-
Notifications
You must be signed in to change notification settings - Fork 2.4k
Deviations from Chromium (features we disable or remove)
NOTE: this page is a work in progress! It should by no means be considered a "final" or exhaustive list of things we have removed.
- How it works
- What Chromium features are removed for privacy/security reasons?
- How does Brave compare to ungoogled-chromium?
Brave for Desktop and Android is built on top of the open-source Chromium project. We add features on top of what is already there and we also remove features or pieces of the code. These deviations we make that touch the core Chromium code are done via patching.
The scope of this page is to cover Chromium functionality that is modified in some way. Brave Browser has its own features which are not covered by this document.
Chromium is not the same as Google Chrome. For some differences, see https://chromium.googlesource.com/chromium/src/+/master/docs/chromium_browser_vs_google_chrome.md.
If you wanted to do an audit of the code, you would start with the brave-browser
repository. Our wiki has instructions about what steps need to be done to perform a build after cloning the source.
The gclient utility (part of depot tools) will fetch the official Chromium source code. The tag that is fetched is captured in our package.json. For example, .config.projects.chrome.tag
at the time of this writing is 116.0.5845.51
. All of the source code from Chromium will be downloaded into the ./src/
folder.
As part of the setup process, we also fetch our own code. The brave-core
repository has the code that makes the browser Brave. The branch that should be checked out is also contained in that package.json. There is also a DEPS
file in brave-core
that pulls in sub-dependencies. For example, the omaha
and sparkle
dependencies are both used for product updates.
After the gclient sync runs and fetches all the code (including brave-core
), the hooks are run. One of the hooks that runs applies the patches (which you can see here) that are contained in brave-core
. If you'd like to know more details about HOW the patching works, you can take a peek at our patching wiki page.
- Chrome Privacy Sandbox. There are several APIs bundled together in Privacy Sandbox and we aim to disable all given our concerns.
- Google accounts integration ("GAIA") is disabled
- All features that send data to Google are removed from settings
- DNS prefetching is disabled
- Chrome Google URL Tracker is disabled
- Domain service reliability is disabled
- Inline extensions are disabled
- Background sync is disabled
- Hyperlink
ping
attribute is disabled - Disable WebBluetooth API
- WebRTC debug log uploading is disabled
- Uploading settings after resetting profile is disabled
- Retrieving OEM default settings after resetting profile is disabled
- Tracing crash log uploading is disabled
- Google Cloud Messaging is disabled
- Firebase Cloud Messaging is disabled
- Push client channel updates are disabled
- Network time tracker is disabled
- Google-assisted address normalization is disabled
-
Specific features are disabled on startup via the CLI (search for
disabled_features
) - Remove dl.google.com repository from Linux packages
- Disable metrics reporting
- Disable Reporting API. Note that the JS API for Reporting API (ReportingObserver) is enabled but is a no-op in Brave, see below.
- Disable Scroll To Text Fragment
- Disable Motion Sensors
- Disable navigator.credentials
- Disable Android OTP integration
- Disable SXG
- Disable NFC
- Disable WebBundles
- Disable Client Hints (lang)
- Disable Direct / Raw Sockets
- Disable Idle Detection
- Disable Notification Triggers
- Disable File System API
- Disable Digital Goods API
- Disable Federated Learning of Cohorts (FLoC)
- Disable Network Information API
- SCT auditing
- Site affiliation fetcher (part of the password manager)
- Disables kOptimizationGuideFetchingForSRP
- Disable Web Environment Integrity
- Disable Popular Sites
Google does not receive any information about which client is performing these requests (not even your IP address).
- SafeBrowsing requests are proxied
- Geolocation requests are proxied
- Plugin updates are proxied
- Certificate revocation requests are proxied
- Requests for CRLSets are proxied
- Requests for component updates are proxied
- Requests for spellcheck dictionaries are proxied
- Requests in devtools are proxied
https://dl.google.com/release2/chrome_component/*crl-set*
https://*.gvt1.com/edgedl/release2/chrome_component/*
https://*.gvt1.com/edgedl/chrome/dict/*.bdic
https://storage.googleapis.com/update-delta/hfnkpimlhhgieaddgfemjhofmfblmnib/.+crxd
https://safebrowsing.googleapis.com/
https://sb-ssl.google.com/
https://safebrowsing.google.com
https://ssl.gstatic.com
https://gstatic.com
https://update.googleapis.com
https://chrome-devtools-frontend.appspot.com
https://clients2.googleusercontent.com
https://clients2.google.com
https://clients4.google.com
https://chrome-devtools-frontend.appspot.com
https://accounts.google.com
https://*.infura.io
https://*.gvt1.com/edgel/chromewebstore/*/*
https://*.gvt1.com/edgedl/release2/*/*
http://dl.google.com/release2/*/*
- Cookies:
- Have a maximum lifetime of 7 days when set through Javascript and 6 months for when set through a HTTP header.
- Session Cookies are cleaned up on restart if "Continue where you left off" mode is enabled (which is default in Brave).
- Third-party cookies are always blocked at the HTTP header level, but we give JavaScript access to partitioned ephemeral storage to pages (learn more about partitioned ephemeral storage).
- The Battery API always returns a fixed value.
- Referrer values are capped to
strict-origin-when-cross-origin
and can only be tightened by referrer policy, not weakened. In addition, cross-origin requests from a.onion
service have an emptyReferer
header and anull
Origin
header just like the Tor Browser. -
.onion
entries are replaced with"null"
indocument.location.ancestorOrigins()
unless such entries are same-origin with the innermost frame. - Hangouts extension is enabled by default on Desktop to make sure Google Hangouts works as expected on Brave. We disable log uploading to Google's servers: https://github.com/brave/brave-browser/issues/1993. You can turn it off by toggling the switch in brave://settings/extensions. Update: this extension is now disabled by default on Nightly: https://github.com/brave/brave-core/pull/24583, and will eventually be disabled/removed everywhere.
- Media Router (Chromecast) is enabled by default for new profiles on Desktop. You can turn it off by toggling the switch in brave://settings/extensions. We modify the SSDP user agent to not leak the fact that it's a Brave user: https://github.com/brave/brave-core/pull/22140
- Download protection remote lookups omit URLs and filenames (https://github.com/brave/brave-core/pull/6763).
- Have StorageManager.estimate report a fixed value #11543
- Many features have randomness added or values generalized as a defense against fingerprinting, including:
- The list of hostnames with pinned CA certificates is replaced with a Brave-specific one.
- Restore gesture requirement for async clipboard write access
- Dangerous download warnings are always shown when Safe Browsing is OFF, but a flag to disable the warnings is available for advanced users.
- Functionality from the Chromium side panel has been merged into the Brave Sidebar.
- Web Serial API is OFF but a flag to enable is available for advanced users.
- Enhanced the geolocation permission dialog to inform the user whether the site they are visiting has requested location data with the
enableHighAccuracy
option. - Reporting Observers are enabled but don't work (calling will no-op). See here for where it was disabled and see here for where it was re-enabled but made to do nothing.
Some of the above (along with other issues) were previously tracked in https://github.com/brave/brave-browser/issues/13.
You may notice some requests to Google domains. Some of these, such as clients*.google.com
and update.googleapis.com
are needed to check for extension updates if you installed extensions.
Description of ungoogled-chromium
, per their GitHub page:
ungoogled-chromium is Google Chromium, sans integration with Google. It also features some tweaks to enhance privacy, control, and transparency (almost all of which require manual activation or enabling).
We have an issue captured for pulling in relevant patches from the ungoogled-chromium
project. The ungoogled-chromium
project similarly has an issue captured where they mention pulling in patches from Brave.