Why would Brave disable this? In my opinion, this is one of the most useful additions to browsers in recent memory, and it's quite annoying to click a link expecting to go a specific section and just be put at the top of the page. I noticed this was broken in Brave, but I never would have imagined they intentionally broke the feature.
It's not the link fragment portion of the URL in the address bar that is sent to DNS, it is DNS requests from additional lazily-loaded content that is pulled up when the browser jumps down to it.
This requires the attacker to have third party content on the page you are trying to get the user to scroll through, that is a huge assumption no?
The password web page example is here highly unlikely: if the attacker injected his external content on the password web page, he has already a very strong position - getting users to click on links is not a logical next step, the attacker has far better avenues I would assume.
I don't really get it. It seems like one of those theoretical potential privacy violations, but seems more like an academic exercise than anything exploitable.
I guess the idea is, someone can derive data about what you clicked based on some side channel (DNS queries? wifi activity? power draw?).
It does seem mostly theoretical, but it also seems like a natural feature for a privacy-focused browser to exclude. Web browsers have a long history of “mostly theoretical” becoming “effectively practical,” like when some new unrelated change invalidates an assumption underpinning the privacy guarantees of the original feature.
In terms of this vector, I could imagine it leading to history enumeration when combined with CSS, similar to the classic “check the color of the link.” Or maybe some fingerprinting scripts could send signals to server-side traffic analysis heuristics by preloading a specific script based on which region of the screen is visible within the first second of loading the page.
That’s all speculation of course, but clearly the feature increases privacy attack surface, by giving an external observer more paths for potentially reducing your possible anonymity sets.
You're right, it does much the same thing, but this works on external sites so a webmaster doesn't need to create a bunch of anchors to specific information on a page. Instead you can link to any site and force the browser to highlight/jump to an arbitrary location on that external site.
It's the kind of thing I'd disable because of the privacy leaks it makes possible (Ctrl-F on the new page works just as well and keeps the user in control), but I can see how some people might like the extra convenience (when it's not being used maliciously to collect sensitive information from otherwise secure websites).
This is probably the #1 feature that gives me the most personal conflict.
I remember seeing it for the first time and thinking, “oh here we go. Google needed browsers to have a feature to make its search engine UX better…” But I also cannot deny just how useful it is.
Does the internet have any discovery mechanisms except social media curation and search engines?
If videos can be timestamped for links, why not webpages? Linking to automatic content-indexed excerpts shows respect for the time spent by recipient and saves markup effort for the author.
I mean you can arbitrarily type domain names with common TLDs in and see what happens. I hear the white house may not be a good start to roll the dice on. Yahoo, Altavista, and others used to have a curated index of quality websites. Links are inherently a discovery feature. Services like StumbleUpon used to exist but could arguably be seen as "social."
The problem with "social media curation" as a qualifier could be interpreted as "a human is involved." Pretty much all forms of discovery, internet or not, requires either search or a human involved. Some services of course have broadcast mechanisms for curating an index but that's about the only exception I can think of for discovery that breaks away from these two qualifiers. To some degree, DNS is a broadcast system for discovery.
In the absence of a universal recommender system that acts on clustering effects, social networks and link aggregators like HN can really be the next best thing.
It looks like at one point, mozilla attempted to solve this with their context graph project as well as their acquisition of pocket. However, it does look like it has all the hallmarks of a technological solution to a societal problem. Solving the adverserial aspects as well as ethical concerns would require nothing short of a rethinking of how we use the web.
> I mean you can arbitrarily type domain names with common TLDs in and see what happens.
I've always been curious whether any search engine tries to index the "disconnected web" by just war-dialing domains/IPs like this.
> To some degree, DNS is a broadcast system for discovery.
Sadly, there's no real way to build a "DNS spider." You could if you could send DNS AXFR queries for arbitrary zones; but DNS servers mostly don't respond to these without authentication.
IIUC the main risk is that they can check if text appears on a page based on it.
In an extreme case imagine that someone sends you a password in a messaging app which is available via the web. If an attacker can trick you to open webpages (maybe they intercept a HTTP site and open a few tabs) they can detect if the page scrolled based on side channels (data transfer) or direct information (did you load a lazy-loaded image from their server?). You can use this to learn page content. This is vaguely similar to https://en.wikipedia.org/wiki/CRIME.
As a concrete example imagine that a webpage has something like this past the first page.
<p>Your password is 56acc1bc03298ec0</p>
<img loading=lazy src=https://cdn.example/secure.png>
If I can trick you to load #:~:text=Your password is 5 and observe that you looked up the DNS for cdn.example and loaded secure.png (especially if that resource isn't cachable) I have learned the first character of the password.
If I do this 64 times (on average) I have learned the whole password.
This is a little hard to do, especially with pop-up blockers being built into most browsers so it is hard for a site to open many top-level windows (origin isolation of modern browsers will likely block this in iframes) it is not too extreme of a case.
Of course there are simpler attacks. Maybe someone can link to https://www.youtube.com/feed/history#:~:text=Voice+Feminizat... and they can tell if you have watched this video based on how many thumbnails have loaded. You load too many thumbnails and you get thrown in jail for being trans.
Fair warning that I have not actually attempted these things, but:
1. I think you could potentially embed an iframe on a page and use the scroll positions combined with this feature to read information on a page. Start with "a", check scroll position, then "ab", then "abc". Similar to a blind sql attack where you gather data/hashes by continuously adding to the SELECT query using a substring function and a sleep (to detect if the substring was found). You brute force character by character. I believe this is commonly called an "Oracle attack"
2. XSS/Phishing/Spam. You add a png with a "Your account has been compromised" or a "fake form" (think Google docs) or whatever your spam message is to a part of a page. You send an email with this special url that will cause it to jump directly to that location on load.
Just some theories. I'm pretty sure the first one would qualify for some sort of bounty, but my experience is most bug bounty programs wouldn't count the second one as valid (requires user interaction).
As it stands today, the spec has issues when considering other pre-existing options and future compatibility. For example, there is no way to get the URL if the protocol is `file://`.
I think it can be easily fixed, using solutions like a delimiter, but that discussion probably needs to be apart of a wider discussion concerning URL extensibility.
Same with letting you disable their built-in extensions.
Seems pretty wild to me that a privacy browser is alright with having their own extensions run in browser without any way to disable them or even know they exist.
"But the extensions are open-source so that means you can audit them!"
Uh yeah... but maybe I just don't want them to run and put "Tip" links on everything. It doesn't matter whether they are secure or not, the user should get to choose what they run in their browser.
Brave is great (in my opinion), but the more you look the more you realize how strongly opinionated it is about how people should use the web which is pretty antithetical to what Brave says they are trying to do.
You can disable them, but the options are hidden all over the place in Settings, some seemingly buried intentionally to make them hard to find -- using UI dark patterns.
Can you actually disable them, or just disable what they do by finding and toggling some obscure option in the settings? There's a difference between changing how an extension running in the browser works and removing it so that it isn't running at all.
They're kinda damned if they do, damned if they don't. If they left it in, (some) people would condemn them for not taking privacy seriously. Since they took it out, (some) people condemn them for taking this theoretical privacy risk too seriously.
Because I don't want to suddenly move on some place on a page. I want to start on top of the page regardless what Google believes is best for me. And what pissed me off was that Google decided that this feature is mandatory and I can't disable it.
You seem to have misunderstood the feature. Google doesn’t decide anything - the person sharing the text with you, or the search result referencing that text, is what uses the feature to guide you to the right location.
Sometimes I wonder if people enjoy being blindly knee jerk reactionary.
No I did not misunderstand the feature, it was Google who pushed it on me. In Google, in its search engine. And I was not able to disable it. Sorry that I don't like to be told what I want to see.
What about just keeping existing flags in Chrome [0] which used to be there? Is it too much to ask? I don't want to use Google search + Chrome so I can get scrolled into middle of a page without any context with random highlighted text, because Google search believes this is what I want to see.
Thankfully switching to Brave solved my issue and this stupid feature is disabled.
Oh, okay I see your problem now. I forgot that Google Search will take advantage of the browser feature to scroll-to-text.
I think most in the comment chain were thinking of the case of sending a link to a friend where you want them to be scrolled to some specific text. I often want to create these links for others when linking to long pages, or technical documentation.
I haven’t tried Brave (the crypto stuff puts me off), but if you’re interested in a good alternative to Google Search (that doesn’t link text fragments) you should check out Kagi. It’s paid, but it’s worth funding a Google competitor on principle IMO.
There's no for-profit entity behind it, so no perverse incentives to monetize either (but that also means they don't have a budget for proper CI, signing, distribution, etc.) so there's a bit of DIY work involved on less-popular platforms.
I use Ungoogled Chromium as a backup whenever a website makes the unfortunate choice of not properly supporting my main browser, Firefox.
Ungoogled Chromium is the Chromium-based desktop browser that I use as a backup to Firefox, but I almost never need it.
I have two installations of Firefox: a primary installation that has Enhanced Tracking Protection and privacy extensions enabled, and a secondary installation that has neither but clears all history when the browser is closed. I'll switch to the secondary installation when the primary one doesn't work with a site, usually because the privacy features interfere in some way. It's easy to do this with two editions of Firefox (e.g. stable and Beta/Developer Edition, or a fork like LibreWolf or Mull).
With this setup, I rarely ever use Ungoogled Chromium, and haven't used it for some time.
Absolutely, and I do use Firefox profiles on desktop with the Profile Switcher for Firefox extension.* Profiles aren't available on Android, however, so I use multiple installations there.
Firefox is also full of bloatware, telemetry and potential privacy concerns. Try enabling a firewall for Firefox and see how many domains are contracted on startup ...
I've sadly felt like I had to switch to Librewolf, a fork of Firefox that resembles Ungoogled Chromium. Sadly because Mozilla really needs all the Firefox users they can get... to stay alive. But they make it hard.
Sometimes cookies are used as they were designed - to store data in browser. For example 5etools-mirror-1.github.io. App without cloud storage or user account system. It stores your shortcuts in YOUR cookies, not in the server's DB.
Timeouts and expirations are an absolute plague of the modern world. I can count on one hand the number of sites that I want to be logged out from automatically.
My browser is configured to not save any state past shutdown. I prefer that login info is not stored in an opaque way in a 'jar' that's hard to control.
Do you mean if you open up a website you used two weeks ago you still want to be signed in? For a website you visited daily the cookie could be refreshed.
If you're religious about locking your phone/PC then you probably don't have anything to worry about otherwise someone could easily just see what you have going on in your browser
I think if convenience measures favorably against even minor security concerns in nearly any situation, you are probably not the target audience for specialty security-focused web browser projects.
So they're asking users to trust that their servers don't track them? Has there been any audit done on their infrastructure (a quick Google search didn't reveal anything)? How are they making sure that there are no employees who enable some simple tracking on their proxies for some extra cash?
True, it's probably far-fetched, and one could argue that "it's still miles better than Google", but (as some others further down have noted) Brave didn't have the best track record in the past (they tried tracking their users too...)
Is there a way to use tree style tabs on Brave? I was using Sidewise (via sideloading since it's not in the Chrome Store anymore), but it seems to have been broken by a recent update. I'm about ready to jump ship because I need TST. I have otherwise liked using Brave though!
Chrome-based browsers have poor support for side tabs. There are some extensions that mimic it with an extra window, but it's not great.
The Cluster Tab Manager extension has been good enough for me. I have to open it explicitly as a tab, but then I can easily see and manage all of my open tabs.
They just released a Nightly build with the first development version of vertical tabs available. The basic functionality is pretty similar to Edge's (which is good IMO) but it's still very rough and eg. tab groups are glitchy for now. They work but aren't visually nice at all.
Once FF started doing experiments on its userbase and started churning through their executive teams (and userbase!), I was already looking for an alternative. IMO, Brave has now definitely overtaken Firefox as the most privacy-focused browser.
Releasing this list publicly on Github is an awesome move, especially given the links to the issues that explain the reasoning and discussion behind all of it. Kudos on this transparency.
As cool as Brave is, I still think it has big issues running Chromium. Chromium still allows Google to dictate a lot of the internet. We should have more competition in the space and that will help us all. I honestly even wish there was more than Chromium (and the various colors), Safari, and Firefox. It really seems a lot of these decentralized services have become highly centralized and thus a lack or competition and growth.
But honestly it already happened, Firefox is already irrelevant.
Mozilla is mis-managed organization that is funded to avoid anti-trust investigations, they dont fully push for privacy because they are afraid of google, do out of touch changes, and focus on political advocacy.
Compare that to brave, which builds its own independent search engine, ad network, and has privacy by default in its products.
There is no hope that Mozilla and Firefox will change the status-quo anytime soon, Firefox is losing users at crazy rate, and Mozilla is absolutely failing to do anything to change Firefox's destiny towards irrelevance.
Brave is almost everything Mozilla should've been.
Actually do what they sey, no hidden google analytics in their products, no unique ID for each installer downloaded, push for privacy by default and independence from big tech, not being shy from google, because they are their only income.
I would argue, that if Mozilla wants to turn its course around with their "limited resources" it should drop gecko, and anything irrelevant to the users experience.
Fork Chromium, the best web engine out there by a mile, and remove any anti-privacy / anticompetitive code, while still taking advantage of the huge development resources directed to chromium from many parties, and maybe Mozilla can also influence Chromium's development.
Start pushing privacy by default, its the reason brave is gaining users at such a rapid pace, its a browser I recommend to everyone, as just by installing it they already are much more private than with chrome.
What matters is the users experience, its why brave is growing.
I totally agree that Mozilla is mismanaged, but I'll still take a mismanaged and politicized Mozilla over a tentacle of The Google any day.
And that's precisely why I use Firefox. In response to the comment you were responding to, I don't know why anyone should care about how relevant Firefox is. For every browser someone invents, there will be someone claiming how bad it is from a security standpoint because reasons. Whatever. I can't keep changing browsers every time someone on HN says my browser is flawed or that the company behind it sucks.
Unless things have changed, there are things about Firefox that I want that Chromium doesn't have. Can I disable history entirely in Chrome? Last time I looked, nope. Can I have multi-account containers? Nope. Can I block autoplaying videos? Nope. Can my ad-blocking not be nerfed? Nope. Can I not have the settings flags get taken away so frequently? Nope. I'm sure there's other things as well.
If Brave went the road of completely relying on its own browser engine or a fork of Chromium, I'd be all in. The longer Brave is around, the more likely I might make the switch. Another reason I don't want to leave Firefox is I've seen plenty of new and hip web browsers come and go.
I agree. There are enough substantial features in Firefox that push it over the top for me.
For one, scrolling is just so much better than in any Chrome browsers, which I have noticed tend to drop frames and lag, regardless of the machine. Is it extreme? No, but for me, it is noticeable and Firefox just has that silky smooth scroll feeling.
Another big one is Manifest v3. I think Google may alienate a minority of their audience when it is implemented in January, and Firefox may see a bump in users. Having a kick-ass ad blocker like uBlock Origin work robustly will be a selling point for some people.
Another one I see people don't often mention is design. I may be in the minority of hardcore Firefox users, but I really have enjoyed the redesigns, and Firefox is still customizable enough for me to feel some joy using it.
Overall, Mozilla is definitely mismanaging and leadership needs to be turned over, but the browser is still in a good spot. If things turn around, I could see it becoming more and more popular.
> Unless things have changed, there are things about Firefox that I want that Chromium doesn't have.vCan I disable history entirely in Chrome? Last time I looked, nope. Can I have multi-account containers? Nope. Can I block autoplaying videos? Nope. Can my ad-blocking not be nerfed? Nope. Can I not have the settings flags get taken away so frequently? Nope. I'm sure there's other things as well.
> Can I disable history entirely in Chrome?
on brave, you can make it completely remove the browser history on every start.
> Can I have multi-account containers?
I agree, its a great feature of Firefox, the closet thing on chromium is multi profile windows
> Can I block autoplaying videos?
I think brave does this by default, not sure though.
> Can my ad-blocking not be nerfed?
Brave shields is based on ublock origin, and its a part of the browser, not limited by any extension API.
> Can I not have the settings flags get taken away so frequently?
Im not sure you can say this is am advantage of Firefox after the many settings they removed.
> on brave, you can make it completely remove the browser history on every start.
I guess that's fine, but what I want is no browser history at all except for back-forward navigation purposes. In Firefox, there's an about:config flag that completely turns off history when set to false. Not sure which one. The effect is that nothing ever shows up in History or History > All History, with the exception of the Recently Closed Tabs section, and the URL bar autocomplete doesn't reference anything that you've navigated away from.
Not that I'm doing anything bad on the internet, but what I found is not holding info about history in memory or on disk made things a little snappier and I just prefer what I do to be ephemeral unless otherwise opted in to. And yeah, I know that cookies and local storage are a thing, but that's really not the point.
> Brave shields is based on ublock origin, and its a part of the browser, not limited by any extension API.
Nice, I didn't know that.
> Im not sure you can say this is am advantage of Firefox after many settings theg removed.
Yeah, Firefox has a similar problem but my perception is it happens less often than with Chromium/Chrome.
Chromium isn’t written by just 1 entity, Microsoft intel samsung have all made major contributions - and anyone can hard fork it if they want to. I know most others here disagree but we do need standardization in this modern web world and chromium is just that.
Even if we don’t like it, the reality is what it is. Firefox is dead (about the same market share as ‘samsung internet’ these days). It would be best if we worked to make these web standards (chromium) bend to our collective will (like brave or Microsoft) rather than chasing pipe dreams of a Firefox return.
Firefox market share is dying because of this mentality that is killing it. Self-fuffiling prophecy.
The standardization is in the standard, not the implementation. You do not need everyone to use the same implementation in order to have standardization: that just allows the implementer to bend the standard to his will.
No, Firefox didn’t die because a few of us devs stopped using it and standardized around chromium. They died because chrome has outperformed them on speed and efficiency for a decade+ (I still can’t run FF on my Mac without my fans whirring to life). Not to mention things completely outside their control like chromes marketing budget.
I’m not trying to place tons of judgement on Mozilla though - just saying we all need to face the reality rather than living in denialism.
> I still can’t run FF on my Mac without my fans whirring to life
I haven't seen this behavior on a Mac since Firefox Quantum was released, FWIW. It's what got me to switch back to Firefox in the first place. (Sidebery and a few other nice extensions have helped keep me there.)
I didn’t use Firefox pre-quantum so I’ve only seen this behavior post quantum. I last gave Firefox a try about a year ago and while the fans weren’t as bad the battery life/power consumption just wasn’t comparable to safari or chrome based browsers
It isn't comparable to Safari for sure, but with similar tabs open, for me, Firefox and Chrome have similar (if not better for Firefox) heat/fan behavior. Leaving a Gmail tab open is cursed in both, though.
I would use Safari on a Mac if there was a decent way to sync browser history, etc. to Firefox on Windows, but--welp.
While I was the first to jump ship, when Chrome got released, I really tried to like Firefox in the last ten years, but in the end Mozilla failed on so many fronts, that they lost me to Brave.
Firefox market share is dying because for the longest time it was slower than Chromium. These days in my personal experience, it's mostly on-par but there's not a whole lot of compelling reasons to use it.
I get the privacy angle, but I'm searching Google anyway. They have all my email since 2004, my photos since 2007. My phone is Android. Switching to Firefox alone makes a minimal impact on my overall privacy footprint and causes some websites to load slower.
In ye olden days you could make the argument that it was more customizable than Chrome, but since the shift to WebExtensions that differentiator is gone. What's wild is that they didn't think of the top 10 power user features (like Tree Style Tabs) and attempt native support for them, they just kneecapped extensions without offering an alternative.
Also Firefox's market share is dying because of its built-in privacy tools blocking trackers by increasing opt-in and the conflict of interest that the largest analytics firm (Google) is also the largest advertising networks/firm (Google) and relies on some of the most ubiquitous trackers (Google) and owns the biggest competing browser (Chrome).
I believe that Firefox's market share is greatly under-reported and Firefox's dying at least somewhat over-exaggerated. But then all the headlines get to people and it becomes a self-fulfilling prophecy in that way too that all the people that feel some pressure to abandon a "dying" ship only because everyone keeps telling them to.
>> its built-in privacy tools blocking trackers *by increasing opt-in*
Enhanced Tracking Protection is one-click to turn on, and suggested as an option on first startup on a fresh install (modulo A/B tests and whatnot) and is a setting that syncs across your devices if you do turn it on just once. Anecdotally, most people I know still using Firefox as daily driver also have Enhanced Tracking Protection on. Enhanced Tracking Protection does block Google Analytics and other standard analytics providers. (So much so that some ad companies have started to treat Firefox as an "ad blocker" by default and have increasingly harsh warnings that sites are not supported in Firefox due to "ad blocker". ETP blocks zero ads, just trackers.)
No. Firefox has been dying for, what, a decade now (losing market share since 2013)? The only people using Firefox are the people who care about Firefox as a product and a competitor, which is (in the grand scheme of things), almost nobody. Everybody else left, often with decent enough reason. Google recommended Chrome, Chrome was faster for a long time, Firefox stagnated and put ads and sponsorships everywhere, and wasn't better in almost any respect for a normal user than Chrome.
Almost everything everyone accuses Mozilla of and uses as their reasons for leaving is far worse in a Chrome ecosystem. It boggles my mind how people can complain about X and then jump to chrome where X is just as bad or worse.
Ah... no? Firefox, before Quantum, was slower than Chrome, had worse battery life than Chrome, and (on a Mac) was way louder than Chrome. And by the time they mostly fixed these problems, there was basically no reason to use Firefox other than it wasn't Chrome - which, other than to a developer, is not a selling point to the masses.
FF is inferior product and seems to waste the last money on things completely unrelated projects. Sooner or later it's a dead product or they start using chromium/webkit and go for the Brave/Vivaldi model.
I'm sure that die hard fans of any failing company said the same thing. Further proof that Firefox fans mentality is more akin to a cult than actual technical merits.
> we do need standardization in this modern web world and chromium is just that.
Yes, we need standardisation - that means we need multiple browser engines. You can't have a standardised web with a single browser engine. That's the whole point of standards.
Generally speaking, the W3C will only move a standard into the recommendation track if two competing implementations have been demonstrated.
If Chromium was the only browser engine around we wouldn't have web standards: we'd have Chromium features.
Chromium is so large that it cannot be meaningfully forked by anyone but the most well funded enterprises... Even M$ track chromium as upstream. There are no true chromium forks, they are all derivatives that track chromium - it's too much to maintain.
The problem is not merely a chromium monoculture and chromium specific historic implementation complexities, but the difficulty involved in building and maintaining a complete, modern and compliant web browser.
The same can be said about Firefox, or any larger project. Yet people still do it and some people generate their own Linux distros using LFS. Just because it isn't painstakingly easy to build like a Go app, doesn't mean that it isn't possible or isn't done. Searching Google will find a lot of people forking Chromium and adding their own changes.
LFS is not comparable, you can make your own opinionated choices and so it's feasible to have a small scale linux distro. The web is not like that, there's a massive non-optional spec you must implement for your browser to be minimally useful.. and even once you get there it takes a lot of people to merely maintain that level of completeness and compliance.
The state of web browsers is more comparable to derivative distros like Debian based or red hat based etc. They don't hard fork, they track upstream with a bunch of changes continually rebased on top.
> Searching Google will find a lot of people forking Chromium and adding their own changes.
Those aren't hard forks, they are derivatives, you wont see those people continually extending it with new features from W3, fixing zero days and improving implementations... they are the "debian based" in my analogy.
> The state of web browsers is more comparable to derivative distros like Debian based or red hat based etc. They don't hard fork, they track upstream with a bunch of changes continually rebased on top.
Isn't that Brave is doing here? There is NetSurf and others but the spec is complex because of standards committees, not because of Chromium.
Yes, brave is not a "hard fork" in the sense that it tracks upstream rather than diverged from it at some point in time.
The difference is that they can try and add and remove bits on each rebase, but ultimately it's beholden to the long term choices of the chromium project. Substantially diverging while tracking upstream incurs too much work on each rebase; Abandoning upstream to accommodate substantial divergence also incurs too much work due to taking on independent maintenance that increases the more the projects diverge... so as I said no one with substantial resources and a good reason would attempt to hard fork chromium.
Hard forking isn't a practical consideration unless the organization in question is willing to build a team that can rival Google's Blink/Chrome team, which is a ridiculously tall order. Microsoft is capable of doing that but I don't think they want to.
And yet a ton of people here think there should be lots of people building lots of completely separate browser engines… that is certainly more difficult
To the point though - I think the threat of hard forking does something in and of itself to the chromium maintainers
The main issue with hard forking is keeping up with Google's unrelenting firehose of changes, many of which have serious security implications, which is going to become more and more difficult as the fork diverges. Maintaining an original web engine is certainly no simple task, but it's more reasonable than having to deal with the output of a much larger and more well-funded team.
> WC3 creates the standards and it’s up to the browsers to implement them.
That was mostly true until they came out with XHTML2, then the browser vendors were, like, “LOL, no, that’s not happening, here's what we’re going to do”, and thus was born WHATWG and the HTML Living Standard.
I respect your opinion but honestly fragmentation sucks. I wish there was even more consolidation - ever use a power drill? 7 different battery types non compatible with each other.
On a related note I’m happy usb seems to be the general connector winner (though it’s certainly not without fault).
What would the average consumer gain if there were say, 10 different browser engines equally popular?
Chromium is open source and you can easily disable features you disagree with. Don’t see the downside. Fork it and add functionality you’d like, like Brave.
I'm finding it hard to give you the benefit of the doubt because it really sounds like you're advocating for a Google monopoly, which doesn't help anyone. Sure having a bunch of different battery types is annoying but in that case either you should find a brand you trust and stick with them, or brands have fragmentation within themselves which is a different issue altogether. The "fragmentation" you're talking about here is competition though, there isn't really any downside to having a bunch of different popular browsers and the upside is that none of them get to do anything crazy knowing there's no serious alternative so you can't leave. Google is already invasive of privacy, I can only imagine it'd be even worse if they didn't feel like there was significant risk of people switching browsers because nothing else was popular.
I'd even argue that the battery issue is more complex than centralization/decentralization. Look at USB or RCS. If there is a political push or reason to capture a wide variety of users, then these things work better. (hand held) Tools have a different issue, which is brand loyalty, which allows manufacturers to create a lock-in environment (see Apple). If there was proper competition, then lock-in is very hard. I would bet that if there was a big market if you could create a universal adapter, battery, or tool. But the issue is that you'd need to create a lot of brand loyalty. There's so many cheap tools that perform terribly and break that this space helps reinforce the brand loyalty. But just because new comers have a large uphill battle doesn't mean it isn't possible. In fact see how LTT is tackling a few different products. Yes, premium, but they show it off and the perfectionist mindset is essential. Also helps that they already have a userbase and brand recognition.
We see similar issues with browsers actually. If other browsers could get name recognition, many would turn from Chromium. But I don't think that it helps that us nerds squabble about Brave v Google v Firefox and just call the one we don't like "trash" or "absolute garbage." Honestly, they are all fine.
But I would like to point out how there is a real world slippery slope. We all used to complain about how Apple products were too expensive for the hardware the sold. How the lock-in and fanboy-ism would affect the rest of the market. And that reality has come true (at least for phones). Apple sets a price and others follow. I don't really want a world where a singular company dictates how the web should work.
Google is not really the point. The point is that there’s a single standard. Doesn’t matter who’s it is to me.
> The "fragmentation" you're talking about here is competition though, there isn't really any downside to having a bunch of different popular browsers and the upside is that none of them get to do anything crazy knowing there's no serious alternative so you can't leave.
If this is your opinion then what difference does it make if there’s a monopoly? You can use Firefox or Safari no?
Not to mention chromium is open source. Anyone can fork it, like Brave in FTA. I don’t see any downsides, given that you can disable and features you object to.
An implementation isn't a standard, though... and the concern is that Google are using their dominance here to push more half-baked ideas (some of which they then discard, see HTTP2 Push)
There already was single standard. I think your point is that you want there to be a single implementation. You can't really have that at this point without allowing powerful commercial interests to basically have free reign over what code is executed on your computer.
> If this is your opinion then what difference does it make if there’s a monopoly?
The argument is against monopoly, even an effective one. Chrome has about 65% market share (88.5% in India), I'd call that an effective monopoly (especially considering all the chromium based browsers). Large enough to dictate how things should be done and people will follow because they have to. It doesn't matter that it is open source, it matters that there is too large of a userbase that decisions fall into the hands of few. It's not like Microsoft's Internet Explorer abused this in the past and we have no precedence or anything...
I guarantee you that this will only lead to a fracturing of the internet, especially considering it is a global network.
> Not to mention chromium is open source. Anyone can fork it, like Brave in FTA.
I don't think you understand what a fork truly means. Blink, the web browser engine used by Chromium is a fork of WebKit. WebKit and Blink are now completely separate browser engines made and maintained by different companies.
Meanwhile, Brave is a skin on top of Chromium. They've patched Chromium to their liking. You can read the first paragraph in the link to confirm this.
People are really underestimating what hard forking a behemoth project like Chromium really means. I don't think anyone besides Microsoft has the capability to do it and they've already given up on that prospect.
> ever use a power drill? 7 different battery types non compatible with each other.
OK, but do you think you would be well-served if this problem were solved by there being only ONE manufacturer of power drills, take what they give you at the price they charge or nothing?
It would be one way of solving the problem of lack of standardization of power drill batteries.
It is the analogy of what you are speaking in favor of by analogy.
The better solution might be multiple drill manufacturers agreeing on a battery standard to all use together, so their batteries can be interchangeable, but you still have your choice of different competing drill and battery manufacturers. What would be the analogy with browsers, do you think?
> OK, but do you think you would be well-served if this problem were solved by there being only ONE manufacturer of power drills, take what they give you at the price they charge or nothing?
Imagine having 20 different gas guzzling cars with 20 different proprietary fuel inlets. If you buy an Audi say, you'd have to go to the Audi refilling station.
> What would be the analogy with browsers, do you think?
There's no need for analogy -- we've experienced this in the past, e.g., MS ActiveX and other Internet Explorer bugs (or features). There's also the proprietary web, e.g. SilverLight and Flash, before HTML5 Canvas came along.
And then HTML5 was a branding effort. Browsers needed to support it to be marketable to the general public. Things just started working again without needing to install plugins or to keep plugins up to date (Flash) -- it was a better web.
The W3C could do this if the web gets too fragmented again.
What a strange argument. The diversity in cars helped set the universality in the gas port. The same thing is happening with electric vehicles. Yeah, there are some proprietary ones like Tesla, but as more manufacturers have gotten into the space there have become standards as companies realize that a standard charging port helps them beat Tesla (being a united force). Network effects are real.
My rebuttal is saying that your premise is bad and indicating why. I can't disagree with points because I disagree with the foundation you build your points on.
The point you seem to be missing is that Chromium isn't a standard.
If you want to reduce fragmentation while avoiding having one entity with too much control, the solution is fair setting of web standards and multiple browser implementations from different entities.
Requiring everyone to "just fork Chromium" would leave far too much power in the hands of Google (as if they didn't have far too much power already).
> ever use a power drill? 7 different battery types non compatible with each other.
Battery is the proprietary part. The engine (battery + motor) makes it spin, but for the purpose of making a hole or driving a screw one can use a wide array of standardized bits from various manufacturers. You may need an SDS adapter (one way or the other) and that's it. Same bits will even work with a hand cranked drill press built 100 years ago.
More browser engines does not imply standardization.
Would you prefer the 2000s when you had your choice of dozens of power connectors for cell phones?
There’s a reason the EU is mandating USB-C. Corporations have no reason and historically will not standardize amongst themselves for most things unless there’s a single winner.
They still screw you on batteries and indeed would do so harder if there were fewer companies. Instead of incompatible batteries per brand it would be per year.
Sorry sir that's a 2022 tool it can't use 2021 batteries.
You can either ask congress to establish a standard, start a power tool company that supports more brands with adapters, or basically suck it up because selling batteries way over cost is extremely profitable and nobody wants actual competition in that space.
The one thing you don't want is consolidation. Likewise you think you want consolidation among browser engines but you really don't because it gives the vendor future leverage to fuck you.
Fragmentation sucks, but code monopoly even more. A healthy ecosystem needs a plurality of implementations, or Chromium needs to come under committee control. (W3C? Something like the C++ standards committee.)
I'm glad there are multiple different power-tool manufacturers, and I'm not entirely sure there'd be as much competition if they were all forced to use one battery connector.
(You can buy adapters if you want, but it's generally not worth it).
Because the companies can develop different toolsets that do different things (the weight/power tradeoff for one, some battery connectors allow more than just voltage to cross, but also information and the tool can work with the charger/battery to produce better power), and for me the actual downsides have been minor or none.
Even construction guys often have a huge mix of various tool brand and battery types and it's sometimes a minor annoyance.
And you'll notice that AA batteries are almost universally ... gone; replaced with built-in batteries or custom-wrapped lithium batteries.
Standards are great when things are calmed down, but when there's rapid advance they can cause their own issues (we saw this in the wireless world). Even the electric charger for cars thing runs into the limits of the standard (the fastest charging is almost always non-standardized).
Having a "baseline" standard for those could be nice, something like we have with USB, but even that has its annoying problems.
> And you'll notice that AA batteries are almost universally ... gone; replaced with built-in batteries or custom-wrapped lithium batteries.
Ever open up a Dewalt battery pack? It's a circuit board and a whole bunch of 18650's. All of them are 3.7 V. What's different is the amount of power they supply and the energy they hold, how fast they can recharged, etc.
But we have that with the AA/A/C/D standard as well. Some batteries can hold more energy, some can deliver more current for a longer time, etc. NiCad, Alkaline, NiMh... etc.
you can still use Konquerer or any old / niche browser if your site isn’t using the latest HTML/CSS features and Javascript APIs.
The issue is that webpages are incredibly complex - they can be full-scale applications - yet they are expected to run the exact same in different browsers, down to subtle implementation details. So in order to make a new browser you would basically be reinventing Chromium.
Or you could start fresh with a new language to write websites in complete with a new browser engine. I would actually love this, web design today is a huge mess with HTML / CSS / JS quirks and backwards compatibility. But you still have the literally trillions of existing websites, which you’ll have to support with Chromium or Gecko until the end of time. And more importantly, you have the 99.9% of users who are still using Chromium or Firefox and won’t be able to use your new website, so you’ll have to backwards-generate HTML/CSS/JS from your new script anyways.
Since Qt doesn't come with WebKit for some time now, I think Konqueror is for all intents and purposes orphaned. Its outdatedness breaks the Oauth2 flow for setting up Gmail calenders/contacts in Kontact.
Building a general purpose browser must be insanely complicated challenge with very little reward. It would be interesting to see more niche browsers for browsing specific types of site, though.
I think this point often isn't mentioned enough to be fair.
Chromium is a ridiculously complex project. Most of these "independant" browser teams are simply not capable to create a browser from scratch.
I'm not saying people should praise Google or anything since they obviously have interest in it, But Google is still the one who (mostly) build chromium and leave it open source (I understand they have to since it was originally a fork of Webkit, but I feel Google can do it from scratch if they wanted). Without it none of these browsers would exist.
If anything, why almost no one uses Gecko/Firefox as a template/start point instead is a more interesting question, TBH.
I inspected and compared the gecko and chromium project structure once, when I was a hardcore advocate of Firefox. Chromium looked way better and organized than gecko.
That is not the reason I stopped being an advocate though.
The only way a new browser engine will be written in this day and age is if a massive company throws absolutely billions at it (Microsoft and Apple have both given up on this) or a competing browser on the Chromium engine gets popular enough that they become the main fork and begin to diverge.
I don't really see any other way until HTML and the web is replaced by something else entirely.
The problem with that argument is that browsers don't compete on engines but on features, UX and integration (and bundling). All an engine is about, is webcompat (and Chrome wins here). It's literally not a differentiating feature. A good engine is an engine that never, ever fails to render a webpage (again, Chrome wins here).
Even if Gecko was fully on-par with Blink (I keep hearing from Firefox users that they struggle with some websites, though admittedly very few, but Chrome obviously works fine with them), they'd have just invested millions in man-hours to get to the starting line, and have webpages not fail to render.
A lot of companies might switch to Firefox if they switched to Blink and webcompat was never an issue. I've argued before that Firefox would benefit from switching to Blink (and gain better security, webcompat, enterprise support, and on and on), save tons of manpower and money, and compete on privacy, features, integration, and things users actually care about, as well as keeping Manifest v2, and patching out other Chrome-badthings. But that's basically Brave.
> The problem with that argument is that browsers don't compete on engines but on features, UX and integration
Not always. Firefox lost much of its userbase not because it had less features or integration or was failing to render pages. In fact it was the preferred browser for most sites, with devs targeting it and testing on it.
It lost because the engine was just inferior, which made it slower than the competition.
Yeah, you can extend my argument beyond webcompat to speed, security, etc. An engine that is better on these metrics is a better engine.
My point (which I somewhat misstated) was that having the best engine is the bare minimum; it just brings you to the starting line. And if you don't have the best engine you'll always lose. (Sidenote: Evernote learned that lesson the hard way. Focus on core product, not marketing. Chrome's dominant, not just because of its marketing, but because it was a fundamentally superior product from the start; you can dominate a market with an inferior product based purely on marketing, as Evernote showed, but never durably).
Hence why trying to compete on engines makes little sense to me. Since so many top corporations are contibuting to Chromium (Samsung, Intel, Microsoft, more), it's difficult to call it "Google's browser engine" anymore.
The "engine competition" model makes sense if all engines are proprietary. Then, competition is the only way to push for improvements. But with every major browser engine open-source, it's better to concentrate efforts onto one engine. Imagine if every Gecko dev was contributing to Chromium instead of (somewhat) reinventing the wheel? Would Chrome not get faster/safer?
It's a bit like if there were "multiple Linuxes", developed independently, that all rigidly had to be compatible with the same APIs/userland (/implement web standards). No, there's just one Linux.
Google still wouldn't control the web (actually, they'd control it less if Mozilla's a stakeholder in Blink than with Mozilla doing their own thing and becoming increasingly irrelevant), since each browser dev can patch things into and out of Blink for their own browser (like Brave does); while still sharing all common contributions back with all other Chromium browsers. Win-win.
Building a web browser that is feature-complete, bug-compatible with Chromium, and relatively secure is about as complicated as building a whole operating system from scratch.
Plus, as Mozilla has learned, nobody ever made money from selling web browsers. Costs a fortune to develop, makes almost nothing in return except for influence or protecting other businesses. Plus, why the heck would you do that if Chromium is open-source? It's completely pointless.
Building from open source mostly controlled by a big-ol company is the opposite of future-proofing, especially when "connectedness" is part of that company's bread and butter. Just having access to source doesn't guarantee much in this day and age.
Any request you make to Google's servers, including something as innocuous as e.g. Google Fonts can be used to shape and track you, your habits, and so on.
When it goes through a proxy, that becomes much more difficult.
Real question is how're they gonna support distribution of critical Manifest v2 extensions like uBlock Origin once the Chrome extension store ceases to distribute v2 extensions in January[0]
If that were true then they wouldn't have committed to support v2 extensions past the sunset date in perpetuity (which they made a public announcement of) since uBO is the biggest reason for as indicated by other issues in their tracker as well as the fact that this ticket hasn't been immediately closed. Also, good luck with the privacy crowd if you're not providing feature-for-feature behavior in your native adblocker, which Brave's adblock does not.
> The gclient utility (part of depot tools) will fetch the official Chromium source code. The tag that is fetched is captured in our package.json (for example, 70.0.3538.35). All of the source code will be downloaded into the ./src/ folder
1º Injecting affiliate codes into users url's without consent:
https://davidgerard.co.uk/blockchain/2020/06/06/the-brave-web-browser-is-hijacking-links-and-inserting-affiliate-codes/
2º Scamming people into thinking they are giving donations to content creatos:
Brave is always behind in security patches to Chrome by design, Google first need to push the patch to Chromium, Brave need to grab that patch and adapt it to Brave.
Brave adds new potentially security issues with all the modificatios and code they add to it.
It's suspect to me that every thread that mentions Brave attracts such bizarre vitriol, with people who keep rehashing old arguments (which are off-topic and never with any actual context so people can make up their own minds). Haven't
It should be noted that the person behind privacytests.org is a current Brave employee. That said, I haven't seen any signs of compromise yet; it makes sense that privacy-focused developers end up at privacy-focused companies.
However, you can have a good privacy record for protecting users from third parties and still make bad decisions. Not informing users about what websites do or do not take part in the crypto collection programme from the start was a bad decision IMO. Altering URLs to insert referrer codes is also a bad idea. This doesn't mean Brave doesn't try to protect your privacy, but it's still quite user hostile in my opinion.
> This website and the browser privacy tests are an independent project by me, Arthur Edelstein. I have developed this project on my own time and on my own initiative. Several months after first publishing the website, I became an employee of Brave, where I contribute to Brave's browser privacy engineering efforts.
Don't ever link such biased website shilling for Brave.
I have to admit that the ESPHome flash tool is quite convenient. There's a quick web interface to set up some config and you can flash microcontrollers with dedicated firmware from pretty much any device.
It's one of those silly features that you use maybe once or twice a year at best; same with WebUSB and WebBluetooth.
Yes it seems trivial vs just downloading the bin and flashing it from the terminal, but the authors are throwing extra conveniences in to the web installers.
If they made them toggle-able options, or added a global privacy mode switch to get them back, it would be a great browser besides the cryptocurrency stuff.
I left a year ago when the list of removed stuff started growing.
I don't know how people can use the Brave browser:
Scandals:
1º First scandal.
Source: https://archive.ph/cAGpe
2º Scamming people into thinking they are giving donations to content creators.
Source: https://web.archive.org/web/20190606100032/https://twitter.com/tomscott/status/1076160882873380870
3º Injecting affiliate codes into url's without user consent.
Source: https://davidgerard.co.uk/blockchain/2020/06/06/the-brave-web-browser-is-hijacking-links-and-inserting-affiliate-codes/
From a security standpoint, Brave is most of the time at least 1 to 3 days behind security patches from chromium plus they add a new superfice of security issues with all the changes they do to it, with chromium at least I know they are the first to patch things due to it coming from Google.
I welcome competition but I just can't see what the Brave browser brings to the table.
There's some considerable context missing here. When Brave held its token sale in 2017, we allocated 300M tokens to the User Growth Pool. Shortly thereafter we began staking Brave users with tokens to identify creators for whom they would like to offer support. Brave's UI showed a check-mark for verified creators, and nothing for unverified creators (we naively followed the Twitter model).
Some users took the BAT grant they received from Brave, and attempted to tip it to unverified creators (which landed those tokens in an omnibus settlement wallet where it could later be claimed, similar to the PayPal model of sending money).
The UI/UX of this feature and process caused a great deal of confusion towards the end of 2018, leading to monumental feedback from several content creators, including Tom Scott of YouTube. Tom's insights gave us the direction we needed to overhaul the Rewards (called 'Payments' at the time) system in major ways.
Ultimately, Tom approved of the changes. But note, there was clearly no scam involved. Additional details are provided in our 2018 blog post at https://brave.com/rewards-update/. I hope this helps!
You can just not use those features. It's not like they upsell you on them or anything. If you don't use them they aren't in your face. I actually tried using them and found them kind of silly and useless. No website or creator I visit seems to be using attention tokens, and the tokens I bought to just to try it out remain unspent.
Brave directly profits off of showing their users advertisements. I have no intention of supporting that monetization scheme, crypto or not. It's a direct downgrade from the privacy models of Ungoogled Chromium and Firefox.
Firefox also profits from showing ads, search "sponsored" in about:preferences. This is on by default, but I think firefox users forget about it because everybody with sense disables it.
There was a big uproar when it came out, they would accept donations on behalf of creators even if those creators had never made any kind of contract with them. Not sure if they still do that but it's pretty sketchy behavior to take money on behalf of someone you've never talked to and probably doesn't want you taking money for them. Especially people that already have actual donation methods.
Again, I don’t see why my comment needs any special long explanation. It’s short and I answer that I don’t want to support scams. The context is clear from the comments thread, crypto money features in Brave are considered as scammy by many. I believe most people understood.
The answer is nothing, because a browser without significant adoption is bound to have some inevitable issues. I've tried Orion, for instance, but the fact that 1Password is not signing extensions so that IPC works on these browsers (rightfully so, because it'd be easy to grab your entire vault) already makes it not worth considering. It also would likely need to be proprietary, because selling binaries doesn't really work too well if your product picks up steam. Which then conflicts with the privacy promise.
>You can just not use those features. It's not like they upsell you on them or anything
as far as I can tell the crypto settings are the only settings that don't sync across devices which I think is a pretty annoying and deliberate dark pattern.
Take a look at Vivaldi and see if it's what you're looking for. Broadly, Brave is pro-privacy and pro-crypto while Vivaldi is pro-privacy and anti-crypto.
Vivaldi is forked from Chromium directly rather than from Brave, but the similar pro-privacy stances mean that they remove or mitigate many of the same features. E.g. both disable FLOC, both have built-in ad-blockers, and both have committed to maintaining compatibility with ad-block extensions broken by Manifest V3. For what it's worth, Vivaldi is closed-source.
Therefore not even remotely a replacement for Chrome, Brave or any browser really. Vivaldi is also some of the chattiest in a network analysis I saw, which does not bode well either.
Good UX is nice, but orthogonal to privacy, sane defaults and user freedom.
You can get something close to Brave's Speedreader setting on Firefox with an extension [1], the difference is you have to enable it on each site. There doesn't seem to be anything similar for Chromium, probably because it's done differently in each Chromium-based browser. Firefox's reader mode also has dark mode and other text options, which Brave still lacks on desktop even though their iOS browser has those options.
At least on the mobile version it seems to be. You get a popup letting you know about BAT when you visit some sites, and whenever you open a new tab the page usually have some background or story about NFT's or some other crypto thing.
"Show Brave Rewards icon in address bar" is the only setting you really need to disable. Every once in a while they launch a new feature related to crypto i.e. in the new tab page but generally they're pretty good at letting you opt out entirely.
It used to be great. Chrome without the Google tracking and some Microsoft tracking that was easy enough to disable.
Then they completely Microsofted it up. More tracking than Google, with more opting out you need to do and no way to opt out completely. Even comes with an interest free loan plugin that sometimes alters the HTML of checkout pages.
Edge is the bloated corpse of what could be the best new browser from the last 10 years. A corpse that keeps coming back to life, trying to replace your default browser every other Windows update.
I don’t think crypto currencies are the right solution for web decentralisation. And anyway, I prefer sustainability over decentralisation at all costs.
And what do Brendan Eich's personal views have to do with the software or how it functions?
If you refuse to use anything with any connection to Mr. Eich, don't use JavaScript at all - he wrote it.
I have never been able to understand this sort of take- I don't agree with everything Richard Stallman has said, but I follow him for his views on free software, not his political stances.
Sure, except your initial post said nothing about profits.
It read like: "Mr. Eich has some involvement with Brave, so F Brave."
It's a good browser built by a team of people, and you discount it because of one man's involvement that you don't like. I ask you, do you refuse any involvement with any software whose "leadership" has opinions you disagree with?
I'm not trying to be rude. I've just never understood this mentality.
If I can help it, I don't buy the products or services from which the proceeds go into supporting outright hate groups.
Christian Henson made transphobic/ableist remarks on Twitter, now I won't be buying any Spitfire Audio products. Sure, they're great, yes, there's a team of people behind them, but so what? There's plenty of other great options out there, why would I want to indirectly fund hatred?
Same goes for companies that fund racial hatred. Likewise for misogyny.
Are you gay? Are you trans? Are you autistic? Are you non-white? Are you a woman? If you can't answer "yes" to any of those questions, then why are you having an opinion on these matters?
Ultimately, yes, we agree that a product or service should just be a product or service, and that bigots should stop with the bigotry, but using their product or service to fund bigotry should be inexcusable.
If you had to fight for your right to equality, would you not find it unacceptable that someone in such a prominent position profited from the work of others and invested it into a hate group? Why not simply let people be? Gay marriage hurts nobody.
My argument is that opposition to gay marriage isn't intrinsically hateful. The ancient Greeks had no notion of gay marriage, for example, and they weren't exactly averse to gay sex or to men who enjoyed it.
Your system of values, beliefs, and definitions may create a tunnel vision which makes it look like opposing views can only be motivated by hatred or bigotry. But the reality is, other people have different views because they hold different values, beliefs, and definitions. If you cared more about the preservation of traditional culture, and not so much about the peculiar way that homosexuality is expressed in modern western societies, then your views would presumably be in line with those of Eich.
> If I can help it, I don't buy the products or services from which the proceeds go into supporting outright hate groups.
Unless I've missed a post somewhere, I have not heard that anyone inside of Brave shares Mr. Eich's religious/political beliefs. Maybe some of them do - and that is their right in the United States to practice the beliefs they choose, so long as they are not doing something illegal. While I disagree with Mr. Eich's stance on homosexuality, it is his American right to hold that opinion, and my right to have my own.
> Christian Henson made transphobic/ableist remarks on Twitter, now I won't be buying any Spitfire Audio products. Sure, they're great, yes, there's a team of people behind them, but so what? There's plenty of other great options out there, why would I want to indirectly fund hatred?
Your right to do so. But again, you're lambasting an entire company when public remarks have only been made by one person. An aside, Brave is free and open-source software, unlike Chrome. I'm sure some people at Google also have opinions I disagree with (in fact, I know they do when it comes to how some of their internals are handled). But their political stances? That belongs to the humans who form those opinions, not the software. And in the case of Brave, it is a great, FOSS web browser with sane defaults "out of the box", enabling me to use a browser I enjoy with good privacy defaults, why do I care about the political opinions of the "leadership?"
Every single company is going to have someone within their ranks whose opinions you surely disagree with. Might as well stop using technology.
> Same goes for companies that fund racial hatred. Likewise for misogyny.
Which companies are funding these things? I've yet to hear of it.
> Are you gay? Are you trans? Are you autistic? Are you non-white? Are you a woman? If you can't answer "yes" to any of those questions, then why are you having an opinion on these matters?
"No" to all of the above. But that doesn't matter - like everyone else, I'm allowed an opinion, regardless of my race/sexual orientation/mental state (when did any tech company insult autistic people?). You don't have to fall into one of these classes to have an opinion.
> Ultimately, yes, we agree that a product or service should just be a product or service, and that bigots should stop with the bigotry, but using their product or service to fund bigotry should be inexcusable.
You're free to do as you please. But, for me, Brave is a great piece of software that I barely have to configure out of the box, and it is one of the only browsers in existence that makes privacy the default. You'll excuse me if I value this fact over the fact that Mr. Eich has some opinions that I might disagree with.
Spitfire Audio. Ableist and transphobic remarks. The ableist remarks are regarding autism.
Calling it a "mental state" isn't correct either, it is a neurodevelopmental condition.
Whilst you don't think you need to answer "yes" to have an opinion, you degrade the signal-to-noise ratio with your words when there are the voices of others who need to be heard.
If you don't have anything supportive or constructive to say, then it is the time to sit, listen, read and learn.
Of course, the cishet white dude doesn't understand bigotry and the concept of fighting for the right to exist because you have never been marginalized.
> Spitfire Audio. Ableist and transphobic remarks. The ableist remarks are regarding autism.
Thanks for the clarification. I'll look into it.
> Calling it a "mental state" isn't correct either, it is a neurodevelopmental condition.
In other words, a 'mental illness.' Got it.
> Whilst you don't think you need to answer "yes" to have an opinion, you degrade the signal-to-noise ratio with your words when there are the voices of others who need to be heard.
I disagree. I don't believe you have to be one of the affected parties to be able to form an effective opinion. I'm capable of looking at the world around me and deducing my own conclusions - when it comes to homosexuality, it is particularly close to me, as I have a sister and a close friend who are both gay. Of course, neither of them base their software decisions around the opinions of those who hold some kind of leadership position for the software in question.
> If you don't have anything supportive or constructive to say, then it is the time to sit, listen, read and learn.
Thanks for the tip. I put myself in the shoes of those who might be more disenfranchised than me every day - I have a nice roster of friends and family from all walks of life - different races, sexual orientations, and gender identities. Doesn't change the point of the argument.
> Of course, the cishet white dude doesn't understand bigotry and the concept of fighting for the right to exist because you have never been marginalized.
You don't know a thing about me. How do you know how my life has unfolded? There are more marginalized classes in the world than just skin colour, sexual orientation, and gender identity.
If you think anyone who has ever had a gay (or other minority) friend or family member espousing their empathy is really veiled phobia, then you have more issues than I could have imagined. Your link didn't help you any, unfortunately.
So, you using JavaScript, just like millions of other users, raises the language's profile by usage. He definitely is able to profit indirectly from JavaScript by virtue of being the author of the most used programming language, he can leverage that association to be invited to paid conferences and talks, write books, sit on boards, or any other avenues via association he chooses to employ for economic gain. Making the nuance of direct vs indirect is a false dichotomy
This isn't about Chrome, but about Chromium... the same source that Brave is based on. Most of these settings are configurable via policies as well. Firefox looks equally bad if not worse.
I don't really care what they do. You can't use their browser without signing up for an account, which is absolute hypocrisy and even WORSE than regular browsers.
This is incorrect. I've used Brave and never created an account (not even sure how). Are you confusing this with Google Chrome and its accounts, because that also can be used without creating a Google account?
Comments like this make me wonder if people are just making shit up because they hate Brendon Eich. If you're not just making it up, where did you get this idea from?
As I recall, I signed up for the beta, so maybe they removed this requirement after release. I deleted Brave, and I was pretty sure it was for this reason. I just re-downloaded it and installed it, and sure enough there was no log-in requirement.
Was there some other privacy-touting or "alternative" browser that came out in the last couple of years?
One thing I did find annoying after installing it just now is that it doesn't import bookmarks from Safari, but rather only Firefox. It would be nice if it did; in fact it would be cool if some browser would do bi-directional bookmark syncing with Safari, to piggyback on iCloud syncing across devices.
I've used Brave for who knows how long now, and it's only been really recently (with the introduction of Brave Talk and Brave Search, which have paid pro tiers) that they've introduced accounts at all. There may be something related to signing up for a crypto wallet if you want to use those features (since at least turning the crypto into fiat requires the crypto exchange to "know their customer").
But the browser itself, the sync features etc., none of that needs an account. The sync service doesn't even have accounts, just a long string of words to serve as a the fingerprint for a sync chain.
I've never used Brave before. I was curious about this, so I just downloaded the browser. I'm able to use it without signing up for an account. I was never even prompted to create an account.
Why would Brave disable this? In my opinion, this is one of the most useful additions to browsers in recent memory, and it's quite annoying to click a link expecting to go a specific section and just be put at the top of the page. I noticed this was broken in Brave, but I never would have imagined they intentionally broke the feature.