this post was submitted on 06 Jul 2023
0 points (50.0% liked)

Privacy

31253 readers
615 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 4 years ago
MODERATORS
k_o_t@lemmy.ml
tmpod@lemmy.pt
Yayannick@lemmy.ml
ranok@sopuli.xyz
0
Is Firefox any more private/secure than Brave? (sopuli.xyz)
submitted 1 year ago by brihuang95@sopuli.xyz to c/privacy@lemmy.ml
27 comments fedilink hide all child comments
 

I've been using Brave for the past three or so years but I do know that Linux/privacy enthusiasts tend to swear by Firefox. Wanted to get people's thoughts on this topic to see if I should be making a potential switch. Thanks!

top 27 comments
sorted by: hot top controversial new old
[–] kevincox@lemmy.ml 1 points 1 year ago (1 children)

I haven't done an audit of either but here are some points to consider:

  1. Brave is built on top of chromium, so it "by default" exposes lots of new APIs that Google is introducing that make fingerprinting easier if not outright invade your privacy. For example see https://mozilla.github.io/standards-positions/ and look at the "negative" items. Many of them such as Web NFC, Web Bluetooth and WebUSB API are against because they don't have adequate protections against fingerprinting or other privacy or security concerns. Brave seems to do a pretty good job removing or disarming these APIs but they are basically trying to keep their balance on a shaky and antagonistic foundation.
  2. On a similar note Google pushing these APIs work because of the greater market share. Again, derivatives can provide some resistance by disabling these APIs but unless all of them block the same APIs they will still be available widespread. So using a Chromium-based browser harms the entire web over time by allowing Google to have control. Right now Firefox (and derivatives) and Safari are the only browsers that you can use to truly oppose Google's control over the web platform.
[–] astramist@lemmy.sdf.org 0 points 1 year ago* (last edited 1 year ago)

Agreed! Many times I faced the fact that the Chrome developers don't follow the W3C standards, but they require it from Mozilla. Therefore, some functionality will only work in Chrome, but not in Mozilla (it's not their bad!).

[–] sizeoftheuniverse@programming.dev 0 points 1 year ago

As hard as it is for me to admit, and based on some tests, Brave had better fingerprinting resistance than Firefox. I don't trust the guys behind Brave, but their product is good.

[–] Voxel@feddit.de 0 points 1 year ago* (last edited 1 year ago) (2 children)

Brave is more secure, in terms of safety, because it's base on chromium and has unique Privacy Features. If you won't use Brave, LibreWolf or hardened Firefox is ur best choice.

[–] ranok@sopuli.xyz -1 points 1 year ago

While Chromium itself is a very solid platform, and correspondingly Chrome is a hard exploitation target, it's quite easy to screw up a fork of it. Comodo Secure Browser was a chromium fork that was fixed to an old version of the renderer with known security issues and was built to disable the sandbox. It also added libraries that were compiled without ASLR that worsened security for every application that loaded them.

Chrome has an enormous security team behind it in addition to P0, so bounties on Chrome exploits are around $500k. FF bounties are a fifth of that, which is probably a portion of less security, and a portion of lower target market. Brave could be doing terrible things that without an audit would be unknown. Web3 code is pretty terrible on the whole, so adding that to a secure base may not be great...

[–] Rooki@lemmy.ml -1 points 1 year ago (2 children)

Brave is so unsecure because it uses chromium. The only unique thing i saw on brave was the crypto miner included. Chrome can easily just change terms so that brave looses his licence for chromium. Firefox is more secure in the way it is more secure, because they are not focused on stealing your data and there is librewolf yeah that one is open source and is the most secure of those 3

[–] emax_gomax@lemmy.world 0 points 1 year ago (1 children)

Unsecure how exactly? Being chromium makes the browser more standard. It blends in with other browsers easier which means it can add protections while still showing itself as chromium compatible. I'd like to learn more about how chromium can just kill forks by updating the license, last I heard it was a BSD compatible one and I wasn't aware of it retroactively restricting access. Of course google can just fork and deprecate chromium with a more restrictive license given their the key copyright holders but as their project that isn't surprising. Firefox isn't interested in harvesting your data but that isn't security, it's privacy. Most chromium forks are the same. Brave doesn't harvest your data. It did once (and it can be argued you should avoid it just for that) but you seem to care less about which browser is best for your online privacy and more for just shilling firefox. For reference I use and love librewolf, but I like to consider myself open minded enough to try the other options... such as they are.

[–] Rooki@lemmy.ml 0 points 1 year ago (1 children)

Every browser that is chromium derived is depending on google. I tried before firefox chrome. But after the v3 manifest. That killed every "real" adblocker and script blocker. And that you cant block scripts is so secure :) ! Firefox IS the other option. F*** chrome browsers is my motto. As they are just poison. Because the fake "Polypol" google is creating with chromium.

[–] emax_gomax@lemmy.world 1 points 1 year ago

Again, I use Firefox, for the most part because of the reasons you've described. But none of what you've said is really an argument for security or privacy against the browser. If you just wanna say Google = evil, so don't trust anything they make, that's fine. The chromium forks aren't google owned and they don't need respect what google tries to do. Case in point manifest v3 came and brave still has native ad blockers and intend to support both manifest 2 and 3 going forward. It's really just a matter of who has the bandwidth and funding to maintain a browser of the scale of chromium or Firefox. Google clearly does, mozilla does a decent job despite the iffy funding situation actively restricting donations purely for the browser. If its just small privacy enhancing tweaks atop chromium smaller vendors like brave can do that. End of the day chromium is a well optimised, standardised and frankly well written browser that is perfectly fine for anyone that wants to use it. Should Google be the entity in charge of chromium given their clear conflict of interest, obviously not. But no one else has stepped upto the plate and mozilla is clearly the inferior in regards to features or browser optimisations (just due to scale of support available). Don't get me wrong, Firefox is great and everyone should use it for their own sakes, but this just blind fear mongering of anything chromium related isn't productive.

[–] Voxel@feddit.de 0 points 1 year ago* (last edited 1 year ago) (1 children)

Yep. They definitly added a crypto miner into their opensource code. 👍

[–] Rooki@lemmy.ml 0 points 1 year ago (1 children)

It was rumored sometime that they did or even thought about it.

[–] Voxel@feddit.de 0 points 1 year ago (1 children)

It would be the stupidiest thing ever.

[–] Rooki@lemmy.ml 0 points 1 year ago (1 children)

https://lemmy.world/post/1510069

LMAO something other happensd

[–] Voxel@feddit.de 0 points 1 year ago (1 children)

If you read it, you realize it isn't bad as it sounds and has nothing to do with there browser and really less with trustworthyness of the company in terms of privacy and security. So instead of trying to find evidence why "Brave is bad" make a Pro and Con List for Brave and compare it with the google infected Firefox and you will see why I prefer Brave as the browser of trust and use LibreWolf as second, because it's like a real private version of Firefox.

[–] Rooki@lemmy.ml 0 points 1 year ago (1 children)

Ok Chrome but in orange.

[–] Voxel@feddit.de 0 points 1 year ago* (last edited 1 year ago) (1 children)

This is the reason why I left Reddit, nice to see that the toxicity also arrived Lemmy.

[–] Rooki@lemmy.ml 1 points 1 year ago

Sorry 😕

[–] furrowsofar@beehaw.org 0 points 1 year ago

Not the point. Using a chromium browser is a vote for Google domination of the web. Just no.

[–] XTL@sopuli.xyz 0 points 1 year ago (1 children)

Brave has tried one scam after another before. I wouldn't trust it for a second for any use.

[–] Voxel@feddit.de 0 points 1 year ago* (last edited 1 year ago) (2 children)

Please provide any evidence for your false claim.

[–] spiritedaway@lemmy.ml -1 points 1 year ago (1 children)

Not OP, and these aren't scams as such, but there was some controversy with Brave inserting affiliate links within web pages and also hijacking links to redirect to other URLs that would earn them money.

The CEO also has some controversial views on the Corona virus and LGBTQ rights.

[–] Voxel@feddit.de 1 points 1 year ago

The CEO was before CEO of Mozilla lmao, but stepped back, because the entire Internet hated Firefox, because of his political opinion.

[–] 133arc585@lemmy.ml -1 points 1 year ago* (last edited 1 year ago) (1 children)

Depends on what you call a scam. I am not sure it's the right word, but duplicitous behavior and definite privacy violations (even if by negligence) are absolutely true.

They have sent out direct mailers that basically equated to a customer list leak; also I'd take a peek at the wikipedia entry about their business model, which mentions some stuff that isn't the most savory:

... Brave earns revenue from ads by taking a 15% cut of publisher ads and a 30% cut of user ads. User ads are notification-style pop-ups, while publisher ads are viewed on or in association with publisher content.

On 6 June 2020, a Twitter user pointed out that Brave inserts affiliate referral codes when users navigate to Binance

In regards to the mailers, they messed up and passed blame,

In this process, our EDDM vendor made a significant mistake by not excluding names, but instead including names before addresses, resulting in the distribution of personalized mailers.

With regards to the CEO, he made a donation to an anti-LGBT cause when he was CEO of Mozilla in 2008. He lost his job at Mozilla due to his anti-LGBT stance.

He also spreads COVID misinformation.

[–] Voxel@feddit.de 0 points 1 year ago

Tbh. Mozilla wasn't better in the past and as long it doesn't affect the product I don't mind the political views of the owner (it's still concerning). As long Brave can provide me better privacy and security for my daily browsing I will continue using and recommending it. And listening to Wikipedia he stepped back, by himself.

[–] smeg@feddit.uk -1 points 1 year ago (1 children)

Short version: Firefox on desktop, something chromium-based on Android. See https://www.privacyguides.org/en/tools/ for the long version!

[–] furrowsofar@beehaw.org 1 points 1 year ago (1 children)

I did not find any justification of why they arbitrarily did not considered Gecko browsers in privacyguides. They just made that statement. I am not surprised that certain chromium browsers are more secure simply because Google has a bigger budget, but I did not see any justification for it. Then again the EFF will say that Tor Browser is better then Brave so we can argue about these minor points forever.

Then again none of that minor stuff matters to me. I care more about the goals of the organizations themselves and I am not convinced that any of the Chromium browsers take us down a sane path. So I will be staying with Firefox thank you very much.

[–] smeg@feddit.uk 1 points 1 year ago

On Android, Firefox is still less secure than Chromium-based alternatives: Mozilla's engine, GeckoView, has yet to support site isolation or enable isolatedProcess.

From this page (which has links to Mozilla if you want to read more)