[bartread]

I've disliked Brave from the beginning. Initially because of the pretentious - and frankly appropriated - name, but now for the much more substantive reasons you've cited.

Seriously, if you want a browser that gives you control over your data and privacy, use Firefox. It doesn't do any of this shady nonsense.

[morganvachon]

> I've disliked Brave from the beginning.

As have I. The entire money making scheme behind it, while innovative, is a privacy nightmare.

> Seriously, if you want a browser that gives you control over your data and privacy, use Firefox. It doesn't do any of this shady nonsense.

Agreed, with the caveat that Firefox does have its own, completely different privacy issues[1][2]. Still, it's probably the best choice for a mainstream browser, and there are open source scripts out there[3] to plug up Firefox's few leaks. I used to use (and recommend) Waterfox as a more secure, private alternative to Firefox, but lately Firefox with Shawn's or a similar script applied is just as good. It's generally better to get FF from your operating system's repository and keep it updated that way rather than manually installing a fork.

[1] https://support.mozilla.org/en-US/kb/shield?as=u&utm_source=...

[2] https://www.mozilla.org/en-US/privacy/firefox/#health-report

[3] https://github.com/shawnanastasio/firefox-privacy-restorer

[esperent]

Your first link is about Firefox studies.

I had never heard of these before, but when I go to about:studies, I see that I have never participated in any studies, and when I click the link from that page to "Firefox data collection and use" setting, I see that I am opted out from everything. Pretty sure I didn't do that manually.

Your second link is to a page called "Firefox health report". I have no idea what conclusions I'm supposed to draw from that.

Can you provide more info about the privacy violations you're referring to?

[resfirestar]

> when I click the link from that page to "Firefox data collection and use" setting, I see that I am opted out from everything. Pretty sure I didn't do that manually.

Are you on Linux? Many distributions include their own tweaks to the Firefox package, including disabling data collection.

[afiori]

> but when I go to about:studies, I see that I have never participated in any studies

Are you in the US? I also have not participated in any studies but in the preferences it is marked as active. My guess would be that they either run very few of them or are restricted to the US.

[kop316]

I am in the US. It was disabled by default in Debian, but it is on in Windows. It looks like I have not participate din any studies on the Windows machine.

[esperent]

No, Vietnam.

[basch]

>The entire money making scheme behind it, while innovative, is a privacy nightmare.

Is it? An ad bundle is downloaded to your pc. Your pc tracks some usage, and stores every analytic locally. Using the analytics, your local client chooses which ads to target you with. You wipe your local data cache, your analytics disappear. I would guess people wished more advertising respected privacy this way.

This seems like much LESS of a privacy nightmare than Google, Facebook, Verizon, Microsoft, Amazon storing a named profile for each person.

[TedDoesntTalk]

There are many other questionable privacy policies from Firefox. Here's one (mobile):

https://support.mozilla.org/en-US/questions/1265029

But there are many others, just search "firefox privacy concerns" or similar keywords. Telemetry data -- Pocket suggestions -- etc.

[morganvachon]

You're right, and Pocket being integrated into the browser itself rather than remaining a plugin was the one that drove me to Waterfox a few years ago. I just listed a couple of general issues above for brevity's sake.

[manigandham]

Mozilla owns Pocket. Why wouldn’t they include their own service in the browser?

[morganvachon]

Before they bought Pocket it was a plugin/service that was completely optional. They bought Pocket and integrated it into the browser at a much deeper level, making it opt-out instead of opt-in (and very difficult for the average user to opt out; you have to change several settings in about:config which most users have no idea even exists).

I felt they should have made it an opt-in service that the user can choose on the first launch. Taking away user choice is rarely a good thing, and even less so when dealing with anything privacy related.

[Dylan16807]

Pocket, the service for collecting and syncing articles, is basically a separate thing from pocket suggestions.

The original service was integrated a while ago, but it doesn't really have severe privacy implications. If you click a pocket button, it asks you to log in. If you don't click, it does nothing. This is the one that's hard to disable, but it's an annoyance more than a security problem.

Pocket suggestions are newer, showing articles on the new tab page. They are trivial to turn off, and for what it's worth all the sorting/filtering is done locally.

[rattray]

How can I get these two features on Firefox:

1. Block scripts on certain domains

2. Block ads & tracking (including on Android)

Those are my favorite Brave features. How do I get them on Firefox?

[ciarannolan]

On mobile: https://play.google.com/store/apps/details?id=org.mozilla.fe... + enable the extention "uBlock Origin" in the settings (not sure the exact steps while writing this, sorry)

On desktop: regular Firefox + https://addons.mozilla.org/en-US/firefox/addon/ublock-origin...

In uBlock Origin, there is a setting that disables Javascript by default (which I use). You can then enable it temporarily or permanently on a per-site basis.

[rattray]

Thank you! Was very easy. Liking this so far.

[jdeibele]

I'm using Adguard's DNS on my router. 5 of us at home due to Covid-19 and no complaints from anybody about things not working.

NextDNS has a more advanced version (you can add and remove domains) for $19.90/year

It's not quite as good as having a PiHole or similar setup because some devices have their DNS settings hard coded. You have to route those addresses to override your Chromecast, etc.

https://adguard.com/en/adguard-dns/overview.html https://nextdns.io/

[pmoriarty]

I use uMatrix to block scripts on certain domains. I used to use NoScript for this, but switched to uMatrix when I found that it gave me much more fine-grained control over what to allow or block.

For ad-blocking, I supplement uMatrix with uBlock Origin. It has its own block lists that it perodically

On top of that, I use privoxy as an http proxy. Unfortunately, it can't filter https.

Yet another part of my defense is DNS blocklists that I put in to /etc/hosts.[1]

Using this combination, I virtually never see any ads.

[1] - https://github.com/StevenBlack/hosts

[gorhill]

> I use uMatrix to block scripts on certain domains. [...] For ad-blocking, I supplement uMatrix with uBlock Origin.

As the author of both uBO and uMatrix, I don't understand the need to use uMatrix to block scripts when already using uBO, since uBO can do the same.

Even better, uBO supports replacing certain blocked scripts with a local, neutered version (to lower likelihood of site breakage), something which becomes broken if you block the same script with another extension (i.e. in either NoScript or uMatrix).

[pmoriarty]

uMatrix gives me the ability to select on a domain and subdomain level where to block or allow script and other page elements using its matrix interface.

If this is possible to do in uBlock Origin, I don't know how.

AFAIK, uBO does not have a similar matrix-like interface. So if the equivalent control is possible somehow, it must be hidden further down in its interface, which makes it much less convenient for me than the simple matrix that's behind a single mouse click for me in uMatrix.

I'd love to learn how uBO can be used like uMatrix, if that's possible. There's no need for both extensions if uBO can do it all, but as far as I know it can't.

[Normille]

Off-topic, but seeing as we've got gorhill here:

Any plans to update uMatrix so it behaves nicer on mobile? The popup interface resists pinch-to-zoom and the text is so small as to be literally illegible on mobile devices. So I can't read the various domains to decide which ones I want to block or permit!

[uBlock Origin was recently updated to make it more mobile friendly. Although, ironically, out of the two, it was already more usable on mobile as it was possible to zoom and pan round the interface.]

[rattray]

Answering my own question, Firefox Android allows Add-Ons. So installing uBlock Origin for ad blocking and NoScript Security Suite for script blocking was trivial. So far so good, curious to see how it plays out...

[rattray]

And it turns out uBlock does allow you to block scripts on specific domains, so I don't even need NoScript. Nice.

[sozforex]

Install "uBlock Origin" add-on, with "I am advanced user" enabled. And/or "uMatrix" for more fine-grained control.

[stevehawk]

appropriated name?

[bartread]

Yes: the concept of browsing the web with your privacy preserved has literally zero to do with the concept of bravery. The name is clearly a statement but not one that's ever made any sense to me.

[jerf]

That's not "appropriation", that's just marketing. You can call that "appropriation" if you want but it really just dilutes the very concept you're trying to invoke.

[projektfu]

Right, Ubuntu might be considered an appropriated name, but hopefully not because the name is used respectfully by someone who, while not Nguni, is at least familiar with the people.

[wmeredith]

Not sure appropriated is the word you’re looking for.

[ilikehurdles]

re-appropriated

[jmkb]

Brave bought the brave.com domain from the band Brave Combo, whose homepage was listed as http://brave.com/bo since the early days of the web. Last year I was pleased to see that they kept a redirect in place from https://brave.com/bo to band's new site https://bravecombo.com but it appears they've discontinued that courtesy. Too bad.

[mapgrep]

Doesn’t have anything to do with firefoxes or electroplated chromium either. Shrug.

[jefftk]

Pedantic historical browser etymology note: Firefox began as Phoenix, because it was metaphorically rising from the ashes of Netscape. For trademark reasons, they changed it to Firebird. Then they learned that there was already an open source DB using that name, so they picked Firefox.

[gsich]

The other browsers don't have "normal" names either.

[yjftsjthsd-h]

Chrome and Internet Explorer are both trivially descriptive names.

[Grimm665]

Internet Explorer maybe, but Chrome? I don't think "Chrome" screams web browser to me. "Safari" seems more trivial than Chrome.

[sp332]

https://www.urbandictionary.com/define.php?term=browser%20ch...

[gsich]

Internet Explorer yes, Chrome no.

[BeniBoy]

I've met Johny Ryan and he seems like an honest and privacy-focused guy. He seems to really care about his work.

I must admit that does not quite fit with a lot of the thing I've read about Brave over the years.

[hitpointdrew]

>I've disliked Brave from the beginning. Initially because of the pretentious - and frankly appropriated - name

I always joked that if you were really Brave you wouldn't need their browser, it should be more aptly named "Wimp".

[Can_Not]

I think a better joke would be how you would have to be brave to try a browser that vaguely uses cryptocurrency/blockchain in any way.

[0xfffafaCrash]

Brave is trash, but to say Firefox hasn't done shady things is a bit of joke after the whole incident where they sent full site URLs and interaction data over to Cliqz's servers for a random sampling of users in Germany while being neither opt-in nor clear to the users about what data was being sent.

[lopis]

Short sighted and terrible PR, yes, but to say that what Firefox was doing was shady, specially anything close to as shady as Brave, is being straight out disingenuous.

[0xfffafaCrash]

I was pretty clear about my stance on Brave in the first three words of my comment, but I'm skeptical of any interpretation of user privacy which is so eager to excuse sending user browsing history without asking as not "shady" but simply "short sighted and bad PR" just because Mozilla's the one doing it

[yaiNua9o]

Firefox prevents me from installing webextensions from sources and even forces me to send the code of my own extensions for my own usage to their webservices in order to use them. This is certainly not a browser that "gives you control over your data", when you're a hacker.

[paulryanrogers]

You can load local extensions from about:debugging. They just won't be permanently installed. (Developer edition may be different.) And Chrome's local loading comes with a disable modal at every startup. So I'm curious what browser you consider worthy.

Edit: forgot to mention you can install from 3p sources as I've done from my own site in the past. They just need to be signed by Mozilla first.

[nix23]

>They just need to be signed by Mozilla first

No they don't, xpinstall.signatures.required to false

[yjftsjthsd-h]

Doesn't work on "normal" Firefox, does it? Only dev builds or the unbranded version without automatic updates.

[nix23]

Sorry true, should have mentioned that, just works on dev build's and some version from distributions.

[yaiNua9o]

Yes, you can temporarily load extensions in firefox, but I certainly won't reload all my extensions manually at every startup :)

I don't think there's really a good browser for both privacy and hacking. I use chromium when I have no choice (not sure what you're referring to concerning the disable modal ; if it's an issue with chromium too, I haven't hit it, and I have 11 extensions loaded from sources).

But my "main browser until it's not enough" is elinks (slightly modified by me to fix ruby support and offer a few more api methods to extensions). I can write extensions as simple ruby scripts, doing things like adding native markdown support, allowing to edit local files, adding proper indentation to HN comments, etc. It's the perfect browser for me (and with cookies disabled and js, css and images not fetch nor executed, it's a good privacy browser as well). But of course, you won't be able to use that to buy something on the web. Still, it's surprising how much I can accomplish with just that.

[paulryanrogers]

Disable modal may only impact unpacked extensions then. My apologies for the confusion.

Forking a text browser is impressive. Though to be honest the older I get the less energy and time I have to be picky. (And building Firefox was so painful I vowed to only make changes via extensions.)

[yaiNua9o]

It's not that a big deal to modify elinks, because it's a codebase way simpler than full blown browsers. But yes, it still a handful of hours of work, like modifying any software, so you have to actually find it fun to tinker with free software :)

Actually, my first attempt to fix my problem was to try to find in firefox codebase where it deletes the extensions loaded from sources, either at the end or the start of the session, I supposed, to shunt that "feature". But after a week a free time spent on it, I made no progress. The codebase and the architecture are just too gargantuan to be tinkered with - at least for me.

[nix23]

Try mothra, the browser for the real 'hackers' ;)

http://man.9front.org/1/mothra

[yaiNua9o]

Thanks, never heard about it, I'll have a look.

[nix23]

OK now i feel bad, you have to install 9front (it's a plan9 fork) first, then you can use mothra

[nix23]

As a hacker, you should start to learn howto use google ;)

'about:config' set 'xpinstall.signatures.required' to 'false'

[nvr219]

Yeah, as a hacker,

[erichocean]

Wow, that sucks. We use Chrome extensions (from source) to automate aspects of our customer service work, and we can't distribute these extensions on a hosted store.

So Firefox prevents this perfectly reasonable thing? WTF.

[dblohm7]

> So Firefox prevents this perfectly reasonable thing? WTF.

Not true. You can get them signed without publicly redistributing them.

[erichocean]

Do I need permission from Mozilla to sign things? Or are there self-signed certificates? Does that means source distribution works, or do I have to use their "store"?