Maximize Your Brave Browser Privacy and Security with ZERO EXTENSIONS
December 16, 2021
In this blog, I will show you how to maximize your Brave Browser Privacy and Security with no browser extensions by going into brave://flags and changing the settings for better privacy and security.
Brave Browser Flags Hardening
- Override software rendering list (Enabled) – Overrides the built-in software rendering list and enables GPU-acceleration on unsupported system configurations. – Mac, Windows, Linux, Chrome OS, Android
- Enable Reader Mode (Disabled) - Allows viewing of simplified web pages by selecting 'Customize and control Chrome'>'Distill page' – Mac, Windows, Linux, Chrome OS
- Hardware Secure Decryption (Disabled) - Enable/Disable the use of hardware secure Content Decryption Module (CDM) for protected content playback. – Windows
- Allow invalid certificates for resources loaded from localhost (Enabled) – Allows requests to localhost over HTTPS even when an invalid certificate is presented. – Mac, Windows, Linux, Chrome OS, Android
- Anonymize local IPs exposed by WebRTC. (Enabled) – Conceal local IP addresses with mDNS hostnames. – Mac, Windows, Linux, Chrome OS
- Smooth Scrolling (Enabled) – Animate smoothly when scrolling page content. – Windows, Linux, Chrome OS, Android
- Experimental QUIC protocol (Enabled) – Enable experimental QUIC protocol support. – Mac, Windows, Linux, Chrome OS, Android
- GPU rasterization (Enabled) – Use GPU to rasterize web content. – Mac, Windows, Linux, Chrome OS, Android
- Block insecure private network requests. (Enabled) – Prevents non-secure contexts from making sub-resource requests to more-private IP addresses. An IP address IP1 is more private than IP2 if 1) IP1 is localhost and IP2 is not, or 2) IP1 is private and IP2 is public. This is a first step towards full enforcement of CORS-RFC1918: https://wicg.github.io/cors-rfc1918 – Mac, Windows, Linux, Chrome OS, Android
- Parallel downloading (Enabled) – Enable parallel downloading to accelerate download speed. – Mac, Windows, Linux, Chrome OS, Android
- Desktop Screenshots Edit Mode (Disabled) - Enables an edit flow for users who create screenshots on desktop – Mac, Windows, Linux, Chrome OS
- Strict-Origin-Isolation (Enabled) – Experimental security mode that strengthens the site isolation policy. Controls whether site isolation should use origins instead of scheme and eTLD+1. – Mac, Windows, Linux, Chrome OS, Android
- Strict Extension Isolation (Enabled) – Experimental security mode that prevents extensions from sharing a process with each other. – Mac, Windows, Linux, Chrome OS
- Heavy ad privacy mitigations (Enabled) – Enables privacy mitigations for the heavy ad intervention. Disabling this makes the intervention deterministic. Defaults to enabled. – Mac, Windows, Linux, Chrome OS, Android
- Privacy Review (Enabled) – Shows a new subpage in Settings that helps the user to review various privacy settings. – Mac, Windows, Linux, Chrome OS, Android
- HTTPS-First Mode Setting (Enabled) – Adds a setting under chrome://settings/security to opt-in to HTTPS-First Mode. – Mac, Windows, Linux, Chrome OS, Android
- Omnibox Updated connection security indicators (Enabled) – Use new connection security indicators for https pages in the omnibox. – Mac, Windows, Linux, Chrome OS, Android
- Reduce User-Agent request header (Enabled) – Reduce (formerly, “freeze”) the amount of information available in the User-Agent request header. See https://www.chromium.org/updates/ua-reduction for more info. – Mac, Windows, Linux, Chrome OS, Android
- New Tab Page Branded Wallpapers (Disabled) – Allow New Tab Page Branded Wallpapers and user preference. – Mac, Windows, Linux, Chrome OS, Android
- New Tab Page Demo Branded Wallpaper (Disabled) – New Tab Page Demo Branded Wallpaper Force dummy data for the Branded Wallpaper New Tab Page Experience. View rate and user opt-in conditionals will still be followed to decide when to display the Branded Wallpaper. – Mac, Windows, Linux, Chrome OS, Android
- Collapse HTML elements with blocked source attributes (Disabled) – Cause iframe and img elements to be collapsed if the URL of their src attribute is blocked – Mac, Windows, Linux, Chrome OS, Android
- Enable cosmetic filtering (Enabled) – Enable support for cosmetic filtering – Mac, Windows, Linux, Chrome OS, Android
- Enable support for CSP rules (Enabled) – Applies additional CSP rules to pages for which a $csp rule has been loaded from a filter list – Mac, Windows, Linux, Chrome OS, Android
- Shields first-party network blocking (Enabled) – Allow Brave Shields to block first-party network requests in Standard blocking mode – Mac, Windows, Linux, Chrome OS, Android
- Enable dark mode blocking fingerprinting protection (Enabled) – Always report light mode when fingerprinting protections set to Strict – Mac, Windows, Linux, Chrome OS, Android
- Enable domain blocking (Enabled) – Enable support for blocking domains with an interstitial page – Mac, Windows, Linux, Chrome OS, Android
- Enable Brave Super Referral (Disabled) – Use custom theme for Brave Super Referral – Mac, Windows, Android
- Enable Brave Rewards verbose logging (Disabled) – Enables detailed logging of Brave Rewards system events to a log file stored on your device. Please note that this log file could include information such as browsing history and credentials such as passwords and access tokens depending on your activity. Please do not share it unless asked to by Brave staff. – Mac, Windows, Linux, Chrome OS, Android
- Enable Brave Ads custom notifications (Disabled) – Enable Brave Ads custom notifications to support rich media – Mac, Windows, Linux, Chrome OS, Android
- Enable Brave Ads custom push notifications (Disabled) – Enable Brave Ads custom push notifications to support rich media – Mac, Windows, Linux, Chrome OS, Android
- Allow Brave Ads to fallback from native to custom push notifications (Disabled) – Allow Brave Ads to fallback from native to custom push notifications on operating systems which do not support native notifications – Mac, Windows, Linux, Chrome OS, Android
- Enable Brave Sync v2 (Disabled) – Brave Sync v2 integrates with chromium sync engine with Brave specific authentication flow and enforce client side encryption Mac, Windows, Linux, Chrome OS
- Enable Brave News (Disabled) – Brave News is completely private and includes anonymized ads matched on your device. – Mac, Windows, Linux, Chrome OS, Android
- Enable Brave Wallet (Disabled) – Native cryptocurrency wallet support without the use of extensions – Mac, Windows, Linux, Chrome OS, Android
- Enable decentralized DNS (Disabled) – Enable decentralized DNS support, such as Unstoppable Domains and Ethereum Name Service (ENS). – Mac, Windows, Linux, Chrome OS, Android
- Enable IPFS (Disabled) – Enable native support of IPFS. – Mac, Windows, Linux, Chrome OS, Android
- Enable Crypto Wallets option in settings (Disabled) – Crypto Wallets extension is deprecated but with this option it can still be enabled in settings. If it was previously used, this flag is ignored. – Mac, Windows, Linux, Chrome OS
- Enable Gemini for Brave Rewards (Disabled) – Enables support for Gemini as an external wallet provider for Brave – Mac, Windows, Linux, Chrome OS
- Enable SpeedReader (Disabled) – Enables faster loading of simplified article-style web pages. – Mac, Windows, Linux, Chrome OS
- Enable internal translate engine (brave-translate-go) (Enabled) – Enable internal translate engine, which are build on top of client engine and brave translation backed. Also disables suggestions to install google translate extension. – Mac, Windows, Linux, Chrome OS
Brave Browser Settings Hardening
- How to get into brave settings? – Type this in the URL: brave://settings/ or Use the 3 lines dropdown symbol and click settings.
- Setup your profile name and icon.
- Make brave your default browser.
- On upon brave startup, Choose: Open the New Tab page.
- Click on the New Tab Page roll in your settings, And choose: Dashboard.
- Click on Shields:
- Advanced instead of simple to view more about the trackers and ads you block.
- Make trackers and ads: Aggressive.
- Upgrade connections to HTTPS (enabled).
- Block scripts (disabled). (Enabling this will block alot of websites)
- Cookie blocking (Only cross-site).
- Fingerprint Protection (Strict, may break sites).
- Click on social media blocking settings and disable everything.
- Click on privacy and security settings:
- Autocomplete searches and URLs (Disable)
- WebRTC IP Handling Policy (Disable Non-Proxied UDP)
- Use Google services to push messaging (Disable)
- Allow privacy-perserving product analytics (P3A) (Disable)
- Allow send daily usage ping to Brave (Disable)
- Help improve Brave's features and performance (Disable)
- Enable on clear browsing data and click on the tab that says, “On Exit”, Make everything enabled.
- Enable on Cookies and other site data, In “General Settings”, Choose “Block third party cookies”.
- Enable “clear cookies and site data when you close all windows”.
- Enable “send do not track request with your browsing traffic”.
- Enable “Standard Protection”.
- Enable “Always use secure connections”.
- Enable “Use secure DNS”, And choose custom. Register at NextDNS.
- Click on “Site and Shields Settings”:
- Location Permissions: Disable
- Camera: Disable
- Microphone: Disable
- Notifications: Disable
- Motion Sensors: Disable
- Clipboard: Disable
- Virtual Reality: Disable
- Click on “Search engine” setting:
- Delete all the other search engines, Except Startpage, Brave Search, And DuckDuckGo. (Incase you want the top 3 privacy search engine to switch between!)
- Click on “Extensions” setting:
- Allow google login for extensions: Disable
- Hangouts: Disable
- Media Router: Disable
- Private Window with Tor: Disable (Brave with tor doesn't feel right, Just download the tor browser seperate. It also had a dns leaks when using brave with tor also. You can do your own research about that issue.)
- WebTorrent: Disable
- Widevine: Disable (Enable, If you watch netflix or any other streaming website)
- Click on “Wallet” setting:
- Default cryptocurrency wallet: none
- Click on “IPFS” setting and disable everything.
- Click on “Autofill” setting and disable everything.
- Click on “Help tips” setting and disable Show Wayback Machine prompt on 404 pages.
- Click on “System” setting and disable Continue running background apps when Brave is closed.
- Disable Use hardware acceleration when available.
Brave Browser Ad-Block Hardening Settings
- How to get into brave custom adblock? – Type this in the URL: brave://adblock/ or Use the 3 lines dropdown symbol and click Brave adblock.
⚠️ This will help built-in brave ad-blocker add more domains for ads and tracking blocking.
- Enable “Easylist-Cookie List – Filter Obtrusive Cookie Notices”.
- Enable “Fanboy Annoyances List”.
- Enable “Fanboy Social List”.
- Enable “ABP X Files”.
- Enable “uBlock Annoyances List (used with Fanboy Annoyances List)”.
- Scroll down to “Subscribe to filter lists” and enter this custom url: https://block.energized.pro/unified/formats/domains.txt (This may break a lot of websites, So use it with caution)
Brave Browser NextDNS Hardening
- Login and go to denylist to block the domains that collect user data on you. Once these brave analytics is blocked. It should not collect information on you.
- brave-core-ext.s3.brave.com
- static1.brave.com
- laptop-updates.brave.com
- variations.brave.com
- grant.rewards.brave.com
- api.rewards.brave.com
- rewards.brave.com
- p3a.brave.com