The Brave browser has positioned itself as a privacy-first alternative to Chrome and Firefox, but its new tab page deserves closer scrutiny from developers and power users who value data sovereignty. This review examines what happens when you open a new tab in Brave, what data leaves your machine, and how the customizable new tab page affects your privacy posture.

Understanding Brave’s New Tab Architecture

When you open a new tab in Brave, the browser displays a customizable dashboard that can show news, bookmarks, speed dials, and aggregated statistics. The page loads from Brave’s servers and may include elements fetched from third-party sources. Understanding this architecture is essential for anyone conducting a thorough privacy review.

The new tab page (NTP) is implemented as a web extension bundled with the browser. You can examine its source code in the Brave repository, but the compiled version you interact with daily may differ slightly from the open-source code due to build configurations and feature flags.

Network Request Analysis

To understand what data transmits when you load a new tab, developers can use standard browser developer tools or network inspection utilities. Here’s what typically occurs on a fresh Brave installation:

When the NTP loads, the browser makes requests to Brave’s content delivery network to fetch the dashboard components. These requests may include identifiers that correlate with your browsing session. The exact endpoints depend on your region and Brave’s current server configuration.

For users who prefer to minimize even this minimal network traffic, Brave offers an offline mode. Navigate to brave://flags/#ntp-offline-mode to enable it. This caches the new tab page locally, eliminating network requests on subsequent opens. However, this also disables dynamic content like news cards and removes the ability to customize the page through Brave’s sync service.

Data Collection Mechanisms

Brave’s new tab page implements several data collection mechanisms that privacy-conscious users should understand:

Local Storage and IndexedDB: The NTP stores preferences, viewed tiles, and interaction history in browser-local storage. This data remains on your machine and doesn’t transmit to Brave’s servers unless you enable sync.

Usage Statistics: Brave collects anonymous usage data through its telemetry system. Users can disable this in settings under Privacy and security > Help improve Brave. Even when enabled, this data is aggregated and cannot be traced to individual users.

New Tab Metrics: The NTP reports anonymized metrics about which tiles users interact with, how long they view certain sections, and which customization options they select. Developers can examine these requests by filtering network traffic for domains ending in brave.com with /ntp-metrics in the path.

Custom Tiles and Third-Party Content

The most significant privacy consideration involves custom tiles—user-defined shortcuts that appear on the new tab page. When you add a custom tile, Brave stores the URL, title, and favicon locally. However, loading the favicon may cause your browser to make DNS queries or HTTP requests to the target domain, potentially revealing your browsing patterns to network observers.

To add custom tiles without leaking information, use Brave’s built-in bookmark functionality rather than external services. Here’s how to create a privacy-respecting speed dial entry:

1. Navigate to your desired site in a regular tab
2. Press Ctrl+D (or Cmd+D on macOS)
3. Check “Show in New Tab” to display it as a tile
4. Click “Done” to save

This approach keeps all tile data local and avoids third-party trackers commonly embedded in online bookmark services.

The Brave News Integration

Brave’s new tab page often includes a news feed powered by Brave’s own content aggregation system. This feature has undergone significant privacy evolution, but developers should understand its current implementation:

The news feed loads content from Brave’s servers, which may log your IP address and requested categories. You can completely disable the news component by right-clicking on the new tab page and deselecting “Show News” in the context menu, or by navigating to brave://settings/newTab and toggling off the news feature.

For users who want news but prefer not to contribute to Brave’s data collection, consider using RSS feeds with a local reader instead. This approach gives you complete control over what data is collected and by whom.

Privacy-Focused Alternatives

Developers who find Brave’s new tab page too feature-rich have several alternatives:

Extensions: Privacy-focused NTP extensions exist that provide speed dial functionality without telemetry. Extensions like “StartPage” or custom-built solutions using the WebExtensions API can replace the default experience entirely.

Browser Settings: Navigate to brave://settings/newTab to disable most NTP features. You can reduce the page to a simple search box with minimal tracking.

Custom HTML: Advanced users can create a custom new tab page using the chrome://newtab override feature available in some Chromium derivatives. This requires modifying browser files or using specialized extensions.

Inspecting Your Installation

For developers conducting their own privacy review, Brave provides diagnostic tools. Navigate to brave://components to see which NTP-related components are installed and their current versions. The “Brave New Tab Page” component handles all NTP functionality and receives updates independently of the main browser.

You can also examine network traffic programmatically using tools like mitmproxy or Chromium’s built-in net-internals (chrome://net-internals). Filter for requests originating from the NTP to identify any unexpected data transmission.

Configuration Recommendations

Based on this privacy review, developers and power users should consider these configuration settings:

1. Disable telemetry: Go to brave://settings/privacy and disable all telemetry options
2. Turn off news: Right-click the NTP or navigate to settings to disable the news feed
3. Use offline mode: Enable brave://flags/#ntp-offline-mode if you want a static NTP
4. Review sync settings: Brave’s sync can replicate NTP data across devices—ensure you’re comfortable with this
5. Clear NTP data regularly: Use brave://settings/clearBrowserData to remove local NTP storage

Conclusion

Brave’s new tab page represents a reasonable privacy tradeoff for most users—more transparent than Chrome’s default experience but not as minimal as a completely custom solution. Developers who require absolute control should implement the configuration recommendations above or explore alternative NTP implementations.

For teams integrating Brave into privacy-sensitive environments, conduct your own network analysis using the methods described here. Browser versions change frequently, and privacy implementations evolve. Regular audits ensure your configuration remains aligned with your security requirements.

Related Reading

• Privacy Tools Guide Hub

Built by theluckystrike — More at zovo.one