Advice Request My Take – Brave vs Firefox vs Ungoogled Chromium (UC - Eloston) Browsers

Please provide comments and solutions that are helpful to the author of this topic.

HarborFront

Level 71
Thread author
Verified
Top Poster
Content Creator
Oct 9, 2016
6,014
Below is my feedback in using the browsers and with the use of Adguard for desktop. Kindly feedback if there’s any errors and share your experience

Notes
  • Brave and UC are Chromium-based whereas FF is from Mozilla.
  • There are many comparisons between them on the net like the platforms they support, speed performance, RAM usage, security and privacy etc. Some favors one over the other whilst others are biased. Some links are provided below.
  • All the 3 browsers support extensions.
  • All are secure and privacy-focused browsers.
  • Brave and UC browsers tend to de-Google themselves
  • Brave and FF have similar strong protections against ads/trackers/cryptominers/fingerprints. Fingerprint protection in UC is pretty weak


brave/brave-browser


Read the comments in the above




BRAVE

PROS

  • Very fast updates
  • Has BAT and Brave Rewards (with Brave Ads). Regarding these some people say Brave is an advertising platform tracking every site you visit and a vehicle to promote its cryptocurrency, masquerading as a web browser. Well, you can don’t Opt-in.
  • Comes with built-in ads/trackers/cryptominers/fingerprint protection. Also, de-Google takes place in every release of Chromium.
  • When use with uBO less filters will be needed since Brave also uses some of the same filters for protection in preceding item
  • Has HTTPS Everywhere built-in
  • Brave does not collect any data about your online activity. Your data remains private and on your device
  • Safe Browsing goes through a Brave-run server which does not keep logs or store your IP address
CONS
  • Brave extensions (like Chrome) are installed directly from Chrome Web Store. Installation/Updating of extensions from Chrome Web Store is at the expense of privacy since it’s connecting to Google. Brave does NOT support the use of Ungoogled Chromium Extension Installer extension nor Chromium Web Store extension to install extensions. However, extracting and installing the crx file of the extension is possible but must be done manually and tedious if you have many extensions. Updates will also need to be monitored manually.
  • Adguard for desktop, if use, will not be optimized unless the built-in protections are disabled in Brave
  • Brave does not completely de-Googled the Google features in Chromium for some are proxied through their servers instead

Ungoogled Chromium (Eloston)

PROS

  • A barebone browser which allows the user to install the needed extensions for protections against ads/trackers/cryptominers/fingerprints
  • Will optimize with Adguard for desktop since it does not come with built-in protections
  • Built-in strong de-Googling. De-Googling is better than Brave
  • Safe Browsing feature is disabled
  • By default, UC does not install extensions directly from Chrome Web Store. However, you can install the extensions’ crx files using the Chromium Web Store extension (from Github). The Chromium Web Store extension extracts the crx file of the extension from Chrome Web Store and install into UC browser. Future updates carried out using the Chromium Web Store extension will ensure only crx files are extracted and installed instead of the extension directly from the Google Web Store. This method is fast and enhances privacy since extensions do not communicate with Google.
CONS
  • The download binaries are provided by anyone who are willing to build and submit them. Because these binaries are not necessarily reproducible, authenticity cannot be guaranteed; In other words, there is always a non-zero probability that these binaries may have been tampered with. This is stated on UC site.
  • Browser updates depend on availability so security can be an issue here.
  • Likely to have built-in feature to upgrade site from HTTP-to-HTTPS in Chromium later

Firefox

PROS

  • Browser updates are scheduled and on time
  • Comes with built-in protection against ads/trackers/cryptominers/fingerprints
  • When use with uBO less filters will be needed since FF also uses some of the same filters for protection preceding item
  • Extensions are from Mozilla store independent of Google. Extensions can be automatically or manually updated
  • Has some great extensions that are lacking in Chromium-based browsers
  • FF is more customizable for hardening than Brave/UC browsers
  • Hardening of security/privacy/speed requires the access of its about:config to set some parameters
  • Can further hardened its security/privacy/speed using user.js file
  • Has HTTPS-mode only feature
CONS
  • Firefox shares the details of web pages visited with backend servers. This happens via the search autocomplete feature, which sends web addresses to backend servers in real time as they are typed. In addition, Firefox includes identifiers in its telemetry transmissions that can potentially be used to link these over time. Telemetry can be disabled, but again is silently enabled by default. Firefox also maintains an open websocket for push notifications that is linked to a unique identifier and so potentially can also be used for tracking and which cannot be easily disabled. In short, data tracking is enabled automatically; this means FF has set to collect your browsing data automatically. Hardening of FF is, therefore, needed beyond the default and this requires knowledge and is a hassle
  • Safe Browsing connects to Google unless disabled from the GUI and about:config settings.
  • Adguard for desktop, if use, will not be optimized unless the built-in protections are disabled in FF

Conclusion

Brave browser comes with great built-in OOB privacy and security since it’s Chromium-based and has fast updates. UC, being barebone, has better de-Googling privacy and gives the flexibility to allow the installation of needed extensions. Security is no less than Brave browser as it’s also a Chromium-based browser. Unfortunately, UC browser’s security depends on the trust of the binary being uploaded and its availability unless one builds his own binary. Both allow the installation of extensions. OOB FF is not great for security/privacy/speed. It needs to be fine-tuned to harden for better security/privacy/speed. It has its own web store to allow the installation of extensions independent of Google.

If one uses Adguard for desktop then UC browser is the best choice unless the built-in protections in Brave and FF browsers are disabled.
 
Last edited:

Ink

Administrator
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
Adding some of my own views about Brave browser.

The 👍
  • Brave is a blockchain-based browser (you either love or hate it)
  • Brave offers a Private TOR window, which can also be disabled.
  • Brave does not come with Widevine (Google DRM). Users need to allow this to be installed.
  • Brave has integrated MetaMask into the browser (also open-source)
  • Brave Shield integrates the Ads/Trackers and HTTPS into a single resource (no multiple extensions required)
  • Background audio playback from video sites such as YouTube (on Android)

The 👎
 

Ink

Administrator
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
I really don't get it. What difference does it make what political or ideological views the director of a browser or some other software has? (as long as it's not outright pure fascism or something like that) Honestly, the desire to punish people and their products for their personal views nowadays reaches the point of absurdity.
Some users may be put off by a CEO who has an opinion about these topics. It was for similar reasons he had to resign from Mozilla. More info: Brendan Eich - Wikipedia

So yes, it was important to highlight this information rather than hiding it.
 
Last edited:

HarborFront

Level 71
Thread author
Verified
Top Poster
Content Creator
Oct 9, 2016
6,014
I use AdGuard for Desktop with Brave protection enabled and I don't see any problems. AdGuard has no protection against digital fingerprints and Brave solves this problem. In my opinion, they go well together.
Like I said Adguard is best use with UC and UC being bare bone allows you to add the extensions you need
 

HarborFront

Level 71
Thread author
Verified
Top Poster
Content Creator
Oct 9, 2016
6,014
Adding some of my own views about Brave browser.

The 👍
  • Brave is a blockchain-based browser (you either love or hate it)
  • Brave offers a Private TOR window, which can also be disabled.
  • Brave does not come with Widevine (Google DRM). Users need to allow this to be installed.
  • Brave has integrated MetaMask into the browser (also open-source)
  • Brave Shield integrates the Ads/Trackers and HTTPS into a single resource (no multiple extensions required)
  • Background audio playback from video sites such as YouTube (on Android)

The 👎
UC and FF also does not come with Widevine but must be explicitly installed. As for extensions Brave and FF need only those which are non-ads/trackers/cryptominers/fingerprints. That TOR in Brave is not as effective as the standalone TOR browser
 

HarborFront

Level 71
Thread author
Verified
Top Poster
Content Creator
Oct 9, 2016
6,014
On the one hand, you are right, on the other hand, there are virtually no open and absolutely trusted extensions to protect against digital fingerprint. There are some open source options like Trace - Trace - Online Tracking Protection , but nobody audited it. Therefore, it is best when certain capabilities are already built into the browser, otherwise the same thing as with Nanodefender can easily happen: Google removes two Chrome ad blockers caught collecting user data | ZDNet
It's up to you to choose the extensions you deemed safe to protect your privacy
 

HarborFront

Level 71
Thread author
Verified
Top Poster
Content Creator
Oct 9, 2016
6,014
But this doesn't make it more secure by default ;)
I never said it's secure by default. I said OOB FF needs to be hardened.

All 3 browsers need to be tweaked and add extensions/filters to harden them. The default settings, like any other security software, are meant to give the average user a minimum level of protection
 

Jan Willy

Level 11
Verified
Top Poster
Well-known
Jul 5, 2019
544
AdGuard has no protection against digital fingerprints
It's perhaps off-topic, but by means of Stealth Mode, Adguard offers fingerprint protection. You can strengthen this by adding two filter lists: Adguard Tracking Protection filter (AKA Spyware filter) and Adguard Tracking Protection Plus. You can check the results in Adguard filtering log.
 

HarborFront

Level 71
Thread author
Verified
Top Poster
Content Creator
Oct 9, 2016
6,014
Firefox uses local database for Safe-Browsing feature, so it's not fair to say it's a con.


Quote from the link

Google explicitly states that the information collected as part of operating the Safe Browsing service "is only used to flag malicious activity and is never used anywhere else at Google" and that "Safe Browsing requests won't be associated with your Google Account". In addition, Firefox adds a few privacy protections:

  • Query string parameters are stripped from URLs we check as part of the download protection feature.
  • Cookies set by the Safe Browsing servers to protect the service from abuse are stored in a separate cookie jar so that they are not mixed with regular browsing/session cookies.
  • When requesting complete hashes for a 32-bit prefix, Firefox throws in a number of extra "noise" entries to obfuscate the original URL further.
On balance, we believe that most users will want to keep Safe Browsing enabled, but we also make it easy for users with particular needs to turn it off.

Unquote

As a user, like me, who wants to de-Google then connecting to Google servers is unacceptable regardless of what Google says
 

Nagisa

Level 7
Verified
Jul 19, 2018
341
regardless of what Google says
Yeah, it's the point of using local partial hashes. To not rely on Google's honecy.

As a user, like me, who wants to de-Google then connecting to Google servers is unacceptable

This feature doesn't look like more privacy threatening than, for example, connecting to Google fonts, Gstatic or Youtube for embeds; if your only concern is connecting to their servers. Disabling Safe-Browsing is not worth it in my opinion.


Capture.PNG
 

HarborFront

Level 71
Thread author
Verified
Top Poster
Content Creator
Oct 9, 2016
6,014
Yeah, it's the point of using local partial hashes. To not rely on Google's honecy.



This feature doesn't look like more privacy threatening than, for example, connecting to Google fonts, Gstatic or Youtube for embeds; if your only concern is connecting to their servers. Disabling Safe-Browsing is not worth it in my opinion.


View attachment 252695
Gstatic, Youtube etc are needed to display images/videos to watch YouTube which I need unless I run Chome and have all things related to Chrome in that browser only e.g gmail, Youtube etc

Another point is that Mozilla is collecting user data too. Disabling Safe Browsing also limits data being sent back to Mozilla besides other data which you can disable in the about:config

In using FF I de-Mozilla as well
 
Last edited:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top