App Review: Brave – Privacy First, Without Sacrificing Power

It’s no secret that people are becoming aware of the less than ideal state of privacy online. Website plant tracking cookies to keep tabs on their interest, fingerprinting is done on individual browsers to get around cookie protections, and we’ve even seen previous tracking based on the size of your computer’s screen and browser windows. While some vendors, like Apple with Safari and Mozilla with Firefox, have worked had to help protect against our privacy, the 800-pound gorilla of the browser world is itself a giant tracker. Yes Google Chrome, the browser used by about 70% of the world, give or take, is owned by Google, and serves as one of their best vectors for tracking users and collecting data and controlling advertisements, with their own popular AdSense platform.

It’s not like people are necessarily being forced into using it. Chrome has pushed a lot of web standards forward (though some proprietary ones as well), pushed the browser world into more rapid, automatic updates, and has pushed other security and stability features like tab-sandboxing. Furthermore, it routinely stays at the top of speed and security charts, as well as the flourishing web add-ons marketplace it has in its Chrome Web Store. Even if you don’t care for Google and its policies, Chrome is still a very solid offering. But what if you could get the full power of Chrome without sacrificing privacy? What if you could actually be even more private? That’s what the Brave Browser sets out to do. Brave is based of the open source Chromium project that the more proprietary Chrome is based off of. This is the same tech that Microsoft’s Edge browser is now using. Brave then takes it and strips out a lot of Google’s tracking tools as well as adding their own special privacy tools and settings. So how well does it hold up? I’ve used it for a month, so here’s my experience with it.

First Impressions:

When you install the Brave Browser on your Mac, it will go through its setup process telling you about the browser and some of the privacy features, as well as customizing a few things out of the gate. You get the option to import your bookmarks and settings from another browser. Interestingly, if you have multiple Chrome profiles installed on your machine, such as for different users or different activities like work and personal, Brave distinguishes between those and can import either one of them in this menu.

You’ll also get the option to set your search engine of choice, which defaults to Google for usability but explicitly encourages you to use DuckDuckGo for additional privacy, which I think is a good balance. While DuckDuckGo has gotten better, there are still times when it seems to misunderstand what I’m looking for, so I switch back to Google to get some better results for those higher end or more niche questions. So for Brave to offer Google as default for usability, but encouraging DuckDuckGo for privacy is a good balancing act.

Lastly you’ll be offered to enroll in Brave Rewards. We’ll cover this over in the Privacy section, but this is a way to still contribute to creators while blocking privacy-invasive apps on their websites.

Once you’ve finished going through the first-run options, you’ll be presented with the new tab page. It will show you the number of trackers blocked, bandwidth saved (formerly secure sessions upgraded by forcing HTTPS), and the amount of time saved browsing. These numbers are live; you can see them go up if you open a new tab and go to a website with trackers or not using HTTPS by default). You’ll also have a clock, with the local time and access to the Brave Rewards on the right hand side, and quick access to the browser settings, bookmarks, and history in the bottom right hand corner. All of this on a random beautiful picture or background that’s reminiscent of the Bing images Microsoft has on Windows 10 lockscreens.

While you won’t have them by default as you use the browser, Brave will start showing you quick links to the sites you access most frequently. Then you can delete them, rearrange them, and keep certain ones pinned so they don’t rotate out if you start accessing other sites more frequently. What makes this unusual compared to other browsers’ new tab page that there are only 6 saved site slots max, whereas in other browsers you can get 10 or 12. And you also can’t set one of these manually without repeatedly going to that site. What makes this weird is that Chrome has this feature already baked in and more more max saved sites by default, so I’m not sure why Brave also doesn’t have this feature as well. It’s a minor gripe, but one I hope can get fixed.

If you’ve used Chrome in the past, you won’t notice a significant difference in the interface. The icons are a little different but all in the same place as Chrome, as is are the menu, profile, and extension icons, though there is a bookmark icon to the left of the URL bar, and the URL bar doesn’t take up the entire empty space like in Chrome. The settings page has seen the most customization. The layout is similar, sections in the left sidebar with the details on the left, though order of items is somewhat different and there are additional items. However they’ve added a more orange and purple theming to it, as well as icons at the top for access Brave Rewards, your history, extensions, and more, which is really helpful to have everything essentially in one place.

Privacy… and Cryptocurrency?:

So Brave wants to have the power of Chrome without the privacy concerns, so how does it do that, besides stripping Chrome of Google? Let’s go back to the Settings page. Not only does Brave have a variety of settings built-in to protect your privacy, but almost all of them are turned on by default as well (and the few that aren’t we’ll explain in a bit).

In the Shields section, Brave is able to block ads and trackers on most websites, though this ends up being most ads on the web. It notes that Brave’s private ads are not blocked (again, something we’ll explain a little farther along in this section). By default, cross-site trackers and cookies are turned off, as well as cross-site fingerprinting, which is a way browsers can more accurately track who you are by using other data aspects of your browser and computer. What’s important to note is that you can turn these down to allow all cookies, trackers, etc., or even block all of them. While the “block all” settings would be more private, it may cause a less than ideal experience. Cookies being completely blocked, as the primary example, would prevent you from staying logged into sites between sessions. This is the same reason why Brave has a built-in script blocker that is disabled by default. That said, if you go to a website that you are ok with lowering the shields for, say one you trust or that can’t run without some of these settings enabled, you can adjust these on a per-site basis. Just go to the site in the browser, and click the Brave icon on the right side of the URL bar, then you can can disable the Shields entirely for that site, or click the advanced view button and change them on a per-setting basis for that site. I did run with the “Block all fingerprinting” options on while using it and didn’t notice any problems because of that except in video calling on Facebook Messenger. I had to turn it down to just “Block cross-site fingerprinting” before it would work. There were some work sites that I use where I did have to lower some of the tracker shields though.

Below the Shields section is the option to block social media when browsing other sites, namely Google, Twitter, Facebook, and LinkedIn. LinkedIn embedded posts are blocked by default, whereas Twitter and Facebook embedded posts are not, as well as the Login with Google and Facebook buttons on sites. This, again, is technically less private, but given that more people likely want to see these embedded posts or use the login buttons, then it makes sense why they are still turned on by default. If you don’t use the Google/Facebook login buttons and you’re ok with seeing the text versions of embedded posts, then go ahead and turn them off. These settings will not affect your access to the actual social media sites in questions.

One last thing for the more technically minded, would be to go to the “Additional settings” section, and there is one other setting labeled “Privacy and Security”. Here there are some other privacy settings you can check such as enabled “Do Not Track” (which admittedly almost no site pays attention to), private analytics being sent to Brave, Site Permissions, SafeSite searches, and more. Most of these are set ideally for me, though you can disable the “Check stored payments” option for a little bit extra care there, unless you choose to keep your credit card info in Brave.

An image of the Brave Rewards option presented to users when they first install and launch the browser.

Now what is important to note is that Brave is not against advertisements as a concept, nor are they against people making money on their sites and content; they’re just against the privacy invading trackers that these websites use. But Brave has a built-in ad tracker. So how do they reconcile this? Brave instead gives you the option to generate Brave Attention Tokens, or BAT for short. It’s their own cryptocurrency. Here’s how it works: when enabled, it will show you ads through the Mac’s notification center only while you’re actively using the browser. Now these ads are not tracking you, they are equally distributed to all Brave users, though which ones are shown at which time are seemingly random. If the browser is in the background, minimized, or not being used then you won’t get the ads. At the end of each month, you’ll receive the token amount you generated from seeing the ads. On the site end, developers and website owners can setup the ability to receive tokens from users visiting their sites. Just as users get tokens based off how many ads they see, websites will receive these tokens from users based on how much attention the users give them, either in number of visits or amount of time on their page.

As you might expect, BATs are useless if they don’t result in real-world money. Since BAT is a cryptocurrency, both website owners and Brave users can go to a supporting cryptocurrency wallet and sell their coin for money. Brave users can also access exchange their BAT for gift cards through the TAP network. Thus Brave users keep their privacy and website owners can get paid. I wasn’t entirely sure how likely this was, but at least by some third party metrics it seems there are a fair number of sites that have this enabled, including the Washington Post, DuckDuckGo, KhanAcademy, and even Wikipedia (so Brave users with BAT enabled can feel good when they see the Wikipedia banner asking for donations). Brave will show your BAT balance and settings by hitting the triangle BAT icon at the far right of the URL bar.

If you use this BAT system, you need to know a couple of things. First, some jurisdictions and countries count cryptocurrency as a taxable asset, so may need to look at your local laws regarding this, particularly if you want to cash out or get gift cards with this. Second, unless you link your BAT balance in Brave to a wallet service (Brave officially works with Uphold) the BAT balance will only live in that instance of the browser. It will not sync between your installations of Brave on other computers and mobile devices (more on Sync in the Cross-Platform section). This also means that if you reinstall Brave without verifying and syncing your wallet with Uphold, you will lose all the BAT that you’ve generated.

Here’s my personal experience with this. I had Brave on 2 different computers with BAT enabled, as well as on the phone. You can set the ad frequency per hour from 1-5, so you can find the balance between generating tokens and not being annoyed by the notifications. I found 2-3/hour being acceptable to me. You can set the maximum amount of BAT you’re willing to contribute to in a month. The default is 5 BAT per/month (the exchange rate for that into dollar fluctuates, it’s about $1.12 for 5 BAT at the time of writing), but you can set it higher if you want. You can also see what sites you contributed the most to, and can block certain sites that you don’t want to contribute to. While this option seems a little harsh, it’s probably the case that you may find out you don’t want to give any money to certain vendors you disagree with or have lost your business. Honestly it worked pretty smoothly, and I hardly noticed it except at the end of the month when it notified me to receive my new amount of coin (which required a human test of dragging the logo to a particularly shaped block). This really could be a good balance of privacy and allowing content creators and websites to earn money for their work. The real test will be if other browsers take up the BAT currency or something else, if at all.

One last note in the privacy section is actually in the Private Window option. Private Windows give you the ability use the browser with limited to no extensions and to delete any history and cookies your browser would collect in the process of using it. Useful for logging into an account on a computer that’s not yours (or someone else using theirs) or perhaps just certain things you don’t want other people to see. Normally this does not prevent things like your ISP, search engines, or website from getting info from your machine. Brave takes this up a notch similar to the way Firefox has recently done.

A picture of the page loaded when you start a Private session, with the DuckDuckGo Search option in the bottom left and the TOR info in the bottom right.

When you activate a Private Window, Brave will offer you the option to start searching with DuckDuckGo rather than your default search engine, as DuckDuckGo doesn’t maintain search records or build profiles of its users. More than that you have the option to start a Private Window that uses TOR encryption. TOR is an open project that acts like a VPN on steroids by encrypting your data and sending your traffic to another TOR server, which then encrypts that and sends it to another TOR server, repeating this step many times so that your traffic has multiple layers of encryption, and comes out to the website from a different location, and highly increasing your privacy (though not perfectly). If you select this option, your searching is also changed to use DuckDuckGo in that window. It’s important to note that for most people this is overkill, as doing a search on the term “test” on DuckDuckGo took about 4 seconds to load versus less than a second for the same term in a regular session or private session without TOR. It also dropped me in from a server in France. More resource heavy news sites or interactive video and game content could see drastically reduced performance. For most users, using TOR would be overkill. For those that want it, however, it is an excellent addition to get the most privacy out of the system.

Performance and Features:

A picture of the advanced view of the Shields blocking 49 cross-site trackers on CNN homepage
It blocks a lot of stuff.

So Brave does a lot of work to protect your privacy, but how does it perform as a browser? Being based on Chrome, Brave is quite fast, being one of the fastest browsers currently. Even with some of the normal extensions I use loaded like LastPass, uBlock Origin, Instapaper, etc. the browser and web pages load fairly well. The privacy features tend to also help perform even better, being able to cut a lot of the unnecessary content from a website to help it load faster. That said this does depend on the site. More media heavy sites like major news sites tended to load a few seconds faster than settings in non-privacy optimized mode or browsers. However text based articles on those sites did necessarily seem to load much quicker. Your mileage will vary based on the sites you visit, but overall you likely won’t experience any slowness. Keep in mind certain privacy settings may cause problems with sites loading. As well as the previously mentioned issue on Facebook Messenger, I had to lower the shields on one work-related site in order to submit a form.

Because it is based on Chrome, you can use Chrome webstore to install extensions. I experienced no issues installing and using these extensions in Brave compared to using them in standard Chrome. Installation was exactly the same, and easier than in Chromium-based Edge.

While using Chromium comes with a number of upsides, it also comes with some of its downsides too. While Brave was able to shave how much hard drive space it takes up by default, it can’t shake Chrome’s hunger for other resources, particularly RAM. Chrome is notorious for using more RAM than other browsers, meaning that loading CNN’s Homepage, YouTube, and Google’s search engine at the same time with extensions used about 2 GB of RAM. Compare that to 1 GB in Firefox and a 600 MB (6/10th of a GB) in Safari loading the same sites and extensions.

Cross-Platform:

Being based of Chrome, Brave runs on Windows and Linux, as well as iOS and Android. After numerous issues with Facebook, I actually started using Facebook in the Brave browser exclusively, though with all shields and no scripts turned on. As a mobile browser it’s fairly simple and with a few options regarding appearance and privacy, such as the built in ad blocking (with Brave Rewards and BAT options), automatic HTTPS upgrading, fingerprinting protection, etc. These options are all on or off, no settings regarding cross-site vs all options. You do have the additional option of securing Brave with a passcode and biometrics, meaning you can unlock using Brave with TouchID or FaceID. The Private Mode does not include TOR, and will still use your default search engine, so this is a little disappointing compared to the desktop version. This may be due to the limitations of the platform rather than the vendor.

Here’s one odd thing at the moment. Technically Brave Mobile has the option to sync on mobile, but the option is no longer present on the desktop version. Previously, Brave included a sync method to sync your bookmarks across instances. In order to preserve privacy, you didn’t create an account like you do with other browsers, but rather linked them by scanning a QR code or typing a randomly generated phrase on the device you wanted to sync that was displayed on the device that had your Brave info. While I was able to use this initially during testing, it was taken out during my use of it. It seems that the developers are coming out with a new version, but aren’t ready to deploy it. For now it’s kind of a sticking point, as it’s really convenient to have my bookmarks, browsing history, and especially open tabs available to me across platforms. Hopefully we see a refined version make a return soon to the browser, but at the time it is a feature sorely missing. Still, I still am using Brave as my Facebook app for the time being.

Image of the old method of syncing Brave using QR codes and long phrases
The old method of Brave sync. Image from Brave.com

Conclusion

Brave of all browsers seems to be the most aggressive in tackling online privacy, even more so than Firefox and Apple. That’s not to say that the others are failures, I still appreciate Firefox’s new encrypted DNS feature, only that Brave should be considered part of this roster of privacy vanguards. At the moment the lack of sync, as well as Firefox’s wonderful Containers extensions keep me at the moment from switching. That said, I honestly have to consider Brave in the future, and have recommended it over Chrome to a number of users. I’m also still using it on my phone in its most aggressive form for Facebook on my phone. It truly is all the power of Chrome, and then some, in a privacy respecting package.

Feel free to comment.

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.