There are a lot of sites out there that use third party “ads and trackers” for various reasons. The third party code is often required for the site to function correctly. Third party login is a big example. On many sites, you simply can’t log in with Shields up.
Right now, the fix to be able to use these sites in brave is to disable Shields on that site. But this exposes you to all the other nasty third party code that you don’t want as well - in my case, I frequently use Google sign in but avoid all things Facebook as much as possible.
I’d like to choose which third parties, or even which specific third party scripts, are allowled to load on a given site. It would also be useful to have a white list of certain third parties that should always be allowed. Cutting malicious web conglomerates out of my life is a big reason I’ve adopted Brave, but at this time it’s still impossible for me to do that effectively.
I came here to suggest the PRECISE same thing. This is a HUGE security risk.
Additionally, you should strive to improve your database so that eventually you know precisely which domains need to be allowed for the majority of the major websites. This would be a TREMENDOUS boon, as the vast majority of end users have already given up and don’t bother blocking anything anymore.
Please see this through and give the feature the proper attention that it is due.
Also, I could congratulate on the fact that your shields block nearly precisely the same things that Ghostery does, always. However, DuckDuckGo Privacy Essentials, Privacy Badger and AdBlock Plus all catch various problems that your shields do not.
I’ve seen it mentioned elsewhere that people want a function to retain login cookies that does not yet exist. I am a little bit more concerned about a lack of a way to delete Java and Flash global cookies that persist between browsing sessions. However, like the standard cookies, I would prefer that you allow me to whitelist certain cookies so you’re not breaking third party apps every time that I close my browser.
Oh and the ‘Script Blocking’ shield…? Geez… that’s embarrassing. At LEAST add in the functionality of ScriptSafe (the chromium version of NoScript). Even ScriptSafe is too annoying for most people, though. Your best bet would be to work up a script blocking database of which domains to whitelist where, as I mentioned above.
Keep up the good work! As soon as I see that your shields are up to par, I intend to start recommending your browser to my clients, friends and family, and the masses in general.
You guys have a true Firefox killer here, don’t mess it up.
P.S. Due to the recent stink about CloudFlare, I would PERSONALLY like a function to block them on every site (blacklist), no matter what, unless I specifically allow them. I doubt the majority of your end users will see much use in that feature, though.