From bc2291047f67b9a03ffbecd05c6d898097739de9 Mon Sep 17 00:00:00 2001 From: Baobab Date: Tue, 29 Dec 2020 18:21:14 +0100 Subject: [PATCH 1/2] guess it was not the final fix for now --- articles/brave.html | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/articles/brave.html b/articles/brave.html index 261a26c..3ab0e3b 100644 --- a/articles/brave.html +++ b/articles/brave.html @@ -35,7 +35,7 @@

Brave has built-in telemetry

While running, Brave will make lots of requests to the domain p3a.brave.com as telemetry. They claim they store the collected data for several days[8]. Telemetry is the last thing that comes to mind when I imagine a privacy oriented browser. This feature is an opt-out that can be disabled. This opt-out can be disabled here.

Brave Today

-

Brave now has new feature similar to Firefox Pocket called Brave Today. If you don't know what Firefox Pocket is, it's basically an rss-like news feed is shown in every blank tab. This feature Brave has is sadly an opt-out rather than an opt-in and sends lots of requests to Brave's servers. I can't seem to disable it in and of itself, but setting the new tab page to blank in the settings seems to stop the requests.

+

Brave now has new feature similar to Firefox Pocket called Brave Today. If you don't know what Firefox Pocket is, it's basically an rss-like news feed is shown in every blank tab. This feature Brave has is sadly an opt-out rather than an opt-in and sends lots of requests to Brave's servers. I can't seem to disable it in and of itself, but setting the tabs to blank seems to stop the requests.

SafeBrowsing

Brave uses SafeBrowsing. It's a feature that tries to "protect" the user from potentially unsafe websites and extensions. However, it sends requests to fetch the information required to do so. Judging by some of the information in Miscellaneous requests worth noting, I wouldn't put it past Brave to use Google's SafeBrowsing implementation rather than their own. This opt-out can be disabled here.

Brave Rewards

@@ -48,9 +48,9 @@

Miscellaneous requests worth noting

Brave on first run sends a request to fetch the library used for checking spelling errors:

brave spelling library -

Brave on first run sends a request to variations.brave.com, which if I had to give a guess, has to do with the rewards program:

+

Brave on first run sends a request to variations.brave.com, which if I had to give a guess, has to do with the crypto aspect of the rewards program. It could also be some way of verifying the list of affiliates. The later is unlikely because the request that fetches the list of affiliates is constant to whether or not the seed request is made:

brave verification tool -

Right after the request to variations.brave.com is made, Brave fetches the list of affiliates through laptop-updates.brave.com. However, this connection is made whether or not the previous connection was made to begin with:

+

Right after the request to variations.brave.com is made, Brave fetches the list of affiliates through laptop-updates.brave.com.

custom headers

Brave makes a request to static1.brave.com every once and a while, which looks like it's used to fetch plugin information[4]? When I entered the url into the browser to explore, I was directed to Google's error 404 page[9]. This seems kind of unsettling to me that one of Brave's domains would do this:

static brave From ad84a861eb31a4486424af86a5b4468d0c26fbe8 Mon Sep 17 00:00:00 2001 From: Baobab Date: Tue, 29 Dec 2020 18:32:33 +0100 Subject: [PATCH 2/2] added missing sentence --- articles/brave.html | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/articles/brave.html b/articles/brave.html index 3ab0e3b..10fd48d 100644 --- a/articles/brave.html +++ b/articles/brave.html @@ -50,7 +50,7 @@ brave spelling library

Brave on first run sends a request to variations.brave.com, which if I had to give a guess, has to do with the crypto aspect of the rewards program. It could also be some way of verifying the list of affiliates. The later is unlikely because the request that fetches the list of affiliates is constant to whether or not the seed request is made:

brave verification tool -

Right after the request to variations.brave.com is made, Brave fetches the list of affiliates through laptop-updates.brave.com.

+

Right after the request to variations.brave.com is made, Brave fetches the list of affiliates through laptop-updates.brave.com. As I've stated before, the previous request doesn't seem to be a requirement for this request.

custom headers

Brave makes a request to static1.brave.com every once and a while, which looks like it's used to fetch plugin information[4]? When I entered the url into the browser to explore, I was directed to Google's error 404 page[9]. This seems kind of unsettling to me that one of Brave's domains would do this:

static brave @@ -99,4 +99,4 @@ - + \ No newline at end of file