Brave Browser

Brave pushes the boundaries of privacy by design

It’s a big step to abandon Chrome, Edge and Safari for a niche option that doesn’t just tack privacy on top, says Davey Winder
Image: Getty via Dennis

9 August 2022

It’s one thing relying upon a swathe of various browser extensions or add-ons to help protect your privacy, block ads, add functionality to your browser of choice and wishing the plain vanilla version did more. It’s quite another to jump ship from the big three of Chrome, Edge (which uses Chromium under the hood, of course) or Safari to a browser that remains niche but provides much of that extension functionality out of the box.

Historically, or maybe histrionically would be more appropriate among some fans, the alternative choices have been Firefox, Opera and any number of very niche products. However, for many that choice has become easier, with one of the once-niche options starting to build quite the following. One example is the Brave browser, which doubled its monthly active user count across 2021 to a 50.2 million. And for very good reason, with the emphasis on the “very good” bit: for it really is.

Let’s be clear though, it’s still a tiny fish in a very big pond. Firefox, for example, has four times as many active monthly users (216 million), Edge boasts 600 million and Chrome has an estimated 2.5 billion. I’ve not been using one of them for some time now, having found Edge to not only be quicker but easier to use without throwing as much of my private data into the Google realm. Then again, I’m not overly keen on Microsoft having my data either, which is why I eventually thought I’d give Brave another try.




Brave: The people’s browser

I first used Brave back in 2017 when it was a relative newcomer and “only” commanded around 1 million active users. Back then I found it – how can I put this politely – a little clunky. That’s no longer the case: I’m using Brave as my daily driver these days. Yes, under the skin it’s still the Chromium engine that powers both Chrome and Edge, but it’s the nature of the skin wrapped around Chromium that makes the difference. And it’s a big difference when you’re talking in terms of privacy.

From built-in fingerprinting rejection (through ad, tracking and script blockers) to the use of Tor for private sessions, Brave pushes the boundaries of how user privacy can be baked in rather than having to be added by the user. But that’s not the only reason I’m all-in on Brave. Privacy feature development is seemingly continuous, as it needs to be if Brave is to keep pace with the dynamic and evolving world of those who would know every last thing about you and your online habits.

Take, for example, bounce tracking. As I write, I’m using Brave v1.36, but by the time you read this v1.37 may well have arrived along with a new unlinkable bouncing feature. What the is that I hear you ask? Simply put, bounce tracking is a sneaky way to implement third party tracking cookies when they have been explicitly blocked by the user. So, when you arrive at a site where such cookies are already blocked, instead of just admitting defeat to the privacy rights of the user, a redirect is made to a different domain where the cookie is set before redirecting back to the original destination. It effectively bounces the tracking function so that it uses a first-party cookie instead, by carrying out what is basically a “tracker-in-the-middle” operation.

Other browsers do their best to defend against this, but it’s not easy to get right every time. Unlinkable bouncing fights back by routing visits to potentially infringing sites (using a list of known or suspected domains) through temporary browser storage, which gives the impression of a first time, and unique, visit. This prevents the tracker from re-identifying you on subsequent visits, effectively anonymising the digital fingerprint. The temporary storage is just that and gets deleted once the user navigates away from the privacy-infringing site in question.

This is in addition to existing Brave functions such as tracking query parameter-stripping from URLs and debouncing known sites by jumping straight to the intended destination where known tracking domains are being inserted. It’s all rather simple, ingenious and yet another reason to admire Brave.

We should all strive for privacy by design

That Brave uses the Chromium codebase is great for the kind of ease of use that the average user demands, especially when it comes to the choice of browser extensions. However, I must flag the fact that the more browser extensions you install, the greater the chance that you are inviting data collection and user/system fingerprinting in. That applies even when using a privacy-focussed browser such as Brave. Which means you should ensure you do a little due diligence before adding anything.

What does ‘a little due diligence’ mean? Simple: check the privacy policy, the permissions that are required, the data that the extension sucks up and what it is used for. Spending 10 minutes checking those things, and reading user reviews, is time well spent in my book. Brave is better than most, despite my warnings, because it comes with ad and tracking blocking, HTTPS everywhere and the like built in, so there’s no need to go completely mad adding loads of third party stuff anyway. Mea culpa, I have Ghostery Plus, EFF Privacy Badger and uBlock Origin installed.

I’m not a ‘crypto bro’ and have no use for the ability to earn BATs, basic attention tokens, in return for allowing certain adverts to be shown. Nor do I need the built-in crypto wallet, thanks very much. If you do enable this functionality then a percentage of the BATs you “earn” for having adverts displayed goes to the advertisers you interact with. None of which is problematic, given what we understand about the murky world of AdTech, as enough users enable this to allow the Brave owners and advertisers to make money. More importantly, it doesn’t impact upon a distraction-free experience for those who came for exactly that.

There’s a really good, although now four years old, technical explanation from the developers on Reddit on how Brave does away with external ad servers and instead, if you opt in, has Brave ads “matched and delivered by the browser, client-side”. An opt-in, client-side, advertising model is preferable to the alternatives if you don’t want to just block everything I guess.

Future Publishing

Read More:

Back to Top ↑