No, sorry, it is still in Nightly. I meant because Brave Origin will be free on Linux, I am using Brave again.What does “Brave is free on Linux” mean?
Have you installed Brave Origin?
Last edited:
Linux Mint Cinnamon Wayland setup
- Thread starter LinuxFan58
- Start date
- Last updated
- Jun 1, 2026
- How it's used?
- For work or educational use
- Operating system
- Linux
- Other operating system
- Linux Mint 22.3 Zena Cinnamon Wayland
- On-device encryption
- Other full-disk drive encryption software
- Log-in security
- Biometrics (Windows Hello PIN, TouchID, Face, Iris, Fingerprint)
- Security updates
- Allow security updates and latest features
- Update channels
- Allow stable updates only
- User Access Control
- N/A - Linux / Mac / Other operating system
- Smart App Control
- N/A - Linux / Mac / Other operating system
- Network firewall
- Enabled
- About WiFi router
- TP-Link triband with IPv6 disabled, We use the three WIFI-networks seperately. The 2.4 Ghz is used for IoT-devices and guest (SPI-, NAT, ARP-filtering and intrusion detection enabled). The two 5 Ghz networks are for my wife and I (each uses his/her own) with additionally IP-MAC binding and MAC filtering enabled. I have set the e-mail log message level to critical events (acting as a rudimentary NIDS). The 5Ghz network has eternal lease time while 2.4 Ghz has short lease time (8 hours) and network partitioning enabled.
- Real-time security
- Non root user using build-in Linux sandboxing (AppArmor, Firejail, Flatpak) as extra protection layer.
- Firewall security
- Built-in Firewall for Mac/Linux
- About custom security
- Using only official package sources from verified publishers and de-installed all unused accessoires and applications.
- Mildly hardened Linux by disabling P2P, remote access, old TLS versions and enabling ASLR system wide.
- Created additional Firejail profiles with firecfg and reduced Flatpak permissions with flatseal.
- Added OpenSnitch outbound application firewall to compliment inbound GuFW.
- Installed logcheck with e-mail warning for security alerts & events
- Using Wayland (experimental) on Cinnamon desktop.
- Brave-Origin policies and site-pernissions.
- Periodic malware scanners
- When I receive files from others I scan them with Virus Total. My half yearly data backups to external USB are scanned with Microsoft Defender
- Malware sample testing
- I do not participate in malware testing
- Environment for malware testing
- None
- Browser(s) and extensions
- Brave-Origin with Brave Shields disabled and using Brave Adblock on-demand for annoying websites (with default Adblock, EL cookie and Fanboy/uBo annoyances filters enabled) to complement uBlockOriginLite with all filters disabled and custom rules only.
- Secure DNS
- NextDNS in the Router with OISD and telemetry blocklists enabled (for IOT devices), allowing only common TopLevelDomains to connect.
- We use Quad9 as default DNS (at OS-level) for our Laptops and smartphones (to bypas router TLD firewall restrictions)
- Cloudflare Zero Trust Free plan (with malware protection) is used as DNS over HTTPS in the browser.
- Desktop VPN
- Proton VPN free for Linux on-demand (out of home). At home I have little use for VPN because our IP and IP location are changed regularly
.
- Password manager
- Build-in (OS and Browser)
- Maintenance tools
- None
- File and Photo backup
- FreeFileSync quick on-demand backups to a partition on my internal SSD to which sandboxed utilities, desktop accessoires and applications have no access to.
- The half yearly full backup saves to an external USB-SSD which is checked (afterwards) by Microsoft Defender on my wife's laptop (which has triple USB protection).
- Subscriptions
- None
- System recovery
- TimeShift (to another partition on 1 TB SSD)
- Risk factors
- Browsing to popular websites
- Working from home
- Making audio/video calls
- Opening email attachments
- Buying from online stores, entering banks card details
- Logging into my bank account
- Streaming audio/video content from trusted sites or paid subscriptions
- Computer specs
- AMD Ryzen 7 (5700U) laptop with 1 TB SSD and 16GB RAM
- Notable changes
- To many
After jumping back and forth, I finally decided for:
- Changed from ControlD free to Cloudflare free ZT
- Replaced 7-zip (unsandboxed) with PeaZip in Flatpak
- Moved from LibreOffice in Flatpak to LibreOffice in Firejail
- Moved from Thunderbird to Evolution (both in Flatpak sandbox)
- Moved from Xfce desktop with X11 to Cinnamon desktop with Wayland
- What I'm looking for?
Looking for maximum feedback.
Because I use Brave (again), which shows the defaults more clearly than Chrome (and Brave has some flags enabled by default), I have enabled below flags (on the left the normal security enhancing flags and on the the right are the tweaked flags for personal use).
View attachment 297706
View attachment 297706
Last edited:
@LinuxFan58
Hi, good afternoon.
The AdGuard Browser Extension only uses custom rules that update independently of the extension's filters.
Can you explain, in simple terms, why you need AG when you're using Brave's built-in ad blocker?
For example, I'm not sure if the websites in your bookmarks are handled only by AG, or by both AG and Brave's ad blocker.
Hi, good afternoon.
The AdGuard Browser Extension only uses custom rules that update independently of the extension's filters.
Can you explain, in simple terms, why you need AG when you're using Brave's built-in ad blocker?
For example, I'm not sure if the websites in your bookmarks are handled only by AG, or by both AG and Brave's ad blocker.
@Sampei.Nihira
When I am using 2 profiles, I only use Brave Shields. In my work profile I disable Brave Shields and enable the shields per website. In my surfing profile I run with Brave Shields on aggressive.
When I am using 1 profile (as now), I run Brave with Adshields disabled and run either AdGuard or uBlockorigin lite with custom rules which are all website specific (that is why I have some overlap in rules with AdGuard and in AdGuard my total custom rules are around 175 and with uBol are around 95 custom rules). It does not matter whether AG or uBol run all the time, because they rules are website specific. In AdGuard it is possible to reverse the allow list (meaning AG is only active on the websites listed in the allowlist) and with uBol it is possible to move the all-urls to no-filtering and enable basic mode only on a few bookmarked websites.
Brave is set to forget history, so when I encounter a annoying website during surfing I enable aggressive mode. In this way Brave is also only used ad-hoc (for specific websites). So with 1 profile either Brave AdShield is enabled (ad-hoc or annoying websites encountered during surfing) or Ad/uBol for bookmarked websites.
Hopes this explains it.
When I am using 2 profiles, I only use Brave Shields. In my work profile I disable Brave Shields and enable the shields per website. In my surfing profile I run with Brave Shields on aggressive.
When I am using 1 profile (as now), I run Brave with Adshields disabled and run either AdGuard or uBlockorigin lite with custom rules which are all website specific (that is why I have some overlap in rules with AdGuard and in AdGuard my total custom rules are around 175 and with uBol are around 95 custom rules). It does not matter whether AG or uBol run all the time, because they rules are website specific. In AdGuard it is possible to reverse the allow list (meaning AG is only active on the websites listed in the allowlist) and with uBol it is possible to move the all-urls to no-filtering and enable basic mode only on a few bookmarked websites.
Brave is set to forget history, so when I encounter a annoying website during surfing I enable aggressive mode. In this way Brave is also only used ad-hoc (for specific websites). So with 1 profile either Brave AdShield is enabled (ad-hoc or annoying websites encountered during surfing) or Ad/uBol for bookmarked websites.
Hopes this explains it.
Okay thanks to @NoVirusThanks I switched back to two browser profiles. 
Reason is that I discovered one of his other extensions API Void Browser Lockdown. So I added API Void Browser Lockdown to my work profile and limited acces to a few domains and allowed only a few file types to download. In my surfing profile I have Brave Shields enabled, but all blocklists disabled.
Reason is that I discovered one of his other extensions API Void Browser Lockdown. So I added API Void Browser Lockdown to my work profile and limited acces to a few domains and allowed only a few file types to download. In my surfing profile I have Brave Shields enabled, but all blocklists disabled.
Last edited:
@LinuxFan58
Hi,
I have a question.
When comparing Brave + Shield vs Brave + uBoL vs Brave + AG in a hypothetical Speedometer 3.1 benchmark, which one is the fastest and which is the slowest?
Or is there practically no difference?
If I replace uBo with AG in the Speedometer 3.1 test, I’m about 6–7% slower.
A (theoretical) analysis with ChatGPT reveals that replacing Chrome with Brave would slow me down by about 3–4%.
So using Brave + uBo could at most gain me 3%, which the AI estimates is negligible in terms of perceived speed.
Do you agree with this theoretical analysis, or,having conducted various tests and also used Chrome, and thus having practical experience that shouldn’t be underestimated,do you assume it’s incorrect?
Have a nice day.
P.S.
It's almost 32°C in the shade here in my city.
I'm about 12 km from the Tyrrhenian Sea.
Hi,
I have a question.
When comparing Brave + Shield vs Brave + uBoL vs Brave + AG in a hypothetical Speedometer 3.1 benchmark, which one is the fastest and which is the slowest?
Or is there practically no difference?
If I replace uBo with AG in the Speedometer 3.1 test, I’m about 6–7% slower.
A (theoretical) analysis with ChatGPT reveals that replacing Chrome with Brave would slow me down by about 3–4%.
So using Brave + uBo could at most gain me 3%, which the AI estimates is negligible in terms of perceived speed.
Do you agree with this theoretical analysis, or,having conducted various tests and also used Chrome, and thus having practical experience that shouldn’t be underestimated,do you assume it’s incorrect?
Have a nice day.
P.S.
It's almost 32°C in the shade here in my city.
I'm about 12 km from the Tyrrhenian Sea.
@Sampei.Nihira
Fastest is Brave Shields disabled (enabling only ad-hoc for annoying websites) plus uBlockOrigin Lite on basic with only custom cosmetic rules and custom DNR rules and Kees1958 most used (which is only 1 rule in uBol ). It is used to be 0,3 to 0.4 difference (so on 19 average that is only 1 to 2 %), but since a week or three the difference between Brave + AdGuard is nothing to 0.1 (so practically no difference). Brave in standard mode used to be 0.2 slower than AG (also only custom rules plus Kees1958 Mv3) , but Brave standard is now nearly as fast as uBol or AG, that is nice (may be I am sticking to the same setup now, because there is nothing to gain anymore).
It is 33°C here now, just over 1700 km from the Tyrrhenian Sea.
Fastest is Brave Shields disabled (enabling only ad-hoc for annoying websites) plus uBlockOrigin Lite on basic with only custom cosmetic rules and custom DNR rules and Kees1958 most used (which is only 1 rule in uBol
). It is used to be 0,3 to 0.4 difference (so on 19 average that is only 1 to 2 %), but since a week or three the difference between Brave + AdGuard is nothing to 0.1 (so practically no difference). Brave in standard mode used to be 0.2 slower than AG (also only custom rules plus Kees1958 Mv3) , but Brave standard is now nearly as fast as uBol or AG, that is nice (may be I am sticking to the same setup now, because there is nothing to gain anymore).It is 33°C here now, just over 1700 km from the Tyrrhenian Sea.
First of June, start of the meteorological summer and having many things to do (around the house for maintenance, developing two study courses), it is time to do setup summer freeze (no changes until September first). My wife already printed a calendar with weeks to show how much time I have left before holiday trip to Poland (with my self converted van) and classes start again. In last year's winter break, I completed only half of the renovation of our back yard and in spring break I renewed our solar panels (in stead of finishing the back yard), so I am in risky waters happy wife is a happy life,
happy wife is a happy life,
Last edited:
My Brave browser policy profile (not changing anything )
{
"SitePerProcess": true,
"SandboxExternalProtocolBlocked": true,
"AudioSandboxEnabled": true,
"SafeBrowsingProtectionLevel": 1,
"DownloadRestrictions": 1,
"PromptForDownloadLocation": false,
"DownloadDirectory": "MY DOWNLOAD FOLDER",
"DnsOverHttpsMode": "secure",
"DnsOverHttpsTemplates": "https://MY FREE ZERO TRUST.cloudflare-gateway.com/dns-query",
"HttpsOnlyMode": "force_enabled",
"DefaultBraveHttpsUpgradeSetting": 2,
"DefaultInsecureContentSetting": 2,
"DefaultFileSystemWriteGuardSetting": 2,
"DefaultWebBluetoothGuardSetting": 2,
"DefaultWebUsbGuardSetting": 2,
"DefaultWebHidGuardSetting": 2,
"DefaultSerialGuardSetting": 2,
"DefaultJavaScriptSetting": 1,
"JavaScriptBlockedForUrls": [ "FILE:///*" ],
"DefaultJavaScriptOptimizerSetting": 1,
"JavaScriptOptimizerBlockedForSites": [ "HTTP://*" ],
"PasswordManagerEnabled": false,
"AutofillAddressEnabled": false,
"AutofillCreditCardEnabled": false,
"BrowserGuestModeEnabled": false,
"BrowserAddPersonEnabled": false,
"BackgroundModeEnabled": false,
"MetricsReportingEnabled": false,
"SearchSuggestEnabled": false,
"GenAILocalFoundationalModelSettings": 1,
"PromotionsEnabled": false,
"BraveRewardsDisabled": true,
"BraveWalletDisabled": true,
"BraveNewsDisabled": true,
"BraveVPNDisabled": true,
"ExtensionSettings": {
"*": {"installation_mode": "blocked"},
"bkbeeeffjjeopflfhgeknacdieedcoml": {"installation_mode": "allowed" }
}
Browser only has wirite access to my downloads in Flatpak and the save-as mechanism escapes the Flatpak sandbox (this is by design, because it is user initiated), that is the reason why I don't allow changing that folder nor allow showing the prompt for download location. Only 1 extension is allowed (uBol at the moment)
){
"SitePerProcess": true,
"SandboxExternalProtocolBlocked": true,
"AudioSandboxEnabled": true,
"SafeBrowsingProtectionLevel": 1,
"DownloadRestrictions": 1,
"PromptForDownloadLocation": false,
"DownloadDirectory": "MY DOWNLOAD FOLDER",
"DnsOverHttpsMode": "secure",
"DnsOverHttpsTemplates": "https://MY FREE ZERO TRUST.cloudflare-gateway.com/dns-query",
"HttpsOnlyMode": "force_enabled",
"DefaultBraveHttpsUpgradeSetting": 2,
"DefaultInsecureContentSetting": 2,
"DefaultFileSystemWriteGuardSetting": 2,
"DefaultWebBluetoothGuardSetting": 2,
"DefaultWebUsbGuardSetting": 2,
"DefaultWebHidGuardSetting": 2,
"DefaultSerialGuardSetting": 2,
"DefaultJavaScriptSetting": 1,
"JavaScriptBlockedForUrls": [ "FILE:///*" ],
"DefaultJavaScriptOptimizerSetting": 1,
"JavaScriptOptimizerBlockedForSites": [ "HTTP://*" ],
"PasswordManagerEnabled": false,
"AutofillAddressEnabled": false,
"AutofillCreditCardEnabled": false,
"BrowserGuestModeEnabled": false,
"BrowserAddPersonEnabled": false,
"BackgroundModeEnabled": false,
"MetricsReportingEnabled": false,
"SearchSuggestEnabled": false,
"GenAILocalFoundationalModelSettings": 1,
"PromotionsEnabled": false,
"BraveRewardsDisabled": true,
"BraveWalletDisabled": true,
"BraveNewsDisabled": true,
"BraveVPNDisabled": true,
"ExtensionSettings": {
"*": {"installation_mode": "blocked"},
"bkbeeeffjjeopflfhgeknacdieedcoml": {"installation_mode": "allowed" }
}
Browser only has wirite access to my downloads in Flatpak and the save-as mechanism escapes the Flatpak sandbox (this is by design, because it is user initiated), that is the reason why I don't allow changing that folder nor allow showing the prompt for download location. Only 1 extension is allowed (uBol at the moment)
Last edited:
Waiting for a truck with hardwood for our backyard deck and it is raining (therefore waisting some time ), Enabled Brave-Origin in the system settings and ran some test (adblock result is with Brave shield disabled and uBol enabled with custom rules only). This 1-2 (1 = uBol with custom rules, 2 = nuke them with Brave Shields) approach allows me to use only one Brave Profile. I hope Brave soon ads the auto-container option like Firefox has (FF facilitates opening websites automatically in a specific container, in Brave it is still a manual open, but auto open is planned in future versions). I am not on glasfiber, but on Ziggo coax (speedtest is via Wifi).
), Enabled Brave-Origin in the system settings and ran some test (adblock result is with Brave shield disabled and uBol enabled with custom rules only). This 1-2 (1 = uBol with custom rules, 2 = nuke them with Brave Shields) approach allows me to use only one Brave Profile. I hope Brave soon ads the auto-container option like Firefox has (FF facilitates opening websites automatically in a specific container, in Brave it is still a manual open, but auto open is planned in future versions). I am not on glasfiber, but on Ziggo coax (speedtest is via Wifi).
Last edited:
There's very little difference between Brave and Brave Origin in the Speedometer 3.1 test.
I see you ran the adblock test.
It would be interesting if you tried the CoverYouTracks test:
Cover Your Tracks
I see you ran the adblock test.
It would be interesting if you tried the CoverYouTracks test:
Cover Your Tracks
Food for thought: When you are going on a hike in Ciociaria, do you have the maps of Europe, mid-east Asia and north Africa with you, in case you get lost?
uBo has in its default setup over 300.000 rules. Considering the fact that many are applied to several websites (domain=A|B}C etc or A,B,C##) this set of rules easily covers half a million websites. I have maybe bookmarked 50 websites maximum.
When I ask ChatGPT when I am only using Kees1958 most used advertising and tracking blocklist (currently around 350 old fashioned ABP-format block rules) and I am living in the Netherlands, only visiting Dutch, German and English language websites, what percentage of ACTUAL trackers would you guess is blocked?
----
EDIt, (on Github) Kees1958 credit's Peter Low for first using this approach (only Peter Low's list is around 3500 rules and Kees1958 is around 350).
Last edited:
If we consider only privacy exposure (trackers) without also taking into account the security benefits in a security setup where there is efficient tracker filtering at the DNS level upstream, only dynamic filtering guarantees that the specific percentages hypothesized by ChatGPT will be reliably achieved.
Therefore, I assume that equipping the browser with even just an extension like API Void Script Stop is a precaution that reinforces the synergy achievable with your Kees1958 filter list.
Dynamic filtering is a solid guarantee for achieving tracker blocking levels that would otherwise be impossible to achieve through DNS filtering and filter lists.
As you well know, even at the preventive level.
P.S.
Therefore, I assume that equipping the browser with even just an extension like API Void Script Stop is a precaution that reinforces the synergy achievable with your Kees1958 filter list.
Dynamic filtering is a solid guarantee for achieving tracker blocking levels that would otherwise be impossible to achieve through DNS filtering and filter lists.
As you well know, even at the preventive level.
P.S.
Last edited:
You may also like...
-
Linux Mint Devs Prep Wayland-Native Cinnamon Screensaver for Linux Mint 23- Started by lokamoka820
- Replies: 1
-
Cinnamon 6.6 Desktop Environment Released with Redesigned Application Menu
- Started by lokamoka820
- Replies: 41
-
Ubuntu, Fedora, Linux Mint Eye Age Verification Amid California Law Backlash
- Started by lokamoka820
- Replies: 1
-
Dedoimedo: Linux Mint 22.1 Xia Cinnamon review - Reasonable, rounded- Started by Gandalf_The_Grey
- Replies: 0
-
Linux Mint Is Getting a Night Light Feature in Cinnamon, Framework Laptop Support
- Started by lokamoka820
- Replies: 4