Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Brave Browser. Show all posts

Brave Browser: The Secure and Private Way to Surf the Web

 



Data is more precious in today's digital world than ever. Companies are trying to collect as much as possible to sell it to third-party data brokers. Cybercrime is growing steadily and targeting unsuspecting victims. Addressing both issues is one of the reasons the more mindful browser, Brave, is integrating an array of features to keep data secure and private.

Another feature that differentiates Brave is that it has a built-in use of Brave Shields- the application engaged in blocking harmful elements that may track the behaviour of your browsing. In other types of browsers, users have to install third-party ad blockers. Brave Shields are installed directly in the browser and prevent intrusive ads and trackers from retrieving data regarding the activities you perform online.

It also solves a very common problem with ad blockers, which is that some websites break when the ads are blocked. To solve this issue, Brave replaces tracking codes with privacy-friendly alternatives while ensuring that the integrity of the webpage is maintained and your data is kept secure. As companies continue to devise new ways to hide trackers, Brave is countering this through CNAME uncloaking techniques by uncovering such hidden threats before they manage to collect data from you.

Blocking Cross-Site Cookies

Cookies are small files that download onto your computer, which track your surfing and, more often than not, targeted advertisements will follow you around the web. Cross-site cookies are blocked, by default, on Brave so websites cannot track movements from one site to the other. Brave provides temporary cookies for functionality, though without exposing any private data, for the occasional cookie-dependent website.

Phishing Protection with Google Safe Browsing

Though it puts much emphasis on privacy, Brave remembers security. It uses Google Safe Browsing, which won't enable a user to reach a phishing site or download harmful files. Being built upon Chromium, the same platform that Google Chrome runs on, Brave ensures users protection from known threats to their developers, hence making browsing safer.

While Google Safe Browsing is a service that compromises privacy within Google Chrome, it only serves Brave to block harmful websites without the collection of any personal data from browsing.

A Search Engine Respecting Your Privacy

Most search engines log your search history, accumulating information about the queries you made and selling that information to customise ads or even sell. In contrast, Brave Search does not collect, store, or share search queries when accessed through the browser. This is a completely private browser that does not believe in logging and selling your browsing habits. Additionally, Brave Search serves less biased results because it crawls the web itself rather than prioritising by SEO schemes or the behaviour of prior users.

Another advantage of Brave Search is that it can be utilised independently of the download of the Brave browser – so anyone can have private searches.

Inbuilt VPN and Firewall

It also has a built-in VPN and firewall from Brave, that's available on free trial for seven days, after which you can subscribe to it at $9.99 a month. This will ensure your activity is completely hidden from all the potential threats looking at you, and you won't let any malicious content get inside or leave your network. A VPN encrypts internet traffic so nobody can track your activity online, while the firewall keeps unwanted data from appearing in your system.

It's probably refreshing about Brave, considering it is committed to protecting personal data. Most companies have either policies or strategies that collect and sell a user's data. With Brave, what is striking is the no-sharing policy, full compliance with the General Data Protection Regulation (GDPR) in Europe and the California Consumer Privacy Act (CCPA), and as such, all users' benefit from strong data protection law, irrespective of their region.

For people who place importance on privacy and safety, Brave is a full answer. This is because the provider separates itself from the rest of the browsers by its focus on protecting the user from risks connected with the misuse of data or cybercrime through features like Brave Shields, cross-site cookie blocking, private search options, and built-in VPN and firewall services. These have extended to ensure that your web experience remains secure and private; from stopping trackers, malicious websites, and unwanted ads.


How is Brave’s ‘Leo’ a Better Generative AI Option?


Brave Browser 

Brave is a Chromium-based browser, running on Brave search engine, that restricted tracking for personal ads. 

Brave’s new product – Leo – is a generative AI assistant, on top of Anthropic's Claude and Meta's Llama 2. Apparently, Leo promotes user-privacy as its main feature. 

Unlike any other generative AI-chatbots, like ChatGPT, Leo offers much better privacy to its users. The AI assistant does not store any of the user’s chat history, neither does it use the user’s data for training purposes. 

Moreover, a user does not need to make an account in order to access Leo. Also, if a user is leveraging its premium experience, Brave will not link their accounts to the data they may have used. / Leo chatbot has been put to test for three months now. However, Brave is now making Leo available to all users of the most recent 1.60 desktop browser version. As soon as Brave rolls it out to you, you ought to see the Leo emblem on the sidebar of the browser. In the upcoming months, Leo support will be added to the Brave apps for Android and iPhone.

Privacy with Leo AI Assistant 

User privacy has remained a major concern when it comes to ChatGPT and Google Bard or any AI product. 

A better option in AI chatbots, along with their innovative features, will ultimately be the one which provides better privacy to its users. Leo, in this case, has a potential to bring a revolution, taking into account that Brave promotes the chatbot’s “unparalleled privacy” feature straight away. 

Since users do not require any account to access Leo, they need not verify their emails or phones numbers as well. This way, the user’s contact information is rather secure. 

Moreover, if the user chooses to use $15/month Leo Premium, they receive tokens that are not linked to their accounts. However, Brave notes that, this way, “ you can never connect your purchase details with your usage of the product, an extra step that ensures your activity is private to you and only you.”

The company says, “the email you used to create your account is unlinkable to your day-to-day use of Leo, making this a uniquely private credentialing experience.”

Brave further notes that all Leo requests will be sent via an anonymous server, meaning that Leo traffic cannot be connected to user’s IP addresses. 

More significantly, Brave will no longer host Leo's conversations. As soon as they are formed, they will be disposed of instantly. Leo will also not learn from those conversations. Moreover, Brave will not gather any personal identifiers, such as your IP address. Leo will not gather user data, nor will any other third-party model suppliers. Considering that Leo is based on two language models, this is significant.  

Chrome's Invasive New Tracking Sparks Need for a New Browser

The importance of privacy issues has increased in the digital era, leading people to look for browsers that prioritize data protection. One of the most popular browsers, Chrome, has recently drawn criticism for its intrusive new tracking features. Users are encouraged to investigate privacy-focused options by this development.

Chrome's latest tracking initiative, Ad Topics, allows websites to gather detailed information about users' online activities. This information is then used to tailor advertisements, potentially leading to a breach of user privacy. As reported by Android Authority, this feature has raised significant concerns among privacy advocates and users alike.

In response to these concerns, the Privacy Sandbox initiative has been introduced. Spearheaded by industry leaders, including Google, it aims to strike a balance between personalized advertising and user privacy. By creating a set of privacy-preserving APIs, Privacy Sandbox seeks to protect users' data while still enabling advertisers to deliver relevant content.

Privacy Sandbox's mission is to "evolve the web ecosystem to provide a more private experience for users." By prioritizing user privacy, it aims to reshape the online experience, ensuring that individuals have greater control over their personal information. This initiative signals a positive step towards a more secure and user-centric internet.

Experts emphasize the significance of user awareness and choice in this evolving landscape. As stated by John Doe, a privacy advocate, "Users deserve to have a say in how their data is collected and used online. It's crucial for them to be informed about the tracking practices of their chosen browser."

In light of these developments, users are urged to explore alternative browsers prioritizing privacy. Browsers like Brave, Firefox, and Safari have long been known for their commitment to user data protection. These options offer robust privacy features, ensuring that users can navigate the web without sacrificing their personal information.

Recent tracking capabilities added to Chrome show how crucial privacy is becoming in the digital sphere. The advent of programs like Privacy Sandbox is a step in the right direction toward achieving a balance between user security and personalization. However, looking at alternative browsers is a wise decision for people seeking urgent privacy guarantees. It is crucial that we control our online experiences while maintaining our privacy since as users, we have the capacity to do so.


Brave Disabled a Chrome Extension Linked to Facebook Users

 

Last week, security analyst Zach Edwards stated how Brave had restricted the L.O.C. Chrome extension citing concerns it leaked the user's Facebook information to the third server without warning or authorization prompt. An access token used by L.O.C. was obtained easily from Facebook's Creator Studio online app. After retrieving this token — a text thread made up of 192 alphanumeric characters – from the apps, the chrome extensions can use it with Facebook's Graph API to get data about the signed-in user without being a Facebook-approved third-party app. 

The concern is whether this type of data access could be exploited. Without the user's knowledge, an extension using this token could, copy the user's file and transmit it to a remote server. It might also save the user's name and email address and use it to track them across websites. According to a Brave official, the business is working with the programmer to make certain changes — most likely an alert or permission prompt – to ensure the extension is appropriate in terms of privacy and security. 

In September 2018, Facebook announced a security breach impacting nearly 50 million profiles, it blamed criminals for stealing access tokens supplied by its "View As" function, allowing users to see how the profiles appear to others." They were able to steal Facebook access tokens, which subsequently used to take over people's accounts," said Guy Rosen, Meta's VP of Integrity.

Cambridge Analytica accessed people's Facebook profiles using a third-party quiz app which was linked to the social media platform. One would assume a quiz app won't disclose your Facebook profile information with others, and a Chrome extension won't do the same. Despite Facebook's assurances, some steps must be taken to prevent a repetition of the Cambridge Analytica scandal, the Creators Studio access tokens in the hands of a malicious and widely used Chrome extension might lead to a rerun of history. 

Part of the problem is Google's Chrome extensions seem easy to corrupt or exploit, and Meta, aside from reporting the matter to Google, has no immediate ability to block the deployment of extensions which abuse its Graph API. The Creator Studio token is detailed to the user's session, according to a Meta representative, meaning it will terminate if the extension user signs out of Facebook. And, if the token hasn't been transferred to the extension developer's server, as looks to be the situation with the L.O.C. extension, uninstalling it will also result in the token expiring. 

Meta has asked Google to delete the extension from the Chrome Web Store once more and is looking into alternative options.

Google Took Down Luring Ads Posing as Brave Browser

 

Malicious advertising has attracted internet visitors to the bogus Brave website. The fraudulent website delivered an ArechClient (SectopRAT) malware variant of the Brave browser. Google put an end to the scam by removing the fraudulent advertisement. 

Website surfers who tried to install a copy of the Brave browser had a smartly camouflaged advertisement that sent the visitors to a dangerous website, wherein they implanted malware on their computers. 

This rogue website was placed on brav.com, wherein Brave is spelled in place of the standard Latin alphabet with a little Lithuanian capital (with a dot at the top). Brave's Web browser is free and open-source, created by Chromium-based Brave Software, Inc. 

Brave, indeed is a confidentiality-focused browser, which is distinguished for eliminating online ads and website tracking in its default settings. An ISO file claiming to carry the Brave installer was downloaded by users who visited the site, engineered to resemble the authentic Brave portal. 

In contrast to the Brave browser installation, an ArechClient malware variant (SecctopRAT) of the ISO file was downloaded, security researcher Bart Blaze told The Record after scanning the malicious file. The malware's key characteristic is to rob data from browsers and cryptocurrencies, Blaze claimed. 

It also contains many anti-VM and anti-emulator scanning functions to stop the identification of malicious capabilities for investigators and security solutions. 

It is advisable to change web account passwords and transfer cryptocurrency assets to new addresses for anybody who inadvertently downloaded this spyware. Nevertheless, Google has claimed that the fraudulent ad had been deleted. 

Such kinds of attacks are referred to as IDN homographic attacks which take place whenever threat actors record domains that are internationally similar to the Latin alphabet. 

Attacks, similar to that of against Brave, are being conducted over a decade since internationalized glyphs have been permitted for domain name use, and by Punycode, browsers have reacted to those non-standard characters. 

For instance, if the page is loaded within a modern browser, the fraudulent domain brav.com equals xn-brav-epa.com, but visitors would most probably download the malicious payload if the address bars are not paid attention to. 

Brave Browser is About to Launch its Own Search Engine

 

Brave is a free and open-source web browser based on the Chromium web browser that had been established by Brave Software, Inc. It offers an ad-free browsing experience and website trackers, and also accepts cryptocurrency from facility takers as a contribution in the form of Basic Attention Tokens to websites and content creators.
 
At present, Brave works on macOS, Windows, Linux, iOS, and Android. In recent updates, Brave organization is about to launch its own independent privacy-focused search engine that will support both ads and ad-free search results. 

As per the Company’s briefings, the search engine is developed by the former Cliqz team. The company had already announced the name of its upcoming search engine known as 'Brave Search'. The Tailcat search engine will be a foundation of Brave Search that will be integrated into the Brave browser. 

Additionally, the Search engine can be accessed outside of the company’s browser by navigating to brave.com/search. However, right now if you go there you will be seeing an option to sign up to the mailing list. For now, the company has not disclosed the date of launching for its Brave Search. Though, those who already signed up for the mailing list they will be first to use the new search engine when it will be launched. 

This alternative is being touted as “the first private alternative to Google Search and Google Chrome on both mobile and desktop.” However, it seems true. There exist some private alternatives to Google, but they do not provide both a browser and search engine on mobile and desktop. At present, the DuckDuckGo search engine is best known for its successful private alternative to Google, but it does not offer a desktop browser. 

In a press release, the company explained that how its search engine will be different from the previous ones developed by “Big Tech”: 

“Under the hood, nearly all of today’s search engines are either built by, or rely on, results from Big Tech companies. In contrast, the Tailcat search engine is built on top of a completely independent index, capable of delivering the quality people expect, but without compromising their privacy. Tailcat does not collect IP addresses or use personally identifiable information to improve search results.” 

Brave’s privacy-oriented web browser witnessed its own grown list of monthly active users from 11 million to 25 million. The company stated that right now we are considering offering both paid and free and versions of its search engine.

Bug in Brave Browser Expose Users’ Dark Web History

 

Brave, the web browser that insists on privacy, exposes users' activities to its Internet Service Providers on Tor's secret servers, or "dark web." In its browser, Brave has solved a data protection problem that sends queries for .onion domains to a DNS solution, instead of a Tor node path, so that access to the dark website is shown to users. In a hotfix release, the bug was addressed.

Brave is an open-source web browser built on a Chromium web browser created by Brave Software, Inc. It restricts advertisements and website trackers and supplies users with a way to submit cryptocurrency donations to websites and developers of content in the form of simple tokens. 

Introduced in June 2018, Brave's Tor mode has enabled Brave users to gain anonymity when browsing the internet, encouraging them to have access to the .onion versions of legal websites such as Facebook, Wikipedia, and key news portals over the years. However, an unnamed security researcher reported in the research article, that Brave's Tor mode had sent queries to DNS resolvers rather than Tor nodes on the open Network. DNS requests are non-encrypted so that attempts to access .onion sites in Brave can be monitored using the Tor functionality, which is directly contradictory to the goal of this platform at first. 

The aforementioned DNS leak poses great dangers when all leaks build footprints on the Tor traffic of Brave users in DNS server logs. The risk is important. While in some Western states with stable democracy it might not be troublesome, it may be a concern for certain browser users to browse Brave's Tor websites from the authoritarian regimes. 

This problem seems to be the product of the browser's CNAME ad-block feature, which blocks third-party monitoring scripts using CNAME DNS for first-party scripts and prevents traffic blocker detection. This allows a website to cloak third-party scripts using primary domain's- sub-domains that are then immediately routed into a monitoring domain. 

Over the last three years, the organization has worked to develop today, second only to Tor Browser, one of the most privacy-driven Web browser solutions available. 

A Brave developer has stated after the release that the browser provided a hotfix on the problem. The problem is already solved on the night of the development of the browser. 

“Since it’s now public we’re uplifting the fix to a stable hotfix. Root cause is regression from CNAME- based adblocking which used a separate DNS query.” He further added.