an interesting article on background connection, showing that Firefox connects to much more domains. The article is here.
It debunks his baseless claims and shows Firefox connects to more domains, tests can be verified, Browsers and numbers are mentioned, create a VM, download mentioned builds, check for yourself - because people will claim, oh Brave wrote it, so they must lie to defend their Browser, nope. Reality is that Brave does a fine job trying to reduce connections to a minimum compared to other Browsers. The view handful of connections that it must do are for update reasons, update checks - this is a good thing and not a bad thin and to update filter-lists, update some core, call them plugins, extensions that Chromium comes with, to simply maintain updates without that you need to update the whole Browser.
The baseless accusation that the connection to brave-core-ext.s3.brave.com installs 5 extensions is unproven and cannot even be verified afterwards since the author does not even mention the Brave version he tested or observed this assuming this would be true. It is not true and this is simply a lie..... but I do not want to go conspiracy here .... #meme. If you accuse others bring evidence that can be verified, Browser version so that someone can actually check it. Thanks.
Brave Today, the backdoor, oh wait no its not
Same like Rewards this is an optional feature which can be configured, enabled disabled and even customized. Is it potential bloatware to you, maybe. Same like others see Pocket as bloat, we could argue the same here. However, for some it is useful, secure and an privacy friendly alternative to using some random extensions or trust Google News.
I also do not use it, but this is not positive nor not negative, my own opinion and taste is to not use it, not because it is useless but because I use traditional RSS via Thunderbird because I have TB running anyway all day. The next step might be, that Brave, same like Opera back in the day maybe introduces some eMail system, that would be nice.
- Brave Today is a news reading feature and aggregates and crawls in a privacy manner some news pages, you even can fully customize it, disable enable sources you do not like etc.
- Other than Pocket is was not purchased and then integrated, it is Braves own creation.
- Other than Pocket the EULA, and background was not privacy invasive.
- Other than Pocket id did not had to be open sourced afterwards.
- Other than Pocket it is art of the core and secure, Pocket started as extension.
Safe-Browsing is practical a part of every Browser, even in Firefox, Vivaldi and Edge has some sort of Safe-Brosing mechanism. This is, as you guessed it right designed to protect the average user against potential dangerous downloads and websites in the first place.
The baseless claim that this would result in making you more unsafe is unproven. He talks of the hash controversy, which only applies to Edge and Chrome vanilla. Not Brave because Brave and Firefox handle things a bit different here due to privacy concerns, Brave proxy the connection, so nothing can be seen by Google. Or just check the source code, if you accusse someone, work on the source code and not about what you wrongfully speculate and guess.
Brave has a whole category to learn how Browser privacy and security work, I suggest you study it. It is https://brave.com/learn/ before you score with absolute no knowledge.
Brave makes requests to Google’s Gstatic
He simply repeats himself to make it look more than it is, he already mentioned connections under - Brave sends requests to numerous domains - why mention it again. It is debunked, you are wrong. The connections to Google are besides dummy connections or proxied, for eg Safe-Browsing and to avoid Google gets some data. This is also shown in Braves source code, it dummies some data that Chromium does, so even if there are connections it gets nothing at all. It even goes trough the effort to change user agent for some sites to avoid breakages so they put lots of effort into it, you just smear other peoples reputation and try to discredit them with something you do not understand yourself and might have picked up wrongly from others.
But Chromium is more secure than Firefox
Just read this and just shut up, you talk about privacy then you randomly mention security. Please stop. I am harsh here because this user undermines Brave Team entire work with nothing but smear.
Brave has been caught inserting affiliate codes
This story got a lot of attention, however it always was misleading and spread to gain clicks on behalf of Braves good reputation. The matter was resolved after around 7-8 hours and pushed within 12 hours as commit. The actual update got released within 24 hours. Some users had to wait 48 hours because this is how the distribution system handles and delivers updates to avoid huge pressure on the server or hit GitHub limitations.
If you actually dig deeper into discussions you often reveal duplicate posts that got removed and then angry folks coming to the wrong conclusion Brave wants to hide something, this is not the case. In most cases several things are disabled by default, however in this case Top Sites and Suggestions are enable to avoid crippling the experience for beginners but you have an option given to disable it within Braves Settings.
“That being said, I think there was a lot of misunderstanding of the situation. There was no privacy harm to users, and what was being done is similar to how most, if not all, browsers interact with search engines, to receive referral cash. Using DDG in Firefox, to give one example, tells DDG the query came from Firefox the "FFAB", or, guessing, "Firefox Address Bar"…”
“…The user was never able to be tracked, the site wasn't able to learn anything additional about you, etc.”
It also should be noted that the system depended on several factors, you had to trigger specific keywords in order to activate the system. If you are a power-user you most likely disabled all Omnibox and top-sites suggestions anyway trough Braves integrates settings and or trough Brave flags.
Brave Team was very transparent, acted very fast and explained and showed everything in the commits and issue tickets. There was no secrecy because the source code is open for everyone to inspect.
No one forces you to use or support Uphold, verification is optional. Uphold same like every other provider needs your data to prevent fraud. Or do you go into bank and use my account and my data, no because no there are verification systems in place, Sherlock.
Incompetence when implementing “privacy features”
There is no incompetence involved, the only incompetence I see is spread by people who obviously cannot read. Braves own their website clearly states that their project website that this is no replacement for Tor Browser. They fixed it btw, you you just swipe under the carpet which benefits your bias.
Firefox has much bigger history of incidents and scandals. Facts. Another fact is that mistakes will always be made because with more code complexity more problems will occur one way or another. This is a basic principle for every coder and Browser.
Possible scam and theft?
Baseless accusations flying around all the time, the author here picked that up because he thinks it benefits his opinion. There was no scam nor theft. The whole crypto system within the Browser is pretty new and mistakes can occur, you normally contact the support and sort this out in private and do not start a drama about every small fart.
The system is pretty transparent, even gives you a summary and estimate about what you might earn for next month. The system that is OPTIONAL is constantly be improved, updated and monitored. There is no fraud.
I got last month X bat and they came a bit later because the system from Uphold, this is not Brave, had issues. This is no fraud, it is simply something that needs to be improved on their end. Brave cannot enforce or influence it. Brave even in public announce and show if there are known issue, this is transparency and not the opposite.
Giant banners and Infos + warnings are at all times given if something is wrong. Just check the forum, Twitter or their subreddit. You do not need to register yourself on mentioned platforms, you can see that clearly and directly.
Braves Rewards system depends on Uphold, later Gemini too and those providers need to sync their transaction, status etc. and sometimes it takes longer, or sometimes the chain forgets things and need to re-validate things and verify bunch of things. This all got addressed, fixed and improved.
Brave Team was open on this from day one. Everyone with potential problems could go into the official forums, open a thread or contact the Team to review potential issues with the system. This can happen if you rely on third-parties. The underlying lesson is that it would have been better to build your own system and infrastructure but Brave is simply not yet big enough for that. This is why support can help resolving such problems.
There is absolute no evidence that there was some sort of fraud, scam etc involved, it is the opposite, go into the official forums, the team here does a fantastic job and are very supportive. Same like the Firefox support team btw. Such people usually help when they can if there are serious and legitimate problems.
People misinformed others and it got huge media attention for no reason at all. You solve problems by contacting the team, find the actual problems and then fix it, so that it helps everyone and you do not give up because there are some little flaws because you are upset that the world does not work like you expected it works.
Hostility towards forks
It is called preventing theft, smear and to avoid reputation damage. Most forks are useless. They offer nothing, you can just submit a patch and fix that in the original code.
The thing he is referring to is that some clowns tried to fork Brave, removed telemetry that never existed. Which I would also have taken down because it is to smear others and to promote your own project on behalf of dozens Brave volunteers and employees. There was also absolute no patch submitted to clear this misunderstanding, instead they just forked it which caused confusion within the community.
The logic to fork a Browser with one or two man development, claiming it is more secure than in comparison to a entire team original team that operates on a professional level is ridiculous. You usually try to contact the original author first and clear things out by submitting patches, ask for permission and none of this happened. There was no communication in advance, it was mainly an attempt to farm reputation on possible donations on behalf of Chromium and Brave.
The fork he defends was created by people that are connected to the nazi or alt-right scene. You did not saw this coming when you picked up the smear you found via Google did you...
Forks and Stores are often quickly abused to gain quickly attention in order to troll others which brings a negative light especially on those who are not even involved in such stupid fights. It makes things overall worse.
Not every fork is like that, or designed to spread hate but a lot of them and the chance is high that you install something that becomes quickly outdated because the maintainer has no interest in spending countless unpaid hours in doing the necessary work to keep it up-to-date.
Chromium and Google’s monopoly
The monopoly is created because people use Google products, it is that simple. If everyone uses Firefox would you say the same, nope.
Monopolies are in general something bad for normal daily consumer like us. This is a philosophical discussion and not an argument whenever society and government should allow and support it or not. What has this to do with privacy, right, nothing. It is a generalization question that politicians and society needs to solve and not Mozilla, Google or Brave.
Besides that, the author is once again proven to be entirely wrong, there exist multiple browser engines some are just not maintained anymore or there are no popular apps for it that made it into the bigger mass.
- The author is no expert nor did he invested lots of time, serious time in doing proper research on the topics he claims are fraud, scam, privacy invasive etc. He never asked on Twitter, Mastodon or on GitHub something to clear the situation in a respectful manner, instead he echo chambers what some other people pick up, cherry pick issue tickets randomly without mention that every issue ticket can be solved. Picking up randomly issue tickets and claim xyz is unprofessional and pointless, since Firefox is older and has more opened issue tickets and overall more members and maintainers, which automatically anyway end up with more tickets. Claiming, based on some tickets that something is less or more private friendly is nonsense because some issues are simply harder to fix or possible workarounds would break things.
- The author comes to the wrong conclusion based on - hearsay and observation - instead of pointing to the actual source code or official statements. He provides just his words and opinion. An opinion that supports Firefox because he uses it and want to convince others to do the same.
- He compares a hardened Firefox against vanilla Brave Browser entirely ignoring that you can harden Brave Browser too.
- Another display of the aggressive fanboyism of the Firefox fanboy community trying to convince others to use their beloved product, which they advocate and not suggest what is the best and this is privacy wise Brave Browser, if you like it or not. Brave in direct companionship beats the competition because it provides solid private settings by default for lots of people, you can change those defaults same like you can change defaults in Firefox or any other Browser.
- The author spreads knowingly misinformation, which is dangerous and this happened again by someone who has no interest to reveal, debunk or confirm actual facts because that usually takes time, passion, knowledge on the source as well as interest - things he does not have.
- Facts have no bias, but this user huge bias which he clearly shows, he insults, he is unprofessional, he is rude and advocates a community mainly driven by trolls. The Mozilla Firefox community showed on many many occasions how toxic some of their users are in defending their beloved Browser, this happened here once again. Shame on such people, because people might think that everyone in that community is like that, which is not the case.
- The author was on Reddit debunked and proven wrong, added this as statement in smaller letters on top of his article, promised to address it, which he never did, had not even the guts to link the shit-storm he got on Reddit right on top of his page because people would have clicked it and that would have explained everything without going trough his nonsense.
Am I a fanboy or advocate...
My overall position was always - go with the best -, Brave here, in this regard provides a reasonable and strong all-in-one package for beginners and advance users that value privacy. This is and remains true.
I like to point to historic events and show the entire picture and not what benefits my own beliefs. I take things how they are not not how I want to see them, the difference between an amateur and professional.
Brave had things that could have been avoided, so did Firefox. I make mistakes, you do and you show how you deal with the problems, if you give up, continue and address this in a professional manner or not, the author of this article is unprofessional because even after the community and I prove him wrong he let this stand which speaks against him and brings a bad light on the Firefox community.
Fanboysim is and remains as of today Firefox biggest problem, the toxicity that this automatically creates brings lots of drama and problems alone with it that is not even worth it.
If you want to criticize or show historic events and point the finger on it, do it more professional and more objectively. But if your goal is to undermine others with claims then you should not be a part of the discussion because you already disrespect other peoples work, passion and dedication who just try to provide reasonable alternatives.
Competition is a good thing and not a bad thing, it can help the end-consumer and exactly creates the opposite of monopolies. Brave uses Chromium as upper layer, yes, but there are lots of reasons to support the decision. Security, lots of people inspecting the Chromium code and many more reasons that should be clear.
My overall advise to handle this
You can tweak pretty much every Browser, it is matter of research, effort, support, and if you are willingly to accept the challenge or not. Some Browsers focus entirely on that, others do not which does not mean they do not care but is not their task to deal with website breakages because web-masters use and defend tracking, ads and what we call today web-standards.
- If you value privacy that much that you need to smear Brave use Tor Browser. This was and is designed for Privacy from the start.
- If you want a solid out of the box experience without going trough the hassle of much tweaking, use Brave Browser.
- If you want to tweak things on your own, do it.
- If you like to use pre-compiled binaries or hardened Browsers use the one you prefer.
Do not enforce your bias and sympathy onto others and recommend anyone anything if you are highly based, this never ends up good for you, which is once again proven.
I am ashamed deeply that the Firefox community even defends and links such crap and allow smearing the competition. This is toxic on multiple levels.
The Firefox subreddit also loves to discredit Chrome, and other Browsers and link everything - what they think - benefits Mozilla, or what they think are failures from the competition, straight into their own subreddit to convince others aggressively of their own beliefs, like a religion. Problem with this is that it can create conflicts because it echo chambers opinions and not the whole picture, and why the Subreddit mods support such doings is beyond me. This also goes vice-versa, Vivaldi etc doing the same, which is IMHO unacceptable. If you really want to do that you also need to clearly point out your own failures, but that often falls down in the process, because making clicks or creating attention on behalf of others is easier than pointing out your own controversies and mistakes.
Objectiveness is IMHO only given if you mention everything and not only the parts that benefits you, your community or you beloved product. The sad story and thing here is that this never helped Mozilla nor the community at all because the more you mention Chrome and alternatives the more people have interest in inspecting it and using it to find out if the accusations are true, which often ends up with a NOPE, same like in this case.
That said there is nothing wrong with the Brave Browser that deserves such a disrespectful article.
I judge such people and their motivations because they aggressively want to convince other people that are no experts to use what they use.
What have we learned
Do not wrongfully accuses or smear others, otherwise you might get the same back and people like me even debunk you as highly based and amateur.
What I like to add in order to close this topic once and for all
I have no respect for smear, accusations, disrespect, intolerance and deliberately incompetent people who enforce their own point of views based on dirt they pick up on the internet onto others.
Brave Team, contributors and supporters doing a fine job, lots of efforts and research was put into Brave Browser which I am personally thankful for.