Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Deviations from Chromium (features we disable or remove)
NOTE: this page is a work in progress! It should by no means be considered a "final" or exhaustive list of things we have removed.
- How it works
- What Chromium features are removed for privacy/security reasons?
- How does Brave compare to ungoogled-chromium?
Brave for desktop is built on top of the open-source Chromium project. We add features on top of what is already there and we also remove features or pieces of the code. These deviations we make that touch the core Chromium code are done via patching.
Chromium is not the same as Google Chrome. For some differences, see https://chromium.googlesource.com/chromium/src/+/master/docs/chromium_browser_vs_google_chrome.md.
How it works
Chromium source is fetched
The gclient utility (part of depot tools) will fetch the official Chromium source code. The tag that is fetched is captured in our package.json (for example,
70.0.3538.35). All of the source code will be downloaded into the
Brave code is fetched
As part of the setup process, we also fetch our own code. The
brave-core repository has the code that makes the browser Brave. The branch that should be checked out is also contained in that package.json. There is also a
DEPS file in
brave-core that pulls in sub-dependencies (such as the
Hooks are run
After the gclient sync runs and fetches all the code (including
brave-core), the hooks are run. One of the hooks that runs applies the patches (which you can see here) that are contained in
brave-core. If you'd like to know more details about HOW the patching works, you can take a peek at our patching wiki page
What Chromium features are removed for privacy/security reasons?
Services & Features We Disable Entirely
- Google accounts integration ("GAIA") is disabled
- All features that send data to Google are removed from settings
- DNS prefetching is disabled
- Page translation is disabled
- Chrome Google URL Tracker is disabled
- Domain service reliability is disabled
- Inline extensions are disabled
- Background sync is disabled
pingattribute is disabled
- Battery API is disabled
- WebUSB API is disabled
- WebBluetooth API is disabled
- WebRTC debug log uploading is disabled
- Uploading settings after resetting profile is disabled
- Retrieving OEM default settings after resetting profile is disabled
- Tracing crash log uploading is disabled
- Remote debugging is disabled
- Google Cloud Messaging is disabled
- Firebase Cloud Messaging is disabled
- Push client channel updates are disabled
- Network time tracker is disabled
- Google-assisted address normalization is disabled
- RAPPOR log uploading is disabled
Services We Proxy Through Brave Servers
Google does not receive any information about which client is performing these requests (not even your IP address).
- SafeBrowsing requests are proxied
- Geolocation requests are proxied
- Plugin updates are proxied
- Certificate revocation requests are proxied
Some of the above (along with other issues) were previously tracked in https://github.com/brave/brave-browser/issues/13.
You may notice some requests to Google domains. Some of these, such as
update.googleapis.com are needed to check for extension updates if you installed extensions. Our built-in PDF reader (PDF.js) only goes to our own extension server for updates.
How does Brave compare to
ungoogled-chromium, per their GitHub page:
ungoogled-chromium is Google Chromium, sans integration with Google. It also features some tweaks to enhance privacy, control, and transparency (almost all of which require manual activation or enabling).
We have an issue captured for pulling in relevant patches from the
ungoogled-chromium project. The
ungoogled-chromium project similarly has an issue captured where they mention pulling in patches from Brave.