brave-core
floc
brave-core | floc | |
---|---|---|
174 | 92 | |
2,313 | 928 | |
1.3% | - | |
10.0 | 1.1 | |
3 days ago | about 1 year ago | |
HTML | Makefile | |
Mozilla Public License 2.0 | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
brave-core
- GitHub pull request support for Brave Leo
-
Brave's AI assistant now integrates with PDFs and Google Drive
Unrelated but about Brave and interesting to me: I recently found myself having a large upstream project that I need to maintain some custom patches for, and there's a need for deeper customizations and I worry that my rudimentary system of applying .patch files will turn into an unmaintainable nightmare of merge conflicts after every rebase. I was thinking about possible solutions, and it occurred to me that Brave being Chromium-based must have this same challenge but an order of magnitude more difficult, so I looked for their code to see how they solved this issue.
It's pretty interesting! They do basically the same thing for core Chromium, applying a (big) set of patches[1].
Incidentally, I'd be interested to hear any ideas/approaches to this problem. I'm guessing if there was something clearly better, Brave would be doing it, but it seems like there should be a better way even if I can't think of one.
[1] https://github.com/brave/brave-core/tree/master/patches
-
Brave browser simplifies its fingerprinting protections
https://github.com/brave/brave-core/pull/13737
(Incidentally, that PR number is not quite elite. :)
-
Brave appears to install VPN Services without user consent
I disagree that it's lip service Brave has a ton of engine level privacy patches https://github.com/brave/brave-core/tree/master/patches
To my understanding you can't match it with just js extensions.
Only firefox on the highest security mode comes close I think?
Or ungoogled chromium? (brave has most of their patches IIRC)
Are there other options that have this number of patches?
- With the merge of this pull request, Brave Browser disables WebEnvironmentIntegrity
-
Brave cuts ties with Bing to offer its own image and video search results
Chromium is not 100% Google's forever and always, though they do currently lead the way, and with the most used/backed fork.
https://github.com/brave/brave-core/pull/19476
- With merge of this pull request, Brave Browser disables WebEnvironmentIntegrity
-
Brave is a fork, not a Chromium reskinn
They have much more changes than just compile flags. Here's the repo where they maintain their patch set: https://github.com/brave/brave-core/tree/master/patches
-
Brave Ads are back? Even when they're turned off?
Brave Private Ads toggle controls just Push Notification ads at this time. So, if you are still seeing Push Notification ads, that would be incorrect. However, it's normal to still see New Tab Page image ads, and/or other ad formats. We are introducing a new UI that helps you better toggle on/off specific ad units, and removing the "Brave Private Ads" toggle that can be confusing: https://github.com/brave/brave-core/pull/18938
-
brave browser Dark mode in settings not saving on newest LinuxMint
Yes, being fixed. Github at https://github.com/brave/brave-core/pull/18922
floc
-
Google starts trialing its FLoC cookie alternative in Chrome.
Draft: https://github.com/WICG/floc
- Chrome vulnerability reported for 3.2 billion users
-
[D] Google FLoC and Topics API suspiciously similar.
"The browser uses machine learning algorithms to develop a cohort based on the sites that an individual visits. The algorithms might be based on the URLs of the visited sites, on the content of those pages, or other factors. The central idea is that these input features to the algorithm, including the web history, are kept local on the browser and are not uploaded elsewhere — the browser only exposes the generated cohort." Source: https://github.com/WICG/floc
-
Will a VPN help me? And is Kape Technologies ruining everything?
Google (or other third-party tracking) is also not effected by VPN. These groups use cookie syncing to assign you a unique ID and then collect this ID again as you browse the internet. That buyerID can then be cross-referenced (even with other buyerIDs) to generate all sorts of different demographic/psychographic information and used to fingerprint your online life for audience targeting. Google actually is in the works to take this a step forward with the FloC experiment. FloC (Federated League of Cohorts) actually deprecates the Set-Cookie header in favor of in-browser history scanning. Basically, in a year or two they plan to incorporate Chrome into their adtech stack and have it report your history/behavior to Google (regardless of whether you save history or not). Here is some good info on that: https://github.com/WICG/floc
-
Google Play Services now lets you delete your advertising ID when you opt out of ad personalization
Instead they propose new standards, like HTML Imports or FLoC, and the W3C decides as a whole whether or not they become official standards.
-
Google considers switching FLoC to a topic-based approach
With cross-site cookies, adnetwork.com has full information about what sites you've visited (among sites that incorporate their cookies). This isn't good either! But generally speaking, an individual site using adnetwork.com for advertising won't have or want access to that vector of your interests; many site operators don't even have visibility into what ads win real-time bidding, just that they're receiving money for providing their inventory. Certainly there are players that can provide demographic targeting metadata to site operators, but to my knowledge they are less widely known and certainly not cheap, and I imagine (or hope) any players with wide enough cookie reach would be discouraged from maintaining a database that could associate metadata with PII.
With FLoC, though, the idea was that the browser would provide document.interestCohort() and the individual site's JS could react accordingly: https://github.com/WICG/floc . This means that any site, regardless of its contracts with ad networks, could immediately identify your cohort and associate it with your activity. Web developers working in good faith would be encouraged to have user.cohort or user.topic fields from day one "just so you have it" - imagine all the ways someone could use this in bad faith. Inevitably this data would leak (or be intentionally leaked) and could trivially become a target list for doxxing closeted people. It's a dangerous, dangerous proposal.
-
Trying to understand Addressability (for native mobile, and in general)
You can't find any info about this because there isn't really any. Josh Karlin, who is the maintainer of the FLoC working document, said at an event that it might make sense to swap to topics. It's essentially just reducing the entropy of the cohorts and giving them a more comprehensible (and probably less useful) taxonomy. That's all the info there is.
-
Apple's Plan to "Think Different" About Encryption Opens a Backdoor to Your Private Life
https://github.com/WICG/floc explains the overall goals.
- Firefox Users Continue to Decrease Despite Proton Update
-
Amazon is blocking Google’s FLoC
It's pretty complicated and my understanding could be wrong and definitely not an expert. All the stupid CIA-style names that keep changing don't help. Turtledove, fledge, sparrow lol.
But from what I think I know that's kind of right technically, but kind of not in terms of actual real privacy.
Yes, the actual browsing data, e.g. for the basic floc cohorts only what amazon product page you visited, is no longer 'sent' to ad networks (that's a pretty big oversimplification of how ad networks track you but for brevity). That data is parsed in your browser to generate a cohort ID for you.
But this cohort ID is exposed to the world document.interestCohort() and is what's used for targeting and tracking.
To me it seems that the cohorts are so small "thousands of people" + IP or UA it's basically the same as a semi-long lasting uuid.
Here's an image from google's site.
https://web-dev.imgix.net/image/80mq7dk16vVEg8BBhsVe42n6zn82...
It also seems like Chrome/google might be still defaulting browser settings to give themselves even more data just like they currently do?
https://github.com/WICG/floc#qualifying-users-for-whom-a-coh...
BUT when you layer on the other proposals (Fledge/Turtledove/Dovekey or whatever) - which I don't understand that much maybe someone else can explain - it seems like it basically collect this page/product level data and makes it available to DSP etc for tracking/ad serving (again if not technically 1:1 basically in consequence given the sizes of these groups).
Like one of the proposals talks about a 'trusted' key/value server which doesn't seem that different from what already happens? The original proposal wanted to move the entire ad bid/target/serve process into the browser.
What are some alternatives?
ungoogled-chromium - Google Chromium, sans integration with Google
bypass-paywalls-chrome - Bypass Paywalls web browser extension for Chrome and Firefox.
uBlock - uBlock Origin - An efficient blocker for Chromium and Firefox. Fast and lean.
ungoogled-chromium-archlinux - Arch Linux packaging for ungoogled-chromium
Vanadium - Privacy and security enhanced releases of Chromium for GrapheneOS. Vanadium provides the WebView and standard user-facing browser on GrapheneOS. It depends on hardening in other GrapheneOS repositories and doesn't include patches not relevant to the build targets used on GrapheneOS.
iceraven-browser - Iceraven Browser
chromium - The official GitHub mirror of the Chromium source
brave-browser - Brave browser for Android, iOS, Linux, macOS, Windows.
AmIUnique - Learn how identifiable you are on the Internet
uBlock-issues - This is the community-maintained issue tracker for uBlock Origin