Debloat and harden Brave Browser on Linux, macOS, and Windows.
SlimBrave Neo uses Chromium enterprise managed policies to disable telemetry, bloat, and unwanted features in Brave Browser. No browser extensions, no hacks, just clean policy enforcement that Brave respects natively.
Important
The only official source of SlimBrave Neo is this repository:
github.com/ChaoticSi1ence/SlimBrave-Neo
This project ships source code only. Python and PowerShell scripts you can read before running.
There are no official .exe, .msi, .dmg, .pkg, installers, or compiled binaries.
If you find a download claiming to be SlimBrave-Neo elsewhere, it is not from this project. See SECURITY.md.
Note
Linux users: consider Brave Origin first. Brave Origin is a free, official Brave variant that ships with telemetry and bloat already removed. If you just want a clean Brave without configuration, that's the simpler path.
The Linux version of SlimBrave Neo is still fully supported, and is the right tool if you want fine-grained control over individual policies, custom presets, or your own DoH templates beyond what Origin provides out of the box.
git clone https://github.com/ChaoticSi1ence/SlimBrave-Neo.git
cd SlimBrave-Neo
sudo python3 slimbrave-linux.pyThat's it. No pip install, no jq, no external dependencies. Just Python 3 and root.
CLI mode (non-interactive):
sudo python3 slimbrave-linux.py --import "./Presets/Maximum Privacy Preset.json"
sudo python3 slimbrave-linux.py --export ~/SlimBraveNeoSettings.json
sudo python3 slimbrave-linux.py --resetMultiple Brave channels (Stable / Beta / Nightly): Brave hardcodes the managed-policy directory to /etc/brave/policies for every channel, so a single policy file applies to all of them — no per-channel selector is needed. If multiple channels are installed, leaked Shields exceptions are scrubbed from each channel's user-data directory and "Brave is running" detection covers all installed channels.
After applying, restart Brave and verify at brave://policy.
git clone https://github.com/ChaoticSi1ence/SlimBrave-Neo.git
cd SlimBrave-Neo
sudo python3 slimbrave-mac.pyRequires root. Policies are written to /Library/Managed Preferences/com.brave.Browser.plist by default; with --persist on an Apple Configuration Profile is installed instead.
Persistence on macOS (Apple Silicon / macOS 13+). On modern macOS, cfprefsd and mdmclient may clear directly-written /Library/Managed Preferences/*.plist files at reboot when no Configuration Profile backs them, so policies don't always survive a restart. SlimBrave Neo offers two modes:
| Mode | What it does | Persists | User action |
|---|---|---|---|
off (default) |
Writes the plist only | may reset on macOS 13+ | just sudo |
on |
Installs an Apple Configuration Profile via System Settings | yes, durable | sudo + one-time GUI install |
When --persist is omitted on the CLI, the mode currently installed on the Mac is reused, so a re-run never silently demotes an installed profile back to plist-only. A fresh install defaults to off.
When you click Apply in the TUI, SlimBrave Neo asks two macOS-only questions in order: which Brave channels to manage (only when more than one is installed), then whether to persist across reboots. Both prompts have a sticky default — Enter keeps whichever scope and mode are currently installed.
sudo python3 slimbrave-mac.py --import "./Presets/Maximum Privacy Preset.json" --persist on
sudo python3 slimbrave-mac.py --import "./Presets/Maximum Privacy Preset.json" --persist off
sudo python3 slimbrave-mac.py --resetFinishing the Configuration Profile install (macOS 26). With --persist on, SlimBrave Neo writes a .mobileconfig and opens System Settings, but macOS 11+ disallows CLI-driven profile installs so you finish the step in the GUI: a "Profile Downloaded" notification appears; in System Settings click General → Device Management, scroll down to Downloaded, double-click SlimBrave Neo - Brave Policy, click Install, and enter your login password. Policies then take effect immediately and persist across reboots. To uninstall, run --reset or remove the profile under the same Device Management pane. Reference: Apple — Install configuration profiles on Mac.
CLI mode (non-interactive):
sudo python3 slimbrave-mac.py --import "./Presets/Maximum Privacy Preset.json"
sudo python3 slimbrave-mac.py --export ~/SlimBraveNeoSettings.json
sudo python3 slimbrave-mac.py --reset
sudo python3 slimbrave-mac.py --import preset.json --channels stable,beta
sudo python3 slimbrave-mac.py --import preset.json --persist onAfter applying, restart Brave and verify at brave://policy.
iwr "https://raw.githubusercontent.com/ChaoticSi1ence/SlimBrave-Neo/main/SlimBrave.ps1" -OutFile "SlimBrave.ps1"; .\SlimBrave.ps1Requires Administrator privileges. Hover over any option in the app for a plain-English description of what it does and the exact policy it writes. The app follows your Windows light/dark theme, and on low-resolution displays (e.g. 720p/768p) automatically reflows from two columns into three shorter ones so no options or buttons run off the bottom of the screen.
- Disable Metrics Reporting
- Disable Safe Browsing Reporting
- Disable URL Data Collection
- Disable P3A Analytics
- Disable Stats Ping
- Disable Safe Browsing
- Disable Autofill (Addresses & Credit Cards)
- Disable Password Manager
- Disable Browser Sign-in
- Enable Global Privacy Control
- Enable De-AMP (strip Google AMP wrappers)
- Enable Debouncing (skip known tracking redirect hops)
- Strip Tracking URL Parameters
- Reduce Language Fingerprinting
- Disable WebRTC IP Leak
- Disable QUIC Protocol
- Block Third Party Cookies
- Force Google SafeSearch
- Disable / Force Incognito Mode (mutually exclusive)
- Disable Brave Rewards
- Disable Brave Wallet
- Disable Brave VPN
- Disable Brave AI Chat
- Disable Brave Shields / Force Shields On for all sites (mutually exclusive)
- Disable Brave News
- Disable Brave Talk
- Disable Brave Playlist
- Disable Web Discovery
- Disable Speedreader
- Disable Tor
- Disable Sync
- Disable Email Aliases
Pin Brave's own protection defaults as managed policy so they can't be weakened per-site or in settings (requires Brave 1.83+):
- Enforce Ad Blocking
- Enforce Fingerprinting Protection
- Force HTTPS Upgrades (Strict — sites that can't serve HTTPS show an interstitial)
- Cap Referrers (Strict Origin) / Allow Permissive Referrers (mutually exclusive — both unchecked leaves referrer behavior unmanaged)
- Forget First-Party Storage on Close
Note on referrers: with no referrer policy applied, Brave still caps cross-origin referrers by default, but you can loosen it per-site by lowering Shields on that site. "Allow Permissive Referrers" makes the loosening global as managed policy (
DefaultBraveReferrersSetting: 1) — sites that requestunsafe-urlget your full referring URL cross-origin. It exists for compatibility with sites that break under capped referrers; it weakens privacy and is deliberately excluded from every preset.
- Disable Background Mode (Windows/Linux only — the policy doesn't exist on macOS)
- Disable Shopping List
- Always Open PDF Externally
- Disable Translate
- Disable Spellcheck
- Disable Search Suggestions
- Disable Printing
- Disable Default Browser Prompt
- Disable Developer Tools
- Disable Wayback Machine
unmanagedby default — no DNS policy is written, so Brave's own DNS settings stay user-controlled- Four managed modes:
automatic,off,secure,custom(offforce-disables DoH as policy) - Custom DoH template URL support (e.g.
https://cloudflare-dns.com/dns-query) - Inline editable template field in the TUI
| Flag | Description |
|---|---|
--import PATH |
Import a SlimBrave Neo JSON config and apply policies |
--export PATH |
Export current policy to a SlimBrave Neo JSON config |
--reset |
Remove the managed policy file |
--policy-file PATH |
Override policy file path |
--doh-templates URL |
Set custom DNS-over-HTTPS template URL |
--channels LIST |
Comma-separated channels to target (stable,beta,nightly; Linux also accepts dev). Default auto = all detected. macOS writes one plist per channel; Linux always shares a single policy file. |
--persist MODE |
macOS persistence: off (plist only; may reset after reboot on macOS 13+) or on (install an Apple Configuration Profile via System Settings; durable, Apple-recommended). Omitted = reuse whatever mode is currently installed; falls back to off if nothing is. Linux ignores this flag — its /etc/brave/policies file is already durable. |
-h, --help |
Show help |
Import/export uses the same JSON format as the Windows PowerShell version. Configs are cross-platform compatible.
Presets
- Telemetry: Blocks all reporting (metrics, safe browsing, URL collection, feedback).
- Privacy: Disables autofill, password manager, sign-in, WebRTC leaks, QUIC, and enforces Global Privacy Control.
- Brave Features: Kills Rewards, Wallet, VPN, AI Chat, Tor, Sync, and Email Aliases.
- Shields: Pins ad blocking, fingerprinting protection, strict HTTPS, capped referrers, and forget-on-close storage as managed policy.
- Performance: Disables background processes, recommendations, and bloat.
- DNS: Left unmanaged. Forcing DoH off would hand every DNS query to your ISP in cleartext, while forcing DoH on concentrates that visibility at the DoH provider — which trade-off is right depends on who you distrust more, so the preset leaves the choice to you (set it manually in the DNS section if you have a preference).
- Note: No longer forces incognito-only browsing (earlier versions set
IncognitoModeAvailability: 2, which silently disabled history, persistent logins, and most extensions). Forget-on-close storage covers the privacy goal; the Force Incognito toggle is still available manually. - Best for: Paranoid users, journalists, activists, or anyone who wants Brave as private as possible.
- Telemetry: Blocks all tracking but keeps basic safe browsing.
- Privacy: Blocks third-party cookies, enables Global Privacy Control, but allows password manager and autofill for addresses.
- Brave Features: Disables Rewards, Wallet, VPN, and AI features.
- Performance: Turns off background services and ads.
- DNS: Uses automatic DoH (lets Brave choose the fastest secure DNS).
- Best for: Most users who want privacy but still need convenience features.
- Telemetry: Blocks metrics reporting, P3A analytics, and the daily stats ping (Safe Browsing stays untouched).
- Brave Features: Disables Rewards, Wallet, VPN, and AI to declutter the browser.
- Performance: Kills background processes, shopping features, and promotions.
- DNS: Automatic DoH for a balance of speed and security.
- Best for: Users who want a faster, cleaner Brave without extreme privacy tweaks.
- Telemetry: Blocks all reporting.
- Brave Features: Disables Rewards, Wallet, and VPN but keeps developer tools.
- Performance: Turns off background services and ads.
- DNS: Automatic DoH (default secure DNS).
- Best for: Developers who need dev tools but still want telemetry and ads disabled.
- Privacy: Blocks incognito mode, forces Google SafeSearch, and disables sign-in.
- Brave Features: Disables Rewards, Wallet, VPN, Tor, and dev tools.
- DNS: Uses custom DoH (can be set to a family-friendly DNS like Cloudflare for Families).
- Best for: Parents, schools, or workplaces that need restricted browsing.
SlimBrave Neo writes Chromium managed enterprise policies to platform-specific locations. Brave reads these on startup and enforces the policies. No browser modifications needed.
| Platform | Policy Location |
|---|---|
| Linux | /etc/brave/policies/managed/slimbrave.json (shared across all channels) |
macOS — --persist off |
/Library/Managed Preferences/com.brave.Browser{,.beta,.nightly}.plist (one per selected channel). |
macOS — --persist on |
Apple Configuration Profile installed via System Settings → General → Device Management. No plist files written; the profile system manages the values. |
| Windows | Registry keys via PowerShell |
Additional behavior:
- Auto-detects Brave installations: Arch (
brave-bin), deb/rpm, Flatpak, Snap, macOS App (Stable / Beta / Nightly), and PATH fallback - Reads existing policies on startup and pre-checks matching features; on macOS, the Apply-time channel prompt pre-ticks channels that already have a SlimBrave-managed policy (sticky default)
- Full overwrite on Apply, so unchecked features are cleanly removed
- Import/export compatible with Windows PowerShell version (handles UTF-16 BOM encoding)
Requirements
Linux:
- Python 3 (no external dependencies)
- Root privileges (
sudo) - Brave Browser installed (any packaging method)
macOS:
- Python 3 (no external dependencies)
- Root privileges (
sudo) - Brave Browser installed
Windows:
- Windows 10/11
- PowerShell
- Administrator privileges
Windows: "Running Scripts is Disabled on this System"
Run this command in PowerShell:
Set-ExecutionPolicy -ExecutionPolicy RemoteSigned- Add preset configurations (Privacy, Performance, etc.)
- Import/export settings (cross-platform compatible)
- Add Linux support with full interactive TUI
- DNS-over-HTTPS with custom template URLs
- CLI mode for scripting and automation
- macOS support via managed plist policies
- Multi-channel support on macOS (Stable / Beta / Nightly)
- @alsyundawy - macOS version
- @zhaoJianNet - macOS refinements
