cross-posted from: https://sh.itjust.works/post/5572424

This might have been discussed to death by now, unfortunately I couldn’t find any discussion on it on Lemmy. Though I would love to be corrected on that!


How does an always on incognito Chromium with uBlock Origin on medium mode (and other hardening/privacy settings enabled) compare to Brave (with e.g. Privacy Guides’ recommended settings) with respect to security and privacy on Linux[1]?

Commonly heard whataboutisms:

  • “With the looming advent of Manifest v3, this discussion might not be very relevant for long.” I’m aware.
  • “Just use Firefox/Librewolf or any other privacy-conscious browser that isn’t Chromium-based.” I already do, but some websites/platforms don’t play nice on non-Chromium-based browsers due to Google’s monopoly on the web. Sometimes I can afford to not use that website/platform, but unfortunately not always.
  • “Brave’s [insert controversy] makes them unreliable to take services from.” Honestly, I think that if both solutions are as effective that a reason like this might be sufficient to tip the balance in favor of one. Because ultimately this all comes down to trust.
  • "Just use Ungoogled Chromium." Some more knowledgeable people than me advice against it. Though, I’d say I’m open to hear different opinions on this as long as they’re somewhat sophisticated.
  • “Just use [insert another Chromium-based browser].” If it has merits beyond Brave and Chromium with respect to security and privacy, I’ll consider it.

Thanks in advance!


  1. I can be more specific about which distro I prefer using, but I don’t think it matters. I might be wrong though*.
@bug@lemmy.one
link
fedilink
English
71Y

Cromite is a fork of the seemingly-abandoned Bromite, which used to be the only browser recommended by GrapheneOS (other than their own Vanadium). It’s relatively new though so I don’t think that much has been written about it for comparison.

t0m5k1
link
fedilink
English
21Y

Chromite/Bromite is primarily an android browser, even on windows it looks and behaves just like a mobile app.

Whilst I like the feature set as an alternative to Brave the fact they refuse to fix the PWA situation as it’s “Of no interest” to the dev is a no go for me.

@bug@lemmy.one
link
fedilink
English
11Y

Ah, I missed the part in the OP where it said “Linux”, whoops

Thanks a lot for mentioning this! I didn’t know someone took over the good work from Bromite. I’ll definitely check into it! Am I correct to assume that (like Bromite), this is a browser exclusively meant to be used on Android devices? I guess I might get it to work on Waydroid as well, not sure if I would like to commit to that yet though. Nonetheless, this input of yours has been much appreciated!

@bug@lemmy.one
link
fedilink
English
11Y

Ah, I missed the part where you said “Linux”, sorry!

Lemongrab
link
fedilink
English
31Y

Iirc cromite supports Android and windows ATM. Check the repo here: https://github.com/uazo/cromite

Updating using obtanium works good.

@qwert230839265026494@sh.itjust.works
creator
link
fedilink
English
1
edit-2
1Y

No Linux, I feel left out 😭. Though it would be awesome if I could get it working in Wine (read: Bottles).

Update: I wasn’t able to make it work in Wine. I assumed the chrome.exe file was the browser. Though, I might be wrong. I would love others to chime in on this!

Lemongrab
link
fedilink
English
11Y

Yea I get it. I have to use ungoogled instead

@Carter@feddit.uk
link
fedilink
English
91Y

Brave is a buggy browser from a scummy company.

t0m5k1
link
fedilink
English
11Y

I’ve only ever had issues with the sync feature. I see many people have issues with rewards but I’m not into monetisation and have always just disabled the rewards part of it.

Brave is a buggy browser

Honestly my experience on Brave (on Fedora) hasn’t been great 😅. So I can definitely attest to that. I’m willing to deal with it as long as its merits are substantial, which so far seem to be the case 😭. But thank you for confirming that I’m not the only that has experienced difficulties while using it!

@jet@hackertalks.com
link
fedilink
English
81Y

https://www.privacyguides.org/en/desktop-browsers/

The privacy guides article does discuss brave in detail.

t0m5k1
link
fedilink
English
4
edit-2
1Y

I’ve used brave since it came out. I use tampermonkey, edit this cookie and bitwarden extensions. Additionally I use pihole/unbound+roothints.

I tend not to let Brendan’s controversies affect my choice because if I did I’d have to avoid JavaScript.

Brave provides me with a more secure chrome with extra bells and whistles. I’m a heavy user of app windows as I refuse to use electron based apps due them being pure chrome. When other browsers do this with the same protection as brave I’ll consider moving.

Brendan’s Brave’s controversies

I assume?

app widows

A google search didn’t give me any useful pointers. Did you perhaps meant to convey PWAs?

t0m5k1
link
fedilink
English
31Y

I mentioned Brendan specifically because people like to lump in his flaws as reasons for not using brave in these discussions.

Yes I was referring to pwa’s, ssb’s, app windows, whatever you want to call them. Firefox used to have xulrunner and prism to provide them but now Firefox doesn’t provide a way other than a JavaScript popup via bookmarklet.

@qwert230839265026494@sh.itjust.works
creator
link
fedilink
English
2
edit-2
1Y

I mentioned Brendan specifically because people like to lump in his flaws as reasons for not using brave in these discussions.

True. His name didn’t stick with me as his controversies and the fact that he is co-founder and CEO of Brave weren’t necessarily reasons I would forego Brave for. Feelings have to be put aside IMO in favor of merits.

Firefox used to have xulrunner and prism to provide them but now Firefox doesn’t provide a way other than a JavaScript popup via bookmarklet.

It’s really unfortunate that Firefox did this. This is actually one of the reasons why I like to have a Chromium-based browser around. I might eventually switch over to Epiphany for that.

t0m5k1
link
fedilink
English
1
edit-2
1Y

I’ve not used GNOME for over a decade and have not used GNOME web(epiphany) for even longer lol. I’ll stick with brave as it fits my needs.

Fair 👍.

@Boomkop3@reddthat.com
link
fedilink
English
51Y

Ungoogled chromium isn’t as bad as the post makes it seem. Most of the described issues aren’t a risk on any modern operating system, and a quick google search finds you an extension that re enables updates and the chrome web store

@Boomkop3@reddthat.com
link
fedilink
English
21Y

I’m not at my pc rn, but that looks like the one I’m running. Tho the updates are semi auto according to the readme

furzegulo1312
link
fedilink
English
111Y

firefox/librewolf

@qwert230839265026494@sh.itjust.works
creator
link
fedilink
English
9
edit-2
1Y

firefox/librewolf

“Just use Firefox/Librewolf or any other privacy-conscious browser that isn’t Chromium-based.” I already do, but some websites/platforms don’t play nice on non-Chromium-based browsers due to Google’s monopoly on the web. Sometimes I can afford to not use that website/platform, but unfortunately not always.

😅. Thanks anyways 👍.

@nutbutter@discuss.tchncs.de
link
fedilink
English
6
edit-2
1Y

I have only seen people saying this, but have never come across such a website that does not work properly on Firefox.

I have only seen the issue that Jitsi does not support e2ee on Firefox.

Just a few days ago I tried to pay for flight tickets on flypgs.com. Multiple attempts on Firefox didn’t work, while the first attempt on a Chromium-based one did. It might have been a fluke, but every so often issues like these do happen. And for some reason switching the browser does bear a positive result. YMMV though.

@empireOfLove@lemmy.one
link
fedilink
English
1
edit-2
1Y

Change your user agent to Chrome/Windows. 99% of the time, weirdness will go away.

I have daily driven Firefox for about 8 years now. There is exactly 1 (one) site that I’ve had not work in FF because of an actual incompatibility that user agent switching didn’t fix. Is one single site worth feeding Google’s monopoly?

@Genghis@monero.town
link
fedilink
English
8
edit-2
1Y

deleted by creator

because of the built-in adblocker so the fingerprinting is minimized between users and reduces the attack surface

First time hearing that, thanks for mentioning that!

Reversed Cookie
link
fedilink
English
231Y

TL;DR: Basically, Brave has a lot of protections which vanilla chromium doesn’t have (Bounce tracking, Fingerprinting, etc.) or uBlock Origin which includes, Brave also removed a lot of trash like the Privacy Sandbox thing, etc. Also Brave announced on X/Twitter that they will continue supporting MV2, Chromium won’t. Brave is the best chromium-based privacy focused browser you can get currently, if you rly don’t like Brave, Vivaldi would be a good alternative, but is weaker than Brave, since it includes not all the protections or alternatives which Brave has.

Bounce tracking

TIL.

Fingerprinting

Gosh, I can’t believe I forgot about Brave’s excellent implementation of fingerprint-spoofing.

Also Brave announced on X/Twitter that they will continue supporting MV2, Chromium won’t.

This is a big thing. Thank you for mentioning that!

if you rly don’t like Brave

I’ve actually for the longest time used Brave as my go-to Chromium-based browser, but it seems as if the support on Linux leaves a lot to be desired. I don’t understand for example why it just isn’t included in the repos of Arch, Debian, Fedora, openSUSE, Ubuntu etc. Sure; the AUR has it -also available as a not up to date nixpkg-, but the others have to either download the .deb or rpm package (which is undesirable due to inability to keep it updated at all times) OR rely on Brave’s own repos, that somehow borks itself every once in a while. Which actually just happened a couple of days ago on my device*. I’m on Fedora Silverblue, so it was already quite hacky to get Brave from its own repos. But due to the repos borking themselves, I didn’t get any automatic system updates at all for the last couple of days. I only noticed it yesterday when I did my weekly manual update. Perhaps I should setup something that notifies me when the automatic system update fails, but I’ll prefer if the repos I rely on don’t call it quits whenever they feel like it. Apologies for my rant*.

Vivaldi would be a good alternative, but is weaker than Brave, since it includes not all the protections or alternatives which Brave has.

Would you say that Vivaldi is (at least) better than Chromium for security and privacy?

@chenxiaolong@lemm.ee
link
fedilink
English
11Y

I don’t understand for example why it just isn’t included in the repos of Arch, Debian, Fedora, openSUSE, Ubuntu etc.

For the most part, these distros all require that packages are built from source vs. repackaging prebuilt binaries. While Brave is open source, if you compile it yourself, you’ll be missing tons of API keys for accessing Brave’s services: https://github.com/brave/brave-browser/wiki/Build-configuration. While I suspect most folks wouldn’t care if eg. the cryptocurrency things stopped working, other things that break include Brave Sync and the downloading of the adblocker filter lists.

Brave currently does not provide a way for 3rd parties to generate API keys to access these services: https://community.brave.com/t/does-brave-allow-the-distribution-of-self-compiled-or-distro-compiled-binaries/457833. Outside of reverse engineering their prebuilt binaries to extract the API keys, you’re pretty much out of luck (if you care about these features working).

For websites that only work in Chromium, I’ve switched to just using plain old Chromium from Fedora’s repos. Being able to build the browser from source without losing features is pretty important to me (eg. I rebuild Fedora’s Chromium with the patches for enabling hardware video decoding on Wayland).

NaN
link
fedilink
English
21Y

Aur is just repackaging the official Debian package, that’s a very straightforward process. Most distro repositories don’t work that way, they build the binaries themselves. Some interested party would need to put in the work.

Most distro repositories don’t work that way, they build the binaries themselves.

Interesting. Is this a matter of trust?

Reversed Cookie
link
fedilink
English
31Y

Would you say that Vivaldi is (at least) better than Chromium for security and privacy?

Yes, definitly. For example they removed completly the privacy sandbox stuff from the chromium code and also includes some additional privacy protections.

Aight, I’ll look into it. Much appreciated!

Reversed Cookie
link
fedilink
English
11Y

You’re welcome

Clay_pidgin
link
fedilink
English
11Y

I’m very happy with Vivaldi as a long time Opera main. (I followed the devs over from Opera) I’m not smart enough to talk about the privacy benefits, though.

@qwert230839265026494@sh.itjust.works
creator
link
fedilink
English
2
edit-2
1Y

Thanks for chiming in! I do think that Vivaldi is excellent in some regards. However, it seems that they don’t apply all security related updates every release, which obviously affects security negatively. Thus, making me less enthusiastic to use it. I was about to install it when I read up on that…

t0m5k1
link
fedilink
English
3
edit-2
1Y

I use arch-btw so I get brave from aur, on other Linux distros the way to get brave is via flatpak if the provided repos are borked for you.

on other Linux distros the way to get brave is via flatpak if the provided repos are borked for you.

I would love to use the flatpak if it was endorsed. Privacy Guides says the following about it:

“We advise against using the Flatpak version of Brave, as it replaces Chromium’s sandbox with Flatpak’s, which is less effective. Additionally, the package is not maintained by Brave Software, Inc.”

t0m5k1
link
fedilink
English
21Y

Yes, I could say come to arch but you seem happy in fedora 😉

Hehe :P . True dat. Maybe one day ;) . Perhaps I’ll just spin up a distrobox in order to get access to Brave through the AUR, but this (excellent) article has worsened my already bad paranoia to clearly unhealthy levels 🤣. So, it seems out of question for now 😅. Though I might be able to spin it up in a Wolfi container. Pessimism doesn’t help though 🤣.

t0m5k1
link
fedilink
English
31Y

Man you’ve gone down a security worm hole that makes me wonder if you should really be running qubes-OS rather than Fedora 🤣.

Seriously if you need more than the chromium sandbox for brave and want simplicity just use firejail.

The article you linked to is a wonderfully detailed write up but it is more geared towards those using containers that will be providing services (web, sql, etc) if you just want a browser in a secure container then any of the implementations will be fine for you. The browser is not a vector used to gain access to your OS directly but what you download potentially is so with that in mind your downloads folder should really be a CLAMFS folder or a target folder for on-access scanning by clamav.

Man you’ve gone down a security worm hole that makes me wonder if you should really be running qubes-OS rather than Fedora 🤣.

Hahaha 🤣. Honestly I would, if my device could handle.

Seriously if you need more than the chromium sandbox for brave and want simplicity just use firejail.

Madaidan strikes (yet) again. F*ck my paranoia…

The article you linked to is a wonderfully detailed write up but it is more geared towards those using containers that will be providing services (web, sql, etc) if you just want a browser in a secure container then any of the implementations will be fine for you. The browser is not a vector used to gain access to your OS directly but what you download potentially is so with that in mind your downloads folder should really be a CLAMFS folder or a target folder for on-access scanning by clamav.

Very interesting insights! Thank you so much! Would you happen to know of resources that I might refer to for this?

Create a post

In the digital age, protecting your personal information might seem like an impossible task. We’re here to help.

This is a community for sharing news about privacy, posting information about cool privacy tools and services, and getting advice about your privacy journey.


You can subscribe to this community from any Kbin or Lemmy instance:

Learn more…


Check out our website at privacyguides.org before asking your questions here. We’ve tried answering the common questions and recommendations there!

Want to get involved? The website is open-source on GitHub, and your help would be appreciated!


This community is the “official” Privacy Guides community on Lemmy, which can be verified here. Other “Privacy Guides” communities on other Lemmy servers are not moderated by this team or associated with the website.


Moderation Rules:

  1. We prefer posting about open-source software whenever possible.
  2. This is not the place for self-promotion if you are not listed on privacyguides.org. If you want to be listed, make a suggestion on our forum first.
  3. No soliciting engagement: Don’t ask for upvotes, follows, etc.
  4. Surveys, Fundraising, and Petitions must be pre-approved by the mod team.
  5. Be civil, no violence, hate speech. Assume people here are posting in good faith.
  6. Don’t repost topics which have already been covered here.
  7. News posts must be related to privacy and security, and your post title must match the article headline exactly. Do not editorialize titles, you can post your opinions in the post body or a comment.
  8. Memes/images/video posts that could be summarized as text explanations should not be posted. Infographics and conference talks from reputable sources are acceptable.
  9. No help vampires: This is not a tech support subreddit, don’t abuse our community’s willingness to help. Questions related to privacy, security or privacy/security related software and their configurations are acceptable.
  10. No misinformation: Extraordinary claims must be matched with evidence.
  11. Do not post about VPNs or cryptocurrencies which are not listed on privacyguides.org. See Rule 2 for info on adding new recommendations to the website.
  12. General guides or software lists are not permitted. Original sources and research about specific topics are allowed as long as they are high quality and factual. We are not providing a platform for poorly-vetted, out-of-date or conflicting recommendations.

Additional Resources:

  • 1 user online
  • 1 user / day
  • 48 users / week
  • 83 users / month
  • 415 users / 6 months
  • 1 subscriber
  • 679 Posts
  • 11.2K Comments
  • Modlog