IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Brave pushes the boundaries of privacy by design

It’s quite a big step to abandon the big three of Chrome, Edge and Safari for a niche option that doesn’t just tack privacy on top

The Brave browser icon in the background behind somebody using their phone

It’s one thing relying upon a swathe of various browser extensions or add-ons to help protect your privacy, block ads, add functionality to your browser of choice and wishing the plain vanilla version did more. It’s quite another to jump ship from the big three of Chrome, Edge (which uses Chromium under the hood, of course) or Safari to a browser that remains niche but provides much of that extension functionality out of the box. 

Historically, or maybe histrionically would be more appropriate among some fans, the alternative choices have been Firefox, Opera and any number of very niche products. However, for many that choice has become easier, with one of the once-niche options starting to build quite the following. I’m talking about the Brave browser, which doubled its monthly active user count across 2021 to a none too shabby 50.2 million. And for very good reason, with the emphasis on the “very good” bit: for it really is.

Let’s be clear though, it’s still a tiny fish in a very big pond. Firefox, for example, has four times as many active monthly users (216 million), Edge boasts 600 million and Chrome, as far as I can make out, has a stonking 2.5 billion. I’ve not been using one of them for some time now, having found Edge to not only be quicker but easier to use without throwing as much of my private data into the Google realm. Then again, I’m not overly keen on Microsoft having my data either, which is why I eventually thought I’d give Brave another try. 

Brave: The people's browser

I first used Brave back in 2017 when it was a relative newcomer and “only” commanded around one million active users. Back then I found it – how can I put this politely – a little clunky. That’s no longer the case: I’m using Brave as my daily driver these days. Yes, under the skin it’s still the Chromium engine that powers both Chrome and Edge, but it’s the nature of the skin wrapped around Chromium that makes the difference. And it’s a big difference when you’re talking in terms of privacy

From built-in fingerprinting rejection (through ad, tracking and script blockers) to the use of Tor for private sessions, Brave pushes the boundaries of how user privacy can be baked in rather than having to be added by the user. But that’s not the only reason I’m all-in on Brave. Privacy feature development is seemingly continuous, as it needs to be if Brave is to keep pace with the dynamic and evolving world of those who would know every last thing about you and your online habits. 

Take, for example, bounce tracking. As I write, I’m using Brave v1.36, but by the time you read this v1.37 may well have arrived along with a new unlinkable bouncing feature. What the actual wotsit is that I hear you ask? Simply put, bounce tracking is a sneaky way to implement third-party tracking cookies when they have been explicitly blocked by the user. So, when you arrive at a site where such cookies are already blocked, instead of just admitting defeat to the privacy rights of the user, a redirect is made to a different domain where the cookie is set before redirecting back to the original destination. It effectively bounces the tracking function so that it uses a first-party cookie instead, by carrying out what is basically a “tracker-in-the-middle” operation. 

Other browsers do their best to defend against this, but it’s not easy to get right every time. Unlinkable bouncing fights back by routing visits to potentially infringing sites (using a list of known or suspected domains) through temporary browser storage, which gives the impression of a first time, and unique, visit. This prevents the tracker from re-identifying you on subsequent visits, effectively anonymising the digital fingerprint. The temporary storage is just that and gets deleted once the user navigates away from the privacy-infringing site in question. 

This is in addition to existing Brave functions such as tracking query parameter-stripping from URLs and debouncing known sites by jumping straight to the intended destination where known tracking domains are being inserted. It’s all rather simple, ingenious and yet another reason to admire Brave.

We should all strive for privacy by design

That Brave uses the Chromium codebase is great for the kind of ease of use that the average user demands, especially when it comes to the choice of browser extensions. However, I must flag the fact that the more browser extensions you install, the greater the chance that you are inviting data collection and user/system fingerprinting in. That applies even when using a privacy-focussed browser such as Brave. Which means you should ensure you do a little due diligence before adding anything. 

What does “a little due diligence” mean? Simple: check the privacy policy, the permissions that are required, the data that the extension sucks up and what it is used for. Spending ten minutes checking those things, and reading user reviews, is time well spent in my book. Brave is better than most, despite my warnings, because it comes with ad and tracking blocking, HTTPS everywhere and the like built in, so there’s no need to go completely mad adding loads of third-party stuff anyway. Mea culpa, I have Ghostery Plus, EFF Privacy Badger and uBlock Origin installed.

I’m not a “crypto bro” and have no use for the ability to earn BATs, basic attention tokens, in return for allowing certain adverts to be shown. Nor do I need the built-in crypto wallet, thanks very much. If you do enable this functionality then a percentage of the BATs you “earn” for having adverts displayed goes to the advertisers you interact with. None of which is problematic, given what we understand about the murky world of AdTech, as enough users enable this to allow the Brave owners and advertisers to make money. More importantly, it doesn’t impact upon a distraction-free experience for those who came for exactly that. 

There’s a really good, although now four years old, technical explanation from the developers on Reddit on how Brave does away with external ad servers and instead, if you opt in, has Brave ads “matched and delivered by the browser, client-side”. An opt-in, client-side, advertising model is preferable to the alternatives if you don’t want to just block everything I guess. 

Featured Resources

The state of Salesforce: Future of business

Three articles that look forward into the changing state of Salesforce and the future of business

Free Download

The mighty struggle to migrate SAP to the cloud may be over

A simplified and unified approach to delivering Enterprise Transformation in the cloud

Free Download

The business value of the transformative mainframe

Modernising on the mainframe

Free Download

The Total Economic Impact™ Of IBM FlashSystem

Cost savings and business benefits enabled by FlashSystem

Free Download

Most Popular

How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

29 Jul 2022
Cyber attack on software supplier causes "major outage" across the NHS
cyber attacks

Cyber attack on software supplier causes "major outage" across the NHS

8 Aug 2022
Should you take your password manager off the internet?
Sponsored

Should you take your password manager off the internet?

28 Jul 2022