In my quest for “backup options” to the security and privacy tools I use daily, I have recently rediscovered Brave. I tried it a few months back at a reader’s request. At the time I didn’t really give it the chance it deserved because Firefox met all my browsing needs and my attention was probably elsewhere. Recently, in the interim between the launch of Firefox 57 and the release of the new NoScript, I gave Brave a second chance. I’ve found there’s a lot to like about it, and it is officially my “backup browser.” This Brave review will explain its features and how to use it.
Brave Review Intro
On the surface, Brave is a very simple, clean browser. But it also packs an impressive feature set that is relatively easy to use and doesn’t require advanced technical knowledge to setup. Brave is based in Chromium code. This means that Brave has many of the security benefits of Chrome but in a more privacy-respecting version. As a side note, I ran across a rather humorous forum thread discussing the problems Brave is causing those using Google Analytics and Google Adsense.
I am also pleased to note that Brave comes recommended by PrivacyTools.io. This recommendation is becoming more and more of a factor in my tool selection. Though I don’t believe Brave is as quite as robust in the privacy and security department as Firefox, it comes pretty close and is much easier to use. This Brave Review will begin with a discussion of the settings, Brave’s “Shields,” and using the browser.
Brave Security Settings
Brave comes with ads and trackers blocked by default, but still needs a lot of work. Opening a new window displays stats about your usage. Normally this would alarm me, but the stats displayed are the number of trackers and ads blocked, the number of HTTPS upgrades, and the amount of time you have saved by disallowing ads. This page is also where you will find shortcuts to Brave’s settings, history, and bookmarks menus.
One of my favorite features of Brave is that all the privacy and security settings are intuitive and user-friendly. To access them, open the browser and click the gear-shaped Settings icon in the lower left of the screen. Alternatively click the hamburger at upper-right and select “Preferences” from the fly-out menu.
This opens a rather large menu of settings. The first ones we will focus on are under the Security tab. This tab allows you to select what data is deleted every time you close Brave, including browsing and download history, cached images and files, cookies, autocomplete/autofill data, and saved site settings and permissions. I recommend selecting all of these, with the possible exception of “saved site settings and permissions” which I will discuss shortly.
The next option will be a password manager drop-down. Brave has their own, built-in password manager. Though I don’t recommend using it, it is encrypted. Brave also supports built-in integration with 1Password, Dashlane, LastPass, and BitWarden. If you are using a host-based password manager, choose, “Don’t manage my passwords.” Brave also allows you to manage several other security settings, including the media autoplay, and full screen content. The final setting under Security is Do Not Track. I leave this checkbox empty because it only requests (rather than commands) that sites not track you.
Brave “Shield” Settings
The “Shields” tab of Brave’s settings are extremely interesting. These are really what makes Brave my go-to backup browser. This setting allows you to quickly and easily control important security settings. The first two drop-downs allow you to control ads and cookies. The Ad Control drop down gives you three choices: Block Ads, Allow Brave Ads, or Allow All Ads. The ads that Brave allows are those that do not contain malware, do not track users to other sites, and do not disrupt user experience. Brave explains this model in their FAQ. By default all ads are blocked when you first install Brave. the Cookie Control drop-down allows you to block all cookies, allow all cookies, or block 3rd party cookies. The next selection of settings are Brave’s “Shields” and I recommend turning all of these on.
The first of shield is HTTPS Everywhere. This functions in the same way that the add-on in Firefox does: by attempting to force sites with the ability to provide an encrypted connection to do so. The second shield is “Block Phishing/Malware” which leverages AdBlockPlus lists to blacklist fraudulent websites.
My favorite shield is “Block Scripts.” This shield does indeed break many websites, much like NoScript. Unlike NoScript this does not give you the ability to whitelist individual scripts; you have to choose the entire page or not. I still leave this setting turned on; if I inadvertently click a link I want the protection of disallowing scripts by default. Also, if I visit a page with an inordinate number or scripts I may reconsider visiting that site.
The final slider is “Fingerprinting Protection” which you are also warned may break some sites. I have yet to have a site broken by this setting, but I have run across a few that are attempting to fingerprint me. The elements this protects you against are explained in detail here. The quick rundown is that Brave blocks sites from extracting you against canvas, WebGL, and AudioContext fingerprinting, blocks WebRTC requests, battery status requests, and SVG fingerprinting. This is a pretty impressive suite from an out-of-the-box browser.
Clicking the big, orange “Manage Adblock Settings…” button will open a new page. This page has a number of predefined blacklists for advertisements. Most of them are tailored for specific regions of the world (i.e. “BGR: Bulgarian Adblock list”). This is a very thoughtful feature, and allows user to customize the browser to the region in which they live. I have found the default list to be sufficient and have not enabled any other lists.
Brave Review: Using Brave
If you setup your instance of Brave as I have described you will doubtlessly break some sites. Fortunately, this is easy to fix. The Brave “Shield” logo is always in the upper right-hand corner of the browser. Clicking on this will open a panel that will display a counter and per-site options for the shields. The counter is the number of blocked ads and trackers, HTTPS upgrades, disallowed scripts, and blocked fingerprinting methods. Clicking on any of these will display the scripts themselves. In the screenshot below I clicked on “37 Scripts Blocked” to reveal the list of scripts attempting to execute.
If you decide to allow scripts on a website, simply toggle the slider for scripts to “off” and the page will probably work. It has been extremely rare that I have had to adjust any other settings to make a page work. Once you allow scripts you will likely notice the numbers of blocked ads and trackers increase. You may also notice some fingerprinting methods appear, as shown below. This is because they cannot execute without scripts. Fortunately they are still blocked even if scripts are allowed.
I mentioned that I would readdress the setting to clear “Saved Site Settings & Permissions” slider. There is both a positive and negative aspect to this setting. If you leave it enabled, every time you close the browser Brave will forget which sites you have allowed scripts on. This can get frustrating; every time you close Brave and reopen it, you have to re-enable scripts on DuckDuckGo to execute a simple search.
The alternative is to leave this slider in the “off” position. This concerns me since this list of “whitelisted” pages will grow over time. I might allow a page’s scripts and forget that I’ve allowed it later. If you choose to go this route, Brave offers a simple way to clear pages that you no longer wish to visit and no longer intend to allow. Simply open the settings and to to the Shields tab. At the bottom the list of whitelisted sites will appear, with an orange “X” beside each one. Clicking the “X” will remove it immediately from the whitelist (see screenshot below).
Brave Review: Plugins and Widevine
Brave also offers the ability to whitelist Adobe Flash and Google’s Widevine. Both of these protocols are for media playback. One is necessary on many of today’s streaming services; the other is not. Adobe Flash is borderline obsolete and has mostly been replaced with HTML5. I would strongly recommend leaving this one disabled. Widevine is less easy to resist.
Widevine is a digital rights management program that decrypts protected streaming content from sites like Amazon. If you have an Amazon Prime membership and wish to take advantage of its streaming service, you will have to permit Widevine. Unfortunately Widevine is owned by Google, and gives Google broader access to your system and browsing information.
I like the way this is handled in Brave. You have a simple on/off toggle. The Widevine plugin in only installed on your system when the toggle is set to the “on” position. Though Brave recommends against enabling Widevine, I realize that the vast majority of people will want to enjoy videos from their computers. I recommend that if you are going to use it, enable it only when enjoying your content, and disable it immediately afterward. I further recommend clearing all your history before enabling it to limit what can be scraped by Google.
Brave Review: Wrap-Up
Even if you can’t get enough of Firefox and NoScript, there is one other thing to consider Brave for: norms. If there is someone in your life that can’t tolerate a highly modified Firefox, Brave is the perfect solution. You can set it up for them and in five minutes almost anyone could be using it.
On thing I didn’t mention in this Brave review is the Payment system Brave has implemented. This is a simple system that allows you to anonymously fund the websites you like through very small micro-payments. As the operator of a blog who has put many hours into generating completely free content, I fully appreciate how hard it is to monetize a blog while respecting users’ privacy. Without direct monetization – asking users to pay directly – the only way to even break even on a blog is to make some compromises. Whether Brave Payments fixes this in the longer term remains to be seen (and seems somewhat doubtful) but it’s a step in the right direction. You can find out more about it HERE.
I wish I had written a Brave review a long time ago. This browser is truly impressive. Though it won’t replace Firefox in my arsenal, it will remain on my computer. Brave is free, open-source, and available for Mac, Windows, Linux, iOS, and Android.