Vivaldi is my top choice as well.
Brave planning to introduce subscription for customizing the browser?
- Thread starter Marko :)
- Start date
Vivaldi is too overwhelming for me. I like ability to customize the browser, but Vivaldi is plainly terrible in customization. Yes, you can change way more things than in other Chromium-based browsers but the Vivaldi's settings section is hell. You have a billion options and not a single description what each option does. Most if them only take effect after restarting so I find myself restarting the browser a million times before I could set it up. And by the time I reach half of the settings, I gave up on Vivaldi.
If Brave implements Brave Origin and restricts me from disabling crap, I'll have to move to Vivaldi as there aren't many secure Chrome alternatives.
I agree that Vivaldi took some time to learn, but I really like it ever since I did learn.
You mean gfx.webrender.layer-compositor-use-composition-surface ? Or maybe my ESR version still doesn't have this option yet.
From your screenshot (chrome://sandbox), your Chromium-based browser is running a fairly typical multi-process sandbox on Windows, with the most exposed processes (Renderers) at the strongest settings shown in your table.
1) What the main columns mean (quick decode)
- Sandbox = which sandbox policy is applied to that process type (Renderer/GPU/Network/Service/etc.).
- Lockdown = whether extra restrictions are enabled (notably things like Win32k lockdown and related hardening; exact behavior varies by process type).
- Integrity = Windows Integrity Level (e.g., Low / Untrusted). Lower is more restricted.
- Lowbox/AppContainer = whether the process is inside an AppContainer (a strong Windows isolation boundary). If present, you typically see an AppContainer SID.
2) Your Renderer processes (the most important part)
In your table, all the Renderer processes show:
- Sandbox: Renderer
- Lockdown: Lockdown
- Integrity: S-1-16-0 Untrusted
- Lowbox/AppContainer: empty
Interpretation:
- This is good: Renderers are running at Untrusted integrity and in “Lockdown”, which is the core of Chromium’s security model (web content is supposed to live in heavily restricted processes).
- The notable point: Renderer AppContainer is not enabled in your environment (also confirmed by the “features” list showing “RendererAppContainer”: enabled=false). That means you’re not getting that additional Windows isolation layer for renderer processes on top of the usual Chromium sandbox.
Important nuance: “No AppContainer” does not mean “no sandbox.” It means you’re relying on the standard Chromium sandbox mechanisms (job/object restrictions, tokens, lockdown policies, etc.) without the extra AppContainer boundary.
3) Network Service
Your Network Service line shows:
- Sandbox: Network
- Lockdown: None
- Integrity: Default
- Lowbox/AppContainer: present (SID shown)
Interpretation:
- You do have NetworkServiceSandbox enabled (your “features” list shows it enabled=true).
- Network Service appears to be running in an AppContainer (good isolation), even though the renderer is not.
- “Lockdown: None” for Network Service is not unusual—different process types have different sandbox templates and “lockdown” semantics.
4) GPU, Audio, and Storage service processes
Highlights from your screenshot:
- GPU: “Limited” lockdown, Low integrity. GPU is often less constrained than renderers due to driver / hardware acceleration realities, but Low IL + sandboxing is still meaningful.
- Audio Service: “Restricted Non Admin”, Low integrity.
- Storage Service: “Lockdown” with Untrusted integrity (strongly restricted).
5) Features list: what stands out
From what’s visible:
- NetworkServiceSandbox = enabled
- RendererAppContainer = disabled
- EnableCsrssLockdown = enabled
- WinSboxDisableExtensionPoint / WinSboxZeroAppShim = enabled (hardening-related toggles)
- WinSboxNoFakeGdiInit / WinSboxRestrictCoreSharingOnRenderer = disabled (not necessarily “bad”; these can be configuration/platform/version dependent)
Bottom line
Your browser is clearly running with the core Chromium sandbox model (Renderers at Untrusted + Lockdown), and your Network Service is additionally contained in an AppContainer. The one “missing” hardening layer shown is Renderer AppContainer (disabled), which would be an extra boundary if available/enabled on your setup.
F
ForgottenSeer 123960
The "Privacy" hustle aka illusion.
Brave is the paradox. It’s a for-profit entity that realized the best way to monetize "privacy" was to block everyone else's ads and then politely ask if you'd like to view theirs instead. It’s like a bouncer who kicks the pickpockets out of the club but then corners you in the bathroom to sell you his mixtape. Sure, the ad-blocking engine is solid (faster than a bogged-down Chrome instance), but the bloat, the crypto wallets, the VPN upsells, the "Brave Rewards", is just a different flavor of the same commercial rot.
Under the hood, you’re still driving a Chromium engine, which means you’re living in Google’s ecosystem even if you painted over the logos. It’s a functional tool if you aggressively gut the settings, but don’t mistake it for a charity, they aren't building it to protect your freedom, they're building it to corner the market on "ethical" ad revenue. (I suspect the only reason it feels cleaner is because their monetization attempts are easier to toggle off than Google's embedded trackers).
Brave is the paradox. It’s a for-profit entity that realized the best way to monetize "privacy" was to block everyone else's ads and then politely ask if you'd like to view theirs instead. It’s like a bouncer who kicks the pickpockets out of the club but then corners you in the bathroom to sell you his mixtape. Sure, the ad-blocking engine is solid (faster than a bogged-down Chrome instance), but the bloat, the crypto wallets, the VPN upsells, the "Brave Rewards", is just a different flavor of the same commercial rot.
Under the hood, you’re still driving a Chromium engine, which means you’re living in Google’s ecosystem even if you painted over the logos. It’s a functional tool if you aggressively gut the settings, but don’t mistake it for a charity, they aren't building it to protect your freedom, they're building it to corner the market on "ethical" ad revenue. (I suspect the only reason it feels cleaner is because their monetization attempts are easier to toggle off than Google's embedded trackers).
So it comes down to how you want to pay: the only free things in the world are fresh air & rain the rest we pay for somehow, life is an endless stream of choices 
F
ForgottenSeer 123960
It's just keeping the ledger honest. Brave isn't a privacy charity, it's an ad-tech company that figured out the smartest way to corner the market is to block everyone else's ads first. They aren't "saving" the internet, they're just acting as the middleman for a different revenue stream (BAT). It's a useful tool if you configure it right, but people need to realize they're swapping Google's surveillance for Brave's curated garden, not stepping out of the ecosystem entirely.So it comes down to how you want to pay: the only free things in the world are fresh air & rain the rest we pay for somehow, life is an endless stream of choices
Not every Chromium-based or Gecko-based web browser is updated regularly. When Chromium releases security update, Chrome is the first one to get patched (same goes for Gecko and Firefox), then it's Brave and rest of the company. Some browsers might get patched after a week, some after a month, others might ignore the release completely and implement next one. All three scenarios leave you vulnerable to security threat and hacking attacks.
Only for this reason I prefer more popular, main stream web browsers, and not some random Chromium/Gecko forks I find on the web. I will only use a browser if it has regular release schedule and doesn't delay or gets picky about which update to implement.
Your ESR version doesn't support it yet.
Yeah, that's it. I mean you could get Firefox even faster with Betterfox, but I tend not to mess these settings a lot and only change what I'm familiar with.
How's Firefox serving you so far?
then Edge, then Vivaldi, then Opera (and may be Yandex but I'm not certain as it does not show its chromium version), then intermittent updates for the remaining; some get updated every two major versions of chromium.
So far so good. I added my favorite extensions without any problems. Webpages are loading as quickly as Brave with the F-Secure extension installed. Made some Settings changes, some Toolbar changes, and a Theme changeYeah, that's it. I mean you could get Firefox even faster with Betterfox, but I tend not to mess these settings a lot and only change what I'm familiar with.
How's Firefox serving you so far?
Requires an old PC to notice the difference; capable ones will boost the performance of any browser.
I wouldn't touch Yandex Browser and Edge with a stick. Literal spyware, both of them. Regardless of their release schedule.
For sure. Chromium is better optimized for old devices. On newer there shouldn't be much difference.
All are spies; no exceptions.
What matters how my collected data are processed.
@Marko :) I had forgotten how nice the Flexible spacer can be, to get the left side of the toolbar away from the extreme left side of the window. It's the little things that help
All of them collect data. The only difference is some lets you disable it entirely, others not so much. Some tie collected data to installation ID, some to hardware ID which is a huge no-no.
You may also like...
-
-
Dedoimedo: Brave browser on the iPhone - Very, very interesting- Started by Gandalf_The_Grey
- Replies: 2
-
Brave Passes 50 Million Monthly Active Users, Growing 2x for the Fifth Year in a Row- Started by oldschool
- Replies: 23
-
-
![[correlate]](/data/avatars/s/79/79653.jpg?1556985072)
How I found a Tor vulnerability in Brave Browser, reported it, watched it get patched, got a CVE (CVE-2020-8276) and a small bounty- Started by [correlate]
- Replies: 2