drduh / macOS-Security-and-Privacy-Guide

Guide to securing and improving privacy on macOS

Home Page:https://drduh.github.io/macOS-Security-and-Privacy-Guide/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Brave Browser?

etlovett opened this issue · comments

Have you thought about including some mention of the new Brave browser? It may well still be too early in the product's lifespan to be able to fully judge its security and security practices, and it falls under your catch-all statement "Do not use other Chromium-derived browsers", but if nothing else the sheer weight of technical web expertise behind it (most notably @BrendanEich) probably makes it worthy of consideration. I searched through the other issues and didn't see any mention, so I figured I'd open this as an FYI.

(Thanks for putting this repo together!)

commented

I'm interested to hear others' thoughts about this software. I have said in another issue - I don't claim to be an expert in Web browser security and have relied on my limited, subjective experience only thus far - in which Chrome/Chromium are decided to be most secure.

According to Wikipedia, Brave Software has enlisted the help of recognized experts for development. They even claim to "use all-open source" on their home page. But whether the code quality and resulting product is good enough to recommend as your primary browser is unknown to me. I hope someone will have time to conduct an independent audit and let us know here.

I gave it a spin, and found no reason to prefer it over Chromium with privacy-oriented extensions. It's also lacking some core features and settings. That said, I expect it to get much better over time, perhaps faster at blocking hosts/ads/tracking than the JS approach of extensions.

For what it's worth, from a security perspective Brave is not sandboxed, much like Firefox. Brave is based on Electron, which was mostly meant to be used for making text editors (ex. Github's Atom and Microsoft's Code). They haven't identified any security improvements, just some possible privacy changes, but as I understand it, their main goal is not to remove ads, but to replace them. It seems to be a similar business model as Adblock Plus (ie. fork who advertisers pay).

A few people are from the EFF and I think one made the NoScript plugin so this is definitely worth checking out I don't think it's another browser with no features besides ad removal. I'm definitely going to be trying this out.