Merge pull request 'merge so there would be no need to update the branch on next pull' (#4) from shadow/SpywareWatchdog:master into master
Reviewed-on: https://codeberg.org/baobab/SpywareWatchdog/pulls/4
This commit is contained in:
Baobab
commit
491d661389
|
|
@ -24,8 +24,8 @@
|
||||||
<br></br>
|
<br></br>
|
||||||
<p><i>"Loading a script from an edge-cache does not track a user without third-party cookies or equivalent browser-local storage, which Brave always blocks and always will block. In other words, sending requests and receiving responses without cookies or other means of identifying users does not necessarily create a tracking threat."</i><sup><a href="#seven">[7]</a></sup></p>
|
<p><i>"Loading a script from an edge-cache does not track a user without third-party cookies or equivalent browser-local storage, which Brave always blocks and always will block. In other words, sending requests and receiving responses without cookies or other means of identifying users does not necessarily create a tracking threat."</i><sup><a href="#seven">[7]</a></sup></p>
|
||||||
<br></br>
|
<br></br>
|
||||||
<p>This couldn't be more far from the truth. Just because a website isn't able to store cookies, doesn't mean it can't uniquely identify you. Using JavaScript from Facebook and Twitter would be more than enough to track you and blocking cookies alone isn't going to stop that. Just as a quick point of reference to what information JavaScript can scrape, you might want to visit <a href="https://coveryourtracks.eff.org">this</a>.</p>
|
<p>This couldn't be more far from the truth. Just because a website isn't able to store cookies, doesn't mean it can't uniquely identify you. Using JavaScript from Facebook and Twitter would be more than enough to track you and blocking cookies alone isn't going to stop that. Just as a quick point of reference to what information JavaScript can scrape, you might want to visit <a href="https://coveryourtracks.eff.org">this website</a>.</p>
|
||||||
<p>They later on added an option to the extension to disable all of the JavaScript, but this new feature seems to be nothing more than the JavaScript switch found in <a href="chrome://settings/content/javascript">vanilla Chromium</a>. They also added an option <a href="brave://settings/socialBlocking">here</a> to block some of the scripts from Facebook, Twitter, and LinkedIn after receiving pushback.</p>
|
<p>They later on added an option to the extension to disable all of the JavaScript, but this new feature seems to be nothing more than the JavaScript switch found in <a href="chrome://settings/content/javascript">vanilla Chromium</a>. They recently added an option <a href="brave://settings/socialBlocking">here</a> to block some of the scripts from Facebook, Twitter, and LinkedIn after receiving some pushback.</p>
|
||||||
<p>A quick note on the whitelisting trackers: This specific point on whitelisting trackers isn't making the case of Brave being spyware as much as it's making the case of Brave's privacy features being snake oil.</p>
|
<p>A quick note on the whitelisting trackers: This specific point on whitelisting trackers isn't making the case of Brave being spyware as much as it's making the case of Brave's privacy features being snake oil.</p>
|
||||||
<h3>Auto-updates</h3>
|
<h3>Auto-updates</h3>
|
||||||
<p>Brave will check for updates every time you run it, and you can't turn it off from the browser. Athough, it's on Brave's low priority list to add an option to do so<sup><a href="#two">[2]</a></sup>. I say low priority because it's been over a year and it hasn't been implemented yet.</p>
|
<p>Brave will check for updates every time you run it, and you can't turn it off from the browser. Athough, it's on Brave's low priority list to add an option to do so<sup><a href="#two">[2]</a></sup>. I say low priority because it's been over a year and it hasn't been implemented yet.</p>
|
||||||
|
|
@ -33,11 +33,11 @@
|
||||||
<h3>Anti-privacy search engine by default</h3>
|
<h3>Anti-privacy search engine by default</h3>
|
||||||
<p><a href="../articles/google.html">Google</a> is the default search engine of Brave. For a browser that claims to be privacy oriented, this is a red flag. They at least make it easy for you to change the default search engine on the first run.</p>
|
<p><a href="../articles/google.html">Google</a> is the default search engine of Brave. For a browser that claims to be privacy oriented, this is a red flag. They at least make it easy for you to change the default search engine on the first run.</p>
|
||||||
<h3>Brave has built-in telemetry</h3>
|
<h3>Brave has built-in telemetry</h3>
|
||||||
<p>While running, Brave will make lots of requests to the domain <code>p3a.brave.com</code> as telemetry. They claim they store the collected data for several days<sup><a href="#eight">[8]</a></sup>. Telemetry is the last thing that comes to mind when I imagine a privacy oriented browser. This feature is an opt-out that can be disabled in the settings.</p>
|
<p>While running, Brave will make lots of requests to the domain <code>p3a.brave.com</code> as telemetry. They claim they store the collected data for several days<sup><a href="#eight">[8]</a></sup>. Telemetry is the last thing that comes to mind when I imagine a privacy oriented browser. This feature is an opt-out that can be disabled. This opt-out can be disabled <a href="brave://settings/privacy">here</a>.</p>
|
||||||
<h3>Brave Today</h3>
|
<h3>Brave Today</h3>
|
||||||
<p>Brave now has new feature similar to Firefox Pocket called Brave Today. If you don't know what Firefox Pocket is, it's basically an rss-like news feed is shown in every blank tab. This feature Brave has is sadly an opt-out rather than an opt-in and sends lots of requests to Brave's servers. I can't seem to disable it in and of itself, but setting the new tab page to blank in the settings seems to stop the requests.</p>
|
<p>Brave now has new feature similar to Firefox Pocket called Brave Today. If you don't know what Firefox Pocket is, it's basically an rss-like news feed is shown in every blank tab. This feature Brave has is sadly an opt-out rather than an opt-in and sends lots of requests to Brave's servers. I can't seem to disable it in and of itself, but setting the new tab page to blank in the settings seems to stop the requests.</p>
|
||||||
<h3>SafeBrowsing</h3>
|
<h3>SafeBrowsing</h3>
|
||||||
<p>Brave uses SafeBrowsing. It's a feature that tries to "protect" the user from potentially unsafe websites. However, it sends requests to fetch the information required to do so. Judging by some of the information in <code>Miscellaneous requests worth noting</code>, I wouldn't put it past Brave to use Google's SafeBrowsing implementation rather than their own. This opt-out can be disabled in the settings.</p>
|
<p>Brave uses SafeBrowsing. It's a feature that tries to "protect" the user from potentially unsafe websites and extensions. However, it sends requests to fetch the information required to do so. Judging by some of the information in <code>Miscellaneous requests worth noting</code>, I wouldn't put it past Brave to use Google's SafeBrowsing implementation rather than their own. This opt-out can be disabled <a href="brave://settings/security">here</a>.</p>
|
||||||
<h3>Brave Rewards</h3>
|
<h3>Brave Rewards</h3>
|
||||||
<p>Brave has a rewards program. You can find more information about it here<sup><a href="#three">[3]</a></sup>. At first glance it looks like the rewards program is an opt-in, but the browser makes requests to these domains regardless if you sign up or not:</p>
|
<p>Brave has a rewards program. You can find more information about it here<sup><a href="#three">[3]</a></sup>. At first glance it looks like the rewards program is an opt-in, but the browser makes requests to these domains regardless if you sign up or not:</p>
|
||||||
<div class="center">
|
<div class="center">
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue