[HN Gopher] Brave Browser Hardening
___________________________________________________________________
Brave Browser Hardening
Author : CHEF-KOCH
Score : 54 points
Date : 2022-05-28 18:49 UTC (4 hours ago)
(HTM) web link (gitlab.com)
(TXT) w3m dump (gitlab.com)
| tomatowurst wrote:
| fswd wrote:
| Well, they pay me to use Brave.
| tomatowurst wrote:
| its not real money
| timbit42 wrote:
| Doesn't need to be as long as they can convert it to real
| money.
| GlassKingdom wrote:
| Until the pyramid scheme collapses and everyone loses
| their money.
| christophilus wrote:
| I don't use it, but if I did, I'd convert it to USD every
| month, so in your scenario, I'd end up missing out on my
| final month of payment. Not too shabby for zero work on
| my part. The only people who would lose their money are
| those who never cashed any out.
|
| Anyway, BAT seems like one of the more useful cryptos
| I've seen. Granted; that's a very low hurdle.
| TedDoesntTalk wrote:
| Genuine question. Can you explain how the BAT coin and
| system is a pyramid scheme? I don't know enough about how
| BAT works.
| ea550ff70a wrote:
| The "not real money" I'm somehow able to convert to USD and
| transfer to my bank account after claiming my rewards every
| month without having to put a single dollar into their
| system.
| DonHopkins wrote:
| Browsers should't be get-rich-quick crypto pyramid schemes.
| ea550ff70a wrote:
| You don't need to put a single dollar into Brave's BAT in
| order to get paid in them when volunteering to get ads from
| their ad system (which companies pay for btw). You can
| easily sell them for hard cash. Your pyramid scheme example
| doesn't work here buddy.
| GlassKingdom wrote:
| The browser does a man-in-the-middle attack on webpages.
| It's sketchy, dodgy and scammy. It was bad when they
| introduced it, but in 2022 it completely indefensible.
| ea550ff70a wrote:
| I don't think you understand what a man in the middle is
| or how it works at the browser engine level but sure keep
| repeating it.
| [deleted]
| bubersson wrote:
| Nice tutorial. It takes some work, but all that crypto stuff can
| be disabled in Brave and then it works really well blocking ads
| and trackers...
| FargaColora wrote:
| Rather than disabling all the crypto, why not use a browser
| that isn't infected with it in the first place?
| WithinReason wrote:
| Read the second half of the comment you're replying to
| SapporoChris wrote:
| Actually it's addressed in the linked posting.
|
| Hardening does not start at choosing the right tools or
| networks, hardening begins with gathering information to
| inform yourself and others in order to stay up-to-date so
| that you can deal with current and upcoming threats. Tools,
| extensions and Co. are just a workaround until someone
| build the right system, that starts by voting and
| supporting the right politicians and organizations.
| behnamoh wrote:
| this type of stuff makes me wonder if there really ever was any
| browser that truly cared about privacy.
|
| firefox has gone down the hill and last week I switched to Brave.
| but hardening Brave isn't the ultimate solution as lots of things
| will break in future updates.
| heliostatic wrote:
| I've been happy with Orion. Mac only, but solid and improving:
| https://browser.kagi.com/
| kylehotchkiss wrote:
| There's still safari!!
| imwillofficial wrote:
| Arguably doing the most to protect user privacy.
| rufugee wrote:
| What is Safari doing that Firefox isn't? I find multi-
| account containers in Firefox to be indispensable. Does
| Safari do something similar?
| behnamoh wrote:
| Nope! https://privacytests.org/
| nyanpasu64 wrote:
| LibreWolf is a Firefox fork/mod which actually respects privacy
| in my usage (if you trust it to be non-malicious). It enables
| privacy features, and turns off Firefox-bundled ads and studies
| and telemetry.
|
| I had to turn off fission.autostart on an old machine with 4
| gigabytes of RAM (and maybe decrease content processes to 1),
| to make it use less RAM.
| timbit42 wrote:
| LibreWolf?
| timbit42 wrote:
| LibreWolf?
|
| Source: https://privacytests.org/
| agilob wrote:
| A fork of a browser that is already known from poor security
| history
| cinntaile wrote:
| What's wrong with Firefox?
| sh4un wrote:
| generalizations wrote:
| Last I checked (6 mos ago), it had memory leaks and it was
| slow. I could leave my chrome/brave tabs open for a week
| while I worked on a project, but firefox had to be killed and
| restarted daily or it would eat all my RAM and swap.
|
| That being said, I made do with it for years because I love
| the tree tabs plugin and the containers. But 6 months ago I
| finally gave up on it.
| cinntaile wrote:
| The parent made it sound like the privacy side of Firefox
| was slipping, so I was hoping he could talk about any
| specifics.
| behnamoh wrote:
| I had to add a lot to my user.js (or about:config) just
| to avoid Mozilla's shady telemetry and diagnostics. If
| you google it, there's even Hardended Firefox...
| cinntaile wrote:
| Can't you just uncheck the telemetry box in the settings?
| I don't get what is shady about it though, you can see
| what is being sent (about:telemetry) and they tell you
| it's on by default.
| timbit42 wrote:
| I run Firefox for two months at a time with no memory leak
| issues. I have 6 Firefox windows open at all times with
| over 200 tabs open and over 300 tabs open at once at points
| during the day. Right now it's using 3.5GB of RAM. The only
| reason I don't run it longer than two months that is I need
| to reboot for OS updates. This is on Debian.
| ipaddr wrote:
| On my Ubuntu firefox can do the same. On windows 7 it
| falls apart.
| gtvwill wrote:
| Lol why are you still using win7? Uses an outdated os
| that is no longer supported. But doesn't attribute
| programs playing up to that? Mate. Win7 is your problem
| get off that.
| rejectfinite wrote:
| Not true in my experience on Windows.
|
| I find Firefox handles many tabs better than Chrome.
| gtvwill wrote:
| That's your computer bud not Firefox.
| Frotag wrote:
| Personally I've seen the opposite: video sites on Chromium
| that would eat up 300MB+ and an additional 1~3MB of leaked
| mem per action. Whereas the same site on FF would happily
| sit at 20~30MB.
| fsflover wrote:
| See also: https://news.ycombinator.com/item?id=31538482.
| Layke1123 wrote:
| Anyone ever consider the possibility that crypto isn't needed in
| a society that is based on trust, and if we all trusted each
| other, then none of this is necessary? It is almost as if the
| powers that be want crypto because they don't trust anyone, and
| therefore perpetuates the problem of needless abstraction?
| [deleted]
| Analemma_ wrote:
| Western countries are rapidly moving from being high-trust to
| low-trust societies. The reasons for this are multifaceted,
| complex, and self-reinforcing, and it isn't likely that the
| trend will be reversed any time soon. Certainly not within our
| lifetimes. So we can either stick our heads in the sand about
| it, or develop technologies to deal with it as best we can. I'm
| not a crypto fan myself, but I understand why it exists and why
| it will probably be increasingly important as time goes on.
| Layke1123 wrote:
| No one will ever trust a completely trustless coin, because
| if you can't trust each other, putting trust in an abstract
| concept isn't exactly a winning solution.
|
| Human trust matters, not mathematical trust.
| FargaColora wrote:
| LMYahooTFY wrote:
| How is it absurd? Do you have any technical explanation to back
| this up? Because it sounds a bit absurd.
| schroeding wrote:
| OT, but it's kinda crazy how cryptocurrencies totally hijacked
| the word "crypto", which may cause confusion for years to come.
|
| Like in the sibling comments that confuse it with cryptography-
| crypto :D
| mixedCase wrote:
| That doesn't make the slightest lick of sense to me. Can you
| elaborate how cryptocurrencies compromise browser security?
| gruez wrote:
| It doesn't. My guess is that some people find crypto icky,
| and their thinking is that if the browser vendor is doing an
| icky thing they can't be trusted to keep the browser secure.
| dustyharddrive wrote:
| but you need TLS!
| luto wrote:
| I think they are referring to cryptocurrency, not
| cryptography in general.
| Taywee wrote:
| How is HTTPS supposed to work without crypto?
| timbit42 wrote:
| I think they are referring to cryptocurrency, not
| cryptography in general.
| [deleted]
| ea550ff70a wrote:
| Get used to it. Crypto related stuff is only getting more
| influential and adopted. Current prices don't mean anything.
| Use case and utility of some of them is where it's at. BAT from
| Brave is a good example of a practical application for an
| alternative ad system. I have been using Brave with the BAT
| option enabled for over a year and even though I started as a
| skeptic, I can now say it works relatively well. Is it perfect?
| No, there a some bugs in their UI for them. Does it accomplish
| the objectives it was designed for? Definitely. But the most
| important part at the end of the day is having the option to
| participate or not. I don't mind seeing an ad every once in a
| while specially if I can get a cut of how much it cost to
| display that ad to me.
| GlassKingdom wrote:
| It uses a MITM attack to inject Cryptocurrency span into
| webpages. Sorry, it's indefensible. Nobody is going to "get
| used to" the modern equivalent of viruses, especially when
| non-infected browsers are available.
| ea550ff70a wrote:
| Adoption metrics say otherwise on both their browser and ad
| system but sure.
| gruez wrote:
| >It uses a MITM attack to inject Cryptocurrency span into
| webpages
|
| Are we talking about the opt-in ads (which might contain
| "Cryptocurrency span") or the affiliate codes (which are
| injected into pages you've already decided to visit)?
| gtvwill wrote:
| Man any browser trying to pass off it being acceptable to
| inject affiliate codes in links just because you were
| going there anyways is some serious red flags and you
| should end that relationship promptly.
|
| Brave is truly capitalist cancer in browser form. I
| thought we killed off IE & Netscape. Turns out they had a
| kid.
| ea550ff70a wrote:
| Damn if you think any of that is problematic (which is
| not because you can opt out, and by default is not
| enabled), specially from the "capitalist cancer" pov wait
| until you hear about this obscure browser called Chrome
| from a company you might have heard called Google.
|
| Edit: Forgot to mention, they stopped injecting the links
| 2 years ago as they claim it was a mistake (maybe, maybe
| not, but for sure not the case right now) ->
| https://brave.com/referral-codes-in-suggested-sites/.
| [deleted]
| WithinReason wrote:
| Brave's way of using cryptocurrencies is the only good use of
| crypto I know of. (There are probably others)
___________________________________________________________________
(page generated 2022-05-28 23:00 UTC)