Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/celenityy/better-brave

My recommendations for the ultimate configuration of the Brave Browser :)
https://github.com/celenityy/better-brave

ads anti-fingerprinting anti-tracking brave brave-api brave-browser hardened hardening metrics privacy privacy-protection security security-hardening telemetry tracking

Last synced: 5 months ago
JSON representation

My recommendations for the ultimate configuration of the Brave Browser :)

Awesome Lists containing this project

README 

          
# better-brave



My recommendations for the ultimate configuration of the Brave Browser :)



**NOTE:** This is specifically tailored for Brave on Desktop. For Android, see [here](https://codeberg.org/celenity/better-brave-android), and for iOS, see [here](https://codeberg.org/celenity/better-brave-ios).



**NOTE:** This project can be found on both [Codeberg](https://codeberg.org/celenity/better-brave), which will act as the main & preferred way to contribute, and [GitHub](https://github.com/celenityy/better-brave).



# Get started



**On startup** -> `Open the New Tab page`



Customize new tab page -> Background image -> **Show Sponsored Images** -> ❌



Customize new tab page -> **Top Sites** -> ❌



# Appearance



**Show Brave News button** -> ❌



**Show Brave Rewards button** -> ❌



**Show Brave Wallet button** -> ❌



**Show VPN button** -> ❌



Show autocomplete suggestions in the toolbar -> **Top sites** -> ❌



Show autocomplete suggestions in the toolbar -> **Browsing History** -> ❌



**Always show full URLs** -> ✅



# Content



**Show Wayback Machine prompt on 404 pages** -> ✅ *(Should be default, very useful)*



**Speedreader** -> ✅



# Shields



**Tracker & Ads blocking** -> `Aggressive` *(if you don't use another content blocker like uBlock Origin)*



**Upgrade connections to HTTPS** -> `Strict`



**Block scripts** -> ✅ *(This **will** cause breakage, but it heavily improves privacy & security, so I'd recommend enabling it if possible and if you're willing to re-enable scripts on sites that need it)*



**Block fingerprinting** -> ✅ *(Should be default)*



**Block cookies** -> `Block third-party cookies` *(Should be default)*



**Forget me when I close a site** -> ✅ *(This feature drastically improves privacy, I would highly recommend using it and just setting exceptions for sites you need to stay logged in to)*



**Content filtering:** *(Only relevant if you don't use another content blocker like uBlock Origin)*



* `EasyList Cookie` -> ✅



* `Fanboy's Annoyances + uBO Annoyances` -> ✅



* `Fanboy's Social` -> ✅



* `Fanboy's Anti-Newsletter` -> ✅



* `Fanboy's Mobile Notifications` -> ✅



* `Fanboy's Anti-chat Apps` -> ✅







**Allow Facebook logins and embedded posts** -> ❌



**Allow X (previously Twitter) embedded tweets** -> ❌



**Allow LinkedIn embedded posts** -> ❌



# Privacy and Security



Clear browsing data -> **On exit:**



* `Browsing history` -> ✅



* `Download history` -> ✅



* `Cached images and files` -> ✅



* `Passwords and passkeys` -> ✅ *(You should not save info in your browser like this for security reasons, use a dedicated password manager like Bitwarden or Proton Pass instead)*



* `Autofill form data` -> ✅ *(You should not save info in your browser like this for security reasons, use a dedicated password manager like Bitwarden or Proton Pass instead)*







Security:



* **Safe Browsing** -> `Standard protection` *(Should be default)*



* **Use secure DNS** -> ✅



* Select DNS provider -> **Add custom DNS service provider** -> Pick a private, secure, & reputable DNS provider of your choice, I would recommend setting up your own [NextDNS](https://nextdns.io) configuration if you are able to (See my recommendations for NextDNS [here](https://codeberg.org/celenity/nextdns-settings)), otherwise I would recommend [Quad9](https://quad9.net/): `https://dns.quad9.net/dns-query` *(Even if you have a private/secure DNS provider set on your OS/network level, make sure to still set it here too like this, so that you can take advantage of [Encrypted Client Hello](https://blog.cloudflare.com/announcing-encrypted-client-hello))*







Site and Shields Settings:



* **Location** -> `Don't allow sites to see your location`



* **Camera** -> `Don't allow sites to use your camera` *(Obviously don't set if you use sites that need camera access, but you can still set exceptions for sites if needed)*



* **Microphone** -> `Don't allow sites to use your microphone` *(Obviously don't set if you use sites that need microphone access, but you can still set exceptions for sites if needed)*



* **Notifications** -> `Don't allow sites to send notifications`



* **Motion Sensors** -> `Don't allow sites to use motion sensors` *(Should be default)*



* **Autoplay** -> `Block sites from autoplaying videos`



* **Google Sign-In** -> `Don't allow legacy Google Sign-In via third-party cookies`



* **Ethereum** -> `Block sites from accessing the Ethereum provider API`



* **Solana** -> `Block sites from accessing the Solana provider API`



* **MIDI device control & reprogram** -> `Don't allow sites to control and reprogram your MIDI devices`



* **USB devices** -> `Don't allow sites to connect to USB devices`



* **File editing** -> `Don't allow sites to edit files or folders on your device`



* **HID devices** -> `Don't allow sites to connect to HID devices`



* **Clipboard** -> `Don't allow sites to see text or images on your clipboard`



* **Payment handlers** -> `Don't allow sites to install payment handlers`



* **Augmented reality** -> `Do not allow sites to create a 3D map of your surroundings or track camera position`



* **Virtual reality** -> `Don't allow sites to use virtual reality devices or data`



* **Window management** -> `Don't allow sites to manage windows on all your displays`



* **Fonts** -> `Don't allow sites to use fonts installed on your device`



* **Pop-ups and redirects** -> `Don't allow sites to send pop-ups or use redirects` *(Should be default)*



* **Protected content IDs** -> `Don't allow sites to play protected content` - [https://www.eff.org/deeplinks/2017/10/drms-dead-canary-how-we-just-lost-web-what-we-learned-it-and-what-we-need-do-next](https://www.eff.org/deeplinks/2017/10/drms-dead-canary-how-we-just-lost-web-what-we-learned-it-and-what-we-need-do-next)



* **V8 optimizer** -> `Don't allow sites to use the V8 optimizer`







**WebRTC IP handling policy** -> `Disable non-proxied UDP` *(Don't set this if you have to call on the web through services like Discord & Zoom)*



**Use Google services for push messaging** -> ❌ *(Should be default)*



**Auto-redirect AMP pages** -> ✅



**Auto-redirect tracking URLs** -> ✅



**Prevent sites from fingerprinting me based on my language preferences** -> ✅



**Private window with Tor** -> ✅ *(Should be default)*



**Only resolve .onion addresses in Tor windows** -> ✅



**Allow privacy-preserving product analytics (P3A)** -> ❌



**Automatically send daily usage ping to Brave** -> ❌



**Automatically send diagnostic reports** -> ❌



# Web3



**Default Ethereum wallet** -> `Extensions (no fallback)`



**Default Solana wallet** -> `Extensions (no fallback)`



**Enable NFT discovery** -> ❌



**Enable Brave Wallet in Private Windows** -> ❌



**Automatically pin NFTs** -> ❌



**Method to resolve IPFS resources** -> `Disabled`



**IPFS public gateway fallback** -> ❌



**Automatically redirect requests for IPFS network resources to the configured gateway** -> ❌



**IPFS companion** -> ❌



**Resolve Unstoppable Domains domain names** -> `Disabled`



**Resolve Ethereum Name Service (ENS) domain names** -> `Disabled`



**Resolve Solana Name Service (SNS) domain names** -> `Disabled`



# Search engine



**Normal Window - Search engine used in the address bar** -> `Brave`



**Private Window - Search engine used in the address bar** -> `Brave`



**Improve search suggestions** -> ❌



**Web Discovery Project** -> ❌



**Manage search engines and site search:**



* Remove any search engines here you don't use (i.e. `Google` & `Bing`)



* Site search -> **History** -> 3 dots -> `Deactivate`



# Extensions



**Allow Google login for extensions** -> ❌



**Hangouts** -> ❌ *([This feature gives Google domains special privileges...](https://x.com/lcasdev/status/1810696257137959018)... also seems useless nowadays, tested screen sharing & video calling and seems to work without issue in most cases)*



**Media Router** -> ❌



**Web Torrent** -> ❌



**Widevine** -> ❌ *(Should be default)* - [https://www.eff.org/deeplinks/2017/10/drms-dead-canary-how-we-just-lost-web-what-we-learned-it-and-what-we-need-do-next](https://www.eff.org/deeplinks/2017/10/drms-dead-canary-how-we-just-lost-web-what-we-learned-it-and-what-we-need-do-next)



# Autofill and passwords



Password Manager -> Settings -> **Offer to save passwords** -> ❌ *(You should not save info in your browser like this for security reasons, use a dedicated password manager like Bitwarden or Proton Pass instead)*



Password Manager -> Settings -> **Sign in automatically** -> ❌



Payment methods -> **Save and fill payment methods** -> ❌ *(You should not save info in your browser like this for security reasons, use a dedicated password manager like Bitwarden or Proton Pass instead)*



Payment methods -> **Manually verify every time you pay using autofill** -> ✅



Payment methods -> **Allow sites to check if you have payment methods saved** -> ❌



Addresses & more -> **Save and fill addresses** -> ❌ *(You should not save info in your browser like this for security reasons, use a dedicated password manager like Bitwarden or Proton Pass instead)*



**Allow auto-fill in private windows** -> ❌



# Downloads



**Ask where to save each file before downloading** -> ✅



**Show downloads when they're done** -> ✅



# System



**Continue running apps when Brave is closed** -> ❌



**Memory Saver** -> ✅



# brave://flags



**#back-forward-cache** -> `Disabled`



**#brave-adblock-default-1p-blocking** -> `Enabled`



**#brave-ads-should-always-run-brave-ads-service** -> `Disabled`



**#brave-ads-should-support-search-result-ads** -> `Disabled`



**#brave-ads-should-always-trigger-search-result-ad-events** -> `Disabled`



**#brave-copy-clean-link-by-default** -> `Enabled`



**#brave-extension-network-blocking** -> `Enabled`



**#brave-ipfs** -> `Disabled`



**#brave-news-peek** -> `Disabled`



**#brave-rewards-allow-self-custody-providers** -> `Disabled`



**#brave-rewards-vbat-notice** -> `Disabled`



**#brave-rewards-gemini** -> `Disabled`



**#brave-sync-v2** -> `Disabled` *(Don't set if you use Brave Sync)*



**#brave-vpn** -> `Disabled`



**#brave-wallet-bitcoin** -> `Disabled`



**#brave-wallet-zcash** -> `Disabled`



**#enable-nft-pinning** -> `Disabled`



**#enable-parallel-downloading** -> `Enabled`



**#native-brave-wallet** -> `Disabled`



**#strict-origin-isolation** -> `Enabled`



# Additional recommendations



* Keep extensions to a minimum and only install what you actually need. Having unnecessary extensions reduces performance, increases attack surface, increases fingerprintability, etc.



* Similarly, [please don't use more than one content blocking extension](https://x.com/gorhill/status/1033706103782170625). Don't install any content blocking extensions if you use Brave's built-in Shields as well.



* Use a (reputable) anti-virus if possible. On Windows, you can use the built-in [Microsoft Defender Antivirus](https://wikipedia.org/wiki/Microsoft_Defender_Antivirus), on macOS, you can stick to the built-in [XProtect](https://support.apple.com/guide/security/protecting-against-malware-sec469d47bd8/web), and on Linux, you can use [ClamAV](https://www.clamav.net/).



* Use a (reputable) VPN. I would generally recommend either [Mullvad](https://mullvad.net/), [IVPN](https://www.ivpn.net/), or [ProtonVPN](https://protonvpn.com/).