neko
/
SpywareWatchdog
mirror of https://codeberg.org/shadow/SpywareWatchdog.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
SpywareWatchdog/articles/brave.html

118 lines
9.4 KiB
HTML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<!DOCTYPE HTML>
<html lang=”en-us”>
<head>
<link rel="stylesheet" href="/style.css">
<meta charset="UTF-8">
<title>Spyware Watchdog</title>
</head>
<body>
<h1>Brave Browser</h1>
<p><a href="/articles">Back to catalog</a></p>
<img src="/images/brave_logo.png" alt="Brave logo">
<p>
Brave Browser is a Chromium fork with many interesting features not found elsewhere, such as built-in Adblock and other extensions, fingerprinting protection, cleaner Preferences menu than other Chrome forks, and the (opt-in) ability to automatically support (pay) the websites you visit. The developers describe it as</P><p><i>"A browser with your interests at heart."</i><sup><a href="#1">[1]</a></sup></p><p>, and the built-in privacy protections would seem to agree with that, but let's see how it stacks up when we take everything into account.
</p>
<h2>Spyware Level: <font color=orange>High</font></h2>
<p>
Auto-updates that can be turned off only by hacky workarounds. <a href="/articles/google.html">Google</a> as default search engine. Analytics on Brave's home page. Two other requests made at each start of Brave. Whitelisting spyware from Facebook and Twitter.<sup><a href="#5">[5]</a></sup> Has some decent privacy protections built in, but uMatrix is still better. Some privacy features are there by default, but, it's still trying to work with advertisers (same as Mozilla did with their Sponsored Tiles). Despite claiming to be <i>"A browser with your interests at heart."</i><sup><a href="#1">[1]</a></sup>, it has <a href="/articles/google.html">Google</a> as default search engine, as well as shitty forced updates. Anyway, despite the privacy protections, you should stay away from this browser - it seems to have a "mission" to switch the internet to its version of "user-respecting" ads, (we know how that turned out for Mozilla), and that's slimy and suspicious. Beyond that it has repeatedly shown itself to be dishonest and disingenuous about what it's mission and goals and operations are.
</p>
<h3>Whitelisting spyware from Facebook and Twitter</h3>
<p>
On it's website, Brave claims that <i>"Brave fights malware and prevents tracking, keeping your information safe and secure. Its our top priority."</i><sup><a href="#6">[6]</a></sup>. Yet despite this claim, Brave actually <b><font color=red>disables</font></b> its tracking protections for Facebook and Twitter's spyware
scripts that allow them to track people across the web.<sup><a href="#5">[5]</a></sup> Brave's spyware protections, and any claims that it makes to work in the interests of
it's users, <b><font color=orange>cannot be taken seriously.</font></b> Brave is actively working <b><font color=red>against its users</font></b> while lying to them about
supposed privacy protections that it offers. This problem becomes even more serious when you take into account Brave's response to this situation:
</p>
<p><i>
"Loading a script from an edge-cache does not track a user without third-party cookies or equivalent browser-local storage, which Brave always blocks and always will block. In other words, sending requests and receiving responses without cookies or other means of identifying users does not necessarily create a tracking threat."
</i><sup><a href="#7">[7]</a></sup></p>
<p>
This statement is just, <b><font color=red>completely wrong</font></b>. Just because a website isn't able to store cookies, does not mean that it cannot uniquely identify you. Executing JavaScript spyware from Facebook and Twitter is <b>more than enough.</b> Blocking cookies is not going to stop them from tracking you. This isn't even information that is difficult to verify. There are many websites that you can visit, right now, to see just how much information a JavaScript program designed to track you can get. Here are a few:
<br>
<a href="https://browserleaks.com/">https://browserleaks.com/</a><br>
<a href="https://panopticlick.eff.org/">https://panopticlick.eff.org/</a>
</p>
<h3>Auto-updates</h3>
<p>
Brave will check for updates every time you run it, and you CANNOT turn it off (except through fiddling with DNS and such) ! What is the devs' answer? From their GitHub page<sup><a href="#2">[2]</a></sup>: </p>
<p><i>"We don't plan on adding in UI to disable updates, but users can easily adjust environment variables if they really want to put themselves at risk."</i></p>
<p>and</p>
<p><i>"i feel that being able to figure out how to do this is a sufficiently high bar for users who want to turn off autoupdating (to prove they know what they're doing and understand the security implications)"</i></p>
<P>So according to the devs, you have to hunt down random internet comments to be able to disable auto-updating. Brave will also update what looks like the list of its "partners" every time you run it. <img src="/images/brave_partners.png">Extensions are also updated often.
</p>
<h3>Anti-privacy search engine by default</h3>
<p>
<a href="/articles/google.html">Google</a> is the default search engine of Brave, and the issues with it are well known and would take a book to describe them all.
</p>
<h3>Brave's start page contains analytics</h3>
<p>
Brave will connect to its home page, https://brave.com, automatically on the first run of Brave, and that page contains Piwik's analytics scripts. This is the full request: <img src="/images/brave_piwik.png">It will also make a connection to Google to download some fonts. You can disable these on subsequent runs by changing the start page.
</p>
<h3>Crash reports</h3>
<p>Enabled by default, but can be disabled from the preferences menu.</p>
<h3>Other requests</h3>
<p>Brave will make a connection to <img src="/images/brave_bat.png"> every time it is started up. It probably has something to do with their project of working with advertisers to provide more relevant targeted ads, which sounds pretty disgusting, but can be turned off ("Notify me about token promotions"). You can read more about it here<sup><a href="#3">[3]</a></sup>.It will also make this request: <img src="/images/brave_httpse.png">, which downloads the rulesets for HTTPS Everywhere.</p>
<h3>Brave's privacy protections</h3>
<p>Brave Browser also contains in-built privacy protections such as HTTPS Everywhere, AdBlock, cookie blocking, script blocking, and fingerprinting protections - that are configurable site by site. This is commendable of course, but in the end, uMatrix outclasses them. Trackers, for example, easily avoid pure AdBlock (so you will be tracked by Facebook and such), and binary script blocking breaks sites. Nice effort on Brave's part though, and the fingerprinting protection I don't think is found in any other browser (but I didn't confirm if it actually works).
</p>
<hr>
<h2>Credits</h2>
<p>
This article was written by <a href="https://digdeeper.neocities.org/">digdeeper.neocities.org</a><br>
Formatting changes were done by the site maintainer.
</p>
<hr>
<h2>Sources</h2>
<p>
<a name="1">1.</a>
<a href="https://brave.com">Brave's website</a>
<a href="https://web.archive.org/web/20180609070708/https://brave.com">[web.archive.org]</a>
<br>
<a name="2">2.</a>
<a href="https://github.com/brave/browser-laptop/issues/1877">How to stop autoupdate of brave?</a>
<a href="http://web.archive.org/web/20180530053311/https://github.com/brave/browser-laptop/issues/1877">[web.archive.org]</a>
<a href="https://archive.li/AJZr5">[archive.li]</a><br>
<a name="3">3.</a>
<a href="https://basicattentiontoken.org">Basic Attention Token</a>
<a href="https://web.archive.org/web/20180528161328/https://www.basicattentiontoken.org">[web.archive.org]</a>
<a href="http://wayback.archive-it.org/all/20180528161328/https://www.basicattentiontoken.org">[wayback.archive-it.org]</a><br>
<a name="4">4.</a>
<a href="https://laptop-updates.brave.com/promo/custom-headers">Laptop Headers</a>
<a href="http://web.archive.org/web/20190213015206/https://laptop-updates.brave.com/promo/custom-headers">[web.archive.org]</a>
<a href="https://archive.fo/ecx6L">[archive.fo]</a><br>
<a name="5">5.</a>
<a href="https://www.bleepingcomputer.com/news/security/facebook-twitter-trackers-whitelisted-by-brave-browser/">Facebook, Twitter Trackers Whitelisted by Brave Browser</a>
<a href="http://web.archive.org/web/20190213055618/https://www.bleepingcomputer.com/news/security/facebook-twitter-trackers-whitelisted-by-brave-browser/">[web.archive.org]</a>
<a href="https://archive.fo/X98Xz">[archive.fo]</a><br>
<a name="6">6.</a>
<a href="https://brave.com/features/">Brave Browser Features</a>
<a href="http://web.archive.org/web/20190124134301/https://brave.com/features/">[web.archive.org]</a><br>
<a name="7">7.</a>
<a href="https://brave.com/script-blocking-exceptions-update/">Script Blocking Exceptions Update</a>
<a href="http://web.archive.org/web/20190214034944/https://brave.com/script-blocking-exceptions-update/">[web.archive.org]</a>
<a href="http://archive.fo/Qopen">[archive.fo]</a><br>
</p>
<hr>
<p><b>
This article was last edited on 2/13/2019
</b></p>
<p><b>
This article was created on 5/7/2018
</b></p>
<p>
If you want to edit this article, or contribute your own article(s), email me at <a href="mailto:spyware@aaathats3as.com">spyware@aaathats3as.com</a>. All contributions must be liscenced under the CC0 liscence to be accepted.
</p>
<a href="https://creativecommons.org/publicdomain/zero/1.0/legalcode"><img src="/images/cc0.png" alt="CC0 Liscence"></a>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink