this post was submitted on 06 Jul 2023
43 points (90.6% liked)

Privacy

32173 readers
1305 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

I've been using Brave for the past three or so years but I do know that Linux/privacy enthusiasts tend to swear by Firefox. Wanted to get people's thoughts on this topic to see if I should be making a potential switch. Thanks!

top 50 comments
sorted by: hot top controversial new old
[–] [email protected] 32 points 2 years ago (1 children)

I haven't done an audit of either but here are some points to consider:

  1. Brave is built on top of chromium, so it "by default" exposes lots of new APIs that Google is introducing that make fingerprinting easier if not outright invade your privacy. For example see https://mozilla.github.io/standards-positions/ and look at the "negative" items. Many of them such as Web NFC, Web Bluetooth and WebUSB API are against because they don't have adequate protections against fingerprinting or other privacy or security concerns. Brave seems to do a pretty good job removing or disarming these APIs but they are basically trying to keep their balance on a shaky and antagonistic foundation.
  2. On a similar note Google pushing these APIs work because of the greater market share. Again, derivatives can provide some resistance by disabling these APIs but unless all of them block the same APIs they will still be available widespread. So using a Chromium-based browser harms the entire web over time by allowing Google to have control. Right now Firefox (and derivatives) and Safari are the only browsers that you can use to truly oppose Google's control over the web platform.
[–] [email protected] 6 points 2 years ago* (last edited 2 years ago)

Agreed! Many times I faced the fact that the Chrome developers don't follow the W3C standards, but they require it from Mozilla. Therefore, some functionality will only work in Chrome, but not in Mozilla (it's not their bad!).

[–] [email protected] 26 points 2 years ago (14 children)

Brave has tried one scam after another before. I wouldn't trust it for a second for any use.

load more comments (14 replies)
[–] [email protected] 17 points 2 years ago* (last edited 2 years ago) (2 children)

Is it more private than brave? Normal Firefox: no Librewolf (Firefox Fork): yes Hardened Firefox: yes

[–] [email protected] 2 points 2 years ago

Good answer. Hardened Firefox or LibreWolf with some extensions are awesome options for privacy!

[–] [email protected] 1 points 2 years ago

LibreWolf nd Brave are on the same Level if both are hardened.

[–] [email protected] 14 points 2 years ago (1 children)

Hardened Firefox with Multiaccount Containers is the most private daily driver browser you can have

[–] Cannabisms 2 points 2 years ago (1 children)

Mull on android too, hardened firefox

load more comments (1 replies)
[–] [email protected] 11 points 2 years ago (1 children)

As hard as it is for me to admit, and based on some tests, Brave had better fingerprinting resistance than Firefox. I don't trust the guys behind Brave, but their product is good.

[–] [email protected] 4 points 2 years ago (1 children)

Iirc isn't it more like Brave is better out of the box, but given sufficient configuration, both are more or less equal?

[–] [email protected] 1 points 2 years ago

Out of the box - yes, maybe. But I think that with some extensions (uBlock Origin, CanvasBlocker, Chameleon) and tweaking hardened Firefox (LibreWolf, Mull) would be way better!

[–] [email protected] 10 points 2 years ago

Not the point. Using a chromium browser is a vote for Google domination of the web. Just no.

[–] heimlichmanure 10 points 2 years ago (1 children)

Brave isn't more private than Firefox but depending on the platform that Firefox is on, Firefox might be less secure than Brave.

[–] [email protected] 4 points 2 years ago (1 children)

Still waiting for Firefox Android to be secure enough for me to ditch Brave.

[–] [email protected] 6 points 2 years ago (1 children)

OOL, what's up with firefox android's app?

[–] [email protected] 5 points 2 years ago

IIRC something along the lines of it not having proper site isolation, making it less secure.

[–] [email protected] 9 points 2 years ago (3 children)

Short version: Firefox on desktop, something chromium-based on Android. See https://www.privacyguides.org/en/tools/ for the long version!

[–] [email protected] 2 points 2 years ago

For security - yes, chromium-based. But for privacy Mull (Fennec) with extension support would be superior!

[–] [email protected] 1 points 2 years ago (1 children)

No sync that way though, so I'm not sure how someone would access bookmarks, history, and open tabs that way.

[–] [email protected] 2 points 2 years ago (1 children)

Up to you if you think that feature is worth the security/privacy loss. Personally I've not missed syncing tabs across devices, I do most things on the one device anyway.

[–] [email protected] 2 points 2 years ago (1 children)

I don't think there would be any privacy loss, Firefox sync is encrypted and all that. I work on multiple devices so I absolutely need it.

[–] [email protected] 1 points 2 years ago

I meant the security/privacy loss of using Chromium on desktop or Firefox on Android

[–] [email protected] 2 points 2 years ago* (last edited 2 years ago) (5 children)

Brave is more secure, in terms of safety, because it's base on chromium and has unique Privacy Features. If you won't use Brave, LibreWolf or hardened Firefox is ur best choice.

[–] [email protected] 9 points 2 years ago

While Chromium itself is a very solid platform, and correspondingly Chrome is a hard exploitation target, it's quite easy to screw up a fork of it. Comodo Secure Browser was a chromium fork that was fixed to an old version of the renderer with known security issues and was built to disable the sandbox. It also added libraries that were compiled without ASLR that worsened security for every application that loaded them.

Chrome has an enormous security team behind it in addition to P0, so bounties on Chrome exploits are around $500k. FF bounties are a fifth of that, which is probably a portion of less security, and a portion of lower target market. Brave could be doing terrible things that without an audit would be unknown. Web3 code is pretty terrible on the whole, so adding that to a secure base may not be great...

[–] [email protected] 8 points 2 years ago (11 children)

Brave is so unsecure because it uses chromium. The only unique thing i saw on brave was the crypto miner included. Chrome can easily just change terms so that brave looses his licence for chromium. Firefox is more secure in the way it is more secure, because they are not focused on stealing your data and there is librewolf yeah that one is open source and is the most secure of those 3

load more comments (11 replies)
[–] [email protected] 7 points 2 years ago (1 children)

Brave is more secure in terms of security. Security and safety are two entirely different attributes from a technical pov. And privacy and security are also not the same, though privacy is greatly impacted without security as you implied.

Firefox is more private than Brave but less secure. Neither is necessarily safer than the other, it depends on how much either app tends to misbehave within the constraints of your own use case. Since the use cases are different (privacy vs. security), it's harder to compare safety on an even playing field.

[–] [email protected] 1 points 2 years ago (1 children)

I would like to see evidence for your claim that Firefox is more private.

[–] [email protected] 4 points 2 years ago (4 children)

Exhibit A: The Tor Browser, which focuses on maximizing privacy, is based on Firefox rather than Chromium. They upstream a lot of their major stuff to regular Firefox.

Exhibit B: Firefox therefore has privacy features that Chromium-based browsers just do not have, like first-party isolation or letterboxing for example.

Brave's preconfiguration is a lot more private than Firefox out of the box, but hardened* Firefox is more private than Brave even with extra work put in.

*: Not just configuration (Arkenfox) but also patches. Like Librewolf (better) or Mullvad Browser (even better) or straight up Tor Browser (best).

load more comments (4 replies)
load more comments (2 replies)
load more comments
view more: next ›