Conversation

Brave has always been a sketchy browser reeking of desperation. I've taken issue with their usage of DRM, their decision to have a hard dependency on Play Services and their sketchy cryptocurrency activities including their very likely illegal ICO launch.

Quote Tweet

Daniel Micay

@DanielMicay

Jul 25, 2019

I used to be optimistic about Brave, but I no longer consider it to be a good project. It has had some serious issues with security and the intent behind it is starting to seem nefarious. Monetizing other people's content was always sketchy and their DRM is going far beyond EME.

Show this thread

Replying to

Do you have an opinion on Iridium Browser (desktop only atm)?

Replying to

It says that it's "based on Chromium 81.0.4044.92" and the current desktop release is 83.0.4103.97. The first stable v83 release was May 19, 2020. chromiumdash.appspot.com/releases?platf 81.0.4044.92 is from April 7th. There were 4 subsequent releases for v81 from April 15 through May 5.

Replying to

and

They also build with a GCC-based toolchain which loses important security features like type-based CFI. There are other problems with how they build it too. You are better off using a proper build of Chromium, although most Linux distributions lack the competency to provide that.

This Tweet was deleted by the Tweet author. Learn more

Replying to

and

They think they know better, but they don't. By using GCC, they're losing type-based CFI and other security features. By using additional system libraries, they're weakening CFI and losing important changes. Inadvisable changes are often made due to lack of care / understanding.

Replying to

and

The bulk of the changes being made by these forks are just changing defaults or removing optional features. There are few changes with real substance. Most of those are just changing where static assets are fetched, etc. There aren't any leaks of data for them to remove anyway.

Replying to

and

how about ungoogled-chromium ? Keeps up to date and seems to have somewhat shared analogous goal in removing Google telemetry/dependencies from Chromium as GrapheneOS does in removing Google Play Services from Android

Replying to

and

You're confused. The Android Open Source Project doesn't have Google apps and services. Google Play Services isn't part of baseline Android. It isn't part of AOSP and isn't part of what's officially required for an OS to be considered Android. It's not the purpose of GrapheneOS.

Replying to

and

AOSP doesn't have any analytics/telemetry. Chromium analytics/telemetry is gated behind a toggle for submitting usage stats. The same goes for all the other Google services where data is submitted to them. Network connectivity checks and static asset downloads don't have toggles.

Replying to

and

These forks of Chromium are largely just changing default options and removing the option to use these features. You're not giving any addition data to Google by using Chromium with the Google services disabled in preferences. You just download component updates, etc. from them.

2:59 AM · Jun 9, 2020Twitter Web App

Replying to

and

The purpose of GrapheneOS is privacy and security hardening. The Android Open Source Project (baseline Android) doesn't have Google apps and services. Vendors have to license Play Services and add it into AOSP. It isn't something that has to be removed but rather added to AOSP.

Replying to

and

AOSP is Android, i.e. it meets all requirements of the Android CDD / CTS. Forks of AOSP meeting the same requirements are also Android. GrapheneOS deliberately deviates to improve privacy and security. It's not Android, since we don't follow CDD / CTS. If we did, it'd be Android.

Show replies