I used to be optimistic about Brave, but I no longer consider it to be a good project. It has had some serious issues with security and the intent behind it is starting to seem nefarious. Monetizing other people's content was always sketchy and their DRM is going far beyond EME.
Conversation
Replying to
Firefox has serious security issues, and I don't recommend using it. The sandbox is far weaker than Chromium and it doesn't provide site isolation which is a necessity in 2019. On Android, Firefox doesn't provide a browser sandbox at all, which is just completely unacceptable.
1
1
8
Replying to
Brave is a better choice than Firefox. I'm not saying that Brave is a bad choice as a browser in technical terms but that the project has the wrong motivation behind it. It's at odds with privacy and it's now clear they value the attention nonsense more than they do privacy.
1
1
4
Replying to
I largely feel the same way about Mozilla's approach with Firefox. Apple seems far more interested than Mozilla in delivering actual privacy rather than the appearance of it, although Apple recently started using it as part of their branding / marketing which is what taints this.
2
1
3
Replying to
I don't really have a browser recommendation right now. I liked that Brave took the solid Chromium base and seemed to be on the path towards turning it into a privacy-focused browser but it's clear to me now focus is elsewhere and privacy isn't going to win when they conflict.
1
5
Replying to
Is there a reason why Tor Browser uses Firefox as base is it because Firefox was better in old days? And whats your opinion on hardened Firefox? Does enabling first-party isolation (is this sandbox?) matter? Thanks in advance.
2
2
Replying to
First party isolation partitions state based on first party origin. It's not part of the sandbox but rather a change in semantics for how things like cache, cookies, etc. work by separating it per first party origin. Combined with Tor, this is part of providing basic anonymity.
1
1
Replying to
Tor has had to make many changes like this to how the browser works to provide the model it does. Unfortunately there are a large number of known issues that are unresolved when JavaScript is enabled but this feature is part of what's still needed when JavaScript is disabled too.
1
1
Replying to
Even without JavaScript, there's a lot more that can be done via HTML, CSS, SVG, etc. than you might expect. For example, it's possible to track mouse hovering via CSS hover events triggering network requests. It's far less precise than JavaScript mouse fingerprinting though.