The Semi-Paranoid Geek’s Guide to Brave Browser
Multiple Profiles, Ad Blocking, and More

The modern web is a jungle. In these dark days of large JavaScript toolkits, batteries-included tracking, and increasingly obnoxious banner ads, we need a web browser that protects our interests: user freedom, privacy, and peace of mind. Ten years ago, that web browser was Mozilla Firefox. Today, the contender is Brave Browser¹.

Let’s take a dive into the feature offering of Brave Browser, the new web browser on the block. In particular, let’s focus on how to use multiple browser profiles to make the modern web a little more pleasant to use.

Brave, the company, was founded by Brendan Eich, the programmer who wrote the first JavaScript implementation in 10 days at Netscape. In March 2014, Eich became CEO of Mozilla Corporation, but he soon became the center of a controversy when it was discovered that several years before, Eich had donated personal funds to a political campaign which many inside Mozilla strongly opposed³. Outrage broke out in the Mozilla Company and Eich was pressured into resigning.

Authority in an open source software project is traditionally determined by meritocracy. The top contributor tends to be the leader in charge of the project. In taking a stance on a political issue and ousting someone over it, Mozilla revealed that it was no longer a meritocracy.

Fast forward a few years: Mozilla’s usage share is an all-time low below 4%, and Google Chrome has become the de facto web browser². As each year continues, Mozilla’s vision of a free and open Internet becomes gradually more like a pipe dream as Google increases its grasp on web standards. History is going to record Brendan Eich’s resignation as a catastrophe for Mozilla and the web. Meanwhile, Eich and his new company Brave are starting to shake up things with creative solutions to the big problems on the modern Internet.

Enough soapbox. Let’s test drive Brave Browser.

To install Brave Browser, point your existing (clumsier) web browser to https://brave.com and download the build of Brave for your platform. If you are using Windows, then download the Windows installer and run it. If you are using MacOS, then download the MacOS version. If you are using Linux (like I am), then do what works best on your distribution; Brave supplies binary builds for your convenience.

The marketing on Brave’s website sets some lofty promises in terms of speed improvements. Don’t expect actual performance to keep par with claims on the order of “3x the speed.” However, if you are used to heavy JavaScript-laden web pages, then you will definitely notice an improvement.

Now that we have Brave installed, let’s launch Brave and take a good look at it.

If Brave reminds you a little bit of Google Chrome (with a customized homescreen), then your intuition is strong. Brave is in fact based on Chromium, the open source part of Google Chrome. So, there are many similarities in both face and guts to Google Chrome.

The default homescreen of Brave is nice, but it may be a little overkill for some folks. Click on Customize in the lower right corner.

I disable the background image.

I don’t use the Brave Today newsfeed, so disable it.

Personal pet peeve: 12 hour clocks need to show AM/PM. Since that’s not the case in Brave, 24 hour we go!

Disable all of the cryptocurrency cards (unless you use one of them, in which case it might be useful).

Ah, much better!

Remember that the estimations of bandwidth saved and time saved are just estimations. In order to get an accurate measurement, Brave would need to load all of the advertisements, render them, and benchmark them. Obviously, Brave doesn’t do all that. Brave just blocks them to save you time.

Now, let’s go to ≡ Menu > Settings

Under ‘Get Started’, we can set the profile’s colors and icon. This is useful for distinguishing different profiles from each other, otherwise every Brave Browser window will look the same.

Also, we have an option to determine what pages are displayed when you launch Brave. By default, the previous browser session’s tabs are opened when you launch Brave. (I usually set this to ‘New tab page’.)

Then, there are settings for adjusting the appearance of Brave. The light/dark colors preference affects the display of some web pages. Other browsers have a light theme by default, so I like to set this to light (applies across profiles).

Other settings you may wish to set: ‘Use wide address bar’, ‘hide Brave rewards button’, and ‘Always show full URLs’.

Moving further down, we have Shields Up – Brave Browser’s builtin blocker of ads, cookies, scripts, and other nasty things. (I’m a nerd, so I like Advanced view by default.) Notice that 3rd-party cookies are blocked by default (here dubbed “Cross site cookies”). This is a very good default to have because it frustrates many of the trackers.

Then, we have “Social media blocking.” Some websites allow you to sign in with your Google, Facebook, or Twitter account. What these options do is allow exceptions for third party cookies so that these authentication mechanisms work. I recommend disabling them unless they are needed.

Switch to DuckDuckGo⁴ or Brave Search⁵. They neither track you nor bubble you, and the bang syntax is indispensable once you learn it.

There are several extensions that come bundled with Brave. The Tor Private Window is an interesting feature that you may or may not desire. Tor Private Window is a Private Window, except with everything routed through TOR. TOR is a multi-layer proxy that political dissidents in despotic nations use to hide their footprints⁶. It is rather useful as a quick anonymizer, and I have used it on several occasions as such. Be warned however: TOR is also the same multi-layer proxy that criminals and no-lives use, so it might draw the attention of the nearest network admin.

I have not used WebTorrent yet. I think it is a BitTorrent client built in to the browser. There are legitimate uses and illegitimate uses of BitTorrent, so you may or may not desire this extension.

Options that enable or disable extensions usually apply to all browser profiles.

IPFS (Internet Protocol File System) is a distributed file sharing protocol. I have yet to use IPFS. If you are using it and liking it, please share with me your use case. This sounds like a very cool feature.

At the bottom of the Settings page, there is a hidden section for advanced settings.

Disable product analytics if you don’t like sending usage stats to the mothership (affects all profiles).

There are sub-menus here to adjust browsing data, cookies, and site-specific settings. Under the ‘Cookies and other site data’ sub-menu, there is an option to ‘Clear cookies and site data when you quit Brave’, which is extremely useful for the untrusted profile that we will create shortly.

The automatic Wayback Machine prompt is very cool, and it has saved my rear end a few times already.

Disable the running of background apps when Brave is closed (affects all profiles). I am unsure why this option defaults to ‘on’.

If you have been following along making the customizations that I have suggested (including switching to light mode, which changes the look of the browser drastically), then you should have a new tab page like the following.

After switching to light mode, the resemblance to Google Chrome becomes more obvious. Nevertheless, don’t be fooled. Ties to Google are severed.

Brave Shields is the tool that blocks advertisements and trackers. It can be controlled by clicking on the Brave icon at the end of the address bar.

Here we have a switch to toggle Shields for the current site, as well as a report of how many “creepy things” were blocked.

Advanced View gives us a little more information.

Here we have options to adjust how aggressive the content blocker is, the option to opportunistically upgrade a connection from HTTP to HTTPS, the ability to block JavaScript outright, cookie settings, and fingerprint blocking.

The scripts setting blocks all JavaScript on the page. In a pinch this can be used to disable scripts that override context menus or load headache-inducing banners.

If we click on the down-arrow on the left side of ‘Trackers & ads blocked’, then we are presented with a list of page elements that have been blocked.

Notably, if a website uses Google Analytics (a very popular tracking tool that collects a lot of information about your browser and your cursor movements), then you will see it blocked here. I am very thankful that Brave blocks Google Analytics by default. I prefer not to tell a site operator where my display’s cursor resides at any given moment.

If you are a server operator relying on Google Analytics to track page hits, then please find another framework. Any user who runs a good ad blocker such as uBlock Origin or Brave Shields is invisible to Google Analytics because good ad blockers block Google Analytics by default. Ad blockers are very common security tools nowadays, so there is a significant portion of your user base that is simply missing from your analytics data.

There is this great tool called apache.log. Use it. There is another great tool called grep, and there are more powerful tools called awk, python, and perl. Use them. All of these tools run server-side and will work reliably regardless of what web browser or ad blocker your users use.

We can add additional filters (even custom ones) to Brave. Go to the “Three-Bar” Menu (≡) > Brave Ad Block. (Or type brave://adblock into the address bar.)

The default settings work fine in my testing.

Because Brave Browser is based on Chromium (the open source base of Google Chrome), Brave Browser also inherits one of Chromium’s best features: the ability to create multiple browser profiles.

Why would someone want to use multiple browser profiles? Each profile has its own history, cookie store, settings, and cache. So, each browser profile is a separate identity to the Web. It is possible (and easy) to create one profile for personal browsing, one for work, one for Facebook, and yet another for Google. Each profile is a separate identity to the web.

Let’s create a profile in Brave. Go to the “Three-Bar” Menu (≡) > Create a New Profile.

I generally like to set colors for profiles to make them easy to distinguish from each other. Usually red means untrusted (throwaway data), yellow means semi-untrusted (don’t throw away data), green means semi-trusted (slightly cleaner), and blue means trusted (cleanest of all for sensitive data). This is just a suggestion. You can use whatever colors you like. In this demo, let’s create an untrusted profile and use the shade of red which Brave calls ‘Beige’.

Apply the settings customizations mentioned in the previous section to the new profile. For the untrusted profile, I also recommend enabling Settings > Additional Settings > Privacy and Security > Cookies and other site data > Clear cookies and site data when you quit Brave. This way, each launch of the untrusted profile creates a clean slate.

Notice the new button on the toolbar. This button lets you switch between profiles and customize profiles. If you hover the cursor over the button, then it prints the name of the current profile in a tooltip.

If you click on the button, then a profile switcher is displayed.

Clicking on a profile’s name will open that profile’s browser window. (Now the reasoning behind the earlier suggestion to color code profiles should be clearer. Different colors make different profiles easier to distinguish.)

Clicking the name of the current profile opens the Manage Profile settings screen, which allows you to change the colors and icon of the current profile.

Clicking the gear icon in the profile switcher opens the “Who’s using Brave?” window, which lets you quickly manage a bunch of profiles.

Let’s relabel ‘Profile 1’ as ‘Trusted’. Click the three dots next to ‘Profile 1’ > Edit. The Manage Profile settings screen will open in ‘Profile 1’. Change the name to ‘Trusted’ and set the color of the theme and avatar to light blue (or whatever color you like).

Note: ‘Profile 1’ is a little special. To see why, type brave://version into the address bar and examine the ‘Profile Path’. The ‘Profile Path’ of ‘Profile 1’ ends with Default. However, every other profile has a path ending with Profile N where N is a unique integer.

Now, you can use the Trusted profile to sign into websites you trust. Feel free to create as many profiles as you want. My setup looks like the following screenshot.

Since the dark days of the web, web browsers have included a hidden about: URL scheme⁷ that allows the user to access backstage areas of the browser, ranging from user-facing settings screens to geeky debugging information. Perhaps the most widely known about: page is about:blank, which displays a blank page used as an initial page for new browser sessions.

A useful cross-browser page is about:about, which lists all about: pages. (Try it!)

A slight note about naming: Brave is based on Chromium, which automatically translates about: to chrome://. Brave applies a further substitution: chrome:// to brave://. The net effect is that about:about is translated to brave://about. For all intents and purposes, about:about, chrome://about, and brave://about refer to the same page, and you can enter any one of the three URLs in the address bar to retrieve the same page.

Another useful page is about: (without any page specified), which lists version information in most web browsers. In Brave it translates to brave://version and lists the browser version, the command line, and the profile path.

A useful page for your Untrusted profile is about:settings/siteData (case sensitive), which takes you directly to the settings screen for managing cookies and site data. This is the list of data that is deleted upon exit if you enable ‘Clear cookies and site data when you quit Brave’. From this page, you can remove an individual site’s cookies immediately by clicking the trash bin icon. (I use this settings screen so often that I bookmarked it.)

about:flags allows you to enable experimental features.

about:dino is a fun Easter egg in Brave (and other Chromium-based browsers). about:dino starts a minigame starring a dinosaur jumping over cacti in a desert. This minigame is also activated when pressing <Space> on a network error screen.

If you frequent video streaming websites, then you may see the following message.

If you have not seen this message, then point Brave to https://shaka-player-demo.appspot.com/ and try to play the “Sintel” short film, which is protected by Widevine DRM. (In my testing, I needed to select the compiled version of the player.)

The warning about Widevine has teeth. The Widevine module is Google’s implementation of Encrypted Media Extensions (EME), which is a form of Digital Restrictions Management (DRM)⁸ for the web. The Widevine module is a dynamically linked library, so it integrates very closely with the unsandboxed browser code. Furthermore, source code for Widevine is not publicly available, so there is no way to audit Widevine.

Short version: Widevine is very bad in terms of security and makes both you and content creators politically dependent on Google.

Nevertheless, tech organizations that should know better (e.g. Netflix) have adopted Widevine, mostly at the vocal insistence of large entertainment conglomerates that are too ignorant to know any better. So, until the political problems of copyright law are solved, we are stuck with the technical “solution” of Widevine.

Historical digression: Mozilla had a chance to stand against widespread adoption of Widevine in 2013. Nevertheless, they caved without much resistance and contracted Adobe to implement an EME module for Firefox. Considering all forms of DRM contradict the Mozilla Manifesto, it was a shocking scandal for Mozilla fanboys. Imagine what could have happened if a major browser stood up for freedom on the Internet.

The workaround: sandboxing. If you are thinking of browser profiles, then your instinct is strong. Don’t let this Widevine blackbox touch your main browser profile!

Unfortunately, it is impossible to enable Widevine in one browser profile. Enabling Widevine in one profile enables Widevine in all browser profiles! So, an additional layer of sandboxing is required: --user-data-dir. Brave browser inherits Google Chrome’s secret command line parameter --user-data-dir, which specifies a custom user data directory.

Invoke Brave browser with a custom user-data-dir:

brave-bin --user-data-dir=$HOME/.config/BraveSoftware/Brave-Browser-widevine

Obviously, the path you choose (and the mechanism of invocation) will vary depending on your operating system⁹. The above example applies to Linux and will create a new user-data-dir (~/.config/BraveSoftware/Brave-Browser-widevine) and a new cache directory (~/.cache/BraveSoftware/Brave-Browser-widevine). Both directories are siblings of the default directories that Brave uses.

I have a two-line shell script (brave-bin-widevine) that I use to launch the custom user-data-dir. It is possible to launch both the default Brave user-data-dir and the custom user-data-dir simultaneously.

#!/bin/bash
exec brave-bin --user-data-dir="$HOME/.config/BraveSoftware/Brave-Browser-widevine" "$@"

In Windows, you will probably want to create a new shortcut with the --user-data-dir and install it in your Start Menu.

In MacOS, I have no idea what to do. If you use other platforms, please let me know how you do it. I can include hints and instructions.

This custom user-data-dir is going to become a sandbox for Widevine. This sandbox will have its own separate set of browser profiles independent from your regular set of profiles in your regular user-data-dir.

Once you have Brave launched with a custom user-data-dir, go to Settings > Extensions and enable the Widevine module. This will enable Widevine only in the custom user-data-dir.

Brave will download the latest Widevine module from Google and load it. (Widevine will also appear in about:components.)

Now, point Brave to https://shaka-player-demo.appspot.com/ and try to play the “Sintel” video again. The video should play now.

Brave Browser is the underrated web browser of 2021. Brave blocks ads and trackers by default, making the web a lot more pleasant to use. Brave’s profile system is an immensely useful feature; I hope this guide provides some useful guidance about using profiles. Innovative features such as IPFS support and the builtin TOR mode are the kind of forward-looking wild ideas that provide hope for a better future of the web.

Are you tired of web sites that track you? Brave has mitigations. Are you annoyed with full-screen banners? Brave blocks them, by default. Are you reluctantly losing hope in Mozilla as they continue to twirl around the tube? Try Brave today!