Supervision password for selected brave settings

Requesting optional password protection from within the brave browser app(desktop/phones) that would allow a supervisor to lock selected settings.

Use case scenarios:

Supervision of devices owned by the supervisor, intended to be used by either the supervisor or others.

The user of the device not to be able to change certain settings within brave.

The most important settings, and the reason for me making this feature request, are DNS and VPN related settings, as these are the settings that can best control the kinds of content (as well as bypass said control of content) that brave exposes to the user of the device to.

The user of the device will want to bypass these controls, and the requested feature would be intended to prevent the brave browser from providing a route in doing so.

Thus when supervising brave settings, it would make sense to provide logical supervision settings such as Prevent DNS Settings Bypass, and Honor VPN Configurations that make it explicitly clear that brave understands the intent of the supervisor, so that brave will prioritize these settings over any other tomfoolery settings that the user might attempt to use to bypass the supervisor’s intended restrictions, including plugins/extensions/profiles/whatever.

Supervision settings that, come hell or high water, the DNS and VPN settings set by the supervisor shall be prioritized over all other settings, and override everything else that might conflict with it. And if that includes only allowing the supervisor to manage plugins and extensions, then that would also be part of such settings.
I, for one, would absolutely be willing to pay a premium for such capabilities. You could even tie it to the Brave VPN subscription and I would subscribe just for the supervision.

Obviously anything external to brave would not be brave’s responsibility.

^ That’s the end of the request. Below is my exhaustive reasoning for why I think this would be an excellent feature to add, as even though I love brave and think it is the best web browser, I cannot allow it in my home because it is too dangerous.


Right now I have several supervised devices in the home. They all have VPN and DNS settings restricted on the operating system level that cannot be changed without either an admin account override or specialized supervision software applying the changes.

I have the routers locked in plexiglass enclosures. Every device that I allow in my house that can access internet content, such as a web browser or app store, I do research to make sure that I can enforce my content restrictions on the device before its allowed inside. Usually that just involves the device honoring the DNS settings of the router, and not providing DNS settings that would override mine.

Brave is by far my favorite browser. It does the right things right out of the gate. Its got great plugin support right out of the gate. It is secure, fair, and empowering. For every smart device that supports installing web browsers, I would install brave on all of them.

… if I could, but alas, I cannot install brave on any of them. I only have it installed on my administrative laptop.

A web browser is the #1 most dangerous software application that anyone can have installed on any device. A web browser can access all of the horrors on the internet. By mere curiosity of learning about something you hear others talking about, or mistyping a search term in a web search, or clicking on an unsolicited link sent via email or text message, or a teenager losing themselves to hormonal mania (though neither of my kids are teenagers yet), a web browser can expose them to the worst content and/or habits that the internet has to offer.

Debauched “Adult” content, or addictive fake social interactions, or other time devouring distractions, I have advanced blocking/allowance controls in place at the DNS level ($ubscription NextDNS profiles) and on the VPN level ($ubscription Verizon Smart Family VPN).

I’ve put in a ton of effort and inve$tment accomplishing what I’ve done in my home, something that probably very very few have done, but probably should. Actually attempt to protect your home from the internet. This has been extremely difficult to accomplish and has required me to make sacrifices in what apps I allow. For example I have to whitelist apps on iOS devices so that my family’s apps can continue to get updates while ensuring that no VPN or DNS applications can be installed.
And on macOS/windows devices, I have to be the one to install and update app software, to ensure the same thing. That my content restrictions/blocking/allowance schedules be enforced.

I’ve tried allowing brave on supervised iPhones/iPads, and while I wasn’t able to bypass the supervised DNS configurations with brave settings itself (like I can in brave desktop settings), brave was able to install VPN profiles on all of them, and with the VPN enabled, the browser can of course bypass all DNS configurations and web content filters on iOS devices.

This makes brave one of the most dangerous apps you can allow on a phone. Not only is brave a web browser capable of accessing anything on the internet, including TOR sites, but the browser app itself can install VPN profiles even on supervised devices that are restricted to app-store whitelists, and restrictions preventing users from creating VPN profiles. Out of all of the browser apps that I’ve installed on iOS, brave is the only one that could do this, because the brave app is itself a VPN app…

And on brave desktop browser? Any user can simply change the DNS to cloudflare in the advanced settings, and bypass the OS’s admin protected DNS configurations. You don’t even need a VPN.
Even if brave respected the OS’s or router’s DNS settings, the browser itself can again install a VPN profile that doesn’t require an admin password… This is on a device where, if the user themselves tried to install VPN software, or manually create a VPN profile, it prompts them for admin account credentials. But because brave is already installed, and is itself a VPN app, is allowed to install VPN profiles.

Long story short, brave is my favorite browser for many reasons, that I can’t allow into my home. I feel like my hands are tied and I’m forced to restrict users to browsers that wont fight me. I didn’t go through all of this exhaustive effort protecting my home, to have all of it to be undermined by a web browser.

Text doesn’t communicate tone very well. I don’t want to sound ungrateful. Brave has been amazing and I really do appreciate all that you have done for secure and private web browsing, for the decentralization of the web. I mentioned TOR earlier. While I would, if I could, prevent the user of the device from accessing secret services or TOR sites, I would still allow Snowflake to be enabled. Packaging a VPN within the browser itself has many advantages, as does allowing us to control the DNS from within the browser itself. These are all excellent features, but features that are terminally incomplete for my use case.

Thank you for coming to my ted talk.