Brave, the Web browser that bills itself as a free, fast and secure alternative for PC and smartphone users, has been found to specifically whitelist tracking scripts used by Facebook and Twitter. Brave launched in 2016 promising to block ads and protect users’ privacy, while also loading Web pages faster than any other browser. The company is headed by CEO Brendan Eich, one of Mozilla’s co-founders. Brave courted controversy when it launched by announcing a plan to strip advertising from websites but insert its own ads to earn revenue. Now, the niche open-source browser has been accused of deliberately whitelisting Facebook and Twitter trackers, which would open users up to potentially invasive tracking online.
Facebook in particular has been at the centre of several controversies involving privacy and the use of users’ personal data. According to a post on the Hacker News forum spotted by security news site Bleeping Computer, snippets of Brave’s source code clearly point to a deliberate whitelisting of several known trackers used by Facebook and Twitter.
Comments in the code and on GitHub indicate that this was a conscious decision by Brave in order to not break the functionality of Facebook and Twitter, which could have included even the ability to sign in to these services. A comment dated September 12 2018 acknowledges that this isn’t ideal, and that users should be notified and given a choice about whether to proceed on websites that absolutely require trackers to be enabled.
Other browsers and browser extensions, such as the Electronic Frontier Foundation’s Privacy Badger, block invasive cookies and trackers by default but allow users to control whether or not to override this and to what extent. It appears that Brave does not inform users about any such issues and allows them to sign in to Facebook and Twitter under the assumption that their privacy is being respected.
A Hacker News user posting under the name ‘bbondy’ identified himself as Brave’s CTO Brian Bondy, and replied to the original discovery saying “There’s a balance between breaking the web and being as strict as possible. Saying we fully allow Facebook tracking isn’t right, but we admittedly need more strict-mode like settings for privacy conscious users. We do block Facebook at least as good as uBlock origin with EasyPrivacy… We’re taking this seriously internally and we’ll iterate on where we are to improve the situation.”