Brave Privacy Browser Is Whitelisting Trackers of Facebook and Twitter

bbondy 3 hours ago

Hi Im Brave's CTO.

There's a balance between breaking the web and being as strict as possible. Saying we fully allow Facebook tracking isn't right [1], but we admittedly need more strict-mode like settings for privacy conscious users.

We do block Facebook at least as good as uBlock origin with EasyPrivacy. The referenced code is in a separate component which does the same as Disconnect blocking.

We're taking this seriously internally and we'll iterate on where we are to improve the situation. We're looking at if we can polyfill a local JS resource instead for example as one option if it doesn't make further requests.

[1]: https://github.com/brave/adblock-lists/blob/f25b698aff4666bb...

https://github.com/brave/adblock-lists/blob/f25b698aff4666bb...

https://github.com/brave/adblock-lists/blob/f25b698aff4666bb...

reply

forgotmypw2 13 hours ago

// Temporary whitelist until we find a better solution const whitelistHosts = ['connect.facebook.net', 'connect.facebook.com', 'staticxx.facebook.com', 'www.facebook.com', 'scontent.xx.fbcdn.net', 'pbs.twimg.com', 'scontent-sjc2-1.xx.fbcdn.net', 'platform.twitter.com', 'syndication.twitter.com', 'cdn.syndication.twimg.com']

a better solution for what, i wonder

reply

futureastronaut 13 hours ago

That line is three years old, so how is this news now? And what's this "i wonder," do we not know how to use git here?

https://github.com/brave/browser-laptop/commit/c4cd7c1dc41a0...

https://github.com/brave/browser-laptop/commit/6edf56775f256...

https://github.com/brave/browser-laptop/commit/4c30cd08af9dd...

https://github.com/brave/browser-laptop/commit/0652274db0aee...

reply

READ ALSO:
rvnx 12 hours ago

I guess it's new that it was discovered, nobody seems to have noticed while it's a major issue for a privacy tool.

reply

kerng 10 hours ago

Security vulnerabilities commonly are discovered after a product releases... sometimes many years later.

reply

regnerba 13 hours ago

The related commits are years old. This isn't new. Last commit to that line was 3 years ago with the comment "unblocking embedding of twitter timelines".

https://github.com/brave/browser-laptop/commit/c4cd7c1dc41a0...

Also I just realized that is an archived repo that isn't used any more.

I took a quick look through the newer repos and couldn't find any kind of hard coded whitelist like that.

Am I missing something?

reply

rvnx 13 hours ago

As mentioned by phit_: https://github.com/brave/brave-core/blob/master/components/b...

reply

regnerba 12 hours ago

Ah, they put an underscore in the var name this time. Thanks for the link.

reply

groovecoder 5 hours ago

Huh ... I thought that must be a sensationalist headline but sure enough - a fresh download of Brave browser loads facebook.com on pinterest.com.

https://imgur.com/a/M4B9kJ2

reply

READ ALSO:   Spotify will now suspend or terminate accounts it finds are using ad blockers
CDSlice 13 hours ago

Is this still in the current version?

reply

chopraaa 13 hours ago

It is not.

reply

rvnx 13 hours ago

What makes you believe so ? https://github.com/brave/brave-browser/issues/1108

I'm trying to figure out if the code is still active case, but this is a quite recent ticket (after the release of the Chromium-based edition, and updated 4 days ago)

reply

phit_ 13 hours ago

looks like it is? https://github.com/brave/brave-core/blob/master/components/b...

reply

kakarot 13 hours ago

It's on the master branch... How did you determine it's not in the current version or will not be in the next version?

reply

rvnx 13 hours ago

Brave has two versions, Muon (legacy) running mostly JS code, and the Chromium-based (current), running mostly C++.

The whitelist is in both versions

reply

lostmsu 13 hours ago

Looks like their claim about privacy protection is bogus, eh?

It is still whitelisted in current.

reply

smt88 14 hours ago

"until we find a better solution" to what? More context would help.

READ ALSO:

reply

bevacqua 13 hours ago

Three years old in an archived repo, hmm…

reply

kakarot 13 hours ago

Way to ignore the comment directly before that line:

> // Temporary whitelist until we find a better solution

This post is sensationalist, flagged.

reply

rvnx 13 hours ago

It's temporary since 3 years, that's why ;)

reply

kakarot 13 hours ago

Then link to the new repo and provide context. Just highlighting a line with absolutely no context is sensationalist. I'm sure there have been public discussions about this.

reply

microwavecamera 12 hours ago
I'm sure there have been public discussions about this.

Can you substantiate this? Because that would be extremely relevant to the conversation. Making statements with absolutely no context just seems sensationalistic.

reply

kakarot 12 hours ago

I'm not entirely sure how I can substantiate an assumption.

reply

threatofrain 11 hours ago
READ ALSO:   Beerisgood/Firefox_Anti-Telemetry: Anti-Telemetry user.js for Mozilla Firefox

If you're sure that there's been public discussion about the matter, then surely you won't have to spend too much time looking it up on Google? Backing up assertions takes energy. Are you motivated enough to champion your own assertions?

reply

Similar Articles:

Free & Open Source Software (FOSS) | Go Incognito 1.4

Free & Open Source Software (FOSS) | Go Incognito 1.4

#18 - Build our own internet with André Staltz by

#18 - Build our own internet with André Staltz by

Archive

Archive

Why Using HTTPS is so Important for Your Website

Why Using HTTPS is so Important for Your Website

Tags: