• Off Topic
  • Vivaldi vs. Brave, which is more secure?

Hi,
Apologies if this has been tackled elsewhere, I did a search but came up with nothing.

Which is the more secure browser to have on our phones: Vivaldi or Brave? I know Vanadium is likely the best secure option but am interested in a solution with bookmark syncing.

From my searching, it seems like Brave might be the better option given its TOR capabilities and Vivaldi checking sites against a list of sites managed by Google (I don't like the call home to the evil mothership). What's been your experience?

Thank you in advance!

    Kottonballs Vivaldi checking sites against a list of sites managed by Google (I don't like the call home to the evil mothership)

    I believe you are misinterpreting this feature. They are basically checking the website you want to load against a list--it's not "calling home" to anywhere.

    Google Phishing and Malware Protection
    The Safe Browsing API by Google, which is enabled by default, checks the site you are visiting against a master blacklist of known suspected phishing and malware sites before loading the website. If the site is on the blacklist instead of loading the site you’ll be shown a warning message and encouraged to return to the previous website.

    To protect your privacy, instead of sending a list of websites you’ve visited to the service provider, Vivaldi is given a file which describes every URL that is known to be malicious, using an approximation method.

    They don't send anything to Google, this feature doesn't require telemetry of any kind. It's also as simple as unticking a check box if you want to disable it.

    Brave has had some security snafus in times past. Remember a couple years ago when they were sending .onion domains to normal DNS resolvers, for months? https://www.coindesk.com/tech/2021/02/22/brave-browser-was-exposing-addresses-in-tor-mode-for-months/ Oops!

    I also dislike how they have embraced the ad model, adding their own ads right into other people's web sites while you browse. On the other hand I appreciate that they need to monetize, but still--I don't like it.

    I do like the Vivaldi browser. It has so many features and can be so deeply customized. I dislike how they are still not fully open source, even though they have been hinting that they plan on going open source for years. What's behind the curtain?

      I would recommend Brave. I don't know how Vivaldi handles this, but Brave's sync doesn't even need an account. You can sync your devices via QR codes, which I think is quite neat.

      I do not recommend using Brave's Tor functionality (on desktop, cause I don't think that functionality is available on Android anyway). Stick with the Tor Browser for that.

      I recommend reading this section and follow the advice there:

      https://www.privacyguides.org/mobile-browsers/#brave

      There are articles in German about Brave and Vivaldi (desktop-version) about (unwanted) connections on startup and while surfing (e.g. the tested vivaldi-version checked every two minutes for an update of the google safe browsing list) https://www.kuketz-blog.de/vivaldi-datensendeverhalten-desktop-version-browser-check-teil5/ and https://www.kuketz-blog.de/brave-datensendeverhalten-desktop-version-browser-check-teil1/

      BluishHumility I also dislike how they have embraced the ad model, adding their own ads right into other people's web sites while you browse.

      Ouch.
      That could be a violation of creators' moral rights in progressive countries.

        ve3jlg Important to note that this is in no way the default and requires you to explicitly opt in. It does block ads by default, though.

        a year later

        Yes, syncing, Addon support (noscript, ublock, "* fingerprint protection" (scrambling specific IDs to make you less unique)), custom search engines, local dark mode (without fingerprintability), local translations are the things keeping me with Mull.

        Even though I know Mull may be unsafe, I can use Noscript and by default block all Javascript, but whitelist certain kinds for specific Domains. This is so important and it does not work in Vanadium.

        Syncing (history, open tabs, passwords, bookmarks) are also major drawbacks.

        For Bookmarks there is Floccus or XBrowserSync but I have not tried them and afaik they dont integrate on Android like a Password manager would do.

        For Passwords I could rely on KeepassXC only, but when I find out how to isolate my then favourite browser (hardened Brave?) with bubblewrap, the extension will probably break.

        Brave does not have an own Addon store and afaik doesnt even allow updating them. This is a pretty big no for me, as the Addons need updates.

        Granular control like with Noscript is not working in Vanadium. Also I could not find out how to delete cookies except from whitelisted sites, which is essential too and even only works on Firefox Android using "ForgetMeNot".

        Custom Search engines are completely unavailable, which is really annoying. I like

        • random searx
        • wikipedia
        • an image search engine without the extra click
        • thesaurus
        • software stores
        • ...

        Search engines are awesome. Setting a single one as startpage doesnt help, even though one could probably code a website allowing to use many search engines from an input field, and maybe even host it locally from an App.

        Brave on Android doesnt do any of those things apart Sync. And its pretty bloated, but works well. I would not trust Vivaldi at all. They arent even doing proper fingerprint protection, and for sure no security hardening.

        • mmmm replied to this.

          missing-root code a website allowing to use many search engines from an input field, and maybe even host it locally from an App.

          I host my own searx instance, and that’s how that works, unless I’m misunderstanding what you’re saying. I can choose where the engine gets its results from within the interface.