It seems that almost weekly, I am reminded why I love Firefox because of some new thing Mozilla is doing. A lot of good decisions have been coming from them lately.
I finally made the switch from Brave today and I'm never going back. Firefox is just as privacy-conscious, supports built-in tracker blocking, fingerprinting, and has full sync that Brave hasn't implemented yet.
Just as privacy conscious is a misleading statement. Choosing to migrate their default search to Google was a money grab by Firefox and that money is, in turn, 100% dependent upon tracking. I think this is why what limited privacy options Firefox does offer are entirely opt-in, and often hidden behind menus that your average user will probably never visit.
By contrast Brave has had things such as blocking of fingerprinting for months (years?), and also natively supports OPT-OUT ad blocking, script blocking, third party cookie blocking (which FireFox does also but once again in a less direct fashion), single click native TOR access + ID swapping anywhere, and more. And I think the biggest difference is that this is all directly exposed to the user. If a user clicks the big iconic Lion icon in the top right they get a popup that shows nothing but:
So even users that know absolutely nothing and don't bother to navigate through menu options will almost definitely immediately be exposed to all of these privacy options, though again given the opt-out nature of much of it - even if they weren't, it would be less of an issue.
Note that Brave does not develop its own engine, piggybacking on Chromium instead. It's easy to play the righteous game when you're piggybacking on other people's work. DuckDuckGo and all alternative search engines are in the same boat.
It can be argued that Brave has a harder dependency on Google than Mozilla does. Because Mozilla has not outsourced their core competencies.
Just to give an example, with Manifest V3, Google is deprecating extensions like uBlock Origin or Privacy Badger. What will Brave do? Maintain their own fork? Well that can get expensive fast. So if it was a business-driven decision to piggyback on Chromium, I don't see why they wouldn't adopt Manifest V3 as well. Manivest V3 will offer mediocre means to block ads too and the average user will not know the difference.
When Brave implements its own engine, or maintains an actual fork of Chromium, or when DuckDuckGo implements a web crawler and stops leaking data to Microsoft, that's when they can play the righteous game.
> often hidden behind menus that your average user will probably never visit
The average user will not install Brave either so this point is moot.
Brave is already substantially modifying Chromium to remove undesirable 'features' on top of adding the slew of Brave features. Manifest V3 is just another 'feature' that will be removed. The more significant issue there is that there might end up being conflicts between some Brave and Chrome extensions following this change.
I do not agree that writing a renderer from scratch is a wise idea. I mean in theory it's a great idea, but in practice? The Chrome renderer is very well done but, much more importantly, is also going to be what what 100% of web devs will test their sites with. Even browsers with quite large userbases, including FireFox/Safari/etc, tend to get B-tier treatment, if that. Of course standards alone should mean all sites ought render/behave the same with any compliant browser but... again, that whole theory vs practice thing.
There are also a couple of other major issues. Google can use their clout to rapidly change standards that third party projects must play keep-up on. But perhaps the biggest issue is Google using their monopoly in other fields, such as with YouTube, to change their products in ways that 'coincidentally' end up rendering poorly or slowly on third party renderers, as they have done multiple times. This [1] being one particularly stark example of such behavior.
The future of web usage is always difficult to predict. We've gone through numerous phases of seemingly unbreakable web domination from Netscape to Internet Explorer to Chrome. In my opinion Manifest V3 could finally be the tipping point of Chrome, but that may idealistic - we'll have to just wait and see.
I can't say that I could agree Firefox's privacy options are hidden/behind menus. I downloaded a fresh copy of Firefox today and the privacy features were quite encouraged and are even the main focus of the Security / Privacy tab.
Brave is an excellent browser but it is only a matter of time until the remaining features are brought over to Firefox. Not to mention some feel they aren't "out of the grasp" of Google until they're fully away from Chromium.
I installed FF on a new Win10 instance recently (March IIRC) and had to go through and disable fingerprinting features and install adblocking.
In contrast I installed Brave, and it appears to have all adblocking and anti-fingerprinting as default settings, easily accessible if you wanted to change them.
The OP reads to me as a PR piece to keep geeks onboard, knowing that regular users won't ever change default settings.
I mean FF have the telemetry they know exactly how many users disable defaults.
We (Mozilla) are planning to enable tracking protection by default. It's a relatively slow process, developed and rolled out incrementally, since we have a larger user base than Brave and need to make sure not to break the Web.
> Choosing to migrate their default search to Google was a money grab by Firefox and that money is, in turn, 100% dependent upon tracking
Well it was not a bad decision to make since most of their users would set Google as their default anyway (no matter how privacy concerned you are, you still can't do without Google search unless you really really try hard, which most people don't).
FF is my primary browser, yet people I know that work in security laugh at me as they claim FF is always the first browser to fail in the hacker games. I don't know enough about why, but I'd love for that to not be a thing. Taking into account my threat profile (types of sites I visit, JS blocking, etc), I feel the hacking risk is still a worth while trade off for the lack of tracking.
"People I know that work in security" is vague and non descriptive.
To be fair, you did follow it up:
> as they claim FF is always the first browser to fail in the hacker games
What are their sources? I also "know such people" and I am unaware of such claims. If one uses Kali Linux, it has Mozilla Firefox as default browser. The same for Debian (on which Kali is based upon).
The thing is, you can harden your browser after installation. The first thing I do with a browser is installing uBlock Origin and uMatrix.
There are more vulnerabilities in FF, or so I've heard. But most people I know in security love firefox, especially because of how easy it is to setup with tools like Burp Suite.
