Jump to content

Search the Community

Showing results for tags 'brave browser'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station


  • Drivers
  • Filesharing
    • BitTorrent
    • eDonkey & Direct Connect (DC)
    • NewsReaders (Usenet)
    • Other P2P Clients & Tools
  • Internet
    • Download Managers & FTP Clients
    • Messengers
    • Web Browsers
    • Other Internet Tools
  • Multimedia
    • Codecs & Converters
    • Image Viewers & Editors
    • Media Players
    • Other Multimedia Software
  • Security
    • Anti-Malware
    • Firewalls
    • Other Security Tools
  • System
    • Benchmarking & System Info
    • Customization
    • Defrag Tools
    • Disc & Registry Cleaners
    • Management Suites
    • Other System Tools
  • Other Apps
    • Burning & Imaging
    • Document Viewers & Editors
    • File Managers & Archivers
    • Miscellaneous Applications
  • Linux Distributions


  • General News
  • File Sharing News
  • Mobile News
  • Software News
  • Security & Privacy News
  • Technology News

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...

Found 17 results

  1. Brave Browser's new privacy protections: time-based permissions and more Brave added several privacy protection improvements to the company's Brave Browser recently. One of them improves the permissions dialog that the browser displays when sites request access to certain information such as a user's location, camera or microphone. Most Chromium-based browsers displays allow or block options in the dialog. Mozilla's Firefox web browser sets temporary permissions by default unless users check a box in the dialog. Apple's Safari browser offers a similar feature. Brave, starting in version 1.25, displays a new option that enables users to select a period in which the permission is valid. The options are "until I close the site", "for 24 hours", "for 1 week", and "forever". Forever works just like the allow button, but all three remaining options limit the granted permission to the specified time. The permission is revoked automatically by the browser once. Brave notes that the all or nothing permissions approach leads to the oversharing of data as users have to revoke permissions actively to block future access to the information by the site in question. Bounce Tracking Protections improvements Recent versions of Brave Browser include improved bounce tracking protections. Sites may use bounce tracking to track users; this is done by adding parameters to the URL which is then passed to the destination. Facebook uses the system to track users across sites on the Internet. Brave protected users from bounce trackers up until now by stripping tracking parameters from URLs. Users of the browser who have enabled aggressive tracking in the browser's settings will receive prompts now when a "URL is suspected as a bounce tracker". The loading of the destination is blocked by default, but users may continue to the site or end the navigation at that point. Brave plans to introduce the protections to all users, regardless of blocking setting status. Other privacy improvements in Brave Brave introduced ephemeral third-party storage some time ago in the browser which was designed to protect against tracking but without breaking sites, particularly sites that expected third-party storage to persist. The feature caused issues on certain sites that used specific integrations, e.g. Single-Sign On. Brave cleared third-party storage of a site the moment the site was no longer open, but some workflows did not work as expected because of that. To make sure that this does not happen anymore, Brave added a 30 second pause to the process, after which the data is removed. The fourth and final improvement integrates new fingerprinting protections in the web browser. Dark Mode fingerprinting protections WebGL fingerprinting protection improvements. You can check out the announcement on the Brave site. Brave Browser's new privacy protections: time-based permissions and more
  2. Brave browser for iOS now allows you save media and play it later with the new Playlist feature Brave browser for iPhone and iPad has a new feature called Playlist. This option allows you to save media content from around the web and play it later from a convenient list. Let's see how to use the Brave Playlist. You will need to be on the latest version of the iOS app, i.e. Brave browser 1.25, to access the playlist feature. Open the browser on your iOS device, and go to any site that contains an audio or video, e.g. YouTube. Aside from media streaming services, you may also open webpages that contain an embedded video, like blogs or social networks. But it really depends on the website, the Amazon Prime video website for example does not support Brave. Brave will display a banner prompting you to add the video to the playlist, tap on it to save the content for later. You can do this manually too, tap and hold your finger on the video that is being played, and you will see the Add to Playlist option appear in the context menu. To access your Brave playlist, tap on the three dot button in the top right corner of the browser's interface. Select the Playlist menu item, and the app will list display the content that you added to it. The playlist's GUI resembles a full screen video player. The playback controls lets you play, pause, rewind, fast-forward, and loop the video. You can change the playback speed by 1x, 1.5x and 2x times the normal speed. Cast the video on other devices with the AirPlay button. You can also control the playback from the iOS lockscreen, this is very useful for background playback. The PiP (Picture in Picture) button in the top right edge, can be used to play the videos in a compact video while you browse other sites, even if you switch to other apps, e.g. while you are chatting with a friend on a different app, using a social media app, or just on the device's homescreen. And yes, PiP mode works with YouTube videos too. The best part is that you can watch the content without ads. To manage your Brave playlist, tap the button in the top left corner. The browser lists your videos in a side-panel. You may rearrange the order of the videos by dragging and dropping them. The app places new videos at the top of the list. Brave Playlist downloads the media to your device for offline viewing/listening, that's why you see the video size in the side-bar. Head to the browser's menu, Playlist and toggle the setting called "Auto-save for offline". This will force the browser to stream the content instead of downloading it. There are a couple of interesting options that can resume the playback from the previous position, auto-play the playlist. According to the official announcement, Brave Playlist is also coming to Android and Desktop users later this year. Don't bother trying to sync the playlist between your iOS device and desktop version of Brave (it has a similar playlist button), I already did that and it doesn't work. Source: Brave browser for iOS now allows you save media and play it later with the new Playlist feature
  3. Brave browser adds native support for uBlock and Fanboy annoyances lists and social list Brave browser's built-in ad-blocker has been boosted by some additional options. The Chromium fork's Brave Shield now supports three popular privacy-friendly filter lists, namely uBlock Annoyances List, Fanboy Annoyances List and Fanboy Social List. What are these filters anyway? Do I need them? As you may know, ad-blocking extensions and Brave Shield disable advertisements, banners, and other forms of ads. But most websites have additional elements on their website such as social sharing buttons such as Facebook, Twitter, or other elements that users may find annoying. The new filter lists block the tracking functionality of these elements (they're visually removed too), and also removes pop-up stuff like subscribe or welcome banners.. Yes, those social share buttons actually track your visits, even if you never use them. If the buttons are available on the page, it acts as a tracker and sends the information to their parent site, that's how Facebook Pixel works. Tired of those "we use these cookies" notices? Some sites employ anti-adblock features, these annoyance lists ensures that these get blocked as well. Since Chromium-based browsers lack the power of Firefox containers, which in my opinion offers better privacy, these annoyance lists are welcome additions for Brave browser users who want to prevent social-networks from tracking you. That's great, but these new options are not enabled in the Brave Shield by default. That's probably because not everyone may want to use them. How to enable uBlock Annoyance List, Fanboy annoyances List and Fanboy Social list in Brave browser To activate the new filter lists, head to the following page. brave://adblock The settings aren't listed in alphabetical order, so you may have to search for them manually. The uBlock Annoyances list appears at the end of the list for me, wile the Fanboy Annoyances List and Fanboy Social List are located in the top half of the list. Check the box next to the option that you want to use, and you're good to go. I wouldn't recommend enabling all the options available on that page, since it could result in heavy resource usage and also prevent websites from loading correctly. So, you should only enable the ones you actually need. Technically, if you were using uBlock Origin specifically for these lists, you no longer need the extension. But the add-on does more than that and supports custom lists, filters, and elements, so you may want to keep it anyway. That's what I would do. Tip: Firefox, Edge (and other Chromium-based browsers) users can enable these annoyance lists from uBlock Origin's dashboard > filter lists. You don't have to do this since the add-on does a great job out of the box, but the options are there if you want to enable them. An issue filed on Brave's GitHub regarding support for the new filter lists was fulfilled in early December. This reddit thread says that the lists appeared in Brave Nightly 1.20.19, but according to a new post these options were added to the stable release channel in version 1.19.92. If you don't have the new ad-blocking filter lists in your browser, check whether you have the latest version. Hey, I still see the social buttons on a website. Make sure that Brave Shield is enabled for the site, click on the icon next to the address bar, and also check if the first drop-down menu says "Trackers and ads blocked" (and not set to "Allow all trackers and ads"). Source: Brave browser adds native support for uBlock and Fanboy annoyances lists and social list
  4. Green search engine Ecosia partners with pro-privacy Brave browser Exclusive: The partnership opens Ecosia up further to Brave’s 24 million user base Ecosia, the search engine that uses its advertising revenue to plant trees, is now a default search option for privacy-focused browser Brave. The search engine will be available to Brave’s 24 million users, on both mobile and desktop, alongside competitors DuckDuckGo, Qwant, Startpage, Bing, and Google, in the hopes that the company can expand its userbase. Ecosia donates 80 per cent of the profits it makes from this to tree-planting charities, while Brave automatically blocks ads and other trackers. Brave also claims that it is faster and more privacy-conscious than Google Chrome or Microsoft Edge, and has its own specific advertising method whereby users earn rewards for what they view. “Online privacy is a basic human right and not something we should have to fight for - but this isn’t the case. The same logic that would have a company choose to sell user data at the cost of privacy is the same logic that would have a company extort profits at the cost of the climate”, Ruby Au, Country Manager North America for Ecosia, said in a statement. “We want to work with partners that change that narrative. We are really excited to establish this new partnership with Brave, which allows us to promote ethical tech together, and encourage users to be part of a better internet.” Brave users can do to Settings or Preferences in the browsers’ menu, click on search engine, and select Ecosia from the drop down menu, while new users can select Ecosia as the default search engine in a few clicks when they download the browser. “Brave’s mission is to put the user first in every way, and we’re thrilled to include Ecosia as a default search engine option to combine privacy-respecting browsing and searching”, said Jan Piotrowski, Vice President of Business Development at Brave. “Putting users in charge of their data with privacy-preserving tools is a key step in countering the surveillance economy and taking back control.” The partnership will initially roll out across the UK, the US, Europe, Australia, and Canada, with more countries added as time goes on. Ecosia is the first addition to the Brave default list since Startpage was added late last year. It recently committed to planting a 5,000-mile forest wall in Africa – with over one billion trees making up the project, The Independent exclusively revealed this month. Ecosia will also map and monitor the health of the forest with satellite imagery and geo-tagging. The company says that, since 2009, it has planted over 118 million trees. The green search engine company has a more challenging path in its attempt to attract more users than other companies. It currently has around 15 million users globally, while Google hosts 5.6 billion searches per day. Last year, Google was forced by the European Commission to offer alternative options for the default search engine on Android because it was deemed anticompetitive, but only search engines who could pay high prices were considered with companies that did not prioritise revenue – such as DuckDuckGo and Ecosia – criticising the move. “It plays the competitors against each other,” says Christian Kroll, the CEO of Ecosia, told Wired in June 2020. “So instead of collaboration, we have now kind of a toxic environment between smaller search engines as well.” Source: Green search engine Ecosia partners with pro-privacy Brave browser
  5. Brave browser takes step towards enabling a decentralized web First browser to fully integrate the new IPFS protocol Illustration by Alex Castro / The Verge Brave has just taken a step towards supporting a decentralized web, by becoming the first browser to offer native integration with a peer-to-peer networking protocol that aims to fundamentally change how the internet works. The technology is called IPFS (which stands for InterPlanetary File System), a relatively obscure transport protocol that promises to improve on the dominant HTTP standard by making content faster to access and more resilient to failure and control. This explainer from TechCrunch offers a good overview of how the protocol works. But here’s the short version: While HTTP is designed for browsers to access information on central servers, IPFS accesses it on a network of distributed nodes. Vice likens it to downloading content via BitTorrent, rather than from a central server. You type in a web address like normal, and the network is able to find the nodes storing the content you want. Benefits of the new approach include faster speeds, because data can be distributed and stored closer to the people who are accessing it, as well as lower server costs for the original publisher of the content. But perhaps most importantly, IPFS has the potential to make web content much more resilient to failures and resistant to censorship. Brave, which currently boasts 24 million monthly active users, has been an early supporter of IPFS, working on the standard since 2018. But with version 1.19 of the Brave browser releasing today, Brave users will be able to access IPFS content directly by resolving URIs that start with ipfs://. They can also opt to install a “full IPFS node in one click,” making their browser a node in the peer-to-peer network. “IPFS gives users a solution to the problem of centralized servers creating a central point of failure for content access,” Brave’s CTO Brian Bondy said in a statement, adding that this gives Brave users “the power to seamlessly serve content to millions of new users across the globe via a new and secure protocol.” IPFS project lead Molly Mackinlay adds that IPFS’ enablement of the decentralized web can overcome “systemic data censorship” from governments and Big Tech. “Today, Web users across the world are unable to access restricted content, including, for example, parts of Wikipedia in Thailand, over 100,000 blocked websites in Turkey, and critical access to COVID-19 information in China,” says Mackinlay, “Now anyone with an internet connection can access this critical information through IPFS on the Brave browser.” This effort to make web content more resilient and unconstrained comes at a time when service and platform owners are facing tough choices about what content should remain online. Following the Capitol riots, President Trump was silenced on both Facebook and Twitter, followed by the Parler app being pulled from both the Google and Apple app stores, and Amazon withdrawing its centralized web services. A decentralized web enabled, in part, by IPFS would make that kind of control more difficult in the future. Brave browser takes step towards enabling a decentralized web
  6. Brave 1.18 Stable launches with Brave Today, Global Privacy Control support, and more Brave has released Brave 1.18, a new stable version of the company's web browser for desktop operating systems and Android. The new version of Brave introduces the recently reviewed Brave Today news system, support for the up-and-coming standard Global Privacy Control, and other features. Brave installations should get updated automatically thanks to the browser's built-in updating functionality. Desktop users can select Menu > About Brave to check the version and run a check for updates. Loading brave://settings/help directly does the same thing. One of the first thing that users may notice, or not, is the new Brave Today addition to the browser's new tab page. It is enabled by default and all you have to do is scroll down to see a first selection of news displayed to you. Brave Today collects news from news sources, the majority from the United States, pushes it on to its own content distribution network, to display titles and images to users. A click on customize displays options to enable or disable certain news sources in categories such as sports, finance, technology, or science. The selection of news sources is quite good if you are from the United States, but if you are from anywhere else, you may find it lacking especially if you prefer non-English news sources. Users who don't plan on using it can turn it off easily though. Brave 1.18 adds new controls to set what is displayed on the new tab page. Just load brave://settings/newTab (or select Settings > New Tab Page) to set the "New tab page shows" option from Dashboard to either Homepage or Blank. Another new feature of Brave 1.18 is support for Global Privacy Control. It is a relatively new initiative to improve user privacy and rights on the Internet. Basically, what it does is inform sites that an Internet user denies sites the right to sell or share personal information to third-parties. You can check out our Global Privacy Control summary for additional details. Global Privacy Control is enabled in Brave. Brave 1.18 features a number of smaller additions and changes. The following ones are noteworthy: Protection against private browsing mode detections added to the browser. Contrast among tabs improved. Option to remove devices from Brave Sync, e.g. to remove unused devices or devices that were stolen/lost. Yandex is the default search engine in select regions for new installations (including Armenia, Azerbaijan, Belarus, and Russian Federation). Full list is here. Upgraded the core to Chromium 87.0.4280.101 Lots of changes related to Brave Ads and Rewards. You can check out the full release notes here. Brave 1.18 Stable launches with Brave Today, Global Privacy Control support, and more [ Software Updates post here... Brave 1.18.70 ]
  7. Brave launches Brave Together video calling in latest Nightly version The makers of the Brave web browser announced the launch of a "private and unlimited video calling service" in Brave called Brave Together on May 26, 2020. The service is based on the open source solution Jitsi and currently only available to Brave users who run development versions of the web browser. Brave revealed that it is only available to users from North America but the functionality appears to be working in other regions as well at the time of writing. It takes just a few steps to start using Brave Together. Visit the Brave Together website in the Brave browser and hit the "Start video call" button to get started; this creates a new room and a link that you may share with others; you may also copy the URL as it is the URL that others need to open to join the chat. You may password protect the room optionally to block unauthorized access to the room. The interface looks very similar to the default interface that Jitsi provides. It is a branded version of that and provides the same functionality. Here is a list of things that Brave Together supports: Screen sharing. Moderation options such as muting everyone or muting individual users. Share a YouTube video with everyone. Support for shortcuts to control the chat using the keyboard. Set video quality. Configure initial settings such as "everyone starts muted". Option to raise/lower hand. Some Jitsi option such as the ability to blur the background (beta) seem unavailable at the time of writing. Brave Together is an interesting feature that worked well during initial tests. Brave calls it a "trial version" and it is likely that the service will see improvements in the coming months before it lands in the stable version of the browser. One of the most appealing things about it is that it is really easy to use yet provides enough options to make the video chats private and secure. Jitsi supports end-to-end encryption but I could not find that option in the first Brave release. Brave revealed little about Brave Together at this point in time and it may take a while before an official blog post reveals more details on the integration in the web browser. Source: Brave launches Brave Together video calling in latest Nightly version (gHacks - Martin Brinkmann)
  8. Brave Browser, the privacy-focused web browser, announced today that it grew in usage by over 130% in its first year of the release of its 'Stable' version. On November 13th, 2019, Brave Browser released its first Stable version after it had already accumulated 8.7 million monthly active users (MAU) and 3 million daily active users (DAU) during its Beta period. Over the past year, Brave Browser saw an incredible 130% growth to reach 20.5 million monthly active users (MAU) and 8.7 daily active users (DAU) as of November 2020. Brave Browser growth over the past year While Google Chrome still owns 69% of the browser market share, other browsers such as Firefox, Brave, and Microsoft Edge are slowly chipping away at Chrome's share as they introduce new features or increased privacy. Brave attributes its growth to end user's increasing frustration with the lack of privacy seen in more established browsers and a new advertising ecosystem that allows users to take control of how they browse the web. "Users are fed up with surveillance capitalism, and 20 million people have switched to Brave for an entirely new Web ecosystem with an opt-in ad economy that puts them back in control of their browsing experience," said Brendan Eich, CEO, and co-founder of Brave. "The global privacy movement is gaining traction, and this milestone is just one more step in our journey to make privacy-by-default a standard for all Web users." Brave has also seen a 3.2x growth in verified sites in its 'creators' program that allows publishers to earn Basic Attention Token (BAT) cryptocurrency tokens as tips from visitors who frequent their sites. The total number of verified creators grew from 300,000 to 972,000 since last year. In full disclosure, BleepingComputer is part of this program. Source
  9. Brave introduces new Sync functionality in Android and desktop browser The makers of the Brave browser have released version 1.12 of the web browser recently. One of the main new features of the new browser version introduces better sync functionality on all supported platforms. Syncing has not been Brave's strong suit up until now as it limited the data that could be synced and was not bug free either. Brave promises that Sync v2 changes that. First, it is necessary to update Brave to version 1.12 on all devices. The new version is already on Google Play and desktop users should receive the update automatically as well. It is possible to check for the new update immediately by selecting Menu > About Brave, and also to download the new version from the official Brave website. The company promises that the new Sync functionality will arrive on iOS soon as well. Sync v2 supports the following data: Bookmarks Passwords Autofill Data History Open Tabs Extensions Themes Settings Apps Some of these are only available on desktop systems, e.g. extensions and themes, as the mobile version of Brave does not support extensions or themes (just like Google Chrome). The default setting synchronizes bookmarks only but users may select each type of data in the sync settings to synchronize the selected ones as well. Users who have set up sync functionality before in Brave need to do so again because Sync v2 is an entirely new system that is not compatible with the first version. Setting up sync is relatively easy. Select Menu > Sync to get started; if this is the first step of setup, select to create a new sync chain. Brave uses a sync chain code or QR code to pair devices. If you want to sync desktop Brave to Android, you may select QR code and scan the code using the Sync interface of Brave's app on Android. For desktop to desktop it is necessary to copy the sync code from one device to the other. The sync preferences display all sync options. On desktop, Brave displays all devices that joined the sync chain including the last activity. Below that is the list of items that can be synced. It includes toggles to enable or disable items individually, and a handy sync everything option in case you want all data to be synced across devices. Options to add more devices and to leave the sync chain on that device are provided as well. Brave's Sync v2 functionality was "rebuilt to be more directly compatible with the Chromium sync system". Brave's sync server follows the Chromium sync protocol but it encrypts data records by default on the client side. As far as encryption details are concerned, the following is noted in the FAQ: We use the built-in custom passphrase feature from Chromium sync and encrypt everything client-side. Instead of letting the user pick a passphrase, which may be weak, we force the passphrase to be the BIP39 encoding of the sync seed. The rest of the encryption is handled by Chromium as follows: BIP39 phrase is key-stretched using scrypt(N = 2^13, r = 8, p = 11). New clients need the scrypt salt in order to derive the key. Then the stretched key is used directly as a AES128-CTR-HMAC encryption key. Closing Words The introduction of Sync v2 addresses a major issue of the Brave browser. It moves away from the rather unreliable first version of Sync to a stable version that should work better for the majority of users. The inclusion of new sync options is a welcome addition as well. [ Software Updates post here... Brave 1.12.112 ] Brave introduces new Sync functionality in Android and desktop browser
  10. Feature did not sufficiently anonymize private browsing sessions Developers at alternative privacy-focused browser Brave have been praised for quickly resolving a potentially troublesome privacy flaw. Security researcher sick.codes found that the Brave private window (incognito) feature with Tor does not sufficiently anonymize users visiting Brave’s partner websites such as Binance and Coinbase. On further digging, the same researcher discovered that Brave generated a folder during Tor sessions that it failed to delete at the end of private browsing sessions. “After the user ends the Tor session, the data is not cleared and users should be aware that the Tor feature of Brave browser is not secure as intended and the browser can leak, or send usage statistics, of critical information to their partner websites that could be used by an attacker to triangulate a user,” the security researcher warned in an email to Brave. Brave developer Yan Zhu responded promptly to the warning by developing a fix, which has been incorporated into the pre-mainstream release (nightly) version of the browser. Brave 1.18.27 and below are affected. The mainstream version is yet to be patched to resolve the security flaw. Peeling back the Onion The issues were uncovered after sick.codes examined a transient session information file called “Local State”. “[Zhu} @bcrypt confirmed that the metric core_p3a_metrics that I discovered in Local State was overlogging,” the security researcher told The Daily Swig. The issue creates the potential to violate the confidentiality of a user’s Tor session, but only to a local attacker since the vulnerability fails to lend itself to remote exploitation. The security researcher earned $100 for his finding, more details on which can be found in a write up. Sick (sick.codes) only began looking into the issue after he was confronted with an annoying pop-up ad for a crypto-currency site. “Tor has been in Brave for two years, which makes me wonder why no-one had found all the Tor logging [before],” Sick told The Daily Swig. “[The} Brave security team though were really responsive." A post on HackerOne offers additional information and context. A vulnerability in the Brave Browser allows an attacker to view the last time a Tor session was used in incognito mode. A local, on-disk attacker could read the Brave Browser’s ‘Local State’ json file and identify the last time a Tor session was used, affecting the confidentiality of a user’s Tor session. For example, the ‘Local State’ file of a user who has recently used a Tor session would list a key value pair with a timestamp as accurate as ‘13248493693576042’. This allows an attacker to fingerprint, or prove beyond reasonable doubt, that a user was using Tor at that very specific moment in time. Brave is an open source browser built using Chromium. It boasts 20 million monthly active users. Source
  11. Next release will block third-party trackers posing as first-party resources The Brave web browser will soon block CNAME cloaking, a technique used by online marketers to defy privacy controls designed to prevent the use of third-party cookies. The browser security model makes a distinction between first-party domains – those being visited – and third-party domains – from the suppliers of things like image assets or tracking code, to the visited site. Many of the online privacy abuses over the years have come from third-party resources like scripts and cookies, which is why third-party cookies are now blocked by default in Brave, Firefox, Safari, and Tor Browser. Microsoft Edge, meanwhile, has a tiered scheme that defaults to a "Balanced" setting, which blocks some third-party cookies. Google Chrome has implemented its SameSite cookie scheme as a prelude to its planned 2022 phase-out of third-party cookies, maybe. While Google tries to win support for its various Privacy Sandbox proposals, which aim to provide marketers with ostensibly privacy-preserving alternatives to increasingly shunned third-party cookies, marketers have been relying on CNAME shenanigans to pass their third-party trackers off as first-party resources. The developers behind open-source content blocking extension uBlock Origin implemented a defense against CNAME-based tracking in November and now Brave has done so as well. CNAME by name, cookie by nature In a blog post on Tuesday, Anton Lazarev, research engineer at Brave Software, and senior privacy researcher Peter Snyder, explain that online tracking scripts may use canonical name DNS records, known as CNAMEs, to make associated third-party tracking domains look like they're part of the first-party websites actually being visited. They point to the site https://mathon.fr as an example, noting that without CNAME uncloaking, Brave blocks six requests for tracking scripts served by ad companies like Google, Facebook, Criteo, Sirdan, and Trustpilot. But the page also makes four requests via a script hosted at a randomized path under the first-party subdomain 16ao.mathon.fr. "Inspection outside of the browser reveals that 16ao.mathon.fr actually has a canonical name of et5.eulerian.net, meaning it’s a third-party script served by Eulerian," observe Lazarev and Snyder. When Brave 1.17 ships next month (currently available as a developer build), it will be able to uncloak the CNAME deception and block the Eulerian script. Other browser vendors are planning related defenses. Mozilla has been working on a fix in Firefox since last November. And in August, Apple's Safari WebKit team proposed a way to prevent CNAME cloaking from being used to bypass the seven-day cookie lifetime imposed by WebKit's Intelligent Tracking Protection system. Source
  12. Brave browser gets CNAME-based adblocking support Brave Browser, a Chromium-based web browser that shares its core with Google Chrome, Microsoft Edge, Opera and Vivaldi, will support CNAME-based adblocking in version 1.17 of the browser. The feature landed in Brave Nightly already and will be integrated in the stable version of the browser in the coming release. Raymond Hill, maker of the popular content blocker uBlock Origin, introduced support for CNAME-based blocking in the Firefox version one year ago. The developer was the first to introduce such functionality in a browser extension, but could do so only in Firefox as Mozilla's browser was, and is, the only browser that supports DNS API capabilities that make such functionality possible in first place. The Firefox-version of uBlock Origin is therefore the most effective when it comes to content blocking. Sites and Internet marketing companies may use CNAME cloaking to avoid detection by content blockers, regardless of whether they are integrated in the browser natively, provided by browser extensions, or through other means such as the HOSTS file or DNS. CNAME tracking, also called CNAME cloaking, works through redirects by using subdomains of the main domain which are then redirected automatically to a tracking domain. Most content blockers distinguish between first and third party resources, and CNAME tracking uses this to avoid detection. Broken down, the technique makes a resource look like its first party when in fact it is not. Most browsers cannot detect or block these, and while there are lists, it is necessary to manage the lists manually unless a browser or extension is used that comes with better protection options. Next to Firefox with uBlock Origin, it is Brave Browser that stepped in. It is the first Chromium-based browser that introduces support for CNAME-based blocking. Brave Shields, the browser's content blocking solution, will support CNAME-based content blocking in version 1.17 of the browser. The component will "recursively check the canonical name records for any network request that isn't otherwise blocked using an embedded DNS resolver". The request will then be blocked if it has a CNAME record and if the request would be blocked under the canonical name. CNAME-based content blocking is enabled by default in Brave 1.17, and it is the first major browser to introduce the functionality as a native solution that is enabled by default. The company plans to release Brave 1.17 Stable on November 17, 2020 to the public. Closing Words Brave is the first browser to provide native on-by-default protection against CNAME-based cloaking techniques. Firefox users who install uBlock Origin are protected as well. Brave browser gets CNAME-based adblocking support
  13. How to speed up the Brave browser The following guide lists tweaks and suggestions on how to speed up the Brave web browser to reduce lag and improve the browser's performance. We have published guide on speeding up the Opera and Vivaldi browsers previously, and this guide is the third part of the series. Brave, like most desktop web browsers, is based on Chromium. Other Chromium browsers are Google Chrome, Vivaldi, Opera, and the new Microsoft Edge browser that Microsoft started to work on in 2019. As a Chromium-based browser, Brave is quite fast already; the browser's blocking of advertisement improves performance significantly as well when it comes to the loading of webpages. Brave's default settings leave room for improvements. Like all browsers, it ships with a default set of features designed to provide a good mix of features and speed. Tip: My Experience with the mobile version of Brave on Android. Brave's Settings You can access the Brave Settings from the main menu or by loading chrome://settings/ directly. The settings are divided into a main and an advanced part, and it is a good idea to check them from top to bottom after initial installation. Get Started -- I prefer to load the previous session (Continue where you left off) but you may speed up the start of the browser by selecting "open the new tab page" or "open a specific page or set of pages". Appearance -- Enable "use wide address bar" to give the address bar a bit more room. Not a performance setting. Shields -- Brave's Shields feature blocks trackers and advertisement by default. You can check the "block scripts" setting as well to block scripts from running by default but that will lead to breakage and you having to create overrides for sites that don't work properly if JavaScript is disabled. Note that the feature is not as advanced as the blocking of scripts by NoScript or uMatrix. Social Media Blocking -- Unless you use any of those openly, disable all options here: Allow Google login buttons on third-party sites. Allow Facebook logins and embedded posts. Allow Twitter embedded tweets. Allow LinkedIn embedded posts. Extensions -- Depends on your usage. Disable "WebTorrent", "Hangouts", and "IPFS Companion" if you don't use these. Privacy and security -- Consider disabling/modifying the following features to improve privacy: Use a prediction service to help complete searches and URLs typed in the address bar. WebRTC IP Handling Policy to "Disable non-proxied UDP". Automatically send crash reports to Brave. Allow sites to check if you have payment methods saved. Use a prediction service to load pages more quickly. Downloads -- Make sure "ask where to save each file before downloading" is checked to improve security. System -- Disable "continue running background apps when Brave is closed. Startup parameters Brave supports Chromium startup parameters. These are supplied on start and may modify certain features and settings of the browser that can't be changed in the browser's settings. You may either run Brave from the command line and specify the parameters, or edit the shortcut that points to Brave to permanently use the parameters. On Windows, you simply right-click on the Brave shortcut on the desktop or Start and select Properties. Note that you need to right-click on Brave a second time in the menu if you right-click on the Brave icon in the taskbar. Add the parameters to the end of the Target field and click ok to save the changes. --process-per-site -- Brave puts every page you open in the browser in its own process. If you notice that your devices hit the available RAM limit regularly, you may want to load Brave with the --process-per-site parameter to use a single process per site instead. Useful if you open multiple pages of a single site as it will reduce RAM usage. --disk-cache-dir=z:\brave\ --disk-cache-size=104857600 -- You may move the disk cache to a faster drive or a RAM disk (if you have plenty of RAM). The value of the cache is in bytes. The number in the example sets the cache to 100 Megabytes. See How to use a RAM disk in Windows and check out our overview of free RAM disk programs for Windows. --enable-low-end-device-mode -- This enables low end device mode which improves memory consumption of the browser. Source: How to speed up the Brave browser (gHacks - Martin Brinkmann)
  14. That doesn't sound GDPR-compliant ... Brave, the budding privacy-focused browser with its own native cryptocurrency, has alleged that Google is using hidden web pages to feed personal data of its users to advertisers, reports Financial Times. The evidence, now in the hands of the Irish data regulator, reportedly accuses the Big G of allowing users (and their browsing habits) to be profiled, resulting in targeted advertisements. It’s claimed that these actions circumvent EU privacy regulations that demand user consent, as well as transparency from tech giants like Google. Remember: Google is Brave’s number one competitor According to Financial Times, Brave‘s chief policy officer Johnny Ryan discovered Google‘s alleged secret web pages after tracking his data as it was traded on Google‘s advertising exchange Authorized Buyers, formally known as DoubleClick. Ryan’s evidence reportedly shows Google had “labelled him with an identifying tracker that it fed to third-party companies that logged on to a hidden web page.” That web page allegedly showed no content, but contained a “unique address” that linked directly to Ryan’s browsing activity. After one hour of browsing the web using Google Chrome, the report said that Ryan found six separate pages had sent his identifier to at least eight adtech companies. Brave then reportedly commissioned an adtech analyst to reproduce Ryan’s findings. They recruited “hundreds of people” to test Google over one month. Financial Times states that investigation confirmed Google‘s alleged ‘secret web page identifiers’ were indeed unique to each user. Analysts found they had been shared with multiple advertising companies to boost the effectiveness of targeted advertising. The outlet also reported that a Google spokesperson had said: “We do not serve personalised ads or send bid requests to bidders without user consent.” Google is reportedly co-operating with Ireland’s data regulator in its investigation. Source
  15. Brave 1.0 launches, bringing the privacy-first browser out of beta And it has a plan to pay users and publishers for ads Today marks the official launch of Brave 1.0, a free open-source browser. The beta version has already drawn 8 million monthly users, but now, the full stable release is available for Windows, macOS, Linux, Android, and iOS. Brave promises to prioritize security by blocking third-party ads, trackers, and autoplay videos automatically. So you don’t need to go into your settings to ensure greater privacy, though you can adjust those settings if you want to. Several browsers have taken steps to block trackers and ads, but in many cases, they’re limited or need to be enabled. Firefox started blocking some trackers by default earlier this year. Safari goes a step further by blocking almost all third-party trackers from sites you don’t visit frequently while allowing trackers from sites you check regularly but limiting their duration to 24 hours. Microsoft Edge is still testing a feature that also only blocks some trackers by default, which should arrive on January 15th. Google announced in May that it plans to launch tools that would let users see cookies stored by the Chrome browser and select which trackers to block, but we haven’t heard anything else about those tools, including when they’ll be available. Built-in ad-blockers are a little harder to find. Most of the time, you need to download an extension. Chrome automatically blocks ads that fail standards set by the Coalition for Better Ads. The mobile versions of Microsoft Edge have a built-in ad-blocker, but you need to turn it on. Now, these ad-blockers can deal a serious hit to publishers and creators who rely on ad views for revenue. But what sets Brave apart from other browsers is that it offers a possible solution in Brave Ads: a form of ads that pays you to view them, doesn’t access your data, and appears as push notifications rather than webpage banners. Brave says that its ads will be targeted to the user, but none of the user’s information will leave the browser. You can also adjust the number of ads you’re shown each hour. Brave Rewards gives users blockchain tokens when they opt in to Brave Ads. If you read an article you really like or want to support your favorite creator, you can give those tokens to sites and creators. Alternatively, you can cash them yourself via Brave’s partner Uphold or eventually exchange those tokens for gift cards and restaurant vouchers. It’s an ambitious plan but not an entirely unique one. HTC partnered with browser Opera to allow blockchain micropayments to websites on its Exodus phone last year. The question is whether enough consumers and publishers buy into this new system to allow it to work. Micropayments haven’t proven viable yet, and similar schemes have had limited traction. Dutch app Blendle lets you purchase individual articles from various news sites for a small fee, but it hasn’t had steady success. The Civil Foundation aimed to create ad-free media services built on blockchain, but its token sale failed. Brave’s privacy options go beyond blocking ads and trackers. It actually has two private modes: Private Window and Private Window with Tor. The first is like any other browser’s private or incognito mode: none of your data is saved to your device, but it may still be seen by the websites you visit, your network administrator, or ISP. For added security, Brave has a private mode that uses Tor, also known as The Onion Router, a browser that hides your information by encrypting it and passing it through three relays, bringing that level of security to your browsing. However, Brave notes you may want to switch to Tor’s own browser if security and anonymity are absolutely necessary. If you’re hooked on Chrome — and no matter how you slice it, the vast majority of users are — it’s easy to move over to Brave. (Here’s our guide on how to do that.) Former Verge editor Vlad Savov made the switch from Chrome to Brave since he felt Brave was the best alternative to Google’s browser. Brave is similar to Chrome, as they’re both built off of Chromium, and Brave will even let you use Chrome extensions and themes. The biggest difference is that Brave isn’t owned by Google, so using Brave limits the amount of data Google has on you (though other browsers can claim that as well). Vlad also found that Brave felt faster than Chrome back in March. It’ll be interesting to see if Brave’s popularity soars now that it’s out of beta. It was founded by Brendan Eich, who co-founded Mozilla with its rival Firefox browser. Eich was forced to resign as the CEO of Mozilla in 2014, less than two weeks after getting the job, due to a controversy surrounding his $1,000 donation in favor of a ballot proposition to ban same-sex marriage in California some years earlier. Source: Brave 1.0 launches, bringing the privacy-first browser out of beta (The Verge)
  16. Brave Software has baked Wayback Machine’s 404 detection system into its Brave desktop browser with a new 1.4.95 update to deal with 404- page not found and 14 other errors. If you now land on a broken web page in Brave, you’ll be allowed to look up for an archived page stored by Wayback machine. The Brave browser update also features a Chromium upgrade (80.0.3987.122) and includes various fixes. Wayback Machine director, Mark Graham announced about their archived URL playback and 404 support for Brave browser on Internet Archive blog by saying “available today, starting with version 1.4 of its desktop browser, Brave has added a 404 detection system, with automated Wayback Machine lookup process to its desktop browser”. Apart from 404, Wayback Machine checks for these other HTTP error codes in Brave browser: 408,410,451, 500, 502,503,504,509,520,521,523,524 and 526. For the unknown, Wayback Machine for the last 23 years has archived more than 900 million URLs and 400 billion web pages and it continues to archive many hundred million URLs each day to ensure the user gets an archived version for the missed pages. It’s not surprising for Internet Archive to show such love and affection towards the Brave browser as it has started backing Brave’s micropayments system since 2017 and is a Brave creator also. To get started, download the latest Brave browser update to your computer and after that visit this 404 page to see the feature show up. All you’ve to do is click on the “check for saved version” button displayed at the top of page and Wayback Machine will fetch and serve archived page available for that site from Internet Archive in the same tab. Wayback Machine browser extension is available for Google Chrome, Firefox, Safari browsers. Source
  17. Study finds Brave to be the most private browser Are you concerned about your web browser sending data back to the company that created it? A new study, Web Browser Privacy: What Do Browsers Say When They Phone Home?, looked at the six popular desktop web browsers Google Chrome, Mozilla Firefox, Microsoft Edge (Chromium-based), Apple Safari, Brave, and Yandex, to uncover what these browsers send back to the mothership. If you just want the result, the study found that used out of the box, Brave "is by far the most private of the browsers studied" followed by Chrome, Firefox and Safari. Brave is the only web browser that did not use identifiers that allowed tracking of the IP address over time and did not share details of web pages visited to backend servers. Chrome, Firefox and Safari used identifiers that are linked to the browser instance that persist over sessions and all three share web page details with backend servers via the browser's search autocomplete functionality. The study found the Chromium-based Microsoft Edge web browser and Yandex to do worse than the other browsers of the test. Both send identifiers linked to the device hardware which means that the identifier persists even across installations. Edge sends the hardware UUID to Microsoft, and Yandex transmits a "hash of the hardware serial number and Mac address". Both also appear to send web page information to servers that "appear unrelated to search autocomplete". The researcher logged all network connectivity on the devices the browsers ran on. Chrome connections using QUIC/UDP had to be blocked so that the browser would fall back to TCP. To inspect encrypted data, mitmdump was used and since leftovers can be an issue, extra care was used to delete all traces of previous installations from the systems. The test design was repeated multiple times for each browser. Start the browser from a fresh install/new user profile. Paste a URL into the address bar, press Enter, and record the user activity. Close the browser and restart, record network activity. Start the browser from a fresh install/new user profile and monitor network activity for 24 hours. Start the browser from a fresh install/new user profile, type a URL and monitor traffic. The conclusion For Brave with its default settings we did not find any use of identifiers allowing tracking of IP address over time, and no sharing of the details of web pages visited with backend servers. Chrome, Firefox and Safari all share details of web pages visited with backend servers. For all three this happens via the search autocomplete feature, which sends web addresses to backend servers in realtime as they are typed. In addition, Firefox includes identifiers in its telemetry transmissions that can potentially be used to link these over time. Telemetry can be disabled, but again is silently enabled by default. Firefox also maintains an open websocket for push notifications that is linked to a unique identifier and so potentially can also be used for tracking and which cannot be easily disabled. Safari defaults to a poor choice of start page that leaks information to multiple third parties and allows them to set cookies without any user consent. Safari otherwise made no extraneous network connections and transmitted no persistent identifiers, but allied iCloud processes did make connections containing identifiers. From a privacy perspective Microsoft Edge and Yandex are qualitatively different from the other browsers studied. Both send persistent identifiers than can be used to link requests (and associated IP address/location) to back end servers. Edge also sends the hardware UUID of the device to Microsoft and Yandex similarly transmits a hashed hardware identifier to back end servers. As far as we can tell this behaviour cannot be disabled by users. In addition to the search autocomplete functionality that shares details of web pages visited, both transmit web page information to servers that appear unrelated to search autocomplete. Closing Words The researcher analyzed the default state of the browsers and found that Brave had the most privacy friendly settings. At least some of the browsers may be configured to improve privacy by changing the default configuration, e.g. disabling autocomplete functionality. Source: Study finds Brave to be the most private browser (gHacks - Martin Brinkmann)
  • Create New...