[HN Gopher] Brave Browser Hardening ___________________________________________________________________ Brave Browser Hardening Author : CHEF-KOCH Score : 54 points Date : 2022-05-28 18:49 UTC (4 hours ago) (HTM) web link (gitlab.com) (TXT) w3m dump (gitlab.com) | tomatowurst wrote: | fswd wrote: | Well, they pay me to use Brave. | tomatowurst wrote: | its not real money | timbit42 wrote: | Doesn't need to be as long as they can convert it to real | money. | GlassKingdom wrote: | Until the pyramid scheme collapses and everyone loses | their money. | christophilus wrote: | I don't use it, but if I did, I'd convert it to USD every | month, so in your scenario, I'd end up missing out on my | final month of payment. Not too shabby for zero work on | my part. The only people who would lose their money are | those who never cashed any out. | | Anyway, BAT seems like one of the more useful cryptos | I've seen. Granted; that's a very low hurdle. | TedDoesntTalk wrote: | Genuine question. Can you explain how the BAT coin and | system is a pyramid scheme? I don't know enough about how | BAT works. | ea550ff70a wrote: | The "not real money" I'm somehow able to convert to USD and | transfer to my bank account after claiming my rewards every | month without having to put a single dollar into their | system. | DonHopkins wrote: | Browsers should't be get-rich-quick crypto pyramid schemes. | ea550ff70a wrote: | You don't need to put a single dollar into Brave's BAT in | order to get paid in them when volunteering to get ads from | their ad system (which companies pay for btw). You can | easily sell them for hard cash. Your pyramid scheme example | doesn't work here buddy. | GlassKingdom wrote: | The browser does a man-in-the-middle attack on webpages. | It's sketchy, dodgy and scammy. It was bad when they | introduced it, but in 2022 it completely indefensible. | ea550ff70a wrote: | I don't think you understand what a man in the middle is | or how it works at the browser engine level but sure keep | repeating it. | [deleted] | bubersson wrote: | Nice tutorial. It takes some work, but all that crypto stuff can | be disabled in Brave and then it works really well blocking ads | and trackers... | FargaColora wrote: | Rather than disabling all the crypto, why not use a browser | that isn't infected with it in the first place? | WithinReason wrote: | Read the second half of the comment you're replying to | SapporoChris wrote: | Actually it's addressed in the linked posting. | | Hardening does not start at choosing the right tools or | networks, hardening begins with gathering information to | inform yourself and others in order to stay up-to-date so | that you can deal with current and upcoming threats. Tools, | extensions and Co. are just a workaround until someone | build the right system, that starts by voting and | supporting the right politicians and organizations. | behnamoh wrote: | this type of stuff makes me wonder if there really ever was any | browser that truly cared about privacy. | | firefox has gone down the hill and last week I switched to Brave. | but hardening Brave isn't the ultimate solution as lots of things | will break in future updates. | heliostatic wrote: | I've been happy with Orion. Mac only, but solid and improving: | https://browser.kagi.com/ | kylehotchkiss wrote: | There's still safari!! | imwillofficial wrote: | Arguably doing the most to protect user privacy. | rufugee wrote: | What is Safari doing that Firefox isn't? I find multi- | account containers in Firefox to be indispensable. Does | Safari do something similar? | behnamoh wrote: | Nope! https://privacytests.org/ | nyanpasu64 wrote: | LibreWolf is a Firefox fork/mod which actually respects privacy | in my usage (if you trust it to be non-malicious). It enables | privacy features, and turns off Firefox-bundled ads and studies | and telemetry. | | I had to turn off fission.autostart on an old machine with 4 | gigabytes of RAM (and maybe decrease content processes to 1), | to make it use less RAM. | timbit42 wrote: | LibreWolf? | timbit42 wrote: | LibreWolf? | | Source: https://privacytests.org/ | agilob wrote: | A fork of a browser that is already known from poor security | history | cinntaile wrote: | What's wrong with Firefox? | sh4un wrote: | generalizations wrote: | Last I checked (6 mos ago), it had memory leaks and it was | slow. I could leave my chrome/brave tabs open for a week | while I worked on a project, but firefox had to be killed and | restarted daily or it would eat all my RAM and swap. | | That being said, I made do with it for years because I love | the tree tabs plugin and the containers. But 6 months ago I | finally gave up on it. | cinntaile wrote: | The parent made it sound like the privacy side of Firefox | was slipping, so I was hoping he could talk about any | specifics. | behnamoh wrote: | I had to add a lot to my user.js (or about:config) just | to avoid Mozilla's shady telemetry and diagnostics. If | you google it, there's even Hardended Firefox... | cinntaile wrote: | Can't you just uncheck the telemetry box in the settings? | I don't get what is shady about it though, you can see | what is being sent (about:telemetry) and they tell you | it's on by default. | timbit42 wrote: | I run Firefox for two months at a time with no memory leak | issues. I have 6 Firefox windows open at all times with | over 200 tabs open and over 300 tabs open at once at points | during the day. Right now it's using 3.5GB of RAM. The only | reason I don't run it longer than two months that is I need | to reboot for OS updates. This is on Debian. | ipaddr wrote: | On my Ubuntu firefox can do the same. On windows 7 it | falls apart. | gtvwill wrote: | Lol why are you still using win7? Uses an outdated os | that is no longer supported. But doesn't attribute | programs playing up to that? Mate. Win7 is your problem | get off that. | rejectfinite wrote: | Not true in my experience on Windows. | | I find Firefox handles many tabs better than Chrome. | gtvwill wrote: | That's your computer bud not Firefox. | Frotag wrote: | Personally I've seen the opposite: video sites on Chromium | that would eat up 300MB+ and an additional 1~3MB of leaked | mem per action. Whereas the same site on FF would happily | sit at 20~30MB. | fsflover wrote: | See also: https://news.ycombinator.com/item?id=31538482. | Layke1123 wrote: | Anyone ever consider the possibility that crypto isn't needed in | a society that is based on trust, and if we all trusted each | other, then none of this is necessary? It is almost as if the | powers that be want crypto because they don't trust anyone, and | therefore perpetuates the problem of needless abstraction? | [deleted] | Analemma_ wrote: | Western countries are rapidly moving from being high-trust to | low-trust societies. The reasons for this are multifaceted, | complex, and self-reinforcing, and it isn't likely that the | trend will be reversed any time soon. Certainly not within our | lifetimes. So we can either stick our heads in the sand about | it, or develop technologies to deal with it as best we can. I'm | not a crypto fan myself, but I understand why it exists and why | it will probably be increasingly important as time goes on. | Layke1123 wrote: | No one will ever trust a completely trustless coin, because | if you can't trust each other, putting trust in an abstract | concept isn't exactly a winning solution. | | Human trust matters, not mathematical trust. | FargaColora wrote: | LMYahooTFY wrote: | How is it absurd? Do you have any technical explanation to back | this up? Because it sounds a bit absurd. | schroeding wrote: | OT, but it's kinda crazy how cryptocurrencies totally hijacked | the word "crypto", which may cause confusion for years to come. | | Like in the sibling comments that confuse it with cryptography- | crypto :D | mixedCase wrote: | That doesn't make the slightest lick of sense to me. Can you | elaborate how cryptocurrencies compromise browser security? | gruez wrote: | It doesn't. My guess is that some people find crypto icky, | and their thinking is that if the browser vendor is doing an | icky thing they can't be trusted to keep the browser secure. | dustyharddrive wrote: | but you need TLS! | luto wrote: | I think they are referring to cryptocurrency, not | cryptography in general. | Taywee wrote: | How is HTTPS supposed to work without crypto? | timbit42 wrote: | I think they are referring to cryptocurrency, not | cryptography in general. | [deleted] | ea550ff70a wrote: | Get used to it. Crypto related stuff is only getting more | influential and adopted. Current prices don't mean anything. | Use case and utility of some of them is where it's at. BAT from | Brave is a good example of a practical application for an | alternative ad system. I have been using Brave with the BAT | option enabled for over a year and even though I started as a | skeptic, I can now say it works relatively well. Is it perfect? | No, there a some bugs in their UI for them. Does it accomplish | the objectives it was designed for? Definitely. But the most | important part at the end of the day is having the option to | participate or not. I don't mind seeing an ad every once in a | while specially if I can get a cut of how much it cost to | display that ad to me. | GlassKingdom wrote: | It uses a MITM attack to inject Cryptocurrency span into | webpages. Sorry, it's indefensible. Nobody is going to "get | used to" the modern equivalent of viruses, especially when | non-infected browsers are available. | ea550ff70a wrote: | Adoption metrics say otherwise on both their browser and ad | system but sure. | gruez wrote: | >It uses a MITM attack to inject Cryptocurrency span into | webpages | | Are we talking about the opt-in ads (which might contain | "Cryptocurrency span") or the affiliate codes (which are | injected into pages you've already decided to visit)? | gtvwill wrote: | Man any browser trying to pass off it being acceptable to | inject affiliate codes in links just because you were | going there anyways is some serious red flags and you | should end that relationship promptly. | | Brave is truly capitalist cancer in browser form. I | thought we killed off IE & Netscape. Turns out they had a | kid. | ea550ff70a wrote: | Damn if you think any of that is problematic (which is | not because you can opt out, and by default is not | enabled), specially from the "capitalist cancer" pov wait | until you hear about this obscure browser called Chrome | from a company you might have heard called Google. | | Edit: Forgot to mention, they stopped injecting the links | 2 years ago as they claim it was a mistake (maybe, maybe | not, but for sure not the case right now) -> | https://brave.com/referral-codes-in-suggested-sites/. | [deleted] | WithinReason wrote: | Brave's way of using cryptocurrencies is the only good use of | crypto I know of. (There are probably others) ___________________________________________________________________ (page generated 2022-05-28 23:00 UTC)