Hello,
Now that we know that duckduckgo communicates some of our data to Microsoft, I switched to Brave Search a few days ago and I must say that it is as efficient and relevant as Duckduckgo.
Don’t you think it would make more sense to make Brave Search the default search engine on Tor, given the recent revelations about DDG?
Just a question, I would love to hear from the community on this.
You shouldn’t swap one crap for another! You should never use DDG, Brave or Startpage! A good choice would be metasearch systems (SearX, MetaGer).
Brave Search is very good.
I would have preferred to have arguments and especially to know if it is planned to change the default browser or not at all.
In this case, you’re better off using private browsing in Google Chrome in conjunction with the Brave search engine.
If you care even the slightest bit about your privacy, read Brave’s history and his steps in “privacy”! I hope you will realize that there is nothing even close to that in Brave!
So far, I haven’t read anything worrying about Brave and I really think they care about the privacy of their users. Could you source what you say?
Hang on, what revelations? Please specify a source?
It made a lot of noise when it came out
OK I agree it’s not ideal that they’re whitelisting Microsoft trackers in their browser. I do though understand their need to make money somehow, search is not free after all. Fortunately it seems from their response that there are no Microsoft trackers embedded in their web search, that is unless you click on an ad, then Microsoft decides the tracking. That is not surprising to me, as it is an external resource just like any other site that appears in the search results. Yes it would be better if DDG used an ad service that would respect your privacy on the click of an ad as well, but again the money thing.
Yup! It might be more interesting to turn to Brave Search which does not depend on Microsoft, has its own index (unlike DDG which uses Bing) and is working on its own decentralized and transparent advertising system: THEMIS: Towards a Decentralized Ad Platform with Reporting Integrity (Part 1) | Brave Browser
But once again, it would be interesting to have the community’s opinion.
About Brave
https://ramble.pw/f/privacy/2387
Now as for DuckDuckGo
https://nitter.snopyta.org/yegg/status/1501716484761997318
Startpage
https://digdeeper.neocities.org/ghost/search.html#startpage
All this proves is that they cannot be trusted. Introducing search from these hypocrites is tantamount to shooting yourself in the foot! I am totally against the introduction of these search engines for all users!
I checked the subject of the trackers supposedly authorized on Brave and by checking it is not trackers to trace a user but links allowing the sites to function and display correctly! It is important to distinguish between trackers and technical elements that are “mandatory” for the proper functioning of a site. Moreover Brave proposes a “Strict” mode on the Shield allowing to block totally all the URLs, but it can prevent the normal functioning of sites like Facebook for example.
For the other link about crypto/donations (and like the other link you shared), it’s from 2018 and it’s changed quite a bit, now the BAT payments are made automatically every month.
Do you have any more recent items by any chance? Because these things have been out of date for years!
White lists on facebook and similar companies?! Is this a joke?
So am I right with this:
The only safe browser is Tor
The only safe search engines are SearX and MetaGer
If I have gotten that wrong please let me know. The one thing I guess Brave does better is blocking Ads since it has no adblocker and ads can be injected with malicious code which you are only safe from if using safest mode since it disables JavaScript?
I heard of a different thing called Lokinet, do you think its any good? Thanks
You would have to define what you mean by “safe” for your use case.
Not full of trackers and things that can be used to fingerprint a browsing session. People have said that Tor is the best counter surveillance tool accessable so I’d imagine it must be pretty secure against any use case
DuckDuckGo is not full of trackers, but they use their own in-house analytics. According to their privacy policy (DuckDuckGo Privacy Policy) they don’t store your IP or browser user agent. But even if they do, Tor Browser should protect you against this (what can be extracted is the IP address of the exit node and the generic user agent shared by thousands of other Tor Browser users). Note that DuckDuckGo does store search queries. So any personal information entered into that search box is saved.
As to tracking your ad clicks, I cannot remember the last time I saw an ad on DuckDuckGo, so I cannot myself evaluate how they look and behave.
Metager notes in their privacy policy that IP addresses and timestamps of searches are stored for 96 hours, then presumably deleted. They will also read your user agent, but it’s not clear whether this gets linked to your IP address. Again, Tor Browser should mitigate this. They also transmit search queries to their “partners” (including Bing), presumably to be able to extract and display the search results. I assume (but can’t confirm) that DuckDuckGo works the same way.
As for Brave Search, I don’t want to judge it straight away as it’s still a rather new search engine. But I am interested in knowing more about their independent web crawling methods. They state that a large majority of search results result from their own crawling, from something they call the Web Discovery Project. I have not found clear information on how this crawling is conducted, but it seems that they use usage data from Brave Browser users. Considering that the feature is opt-in, and again assuming that their engine builds on this usage data, I am surprised at how good search results their engine provides me with.
Another up-and-coming search provider I deem interesting is yep.com. It was launched very recently. They rely on their own web crawling for all search results. They claim to not store IP addresses (but they do process it in some way) or user agents. They do store search queries. I don’t think their search results are as good as the larger providers, especially for regional content, but this may change. It will be interesting to see how this one matures as well, and whether or not it will continue to be Tor-friendly.
Note that in this post I deliberately ignore the privacy practices contained in these search providers’ other products. I personally don’t deem it very relevant for Tor Browser users whether or not the a provider’s other products whitelist or contain specific tracking domains. I consider it a personal ethical choice whether or not to boycott those products. You may disagree, that is fine for me and I welcome discussion.
Thanks for getting back to me. Does this mean that you could get the same level of privacy in Brave by simply just using a VPN? If the only thing TBB does is replace the IP then a VPN can do the same and its definitely owned by people with a history and reputation whereas Tor is owned by nobody and consists of anybody? Please let me know if I misunderstood. VPN seems to be a frightening word for people on here, but if you do research its possible to find companies which are court proven as useless for obtaining info
I think you didn’t understand my message. Some elements can’t be blocked otherwise the site would not be usable anymore. I invite you to reread my entire message.
It is in no way about letting trackers trace users.
No, Tor Browser includes fingerprinting mitigations and sends your internet traffic through three different relays, hindering any one relay/server to know both your true IP address and the sites you browse. That’s very crudely put. I’m not an expert, so if you’re interested in the privacy features of Tor Browser, I suggest you start by reading https://support.torproject.org/
Generally speaking, Tor aims to solve three privacy problems:
First, Tor prevents websites and other services from learning your location, which they can use to build databases about your habits and interests. With Tor, your Internet connections don’t give you away by default – now you can have the ability to choose, for each connection, how much information to reveal.
Second, Tor prevents people watching your traffic locally (such as your ISP or someone with access to your home wifi or router) from learning what information you’re fetching and where you’re fetching it from. It also stops them from deciding what you’re allowed to learn and publish – if you can get to any part of the Tor network, you can reach any site on the Internet.
Third, Tor routes your connection through more than one Tor relay so no single relay can learn what you’re up to. Because these relays are run by different individuals or organizations, distributing trust provides more security than the old one hop proxy approach.
For more in-depth explanation, see this document: The Design and Implementation of the Tor Browser [DRAFT]
Basically, it depends on your threat model, as is repeated over and over in discussions over privacy on the internet.
By using a VPN you are putting your trust in one single provider. If you’re worried that the company may log your activity, they may or they may not. There’s no way to know for sure, and if they don’t log today they might start logging tomorrow. There’s also other things to consider, such as the general security of their servers. With Tor, you avoid putting your trust into one single provider, as you can read more about in the links I provided above.
I’m not going to tell you to use or not use a VPN. You can decide for yourself. I just want to note that it’s perfectly doable to look up information about Tor from credible sources using a search engine.
Brave includes fingerprint mitigation which has been pretty successful in the tests people were doing, it does give a fingerprint but a spoofed one with zero useful data. Most premium VPNs now have a multihop feature meaning the IP your ISP sees and the IP the websites see is different and can’t be linked, your ISP can’t tell whether you are using one or two hops because it can’t see the full pathway.
Thats true, but if you choose a provider with good reputation and history then its nothing to worry about and all VPN companies exist on the strenght of their agreements, if the company has previously been taken to court and couldn’t provide logs because there aren’t any then its a heavy backing of legitimacy. They also wouldn’t go through the struggles of a court case, win it due to no logs, then go and enable logs, that just obviously wouldn’t happen. With VPN you know who runs it and why whereas with Tor it could be ran by literally anybody and you have no idea who they are, previous security flaws within the network have only ever been patched after they were already exploited, not so with VPN. Most companies publish extensive information about how they secure their systems, the guy in his bedroom with a raspberry pi does not.
Its also worth mentioning that several government backed hacking attacks on hidden services with the intent of unmasking users would not have worked if they used a VPN. All the exploits would breach the browser and hit the VPN giving them a VPN IP, all the people who thought its a bad idea to combine Tor with VPN are the ones who got caught. Using just Tor puts 100% of your connection and trust into one user hosted project, if you add VPN its 50% on a reputable company and 50% on whoever you happen to randomly connect through on Tor.