Nope, Digital Courage. But they work together occasionally, as far as I know - and I love those simple guides Digital Courage puts on their page… some of them I can even use to explain this stuff to my 70-year-old mom 
Thanks!
Aaaaand thanks!
Gonna look into it, I really liked that app!
Yup!!
Worst is when most of those “small issues” are actually intended behaviour, to smooth up usability for the average joe.
Which is necessary, commercially speaking, otherwise they go to the competition.
I mean… if the majority of people did not let ease-of-use trump security + price + performance… Apple would’ve been buried decades ago, righ? 
So did Mozilla… but you’re right, Firefox can reach a better safety standard. And it also has a much larger userbase…
Which makes it so that any efficient agent interested in exploiting security issues is more likely to focus their attention on Firefox than on Brave, at the moment. And this is one of the drivers behind my choice.
Was a nightmare setting it up…
Depending on where I am, I just give up on that to be honest…
Tutorials I could find here would most likely be out of date security wise.
I do have an image somewhere, with only the basic functionality in it. Will try to find it (although being in the middle of moving home that might take a short while)
As for hints/tips… either DM me or get a thread up and I can try to bounce ideas. and feel free to throw in any issues you find while setting it up and I’ll try to help.
basically… you want a RasPi with services to:
Apart from that, it’s a default setup for an ethernet router…
… with the tricky bit where you must either set it up where it could have an static IP (which I don’t reccomend, since such places will often locate the Pi’s internal IP, find it weird and shut it down), or you’ll need to have a server somewhere else (even an aws api is enough) and configure your Pi to send updates of it’s ip there whenever it changes.
Welcome to the club!
There’s also the risk that, using TOR all the time, you might forget about it and end up ordering something online through the same session…
There was a good example from a friend in law enforcement… they caught a john who was accessing their honeypot site from TOR, but within the same session they ordered a pizza (pun intended) to their address… 
That is what keeps Google at least as the fallback search engine even for most of us… They just work where others fail.
Most likely exactly because of their insidious little evil ways.
Similar to why organised crime is much more efficient at reducing crime on their turf than law enforcement is.
Except if its a vulnerability in the underlying Chromium engine… which is usually where issues happen. In which case, it affects Chrome, Chromium, Brave and all other Chrome / Chromium based browsers, making it much bigger target. I would thus consider FF a smaller target than Brave.
Ethernet router or VPN? Either I’m misunderstanding how you’d use it, or I want a different thing to what you did.
You got a good point there.
I’m only quite at ease because most of those vulnerabilities still require an implementation method / Attack vector… and those usually can work on either Chrome or Brave… thus keeping Chrome as the target makes more sense.
You begin with configuring the Raspberry as a router, which then you make work as a VPN…
But now that I said it out loud, sounds counter-productive. 
I was just spitballing my development process: I first made a raspberry work as a router. then I converted it to a VPN node by adding some middle layer scripts to decrypt and re-package each packet.
Took the long route Mostly because I was experimenting with it. And then I kept using tweaks on the same image file…
But you could, with even less steps, make it straight into a VPN node…
You are absolutely correct there.
Just have a look at Braves Bug Bounty Program. There are quite a lot of Brave specific bugs, many (old but) interesting ones aswell!
Yes a chromium bug would likely also affect brave so, I see the point.
What?! I’m sure most of the times you can get such exploits working on both.
The exploit is only half the attack.
But then… how do I get to use it on you?
a silly and simplified/outdated example…
I could make a phony page with a malware which, if you make a google search while it’s open / from it, it can take a ride on the internal cache Chrome makes for that, then explore a chromium vulnerability and gain access to something of yours…
Such attack vector has been utilised in the past, and the high success factor was tied to how they explored a caching mechanism which is unique to Chrome, in order to leverage a vulnerability in Chromium.
Despite the vulnerability also existing on Brave, in this example the attack vector would fail.
Yeah, NewPipe works. Thanks!
Although - just my luck - I must have the only cellphone in the world without a rear-facing camera. Not terribly convenient to scan a QR code 
Pretty much any time people mention implants hahaha.
Don’t get me started on Javascript being completely unsuitable for server-side work.
Don’t get me started on Javascript being completely unsuitable. period.
this is actually a very good read about it, if you fancy a long story:
https://medium.com/hackernoon/im-harvesting-credit-card-numbers-and-passwords-from-your-site-here-s-how-9a8cb347c5b5
Unfortunately, I am now having to learn to write it to take advantage of Postman/Newman to run automated API testing. I could never get the testing done otherwise.
Oh, Js is easy:
Think “what is the most inefficient or error-prone way I could do this in any half-assed language?” then you jumble a super-simplified syntax as if you were trying to teach java/C# to a 6 year old.
I actually have to deal with js on a daily basis at work. It is the best/only thing that actually works for as many browsers with as much reach as most web stuff requires. so… meh…
It’s so simple an idiot could write it. Unfortunately, it’s also a requirement.
This reminds me of a very good quote about UX I once heard:
“Design a system that even an idiot could use, and you’ll have a system only an idiot will want to use”
That said…
Js is a good tool, if kept within the context it was designed for.
Shame we are way past the point of no return away from that context! 
I’ll be honest, postman using it makes sense. You’re testing APIs, and JavaScript has a lot of dinky ways to access APIs easily. But running anything and everything in node.js? No fucking thanks. Just the dependencies alone. It’s a nightmare! At least with java the dependencies make sense. I’m probably committing a sin by using Java as an API server, sure, but at least it’s not JavaScript.
By the way, if anybody is interested in using DDG without any Javascript and is tired of getting this each time they hit the back button:
// ==UserScript==
// @name Duckduckgo POST to GET
// @namespace Rosco
// @version 0.1
// @description Rewrite POST forms into GET forms in DDG HTML-only pages
// @author Rosco
// @include http*://*duckduckgo.com*
// @grant none
// ==/UserScript==
(function() {
var re_action = new RegExp("^.*\/html\/*$");
for (var i = document.forms.length - 1; i >= 0; i--) {
var form = document.forms[i];
if (re_action.test(form.action) && form.method.toUpperCase() == "POST") {
form.method = "GET";
}
}
})();
So now you pass the search parameters as part of the URL:
This poses its own set of problems - chiefly that your search strings are visible in the URL, if anybody happens to be watching your traffic (i.e. don’t search “blow up the NSA”) and you’ll have cache problems if you forget to manually reload the page when it’s needed. But at least you won’t get the annoying Document Expired message and subsequent Resend popup each time you hit the back button.
I am starting to consider this more and more seriously. Any other advice you could give me?
I’m not the one you asked, but I know a nice little starting point - I think you were from a german-speaking country, so maybe have a look at digitalcourage.de. They have lots of information on privacy-related stuff, from “beginner’s mode” like taking care of your cookies or such, to more advanced things like TOR or rooting your phone.
And I’m sure Rosco will have tons of ideas going further than that, if you need to
Oh, I know them! but I do most of that already. I am at the point where I want to turn it up to 11
Hmm any good ideas about preventing fingerprinting?
Highly customized browsers tend to have the quite unique signatures 
You provided the solution yourself…
I’m running firefox with few, though pretty widespread addons (like NoScript and uBO), and so far, my fingerprint is relatively okay - at least, if I check it on the EFF page, it gives out something like “Our tests indicate that you have you have strong protection against Web tracking”
Dunno what browser you use, but you can check it here (though I’m sure you already found that ):
