Remove Brave

[jonaharagon]

Honestly, I don't see any advantages to using Brave over either Firefox or Tor Browser for any conceivable use-case. The Brave team also clearly does not appreciate the free advertising (after requesting their addition to the site no less), so I'm not particularly inclined to keep petitioning for their inclusion 😆

With Firefox Quantum, the security benefits of using Chromium over Firefox are largely nonexistent nowadays. If anyone has points to the contrary I'd love to hear them, otherwise I'm good to see it go.

Resolves #161, Resolves #657, Resolves #649, Resolves #758. Reverts #78.

[netlify]

Deploy preview for privacytools-io ready!

Built with commit fa0416a

https://deploy-preview-1169--privacytools-io.netlify.com

[nitrohorse]

I agree; LGTM.

[blacklight447]

While I agree that is should no longer be included, shouldn't we open a last issue and poll the community in it?

[blacklight447]

as i commented above, before we merge, shouldn't we first poll the community?

[nitrohorse]

Community discussions:

• https://old.reddit.com/r/privacytoolsIO/comments/crq532/should_ptio_delist_brave/
• https://forum.privacytools.io/t/discussion-brave-browser-candidate-for-delisting/280/10

[jonaharagon]

...plus the 5 GitHub discussions linked in the OP.

[blacklight447]

Ive reached out to Daniel Micay about the sand boxing.
It seems the Firefox's sandbox is not universal, the Firefox on android has no sandbox at all outside of the default app sand boxing provided by the OS. Also Firefox's sandbox does not implement site isolation.

This is why chromium based browsers sandbox sadly still more secure then the one present in the current versions of Firefox. listing an chromium based alternative for security purposes might still be a good way to proceed now. however, brave still seems sketchy, so we should still replace it IMO. there seems to be no cross platform solution that's chromium based right now. That why first of all, we should start to split our browser recommendation in three sections: desktop, android and IOS. for which i would propose to recommend ungoogled chromium for desktop, and Bromite (i was tipped about this one by Daniel) for Android.

[mr-perseus]

Please check how often and fast the respective Chrome forks are updated. For example I checked out „Irdium“ a few weeks ago and it was based on a Chromium version released in April. Ungoogled Chromium is solo run by Eloston and while he is currently actively updating it, that could change at any time. Also he needs a few days to update it usually.

Brave pushes Chromium stable updates within hours, thats one reason why I like it. And I prefer a Chromium based browser over FF because of the sandboxing.

I just commented this so you don‘t recommend browsers which might have improved privacy but are a security nightmare.

[blacklight447]

Which exactly why i investigated and recommend that we keep chromium based browsers, the alternatives i mentioned are nowhere final and were just a few options i know at the top of my head that will require further investigation. after some chatting with the team over Wire, we came to a few conclusions:

First we will split the browser recommendations in 3 sections: android ios and desktop.
for android we will most likely list tor browser for android maybe Firefox focus/firefox and bromite (this last one was recommend by daniel micay) for ios we are looking into Snowhaze and onion browser. for desktop we keep Firefox and tor browser, while we are still searching for an chromium based alternative to Brave which is actively maintained. question now is: do we de-list brave and search for an alternative, or keep brave listed until we found an alternative. remember though that all of this is all future work which we will still need to investigate, non the options i listed above here is guaranteed to end up on the list.

[blacklight447]

After discussion with the team, we have decided to remove brave for now, and start researching alternatives for chromium on desktop. I will soon create a ticket for the above described redesign of the browser page.

[ciampolo]

I am one of the guys who suggested a Brave removal.

While it is true that Firefox has no real protection of its own there are two things to note here:

1. Chrome uses User namespaces to enable their sandbox which are beyond insecure and allow for so much retarded stuff to happen that couldn't ever happen without any sandbox at all (I don't know if it's still possible but you could get root rather easily just through JS explicitly thanks to Chromes use of User namespace as sandbox)
2. Any nix application run as a different user with proper rights set is more than enough of a sandbox. Put something like Firejail on top of it and this will stop virtually all attacks and it is without a doubt infinitely more secure more than running sandboxed Chrome under your own user.

Also a side note: I tried Brave again and main vectors I listed nearly a year ago are still fingerprintable; I said it a year ago I can only say it again this is either intentional cash grabbing ("buhh I'm Brendan and Mozilla hates me bc I hate the gays") or it is incompetency of the devs (@tomlowenthal @diracdeltas). You wanna tell me that after 4 years of developing you still dont care about those vectors ? Brendan being butthurt and as thus you being forced to use Chrome, while being a valid argument, would make it even more pathetic of you devs.

[Mikaela]

The user namespaces or an alternative to them are tracked in brave/brave-browser#3420.

Another potentially interesting side note, PRISM Break is considering Brave.

[digitalblossom]

May I ask why the community was polled when its response was mostly positive towards Brave, and then it was removed regardless?

It would be a poor decision to delist them

Delisting them would be pretty stupid

I think that's where Brave comes in good at

Brave makes sense for me

I think you should consider keeping brave

Fortunately, it’s completely open source

I think it’s almost ignorant we’re even having this debate when we’re trying to introduce people to privacy

It is a good option for who isn't extreme privacy focused

But if it comes to browsers for me it‘s brave at the moment

I don't advocate for brave to be removed from the recommended browser list on PTIO

Don't remove Brave

No, Brave shouldn't be delisted

[jonaharagon]

@digitalblossom was the community polled?

The reasons Brave was removed are in the original post.