brave browser is not private, autoupdate is remote code execution

[milahu]

brave is not private because autoupdate

autoupdate is effectively a backdoor for remote code execution
because yes, of course they can send different updates to different people

https://github.com/pluja/awesome-privacy/#web-browser

Instead use
...
Brave - Android/iOS. Brave offers a pretty good out-of-the-box set of privacy and tracker protections.

see also

https://gist.github.com/milahu/48ce36f368c5aeb9be8f784d694c2961

also see brave on the "Spyware Watchdog" https://spyware.neocities.org/articles/brave.html

Spyware Level: High

Brave is self updating software, uses Google as the default search engine, has built-in telemetry, and even has an opt-out rss-like news feed [Brave Today] similar to Firefox Pocket. These shouldn't be the things that come to mind if someone were to imagine a privacy oriented browser. solutions

these people are proud ex-members of NSA/CIA shell companies (intel, mozilla, godaddy), and now they are "freedom fighters"?

remember kids, autoupdates was invented (and aggressively pushed) by google and microsoft, which are also just shell companies for NSA/CIA

... but the devil is in hardware backdoors

the whole "atmosphere" around the brave people is just ... suspicious

they deleted 2 of my comments (censorship)

they refuse to implement simple privacy features like "disable autoupdate" (spyware)

they locked the github issue on autoupdate (censorship)
Add a "Disable autoupdate" feature (disable updates) #5576

https://github.com/brave/brave-browser/issues/5576

brave was aggressively marketed as a "yay privacy" browser
also targetting dissidents like republicans, qanon, ...

aggressively marketed

marketing is expensive. who paid for it?

if i was a secret service (NSA) i would do it exactly like this

similar problem with firefox (spyware by default), thats why we have librewolf

see also #277 (comment) by @monokrome

running something yourself in your own home without auditing or having done significant research to trust it could be exposing it to nearby services and data on your network, it can increase the surface area for attacks, and it could cause other privacy-adverse concerns.

[monokrome]

I was quoted here but do not vouch for this issue tbh. If you can disable auto updating, then disable it. If you don’t trust brave browser, don’t install it or build it yourself.

Normally, we should expect privacy by default in all cases - including opt-in for things potentially harmful. In this case, however, we have competing concerns because we can easily recognize and have experience in the IE days in seeing how many more security and privacy issues come from browsers not providing important fixes by default.

Is it perfect? No. Does it completely implicate Brave as being anti-privacy? No.

Even as someone who doesn’t have any respect for Brave’s leadership, this entire issue comes off more as vindictive retaliation to having been ignored in some other repository’s issues than a reasonable claim to Brave being opposed to user privacy.

Things that may justify this would be, for instance, if someone found evidence of their binary build including source that isn’t on their GitHub, unusual network traffic sniffed from Brave, questionable statements / plans from leadership about the future of Brave, etc. As far as I know, we don’t have any of that here.

It can not be stressed enough how much things like browsers need to be updated as quickly as possible after a release and as frequently as possible. If you trust the first binary, there’s no strong reason for why you wouldn’t trust the next one.

[milahu]

revenge trip? no ...
the behavior of brave staff (censorship, lies) is suspicious and users should know that

its funny how i must give consent for website cookies
but autoupdate is on by default, not asking for consent

let me reduce my issue to

autoupdate is effectively a backdoor for remote code execution
because yes, of course they can send different updates to different people

usually i fetch my binaries from a "public" binary cache (in my case https://cache.nixos.org/)
which already is a security risk, but lets ignore that now

an app with autoupdate does not use that cache
but instead, it fetches binaries from a "private" cache (in this case cdn.brave.com or so)

this allows the vendor (brave) to send different binaries to different people

if someone found evidence of their binary build including source that isn’t on their GitHub

at least we could track checksums of the fetched binaries to "watch the watchers"

also, would be interesting if brave builds are reproducible

[monokrome]

but autoupdate is on by default, not asking for consent

Imagine supporting this argument without even understanding why it's so important for user privacy & security that browsers auto-update by default 🤯

the behavior of brave staff (censorship, lies) is suspicious and users should know that

where?

an app with autoupdate does not use that cache

Compile it without autoupdate, or disable the auto-update service. Brave runs a background service for auto-update, so disabling auto-update is just turning that service off.