Perhaps a little ironic, but very valid. You shouldn't have to connect to brave servers to be able to go to your search engine, email,local network service, etc.
Right but that's not what happened. The author needed to be able to connect to Brave's servers in order to install an extension to the browser from the chrome web store, to where Brave is proxying requests.
The issue isn't that it requires internet connection, obviously, but that it requires connection to a specific IP (Brave server) before you can use some features.
The user attempted to install an extension; this results in a request to Google's Servers (which Brave proxies to prevent users from making unintended contact with Google). If Brave's proxy happened to return a 401 response (requesting authentication), then the user would see the "Access Denied" message shown in their screenshot. It's also possible that this message could have come from Google's own server (via the Brave proxy). It's not possible to tell from the data available.
We're looking into this from our end, to see if there were any recent proxy-interruptions which might explain the user's experience.
The thing I don't understand about Brave users is that they are essentially using Chromium with a bunch of extra bloat added. Wouldn't it make more sense to just use Chromium with the extensions that you want and need?
It has a pretty good adblocker integrated, which puts it ahead of chromium in terms of ad blocking. you can use the engine outside of browsers as well. It also has a decent working sync that doesn't require google services if you don't use their google services. It used to be worse, when it was still CEF based.
The extension hassle is fixed now. I'm less concerned about fingerprinting, most people can be fingerprinted these days. Too many APIs available in browsers. I'm more concerned with the constant phoning home that Chrome does.
You absolutely could create a similar browsing experience (with excellent extensions like uBlock Origin), but you're still ultimately at the mercy of the browser vendor. For example, uBlock Origin is facing pressure from forthcoming Manifest V3 changes which threaten the existence of the extension (and many others like it). Brave, as a Browser, has committed itself to continuing support for these types of extensions.
One of the other large elements of Brave is Brave Ads & Rewards, and the ability for users to anonymously translate their attention into substantive support for content creators in a privacy-preserving fashion.
Also, their bio says they are an "open-source enthusiast". You would think they would at least mention Firefox, even if they said "I'm on board with Firefox's mission and transparency, but it's slow" or something.
Does firefox let you install extensions without contacting Mozilla servers? I'm not sure how the extension signing works, but it may fail the same reason they're leaving Brave.
It doesn't, depending on your definition. You get them to sign it (given the speed - 5-10 minutes for a medium sized extension - it seems automated) and then when they click to download the signed xpi file it prompts them to install, saying "[domain] would like to install [extension name]." This is the same prompt you get in the official Mozilla addons site.
You can turn them off basically except their "rapid release" releases - and even then, you can get unbranded Mozilla-compiled builds that can unlock the functionality (on desktop).
Google has something to do why the Android Firefox is crippled: before Firefox 68 was released, the Google reviewers actually rejected it owing to the addons system. (Yes, I know Kiwi browser exists. I don't understand the reviewers' logic but here we are.) Fortunately, FF 68 is an ESR release and was able to stop-gap the issue by releasing security updates (which aren't blocked by Google). Unfortunately, this is the reason Mozilla is only shipping "recommended addons": Mozilla has individually reviewed it because Google will penalise Mozilla if there's a malicious addon on their store. (Note that I won't shield Mozilla on the "Daylight" updates: I hope that they just continue Fennec rather than they rewrite it but personally it's fine.)
I find it strange that on threads about Brave people promote Firefox and vice versa, whether it's a positive or negative article. Free software isn't a competition and if it were Mozilla lost to Chromium a long time ago.
Free software is not a competition, the fight for the freedom of the web certainly is. The mozilla guys are the ones consistently being on the users side and are often pushing back on proposals from Google and others (e.g. FLOC) in the various standard committees. Without a significant marketshare (it's already bad enough as is) their voice will just be ignored.
Is this also true for Debian-based distributions? Anyways, users on Mac and Windows usually download Firefox directly from Mozilla and are therefore affected by the aforementioned telemetry.
Seeing the market share of Desktop Linux I'd hazard a guess that those users are in the majority.
I switched to firefox after NEVER using it before when google started forcefully logging me in.
Honestly, i havnt missed it all. Firefox on mobile is awesome - plugins work! Plus, no longer does google know where i am anymore. Its ability to track and suggest ads to me is pathetic.
My one gripe about Firefox mobile is that "pull down to refresh" and other common gestures don't work. Unless I'm missing something, there aren't settings available to enable this.
Is this some kind of patented behavior that Mozilla is afraid to implement?
Not certain with this, but it might be a limitation of the Play Store rules. You are not allowed to publish some sort of App Store on the Play Store, which the Firefox Extension Store would kind of be.
I think this is due to Brave proxying some Google requests through their own servers, because otherwise the same people would complain that a Google server is being contacted.
> I am thinking of going back to [Chromium] with the usual extensions like Ghostery, AdBlock+
> [Brave's] amazing ad-blocking and tracker protection
If you just need an adblocker, sure. At this point everone should have heard of uBlock Origin.
Unfortunately I still see too many people use Adblock plus and the like which leads me to believe ublock origin lacks some sort of name or brand recognition with your average user
ABP's purpose is in its name. If a layperson only knew uBO by it's name best case they'd be confused and worst case they'd think it's malware (even though it's phenomenal)
on a fresh install of FF, if I click on extensions it shows AdBlock± as the first in a list of suggested add-ons. Also in that list is Ghostery. no sign of UBlock Pay for placement?
- Doesn't come with a built-in ad blocker, so have to install a 3rd party plugin (I don't want to install any extension into my browsers)
- Mozilla upper management have been making terrible decisions for the last 5+ years. By not using Firefox I'm sending a message (I used to give $$ to Mozilla)
- Firefox keeps having features removed (RSS, FTP, etc), and gimping the UI.
It's not much to ask to have these 3 things improved, at which point I'd move back to Firefox from Brave.
This may indeed have been an issue with Brave's proxying layer (Hello, I'm Sampson from the Brave team). I was able to reproduce the user's screenshot by setting up an AutoResponder in Fiddler to serve a 401 Unauthorized response from go-updater.brave.com, which yielded the "Access Denied" message in the Chrome Web Store. I'm not aware of any issue where this endpoint authentically served a 401 response, but it's entirely possible the user happened to catch a rare, transient event. I'm checking with my team either way.
Hi author, if you're here on HN please consider ditching sketchy extensions like Ghostery (sells your user data) and Adblock+ (participates in paid bypass of "acceptable ads" program) for the open-source and user-focused uBlock Origin (https://github.com/gorhill/uBlock).
Also, if you haven't tried Firefox since the quantum days come back and give it another try.
I wasn't intending to imply it is (tbh I internalized that as common knowledge), my intended point is the issue with this Ghostery recommendation was created by some random unknown and presumably unrelated Github user.
You are not being attacked by parent.
Parent is merely pointing out the difference so other users are aware of it.
You could just thank them for the clarification and move on.
I know, the link I refer to is original uBlock origin repo talking about that and suggest to use couple of alternative where Ghostery lite is one of them.
Firefox is truly amazing today. I keep a chrome instance for Google docs which seems to work better there, the rest I do in FF which is better for everything else...
I just tried Chrome after jumping on FireFox bandwagon 2 years ago and honestly, I was not impressed. Chrome feels “jittery” while Firefox feels “snappy”. It’s the way a page loads. Hard to describe.
Firefox is the top choice for me. I recommend it properly and not just for the sake of supporting Firefox. That said, please support Firefox. We should not be allowing Big Tech behemoths from taking away the window into the internet.
If I were to complain to Firefox team - please stop adding shit, I don’t want Pocket, I don’t want anything but just the way it currently is. Just allow us to browse. Fast.
I'm curious about the subjective jittery v. snappy experience you describe.
Perhaps Chrome shows more intermittent reflows so you observe more of the page rendering as it's taking place? Can you describe it in more detail? I presume Firefox is doing something right but what might it be?
> * I just tried Chrome after jumping on FireFox bandwagon 2 years ago and honestly, I was not impressed. Chrome feels “jittery” while Firefox feels “snappy”. It’s the way a page loads. Hard to describe.*
I am on a pretty powerful Mac and it's exactly the opposite, sadly. Firefox just... stutters. When downloading pages, when interacting with pages, it's there and it's super annoying.
Chrome in the meantime is just absolutely instant no matter what I do.
I think it's at least worth having the discussion about "acceptable ads". While reasonable people can disagree, I personally think that unobtrusive advertising that doesn't harvest your data should be a valid business model.
Then let people who believe that go stare at ads. Submitting yourself to manipulation out of a sense of duty to the viability of a business model is deeply weird. Alternatively, if you believe those ads don't affect you then why does it matter whether they're displayed in your browser or not?
I do see potential value in being informed by an ad of a type of product I didn’t know existed.
The type of ads I strongly dislike for reasons beyond like, breaking pages and tracking, are ones that repeatedly show for something which I already know exists in order to promote a brand.
If someone wants to put up an ad for “we make any bronze parts”, well, I looked to see if any of them were cheap enough to get as a gag (none of them were, but still).
If a company wants to remind me over and over of their company name that everyone is already familiar with, that is irritating.
If you didn't have a pre-existing desire for that product which led you to search out its existence then why was having the desire for it instilled in you a good thing? Why deliberately create the hole of dissatisfaction within yourself?
You see a potential for dissatisfaction, I see a potential for opportunity.
Also, allocating time for “searching for products that I don’t know of but which seems like they might exist, which would improve things” seems, slow an inefficient?
Like, I previously had thought “it is bad that printers basically all have drm-ish ink cartridges.” When I saw an ad for a printer which instead had refillable ink tanks, I regarded that as an improvement. (As it happened the printer had some unfortunate bugs where it semi-frequently needs to be forcibly rebooted by unplugging it, but it is otherwise seems to work nice.)
I don’t see how this is not a benefit? It isn’t like I otherwise wouldn’t be using a printer, or like it increased average rate of printer purchasing non-negligibly . It mostly just changed which printer got purchased.
Like, I suppose if every time I thought “I wish there was a product such the [x]”, I put a description of that into a web form (in terms of keywords I guess?) and then when a product was released, the company releasing the product could send info to the company running the website demonstrating the novel properties, and then the website could notify all the people whose descriptions appeared to match, and that could be an alternative to ads?
I really do not buy many things, if your concern is that ads would compel me to buy too many things, in like, a consumerist way.
(Actually, the example with the printer was when I was living with my parents, so it was actually my dad who bought the printer after I pointed out it existed, and after he evaluated the price taking the ink into account.)
It was a surprise to me, but there is a group of people - possibly native to tech circles, possibly a broader group - who appear to be genuinely angry about the existence of advertising as a thing. Let alone if they personally have to view ads.
It is a bit confusing to be honest. There seems to be something very upsetting happening but exactly what is causing that response I can't pick out.
No, I can't. There are many things that influence my behaviour and that is low down on the list of influences that worry me. Even Hacker News is probably a worse influence than the average ad. What do you think is the problem here?
And it isn't billions, you need to normalise by audience size. Any company spending billions to influence my behaviour is bankrupt, I don't have enough money for them to make that back.
Okay, so you actually can pick out the issue. You just don't mind being manipulated by corporations. Fine, but strange that the angle you took was "aw shucks geez guys I'm so confused about all this".
If a dog gives someone puppy eyes, the common response is to play with the dog. If a corporation waves something that people want at them, the response is to buy it.
But one of those things would get a broadly supported "aw, how wholesome!" from the crowd. The other appears to get actual, honest, anger. It is unclear to me why the difference in responses is so large.
Everything a person encounters influences them, and generally people are comfortable with good and bad influences in their lives. The fact that corporations are motivated to sell things doesn't even mean their influence is bad. The fact that I bought a rice cooker because it was being advertised to me doesn't change the fact that I am better off owning the rice cooker. I bought it because it improves my life. So why the hate on ads?
Yea this confuses me too. Many advertisements have made me aware of things that I would be interested in but didn't know about. Marketing and advertising can be valuable to those on the receiving end.
If people genuinely thought this, there could be a market where people pay money to be advertised to or targeted towards.
In many ways this is what trade magazines are/were, but the absence of a general market for such generalised interest is so absent its the kind of witness evidence that is deafening in its silence.
They could have been, but there's too much abuse going on in the advertising space. In regards of online advertising: it's distracting, manipulative, infringes privacy and wastes bandwidth. Online life without ads is like going out to a park, out of the city center. You just can't believe how noisy it was before.
Online ads benefit the little guy. Nike and others can afford billboard and TV ads. If you've ever tried starting up a small Shopify business, online ads are all you're going to get.
The problems are the power Facebook and Google have over the ad market, that increases ad costs for businesses by a lot (I've read, one third, but I wouldn't be surprised if it's more). But online ads are a lifeline for small businesses. Regulate the big players, and keep the ads flowing. Some people here want ads to be abolished, but you'd just strengthen existing brands, i.e. huge multinationals. That's all it would achieve.
That's why real issue with Brave, frankly. I still use Brave as my default browser because it's the only one that allows me to allow all ads by default, and only turn on Brave Shields for specific websites. Even uBlock Origin deprecated their default-allow, and it now breaks many websites completely if you try it. But I don't like "anti-ad" sentiment.
Sad state of affairs. But people who oppose Big Tech domination, and also want ads abolished, don't realize that doing so would prevent millions of small businesses from getting off the ground. Chrome's killing the open web, but might be saving the "open economy" by trying to disincentivize adblocking (by blocking "annoying ads" by default, and implementing ManifestV3). It's a mess.
I think noone argues against ads being useful, when dosed properly. Same like sleeping pills for example. The problem is that ad-based business can not resist the temptation to "overdose" the user. This is how we got in the situation that infuriates so many people (almost a billion devices use an ad-blocker). People just do not want to see so many ads everywhere.
Let's take Brave for example. Open home page of brave.com and you get:
"The best privacy online
Browse privately. Search privately. And ditch Big Tech."
And a nice screenshot.
The problem is this is not what Brave works/looks like when you open it the first time.
By their own research [1], on your first run Brave will immediately "phone home" 80(!) times. The original post discussed here talks about mundane features like installing an extension not working without contacting their servers about it.
Then, the user is immediately welcomed by ads for several crypto services right there in the browser on the right hand side (curiously hidden on their home page screenshot). I guess that:
"Browser that shares your private information with us and shows you ads you do not really want" would not fly well as a tagline.
Having this behavior turned on by default is where user frustration begins and is later then just amplified by even worse behavior, again incentivized by the fact that the business model is simply dependent on ads, like the other big tech.
Many of the best and brightest minds of our time are being employed by megacorps that exist solely to devise new ways to trick grandmothers into clicking on an ad that claims “This one weird trick that doctors don’t want you to know”. How is that not pathetic? How is that not a giant waste of human potential? If the Soviet Union had funneled their computer science students to thinking of ways to manipulate boomers, we would call it evidence of their moronic inefficiency.
I don't want ads on my web pages and TV in the same way I don't want ads in my novels, on my bedroom ceiling, in my bathroom, in my car, in my mail, the same way I don't want to be proselytised to, recieve junk mail, spam, view propoganda, etc.
once you understand not desiring one, you can understand not wanting the rest, since they're all fundamentally the same thing.
The thing is: you paid for your bedroom ceiling, your bathroom and your car. You also paid for your computer & screen, but you did not pay for the content you're watching on it.
I am entirely with you on not wishing any ads at all, anywhere. I just think that it's not realistic to remove ads entirely on the open web today.
This should not be an excuse for the way ads are being run today. It is fundamentally broken. Incentives and attributions should be changed.
There's a couple of issues with this line of thinking, but I'd also just observe that this split is technically an additional tangent. My point up above was that of course people understand why people don't like advertising, and that most people don't like advertising themselves. It's not some unknown or alien thing on which to feign ignorance. Indeed it borders on universal human experience. Like the old quip about "everyone understands atheism, I just believe in one less god than you", practically everyone understands an inherent distaste for advertising, some just want less advertising than others and some actively want to produce and push it on others while not having it forced upon themselves. After we've established that, now we get into if or when it's ok or justified.
Firstly, I'd urge everyone to deny the initial premise. The right or desire to be free of or avoid advertising has nothing inherently to do with the act of paying money or being able to amass or claim property rights over things. That's not why i hate junk mail. That's not why I don't want to be proselytised to. That's not why i shouldn't have to view propoganda. Of course, the addition of private property rights issues is one more barrier that advertising would have to overcome in order to be deemed acceptable, but on the contrary, i think a better premise is to start with WHY or WHEN advertising should be allowed, given that it is almost universally loathed or objected to. I wouldn't want to live in a world where people are subjected to advertising because they haven't payed for things or own things or content. That's dystopian.
At the very least, I think people should have the ability to say no, and for that desire to be respected and not interferred with. I think there's good grounds for advertising, or at least many types of advertising, to not be allowed in many public areas or via many public resources. I have no problems with companies or organisations not delivering material or allowing access to general consumer goods as a consequence of saying no to advertising, but that's different to users saying "no i don't want ads and I don't want to be tracked" and having the companies go "but I'm gonna do it anyway and you shouldn't be ad blocking".
Finally, I always come back to what the web is, or at least what it was, in that I deny the underlying unspoken premise that the web is there to run business models or pay money for content to be put on it. If businesses can make it on the web, good for them. But if they can't, the web is more important than business.
To be clear, the internet and web and content came first, then the businesses arrived and co-opted it for their purposes. Now the narrative is trying to be rewritten so that you can't possibly let people consume material on the web for free without people paying for it via advertising.
So let me be clear: I pay for my computer. I pay for the bandwidth of my ISP. This allows me access to a public network of computers where I can make requests to other computers on the network to send me information. People can also pay to put content up on that network to be requested by others, but no one forces them to do so, AND, no one forces them to answer my computer's request for content. When i use an ad-blocker, the main activity is for me to determine client-side that there are certain computers I don't want to talk to, and certain content I don't want to see. In an ideal world I wouldn't be tracked also, but that's just an additional abuse or manipulation of the system.
Several years after this whole system had been operating just fine, companies arrived and started trying to make money, and today we have a feigned victim-complex retcon narrative about how people not paying for content should view ads.
On the contrary, if companies do not want me viewing their content: don't put it u...
Ads are a plague, no doubt. That’s why they need to use such heavy handed tactics to get you to see them, like holding your attention hostage before you can see the video clip that you actually wanted to see.
You have just normalized this absurdity because it’s been around for so long. Ads are terrible for people’s mental health, because the best way to sell a product is to create a need for it. In other words, by making you feel incomplete and insufficient.
The problem is not "ads". The problem is in the "ad-funded" business models. The ad-funded economy is one of the main contributors to the destruction of the fabric of our communities.
Ad-funded business models make it impossible for the people to "vote with their wallets", so all of the good things about any kind of market dynamics are removed, and we are left only with its disadvantages.
- It treats everyone as "eyeballs", removing any need for a content producer to care about quality. As long as it generates clicks it goes. It has turned even the most reputable of media channels into tabloids.
- By having no regard for quality, it's a tragedy of the commons.
- By removing any chance of nuance, it makes all of the audience to be bucketed into "pass/filter" algorithms, and the only concern is to make sure that the content is so bland and innocuous that no one within their bubble reach can complain about it.
- It has taken mass-consumerism and general public conformity to 11.
- Big Tech turn all of that crap into profit no matter what.
- It is feeding and coddling the coming and current generation of techies into lame drones with no imagination and will to affect actual change. It's creating an army of people who think that the status quo is good.
I don't think it is too much of a stretch to think of how the "ad supported" content economy is correlated with the increased polarization of people, the growing tribal divide and the isolation of individuals. I honestly think that we should be treating the majority of "ad supported" websites as heavy polluters of our minds and our societies.
FYI, when I tried to follow your link, Safari on Mac blocked your link with a warning that the certificate is invalid. Oddly, the "details" section (which helpfully cannot be cut-and-pasted) mentioned that "the website's certificate will be valid 0 days from now". I'm guessing this means there is a clock or timezone error, either on your end or my laptop. Ignore or look into at your option.
Well that's funny, the cert is valid until 2022-01-16.
It might have something to do with the LE intermediate root rotation - Chrome variants and Firefox are happy with the chain, but Safari's CA trust store may not have the new intermediate CA in place.
I'll upgrade the system over the holidays in any case, and the new lighttpd finally has native support for CA chain inclusions. That should make all the clients happy again.
Maybe, but AB+'s acceptable ads program does not whitelist "acceptable ads", it whitelists "acceptable ads who have paid AB+ 30% of their ad revenue". Bonus points for the obvious conflict of interest of AB+ privately determining what "acceptable" means (where remember, if they say yes they make money).
AB+ "acceptable ads" exists to solicit bribes from websites to display their ads.
I'm not directly disputing what you're saying, just wanted to point out for context that (1) you have to reach some threshold before you have to start paying AB+ to whitelist you (I don't know much about the business of advertising so unclear how high a bar this is to clear); (2) technically an independent entity gets to determine what's "acceptable" (I don't know how independent it actually is in practice).
> AB+ "acceptable ads" exists to solicit bribes from websites to display their ads.
Surely you admit that the "acceptable" criteria are at least directionally correct? So even if you find the model icky, it's also "improving" the overall quality of ads (i.e. making them less intrusive/obnoxious/annoying)?
Given the shortcomings of AB+, what do you think is a better way of (1) defining acceptable ad standards; (2) generating enough revenue as an organization to build/maintain ad whitelists? Genuine questions to provoke discussion :)
> you have to reach some threshold before you have to start paying AB+ to whitelist you
Irrelevant. I (and 99% of other users) spend the majority of my time on the internet on websites large enough to meet the threshold.
> technically an independent entity gets to determine what's "acceptable"
Skimming the first page of that "independent" committee's bylaws: they self describe as being "hosted by eeyeo" (the developer of AB+).
> So even if you find the model icky, it's also "improving" the overall quality of ads (i.e. making them less intrusive/obnoxious/annoying)?
I don't care about via what mechanism advertisers improve their ads - that is their job to worry about not mine.
> what do you think is a better way of defining acceptable ad standards
I, the user, choose what is acceptable in my browser, not a for-profit company that benefits from bribes to whitelist ads. Believe it or not I do whitelist some websites with what I consider acceptable ads, but I do not and will never use an ad whitelist.
> generating enough revenue as an organization to build/maintain ad whitelists
Ad whitelists that generate revenue essentially always have a conflict of interest.
Web advertising's abysmal reputation isn't some freak accident. Websites and advertisers should work together to create actually acceptable ads rather than trying to bribe adblockers and hope users don't notice.
I agree, which is why I run Privacy Badger, which only blocks domains performing tracking and ignoring my "do not track" preference. Turns out that just doing that blocks 99% of ads and triggers anti-adblock detection. Which begs the question, of course.
What's an "acceptable ad"? The text only ads Google sold way back in their infancy seemed acceptable but the goalposts were constantly shifted towards the distracting, privacy disrespecting, security nightmare which is now an integral part of the hellscape that is the "modern web". Why should I trust the advertising industry again?
Is advertising a valid business model? For some apps and services perhaps, but it's not the only option and in many cases serves the business and users poorly. I don't think it's a coincidence that some of the best products I've used recently have actually put some thought into how to monetize.
That sounds exactly like what Brave is trying to do. They're pretty upfront about that, unlike Adblock, last I checked. It's not hard to check out of this in Brave in any case.
I'm not sure the author has checked the same for the alternatives he mentions. The closed source nature of Vivaldi (their tarballs only contain their copy of Chromium) makes it a weird recommendation, in any case.
isn't that for the consumer of the data to decide?
in fact, I'll go so far as to say that's exactly what most proper ad-blockers are: user implemented acceptable ads. if the user wants to view ads, they have it in their power to whitelist a site or domain.
perhaps a business could be made where you provide a list of acceptable ads and people can pay money to view them. on the one hand, I think that's a more reasonable business model than the one you've suggested, as at least it aligns the user's interest with their own explicit actions.
of course, there is the little problem that such a business model would probably never work, because fundamentally, most people don't want ads. they tolerate them because they don't know they could have a choice otherwise...
As a consumer you should ask yourself: do the ads provide any benefit to me? And if there is none, you should just block the them.
Sure it's nothing new that companies try to show you ads. But in the same spirit I always turned down volume or switched channel on TV when ads were on. This was in the past. These days I don't even bother watching channels with ads.
I personally would not be sad if the whole ad industry became less significant and we had more paid services. They also tend to be longer-lasting than many ad-sponsored services. Also I am the customer and can demand certain things, whereas with a free service I can demand nothing and I am not the customer.
As a student I made a few small Android games with ads. They brought in a few hundred bucks. Then I was blocked by Admob for whatever reason. At this point I learned what a crooked business this is and I swore that I will never make an ad-sponsored app again. If I have an idea for a product/service that will only work in that setting it will not even go on my list.
As I said.. I would prefer to pay for valuable content. Then the rest splits into two categories. Truly free (maybe with donations, or totally free) and a load of crap content I don't need to see anyways.
Do ad blockers now block first party images, or something? I'm fine with a site just hosting static images by itself. Typically I think the bad behavior comes from the third party ad networks. So, the way to get acceptable ads is for everyone to run an ad blocker. If we block the abusive entrants from the market, it might give the good ones room to grow.
There is e.g. https://www.ethicalads.io/ which I have chosen to allow in my uBlock Origin settings, since their ads aren't too obtrusive and they (at least claim that they) only target ads using IP geolocation and site keywords. But I'm sure it's hard for them to grow their business, since most people in the target audience will probably be using an ad blocker in which they will have to make a specific exception.
I can see why you would say that, but remember ads are ultimately paid for by the person watching the ad. If the company didn’t have to pay marketing expenses, it would be able to sell the product cheaper.
The only acceptable ads are those that are unobtrusive and people have opted-into seeing while not being incentivized to see them (for example being paid to see ads as this is a perverse incentive).
For example when I share this link to my favorite ad:
As long as that discussion begins by defining "acceptable ads" as "ads that I accept", not "ads which the advertiser doesn't think are quite that bad."
And by "ads that I accept" I mean "ads that I can turn off".
Another point for Firefox over all the other Chromium based ones: Chromium is actively working on stifling extensions, especially ad and tracking blockers, dubiously so in the name of privacy and security of all things: https://developer.chrome.com/docs/extensions/mv3/intro/ (primarily the deprecation of webRequest in favour of the severely, deliberately limited declarativeNetRequest).
While I suppose Brave with its integrated ad blocking is going to keep it working, I believe it will be wildly unsustainable for Chromium based browsers to keep the V2 APIs for extensions amidst the torrent of upstream changes coming from Chromium. So the only functioning blockers these browsers are probably going to have are built in ones - and only if they care enough.
1. I haven't followed Ghostery, AdBlock+ devs since I started using Brave. Sad to learn of their status. I will look at uBlock Origin.
2. Firefox was a memory and CPU hog and I always usef it as a test browser or a secondary browser, until Brave. Then I started using Chrome as secondary and dropped Firefox. I will give Firefox another try. Thanks again.
You could try out GNU IceCat, it's the FLOSS version of Firefox. Normal FireFox seems to have memory leaks or something that would use a lot of cpu/ram.
I want to use Firefox as my daily driver, but the inability to remap the keyboard shortcuts for tabs prevent me using it. On Linux Firefox maps Alt+# to tabs.
I have two problems with that. Firstly on Windows Firefox uses the Control key, so now I have to remember a different shortcut for my work PC vs my gaming PC. Secondly I run i3wm and alt is my mod key.
Yes, Ghostery has a subscription based business model and that another reason to great care in protecting users privacy. Take a look on how we use blind tokens to authenticate subscribed users while searching on glowstery.com https://github.com/ghostery/ghostery-search-extension (notice that even when you are a subscribed user there is no session cookie so queries cannot be linked).
Hope this sheds some light on the accusation. If that’s not enough, I do sincerely recommend uBlock Origin or AdGuard on Apple’s platform.
"Ghostery makes money by tracking the trackers while blocking them and selling data about third party trackers, which it calls Ghostrank."
"Ghostery calls it Consumer Messaging Platform, which allows the company to message users directly in the web browser. According to Ghostery, it will be used for product announcements and promotions. What makes this problematic is that it is enabled by default."
Indirectly relevant - It is not the client source code that is ever the issue. It is the server side code and the business model that matters.
Client can be even closed source, if it is zero-telemetry. There is no danger for user privacy there.
But if the client is not zero-telemetry, and is phoning home, at the very least private information like IP address will be transferred and we have no way of knowing what is done with it.
The original post talks exactly about the problem with dependency on the server side which for a browser (and an ad blocker for that matter ) should ideally be zero with the option to opt-in for things like updates.
> To benefit from uBlock Origin's higher efficiency, it's advised that you don't use other content blockers at the same time (such as Adblock Plus, AdBlock). uBlock Origin will do as well or better than most popular ad blockers. Other blockers can also prevent uBlock Origin's privacy or anti-blocker-defusing features from working properly.
I switched from Firefox and I've been happy so far. It's not perfect, but not as bad as the others. As others have said here be careful what extensions you install.
I also don't sign up for sync, or password manager, or any of that stuff as I don't trust it enough on any browser.
Several months into Brave and I have no urge to turn back yet.
Got conned by BAT and have a growing sentiment that by continuing to use Brave, I'm enabling the company to make back the advertising earnings promised; I refuse to do KYC to redeem them.
KYC is only required (by law, with which Brave must comply) for those wishing to cash-out (or deposit their own) BAT (into or out of the Rewards Wallet). No KYC is required for the use of Brave's general-purpose "Brave Wallet". Also, no KYC is required for users who wish to earn BAT (via Brave's privacy-respecting Ads) and use said BAT to support content creators.
Vivaldi is super nice but the debate about it's code is what keeps people at bay. Mozilla is too arrogant for me, and chromium, while my daily browser feels very barebones for 2021.
I really like the odd de-mozilla'd Firefox versions though.
Firefox is less secure, as has been said many times here already. You might dislike the Blink hegemony but they're the only ones who invest enough in security. Vivaldi's closed source, and Firefox doesn't have site isolation on all platforms yet. (Neither does Safari). Chrome had it in 2018. 3 years is not excusable when a 0day can be the difference between freedom and jail (or worse).
"Privacy" is defective when your exploit mitigation is deficient. You've got a lot worse privacy when your whole computer is owned, than when a few websites track which other websites you've been to.
Brave has a top-notch team, uses Blink, and has some of the best fingerprinting protection I've seen in any browser, much better than Safari, and better than Firefox. They have good people working on it. The fact that an attempt to improve privacy [0] is being used to bring Brave bad PR is ironic.
Can you cite one real-world example of someone who's been infected using Firefox in newer times?
The link you're referencing talks about NT kernel syscalls - if the computer is already infected it doesn't matter what browser is being used.
If one is a high-value target for a nation state or something of that caliber I would agree with you - but that doesn't apply to regular users. Atleast to my knowledge.
Another counter-argument here is that people looking for vulnerabilities would much rather spend their time looking for chrome exploits than firefox exploits (because of market share), no?
> Can you cite one real-world example of someone who's been infected using Firefox in newer times?
Coinbase was, and that wasn't long ago. If I were a sysadmin I'd blacklist Firefox from all my machines, no matter how I feel about the open web, about Mozilla or their mission statement, it's not a reasonable risk to take.
> Another counter-argument here is that people looking for vulnerabilities would much rather spend their time looking for chrome exploits than firefox exploits (because of market share), no?
People look for both. Firefox is a much higher value target to governments than Chrome, because that's what Tor Browser is.
Tor is Firefox ESR, which only has big security fixes backported; other security flaws remain in Firefox ESR for much longer. But beyond that, the security fundamentals were never a part of the original Firefox project like they were for Chrome, and it still isn't. 13 years later, Chrome's still making faster progress with exploit mitigation than Firefox, and Firefox is the one that needed catching up. There's a reason why GrapheneOS, which people here trust, don't use Firefox. Check their website for a great readup[0].
On Zerodium, Chrome RCE+LPE goes for $500k, Firefox and Safari. People will argue that's marketshare, but get any exploit mitigation researcher in here and they'll tell you Firefox (and Safari) are fundamentally less secure than Chrome. Price isn't just determined by demand (by governments), it's supply too.
I understand the "cyberpunk" love for Firefox, they're the good guys fighting big G. But that doesn't change what their codebase is.
Once an exploit allows running arbitrary code in a sandboxed browser process, NT kernel syscalls become relevant even if your computer isn’t otherwise infected. See project zero for a rundown of NT kernel vulnerabilities actually exploited from sandboxed processes (Firefox uses the same sandbox as Chrome on Windows): https://googleprojectzero.blogspot.com/2021/01/in-wild-serie... .
I don't want to diss Vivaldi, I just haven't researched the company behind it well enough to trust it for myself. I'll leave it to others to do the research and make up their opinions themselves.
Interesting spyware website, thanks. I see that some of the stuff that I saw on Reddit is actually true. I’ve stopped using Brave for about 6 months now, so far so good.rn I’m on chromium.
One of the reasons why I also quit this was because some problems with their rewards crypto programs. Basically, this content creator Tom Scott, makes great videos, tweeted some stuff about Brave explaining the issue. He says that Brave users who watched him or visited his website were encouraged to donate to him through the Brave rewards program, when in fact, Tom Scott had not signed up or agreed upon it. Several people donated misunderstandignly and Brave didn’t even say that Tom Scott was not on their crypto platform, refused to either refund the people who donated and thanks to this issue now any content creator who isn’t on their crypto platform has a small text below the crypto payment.
The issues mentioned by Tom Scott (from December of 2018) were wholly unrelated to security or privacy, and instead serve as a case-study in UI/UX and messaging. Allow me to explain a bit in greater detail.
Brave held a token sale in 2017 which resulted in 300 million BAT being added to a User Growth Pool. In 2018 we invited Brave users to direct BAT grants (that is, BAT belonging to Brave) to their favorite content creators. Some users expressed a desire to support Tom Scott (as they should; his content is phenomenal).
Brave's UI explicitly marked verified creators as such, but made no explicit indication when a creator was unverified (we followed a similar model to Twitter, which gives checkmarks only to verified accounts). This resulted in some confusion among our users about whether or not Tom was a verified creator.
Some users chose to direct BAT (again, from Brave's own User Growth Pool) to Tom's YouTube account. At the time, this BAT would migrate from the UGP through to a Settlement Wallet, waiting to be collected by the creator. Again, we're talking about BAT from Brave's own wallet--no user funds involved.
After listening to Tom's feedback over Twitter, Brave took action and made a series of prompt changes. For starters, we began to explicitly identify unverified creators as such (not doing so was a naïve design decision on our part). Secondly, we modified the contribution model such that Brave (the browser) would not send tips to any unverified creator (that is, no BAT would go into a settlement wallet). Instead, issued tips now remain in the user's control for up to 90 days while the browser routinely checks to see if the intended recipient has verified.
We blogged about these changes at the time: https://brave.com/rewards-update/. We made these changes in fewer than 48 hours, IIRC. Tom's feedback was excellent, and resulted in a substantially better tipping model in Brave. Of these changes, Tom shared on Twitter "These are good changes, and they fix the complaints I had!".
It's so bad lately that I'm working on my own web browser in my free time (off WebKit, won't be big, or public and will be a pile of hacks) but at least I won't rely on this mess.
This title seems a little clickbaity to be honest and I'm not sure how accurate the author's portrayal of Brave's server side is. Based on intuition I imagine the inability to install extensions has something to do with Chrome's locked down web store forcing Brave to make it's server-side act as a middle man to the chrome web to download and install extensions. Therefore this would be a google/chromium/intentional design flaw and consequence of prioritizing UI/Security over simplicity. If someone understands this better feel free to explain below.
The problem is definitely a bit more complicated. While it's possible this issue did not involve an issue with Brave at all, it's also possible that it did. The behavior observed (inferring from the screenshot) suggests the user's access to this extension was denied at the time. A 401 response (Unauthorized) from Brave's proxy-endpoint (go-updater.brave.com in this case, I believe) would result in this message being shown. It is entirely possible the user happened to catch a rare, transient issue with our proxy.
Sampson (Brave Team)
Brave proxies Google endpoints to prevent users from making unintended contact with Google.
Thanks for the explanation Sampson! I love reading your internals explainers for Brave on HN and I really appreciate how active your team is when it comes to providing information to end users.
There is no hard-coded ad whitelist. This is misreporting from years ago, based on an individuals confusion over a filename. Brave does not whitelist any third-party ads or trackers.
By default, Brave tends to leave first-party advertising alone. As such, Google ads on Google sites aren't usually blocked in Brave. Google Ads on non-Google sites are, since they are one of the primary means by which user-data is harvested across the Web. We believe that you should have the right to run ads on your own domain(s). That said, Brave offers an 'Aggressive' mode (via the shields) which will go even further than our default behavior, and blocking numerous ads and other elements even when they belong to the domain being visited.
First-party advertising is not necessarily privacy-invading since first-party ads offer no extra reach into the user's data than is already possible from the site itself.
If you're on a Google-owned site, an in-situ first-party ad isn't necessary to harvest information about you—the page itself can do this far more effectively than any ad element. Blocking first-party advertisements is largely an aesthetic decision; Brave enables this via the Aggressive Mode in Shields.
By "creepy ads," we're referring to the invasive, data-collecting remote ad scripts which siphon your data from one host to another via JavaScript, Cookies, and cross-domain requests. First party ads (e.g. a Fortnite advertisement on the Epic Games website, or Google Ads in the Google Search Results) are not examples of cross-domain data-harvesting elements.
We absolutely do think that Google itself is creepy, and that it should be avoided entirely. Consider search.brave.com instead ;)
If the user navigates to Google, the user is handing themselves to Google. If the user wishes to block first-party content on Google (which doesn't amplify their risk in any way), Brave supports that option via Aggressive Mode. Brave blocks, by default, that which is harmful. If you're willingly typing data into Google, their SERP ads aren't increasing or adding-to your risk in any way.
Brave supports the option to block all ads. By default we block the harmful ones. We offer options for blocking the non-harmful (but perhaps distracting/annoying ones) as well (via Shields and custom lists; see brave://adblock/).
If you wish not to see the first-party SERP ads on Google, I would suggest you not use Google. If you would like to use Google, know that doing so enables them to collect and harvest all sorts of data about you. But, you can hide their SERP ads (which doesn't secure any of your data) by switching Brave's shields from Strict to Aggressive.
> If you're willingly typing data into Google, their SERP ads aren't increasing or adding-to your risk in any way.
How are you sure? I would assume that a more likely scenario is one where clicking a first party ad on Google.com helps build a profile about the user.
> If you wish not to see the first-party SERP ads on Google, I would suggest you not use Google.
Recommending to avoid a site that has ads is not how ad-blockers are supposed to work.
I'm not suggesting you avoid Google _because it has ads_; the ads aren't the problem. The problem is Google being the first-party domain. I'm telling you not to walk into the dragon's den at all; you're wanting to discuss the cleanliness of the dragon's toe-nails :)
For me brave mobile was the only usable browser on android because it has a bottom tab bar. I don’t know why chrome itself ditched it, does nobody at Google have a >6 inch phone? Then I discovered edge on android and it is really good (if you can live with the fact that it is from Microsoft). Now I switched to iOS and safari has bottom navigation by default.
Microsoft has changed a lot. They should probably have changed their name, at least for dev-related stuff. I think maybe you have a 1990's era Microsoft view?
I don't like Edge, but the comment suggests one may like the product and only "if you can live with the fact that it is from Microsoft" one could use it.
My suspicion is that this sort of comment is motivated by a 1990's view of Microsoft. They much different company now, for sure.
I'd say Apple did something worse than ads with the image scanning privacy invasion. Even retroactive in time. This is no go for me. But many are OK with this sort of disrespect by Apple while pointing fingers on others like MS? I don't think it's a good line of thought...
Kiwi Browser has bottom tab bar I think and it has extensions unlike any other Chromium Android browser (let's ignore their useless implementation in Yandex and some other hacky ungoogled browser)
For people discussing alternatives, consider LibreWolf. It is firefox with the privacy nob turned to 11 out of the box, have been daily driving it for a few months now without any issues.
How is IPv6, a protocol that is superior to the IPv4 mess we have come up with to cope with the fact that 32 bits aren't enough to represent each unique computer, a privacy regression? Is the end-to-end principle of the internet a privacy regression too?
IPv6 enables insane precission of device tracking. A side effect of not having enough ipv4 addresses and using NAT is that all your home devices let's say, go out on the internet using only a single IP address. Also, the geo-location accuracy using ipv4 is at the level of a city. With ipv6 you can get to a geolocation accuracy of a building block and confidently target individual devices within ones home network since they will use unique ipv6 addresses.
Surely, privacy minded people will find a way around those, but out of the box ipv6 is a privacy regression for the reasons listed above
>IPv6 enables insane precission of device tracking. A side effect of not having enough ipv4 addresses and using NAT is that all your home devices let's say, go out on the internet using only a single IP address
Use random addresses, no further words needed. If you are actually that paranoid, feel free to use stateless translation to change the host part of the IP.
>Also, the geo-location accuracy using ipv4 is at the level of a city. With ipv6 you can get to a geolocation accuracy of a building block and confidently target individual devices within ones home network since they will use
Unless your ISP is announcing unique /48s of individual building block, no. If your home router gets a static IPv4 address, the same problem prevails, not relevant.
>Surely, privacy minded people will find a way around those, but out of the box ipv6 is a privacy regression for the reasons listed above
Out of the box IPv6 offers the same privacy regressions as the original IPv4 before we fucked it to high hell. NAPT is a royal pain for any P2P protocol.
So on the first part you are replying with i already said, that there will be workarounds, and om the second part you are replying with a condition that is half true and is most likely going to stop being true as years go by and ipv6 is adopted more and more. Not sure where this is going.
There are people who already use ipv6 on their routers/pcs/mobiles and they don't even know it.
> "Arunmozhi is a freelance programmer and an open-source enthusiast."
I'm surprised, shocked and dumfounded that Firefox is not even mentioned while Vivaldi and Chromium are being considered. For someone who put up with Brave for years and its other issues, it really seems strange that Firefox is not in consideration.
I have two problems with Firefox - I use "print to pdf" often and Chromium renders that more accurately.
Some sites are better supported on Chromium.
Other than these two, Firefox is very good.
(On the other hand, Firefox mobile is quite slow).
This is "self eating snake" type situation. Many webdevs ignore Firefox because of its market share and this yields worse support. People don't like "worse support" and use it as argument (excuse) for using Chrome.
However I've only noticed problems in Firefox with various "chrome experiments" and WebGL performance. Oh and sometimes it's hanging and taking too long to load some source maps on large projects.
Firefox was once the primary and then a standin secondary when cpu/memory issues just made it too slow on my machine. With Brave becoming primary and Chrome becoming secondary, I have kind of forgotten about Firefox. After seeing the number of mentions here, I will sure give it a go.
This seems like a No True Scotsman fallacy [0]. Being an open source enthusiast is a huge spectrum and if someone doesn’t check a box that you consider important it doesn’t signal anything special. I think asking about the omission makes sense, but it has nothing to do with a passing tag line that means almost anything to anyone.
Is it really surprising that he’s only looking at Chromium based browsers? The trigger that ultimately caused him to drop Brave was being unable to use an extension from the Chrome Web Store. Switching to Firefox doesn’t fix that.
There's no reason for him not to consider Firefox, since installing extensions reliably led him to become exasperated with Brave relying on backend servers, which then led himto the decision to stop using Brave. So since most if not all of the extensions he's looking for are very likely either ported to Firefox, or have (often better) equivalents, why not switch?
I'm not trying to be pedantic, just using the opportunity to promote switching to Firefox, because it's great :) and there are less bumps on the road than people make out.
When I switched back to Firefox after quantum hit, I actually discovered I didn't even need a few of the extensions I needed in Chrome.
I think any other browser would also need a server with the hosted extension packages, so the point here is misguided: you did not get an error related to Brave servers while *not* using Brave services.
Generally speaking, other Chromium-based browsers simply load the CRX (extension file) directly from Google's server. This puts the user's device in direct contact with the advertising and data-harvesting giant.
In Brave's case, we proxy the requests to prevent direct contact. As such, when a user attempts to install an extension in Brave, the browser sends the request through a *.brave.com endpoint, which relays it to Google, and returns the CRX (or other response).
In the author's case, they may have sent an invalid request to Brave's proxy endpoint (e.g. missing or invalid service key). This can happen when you're using an out-of-date build of the browser. It's not clear to us at this time what caused the "Access Denied" error, but we know that a missing/invalid key could yield these results.
Sure, but my point is that you cannot complain about the extension store being down while...trying to use the extension store. Nothing has a SLA of 100% (I know that this was not due to downtime, but the possibility remains).
It would be different if he was trying to visit www.archive.org and got an error from www.brave.com
Brave is the only browser on my iPad that blocks majority of ads.
I have went as far as try to pay for ad blockers in the app store (this is my first and last apple device so it is a weird concept for me).
If I could just install unblock origin or find system wide adblocker then I would use that instead
Everyone wants to talk the respective merits of Brave vs Firefox vs ____, but I just want to talk about how the post itself is dumb.
You're installing an extension from a web store. Of course it doesn't work if there is a problem with the backend servers. Where do you expect to get the extension from?
As far as I understood the backend issue was on Braves end, while the Chrome Web Store was fine.
So installing the extension worked in Chrome, but not in Brave, because they had some backend problems, while the installing of an extension should not need the Brave servers at all.
Brave proxies Google-endpoints to prevent users from unintentionally making contact with Google servers. If our proxy receives a bad request, or has some other unlikely, transient issue, it will respond with a 403 Status (which results in the "Access Denied" message being displayed). In this instance, the user may have been on an out-of-date build of Brave; it's not clear from the report.
Must admit this was my question as well. It seemed from the post that the browser was still working but the extensions couldn't be installed. Not ideal but seems like a weird response.
Is the point that there should be a separate source of extension packages or something?
installation doesn't work because of Brave servers, not because of extensions web store, completely unrelated, or at least it should be unrelated in normal browser
I posted here on HN asking if Brave mobile was broken for anyone else one night, for little response. My wife and I both use Brave, and it just hung at startup.
Unsatisfied, I checked the Reddit sub the next day, and saw tons of complaints. Apparently if the Brave backend is down, it won't even launch.
This is a huge problem that makes me entirely skeptical of not only the browser, but that anyone in charge has any idea of what they are doing. Currently testing alternatives...
No service outage should ever cause the application itself to be unusable. Which mobile platform are you using? If the browser cannot successfully contact our backend services (for things like update checks, or refreshing its internal list of known-malicious URLs to avoid) then it will simply carry-on and attempt those requests at a later point.
Great question! Dates and times are one of the most loathed obstacles in writing software that needs to work a particular way across millions of devices situated all across the globe in different regions and time zones.
In our case, we had a bit of code that aimed to measure the time until midnight/tomorrow. But when clocks change at midnight (jumping forward or backward), you can wind up with days that appear to be longer than 24 hours in length. And when a day is more than ~24hr in length, you wind up with unexpected answers to seemingly simple math equations.
A bit of logic, responsible for setting up a timer, wound up scheduling numerous timers when our 'How long until tomorrow' code began returning negative numbers. That set of unintended timers locked-up the application itself. You can see our issue for the behavior here: https://github.com/brave/brave-core/pull/11030.
For 10 minutes of anxiety, check out 'The Problem of Time & Timezones' from Tom Scott of Computerphile: https://youtu.be/-5wpm-gesOY. It's a fantastic summary of the issues programmers face when dealing with time :)
I apologize for my hasty comments. Based on the Reddit thread I had seen, it seemed most people were blaming a down server - and to a user, that's what it -felt- like too, seeing as there wasn't an app update or anything recent. I'm thrilled to hear that wasn't the case, and appreciate the explanation. Sounds like we're staying with Brave then!
It's alarming how cavalier people are with spreading made-up explanations when something isn't working as expected. But we're always here and happy to chat about what's actually happening (provided there is indeed an issue, and we have it understood). Thank you for allowing us a moment to share more information; I hope the DST topic and aforementioned video on Time and Timezones wasn't too frightening, lol :)
251 comments
[ 3.4 ms ] story [ 271 ms ] threadTongue in cheek aside, I don't know much about Brave - is there some specific reason that it needs an always-on server to call home to?
We're looking into this from our end, to see if there were any recent proxy-interruptions which might explain the user's experience.
Sampson (Brave Team)
You absolutely could create a similar browsing experience (with excellent extensions like uBlock Origin), but you're still ultimately at the mercy of the browser vendor. For example, uBlock Origin is facing pressure from forthcoming Manifest V3 changes which threaten the existence of the extension (and many others like it). Brave, as a Browser, has committed itself to continuing support for these types of extensions.
One of the other large elements of Brave is Brave Ads & Rewards, and the ability for users to anonymously translate their attention into substantive support for content creators in a privacy-preserving fashion.
Sampson (Brave Team)
Personally, I use Firefox out of principle.
Google has something to do why the Android Firefox is crippled: before Firefox 68 was released, the Google reviewers actually rejected it owing to the addons system. (Yes, I know Kiwi browser exists. I don't understand the reviewers' logic but here we are.) Fortunately, FF 68 is an ESR release and was able to stop-gap the issue by releasing security updates (which aren't blocked by Google). Unfortunately, this is the reason Mozilla is only shipping "recommended addons": Mozilla has individually reviewed it because Google will penalise Mozilla if there's a malicious addon on their store. (Note that I won't shield Mozilla on the "Daylight" updates: I hope that they just continue Fennec rather than they rewrite it but personally it's fine.)
Without it we loose the standard part of the whole web, and it will be “whatever chrome does is the standard”.
* Firefox main income is the competitor, Google
* Firefox sent telemetry to Google servers after first start
So am I, it doesn't feet in my degoogled life.
Seeing the market share of Desktop Linux I'd hazard a guess that those users are in the majority.
Edit: tried to download debian package to check their patches, but failed: https://packages.debian.org/sid/firefox
So proofs are welcoming.
Honestly, i havnt missed it all. Firefox on mobile is awesome - plugins work! Plus, no longer does google know where i am anymore. Its ability to track and suggest ads to me is pathetic.
i doubt it - they probably know just as much from extrapolation off other data points, even if the browser data point is gone.
Is this some kind of patented behavior that Mozilla is afraid to implement?
"pull down to refresh" is patented by Twitter:
https://www.theverge.com/2013/5/21/4350826/twitter-pull-to-r...
And Firefox implements the feature in Nightly (this is an old thread, so perhaps it has already landed in mainline) :
https://www.reddit.com/r/firefox/comments/nzfcak/why_do_we_n...
(I find it a little obnoxious actually, as I frequently accidentally hit it trying to scroll back up)
Only certain ones from their recommended program. Add-on support on mobile is still very limited from what it could be.
> I am thinking of going back to [Chromium] with the usual extensions like Ghostery, AdBlock+
> [Brave's] amazing ad-blocking and tracker protection
If you just need an adblocker, sure. At this point everone should have heard of uBlock Origin.
- Doesn't come with a built-in ad blocker, so have to install a 3rd party plugin (I don't want to install any extension into my browsers) - Mozilla upper management have been making terrible decisions for the last 5+ years. By not using Firefox I'm sending a message (I used to give $$ to Mozilla) - Firefox keeps having features removed (RSS, FTP, etc), and gimping the UI.
It's not much to ask to have these 3 things improved, at which point I'd move back to Firefox from Brave.
Also, if you haven't tried Firefox since the quantum days come back and give it another try.
https://github.com/el1t/uBlock-Safari/issues/158
You are not being attacked by parent. Parent is merely pointing out the difference so other users are aware of it. You could just thank them for the clarification and move on.
And was approved and even pinned.
Firefox is the top choice for me. I recommend it properly and not just for the sake of supporting Firefox. That said, please support Firefox. We should not be allowing Big Tech behemoths from taking away the window into the internet.
If I were to complain to Firefox team - please stop adding shit, I don’t want Pocket, I don’t want anything but just the way it currently is. Just allow us to browse. Fast.
Perhaps Chrome shows more intermittent reflows so you observe more of the page rendering as it's taking place? Can you describe it in more detail? I presume Firefox is doing something right but what might it be?
I am on a pretty powerful Mac and it's exactly the opposite, sadly. Firefox just... stutters. When downloading pages, when interacting with pages, it's there and it's super annoying.
Chrome in the meantime is just absolutely instant no matter what I do.
Doesn't help me wanting to stick with Firefox. :(
The type of ads I strongly dislike for reasons beyond like, breaking pages and tracking, are ones that repeatedly show for something which I already know exists in order to promote a brand.
If someone wants to put up an ad for “we make any bronze parts”, well, I looked to see if any of them were cheap enough to get as a gag (none of them were, but still).
If a company wants to remind me over and over of their company name that everyone is already familiar with, that is irritating.
You see a potential for dissatisfaction, I see a potential for opportunity.
Also, allocating time for “searching for products that I don’t know of but which seems like they might exist, which would improve things” seems, slow an inefficient?
Like, I previously had thought “it is bad that printers basically all have drm-ish ink cartridges.” When I saw an ad for a printer which instead had refillable ink tanks, I regarded that as an improvement. (As it happened the printer had some unfortunate bugs where it semi-frequently needs to be forcibly rebooted by unplugging it, but it is otherwise seems to work nice.)
I don’t see how this is not a benefit? It isn’t like I otherwise wouldn’t be using a printer, or like it increased average rate of printer purchasing non-negligibly . It mostly just changed which printer got purchased.
Like, I suppose if every time I thought “I wish there was a product such the [x]”, I put a description of that into a web form (in terms of keywords I guess?) and then when a product was released, the company releasing the product could send info to the company running the website demonstrating the novel properties, and then the website could notify all the people whose descriptions appeared to match, and that could be an alternative to ads?
I really do not buy many things, if your concern is that ads would compel me to buy too many things, in like, a consumerist way.
(Actually, the example with the printer was when I was living with my parents, so it was actually my dad who bought the printer after I pointed out it existed, and after he evaluated the price taking the ink into account.)
It is a bit confusing to be honest. There seems to be something very upsetting happening but exactly what is causing that response I can't pick out.
And it isn't billions, you need to normalise by audience size. Any company spending billions to influence my behaviour is bankrupt, I don't have enough money for them to make that back.
But one of those things would get a broadly supported "aw, how wholesome!" from the crowd. The other appears to get actual, honest, anger. It is unclear to me why the difference in responses is so large.
Everything a person encounters influences them, and generally people are comfortable with good and bad influences in their lives. The fact that corporations are motivated to sell things doesn't even mean their influence is bad. The fact that I bought a rice cooker because it was being advertised to me doesn't change the fact that I am better off owning the rice cooker. I bought it because it improves my life. So why the hate on ads?
In many ways this is what trade magazines are/were, but the absence of a general market for such generalised interest is so absent its the kind of witness evidence that is deafening in its silence.
The problems are the power Facebook and Google have over the ad market, that increases ad costs for businesses by a lot (I've read, one third, but I wouldn't be surprised if it's more). But online ads are a lifeline for small businesses. Regulate the big players, and keep the ads flowing. Some people here want ads to be abolished, but you'd just strengthen existing brands, i.e. huge multinationals. That's all it would achieve.
That's why real issue with Brave, frankly. I still use Brave as my default browser because it's the only one that allows me to allow all ads by default, and only turn on Brave Shields for specific websites. Even uBlock Origin deprecated their default-allow, and it now breaks many websites completely if you try it. But I don't like "anti-ad" sentiment.
Sad state of affairs. But people who oppose Big Tech domination, and also want ads abolished, don't realize that doing so would prevent millions of small businesses from getting off the ground. Chrome's killing the open web, but might be saving the "open economy" by trying to disincentivize adblocking (by blocking "annoying ads" by default, and implementing ManifestV3). It's a mess.
Let's take Brave for example. Open home page of brave.com and you get:
"The best privacy online
Browse privately. Search privately. And ditch Big Tech."
And a nice screenshot.
The problem is this is not what Brave works/looks like when you open it the first time.
By their own research [1], on your first run Brave will immediately "phone home" 80(!) times. The original post discussed here talks about mundane features like installing an extension not working without contacting their servers about it.
Then, the user is immediately welcomed by ads for several crypto services right there in the browser on the right hand side (curiously hidden on their home page screenshot). I guess that:
"Browser that shares your private information with us and shows you ads you do not really want" would not fly well as a tagline.
Having this behavior turned on by default is where user frustration begins and is later then just amplified by even worse behavior, again incentivized by the fact that the business model is simply dependent on ads, like the other big tech.
[1] https://brave.com/popular-browsers-first-run/
once you understand not desiring one, you can understand not wanting the rest, since they're all fundamentally the same thing.
I am entirely with you on not wishing any ads at all, anywhere. I just think that it's not realistic to remove ads entirely on the open web today.
This should not be an excuse for the way ads are being run today. It is fundamentally broken. Incentives and attributions should be changed.
Firstly, I'd urge everyone to deny the initial premise. The right or desire to be free of or avoid advertising has nothing inherently to do with the act of paying money or being able to amass or claim property rights over things. That's not why i hate junk mail. That's not why I don't want to be proselytised to. That's not why i shouldn't have to view propoganda. Of course, the addition of private property rights issues is one more barrier that advertising would have to overcome in order to be deemed acceptable, but on the contrary, i think a better premise is to start with WHY or WHEN advertising should be allowed, given that it is almost universally loathed or objected to. I wouldn't want to live in a world where people are subjected to advertising because they haven't payed for things or own things or content. That's dystopian.
At the very least, I think people should have the ability to say no, and for that desire to be respected and not interferred with. I think there's good grounds for advertising, or at least many types of advertising, to not be allowed in many public areas or via many public resources. I have no problems with companies or organisations not delivering material or allowing access to general consumer goods as a consequence of saying no to advertising, but that's different to users saying "no i don't want ads and I don't want to be tracked" and having the companies go "but I'm gonna do it anyway and you shouldn't be ad blocking".
Finally, I always come back to what the web is, or at least what it was, in that I deny the underlying unspoken premise that the web is there to run business models or pay money for content to be put on it. If businesses can make it on the web, good for them. But if they can't, the web is more important than business.
To be clear, the internet and web and content came first, then the businesses arrived and co-opted it for their purposes. Now the narrative is trying to be rewritten so that you can't possibly let people consume material on the web for free without people paying for it via advertising.
So let me be clear: I pay for my computer. I pay for the bandwidth of my ISP. This allows me access to a public network of computers where I can make requests to other computers on the network to send me information. People can also pay to put content up on that network to be requested by others, but no one forces them to do so, AND, no one forces them to answer my computer's request for content. When i use an ad-blocker, the main activity is for me to determine client-side that there are certain computers I don't want to talk to, and certain content I don't want to see. In an ideal world I wouldn't be tracked also, but that's just an additional abuse or manipulation of the system.
Several years after this whole system had been operating just fine, companies arrived and started trying to make money, and today we have a feigned victim-complex retcon narrative about how people not paying for content should view ads.
On the contrary, if companies do not want me viewing their content: don't put it u...
You have just normalized this absurdity because it’s been around for so long. Ads are terrible for people’s mental health, because the best way to sell a product is to create a need for it. In other words, by making you feel incomplete and insufficient.
Ad-funded business models make it impossible for the people to "vote with their wallets", so all of the good things about any kind of market dynamics are removed, and we are left only with its disadvantages.
- It treats everyone as "eyeballs", removing any need for a content producer to care about quality. As long as it generates clicks it goes. It has turned even the most reputable of media channels into tabloids.
- By having no regard for quality, it's a tragedy of the commons.
- By removing any chance of nuance, it makes all of the audience to be bucketed into "pass/filter" algorithms, and the only concern is to make sure that the content is so bland and innocuous that no one within their bubble reach can complain about it.
- It has taken mass-consumerism and general public conformity to 11.
- Big Tech turn all of that crap into profit no matter what.
- It is feeding and coddling the coming and current generation of techies into lame drones with no imagination and will to affect actual change. It's creating an army of people who think that the status quo is good.
I don't think it is too much of a stretch to think of how the "ad supported" content economy is correlated with the increased polarization of people, the growing tribal divide and the isolation of individuals. I honestly think that we should be treating the majority of "ad supported" websites as heavy polluters of our minds and our societies.
If you want to do ads online, here are the initial rules of engagement: https://bostik.iki.fi/aivoituksia/random/no-stalking.html
It might have something to do with the LE intermediate root rotation - Chrome variants and Firefox are happy with the chain, but Safari's CA trust store may not have the new intermediate CA in place.
I'll upgrade the system over the holidays in any case, and the new lighttpd finally has native support for CA chain inclusions. That should make all the clients happy again.
AB+ "acceptable ads" exists to solicit bribes from websites to display their ads.
> AB+ "acceptable ads" exists to solicit bribes from websites to display their ads.
Surely you admit that the "acceptable" criteria are at least directionally correct? So even if you find the model icky, it's also "improving" the overall quality of ads (i.e. making them less intrusive/obnoxious/annoying)?
Given the shortcomings of AB+, what do you think is a better way of (1) defining acceptable ad standards; (2) generating enough revenue as an organization to build/maintain ad whitelists? Genuine questions to provoke discussion :)
Irrelevant. I (and 99% of other users) spend the majority of my time on the internet on websites large enough to meet the threshold.
> technically an independent entity gets to determine what's "acceptable"
Skimming the first page of that "independent" committee's bylaws: they self describe as being "hosted by eeyeo" (the developer of AB+).
> So even if you find the model icky, it's also "improving" the overall quality of ads (i.e. making them less intrusive/obnoxious/annoying)?
I don't care about via what mechanism advertisers improve their ads - that is their job to worry about not mine.
> what do you think is a better way of defining acceptable ad standards
I, the user, choose what is acceptable in my browser, not a for-profit company that benefits from bribes to whitelist ads. Believe it or not I do whitelist some websites with what I consider acceptable ads, but I do not and will never use an ad whitelist.
> generating enough revenue as an organization to build/maintain ad whitelists
Ad whitelists that generate revenue essentially always have a conflict of interest.
Web advertising's abysmal reputation isn't some freak accident. Websites and advertisers should work together to create actually acceptable ads rather than trying to bribe adblockers and hope users don't notice.
Is advertising a valid business model? For some apps and services perhaps, but it's not the only option and in many cases serves the business and users poorly. I don't think it's a coincidence that some of the best products I've used recently have actually put some thought into how to monetize.
I'm not sure the author has checked the same for the alternatives he mentions. The closed source nature of Vivaldi (their tarballs only contain their copy of Chromium) makes it a weird recommendation, in any case.
in fact, I'll go so far as to say that's exactly what most proper ad-blockers are: user implemented acceptable ads. if the user wants to view ads, they have it in their power to whitelist a site or domain.
perhaps a business could be made where you provide a list of acceptable ads and people can pay money to view them. on the one hand, I think that's a more reasonable business model than the one you've suggested, as at least it aligns the user's interest with their own explicit actions.
of course, there is the little problem that such a business model would probably never work, because fundamentally, most people don't want ads. they tolerate them because they don't know they could have a choice otherwise...
Sure it's nothing new that companies try to show you ads. But in the same spirit I always turned down volume or switched channel on TV when ads were on. This was in the past. These days I don't even bother watching channels with ads.
I personally would not be sad if the whole ad industry became less significant and we had more paid services. They also tend to be longer-lasting than many ad-sponsored services. Also I am the customer and can demand certain things, whereas with a free service I can demand nothing and I am not the customer.
As a student I made a few small Android games with ads. They brought in a few hundred bucks. Then I was blocked by Admob for whatever reason. At this point I learned what a crooked business this is and I swore that I will never make an ad-sponsored app again. If I have an idea for a product/service that will only work in that setting it will not even go on my list.
Also, this very site has no ads. Neither does wikipedia. Nor librivox, or Project Gutemberg...
For example when I share this link to my favorite ad:
https://www.youtube.com/watch?v=Q49fDwqwK5E
and you decide to check it out, it satisfies the above criteria.
And by "ads that I accept" I mean "ads that I can turn off".
While I suppose Brave with its integrated ad blocking is going to keep it working, I believe it will be wildly unsustainable for Chromium based browsers to keep the V2 APIs for extensions amidst the torrent of upstream changes coming from Chromium. So the only functioning blockers these browsers are probably going to have are built in ones - and only if they care enough.
1. I haven't followed Ghostery, AdBlock+ devs since I started using Brave. Sad to learn of their status. I will look at uBlock Origin. 2. Firefox was a memory and CPU hog and I always usef it as a test browser or a secondary browser, until Brave. Then I started using Chrome as secondary and dropped Firefox. I will give Firefox another try. Thanks again.
I have two problems with that. Firstly on Windows Firefox uses the Control key, so now I have to remember a different shortcut for my work PC vs my gaming PC. Secondly I run i3wm and alt is my mod key.
Out of curiosity, why do you use alt instead of super?
Ghostery is not selling user data.
Let me point out a few facts:
All browser-side code is open source https://github.com/ghostery/ghostery-extension and https://github.com/ghostery/ghostery-dnr-extension.
Yes, Ghostery has a subscription based business model and that another reason to great care in protecting users privacy. Take a look on how we use blind tokens to authenticate subscribed users while searching on glowstery.com https://github.com/ghostery/ghostery-search-extension (notice that even when you are a subscribed user there is no session cookie so queries cannot be linked).
Hope this sheds some light on the accusation. If that’s not enough, I do sincerely recommend uBlock Origin or AdGuard on Apple’s platform.
Ohhhh, let me too!
"Ghostery makes money by tracking the trackers while blocking them and selling data about third party trackers, which it calls Ghostrank."
"Ghostery calls it Consumer Messaging Platform, which allows the company to message users directly in the web browser. According to Ghostery, it will be used for product announcements and promotions. What makes this problematic is that it is enabled by default."
You aren't fooling anyone.
Indirectly relevant - It is not the client source code that is ever the issue. It is the server side code and the business model that matters.
Client can be even closed source, if it is zero-telemetry. There is no danger for user privacy there.
But if the client is not zero-telemetry, and is phoning home, at the very least private information like IP address will be transferred and we have no way of knowing what is done with it.
The original post talks exactly about the problem with dependency on the server side which for a browser (and an ad blocker for that matter ) should ideally be zero with the option to opt-in for things like updates.
I have a PiHole with a fairly huge block list (~1.2M entries) and uBlock Origin and I keep wondering if I stay only with them, will it be enough?
> To benefit from uBlock Origin's higher efficiency, it's advised that you don't use other content blockers at the same time (such as Adblock Plus, AdBlock). uBlock Origin will do as well or better than most popular ad blockers. Other blockers can also prevent uBlock Origin's privacy or anti-blocker-defusing features from working properly.
https://github.com/gorhill/uBlock
I also don't sign up for sync, or password manager, or any of that stuff as I don't trust it enough on any browser.
Several months into Brave and I have no urge to turn back yet.
Sampson (Brave Team)
Sampson (Brave Team)
[0]: https://vivaldi.com/blog/vivaldi-browser-open-source/
I really like the odd de-mozilla'd Firefox versions though.
"Privacy" is defective when your exploit mitigation is deficient. You've got a lot worse privacy when your whole computer is owned, than when a few websites track which other websites you've been to.
None of this is new. https://news.ycombinator.com/item?id=27219402
Brave has a top-notch team, uses Blink, and has some of the best fingerprinting protection I've seen in any browser, much better than Safari, and better than Firefox. They have good people working on it. The fact that an attempt to improve privacy [0] is being used to bring Brave bad PR is ironic.
[0]: https://github.com/brave/brave-browser/wiki/Deviations-from-...
The link you're referencing talks about NT kernel syscalls - if the computer is already infected it doesn't matter what browser is being used.
If one is a high-value target for a nation state or something of that caliber I would agree with you - but that doesn't apply to regular users. Atleast to my knowledge.
Another counter-argument here is that people looking for vulnerabilities would much rather spend their time looking for chrome exploits than firefox exploits (because of market share), no?
Coinbase was, and that wasn't long ago. If I were a sysadmin I'd blacklist Firefox from all my machines, no matter how I feel about the open web, about Mozilla or their mission statement, it's not a reasonable risk to take.
> Another counter-argument here is that people looking for vulnerabilities would much rather spend their time looking for chrome exploits than firefox exploits (because of market share), no?
People look for both. Firefox is a much higher value target to governments than Chrome, because that's what Tor Browser is.
Tor is Firefox ESR, which only has big security fixes backported; other security flaws remain in Firefox ESR for much longer. But beyond that, the security fundamentals were never a part of the original Firefox project like they were for Chrome, and it still isn't. 13 years later, Chrome's still making faster progress with exploit mitigation than Firefox, and Firefox is the one that needed catching up. There's a reason why GrapheneOS, which people here trust, don't use Firefox. Check their website for a great readup[0].
On Zerodium, Chrome RCE+LPE goes for $500k, Firefox and Safari. People will argue that's marketshare, but get any exploit mitigation researcher in here and they'll tell you Firefox (and Safari) are fundamentally less secure than Chrome. Price isn't just determined by demand (by governments), it's supply too.
I understand the "cyberpunk" love for Firefox, they're the good guys fighting big G. But that doesn't change what their codebase is.
[0]: https://grapheneos.org/usage#web-browsing
One of the reasons why I also quit this was because some problems with their rewards crypto programs. Basically, this content creator Tom Scott, makes great videos, tweeted some stuff about Brave explaining the issue. He says that Brave users who watched him or visited his website were encouraged to donate to him through the Brave rewards program, when in fact, Tom Scott had not signed up or agreed upon it. Several people donated misunderstandignly and Brave didn’t even say that Tom Scott was not on their crypto platform, refused to either refund the people who donated and thanks to this issue now any content creator who isn’t on their crypto platform has a small text below the crypto payment.
The issues mentioned by Tom Scott (from December of 2018) were wholly unrelated to security or privacy, and instead serve as a case-study in UI/UX and messaging. Allow me to explain a bit in greater detail.
Brave held a token sale in 2017 which resulted in 300 million BAT being added to a User Growth Pool. In 2018 we invited Brave users to direct BAT grants (that is, BAT belonging to Brave) to their favorite content creators. Some users expressed a desire to support Tom Scott (as they should; his content is phenomenal).
Brave's UI explicitly marked verified creators as such, but made no explicit indication when a creator was unverified (we followed a similar model to Twitter, which gives checkmarks only to verified accounts). This resulted in some confusion among our users about whether or not Tom was a verified creator.
Some users chose to direct BAT (again, from Brave's own User Growth Pool) to Tom's YouTube account. At the time, this BAT would migrate from the UGP through to a Settlement Wallet, waiting to be collected by the creator. Again, we're talking about BAT from Brave's own wallet--no user funds involved.
After listening to Tom's feedback over Twitter, Brave took action and made a series of prompt changes. For starters, we began to explicitly identify unverified creators as such (not doing so was a naïve design decision on our part). Secondly, we modified the contribution model such that Brave (the browser) would not send tips to any unverified creator (that is, no BAT would go into a settlement wallet). Instead, issued tips now remain in the user's control for up to 90 days while the browser routinely checks to see if the intended recipient has verified.
We blogged about these changes at the time: https://brave.com/rewards-update/. We made these changes in fewer than 48 hours, IIRC. Tom's feedback was excellent, and resulted in a substantially better tipping model in Brave. Of these changes, Tom shared on Twitter "These are good changes, and they fix the complaints I had!".
I hope this helps!
Sampson (Brave Team)
Sampson (Brave Team).
Sampson (Brave Team)
Brave proxies Google endpoints to prevent users from making unintended contact with Google.
Sampson (Brave Team)
[1] https://i.ibb.co/nPfpdP7/image.png
Curious why? Do you think that ads in Google search are good for the user and not privacy-invading? Those ads account for most of Google's revenue.
Do you not have a problem with claiming this on the homepage:
"Brave blocks all creepy ads from every website by default." when this is clearly not the case?
Or Brave does not consider Google a part of the "big tech" it is "helping to ditch"?
If you're on a Google-owned site, an in-situ first-party ad isn't necessary to harvest information about you—the page itself can do this far more effectively than any ad element. Blocking first-party advertisements is largely an aesthetic decision; Brave enables this via the Aggressive Mode in Shields.
By "creepy ads," we're referring to the invasive, data-collecting remote ad scripts which siphon your data from one host to another via JavaScript, Cookies, and cross-domain requests. First party ads (e.g. a Fortnite advertisement on the Epic Games website, or Google Ads in the Google Search Results) are not examples of cross-domain data-harvesting elements.
We absolutely do think that Google itself is creepy, and that it should be avoided entirely. Consider search.brave.com instead ;)
Yet you chose to allow ads that feed majority of Google's revenue?
> Blocking first-party advertisements is largely an aesthetic decision
Blocking all ads is an aesthetic decision. Users would still use ad-blockers even if all the ads in the world were not mining user data.
Brave supports the option to block all ads. By default we block the harmful ones. We offer options for blocking the non-harmful (but perhaps distracting/annoying ones) as well (via Shields and custom lists; see brave://adblock/).
If you wish not to see the first-party SERP ads on Google, I would suggest you not use Google. If you would like to use Google, know that doing so enables them to collect and harvest all sorts of data about you. But, you can hide their SERP ads (which doesn't secure any of your data) by switching Brave's shields from Strict to Aggressive.
Better to use https://search.brave.com instead ;)
How are you sure? I would assume that a more likely scenario is one where clicking a first party ad on Google.com helps build a profile about the user.
> If you wish not to see the first-party SERP ads on Google, I would suggest you not use Google.
Recommending to avoid a site that has ads is not how ad-blockers are supposed to work.
My suspicion is that this sort of comment is motivated by a 1990's view of Microsoft. They much different company now, for sure.
I'd say Apple did something worse than ads with the image scanning privacy invasion. Even retroactive in time. This is no go for me. But many are OK with this sort of disrespect by Apple while pointing fingers on others like MS? I don't think it's a good line of thought...
https://librewolf.net/
Surely, privacy minded people will find a way around those, but out of the box ipv6 is a privacy regression for the reasons listed above
Use random addresses, no further words needed. If you are actually that paranoid, feel free to use stateless translation to change the host part of the IP.
>Also, the geo-location accuracy using ipv4 is at the level of a city. With ipv6 you can get to a geolocation accuracy of a building block and confidently target individual devices within ones home network since they will use
Unless your ISP is announcing unique /48s of individual building block, no. If your home router gets a static IPv4 address, the same problem prevails, not relevant.
>Surely, privacy minded people will find a way around those, but out of the box ipv6 is a privacy regression for the reasons listed above
Out of the box IPv6 offers the same privacy regressions as the original IPv4 before we fucked it to high hell. NAPT is a royal pain for any P2P protocol.
There are people who already use ipv6 on their routers/pcs/mobiles and they don't even know it.
Updating one machine manually is okay, multiple machine - no.
> "Arunmozhi is a freelance programmer and an open-source enthusiast."
I'm surprised, shocked and dumfounded that Firefox is not even mentioned while Vivaldi and Chromium are being considered. For someone who put up with Brave for years and its other issues, it really seems strange that Firefox is not in consideration.
This is "self eating snake" type situation. Many webdevs ignore Firefox because of its market share and this yields worse support. People don't like "worse support" and use it as argument (excuse) for using Chrome.
However I've only noticed problems in Firefox with various "chrome experiments" and WebGL performance. Oh and sometimes it's hanging and taking too long to load some source maps on large projects.
[0] https://en.m.wikipedia.org/wiki/No_true_Scotsman
There's no reason for him not to consider Firefox, since installing extensions reliably led him to become exasperated with Brave relying on backend servers, which then led himto the decision to stop using Brave. So since most if not all of the extensions he's looking for are very likely either ported to Firefox, or have (often better) equivalents, why not switch?
I'm not trying to be pedantic, just using the opportunity to promote switching to Firefox, because it's great :) and there are less bumps on the road than people make out.
When I switched back to Firefox after quantum hit, I actually discovered I didn't even need a few of the extensions I needed in Chrome.
In Brave's case, we proxy the requests to prevent direct contact. As such, when a user attempts to install an extension in Brave, the browser sends the request through a *.brave.com endpoint, which relays it to Google, and returns the CRX (or other response).
In the author's case, they may have sent an invalid request to Brave's proxy endpoint (e.g. missing or invalid service key). This can happen when you're using an out-of-date build of the browser. It's not clear to us at this time what caused the "Access Denied" error, but we know that a missing/invalid key could yield these results.
Sampson (Brave Team)
It would be different if he was trying to visit www.archive.org and got an error from www.brave.com
If I could just install unblock origin or find system wide adblocker then I would use that instead
I went back to Firefox and haven’t looked back.
Hope the backend issue mentioned gets fixed. Tweet to Brenden, he's always quick to respond.
You're installing an extension from a web store. Of course it doesn't work if there is a problem with the backend servers. Where do you expect to get the extension from?
So installing the extension worked in Chrome, but not in Brave, because they had some backend problems, while the installing of an extension should not need the Brave servers at all.
Sampson (Brave Team)
Is the point that there should be a separate source of extension packages or something?
Unsatisfied, I checked the Reddit sub the next day, and saw tons of complaints. Apparently if the Brave backend is down, it won't even launch.
This is a huge problem that makes me entirely skeptical of not only the browser, but that anyone in charge has any idea of what they are doing. Currently testing alternatives...
Sampson (Brave Team)
Is there a link or can you share more? Why would a DST bug prevent an app from opening at all?
In our case, we had a bit of code that aimed to measure the time until midnight/tomorrow. But when clocks change at midnight (jumping forward or backward), you can wind up with days that appear to be longer than 24 hours in length. And when a day is more than ~24hr in length, you wind up with unexpected answers to seemingly simple math equations.
A bit of logic, responsible for setting up a timer, wound up scheduling numerous timers when our 'How long until tomorrow' code began returning negative numbers. That set of unintended timers locked-up the application itself. You can see our issue for the behavior here: https://github.com/brave/brave-core/pull/11030.
For 10 minutes of anxiety, check out 'The Problem of Time & Timezones' from Tom Scott of Computerphile: https://youtu.be/-5wpm-gesOY. It's a fantastic summary of the issues programmers face when dealing with time :)
Sampson (Brave Team)
I apologize for my hasty comments. Based on the Reddit thread I had seen, it seemed most people were blaming a down server - and to a user, that's what it -felt- like too, seeing as there wasn't an app update or anything recent. I'm thrilled to hear that wasn't the case, and appreciate the explanation. Sounds like we're staying with Brave then!
Sampson (Brave Team)
But it seems ad blocking is always mentioned as a feature.
Might I recommend trying piHole at the intake into your homes.
Instead of relying on the application doing filtering, simply do it for the whole network (yes, caveats apply).