-
Notifications
You must be signed in to change notification settings - Fork 2.4k
Blocking goals and policy
Brave modifies how websites execute, and what network requests websites can make. Brave does this to protect user privacy, improve website performance, and generally improve the experience for users. This document describes both the policy Brave uses to decide what to block and modify, and the techniques Brave uses to approximate the policy in the browser. We can only at best "approximate" the policy because of the wide variety in how websites work, and the efforts trackers go to circumvent user protections.
Brave attempts to protect user privacy by blocking third party advertising. Brave's goal in doing so is not to block the advertisement images themselves, but to block the tracking such advertisements cause. In practice, it is difficult-to-impossible to distinguish third-party advertising with third-party tracking, so Brave blocks both.
While Brave does not intentionally target first-party advertising for blocking, Brave doesn't consider it an error either. In other words, Brave does not try to block first party ads, but won't take efforts to unblock first-party ads if they're being blocked by other steps.
Similarly, Brave also blocks code that attempts to identify users based on unique browser characteristics, hardware configuration and similar semi-unique data points. Such identification techniques are just as harmful to users as traditional cookie-based tracking.
Finally, Brave intentionally blocks website behaviors that are harmful to users, whether or not those behaviors are privacy-harming. For example, Brave blocks crypto-mining scripts. These scripts use the user's computer in an intensive manner to try and earn money for the hosting website, and result in degraded performance and reduced battery life. Crypto mining scripts are only one such example, but when possible, Brave will modify websites and requests to improve the user experience.
Brave makes a best effort attempt to enforce the above policy, through a number of steps. The majority of the below described techniques are controlled by the "Shields" panel in Brave, and can be disabled if and when the user desires too. Because of platform restrictions, Brave is not able to use all of these techniques on iOS, though we are constantly looking for ways of increasing protections on that platform.
First, Brave blocks the most common tracking mechanism, sending cookies to third party resources. By default, Brave never sends cookies to third parties, nor respects storage setting and reading operations by scripts operating in the third party contexts.
Second, Brave modifies the referrer header when making cross origin requests. Brave "lies" on these requests, and says the request was being issued from the same domain being requested, instead of the true, cross-domain origin.
Third, Brave prevents third party frames from tracking users through passive finger printing techniques. Brave modifies or returns false values for a number of Web API endpoints that can be used to identify users (e.g. Canvas API, WebGL, Web Audio API, etc.). Brave by default only does this in third party contexts, but can be modified to perform the same protections globally, or not-at-all.
Fourth, Brave pulls from a variety of community developed filter lists, or lists of URLs used for carrying out advertising or tracking. These lists include EasyList and EasyPrivacy, lists generated by the uBlock Origin project, the Disconnect project, as well as lists maintained by Brave itself. URLs identified by these lists are either blocked, or have their resources modified, to protect users. Brave also uses lists to block coin miners and scripts that engage in "notifications spam." The current, full set of filter lists Brave uses can be found in our source.
Fifth, Brave uses lists generated by the HTTPSEverywhere project to identify URLs that can be upgraded to encrypted, HTTPS connections, and to make those upgrades automatically on behalf of our users.
- Easylist
Primary filter list that removes most advertisements from webpages.
Type of Rules: #network #cosmetic
Address: https://easylist.to/easylist/easylist.txt
Support: https://forums.lanik.us/
- Easyprivacy
Removes tracking scripts, infomation collectors and other tracking elements. Protecting your privacy.
Type of Rules: #network
Address: https://easylist.to/easylist/easyprivacy.txt
Support: https://forums.lanik.us/
- Brave-unbreak (Brave specific list)
A specific list for filters and fixes not included in Easylist or Easyprivacy.
Type of Rules: #network
Address: https://github.com/brave/adblock-lists/blob/master/brave-unbreak.txt
Support: https://github.com/brave/adblock-lists/issues
- NoCoin Filter List (Brave specific list)
Filters to prevent coinmining scripts being loaded in the browser.
Type of Rules: #network
Address: https://raw.githubusercontent.com/brave/adblock-lists/master/coin-miners.txt
Support: https://github.com/hoshsadiq/adblock-nocoin-list/issues
- uBlock Unbreak List
Ublock origin specific fixes not included in Easylist
Type of Rules: #network #cosmetic
Address: https://raw.githubusercontent.com/uBlockOrigin/uAssets/master/filters/unbreak.txt
Support: https://github.com/hoshsadiq/adblock-nocoin-list/issues
- Brave-Notifications List (Based on Fanboy Annoyances)
Blocking web notification servers, protecting user privacy, security and stopping the disruptive popups.
Type of Rules: #network
Address: https://github.com/brave/adblock-lists/blob/master/brave-notifications.txt
Support: https://github.com/brave/adblock-lists/issues