#bravebrowser

danie10@squeet.me

Brave aims to curb the practice of websites that port scan visitors: Great idea, but will a normal user know what ‘localhost resources’ are?

Pop up window asking user whether they want to grant access to localhost resources with buttons for block or allow
The Brave browser will take action against websites that snoop on visitors by scanning their open Internet ports or accessing other network resources that can expose personal information.

Starting in version 1.54, Brave will automatically block website port scanning, a practice that a surprisingly large number of sites were found engaging in a few years ago.

Some sites use similar tactics in an attempt to fingerprint visitors, so they can be re-identified each time they return, even if they delete browser cookies. By running scripts that access local resources on the visiting devices, the sites can detect unique patterns in a visiting browser.

My only worry is that an average non-tech users is not going to firstly know what localhost resources are, and secondly what impact that may or may not have on their using that site.

Localhost resources are files or resources that are hosted on your local machine. They can be accessed by websites (if not blocked) or applications that are running on your computer, but they are not accessible from the internet.

If you block a website from accessing localhost resources on your computer, it will no longer be able to access files or resources that are hosted on your local machine. This can help to protect your computer from security risks, such as malware or viruses. However, blocking a website from accessing localhost resources may also prevent you from using certain features of the website. For example, if you block a website from accessing your database files, you may not be able to log in to the website or use certain features.

Ultimately, the decision of whether to block a website from accessing localhost resources is up to you. If you are concerned about your security, then blocking websites may be a good option. However, if you need to use certain features of a website, then you may need to allow the website to access your localhost resources.

So the takeaway is: Blocking by default will protect you, but some aspects of a website may break, and if you need to access those for a site you consider safe, then you may have to consider granting access.

See https://arstechnica.com/security/2023/06/brave-will-soon-control-which-sites-can-access-your-local-network-resources/
#Blog, #bravebrowser, #privacy, #technology

danie10@squeet.me

Brave Browser’s Off The Record feature, to protect vulnerable people, is different from Private browsing mode: Website owners to action this

Bild/Foto
I know this news is a month old, but I thought it no different at the time to Private browsing mode, and yet it is. It is specifically intended to help protect vulnerable people (for example, an abused spouse looking to find information about exiting a relationship), and where a browser profile is maybe shared with someone else, who should not see that specific websites are being visited.

Normal Private browsing is deliberately turned on before visiting a site, and leaves a complete hole in the browsing history whilst it is in use (showing someone removed browser history). The same goes for deleting recent browser history. And in both cases you must remember to perform these actions.

With Off The Record, the visited website will pop up a prompt asking if the OTR mode wants to be used (it prompts the user, and is something that qualifying websites would embed on their site for this purpose) and it only removes traces of this website’s visit. Other browser tab history continues to be recorded, leaving no suspicious gap in the browser history. This is browser specific, so obviously any other spying tools would still be operational if they record outside the browser, such as network traffic spying. I’d expect, though, this feature may be expanded further still to include some sort of automated split-tunnelling on the network, as the user action needs to be as simple-to-use as possible.

See https://www.ghacks.net/2023/05/29/first-look-at-brave-browsers-upcoming-off-the-record-feature/
#Blog, #abuse, #bravebrowser, #privacy, #technology, #vulnerable

danie10@squeet.me

Brave Browser takes the spring out of creepy bounce tracking, also known as redirect tracking

Bild/Foto
Browser maker Brave has developed a new way to ground “bounce tracking,” a sneaky technique for bypassing privacy defenses in order to track people across different websites.

Bounce tracking, also known as redirect tracking, dates back at least to 2014 when ad companies were looking for ways to avoid third-party cookie blocking defenses. “Bounce tracking is a way for trackers to track you even if browser-level privacy protections are in place,” explained Peter Synder, senior director of privacy at Brave, on Tuesday.

To curtail privacy intrusions of this sort, Brave software engineer Aleksey Khoroshilov and senior software engineer Ivan Efremov devised a defense called Unlinkable Bouncing. Unlinkable Bouncing is available in Brave Nightly, the company’s experimental build, and is expected in the upcoming version 1.37 release.

See https://www.theregister.com/2022/03/09/brave_bounce_tracking/

#technology #privacy #bravebrowser #tracking
#Blog, ##bravebrowser, ##privacy, ##technology, ##tracking