cross-posted from: https://sh.itjust.works/post/5572424

This might have been discussed to death by now, unfortunately I couldn’t find any discussion on it on Lemmy. Though I would love to be corrected on that!


How does an always on incognito Chromium with uBlock Origin on medium mode (and other hardening/privacy settings enabled) compare to Brave (with e.g. Privacy Guides’ recommended settings) with respect to security and privacy on Linux[1]?

Commonly heard whataboutisms:

  • “With the looming advent of Manifest v3, this discussion might not be very relevant for long.” I’m aware.
  • “Just use Firefox/Librewolf or any other privacy-conscious browser that isn’t Chromium-based.” I already do, but some websites/platforms don’t play nice on non-Chromium-based browsers due to Google’s monopoly on the web. Sometimes I can afford to not use that website/platform, but unfortunately not always.
  • “Brave’s [insert controversy] makes them unreliable to take services from.” Honestly, I think that if both solutions are as effective that a reason like this might be sufficient to tip the balance in favor of one. Because ultimately this all comes down to trust.
  • "Just use Ungoogled Chromium." Some more knowledgeable people than me advice against it. Though, I’d say I’m open to hear different opinions on this as long as they’re somewhat sophisticated.
  • “Just use [insert another Chromium-based browser].” If it has merits beyond Brave and Chromium with respect to security and privacy, I’ll consider it.

Thanks in advance!


  1. I can be more specific about which distro I prefer using, but I don’t think it matters. I might be wrong though*.
  • t0m5k1@lemmy.world
    link
    fedilink
    English
    arrow-up
    3
    ·
    edit-2
    1 year ago

    I use arch-btw so I get brave from aur, on other Linux distros the way to get brave is via flatpak if the provided repos are borked for you.

    • qwert230839265026494@sh.itjust.worksOP
      link
      fedilink
      English
      arrow-up
      4
      ·
      1 year ago

      on other Linux distros the way to get brave is via flatpak if the provided repos are borked for you.

      I would love to use the flatpak if it was endorsed. Privacy Guides says the following about it:

      “We advise against using the Flatpak version of Brave, as it replaces Chromium’s sandbox with Flatpak’s, which is less effective. Additionally, the package is not maintained by Brave Software, Inc.”

        • qwert230839265026494@sh.itjust.worksOP
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          Hehe :P . True dat. Maybe one day ;) . Perhaps I’ll just spin up a distrobox in order to get access to Brave through the AUR, but this (excellent) article has worsened my already bad paranoia to clearly unhealthy levels 🤣. So, it seems out of question for now 😅. Though I might be able to spin it up in a Wolfi container. Pessimism doesn’t help though 🤣.

          • t0m5k1@lemmy.world
            link
            fedilink
            English
            arrow-up
            3
            ·
            1 year ago

            Man you’ve gone down a security worm hole that makes me wonder if you should really be running qubes-OS rather than Fedora 🤣.

            Seriously if you need more than the chromium sandbox for brave and want simplicity just use firejail.

            The article you linked to is a wonderfully detailed write up but it is more geared towards those using containers that will be providing services (web, sql, etc) if you just want a browser in a secure container then any of the implementations will be fine for you. The browser is not a vector used to gain access to your OS directly but what you download potentially is so with that in mind your downloads folder should really be a CLAMFS folder or a target folder for on-access scanning by clamav.

            • qwert230839265026494@sh.itjust.worksOP
              link
              fedilink
              English
              arrow-up
              1
              ·
              1 year ago

              Man you’ve gone down a security worm hole that makes me wonder if you should really be running qubes-OS rather than Fedora 🤣.

              Hahaha 🤣. Honestly I would, if my device could handle.

              Seriously if you need more than the chromium sandbox for brave and want simplicity just use firejail.

              Madaidan strikes (yet) again. F*ck my paranoia…

              The article you linked to is a wonderfully detailed write up but it is more geared towards those using containers that will be providing services (web, sql, etc) if you just want a browser in a secure container then any of the implementations will be fine for you. The browser is not a vector used to gain access to your OS directly but what you download potentially is so with that in mind your downloads folder should really be a CLAMFS folder or a target folder for on-access scanning by clamav.

              Very interesting insights! Thank you so much! Would you happen to know of resources that I might refer to for this?