Solved Vivaldi Browser: Privacy Review

Catweazle

@bravesampson , all what you want, but this list in Privacytesting.org a pre rendered test, not a realtime test with my browser.

GitHub Read Me

...the HTML pages where results are published

As say, its a simple list of results which someone made with this script using all of these browser listed in it, nobody knows in which conditions and settings, not a real test.
A realtime test is for example Browserleaks

luetage

The project is open source; you can contribute tests and more via GitHub. If you feel there are crucial scenarios which lack coverage or inclusion, please consider opening an issue, or submitting a pull request.

@bravesampson Or we could just ignore it, because it doesn’t matter at all. A Chromium browser will never be “safe” or “secure.” Include “speed” and “fast” and you got all the trend words browser makers feel forced to put somewhere in their description to check all the right boxes fake power users expect. Vivaldi does it too, it’s silly.

There are 2 main reasons no one should be using Brave:

• Cryptocurrency shenanigans
• Outside investors

And before you tell me that cryptocurrency features can be disabled and the outside investors share your ~VISION!!… please spare me.

Catweazle

There is no truly private browser, whatever you do, as soon as you go online everybody know it, it doesn't matter if you use TOR, the VPN you want, you move only in the darknet or in decentralized networks.

A browser can only hide or block little data, the user can with the configuration or extensions make tracking a little more difficult, but the techniques used by web pages to profile and track the user are also becoming more sophisticated, because they win money with this and they know perfectly well that everyone uses ad and trackerblocker that make traditional methods useless.

Regardless of the browser that is used more or less 'private', what leaks user data the most, are the main search engines, Google, Bing, Yandex and Yahoo. that log the searches to profile the user and putting him in what is called a filter bubble.
But the biggest online privacy problem is ultimately the user himself.

bravesampson

@luetage Ignore privacy tests? Generally speaking, these are objective measures of how well your browser responds to known exploits in the wild. Why would you ignore such things?

Reputable researchers in the space of privacy and security don't share your feelings; Leith and team found Brave to exist in a class of its own as the "most private" browser tested, among a set of popular browsers.

I'm always happy to discuss specific concerns you may have, but would need details before we could proceed. I'm not quite sure how to address vague comments like "cryptocurrency shenanigans," and "outside investors". Would you mind elaborating on these issues, and I'll gladly respond as I am able.

All the best!

Ayespy

@bravesampson Unpersuasive.

It is impossible that a "privacy designer" would not consider their own preferences as to privacy features and functions important. It is also impossible that this same designer would not construct a test which tested for things that, in their view, are "important." Ergo, it's a given that any product designed by a given designer and tested by that same designer (assuming their design choices were actually adopted) would score well on the test. The primary utility of such a test would be for the designer to evaluate whether their own features are operating as intended.

To subsequently note that "my design performs as intended. Products not designed by me do not conform to my standards" is simply a, "yes...and?"

And to simply reiterate statements already made above, what's really useful is for a user to set up their respective browser install the way they actually intend to use it, and then to run a real-time test that measures whether known privacy risks are mitigated or not.

I venture to say that virtually no one who has adopted Vivaldi primarily for its privacy profile. I, personally, adopted it to access features I find indispensable. As no other browser has such features or equivalent functions, I could not be persuaded to switch browsers or promote a different browser based on putative standards which I do not share, and which do not in any way address my needs, irrespective of how "critical" someone else thinks I ought to think said standards are. This is one reason I mostly steer clear of privacy discussions.

bravesampson

@Ayespy You continue to imply that Edelstein designed Privacy Tests to show Brave in a positive light. Edelstein only recently joined Brave, and the test themselves showed many holes in Brave's privacy features in the past. The reason Brave scores so well today is because a couple of our privacy-focused engineers came across the test suite about a year ago, and began working on hardening the scenarios covered. As a result, Brave scores better today than it did in the past.

As I shared earlier, privacytests.org is open source. Tests can be authored by anybody in the community. Generally speaking, they are going to reflect known threats and weaknesses in the wild. If something is missing (and I'm sure quite a few items are), then it would be more helpful to enumerate those scenarios, and assist in the authoring of relevant tests to improve coverage.

Any user who is focused on making their browser more private is likely to succeed, with any major browser. Browsers today are highly configurable, and support a healthy ecosystem of privacy and security-oriented extensions. That said, I feel this point misses the importance of defaults.

How a browser operates out of the box is considerably more important to me than what a power-user is able to achieve with said browser—most users stick with the defaults.

Catweazle

@bravesampson, in any case, at least for me, these lists where the privacy of the different browsers is presented, are meaningless, in this I agree with @Ayespy
What I notice in a browser is that it does not traffic with my data like Chrome, Edge, Opera and some others do.
The next thing is to use Panopticlic or Browserleaks, to determine where the weaknesses of my browser are and try to alleviate them with the corresponding configuration, flags or extensions.
Besides, I use search engines that respect my privacy and offer me good results, there is nothing more to add to this topic. Everything else depends on personal taste and preferences.

Ayespy

@bravesampson I imply nothing other than that a person will test for things they find important. That's a perfectly honest and natural fact. It does not imply conscious bias.

Is it your position that developers will design for things they don't find important and testers will test for things they don't find important?

steveshank

Personally, there are two really really bad browsers relative to privacy that I recommend against: Edge and Chrome specifically. If a client of mine is using one of those, it is normal to accumulate hundreds of tracking cookies each month. Then there are browsers that make a real effort to preserve privacy. Brave Firefox and Vivaldi are all good options for anyone concerned with privacy. There are too many tests over too long a time that find Brave an excellent option for the privacy sensitive.

I normally add ublock origin standard to clients, and personally do cookie autodelete, fastforward and ddg's privacy essentials. I also operate under NextDNS protection.

So, it becomes a matter of features for me. I choose Vivaldi on Windows and Android, but I'm happy if a client is using Brave or Firefox instead of Edge or Chrome.

luetage

@bravesampson He might not have designed the test to show Brave in a positive light, tut now that you bought him out no credibility is left. There will never ever be another test where Brave doesn’t “win.” It can’t be taken serious. I mean I didn’t care for it before, but this is just ridiculous.

@bravesampson said in Vivaldi Browser: Privacy Review:

I'm always happy to discuss specific concerns you may have, but would need details before we could proceed. I'm not quite sure how to address vague comments like "cryptocurrency shenanigans," and "outside investors". Would you mind elaborating on these issues, and I'll gladly respond as I am able.

How is outside investors vague? I’m not willing to explain the term to you. You are hitting us here with generic corporate blabla, maintaining a friendly composure with zero usable content. Vivaldi Forums is not your advertisement platform and you might actually be in breach of the community terms of use.

bravesampson

@luetage Bought him out? Brave is open-source, as are these tests. It is objectively the case that Brave's high-score is the result of commits by our engineering team to address the weak spots previously highlighted by these tests. Dedicated engineering, not compensation, is the reason Brave does well on this test suite, and others. Do you think Brave also "bought out" the EFF, Trinity College in Dublin, Imperial College in London, and more? We do quite well on their tests as well.

Regarding "outside investors," you're going to have to explain the concern here for me. Does Brave have investors? Yes. Now, how does that make Brave less private/secure? Brave doesn't collect any user data; a cursory review with a web-proxy debugger would reveal as much.

I'm not here to "advertise". Instead, I'm here to answer questions regarding Brave and related topics.

Ayespy

@bravesampson Surely you're aware that people invest in something with an eye toward profits. When profits become a primary value, then "privacy" can never be more than a secondary value. One can never predict exactly whether or when such a shift might occur, but it's a built-in risk of any company or product being an investment vehicle. DuckDuckGo is one lesson in this space, and Opera SA is another. DuckDuckGo compromised privacy in search of profits (and got caught and reformed - this time) and Opera compromised both user choice and privacy in search of profits and never changed course on that score.

So you can't really be unable to understand why "outside investors" would be a source of concern for a potential user. Capital markets are saturated with the reasons why.

Ayespy

@bravesampson To expand on this, we learned in 2007 what companies/banks who "wanted to make housing accessible," and eg Volkswagen (2015), who wanted to provide "the most environmentally-friendly vehicles," agrochemical giants BASF, Bayer, Corteva, FMC, Syngenta and Monsanto who wanted to "improve agriculture," Purdue Pharma (and dozens of others) who wanted to "improve patient outcomes" would do in pursuit of quarterly profits to sate the investor hunger for cash. They all had "noble" aims, projects and products at some point in time, but these never were primary corporate values - secondary or tertiary at best.

In fact, look no further than "Don't be Evil" Google and Chrome.

Catweazle

I have no doubts about the good privacy in Brave, even above average, but what I don't like are certain behaviors that don't give me the confidence to use it.

Although it no longer redirects to sponsor and crypto company sites as in the past, after the corresponding complaints from the users, the simple fact of having done it in the past, reduces a lot of trust which the users has respect of this browser, this is the problem if a product has external investors , it has to bend to the demands of these and less to the needs of the users.

It is possible that Brave is better in privacy than Vivaldi, but the difference is eliminated with some configurations and some extension about it, without so many crypto businesses that do not exactly promote confidence in a fairly hidden and criticizable economy, which I don't like for several reasons.
It's like in the old German saying

Whoever lies once is not believed, even if he speaks the truth

bravesampson

@Ayespy Your concern is that Brave could, in the future, become less focused on privacy because it is a for profit company? You seem to assume that if a company is to be profitable, it must harvest user data; I don't agree with this perspective. Brave has demonstrated over the past few years that a company can grow and succeed, while still vigorously defending user privacy.

I'm also not sure how having outside investors or not makes a massive difference here; even a browser owned exclusively by its employees is potentially susceptible to elevating profits over privacy at some point. This is why we ought to always audit browser vendor software, to see who is fighting for privacy, and who is merely paying lip service.

bravesampson

@Catweazle The reporting around the "redirect" behavior wasn't that great; better to examine the code itself (or observe the feature in practice) to understand what is, and is not, happening. Additionally, you could read the blog we posted on the topic at https://brave.com/referral-codes-in-suggested-sites/ too.

Affiliate links were not, in any way, tied to "outside investors". They were offered as a means of supporting Brave development without having to dig into your own pocket. We added affiliate links as options in the "suggestion" UI of Brave, appearing below the address bar as you type input. Users who wanted to support Brave could do so by visiting select domains via our affiliate links:

This behavior was built around search input, as shown in the image above (e.g. ledger, or binance). Unfortunately, the implementation mistakenly included fully-qualified URLs as well (e.g. binance.us), which was not intended:

This behavior is quite similar to what you see in Vivaldi today. Open a brand new instance of Vivaldi and type "booking" into the address bar, you'll find that referral links are pre-loaded (as bookmarks) into the suggestion list:

I don't think there is anything wrong with this behavior, personally. Browsers like Brave and Vivaldi have engineering staff that need to be paid, and if they can generate revenue without harvesting user data, or violating user privacy in some way, then it's wise to explore those options. In Vivaldi's case, referrals for those wishing to travel is included. In Brave, referrals for those interested in Web 3 and digital assets was included.

I hope this helps explain the feature itself a bit; it's off by default in Brave today, but still available in Settings if you'd like to enable and observe it directly.

Ayespy

@bravesampson

@Ayespy Your concern is that Brave could...

To be accurate: I do not use and will not use Brave. Ever. Hence, I literally have zero concern over what it does or what it might do.

My effort was merely to point out how it is that outside investors might influence the path of a company. You seemed to indicate there could be no cause for concern. I laid out how concerns could arise.

As to "employee-owned" companies (I shop at one - called WinCo, I use a browser from another, called Vivaldi) my experience has been, so far, uniformly positive. It happens I know the history of Opera, and am personally acquainted with the founder and several employees of Vivaldi, and so have a way to assess how concerning it might be that profit motive might one day supplant the core mission of the company.

But my fundamental attraction for Vivaldi has no more to do with privacy than does my attraction for WinCo. My attraction for both is that they offer what I want/need in my daily life. Should that fact change, I would reassess my position, just as I did with Opera after 14 years. Such reassessment would not include considering using Brave browser, as it offers literally nothing that I want/need.

You may find from time to time that I comment on things, perhaps as a disinterested observer who nonetheless notices things. Such comments should not be interpreted as my having a stake or a vested interest in the observations. Hummingbirds, for instance, fascinate me. I discuss them with people a lot. Same with various spiders and insects, rabbits, quail, and roadrunners. But their fate is not a motivating concern. Because I discuss them does not mean I am trying to do something about them.

Clearly, your presence in the Vivaldi forum is to promote and defend a competing project - Brave. My presence in the forum, as it happens, is to help users. It is not to promote or defend Vivaldi, nor is it to attack any competing project (as, since I use none of them, I have no standing to opine on them). Don't assume, as you have done already, that my remarks have any "agenda" beyond their plain, clear language.

Please don't try to interpret me to me.

jane.n

This discussion has gotten off topic hence it's time to close it.
Our official answer regarding PrivacyTests.org's results has been give on https://vivaldi.com/security/common-questions/#privacytests (also linked in this topic's first pinned comment).

josephj11

Just saw this site on another forum. It makes Vivaldi look pretty bad - not much better than Chrome. What's up with that? https://privacytests.org/
I thought Vivaldi was supposed to be great for privacy.

DoctorG

@josephj11 said in Privacy Fail:

privacytests

https://vivaldi.com/security/common-questions/#privacytests