Brave browser gave me such hope - no more

Browser Support Desktop Support
,
1

I was really hoping that Brave would be my stand-by, all purpose, wow-this-rocks browser.

No password for the Password Manager (serious security flaw).

Features chronically added (like Tab Search) that have no flags/options for disabling/hiding.

I just need a browser that can access sites; not something that takes away customization controls and automatically enables every down-the-rabbithole “genius idea” bell-and-whistle crammed down the throats of the users who hate these features, complain loudly about it, and are disappointed when nothing changes.

As of right now, IMHO, the only thing that Brave does better than Firefox is video codec support.

So.. I’ll strip out my passwords, remove any extensions that I no longer need, and will use Brave for videos only. Going back to Firefox to handle the bulk of my browsing needs. I’m not going to stick around to see if anything gets fixed; don’t want to be disappointed, yet again.

Mozilla is better (knock on wood) about “features”.

2

@Capsaicin_Commando you have wrong information in your claims. I hope it’s not intentional misinformation, but let me address it either way:

It doesn’t have its own unique password but in order to view any passwords you would have to input your device password.

So for you to say that there’s no password, that’s a lie. You can’t just open up the password manager and go view your passwords or anything. You would be required to input that password.

image
image810×653 37.2 KB

  • And there is a toggle in there that you could require that password to be entered for anyone to use the password from autofill.
    image
    image678×100 3.12 KB

It’s in your settings. Did you not even try to look? Settings → Appearance → Customize Your Toolbar

image
image460×627 21.5 KB

Lmao, they have only been adding tons of customization controls lately. Giving us vertical tabs, improved sidebar, upcoming containers, improved New Tab Page, and much more.

2 Likes
3

I should also note that the passwords are so “secure” in how they are stored, people have actually complained because they couldn’t access their own passwords!

Seriously, go to the file that has your passwords and you’ll see they are all encrypted and can’t be read. It’s only visible from within the browser and only through OSCrypt, https://support.brave.app/hc/en-us/articles/29808985123085-Sensitive-data-storage. If anything goes wrong with that encryption key, you’ll lose access forever.

The only way passwords are generally at “risk” is if you’re giving other people your password to your device. Which is certainly a very serious security flaw if you’re giving people that much access to something.

If you are referencing a master password, they keep debating on it. Github issue has been open for years. They had a little movement on it even last month. But no idea when or if it’s ever going to be a thing.

1 Like
4

image
image810×653 37.2 KB

I’m not using Windows, I’m on Linux Mint. Windows Hello isn’t an option. When I go to any website that I need to log on to, there is NO prompt for a password in order to fill out the username and password of a logon form. When I open Password Manager, there is no prompt for a password in order to view my passwords. In fact, looking in Password Manager settings in Linux Mint, there is no option for setting a password for the Password Manager.

BraveSettingsPasswordMgr
BraveSettingsPasswordMgr698×558 47.5 KB

”It’s in your settings. Did you not even try to look? Settings → Appearance → Customize Your Toolbar”

Gratz on one thing. There was a video posted ONE month ago of how to turn off Tab Search, and it wasn’t under “Customize Your Toolbar”. So things shifted. Hooray. Hope you feel a whole lot better at making me look like I didn’t do my homework. I tried.

My original statement has not changed. Brave for video codecs, Firefox for everything else.

I will not be responding to any further ad-hoc statements. Enjoy Brave.

6

@Mattches in regard to Linux, I’m trying to remember if there is a deviation. How does it work and anything to be said?

7

Regarding the password thing, I am on Linux as well and there is no password check at all when navigating to the settings and viewing passwords.

I assume whatever is used to store these passwords on Linux is in user-space, likely whatever keyring service the distro in question uses. GNOME Keyring, KDE Wallet, etc .
Which are generally unlocked when the user logs into their desktop session.

I am all for giving control to users, so if you want to lock access to this, you (the user) has to lock the desktop session itself.
But if that is not desired behavior, Brave needs to add a kind of master password on top of this. Not necessarily to access these passwords, but to restrict viewing them, maybe?

9

@steeven @Mattches can you please advise?

10

Yeah so for Linux you’d have to configure your GNOME keyring/kwallet to not auto-unlock on login, as you would then receive a prompt the first time you open the browser that would require you to enter your system password.

1 Like
11

I’m using a MATE desktop. Does that have kwallet? If not, what is the MATE equivalent? I can look in the settings, if there is one.

But, even if there was a way to put my passwords behind a master password, that really only corrects one of my complaints. There are so many things that a user, any user, not just me, should be able to disable/hide in order to bring the browser experience some joy/comfort. By all means, leave them there for those who might want it. I do not. I want the ability to forget that the option is even there.

For example:

image

If I hover over the left icon, I get a tooltip “Install Brave Community”. I don’t want to install Brave Community - I’m accessing it from a desktop browser just fine, thank you. But the fact that every page that loads, that icon slides in from the right, drawing my attention as it was designed to do. I don’t want/need any distractions, I have ZERO intention of installing ANY website/community as an app. ALL browsers should have an option to disable that thing.

The one (almost) good thing about Brave browser is the ability to hide (not disable, sadly) AI. I hate AI, I don’t trust AI, I don’t want any involvement at all from anything AI; not in my browser; not in my search results; I don’t want AI overviews; I don’t want AI to suggest anything, not even recipes. Keep that far, far away from me.

Basically put, all browser devs need to stop thinking about bells and whistles and just focus on what a user actually needs. I don’t want an integrated calendar, chat function, task list, etc., in my browser - I get that from Outlook! And Gmail! If users ask for that, great.. add it, along with an option to disable it, or at the very least hide it.

But no dev is listening to those of us who shout about how lousy it all is. Nope.. they are just like the devs at Adobe - “We will tell you what you want/like.” Ignoring the negative feedback, focusing on the good feedback, and patting themselves on the back for a job well done.

12

Hi :slight_smile:

MATE is a fork from gnome, so you use mate-keyring.
Can use the “Seahorse", a common frontend to keyring (with gnome or mate-keyring on backend) https://wiki.gnome.org/Apps/Seahorse.

To remove PWA install icon,
Open Shield filters brave://settings/shields/filters
And put $csp=manifest-src ‘none’ on “Create custom filters” option.

The PWA is informed by the website for the default browser https://web.dev/learn/pwa/web-app-manifest It is present in the engine of any browser.

But by setting the filter to “none” in Brave Shield, it will ignore the PWA manifest, and the small icon in the address bar will no longer appear.

Screenshot_20250917_171417
Screenshot_20250917_1714171050×403 39.7 KB

Regarding AI and generative LLMs, I use one that is restricted to my corporate login, so the others are blocked on my network and VPN.

In addition to customizing the icons as described above, in the case of Leo AI, you can remove it via brave://flags.
Search for Chat AI and disable the options that appear. I believe there will be eight options.

Screenshot_20250917_172523
Screenshot_20250917_172523830×979 96.9 KB

13

Hi, Eslih.

Thank you for the suggestions. I did try the Custom Filter, saved changes, closed Brave, reopened and went to community.brave.com and got this:

image

It slid in from the right, had the word “Install” to the right of it, then both slid to the right until just the icon was visible. It’s not going anywhere. I did Google searches, DuckDuckGo searches, I have not been able to find anything that actually makes that icon disappear. Seems, to me, as if every work-around is defeated before I implement it.

UPDATE: Apparenly I already have Seahorse installed:
seahorse -v
seahorse 43.0
GNUPG: /usr/bin/gpg (2.4.4)

I typed Seahorse to look for it and found “Passwords and Keys” app. Opened it, but didn’t see any options for applying a Master Password to my password manager.

14

Please try again… (sorry)
I copied and pasted the code here (in forum editor) and… there’s a catch in the single quotes (in ‘none’), just to be sure, delete them and type it in yourself.

It will work.

Screenshot_20250917_203559
Screenshot_20250917_203559317×177 7.28 KB

15

Thank you for that, Eslih. The ticks made the difference.

image

1 Like
16

Let’s summarize :slight_smile:

  • To remove icons from features you do not use:
    Settings → Appearance → Customize Your Toolbar

  • To disable AI things:
    Go to brave://flags, search for Chat AI and disable the options that appear.

  • To disable PWA button on address bar:
    Open Shield filters brave://settings/shields/filters and put $csp=manifest-src 'none' on “Create custom filters” option and save.

And finally, regarding the password to unlock any application and delving deeper into the subject of Linux:

KDE (KWallet): on first setup, KWallet lets you choose between using your GPG keys or the internal KWallet symmetric backend (KWallet5; historically referred to as “Blowfish”). The default wallet is named “kdewallet”.

Other desktops (GNOME, Cinnamon, MATE, …): they use the Secret Service API via libsecret. The default keyring is “Login” (sometimes “Default”) stored under ~/.local/share/keyrings/.

There is a CLI called secret-tool. Passwords are encrypted (AES with PBKDF).

Seahorse (Passwords and Keys): GUI to view/manage keyrings, GPG/SSH keys, and certificates.

In any form/way/desktop Linux, your passwords are safe.

Integration with login: if the keyring password matches your user password and PAM is configured, the “Login” keyring unlocks at login user. Your app passwords are protected at rest; once the keyring is unlocked in your session, apps running as your user can access their permitted secrets. This is probably your situation.

If you don’t want automatic unlock at login: change the “Login” keyring password to a different one then, the first app that uses the keyring will prompt for the keyring password and it will stay unlocked until you log out.

(others advanced ways: remove PAM module on login and/or remove daemon autostart).

In Seahorse or KDE Wallet Manager you can change the password.

Screenshot_20250918_112549
Screenshot_20250918_112549727×531 34.7 KB

If you want to lock the keyring (and for some reason your user will remain logged in and unlocked), just click lock/close in kwallet or seahorse.

Screenshot_20250918_112053
Screenshot_20250918_112053723×526 19.3 KB

And… It’s works:

Screenshot_20250918_122850
Screenshot_20250918_1228501009×712 39.2 KB

Keep security points in mind:

In addition to user passwords, encrypting the disk (the entire disk or just your /home directory) is very essential.

Make backups.

In Brave, sync feature is not backup.

If your user password is secure, your disk is encrypted, and your backups are up to date, it doesn’t make much difference to have different passwords for the keyring. Just lock the session if you are physically away from the computer.

One level above this would be to use a password manager (Keepass, Bitwarden, ProtonPass, etc.) and not worry about any local passwords on Linux.

1 Like
Is it possible to hide these icons?
18

Thank you, Eslih, for all of this information. I’m sure it will help a lot of disgruntled users.

Sadly, I just now discovered something else that really burns my goat.

I have a plugin called “Enhancer for YouTube”. It is a HUGE thing, for me. it allows me to customize my YouTube experience, and bypass a lot of the cr@p that Google has decided to force down users’ throats. (Autoplay can be nice, but it’s the enemy of users who have limited data internet plans, and have to pay more when their usage goes past their limit.)

Tonight, Update Manager indicated that Brave had an update to implement. I did the update, and all my custom settings in Enhancer for YouTube were over-written.

This isn’t the first time.

Thankfully, I had exported my original settings and can easily re-set everything back to where it should be.

But.. I should not have to do this with every Brave update.

This also makes me think that if this plugin settings are being over-written, maybe this isn’t the only plugin where settings are being over-written with each Brave update.

UPDATE: It goes way beyond this.

I closed Brave to do some other things. Re-opened to watch some YT vids.

All settings gone. As if restoring the settings never happened. Restored settings from backup.

Nope. Autoplay happened. Everything else I set, gone.

WTF?

1 Like
19

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.