Spyware Article 1 | Brave [Web Browsers]

Talk anything about anonymity
User avatar
ethical hacker
Posts: 169
Joined: Thu Feb 29, 2024 10:48 pm

Spyware Article 1 | Brave [Web Browsers]

Postby ethical hacker » Mon Jul 08, 2024 6:42 am

Image

Spyware Level: High

Firstly, what is Spyware? We define spyware as anything that contains telemetry, calling home, automatic updates, or is eavesdropping without the user's knowledge or consent.

Brave Browser is a Chromium variant complete with manifold captivating attributes not found elsewhere, such as its integrated Ad-blocker and other enhancements, fingerprinting protection, a neater Preferences menu compared to other Chrome counterparts, and the (voluntary) capacity to automatically endorse (reimburse) the websites one peruses. The developers posit it as "A browser with your interests at heart".

1. Updating Software
Brave is self-updating software, utilises Google as the default search engine, possesses built-in telemetry, and even has an opt-out RSS-like news feed akin to Firefox Pocket. These should not be the elements that spring to mind if someone were to envision a privacy-oriented browser.

2. Automatically Updates
Brave verifieth for updates each time it is employed, and one doth not obtain the option to disable this within the browser.

3. Brave Possesses Inherent Telemetry
During operation, Brave initiates a multitude of communications with the domain "p3a.brave.com", under the category of telemetry. They assert that the data thus acquired is stored temporarily for a number of days.
This particular feature allows for an opt-out mechanism, which may be deactivated.
- This deactivation can be effectuated within the settings, more specifically in the privacy section.

4. Brave Today
Brave has a feature akin to Firefox Pocket, entailing a function known as Brave Today. For those unacquainted with Firefox Pocket, it is essentially an RSS-inspired news aggregation shown in each vacant tab. Regrettably, the feature in Brave operates on an opt-out basis, resulting in numerous requests being sent to the company's servers. Though it may appear that the feature itself is not removable, setting tabs to blank appears to resolve the issue by halting the aforementioned requests.

5. Safe Browsing
Brave utilises SafeBrowsing, a feature which endeavours to "shield" the user from potentially inauspicious websites and extensions. Nonetheless, it transmits petitions to obtain the requisite intelligence. Brave's SafeBrowsing is underpinned by Google.
- This alternative can be disabled within settings > security.

6. Rewards
Brave possesses a reward scheme. At preliminary inspection, it appears as though the reward programme is an opt-in; however, the internet browser conducts requests to these domains irrespective of whether you enrol or not:
rewards.brave.com / grant.rewards.brave.com / api.rewards.brave.com

7. Requests
Upon initial initiation, Brave dispatches a petition to procure the library employed in identifying orthographic inaccuracies:
Image

Upon commencing, the application dispatches a petition unto variations.brave.com. Brave employs this practice to activate and deactivate elements.
Image

Brave retrieves the list of associates via laptop-updates.brave.com:
Image

Brave makes a request to static1.brave.com from time to time, which seems to be employed to obtain plugin information. Upon entering the url into the browser, it was directed to Google's error 404 page.
Image
Image

A swift curl --head static1.brave.com that Brave utilises Google's gstatic, which likewise employs Cloudflare:
Image

Upon the inaugural operation, Brave retrieves five add-ons from brave-core-ext.s3.brave.com and endeavours to install them:
Image

CONCLUSION
Google is the pre-eminent search engine for Brave. For a browser that purports to be privacy conscious, this is a
red flag.

Return to “Discussions about anonymity”