Harden Defaults/Settings Presets

It is my opinion that Brave should be more hardened by default (all fingerprinting should be blocked by default for example, not just 3rd party). The types of folks using this product are doing so at least in part because they feel Brave is a more secure and/or privacy-focused browser (and is advertised as such) and therefore these types of settings make more sense to be on and set to their more secure option “out of the box”. In my experience, the difference between 3rd party vs all fingerprint blocking has created very, very minor incompatibilities at best and on very few sites. I’d venture to say folks that have any issues with a site will have a tendency to just toggle all shields off for a broken site rather than spending time fine-tuning it.

If the devs disagree, perhaps there could be a few easy presets from which to select from the settings page that toggle the whole lot of settings. Such as a “tinfoil hat” preset that sets everything to on/max privacy/security-wise at the expense of compatibility on one end of the spectrum and a “casual user with ad-blocking only” that changes settings for the best compatibility while providing only minimal ad-blocking on the other end of the spectrum. I realize we can import/export settings, but this would still be great to help easily get started on a fresh install and/or see what level you have set at a glance.

Thanks for the feedback @unab0mb,

Just a personal opinion. Actually, it’s already changed from Allow all fingerprinting to Block 3rd party fingerprinting for the default setting. IMHO, it’s a good move. But change to Block all fingerprinting by default will break many sites and it will lead some users (the average Joe) to think that Brave is not working.

Maybe someday in the future. But for now, the current default settings is good enough, IMHO. And user always able to change their default shields settings too.

Also cc @Mattches on this.

You’re assuming Brave’s users are the average Joe there. It makes me think: Who uses Brave, and who is Brave’s target audience and mission? If you download the Tor Project Browser, you’re expecting it to be locked down out of the box. It would be stupid to not maximize every possible bit of security/privacy they can squeeze out of it. It’s also reasonable to assume the folks using that browser have a higher level technical ability and they expect sites to break and they tweak settings as necessary to fix a broken site.

The developers know this, the users know this. Everyone’s happy. Google Chrome is at the opposite end of the spectrum. It’s got to work for Grandma to see her grand kid’s Facebook photos and privacy is of zero concern.

So where does Brave fall? What are Brave’s users’ expectations and what attracts them to Brave?

Brave advertises itself as more secure and privacy focused and even implements Tor. But by how much? Just dipping the toes in the water? On Android, Brave is listed in the Play Store as “Brave Browser: Fast AdBlocker” which honestly makes me cringe. Does Brave have an identity crisis? It’s got to be more than Chromium with NoScript, UBlock/ABP, HTTPS Everywhere, and CanvasBlock extensions. I’d personally like to see Brave as a more functional and faster Tor Project replacement (or be able to configure it that way easily).

Correction: … it will lead some users (the average Joe) …

Again, it’s my personal opinion. :grin:

I’m not assuming. Sure, Brave have users with many backgrounds. And I’m just pointing out that average Joe that use Brave may think Brave is not working because it’s break things.

Brave users is more general than Tor browser. And I think Brave is on the right path. They introduce a safer, better browser that easy to use even by the average Joe. While in the same way introduce and educate the user about taking back their own control.

I’m also not said that Brave will not harden the default settings. They may will do it. EDIT: And they did, with the Fingerprinting Protection like I mentioned above. And they do exploring more method to make Brave users more secure, etc. But for gain more users, the current default settings is good enough. While still educate users about it (the settings, etc). That’s my point in my previous reply.

And again, thanks for the feedback. I already cc-ing one from the team to make sure your feedback hit the right person. :slightly_smiling_face::ok_hand:

@unab0mb, thanks for the feedback. There are several things I’d like to touch on here.

I think I actually like this idea. I personally think its more useful to teach users to fine-tune their privacy/settings and try to understand how ads/sites interact and use your data. But I also understand that not everybody is interested in that and the “presets” solution is an interesting alternative. Thanks for bringing it up.

The important part here is that we can’t (and shouldn’t) be assuming who our audience is anymore. Maybe a year or two ago we could reasonably surmise what the majority of our users skillset would be. But we currently have over half a million desktop users (last I checked, I imagine this number will be trending upward through the end of the year and this is not including Beta/Dev users) and 3m+ monthly active users on Android using Brave.

Statistically (although there’s more to it), its highly unlikely that the majority of these 3.5 - 4 million users are going to be developers or users tech-savvy enough to speak at length about open source software development. That’s not to ignore the many users who are [advanced/savvy/etc] - and we’ve given (and will continue to give) them plenty of knobs and settings to configure and fine-tune their browsing experience. But the reality is that there are more than enough people interested in what we’re trying to achieve here at Brave to warrant making our product accessible to a broader audience.

This brings me to the last point I’d like to make here:

It sounds like you’re making the following claim:

Internet and online privacy are complex subjects --> Brave is a privacy focused web browser --> Tech-savvy users will be drawn to Brave --> Brave should cater to these users

While not entirely untrue; what about Grandma? Should she not also be afforded the same level of online privacy and security simply because she’s unaware of what’s happening to her data? Is it okay for Grandma to be manipulated by online advertisers and other entities who would take advantage of her because she’s not “knowledgable” enough to stop it? The front-page of our official website says that “You are not a product.”

The corollary to this message being “‘Grandma’ is also not a product”. Brave’s goal is to make the web a better, safer place for everyone. We would like to invite people in and help guide them along the path, rather than push them away for not knowing about the path already.

1 Like

@Mattches Thanks for taking the time to reply. You make very good points. It’s a difficult task to balance usability with privacy and security as well as to balance advanced user’s and basic user’s needs. One of the things that draws me to Brave actually, is I can install a reasonably secure browser out of the box that supports what I’d normally have to do a bunch of tweaks and install several extensions for. Even though I can go through every about:config entry, it’s exhausting.

1 Like