this post was submitted on 06 Jul 2023
47 points (98.0% liked)

Privacy

31390 readers
1054 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 4 years ago
MODERATORS
k_o_t@lemmy.ml
tmpod@lemmy.pt
Yayannick@lemmy.ml
ranok@sopuli.xyz
47
Is Firefox any more private/secure than Brave? (sopuli.xyz)
submitted 1 year ago by brihuang95@sopuli.xyz to c/privacy@lemmy.ml
92 comments fedilink hide all child comments
 

I've been using Brave for the past three or so years but I do know that Linux/privacy enthusiasts tend to swear by Firefox. Wanted to get people's thoughts on this topic to see if I should be making a potential switch. Thanks!

top 50 comments
sorted by: hot top controversial new old
[–] kevincox@lemmy.ml 33 points 1 year ago (1 children)

I haven't done an audit of either but here are some points to consider:

  1. Brave is built on top of chromium, so it "by default" exposes lots of new APIs that Google is introducing that make fingerprinting easier if not outright invade your privacy. For example see https://mozilla.github.io/standards-positions/ and look at the "negative" items. Many of them such as Web NFC, Web Bluetooth and WebUSB API are against because they don't have adequate protections against fingerprinting or other privacy or security concerns. Brave seems to do a pretty good job removing or disarming these APIs but they are basically trying to keep their balance on a shaky and antagonistic foundation.
  2. On a similar note Google pushing these APIs work because of the greater market share. Again, derivatives can provide some resistance by disabling these APIs but unless all of them block the same APIs they will still be available widespread. So using a Chromium-based browser harms the entire web over time by allowing Google to have control. Right now Firefox (and derivatives) and Safari are the only browsers that you can use to truly oppose Google's control over the web platform.
[–] astramist@lemmy.sdf.org 7 points 1 year ago* (last edited 1 year ago)

Agreed! Many times I faced the fact that the Chrome developers don't follow the W3C standards, but they require it from Mozilla. Therefore, some functionality will only work in Chrome, but not in Mozilla (it's not their bad!).

[–] XTL@sopuli.xyz 28 points 1 year ago (1 children)

Brave has tried one scam after another before. I wouldn't trust it for a second for any use.

[–] Voxel@feddit.de 6 points 1 year ago* (last edited 1 year ago) (2 children)

Please provide any evidence for your false claim.

[–] 133arc585@lemmy.ml 9 points 1 year ago* (last edited 1 year ago) (2 children)

Depends on what you call a scam. I am not sure it's the right word, but duplicitous behavior and definite privacy violations (even if by negligence) are absolutely true.

They have sent out direct mailers that basically equated to a customer list leak; also I'd take a peek at the wikipedia entry about their business model, which mentions some stuff that isn't the most savory:

... Brave earns revenue from ads by taking a 15% cut of publisher ads and a 30% cut of user ads. User ads are notification-style pop-ups, while publisher ads are viewed on or in association with publisher content.

On 6 June 2020, a Twitter user pointed out that Brave inserts affiliate referral codes when users navigate to Binance

In regards to the mailers, they messed up and passed blame,

In this process, our EDDM vendor made a significant mistake by not excluding names, but instead including names before addresses, resulting in the distribution of personalized mailers.

With regards to the CEO, he made a donation to an anti-LGBT cause when he was CEO of Mozilla in 2008. He lost his job at Mozilla due to his anti-LGBT stance.

He also spreads COVID misinformation.

[–] Unlucky_Boot3467@lemmy.world 4 points 1 year ago (1 children)

Really loving how a CEO's political views somehow fucking matter the security of a browser lmao. God I fucking hate this generation

load more comments (1 replies)
[–] binEpilo@discuss.tchncs.de 19 points 1 year ago* (last edited 1 year ago) (2 children)

Is it more private than brave? Normal Firefox: no Librewolf (Firefox Fork): yes Hardened Firefox: yes

[–] Voxel@feddit.de 2 points 1 year ago

LibreWolf nd Brave are on the same Level if both are hardened.

load more comments (1 replies)
[–] heimlichmanure@lemmy.world 13 points 1 year ago (1 children)

Brave isn't more private than Firefox but depending on the platform that Firefox is on, Firefox might be less secure than Brave.

[–] ruination@discuss.tchncs.de 5 points 1 year ago (1 children)

Still waiting for Firefox Android to be secure enough for me to ditch Brave.

[–] brihuang95@sopuli.xyz 6 points 1 year ago (1 children)

OOL, what's up with firefox android's app?

[–] ruination@discuss.tchncs.de 5 points 1 year ago (1 children)

IIRC something along the lines of it not having proper site isolation, making it less secure.

load more comments (1 replies)
[–] sizeoftheuniverse@programming.dev 13 points 1 year ago (1 children)

As hard as it is for me to admit, and based on some tests, Brave had better fingerprinting resistance than Firefox. I don't trust the guys behind Brave, but their product is good.

[–] ruination@discuss.tchncs.de 4 points 1 year ago (1 children)

Iirc isn't it more like Brave is better out of the box, but given sufficient configuration, both are more or less equal?

load more comments (1 replies)
[–] Engywuck@lemmy.ml 12 points 1 year ago* (last edited 1 year ago) (2 children)

By default? I think so.

https://privacytests.org/

(these test are done with browsers at their defaults). Librewolf is on par with Brave, but I vehemently hate its interface and refuse to unfuck it wasting my time on CSS.

I'm on Brave as well since 2021, after almost 20 years of being an avid FF user and supporter. I don't like how FF is evolving and what Mozilla is doing and I don't buy the "Chromium domination" argument. If the sole reason to use FF is that "it is not Chromium", well, the developers aren't doing a great job.

However, let's be real: privacy on a browser matters until you go to whatever website that track you on the server side (Google/Facebook/Youtube/Whatever), or when you write an email from from you Gmail account, or when you buy stuff on Amazon... And so on. Just use the browser that works best for you and don't be paranoid.

[–] smeg@feddit.uk 10 points 1 year ago (2 children)

Don't forget that https://privacytests.org/ is run by a Brave employee!

[–] Voxel@feddit.de 5 points 1 year ago (1 children)

That hasn't do anything with the results. You can test everything yourself. Techlore also made a interview with him.

[–] smeg@feddit.uk 3 points 1 year ago (1 children)

As I said in another comment, if you work for Brave you're probably going to write tests that play to Brave's strengths

[–] Voxel@feddit.de 5 points 1 year ago (2 children)

There is enough evidwnce that this is wrong. I would recommend to watch Techlores Interview too.

load more comments (2 replies)
[–] Engywuck@lemmy.ml 2 points 1 year ago* (last edited 1 year ago) (1 children)

It discloses that on the front page, below the test table. Anyway, the tests are open source and they check pretty common stuff. I can't see the problem there if Firefox comes out having actually worse defaults.

It is how it is, there isn't much more to say. As a matter of fact, Librewolf gets a lot more green ticks, same or more than Brave. Thus, I can hardly see bad faith on what the website does.

[–] smeg@feddit.uk 2 points 1 year ago (1 children)

It's not necessarily bad, and I assume all the tests are legit, it's just that someone working for Brave will have a bias towards writing tests for things that Brave does well (and on the flip side, Brave will make them take the site down if it makes them look bad)

[–] Engywuck@lemmy.ml 2 points 1 year ago* (last edited 1 year ago)

I understand that, and what you say is entirely possible, in theory. On the other hand, I see that the tests performed there are pretty standard. I mean, there is nothing exotic that only Brave does well there and Librewolf shines as well. Then, c'mon, Brave surely had missteps in the past, but is generally know to be a solid choice with regard to privacy.

That said, there's an open issue with the same concerns. Even if I'd say that nobody would complain about the employer of the author if Firefox came out with better score from those test...

[–] aba11@birdon.social 4 points 1 year ago (1 children)

@Engywuck do you mind expanding on this? Genuinely curious: “I don’t like how FF is evolving and what Mozilla is doing”

[–] Engywuck@lemmy.ml 2 points 1 year ago

No, sorry. I have had endless arguments and discussion about this topic. I'm tired of talking about it. I'm just using a browser that works better than FF for me and I don't want to support Mozilla anymore (after 20 years). That's it.

[–] furrowsofar@beehaw.org 12 points 1 year ago

Not the point. Using a chromium browser is a vote for Google domination of the web. Just no.

[–] smeg@feddit.uk 9 points 1 year ago (12 children)

Short version: Firefox on desktop, something chromium-based on Android. See https://www.privacyguides.org/en/tools/ for the long version!

load more comments (12 replies)
[–] Voxel@feddit.de 8 points 1 year ago* (last edited 1 year ago) (5 children)

Brave is more secure, in terms of safety, because it's base on chromium and has unique Privacy Features. If you won't use Brave, LibreWolf or hardened Firefox is ur best choice.

[–] understandable@lemmy.ml 11 points 1 year ago (1 children)

Brave is more secure in terms of security. Security and safety are two entirely different attributes from a technical pov. And privacy and security are also not the same, though privacy is greatly impacted without security as you implied.

Firefox is more private than Brave but less secure. Neither is necessarily safer than the other, it depends on how much either app tends to misbehave within the constraints of your own use case. Since the use cases are different (privacy vs. security), it's harder to compare safety on an even playing field.

[–] Voxel@feddit.de 2 points 1 year ago (1 children)

I would like to see evidence for your claim that Firefox is more private.

[–] understandable@lemmy.ml 4 points 1 year ago (4 children)

Exhibit A: The Tor Browser, which focuses on maximizing privacy, is based on Firefox rather than Chromium. They upstream a lot of their major stuff to regular Firefox.

Exhibit B: Firefox therefore has privacy features that Chromium-based browsers just do not have, like first-party isolation or letterboxing for example.

Brave's preconfiguration is a lot more private than Firefox out of the box, but hardened* Firefox is more private than Brave even with extra work put in.

*: Not just configuration (Arkenfox) but also patches. Like Librewolf (better) or Mullvad Browser (even better) or straight up Tor Browser (best).

load more comments (4 replies)
[–] Rooki@lemmy.ml 10 points 1 year ago (9 children)

Brave is so unsecure because it uses chromium. The only unique thing i saw on brave was the crypto miner included. Chrome can easily just change terms so that brave looses his licence for chromium. Firefox is more secure in the way it is more secure, because they are not focused on stealing your data and there is librewolf yeah that one is open source and is the most secure of those 3

[–] emax_gomax@lemmy.world 5 points 1 year ago (2 children)

Unsecure how exactly? Being chromium makes the browser more standard. It blends in with other browsers easier which means it can add protections while still showing itself as chromium compatible. I'd like to learn more about how chromium can just kill forks by updating the license, last I heard it was a BSD compatible one and I wasn't aware of it retroactively restricting access. Of course google can just fork and deprecate chromium with a more restrictive license given their the key copyright holders but as their project that isn't surprising. Firefox isn't interested in harvesting your data but that isn't security, it's privacy. Most chromium forks are the same. Brave doesn't harvest your data. It did once (and it can be argued you should avoid it just for that) but you seem to care less about which browser is best for your online privacy and more for just shilling firefox. For reference I use and love librewolf, but I like to consider myself open minded enough to try the other options... such as they are.

load more comments (2 replies)
load more comments (8 replies)
[–] ranok@sopuli.xyz 9 points 1 year ago

While Chromium itself is a very solid platform, and correspondingly Chrome is a hard exploitation target, it's quite easy to screw up a fork of it. Comodo Secure Browser was a chromium fork that was fixed to an old version of the renderer with known security issues and was built to disable the sandbox. It also added libraries that were compiled without ASLR that worsened security for every application that loaded them.

Chrome has an enormous security team behind it in addition to P0, so bounties on Chrome exploits are around $500k. FF bounties are a fifth of that, which is probably a portion of less security, and a portion of lower target market. Brave could be doing terrible things that without an audit would be unknown. Web3 code is pretty terrible on the whole, so adding that to a secure base may not be great...

load more comments (2 replies)
load more comments
view more: next ›