Have they been independently audited? If so, by whom – and how do we know the auditors can be trusted?
It’s on github https://github.com/brave/brave-browser so open for all to scrutinise.
I didn’t make that assertion, I merely stated it was on GitHub and available for scrutiny
How do we know that’s actually the code the Brave browser, downloaded by the user from https://brave.com or from the App Store, is using?
Yeah, I’m paranoid.
Basic problem is:
What’s the risk…
And how do I mitigate that risk.
For me; the risk is having every step I do monitored without my permission
Mitigation; a more secure browser
So I went for Firefox and Brave
Am I 100% certain? No
But I do know that they are a h€ll of a lot more private than Chrome.
So: no brainer
How do you know what any code in any app from the App Store you download is doing?
I feel like you’re specifically targeting Brave here and I’m not sure why.
Indeed. Life must be terrible for you.
Your grocery store, bank, and mailman probably know a lot more about you than the company behind the Brave browser.
On some platforms you can build the software yourself and verify that the end result is byte-wise identical to the distributed binaries.
However, Apple modifies/optimizes binaries uploaded by developers (at least on iOS, not sure for macOS), so that’s not possible on Apple platforms.
[quote=“vco1, post:8, topic:14193”]
Those industries are regulated. What regulations cover Brave?
I do not use Brave regularly, but I trust it because:
- The founding and development team are reputable
- It’s open source
- It’s been evaluated in environments that capture and analyze network traffic
- It’s built on Chromium (a heavily evaluated project) but has also removed all of Chromium’s phoning home to Google—and they want people to check Brave’s settings and network traffic monitoring to verify this.
Quis custodiet ipsos custodes?
This is a great summary: https://restoreprivacy.com/secure-browser/
I use Brave because it is a well-known app under huge scrutiny and chances for security backdoors are therefore very low. And it is Chromium, so it has a ton of add-ons (that is the main reason I use it over Firefox).
And it also depends who is trying to get you. If you are afraid of law enforcement, Brave and open-source apps are enough. If the government is after you, you are screwed, unless you are an accomplished hacker or have a lot of money to spend.
I trust Brave. And I use it even though I’m sure my privacy is probably undermined by some of the Chrome extensions I use with it. No one is tracking the webpage-to-epub extension I use, and for all I know it’s sending a list of everything I make an epub of.
And while I’m suspicious enough to turn off extensions like the when I don’t need them, I give in to some level of potential prying, like ImprovedTube, which ad-blocks and customizes the look of YouTube.
But given that the basis of Brave’s business is to enhance personal privacy (plus that weirdo BAT payments system of its) I trust it to do what it says lest a slip-up destroy itself in the marketplace. People who’ve looked at the code on Github haven’t found anything amiss, and you could always compile your own copy if you’re really that paranoid. Try doing that with Safari.
To an earlier point of whether I might be excessively paranoid: The news is filled with stories about fraudsters who pretend to be legitimate business, as is our email inboxes and our incoming phone calls.
A fraudster looking to steal a lot of personal data could do a good job tricking people by pretending to be a business that cares very, very deeply about protecting your privacy.
However, others in this thread have provided answers that suggest that Brave is likely legit. So much so that I’ve made it my second browser. Safari is still #1 for me.
Well, Apple has no problem degrading security of its apps in China … https://techbeacon.com/security/apple-leaks-safari-history-fingerprints-china
You’re not excessively paranoid. All of your questions are easily answered with a little Google-Fu. I’m not sure what you are, but excessively paranoid isn’t it…
Please read the link before you comment on it.
No, it shows a not surprising willingness of Apple to allow Chinese government have data on its citizens. How many more issues are there? I don’t know and thats why I don’t use Apple apps (or Google’s for that matter) if I don’t have to.
And 90 % of users just go with default setting naively trusting Apple.
If you’re paranoid, you can build it yourself from the sources… And then read Ken Thompson’s classic paper, On Trusting Trust: https://www.archive.ece.cmu.edu/~ganger/712.fall02/papers/p761-thompson.pdf
(Building it yourself is advice offered firmly with tongue in cheek, but the paper is well worth the read. It’s a classic, it’s accessible, and it (at least for me) gave me a lot to think about as far as practical paranoia goes )
Yes, Tencent’s running the same system in China as Google runs for the rest of the world. The data is anonymized using a method similar to how Apple News keeps your reading private while still fetching stories for you.
That said! Brave does not use the Safe Browsing system, because they’re serious about not sending any data to Google, even if it’s anonymized. I’m sure they’re making hay of the attention Safari is getting this week.
Google is not controlled by a malevolent dictatorship, so there is a big difference. And there is anonymized and anonymized data. If China got it, there is a good chance, they know how to work with it together with tons of other data they have on its citizens. Downplaying this is stupid since it just shows that Apple is not really concerned about privacy beyond PR talk. No big corporation is.
And this might be just the tip of the iceberg and that’s the real issue here. Normal users have no chance to know what else might be hidden in those apps and therefore people concerned with privacy take such issues seriously. And that’s why open-source apps are so praised. At least those apps are fully opened for scrutiny.