499 comments

[ 2.8 ms ] story [ 304 ms ] thread
I’ve been using Brave to watch YouTube videos in incognito mode ever since 1Blocker on Safari stopped blocking YouTube ads. This article brings up some good points, and I want to support Firefox more anyway, so I need to see how Firefox handles YouTube ads.
For the past month or so, Brave on Ubuntu has been failing to block YT ads, so now I've been stuck with 2 unskippable multi-minute ads before almost every vid. I've been hitting mute and switching tabs while I wait. The most egregiously annoying one was 6 minutes of ads on an 8-minute standup comedy clip.

Brave on mobile still blocks all that crap so I've transitioned to listening to YT content on my cellphone, propped up on my desk, while I browse the Internet on my desktop.

Same here. Made me switch back to Firefox full-time instead of trusting Brave of getting things right when they time and time stumble on things.
Why not use one of the many chrome extensions that blocks YouTube ads?
You could pay for ad-free YouTube, if you dislike the ads so much.

Many argue that "They'll pay to have ads removed", but that doesn't seem to hold true when services offers that exact option.

> Many seem to argue that "They'll pay to have ads removed", but that doesn't seem to hold true when services offers that exact option.

I would pay for ad free Youtube, if it was an option. Even with Youtube Premium, included promotions continue to be shown

Well yeah, they don't stop someone advertising a product in the main content. If they did, then James Bond movies would be a lot shorter.
The ad-blockers also don’t block those, so I don’t think that was the point.
That’s interesting, maybe that’s market/country dependent. I pay for Premium and haven’t seen and ad or promotion since I signed up.

That really not okay when you actually pay to have no ads.

You should try to install uBlock Origin. I've tried both Vivaldi's and Brave's adblockers but they're still ways behind what uBlock can do.
Have you double checked that the shields are still up for YouTube? I had the same thing happen to me a couple of weeks ago. Turned out my shields were down for YouTube for some reason.
firefox itself doesn't 'handle' youtube ads, but ublock origin does.
uBlock Origin + Sponsorblock + Firefox will give you the best possible Youtube experience.
What’s a YouTube Ad? :-) long time Firefox + uBlock Origin user here.
I use ublock origin on Firefox and it seems to properly block all YouTube ads. As with YouTube-dl it’s probably a bit of an arms race, so if your tool of choice stops working maybe wait for the next update and they’re likely to get it fixed / right.
I guess the number of users must be low. Otherwise, there's a near perfect solution for YouTube: create a stream that contains both the ads and the content and don't allow buffering ahead of time while the ads play. Sure, that's fair task, but doable. When the costs of uBlock exceeds the server+man power needed to implement that, they'll switch.
I get the impression that YouTube do not really put any effort into breaking youtube-dl, YouTube Vanced, etc. It seems that mostly when these break it's accidental.

The last thing YouTube wants to do alienate the technically literate minority who use adblocking, because these are the people who could establish an actual competitor. These folks still put money into the creator ecosystem anyway, through patreon and direct sponsorships, which funds creators to make more content. YT wins either way, honestly.

uBlock Origin with Firefox seems to work really well for blocking video ads. For me it doesn't just block YouTube ads, it manages to block adverts from a couple other streaming sites I use too.
(comment deleted)
(comment deleted)
I find Brave Rewards very egregious. You get lots of BAT and the marketing copy hypes it up immensely without mentioning, anywhere, that you need to provide your SSN and Driver's License to a third-party (Uphold) if you actually, you know, want to cash out.

This seems particularly irritating because, let's say you set your browser to show you the max amount of ads for a while. You saved up for a few months, decided you had enough, tried to cash out only to discover that slap in your face that they never mentioned. Of course this benefits them, but the fact that the browser puts you in the situation of giving up your privacy to receive money is ridiculous for a "privacy" browser.

I think your anger is misplaced - you should be angry at government who requires Brave (and eBay, and Etsy, and any company that is paying out money to people) to require this. If this wasn’t legally required they (and every other company) wouldn’t do it.
That, at least, does have a reason. Uphold is an online exchange and crypto wallet more popular in Europe but very similar to Coinbase. The government doesn't want money laundering and other financial crimes, and you might disagree with KYC but at least there's some argument there.

I don't like that Brave doesn't say, on their Brave Rewards page, warning: You will need to give up your privacy to cash out. If that's OK with you, great; if not, don't set your browser to show ads for months before you try cashing out or you'll get a nasty surprise.

From Brave's perspective, there's also a conflict of interest here. Remember, when an advertiser spends BAT to show an ad, 30% goes to Brave and 70% to the ad receiver. Brave has every incentive to get that 30%, don't they? If that means you were fooled into leaving your browser showing ads thinking you could cash out without losing your privacy, they benefit. And that's why it really smells fishy that they don't mention it on their product page.

(comment deleted)
I guess some users don't ever cash out and just use the rewards to fund the content they consume.
Not sure why you are downvoted.

I guess users could also send the tokens elsewhere to try and find an exchange that doesnt care about money laundering laws - but governments get quite involved in crypto.

Or is transfering tokens not possible?

Not with Brave, it is not. All of your tokens go into Uphold, and you must go through full KYC (providing your Driver's License and SSN), before you can move them to any other wallet. And no, the tokens your browser says you have, they aren't actually yours or transferrable until your KYC Verification is complete. The amount of tokens in your account before you complete Uphold verification is more of an IOU BAT until you create an account and get the actual BAT.

This is what is also egregious. Yes, BAT is decentralized when you move it around in wallets, but as far as the browser is concerned, all BAT you earn from receiving ads is actually quite centralized.

Thanks for clarifying - that indeed should have a big red warning sign for anyone signing up trying to collect BAT via Brave.
Brave, Inc has no requirement to be located in the US that does require these laws, hardly the fault of the government they are choosing to be incorporated under that Brave chooses that particular geographical position, especially since the US probably has some of the worst examples in recent history for disregarding the privacy of citizens and non-citizens alike.
I'm pretty sure the US government is notorious for enforcing its financial laws well beyond its borders.
Is there a reason why brave has to do it but services like bing rewards doesn't? Also, AFAIK paypal allows you to do small transfers without verifying anything.
Sites like eBay would require user identity verification whether or not the government required it. Can you imagine the scale of fraud on eBay if users were allowed to set up anonymous accounts and accept irreversible currency transactions to anonymous sellers? It would be a scammer’s dream come true.

I wouldn’t have any interest in using such marketplaces.

As for Brave: Whether or not KYC or other regulations explain their behavior, any cryptocurrency rewards program has an inherent incentive to make it as difficult as possible to cash out. People who cash out almost always sell their coins, putting downward pressure on the price. If they can use dark patterns to reduce the number of people selling coins, the coin price stays higher.

The ideal cryptocurrency rewards program (for the crypto, not the users) would give people coins but almost force them to hold those coins and make it as difficult as possible to sell. This simultaneously hypes the coin by spreading awareness and removes downward price pressure by making it difficult to sell. This almost always means the company or founders have a lot of the coin that they plan to sell off as it becomes popular.

Virtually everything that comes attached with arbitrary crypto tokens or rewards is a scam to make the founders wealthy while the users chase pennies.

Using this dark pattern is probably necessary, as it is the only robust way to protect them from being click-frauded. You can earn only small rewards by watching ads in a single browser, so there is a big incentive to run as many automated brave instances as possible. Then send it all to one wallet and cash out. But one would need to complete KYC for each instance. You can't move the tokens without it, so it can't be scaled up.
Let's presume this were true - that the Government was also at fault (I don't agree) - why does that excuse Brave's behavior?

If I go look at any other service which requires that kind of information, it's always right up front. Want a Robinhood account? Great, you have to provide the info when you open an acocunt.

I use brave and rewards but have never cashed out so didn’t provide any KYC info.

I just donate BAT to sites.

Brave does “request info up front” for users who want to use the wallet. Requesting it from users who won’t need it is a waste of time.

All Robinhood users perform financial transactions, very few Brave users do.

Is the lack of other options to send micropayments to sites the reason you do this? If there was a way to one click send micropayments to sites from a browser that did not require you to watch ads, but you send your own money, would you do it?
Honestly it’s because I’ve never had enough tokens to qualify for the minimum. So I just leave stuff in my wallet and transfer every once in a while.

I would prefer a wallet that I have control over, but I kind of ignore the BAT stuff and just use it because it’s a clean browser that’s easier for me than managing adblocker plug-ins. The tokens are just a bonus.

> you need to provide your SSN and Driver's License to a third-party (Uphold) if you actually, you know, want to cash out.

This is the government's fault not Brave's. There are laws that enforce the requirements. We do not have the freedom to move value or money around freely any more.

And I completely understand that. But Brave is still guilty of not mentioning on their product page that for all the privacy things they do, Brave Rewards isn't private, and also has a conflict of interest incentivizing them to not tell people about it.
It's Brave's fault if they only give you access to your BAT coins after signing up with Uphold. There should be no reason they hide access to your coins until you use a third party service to dox yourself.

Brave may not be implementing the dox'ing, but they appear to be requiring you to use someone else's implementation which is absolutely their fault.

I am guessing that the parent comment has it right. This is admittedly outside my area of expertise, but I would assume that the system they have for managing BATs is subject to the US's Know Your Customer laws, which require financial institutions (including crypto exchanges) to, well, know their customer. Personally.

They have to figure all that out before they give you access to your account. Which means, yeah, there may well be a good reason for them to require you personally identify yourself before giving you access to the tokens: if they didn't, they'd risk getting into serious trouble with the authorities.

They didn't technically need to contract that stuff out to a third-party company, of course. But, from a practical perspective, they did. They're a small browser company and financial regulation compliance would be a huge and burdensome departure from their core skill set. I don't think they could have afforded to do it themselves.

And that's all right and good, I'm actually OK with this being the requirement for a system like this if a browser that rewards you with crypto is available.

What I'm not OK with is that Brave isn't upfront about this.

Indeed. It's weird to see an organization whose entire sales pitch is, "Trust us, we're trustworthy," that persists in acting unnecessarily skeezy at seemingly every turn. Like, you half expect their next blog post to be, "We've been trying to reach you about your car's warranty..."
kyc laws only applies to exchanges that allow cashing out. I don't understand why kyc would be required here. The browser user should be the miner getting a reward as a private key. They should be able to move it to any exchange (this is where kyc is required) or trade privately.

Why they chose to implement the design in this way is not what I would expect.

> kyc laws only applies to exchanges that allow cashing out. I don't understand why kyc would be required here.

Because cashing out is kind of the entire point of BAT?

If creators couldn't redeem their BATs for actual spendable currency, they wouldn't really be any different from a Facebook Like button that people have to pay to click.

People sell their redditor accounts frequently for their digital tokens (upvotes) - reddit does not require people to use KYC.

Yes, I understand there is an implicit difference here, but this just shows how dumb KYC laws are to begin with as they can be easily bypassed by criminals and serve only to dox the law abiding citizens.

I, as a pro-social, well behaving, net positive contributor to society - have to trust everyone I do business with with my personal information. It's honestly absurd, if I were a criminal I would bypass this with great ease, yet because I want to behave legally I put myself at risk for identity theft frequently just to be able to do business with other people who also likely don't want to be responsible for securing my private information.

KYC, AML, CYA, IANAL
KYC stands for "Know Your Customer" and it's a reference to laws that require businesses to have a clue who they're doing business with. It's not a legitimate response to the concern here. The concern is failure to provide adequate information about the consequences of your actions up front. They're going to benefit from the ads, and they won't necessarily have to pay for that benefit, because they didn't adequately obtain informed consent before they began by informing you that you need to pony up PII to a third party.

AML is probably Anti-Money Laundering. It again has nothing to do with informed consent. It is possible to prevent money from being laundered by telling a person up front, before they agree to sign up, that they have to give their private information to a third party.

CYA is probably "Cover Your Arse". Again, it's not a legitimate concern for the same reason as above.

IANAL is obviously not a response to the original concern but merely intended to reduce the risk of the reply. But there's no legal issues being raised. The issue is purely whether or not a business who praises their privacy credentials should clearly let their customers know that, if they choose to engage in business with them, their private information will need to be shared with a business who they may not trust.

If OP's story is true, Brave is not above engaging in distrust for dollars. That's the lesson to be learnt here. Brave doesn't care about your privacy. They just hope that by marketing privacy, they can get a few customers. And they will and apparently do engage in shady practices that compromise your privacy. No acronym can justify that, other than something that stands for "Businesses need to be responsible for their actions, not just their profits".

To add to this, Brave appears to force you to use Uphold in order to "verify" your wallet. So this is absolutely Brave hiding your coins from you until you dox yourself with a third-party.

It's entirely possible to trade bat for many other coins on exchanges without KYC, but Brave forces you to be unable to do that (regardless of your local laws it seems?)

This is something Brave could easily fix by just exposing an API to allow you to do what you want with your BAT instead of forcing you to use a third party KYC service.

This is true. When you "receive" BAT in your browser, your browser is not a wallet. You can't send it to any address of your choice, or move it to an exchange that doesn't require KYC like Uniswap. The only place you can send that BAT you "received" is "verified creators" in the Brave ecosystem. It's much more like an IOU BAT than real BAT.

If you want to get real BAT that you could send to any address, send to Uniswap, or cash out, you must create an account on Uphold and complete full KYC before you can withdraw. That's when, invisibly, the IOU BAT becomes functional, cryptocurrency-like BAT.

It's like there are 2 BATs in reality despite the marketing. FakeBAT and RealBAT. FakeBAT only works within Brave's approved creators and is what you receive in your browser, and you can convert it to RealBAT which is on Ethereum and ERC20 compliant but only if you do KYC.

An addendum to my statement above: This also means, implicitly, BAT is not a private token. All BAT ultimately comes from people who completed KYC. This means that ultimately, if the government wanted to hunt down where someone's BAT came from, it's really easy when you've KYC'd the entire ecosystem.

And, you might be OK with that for what it is, and might not want money laundering. Fine, but don't advertise it to me as an extension of a privacy browser. This is perhaps the least private cryptocurrency ever outside of USDC.

Isn't this for legal reasons? I'm pretty sure my crypto exchange couldn't give less of a crap about my ID but due to anti-money laundering laws every exchange I've used has had to ask me for it.
So... I dunno... Just ignore the whole BAT/Rewards nonsense? I use none of that shit, though I do use Brave for a (very) few things that require a Chrome-like browser (i.e. Won't work in Firefox with my battery of plugins). I don't regard it primarily as a high-privacy tool (FF is better at that, though far from perfect) but it's better than using Chrome on non-Goog sites.

Ah, the world has become a strange place. I currently use no less than 5 different browsers for different contexts, but mainly Chrome for Goog properties on the seldom occasion I have to go there, FF for almost everything else. Then the corner cases...

Isn’t this only an issue if you actually want to cash out your $2 or whatever. The bigger benefit of Brave is that you can contribute money to websites or content creators that your prefer. This is like the “old” internet where ads didn’t care what content they were shown next to, giving much more freedom of expression on the net. Say YouTube thought your video joking about COVID meant they thought you deserved to demonetize your whole channel, we’ll now brave donations still allows you to make some sort of ad profit. That actually ads up for people from pennies from millions of people together. Cashing out for a few dollars a year is not really the intent of the system.
You can’t cash $2. There’s a 25 BAT minimum
(comment deleted)
How does KYC benefit them? Seems like (if legally allowed) they would want to reduce the friction as much as possible.
I have been testing Brave for some time and i have not received lot of BAT since using it, i can summarize in few words but Brave are so cheap on paying BAT at the cost of giving you ads. For privacy better stick with Firefox or LibreWolf and earn crypto somewhere else.
Web ads are in general incredibly cheap per impression, so while I don’t know (nor particularly care to find out) where Brave’s ad prices come from, it’s not necessarily surprising or nefarious for them to be low.
It's a shame how Brave Inc. has fumbled the execution of this concept. It's a great idea in principle: users earn currency for their attention (watching ads) or by outright purchasing it and avoiding ads, they get to choose which services they want to support and with how much, publishers get paid without slimy advertisers and GDPR headaches, while still keeping advertising in the loop but in a much more indirect and controllable way. It's brilliant. It would eventually allow getting rid of advertisers from the loop entirely with novel ways of earning currency.

Of course this is a pipe dream with the modern ad-powered web. Why would tech giants have a desire to make changes that would affect their main revenue stream? Advertisers wouldn't be thrilled either.

Still, I think it's the best idea that actually has some merit of working at scale to change how the web is monetized today. And we need more of those. Just maybe not executed by Brave Inc.

This is the law; it's not Brave's design. Our design enables you to opt-in, earn, and give to content creators without having to provide any information. The law, however, requires and compels Brave to add KYC into the mix when you wish to self-fund or cash out. Anti-money laundering is not something we can or would circumvent.
You could still the user of this during onboarding, or before the start seeing any BAT ads.
Seems like a pretty important piece of information to share with potential users up front though, for something marketing itself with a privacy focus.
No, because KYC is not mandatory to use rewards and anonymously contribute to your favorite sites and channels. Only if you want to add funds or take out some or all of your revshare is it required. It's not required by default, which is why it should not be advertised as if mandatory. HTH
>KYC is not mandatory... except when you want to add or take out funds.

This is Brave's own cryptocurrency that they use to sell their privacy-based browser. It's an important distinction.

(comment deleted)
Lol. This is like Tesla saying regulations prevent them from releasing full self driving. Don't advertise something you can't deliver.
We deliver exactly what we advertise; users can enjoy the default ad-free experience, or opt-in, earn, and support content creators across the Web. Nowhere in our marketing or elsewhere do we suggest you can anonymously receive cash from companies like Amazon, Twitch, Walmart, etc.
You don't have the ability to offer private money collection and your advertising should reflect that.
He just said they don't advertise the ability to offer private money collection. Are you claiming they do? If not, then it would seem their advertising already correctly reflects this fact.
They claim to be a privacy focused browser that can pay users via cryptocurrency. Yet there is no point to pay via cryptocurrency when there is no privacy for receiving it.
As I understood it, they claim to be a privacy focused browser that distributes some sort of currency-like tokens to users, which the users can then distribute to websites they want to reward, or optionally pay out as cryptocurrency to recipients that may (or may not?) be identical with the users themselves.

That this optional payout requires identification seems to be A) a legal requirement, and B) an implementation detail of second-rank importance in the grand scheme of things.

Feels far-fetched to get one's knickers in a bunch over stuff like that not being at the forefront of their marketing.

Knickers to you may be outer garments to others. This browser has made a habit of asking users to interpret their actions "the right" way.

Look, maybe this is a good idea, and it is the future of getting people to pay for stuff like news or software. If so then they need someone who understands that vision and can project it with confidence. Right now I have no idea who runs Brave or what person I would look to for understanding their goals. For such an innovative concept you really do need a visible delivery vehicle with whom people can relate.

This is false. it is not a law. KYC is required for 3k+ and only in select countries. Brave is international.
You are also forgetting that another option is coming soon. Most of the userbase hates uphold, and they are adding Gemini soon, which should be much better.
Isn't cashing out the tokens as a user sort of pointless anyway? I'm an impoverished student and Brave gives me a way to tip my favorite Youtubers at no cost to myself. They can decide for themselves if they want to sign up and cash out. I think that's really the main intent of the BAT system, nothing deceptive about it. If I wanted to earn trivial amounts of money anonymously, there are plenty of ways to do that.
I don't like the crypto nonsense of Brave, and while I like Firefox in theory, its performance leaves a lot to be desired and they don't seem to know who their user base is. Microsoft Edge got a decent native vertical tab solution before Firefox did! Edge!

I wish some nonprofit would make a Chromium browser with sane defaults and take my donations. That's all I need.

Does Vivaldi count?
If you trust the people behind Opera, sure?
I trust them personally. Jon von Tetzchner, the founder of Opera, left Opera to start Vivaldi once he felt management wasn't doing things the right way.
I tried out Edge for about 15 minutes but had to bail because of the amount of Bing and MSN nonsense embedded in the browser…
Where do you see that? I use it every day and step one was switching search to DuckDuckGo
> its performance leaves a lot to be desired

I'm not sure what you're talking about; this may be the case several times in the past, but you should check again because this is a thing that constantly changes. Firefox performance today doesn't really leave a lot to be desired IMO

> Microsoft Edge got a decent native vertical tab solution before Firefox did! Edge!

Tree Style Tabs has been around since like… 2007?. Or does the "native" part somehow make it a whole lot better?

For me at least Firefox is a no go on every laptop I’ve worked on - the fans start spinning up and I start losing battery life really quickly (especially on macs). Works fine on my desktops though.
I often find sites with subpar performance in Firefox. I think that it's the sites' fault though, for testing only in Chrome / Safari. Reddit's redesign is an example, the loading, scrolling, post opening experience is slow and I can see that it eats a lot of CPU. In chrome it's much faster on the same machine.
> Firefox performance today doesn't really leave a lot to be desired IMO

Sadly I recently left Firefox after having used it for 20 years (Phoenix/Firebird days).

The performance degradation was becoming too noticeable. I switched to Brave (of all things), but that's only because I could no longer fight the real performance that a Chromium-based browser has.

I hate doing this, because the last thing I want is a browser engine monopoly. That's why I started using Firefox in the first place, to help get rid of IE.

Tree Style Tabs has been pretty limited since the port to WebExtensions. It can no longer take the place of the existing tab bar, and instead sits alongside it unless you do some Firefox profile CSS trickery that I never got working properly. Mozilla was considering adding a "hide tab bar" feature but I think they abandoned that.
Edge has the best security of any browser on Windows

ducks

Edge is the best browser for downloading Firefox.
How is it better than any other Chromium based browser like Chrome, Brave or Vivaldi? I can understand it is more integrated than the others, but how is it more secure?
I use Firefox at home and Chrome at work. I can’t tell any difference on performance.
> Microsoft Edge got a decent native vertical tab solution before Firefox did! Edge!

Firefox has had the "down-arrow" Tabs menu, which does exactly the same thing, since, uh, about forever.

So I feel as if the author is missing the point.

Of course brave markets to you with ads. That's the entire point of the web browser. To ad-block, but then to replace it with a suitable privacy protecting alternative to the point that Brave (and everyone else) has no idea which ads you were served and what your browsing history is. The entire point is to mot just be an ad blocker, but to be private, and to provide a workable alternative to the ads that track us on websites.

Furthermore... brave lists on their website what they collect in analytics programs. And... it's not much. They also send the answers in what they call 'low resolution', which basically means multiple choice with ranges making it a lot harder to identify you compared to a specific number. Sure, it's not no tracking at all, but it's probably pretty close to the least you can get to serve relevant ads while serving a general populous.

It is true that it'd be nice if they forked off Chromium at some point so they are less in Google's hands. We can all use more of that.

So, at least for me, this kinda falls on deaf ears. It's missing the point as to why Brave does what it does.

I feel the author is on point. Brave is all about marketing and surfing the privacy wave to make profit.

Take a look at https://brave.com/brave-ads/

Brave goal is to acquire as much users as possible to sell them to advertisers. They are no different from Google. Might as well use Chrome with ublock origin and farm crypto on your own.

The difference is that with Brave you are rewarded for your attention to these ads. That idea has some merit I think, regardless of how it's implemented in Brave.
The privacy/tracking aspect of Braves Ads (which you don't have to use) seems to be way, way better than Google Adsense. It's like comparing the good ol' fixed "image banner + link" vs Adsense. They're both ads, but one is better than the other.

And then you have Chrome sending data directly to Google, the auto logins, dark patterns, etc, which you don't get with Brave or Vivaldi.

I find it funny that people say this when this is pretty much exactly what FLOC is - the browser choosing your interests and deciding which interests to send to the ad server - but without the "show ads on every website and hold the profits from website owners until they claim it".
> deciding which interests to send to the ad server

I was looking at their media kit[0]. They link to a presentation[1] which mentions that the ads are sent to the browser and then the browser itself picks the ones that should be shown to the user.

If this is really the case, then the browser isn't sending that information to the ad server.

[0] https://brave.com/brave-ads/assets/Brave_Media_Kit.pdf

[1] https://www.youtube.com/watch?v=qEj5ZiQohJc

This wouldn’t work for an ad network as big as Google’s, and would further centralize who can serve ads to users (something Google can’t get away with like Brave can).
> This wouldn’t work for an ad network as big as Google’s

Yeah, maybe. I was just pointing out that it doesn't send the user's preferences to a server.

>The privacy/tracking aspect of Braves Ads (which you don't have to use) seems to be way, way better than Google Adsense

Exactly, "seems". Once again, good marketing from the Brave team. Heck, they even sponsored chess grandmaster Hikaru Nakamura on his Twitch stream.

The ad industry isn't going away, if you're thinking of a world in the future sans ads. With the Brave's model, at least you are able to make some profit for yourself.

It's not utopian, but works from a capitalist's standpoint. And a lot of real users like it!

Can you target users via Brave Ads like you can with Adwords/Adsense? If I understood correctly (I might be wrong - hence the "seems"), you can't because they're not doing anything close to what Google does.

I guess my point is that not all tracking or ads are the same. You can track clicks and views of a banner without profiling users across multiple sites and apps, learn all you can, and then let advertisers target them.

Well I mean, yes, they want their ads to succeed (that's how they can offer a product for free). I don't think there's anything wrong with that.

What matters to me is how much data they collect and how they use it. It seems pretty clear to me that they go out of their way to collect less data, and try to be very privacy concious about it.

Do you think they are lying about that? I personally don't, and the code is there for us to audit (the only closed source part of the browser is the part that guarantees it's a human not a bot viewing the ads as far as I know). So I think it's pretty safe to call them much better than Google and their revenue model is certainly a lot more stable than Firefox's.

I think the key difference is that user data are never shared with a third party, not even Brave. All the ad matching logic is done in client so data doesn’t leave my machine.

This is a big difference so using Brave vs Chrome doesn’t result in a company having a record of every site browsed.

> They are no different from Google.

Brave lets you turn off the ads. They also pay you cryptocurrency if you decide to turn them on.

Not sure if I'm fully behind that comment, but it kind of raises an important point. If you want a freer web based on some kind of business, and not a non-profit/charity (and often a shaky one like Mozilla, financed mainly by Google)... this business has to function in some realistic way. (This is largely orthogonal to the open source/free - proprietary axis (which doesn't really exist in web browsers anymore). You should be able to sell/monetize free software.)

I, for one, wouldn't complain if some financially solvent (self-sustaining, money-making), reasonably ethical and non-exploitative web browser existed (the same for search engine, OS etc.). In the economic system that we have it could be more efficient in marketing -> market share among privacy-unaware people and so on.

So maybe we should strive to have a reasonable, analytic discussion what business practices are acceptable (rationally, if not emotionally at first glance) and which are not. This does not mean that we should just eat up whatever "privacy entrepreneurs" think of. But the tone of TFA feels a little less convincing because of the sprinkling of phrases like "their shitty program", like expecting you've already made up your mind.

The issue is that Brave's "point" is a self-defeating motive. It wants to rid the internet of ads by... creating more amicable ads? Furthermore, the proceeds from said ads almost never benefit the creators of the content, meaning that Brave has effectively created an ulterior economy adjacent to the internet. Great, just what we needed, Another Competing Standard.

Nobody in the ads industry wants this, and a good 90% of the privacy sector is watching Brave in horror. Creators will make less money and be exclusively paid in a fiat currency, which probably won't appeal to anyone either. If nobody can reconcile Brave's existence, it will always be a second-class citizen on the web, even if it is forked from Chrome.

> Their adblocker is just a fork of uBlock Origin,

This does not appear to be true. Here is the github repo for their open source adblock engine written in rust:

https://github.com/brave/adblock-rust

Here is a (somewhat dated) article describing it by the authors:

https://brave.com/improved-ad-blocker-performance/

> Google will take decisions that benefit their advertisement business, like making impossible to use adblockers on any Chromium based browser.

Because the brave adblocker is integrated directly into the browser (ie. not an extension) the Manifest V3 limitations don't apply.

Why not just use Ungoogled-Chromium?
It doesn't seem to include an automatic updater.
Simply use a package manager.
[insert link to infamous HN Dropbox comment here]
This is the second reference to that in this thread. It's getting pretty old and I don't even think it's relevant
Yeah just download it over FTP bro!
Use GNU GUIX to manage it. It's been packaged for quite a while now
Third party untrusted binaries last I checked
You can build it yourself, but even with a midrange desktop it'll take you at least an hour to build. A laptop would probably take 2-3 at least.
Are you going to read the source to confirm nothing malicious was added?
There's around 4.9k lines of python code and 15.9k lines of patches. That doesn't seem that hard to scrutinize. From a threat model point of view you should be more worried about supply chain attacks from all the third party programs/libraries you have installed on your computer.
You can pull trusted binaries from OpenBuildService now.
I switched because Google removed the ability to log in and sync settings, history, password, etc. (I realize that in this case I'm directly giving Google my data) but it was a super nice feature.

Brave's Sync v2 works decently well.

I tried this a year ago. Had some trouble first downloading this (afaik the project only provided sources, not binaries, so you had to trust some random guy's website to download the .exe), then it randomly crashed within 5 minutes every time I launched it, then I deleted it.
There are more lies in that article. This one for example is so often repeated but untrue:

> Rewards is their shitty program that will replace ads displayed on websites with their own.

Brave doesn't replace ads with their own. Brave ads are displayed as desktop pop-ups. They can also be easily disabled (which, surprise, the author doesn't mention because of his bias). And the idea behind Brave ads is to give you tokens which are then distributed to the content creators you engaged with. This is the default setting. Their idea is not to shovel you with ads or offer you "get rich with crypto" schemes. Idea is to block ads but still provide revenue to the content, based on how many users engage with that content.

When I see people saying "Brave replaces ads with their own" I have to wonder if they have tried using Brave themselves before writing these critique articles.

To play devil advocate.

On one side, Brave come with an adblocker that will remove any ads from the website you're visiting. On the other, they provide their own ads through the reward program.

So it can be seen as "replacing website ads by its own".

I approve that line of reasoning, but I think that what the author meant.

Edit: I don't approve that line of reasoning, but I think that what the author meant.
To play the devil's devil's advocate :)

Brave allows you to do whatever you want. You can see publisher ads without Brave ads. You can see Brave ads without publishers ads. You can see both. Or you can disable both.

Since individual users can achieve any configuration of ads they like, to me it seems that some people are only unhappy with this because they want to push their moral stances on everyone else. Like, for example, stating that the ability to block publisher ads while enabling Brave ads is immoral and shouldn't be allowed.

The idea that the experience is equivalent as a result of substitution is incorrect, though, and the author's original heavy implication that Brave's substitution is malicious and selfishly designed does not hold up.

Brave basically aligns advertising incentives to match with viewer incentives. A Google served ad is not the same thing as a Brave served ad from the perspective of a viewer, because Brave ads are optional and some of their value accrues to the viewer.

Is the alignment perfect? No. But I do view it as a substantially better starting point than the currently centralizing, adversarial model that currently exists.

You can disable seeing ads in settings though. if you choose to see ads however, the website doesn't get anything, you get crypto from it.
In Brave, by default, when a user opts-in and earns rewards from Brave Ads, Brave will enable the user to tip verified sites and content creators (even making automatic, pro-rata contributions possible). This is currently how content creators benefit (indirectly) from Brave Ads. Their users earn rewards, and forward them along. We're currently settling more than 8-figures each month to website owners and more. See creators.brave.com for more information. Further options will come in the future as well.
I think people are misremembering or misunderstanding a recent controversy where Brave was adding their own affiliate links to the user's browsing session without the user's knowledge or consent: https://www.coindesk.com/brave-browsers-affiliate-link-contr...
I don't think this is it because the article has a separate section about affiliate link controversy.
These points had been true at some point though... Also, brave is constantly astroturfing, so you should always take whatever you read online with a grain of salt.

I used brave's android browser a long time ago as well (at that time these claims were true - but they didn't replace the ads on all pages). I cannot speak about whats the current situation however, as I'm not up to date on the topic.

I'd prefer it if I could contribute cash monthly, and let the browser distribute the funds based on my browsing.

The notion of getting paid to view a separate stream of ads seems bizarre. It's the 'Ad Buddy' model, but with crypto.

You can do that today with Brave. Brave Rewards enables users to self-fund, and contribute automatically to the sites they visit, proportional to the time spent on those sites. See https://brave.com/rewards and https://creators.brave.com for more information. The beautiful thing about Brave Ads, however, is that everybody can support the content they love. Even if they don't have the ability to self-fund; they can convert attention into substantive support for content creators.
Okay, but, how do I give them actual money, instead of BAT? Will you redeem BAT for dollars?
Within the Brave ecosystem, BAT is the unit of account for attention and support. Those who receive BAT, however, do not have to hold BAT. We offer creators and publishers the option of automatically converting their received tokens from BAT into various other types of assets and/or currencies. Many keep the BAT, others auto-convert to Bitcoin, and a large portion auto-convert to their regional currency (USD, CAD, etc.).
I still don't really get how brave is supposed to work:

You watch significantly fewer ads than before, these ads are then supplied to whoever you yourself engage with. That seems like watching these fewer ads directly on the site, just with a few hoops in between.

The difference is that now you watch fewer ads in total, and you have the Brave-browser as an inbetween, which also somehow has to survive. This means that you get potentially even less money, since less ads are watched and the ones that are watched are more diluted (even if brave currently doesn't take a cut at the moment: At some point they have to pay their developers, too).

Also, why do they pay out in BAT? (other than the fact that they cooperate with "uphold" a crypto-exchange and that they also really really want to jump on the crypto-bandwagon)

Somehow there has to be money going into the system that supports its own existance. If brave had something like a subsciption service or other way to get additional funds into the Network, then it might be more understandable, but even then: Why should I support someone by using BATs instead of paypaling/patreoning/whatever-elseing him the money directly?

I recently did a 5 minute video on the history of digital advertising, with an introduction to Brave's model: https://youtu.be/LsrrT502luI.

Per https://brave.com/rewards and https://creators.brave.com, users opt-in to Brave Rewards and begin participating with privacy-preserving Ads. Each ad nets you, the user, 70% of the associated revenue.

Rewards come in the form of BAT, which moves more easily and comes with considerably less friction. The blockchain enables users to effortlessly and anonymously participate. This also means that everybody with attention (and not necessarily disposable income) can support the content they love online.

As for paying out in BAT, creators can choose to have BAT auto-converted into Bitcoin, US Dollars, etc. Users can also have their rewards converted into another type of asset or currency via Uphold too. BAT is simply a utility token, whose utility is currently best demonstrated within the Brave ecosystem.

To your last point, the "money going in" comes from advertisers. They pay in fiat currencies, or via BAT. If they pay us in dollars, we purchase BAT as needed from the market. Users can also self-fund their wallet, if they have disposable income.

I understand that money goes in through the advertisers: But how is that money sufficient to maintain the current websites?

You watch fewer ads than before, which means (if the ads pay the same) that each website gets on average (i.e. if the split is the same as before) less money. As you describe it, only 70% of the ad-revenue actually reaches the user, meaning even if you watch the same amount of ads, websites get 30% less money, and that ignores that many people just opt-out of ads. (BTW do you know where that 30% go to?)

> The blockchain enables users to effortlessly and anonymously participate.

That actually makes sense. But if you want to get money out of BAT, don't you have to pay a transaction fee? And if you don't, then how does Uphold make any money to pay their developers?

For me it seems that there's money vanishing at every point and very little or nothing to replace it.

Also, wouldn't brave have a quasi-monopoly on ads in this configuration? Even if brave is an honorable company (and I have no reason to doubt that), it makes me uneasy to know that we are breeding another potential "too-big-to-fail" giant like Facebook/Amazon/Google.

Edit:

Rereading your comment again and noticing the "users can distributed bought BAT directly" part: Then the monetization system makes a little more sense. Do you have stats on how much people are paying in? Is the ultimate goal to get rid of ads entirely or at least shift over to a "pay for what you use" model? In that case I can understand that. (though the monopoly on website monetization part still makes me kind of uneasy)

This step in the chain of progress may require people to adapt to the idea of making less money in exchange for a healthier web.
I think you're conflating the user with the publisher here; the user received 0% of the ad revenue in the past. With Brave, the user receives 70% of the ad revenue (the other 30% goes to Brave, which builds and maintains this apparatus).

You're correct that publishers lose revenue when ads are blocked on their sites, but not blocking ads means users are at an increased risk of being abused by malicious third-party actors. This is one of the main issues with ad and content blockers: they keep users safer, but they take revenue from content creators.

Brave is working on a model that reduces fraud, increases rewards for content creators, and rewards users for their attention. This won't be built overnight, let alone over a few short years. That said, we are making tremendous progress, now settling over 8-figures each month for verified content creators.

As Brave matures and develops, more options will become available for users and content creators to earn more.

As for transaction fees when converting BAT, you are correct. There are often transaction fees involved. But those often depend on how much you're moving around, if you're buying or selling, etc. Uphold and Gemini (our other partner in this space) may also differ between each other.

You're right about heavily centralization around Brave too. This is why we're working on THEMIS (https://brave.com/themis/), a protocol for decentralizing the Brave Ads ecosystem. We recently wrapped-up an effort in that space and blogged about progress: https://brave.com/themis-rfcc-wrap-up/.

We don't have stats to share on how many Brave users are self-funding their wallets vs earning with Rewards. That said, the latter category is naturally going to be much, much larger. It is also not an either-or thing either; many people opt-in to Brave Ads and also buy BAT to supplement their attention-based earnings.

I don't think the goal is to get rid of ads entirely, but rather to yield power to the user. Not everybody has disposable income, and therefore many people would prefer to opt-in to privacy-respecting ads, earn rewards for their attention, and support the Web by those means. For those who wish to self-fund, that is possible. They don't need to opt-in to Brave Ads either.

Even if a site made significant effort to have "non-malicious ads" I don't think brave would not block them with and put in their own.

I.e Brave is bootstrapping on manipulation of the intent of the publisher.

A cleaner aproch may be to approach publishers offer them a "better way" and decuple it from the browser marketing privacy / reduced ad load.

Likewise standards bodies, NGOs and Gov agencies need to protect users in the web and app ecosystems making it a more level in respecting user privacy / reduced harm. To control publisher / advertising / user relationship in a fair way.

But we live in a time of fast pace asymmetrical software mediated warfair and a few eggs are going to be cracked along the way in to trying to build something better.

Brave does not touch first-party ads; you can do all of the first-party advertising you like. Unfortunately, whether the third-party ads are malicious or not is not up to the publisher. The publisher is simply asked to add a bit of JavaScript to their page, and that's it.

Brave doesn't inject ads onto webpages; so there is no scenario where you (as a publisher) would have our ads displayed on your page (unless you, yourself displayed them).

Please see this 5-minute overview of the problems facing digital ads, and Brave's proposed model: https://youtu.be/LsrrT502luI

Nice video, but it almost completely misses the point:

Even if all ads on all websites were made in a privacy-respecting way, people would still use adblockers.

This is because people simply hate ads in their browser. It is because they make browsing experience miserable. They add bloat. They distract from the content. They add cognitive overhead. They slow down browsing. They are literally unwanted guests in our browsers.

So Brave’s model replaces one set of ads with another, basically achieving nothing to mitigate the problem itself - very existance of ads in the first place. What makes Brave’s ad model worse is that it offers people a monetary incentive for doing an activity (watch ads) that we know they are trying to avoid (by using a browser with an ad-blocker). So the very premise of this setup seems to be that people hate ads just because they are not privacy-respecting. But reality is that people normally simply do not want to be exposed to ads.

(btw the only ad based business model that would align all incentives is one in which users would be paying to see the ads)

Different people want different things; many people install ad-blockers because they don't like ads, period. Others install them because they aren't comfortable with the security and privacy risk. Quite a few people are conflicted when it comes to blocking ads, knowing that it cuts off the funding for content creators. Brave is for everybody; no ads by default, and privacy-respecting ads for those who would like to support content creators on the Web.
The argument is akin to saying you are working for a company that sells cigarette quitting kits but also sells cigarettes because "different people want different things".

And the content creator argument has long been debunked as smoke screen planted by companies in the ad business (and Brave qualifies as one), because monetizing any content through ads is the least efficient way to monetize creative work. What this model actually does though is incentivizes the creation of large quantities of low quality content.

if user buy BAT directly than distribute to the content creator, the story sounds similar to likecoin
I started using it. Found it fast. I get many 4 ads a day. They don't appear on the website they appear near the button to the side. Really small ad, just text. It is so out of the way.

The model for profit is around the bat coins gaining popularity. The payouts are extremely low for everyone.

> The model for profit is around the bat coins gaining popularity

Incorrect. Their revenue is in USD, and their payout is calculated using the revenue in USD. The price of the token does not affect them in any way.

Their model from profit is unbelievably simple. They are an ad network that uses the browser as a distribution vehicle. More people using the browser, more advertisers will be buying ad space, more revenue for them.

They do have a published roadmap about offering more services in the crypto-space (built-in web3 wallet with direct connection with crypto exchanges, use of NFTs to access features and services on different websites, etc) which are very interesting and it might even become a bigger play than the existing ad network. At the end of the day however, they can have a solid and sustainable business just with the ad distribution network.

I think the idea is this:

- Most people won't paypal/patreon/send money directly

- The current system uses ads as a shorthand for attention. If you're able to get attention you get more ad traction and more money.

- Ads suck and are a corrupting influence on everything, if there was a way to directly award attention without ads that would be better.

- Brave replaces ads by tracking attention directly and attempting to reward it directly with BATs. These is done instead of cash because (I'm not really sure why) - I suspect because it's easier to manage and easier to split into tiny amounts.

- Flattr from the late 2000s (2007?) was similar, but with cash (Flattr = Flat Rate) the idea being you'd put in $XX/month and it'd distribute it depending on what pages you viewed. It was created by some of the Pirate Bay founders iirc. It never got much traction.

The issues I have with these services:

- Ads are bad, but the attention economy is the underlying problem. Removing ads is good, but still incentivizing attention for $$ isn't great.

- In the case of 'privacy' Brave has now inserted themselves as the tracker of all attention, this is very high risk and not a lot better than the ad companies. Sure you don't see ads but a lot of the bad slot machine incentives around content remain.

- I don't want to necessarily pay everyone based on what I view, what if what captures my attention is crap? What if I'm reading something for context, but don't support it?

---

I get what they're trying to do, reward people without ads and without making users pay - but I'd rather the ad model just die and if some businesses can't survive without it we probably don't need them. I recognize this isn't super realistic because companies compete on a global stage.

A business truly operating in the interest of users would make a browser that had ad blocking built in without tracking - and worked on subverting ads full time (what users actually want). This includes real privacy by not being a new middle man tracking attention. Apple is the closest to doing stuff like this with their new onion router VPN, making it easy to block tracking from apps in the store, etc.

Brave pretends its interest is privacy and browser users, but it feels like a rationalization to me. Brave's core business is attention tracking and taking a cut of that, if not now - when they have more power. Its user's attention is what they monetize - those incentives don't lead some place good.

You seem to have missed a critical point: The “attention tracking” Brave does stays completely on device.

The browser is sent a list of ads, and the browser decides which ads to serve based on its metrics. Brave doesn’t see this data and the user can choose to participate or not.

There are no easy answers, but this is an interesting model and a reasonable compromise for many.

> That seems like watching these fewer ads directly on the site,

The ads from Brave are completely separate from the website. They are presented as an OS notification pop-up.

> Somehow there has to be money going into the system that supports its own existance.

Yes, of course. Their revenue coming from the advertisers that get to place ads on their notifications. They only pay to the users a share of this revenue. If for some reason they stop getting advertisers, they will stop paying the users. Simple as that.

> This means that you get potentially even less money.

This is making the very bad assumption that they have a fixed revenue. As their user base grows, more advertisers will be interested in placing ads on their network and their revenue will increase.

> Also, why do they pay out in BAT?

Primarily, because it simplifies the logistics and allows them to escape the regulatory hurdles of having to become licensed money transmitters, and lets them outsource all of that crap to the crypto exchanges. A second-order but also important effect is that it attract users who want to speculate on the token.

> Why should I support someone by using BATs instead of paypaling/patreoning/whatever-elseing him the money directly?

Whynotboth.jpg?

Patreon is not bad, but they are not in a business that can fight surveillance capitalism. Patreon does not have a way to block Facebook from tracking my browsing. Brave does. Patreon does not block the Youtube ads from the people that you want to support. Brave does.

The long term play might be that, but they would probably never get the market share to exploit it fully
> If earning half a penny in a month is okay for you, in exchange of your privacy, because of course, they’re tracking you with Rewards, then enjoy your money.

Lie. Brave doesn't track you. Your ad data never leave your machine (a bit like your bookmarks). The ad engine works privately on your computer and not on Brave server.

If it's fetching ads, it has to 100% be sending some data to someone, who is likely able to correlate it and track you. It doesn't take much.
The entire ad catalog is sent on your machine and some ad engine running inside the browser decides which ads to show you. It's funny seeing all these folks nitpicking at Brave but who are fine using Google or Microsoft every day
I don't really care about brave either way, it's just dubious that the ads are somehow untrackable when you apparently get credit for seeing them some how?
We use zero-knowledge proofs and blinded tokens to track when an ad has been viewed by a user. But there is no user data involved here. The magic of cryptography is that you can prove you viewed the ad without telling us anything about you
Do you have any reading material about how you achieved this?

I can't really see how zero-knowledge proofs could solve this. There is no cryptographic way to prove that software executing on a clients machine triggered a notification. Especially on Linux where an open source notification manager could be modified to reject it.

Assuming you have gone through this [0] and it did(n't) click for you.

I'm equally not so convinced on this anonymous ad system they claim to have built. The browser claims to generate an adID based on your history but encrypt this info to the advertiser. Maybe someone who has actually interacted with the ad platform can provide more insight on what information is exposed.

Zero-knowledge advertising sounds practically like an oxymoron to me, but hey they claim to have made it work.

[0] https://brave.com/themis/

Certainly! Check out the resource detailing our Ad Confirmation process at https://github.com/brave/brave-browser/wiki/Security-and-pri... (it's a little old, but should be helpful). We leverage the Privacy Pass approach too, so reading https://www.petsymposium.org/2018/files/papers/issue3/popets... will also help understand our process. I hope this helps!
Perhaps I am misunderstanding what you sent, but isn't this just a way for the user to report that they viewed an add, not prove that they viewed it?
The cryptographic proofs are baked-into the confirmation and reporting process.

A sufficiently-capable attacker could conceivably trick the browser into thinking a native OS ad-notification was displayed, we do rely on the OS to inform us at this point (though preview versions of Brave do not have this dependency), but we have considered this as well.

The main threat here would be an attacker who attempts to automate the confirmation process, and potentially duplicate it across various VMs or OS instances. Fortunately, we've considered this too. For reasons I hope are obvious, I can't go into greater detail here.

Ah, I hadn't noticed you declaring your financial interest before and was wondering if you were a Brave employee.
You misunderstand. The sensitive data here is your browsing history (and all that it infers). Brave never sees that.

But yes, when you view an ad, that gets recorded somewhere (so that you can get rewards, and the advertiser can be billed).

You decide if you’re comfortable with this or not. The feature is easily turned on or off.

Do you have to download the chosen ad or is it already on your system? If you selectively downloaded ads, your ip address could give you away and you get a floc like situation
The ad catalog for your region is downloaded; it comes with click-through URLs, titles, body text, and some other information. There is no connection made beyond this to retrieve any other ad-related data. You can see what your own regional catalog contains by visiting https://sampson.codes/brave/ads/my_region/.
A regional catalog is downloaded routinely. The only "data" going out is your region (e.g. the United States). This returns a protobuf catalog of ads for your region. Your device privately studies this catalog for relevant entries. When an ad is shown, it's presented as a native notification on the OS. This means the user sees a title (text), and a body (text). Screenshots of these notifications are on https://brave.com/rewards. I also covered this model in brief detail recently https://youtu.be/LsrrT502luI (skip to about 3:22 if you like).
How does it report the ad was viewed?
and how do they prevent users from faking ad views to accumulate bat?
When the notification pops on screen, you are granted the rewards. If your OS is not able to show the notification (due to Focus Assist, DND, or some other reason) then you are not rewarded (a future update to Brave will let users control visibility from within the browser entirely).
I believe the question was about the mechanism by which you viewing the ad is reported to Brave, not how the ad display was implemented. (A weird interpretation of "reported".)
Our Rewards server distributes virtual tokens to the instance of Brave (which has an associated Payment ID). These tokens can be exchanged when ad notifications have been viewed, and when other ad-related events occur. The tokens aren't tied to any user information.
Not to nitpick, but you still didn’t answer the question. I don’t think anyone is confused over the concept “view ad -> get token”. The parent comment was wondering how you determine an ad was viewed.
> The only "data" going out is your region (e.g. the United States).

Every request Brave makes "home" will transfer private data like IP address of the user and browser fingerprint, regardless of the payload. Can you clarify what is done with this data?

Also if it is true what says in the article that some requests "home" can not be disabled, why is that the case?

> private data like IP address of the user and browser fingerprint

Presumably it would send the same data whenever it checks for software updates too.

I can't think of a threat model where downloading updates and downloading ads are different in terms of user privacy (except, of course, that a malicious update can do far more harm).

What browser fingerprint are you seeing in your research? I don't believe Leith et al found any such issue in their review at https://www.scss.tcd.ie/Doug.Leith/pubs/browser_privacy.pdf, nor did I in https://brave.com/popular-browsers-first-run/.

I'm happy to discuss any requests you like; we also document all of this to the best of our ability on GitHub as well (https://github.com/brave/brave-browser/wiki).

As for disabling requests, this is a valid petition. Our goal is to have no extra requests when and where possible. We've worked hard to keep them to a minimal. There are some requests (e.g. product update requests) that we've been hesitant to make more easily blockable, since this could potentially leave large swaths of Brave users disconnected, and increasingly vulnerable.

Thanks for the attempt to clarify. My question was, what do you do with the IP address of the user that you get through these “phone-home” requests and I think it is left unanswered?

> We've worked hard to keep them to a minimal.

How is 80 requests minimal? (source: your own above-mentioned article). It seems to me that 0 requests would be minimal.

What is preventing Brave from being a zero-telemetry browser by default?

We drop the IP address. When needed, we'll convert it to a regional identifier (e.g. United States) so that we can have a count of how many users are in the US, UK, etc.

I'm not sure where you saw 80 request; my network analysis post (https://brave.com/popular-browsers-first-run/) shows Brave issuing 70 requests over a 10-minute period. Compare with Chrome (91 requests), Firefox (2,799 requests), Edge (367 requests), and Opera (106 requests).

0 requests is not realistic, IMHO. When you launch a browser you want to make sure the user has a fresh local DB of known-malicious URLs (so you don't have to pipe each request through a look-up service, like Opera does) for client-side checking. You also want to make sure the client has an updated list of blocking rules for other types of content. There's quite a bit of setup needed when you launch a web browser.

Zero telemetry is unwise, assuming you want to build a product that works for a diverse set of users, devices, and environments. The main issue here is not whether you collect telemetry, but [how] you do so, and what that looks like. Brave is careful to preclude abuse from the design phase; see https://www.brave.com/p3a for more on how we handle Privacy-Preserving Product Analytics.

  >0 requests is not realistic, IMHO. When you launch a browser you want to make sure the user has a fresh local DB of known-malicious URLs (so you don't have to pipe each request through a look-up service, like Opera does) for client-side checking. You also want to make sure the client has an updated list of blocking rules for other types of content. There's quite a bit of setup needed when you launch a web browser.
It is quite realistic and possible. Both examples you gave can be opt-in. Perhaps I do not want my browser to arbitrarly show a malicious URL warning. Updating content blocker can and should be opt-in as well. Maybe particular rule set work well for my setup and I do not want the update to break it.

And maybe I just do not want the browser to send requests home.

And even if both of these are enabled these should be just two requests - what is going on in the remaining 68? It just looks like a very high number even if it is smallest among other test browsers (which doesn't make Brave good, just makes every tested browser broken in this regard).

  >Zero telemetry is unwise, assuming you want to build a product that works for a diverse set of users, devices, and environments.
This is based on what? You should really provide an argument when making a bold claim like this.

Zero telemetry should be the corner-stone of any privacy respecting product. Only zero telemetry ensures and guarantees that user privacy will be 100% respected. Everything else, even sending just one unwanted request "home" or anywhere else, can and should raise valid questions about what is done with the data including IP address since this will be closed source even in an open-source browser like Brave.

A browser which doesn't update security features upon install, startup, and on a regular interval, is an unsafe browser. Such an application might be okay for a power-user who understands the risks, but not for a popular browser built for all types of users.

Telemetry is crucial to understanding how your product is used, as well as understanding what works and what doesn't. You cannot have one-on-one conversations with 30M+ users, which is how you learn, develop, and improve.

Brave needed to find privacy-respecting ways to achieve similar "conversational" insights. That's what we've done with Privacy-Preserving Product Analytics (https://www.brave.com/p3a/). P3A doesn't collect any user data, operates on a set of published "questions", and uses vague, range-based "answers". We also split up the requests to avoid developing a "fingerprint" from the answers.

The browser should be a secure app to begin with, without making any automatic external requests (if anything, theses can make it less secure). Almost every other application behaves in this way.

Besides, malicious URLs directory and content blocking hardly qualify as 'security’ features.

Telemetry can be useful, and totally feel free to have as much of it as you want, as long as users opt-in into it. You seem to be making a lot of choices on the behalf of the user, when your default setup has whopping 70 requests “home".

There is a way to achieve everything you want, and for a privacy respecting product (or one claiming to be one) these choices absolutely need to be users' and not yours (by the very definition of the term privacy)

The browser is secure "to begin with" because it is designed to adapt to the moving threat landscape of the Web. Attackers aren't static; we don't want to their targets to be static either. A browser that doesn't adapt rapidly, dies.
This is what the automatic update mechanism is for (and which should be opt-in as well like an OS would do it).
You don't want to tie everything to one, single update. That means you have to delay smaller filter-rule updates until you deliver larger app-based updates. Or, you have to force a restart of the app to apply changes to filter lists, which is also not idea. Having a component-based system, where items can be updated and managed individually, is far better for everybody.
Does integrating it into the browser have any performance benefits over using an extension?
Brave ad blocker is written in Rust and browser extensions in JavaScript, so it should be faster
Not only faster, but we aren't beholden to the APIs offered by Google and others. Manifest v3 threatened the existence of popular content-blockers like uBlock Origin. Since we are the browser, we aren't so limited. A recent example of how we are able to do more was with the introduction of CNAME blocking, which allowed us to identify when a third-party tracker had managed to be requested from a first-party URL: https://brave.com/privacy-updates-6/.
Hey, thanks. One of my favorite computers is a Surface 3 running a Cherry Trail CPU. I tried Brave out and it's noticeably snappier on the old hardware than Firefox or Chrome.
uBlock Origin is using Web Assembly now for certain critical code. Anyway performance differences between the two have always been negligible and often fluctuating.
The Epic Privacy Browser Team is integrating uBlock into Epic in their next update and didn't find a significant degradation in performance from any Chrome limitations, nor a significant performance improvement in Brave's implementation.

Epic's mobile browsers were built on Brave/Chromium, but now that Brave has endpoint and other dependencies as mentioned it doesn't explain, it isn't possible to continue to build on them or even test them since Brave features don't work in outsider builds.

> HTML filtering is the ability to filter the response body of HTML documents before it is parsed by the browser.

> For example, this allows the removal of specific tags in HTML documents before they are parsed and executed by the browser, something not possible in a reliable manner in other browsers. This feature requires the webRequest.filterResponseData() API, currently only available in Firefox.

https://github.com/gorhill/uBlock/wiki/uBlock-Origin-works-b... I'm going to trust Gorhill on this one. If a significant feature _does not exist_ in Epic then the only way that it couldn't hurt performance is if it was somehow useless. I suspect the Epic people (accidentally?) didn't measure that aspect.

I am curious why doesn’t Brave block Google ads on its standard (default) ad-blocker settings?
I always find it odd that we worry so much about how much our browsers are tracking us, but almost nothing about what our ISPs are doing. Every time I've looked into it, it seems much worse. As far as I can tell, ISPs are legally allowed to sell your browsing history to third parties: https://arstechnica.com/tech-policy/2017/03/for-sale-your-pr...
I only know enough about networking to be dangerous but I am convinced Comcast is doing shady shit with my modem when I change the DNS settings to use non-Comcast servers. Every once in a while I’ll attempt to use Wireshark to try to make sense of what’s happening but I’m pretty clueless and don’t really know what I’m looking at/for.

If anyone knows any good resources to learn about the ISP nuts and bolts that make internet magic happen between my modem and everyone else’s servers I would be most appreciative.

I found The UNIX and Linux System Administration Handbook (5th Edition), chapters about networking and DNS very instructive, and they list a ton of additional references if you want to dig deeper.
>I am convinced Comcast is doing shady shit with my modem when I change the DNS settings to use non-Comcast servers

Well that's vague. What are the symptoms? How would comcast even know that you changed DNS settings? It's possible to infer that from DNS queries to their servers dropping off and traffic to 1.1.1.1 or 8.8.4.4 increasing, but I doubt comcast is competent enough to build that sort of detection system.

On my home network I just run a transparent proxy and direct all outbound traffic bound to port 53 to my local dns server, it’s not hard.
Interestingly enough, this is almost exactly how ISPs do it when they really want to get your attention. A couple years ago I forgot to update an expired credit card that I used to pay my spectrum cable bill. One morning every DNS request resolved to their "your account is about to be closed due to nonpayment" page. As I also use my own DNS sever I was surprised by this, and sure enough everything going out of my network on 53 was being grabbed up by their CGNAT and sent to their DNS server.
I just block all outbound port 53 traffic, any device or app that doesn't honor my DHCP-provided DNS resolver can suck it.

Looking at you, Chromecast that tries 8.8.8.8 40 times an hour even though you know perfectly damn well that 10.10.10.1 is working

The DNS provided by many ISPs is not to be trusted, as per this thread, so how else can your Chromecast act to find a trustworthy DNS?

And with newer decides that use DoH, you can no longer prevent devices from contacting their own DNS provider without totally firewalling them (or perhaps using some IP blacklist or whitelist, if available?)

https://en.wikipedia.org/wiki/DNS_over_HTTPS

When I said blocking all outbound 53 I meant no exceptions, my local forwarder already uses DoH to an outside resolver.

Everything that I don't have complete visibility into the network stack of goes on a VLAN that does not forward traffic to the internet, it advertises a proxy via WPAD and DHCP option 252. I have a whitelist of hostnames that each device is allowed to make CONNECT requests to, so far there is only one.

If it's not a plain unencrypted HTTP request to my proxy, or a CONNECT request involving a server/device pair I've decided to trust, it's not going anywhere.

This breaks a lot of things that I would just as soon rather do without. I can't change my universal remote hub settings from the vendor portal, boo-hoo. I can't view my cameras from the hardened VLAN or from the internet (unless I VPN in first since the only copy of the recordings is on my local NAS)... good.

I should think they just detect traffic from your IP address on port 53 to any IP address that's not one of their nameservers.
I agree with you that comcast is incompetent, but everything becomes cheaper and easier over time and network hardware/software products that perform "deep" packet inspection at line rate as well as provide analytics on that returned data are now trivial and pretty much table stakes for Cisco, Juniper, Palo Alto et al.

Specifically for detecting if a user is not using their DNS, yes you could correlate a user's http requests (unless you are using ESNI the requested domain is in plaintext by design) with traffic logs on their DNS server and observe that there was no DNS request to the ISP DNS server before a request was made, I don't think that would be necessary. Most users use the ISP default DNS - that's your baseline. If most customers hit your DNS X times per Mb of web traffic, then someone using a custom DNS is going to stand out like a sore thumb.

Again, 100% agree that ISPs are not very technically competent (to put it mildly), but as time marches on the ability to both capture and more importantly analyze and report on that data is becoming cheaper and easier. ISPs want to get value from (sell) your data and vendors want to sell ISPs subscriptions to analytics and other platforms that bring them reoccurring revenue. Data from customer DNS is one of the most valuable sources of information an ISP has and I would be surprised if there was not at least an attempt to know how many customers did not use it.

Sorry, I didn't get into details because I wasn't intending to ask HN to troubleshoot for me. But, since you asked...

I have an "XFi Gateway" combination modem/router provided by Comcast (perhaps my first mistake) so the DNS settings are restricted and cannot be changed. I have the Comcast modem/router set to bridge mode and connected my own router where I can control the DNS settings.

My understanding is the DNS settings closer to the client control. So in addition to having set my router to Cloudflare's DNS I also set my devices as well. One day, maybe a year ago or so, I'm on HN and I click an archive.is link, read the article, and go to the discussion thread only to see several comments about how archive.is is blocked by Cloudflare DNS. I checked the DNS settings on my MacBook and router and I was indeed using Cloudflare DNS but for some reason I was able to access the "blocked" address.

So I went to the terminal, cleared the cache, and checked nslookup archive.is and it responded correctly. Then I checked a nonsense DNS server: nslookup archive.is 5.9.3.7 or something and it still responded correctly. I tried the same with different websites and got the same result. So I searched "see my DNS server" or something and found a few websites but they all showed Cloudflare. Very odd.

When I logged in with my VPN, Mullvad, and changed the DNS settings on the router and my laptop to Mullvad's and repeated the experiment it finally returned NXDOMAIN. Then I disconnected from the VPN but left Mullvad's DNS settings, repeated the experiment again with the same results - even when I was using a totally bogus DNS server it was returning the correct IP address.

That's when I installed Wireshark and, lo and behold, I could see the requests that should have been going to 1.1.1.1 or 5.9.3.7 going to 75.75.75.75. Comcast.

A call to Comcast was, as expected, a complete waste of time. First they told me it was using their DNS settings because of "their firewall" and then they told me that if I used their built-in router rather than mine + bridge mode I wouldn't have the issue at all.

Messing around in Wireshark I eventually determined the issue had something to do with one specific port that was making the requests (I can't recall how but I think because I could see Mullvad VPN was using a different port for DNS?) so I fiddled around and forced (or maybe redirected?) my router to use that port too and that finally worked in avoiding the Comcast servers. But, knowing just enough to be dangerous and not entirely sure what I was doing, I didn't keep the forced port and decided I'd have to get my own modem and use my VPN in the meantime.

Before I had gotten around to buying a new modem (this was somewhat early in the pandemic) I saw a post on HN about NextDNS and decided I'd see if I ran into the same issue. I didn't, as far as I could tell at least. When I run Wireshark now (I still use NextDNS) I don't see any contact with 75.75.75.75 or 75.75.76.76. I think this is because NextDNS uses DoH? But who knows.

Like I said, I only know enough to be dangerous so perhaps I just had something configured in an odd way that made the Comcast servers step in as a fail-safe and there's a totally innocent explanation. But based on my experience as a Comcast customer I don't really think they're deserving of the benefit of the doubt so I've definitely got a bit of a tin foil hat when it comes to them secretly messing around with my traffic through the leased modem.

in other words, you've clue what's going on with your clients, but it must be Comcast because you're knowledgeable enough to know it's not you. right.
Comcast isn't doing anything to your DNS. They're the largest ISP in the country, there'd be a huge uproar if they were doing something like that. There are plenty of experts who are subscribers who'd be able to figure out exactly what's going on.
There's already a huge uproar around Comcast. But Comcast isn't losing any customers, because they have monopolies.
Yeah, uproar around prices and speeds and stuff like that. Nothing like screwing with third-party DNS requests.
Actually, I have heard that claim more than once, about various providers (up to, and including, “when I changed my DNS settings and the traffic slowed down, the tech got me to change them back, and the traffic sped up”).

It's less common, I think, because more people know how to check their speed than change their DNS.

The only way I can think of that working is if the provider is intercepting DNS requests for popular speed tests to redirect to an internally-hosted version that would be faster. Otherwise, I can't think of any realistic way DNS settings can affect actual throughput.
If the ISP is checking for DNS lookup of speed test websites, then allocating higher bandwidth to the connection for a brief period of time?

Or, somehow more cynically, the ISP makes money from selling the data collected from DNS, so punishes people who use a different DNS provider. (DNS is plaintext-by-default, so I don't quite see how this would work, but it's possible.)

Or perhaps the system uses DNS lookups as a proxy for “is a human browsing the web”; if there aren't enough, it's clearly some kind of automated computer program that doesn't deserve internet access.

Your first example would be dead simple to detect and take advantage of to get those boosted speeds all the time. Your other two examples are a bit wild.
The first example is a real-life example. The other two are speculative, because I've heard a case where it wasn't the first example.
So, suppose I'm Huge Video Streaming Corp X, and I get a DNS request asking me for the address of my servers. Well I have over a thousand servers around the globe, which one do you need? Any of them would work, but you likely want the fast nearby one, right? So I can try to guess based on the IP address the query came from...

I know the best answer for a Comcast DNS server in New York is the server I physically installed in a New York Comcast rack, but when a public DNS server asks me from Paris, maybe I suggest a London server, 'cos that's pretty close to Paris, shame that New York isn't.

EDNS Client Subnet is a feature that lets a DNS server say OK, I'm asking on behalf of somebody from 10.20.30/24 and so my system can do the same trick with ECS. But doing this unwinds most of the privacy benefit of using a public service, so several famous public DNS servers explicitly do not use ECS.

Obviously the cheap bulk host used for some Single Serving site like "Is pizza rat mayor of New York yet?" isn't affected, that is only one server and it is wherever it is, but somebody like Netflix absolutely is affected by this because they have their machines close to the customers to deliver better performance and if they don't know where the customer is that inteferes.

QUIC has an optional feature called Connection Migration to help improve this, the remote server is like "Um, now that you're connected to www.example.com here in Glasgow, Scotland, I notice your IP address is from Tokyo, Japan, and this is just a suggestion, but maybe talk to my identical twin also named www.example.com in Tokyo, Japan for better performance? Here is the IP address to try"

That's not what I meant by "actual throughput." The fact that a download is slower from a server halfway around the world versus one in the same datacenter where my ISP has a peering agreement near me isn't because my connection slows down when I'm hitting the far away server.
This explanation makes a lot of sense. It also has a slight feeling of Hanlon's Razor, although there isn't necessarily incompetence involved (unless you count the technology's inability to find the absolute fastest/closest server [for whatever reason] as incompetence).
"Come on, what are you worried about? I'm sure it's fine, somebody must have inspected it."
Well, I can tell you that I'm a Comcast customer who doesn't use their DNS, and I have no issues. If I did have issues, I also have the expertise to figure out what's going on.
While absence of evidence isn't evidence of absence, some guy's anecdote isn't really evidence of existence.
I find Comcast’s fuckery to be limited to their business practices. Their actual IP network seems to be very solid.
100% agreed. And I've been a Comcast customer long enough to have seen the days when that certainly wasn't the case. They've made some pretty big mistakes in the past, but they seem to have learned their lesson.
Weren't they the ones who pioneered DNS hijacking of unknown domains to serve their own recommendations and ads?
Ah, OK. I didn't realize verisign did that too. Comcast followed not long after...

https://arstechnica.com/tech-policy/2009/08/comcasts-dns-red...

Comcast used to do a lot of messed up stuff. As I mentioned in a comment somewhere close to here, I've been a customer long enough to have seen those bad days and how they've managed to change since those days.
Have they really though? They still do DNS hijacking and bandwidth caps and speed boost for a few seconds only and automatic price increases and worthless bundles and such, don't they? They were so bad they had to rename to Xfilthy or something but their practices didn't really change as far as I can tell. What are some examples of things they've improved?

That's aside from all the political shenanigans they pull, trying to kill municipal broadband and net neutrality. There's scarcely a more evil ISP.

I switched away from Comcast as quickly as I could, and never had trouble with either smaller cable companies or fiber providers.

That couldn't be more wrong. They literally published an IETF draft standard on how they do it.

https://datatracker.ietf.org/doc/html/draft-livingood-dns-re...

That draft is referring to the operation of their own DNS servers, not messing with third-party DNS.
"... except in reasonable and justifiable cases where a user has been placed into a so-called "walled garden" for reasons of abuse, security compromise, account non-payment, new service activation, etc."

Their own words

What's your issue with that? In that scenario, the user doesn't even have Internet access. If they didn't force the DNS to specific servers, the user would only see that their service isn't working with no indication as to what's going on. It's clearly not something they do with normal, functional users and I never said that they didn't have the capability to do it.
That was a pretty rapid shift from "Comcast isn't doing anything to your DNS" to "So what if they are? There are times when they should!"
Yeah, wow I guess I should have included the caveat "Comcast isn't doing anything to your DNS... except when you literally don't have Internet access and couldn't reach a third-party DNS server anyway"
(comment deleted)
If you wanted to be honest you could have said "I have literally no idea what Comcast is doing with DNS, but I will attempt rationalizing everything they do as I am gradually informed of it"
The recommendation of _The UNIX and Linux System Administration Handbook_ is a good one.

As far as Comcast, I'm stuck with them, too. At least in my experience, they don't monkey with DNS - I run and use my own DNS servers, and have never seen interference.

They do run deep packet inspection, and if they detect you, for instance, torrenting commercial media, they'll inject scary messages in port 80 traffic. Given that nearly all web traffic is encrypted now, the main effect of this is to break things like automated `apt-get update`s.

One thing you can do to detect transparent DNS hijacking is to ask a nonexistent server a question. Something like `dig @13.14.15.16 news.ycombinator.com` should not give you an answer. If it does, someone's spying on and/or gaslighting you.

Curious: how can they detect whether you're torrenting commercial media if you've enabled Bittorrent protocol encryption? Surely all they can see then is the outer (envelope) of the packets...?
This is a bit of a misconception. Copyright holders have always gone after seeders based on people connecting to swarms, tracker info, and crawling DHT. There’s no reason to use DPI when the list of uploaders is just given out by trackers and DHT for free. See: https://www.usenix.org/legacy/event/woot10/tech/full_papers/...
Exactly

Bittorrent protocol encryption is only useful to protest against the use of DPI for bandwidth shaping, it has no influence on privacy.

Even with (the weak) encryption, connections to trackers and DHT nodes are easily identified

Thank you for clarifying this!
You're right that is how it generally operates, but in the case of Comcast I think this meme doesn't want to die because in the late 00s Comcast really did do DPI to interfere with torrents: https://www.techdirt.com/articles/20071029/020756.shtml

Fairly googleable with "Comcast sandvine". Afaik they haven't done anything like that for years, though.

Bittorrent trackers by design have a list of all IPs in the swarm and give to anyone who asks (that's how peers coordinate).
I'm getting this second hand, but I've heard that some isps will redirect dns traffic to their servers based on it going to port 53.
Almost everything is SSL-secured now. There's not very much an ISP can snoop on. DNS lookups and IP addresses, I guess.
the timing and size of everyone's connection to everything is "not very much"?
Indeed it is not. Unless of course you find a way to map the timing and size of a pageload to its potentially sensitive content, in which case do tell.
> Unless of course you find a way to map the timing and size of a pageload to its potentially sensitive content, in which case do tell.

Wasn't there a HN story about people doing exactly that to figure out what condition people were looking up on WebMD? I don't recall when.

TLSv1.2 traffic contains the hostname of the site you're connecting to, and the list of ciphers. This can be fingerprinted to identify your browser, and the server-side software. [1]

TLSv1.3 on the other hand sometimes encrypts the hostname (eSNI) and most of the TLS handshake, so there's much less data to fingerprint. It's not as widely supported, but support is growing...

[1] https://engineering.salesforce.com/tls-fingerprinting-with-j...

//Edited to clarify that eSNI isn't default behaviour of 1.3

ECH (the new name of eSNI) is not even out of draft status yet, so it's misleading to put it on the same level as TLS 1.3 (although you did say it was not as widely supported, it's an understatement).
> TLSv1.3 on the other hand encrypts the hostname (eSNI)

eSNI is not the default behavior, and has few deployments at scale. TLSv1.3 transmits SNI in the clear.

eSNI is being replaced with ECH[1], but in many cases, there is a 1:1 relation between the IP address and the site being served. ESNI and ECH are only one layer of obfuscation - a middleman (such as an ISP) could still snoop your DNS (unless DoH/DoT) and/or correlate the IP addresses you connect to against the hostname(s) presented on that server.

Attackers already do that today with nmap - scan publicly addressable ranges on port 443 and see what names are on the certificate presented by the server.

[1]: https://blog.cloudflare.com/encrypted-client-hello/

Right. The actual improvement from TLS 1.2 to TLS 1.3 in this respect is that in TLS 1.2 the certificate was in the clear.

Encrypted Client Hello isn't finished. I would say the basic idea is settled, but there are plenty of technical nits and it might be next year before they have a final document.

Eventually the idea is that ECH will be GREASEd by always sending ECH data, if the client knows it is supported it will use ECH and if not then it will fill out the ECH data with random nonsense. Since it's encrypted, an adversary can't easily distinguish one from the other and a site which doesn't offer ECH will ignore the nonsense anyway.

The idea of probing servers on port 443 works well enough for dozens of popular sites with dedicated servers, but much less well for the long tail. A bulk host won't give you a list of every customer just because you hit port 443 on each server and pled ignorance, you'll get a generic "Under construction" page and no information.

>TLSv1.3 on the other hand encrypts the hostname (eSNI) and most of the TLS handshake

That's supported in supported in tls 1.3, but actual deployment/usage is spotty (it's an extension, not mandatory). AFAIK it also requires your DNS to cooperate, since that's how it gets the keys for the initial handshake.

TFA isn't though, for example.
How are IPs "not much"? I get that you mean that they don't see the requests and responses themselves, but you can easily infer interests, life events, other particularities from the request targets and the timings alone.
I mean, 95% of those IPs are just going to be some Cloudflare CDN anyway, right? I think you'd be hard-pressed to infer much real info from them.
Maybe then mask the hosting provider's identity, but surely the different websites have different IPs? Also, there are easily accessible services that aggregate info like this, and also keep record of past IP changes, like SecurityTrails.
The propaganda that metadata isn't a privacy threat is one of the biggest PR wins for the surveillance economy ever.
(comment deleted)
With the amount of VPNs popping out it seems that there is more than almost none worrying.
It’s not like VPNs don’t have the exact same problem, though…
They do, but at least in theory, their business model is built on not selling the information.
Given how much ISPs charge I don't think they need to sell info to make money.

As garbage as most US ISP options are, I'd trust them long before I trust random VPN services. And I can be reasonably certain that my physical connection goes to Verizon. My virtual connection could be going anywhere and I just have to believe that it's to people who are who they say they are.

This is exactly the business model for some VPNs, particularly the free or very-cheap variety.
There's still an element of trust involved, but it's better than the status quo of "we'll monitor your internet, take it of leave it" from the ISPs.
If you turn on your VPN, they can do exactly that.

You’re just trading one for the other and that new one might not even have to follow the same laws.

except that if a VPN provider is caught selling your data, they are toast.

any VPN worth its salt has a business model built around not logging data and not selling data. Your ISP on the other hand, is in the business of selling you internet access. Your data is a secondary revenue stream for them.

They two are not equivalent.

As long as you also clarify that their consumers must be following the news where that's announced.

With us technical people it's more likely, but not necessary for others that may have just heard 'use a vpn' and went to the App Store, searched for 'vpn' and prepaid 3 years.

Hide my ass VPN is still up - https://www.hidemyass.com/en-us/index

Yeah the amount of folks using rando free VPN they know nothing about is a little worrisome.

Depending on where you live the likelihood of your ISP doing something exceptionally nefarious might be way lower than some random VPN client someone finds on an appstore.

A clarification as there seems to be some confusion:

Whether VPNs solve the issue or not is irrelevant to my point. Their primary advertised feature is to hide your traffic from your ISP, McDonalds or whoever, and people buy them. (Secondary feature is masking location for streaming services, which doesn't really work).

I don't always find it odd, but when I do I find it odd that we worry so much about applications when the entire cell telephony networking layer is completely and unpatchably hacked.
Because you can work around that pretty easily with authenticating encryption. Even if the networking layer weren’t hacked, you should assume it was.
I have a feeling that you mean "easily" in the same sense the infamous Dropbox demo comment did.

EDIT: I wasn't thinking, OP is completely right. Sorry for the snark.

You can just use whatsapp or whatever. The phone network with SIP/SS7 etc. is hopeless, but you don't have to use it, and most people I know prefer other forms of communication anyway.
Ah right, sorry understood. You're completely right...I wasn't thinking in terms of IP-based services.
I mean more like not just the data transfer layer, but the whole cell telephony baseband firmware enables privileged access to your phone. This can be the entry vector for multiple exploits that go way below the application layer. E2E encrypt is meaningless at this level.
>but the whole cell telephony baseband firmware enables privileged access to your phone

This is very outdated, at least for a significant number of smartphones (including all iPhones, but not limited just to those). Apple and IIRC other manufacturers long since isolated the baseband, treating it simply as a standard USB or PCIe peripheral (and in the latter case using an IOMMU with it amongst other things). It has zero special access to anything on the rest of the phone which in the smart phone era is where everything of interest actually lives and happens.

^ This. Prior to Apple, the phone OEMs and carriers had hooks all into your baseband firmware for all kinds of things; firmware updates, CALEA hooks, automatic provisioning, etc...

Source - used to certify these things in a lab environment.

That's great to know. I'd like to feel reassured but I'm sure there's new exploits somewhere, the carrier level i think is just so attractive to large scale actors. Any internet links to read up on this, and on the next generation of possible carrier level exploit vectors?
It’s always been known that your carrier has access to your unencrypted cell traffic (including voice and text) and that carriers are slimy. You’re also protected by using secure services over IP. I think that the set of people for whom this will cause a threat model change is really small.
ISPs can see a lot, but it does have limits. As long as we're using SSL (and I suppose, assuming it hasn't been cracked), the ISP really only knows what domains I'm visiting. So they might know that I'm going to WebMD, but they don't necessarily know that I'm reading up on treatment options for nose fungus. They also don't necessarily know exactly which member of my household is going to that website, nor can they link it up with any browsing I do from the coffee shop.

Browser-based tracking, on the other hand, can see just about everything, because it's looking at the state of the data after it's been decrypted. And it can, with a reasonable degree of confidence, individually identify people, even when more than one person shares an internet connection, and even when one person uses more than one device or connects to the Internet from more than one location. The higher fidelity of that signal does imply that it's a greater privacy threat.

do we need randomized dom nodes ?
I guess I'd have to hear more details to know exactly what you're thinking, but my first instinct is to say that doing something like that would break CSS and accessibility without actually offering any significant impediment to tracking.
The cohort concerned about tracking, one would think, would not be deterred by broken CSS considering they already live in a JS-free world and might be used to some visual-compromise when browsing.
I was mostly wondering about privacy up to the dom layer (if that's even possible)
I guess there are feasible attacks if the ISP is sufficiently motivated. They can't read the data transmitted, but they know how many bytes is in it, and with a cross reference on page sizes in the domain you're on, they might be able to narrow it down considerably.(maybe even to 1 possible page)

A more far-fetched attack is a sort of timing attack: if you first visit arstechnica.com and then shortly afterwards visit Amazon.com, one could look for links to Amazon on arstechnica and from there have a decent guess what product you viewed on Amazon. This becomes a lot more feasible when paired with the first attack mentioned above.

These are all smart thoughts but you’ve clearly never worked for or with an ISP. As business entities in general they don’t have that kind of technical sophistication. They are more on the level of “we have to hire these vendor consultant groups to install VMs for us” than “we build a crawler so that we can use domain plus byte count to drink-anonymize visited pages.”
(comment deleted)
It doesn’t matter that most of them might not be that capable. They just hoard this data and sell it to the people with the means and resources.
It's not that easy to hoard when you have less than one competent engineer in the company and have to contract out to some vendor to build the data lake where they can hoard it.

Hoarding itself is beyond the sophistication of most service providers in the present day.

ISPs do not know as much as Google/FB thanks to SSL, but they know a lot more than you'd think by analyzing connection metadata.

Also many ISPs are also carriers, which makes things worse.

Source: worked for telecos, have seen a lot of shady stuff myself.

ISPs have perfect knowledge of your IP, so if they can get even basic traffic logs from _anything else_ can reconstruct your browsing history more accurately than any other third-party. Since you are probably visiting your ISP's site regularly to pay your bill, there are also a lot of possibilities for them to regularly associate third-party cookies with your login. They also have the highest-quality ambient location data (outside of explicit app permissions) to link with all of that.
ISPs didn't even want to log IP data until 70+ year old people forced them to collect that info. Sorry for the rant against older gents, but this is the current reality.

Now they might think differently because there is a market for info. Thank you government...

Oh not to mention, this might soon change as eSNI/ECH is adopted! Then the only information being leaked would be the IP address of the server. And with widespread use of CDNs nowadays would make the information collected pretty useless. Ofcourse that is if your DNS queries are not leaking everything. (which they are! Use DNS-over-HTTPs guys!)
You can change browsers, but in many places you have no option on ISP. In any case your ISP probably doesn't care as much about selling your information since you are already paying them. Even if they are you can always use VPN to blind them.
If it bother's you there's TOR and you can ssh to a vps. Most stuff is encrypted now and there are 3 different DNS encryption standards (one of which is actually good.)

IMO: what's left of that issue is getting solved.

ISPs right now are freaking out that their very expensive solutions like Nokia Deepfield are seeing less and less.

Ten years ago you’d be right, but right now that business is dying rapidly.

ISPs are a blackbox and it's not possible to figure out what they do from user-side.

There is also hardly anything you can do about from your side. Using a vpn or similar solutions is only shifting the problem from one provider to another. You can reduce the exposure with some measurments, but they are also expensive and complicated.

But for this (and other) reasons companies have started to fix it from the server-side by offering encrypted connections and working on ways to hide your trail from the middleman and their attatched agencies.

Encryption solves security, but doesn't entirely address privacy.

An ISP might not know what a user does at pornhub.com, but the ISP does know when and how often the user visits pornhub.com and how much data is exchanged when they do. I'm sure someone would pay for that kind of fingerprinting.

You can encrypt your DNS lookups with several different services.
That still doesn't hide the IP you are connecting to unless you are on a VPN. They still know that if you are connecting to 209.216.230.240, it _could_ be hacker news. With the widespread use of CDNs, and hosting of multiple services on a single IP, this won't be 100% accurate, but the ISP can still connect the dots I guess
I'm jealous of the fact that you're not aware that there is a solution for this. What do you think VPNs are selling? It's specifically relief from ISP-level tracking.

It's profitable enough that there seem to be ads for it baked into everything. I won't repeat their name here, but have you avoided that "Sponsored by NxxxVPN" all over the Internet/baked into every YouTube video that has sponsored videos?

> brave-core-ext.s3.brave.com fetches 5 extensions and installs them. It is said that this might be a backdoor. But I don’t want to get conspiracist. I prefer giving you verifiable facts. I’ll limit myself to inform you about suspicious activities.

Okay, so which 5 extensions? There has to be more information on this somewhere. Article seems kind of lazy and definitely loses steam after the second half.

That part in particular set the tone for this entire post for me. It convinced me that I could not trust the author to be intellectually or rhetorically honest, at which point I no longer see any value in this write-up. It also helped me read the rest of this post in the correct context.

"Many people are saying this. Note that I'm not saying it, I only say true things. But I want you to think it anyway."

Really?

Could it be some of Brave features that seem to use extensions? For example, if I enable the "IPFS companion" or "WebTorrent", they show as extensions under the browser's "task manager": https://i.imgur.com/PFRkv5l.png

The only other thing I could think of is "chrome://components/" which also exists on Chrome and updates some browser components.

Well... There's a more serious first start browser comparison by netmeister.org [0] which shows that 4 downloads are made.

I downloaded and extracted the files. They look like helpers or partials for Brave internal extensions.

All of them include manifest files with their names:

- 1_0_14: "Brave HTTPS Everywhere Updater extension". Contains a 1MB ZIPped database of https domains.

- 1_0_21: "Brave NTP sponsored images component". Contains three photos (to display in their new tab probably).

- 1_0_22: "Brave Local Data Files Updater extension". Seems to contain whitelists and blacklists for extensions, autoplay, referers, trackers, etc.

- 1_0_498: "Brave Ad Block Updater extension". Contains a 2.4 MB filter list for their adblocker implementation.

Nothing seems to be harmful at all. This mechanism is used by almost all Chrome/Chromium based browsers to update their internal extensions and components.

But, if the poster cares about backdoors... Well, every major browser out there has features that could be used to backdoor their users like Firefox Telemetry Experiments (which download xpi files) and Chrome Components. They also can change properties at will unless its disabled (via flags, about:config, recompiling, etc).

Note: I'm a Vivaldi and Chromium user. I only use Brave with iOS which is kind of a different beast (since everything has to be implemented on top of iOS provided WebKit) since it somehow blocks ads better than stock Safari with AdGuard filters. For stuff like banking (on iOS) I use Safari.

Note 2: Blink and WebKit have deviated quite dramatically so they are indeed different browser engines (like Gecko is) with different implementations, quirks and bugs.

[0] https://www.netmeister.org/blog/browser-startup.html

Can't we just like use Brave / Firefox and block all tracking domain names with something like pihole?

Does the browser not at all work then?

The people arguing that Firefox has an edge because it maintains a separate browser engine (like the writer of this article) are going to have real difficulties making their argument. Ditto the attacks on Brave for not being private enough. The people who care about privacy should be more worried about getting caught in Google's web of properties than about privacy per-se - that company is bad news. And Firefox is more closely aligned with Google's interest than Brave is. Look at how much money Google has been funnelling to Firefox over the years.

Having a different engine is really more of an inconvenience than a strength - it means that sometimes pages will not work in Firefox. Having an independent engine was important when it was IE6 vs the open web. It doesn't matter much when the engines involved are BSD license vs GPL.

If Chrome was all proprietary licenses then having an independent engine would matter. But the internet likes to standardise on one, open, technology.

You may be right, and you may not be. It has to be good that there are more than exactly one engine, it means there is a discussion, some level of "forced openness".

That wouldn't be possible if web developers could simply rely on undocumented quirks of a sole browser.

It's possible that FF will die. But I think that would be extremely sad. For one, Manifest V3 would be forced upon the entire web => no more uOrigin.

> It has to be good that there are more than exactly one engine...

Well, that is kinda the point. No, it doesn't. It might be worse than having one great de-facto standard engine. Having 2+ splits web developers in what they choose to support.

In this instance, we literally have a young company (Brave Software, Inc) that chose to go head-to-head with Google. Their CEO is deeply entwined with the history of first Netscape then Mozilla/Firefox. They went with Chromium.

That is a pretty searing indictment of the "an independent engine is important" argument. If Eich doesn't think Firefox is up for the challenge, what exactly is the gameplan here?

Nobody is saying Mozilla has to die, whatever that means. But if there is an advantage to its existence that advantage is difficult to spot. Firefox doesn't even have the thriving extension ecosystem it could once boast about - they killed most of it off. There is nothing useful there except a different set of quirks.

> Nobody is saying Mozilla has to die, whatever that means.

To die means having so few users that development is abandoned and the teams disbanded. It could happen; I wish it doesn't; you seem to wish it does... because it would make the life of web developers a little simpler?

But I don't think that's true; I think it's the opposite: web development would be a little more difficult if/when everything is controlled by just one company who decides unilaterally what can be done and what can't.

There is no risk of everything being controlled by one company. That is why it is acceptable for there to only be one browser engine.

Observe that Brave, inc is using the chromium engine in a way that opposes Google.

Mozilla has developed a bunch of great features in the last few years. If they were developing on Chromium, most of the internet would have access to them. Instead, only a minor subset do. This is a bad strategy.

I don't think you understand how Chromium works. Google makes all the important decisions. People have advocated for independent governance (e.g. some kind of Chromium Foundation) but Google isn't interested.

E.g. Brave opposes Google in some ways but they have no say in the development of Web standards implemented by Chromium.

It is open source. If someone doesn't like a decision they can fork the codebase.

Mozilla's Gecko has been beaten down to sub-double-digit market share, they're less relevant right now than when IE6 was >75% of the market. They have no power to influence the direction the web moves in. And yet life is going on better than ever.

If you want a counterbalance to stop Google making the important decisions, Firefox has failed spectacularly. And yet Google doesn't have any power to move the web in a direction it doesn't want to go - because their engine is open source and that is what actually matters here.

To make any dent to Google's dominance over the web a potential fork would first have to gain any noticeable traction. This seems highly unlikely if well funded companies like Microsoft or Mozilla weren't able to leverage their properties (Windows in Microsoft's case) or their brand (Mozilla) so far. Plus, any major fork of Chromium would have to compete with Chrome's vast development budget.
Browser vendors can carry small patches against Chromium but significant changes are very costly to carry long-term as the code changes under you. Furthermore, Google controls how heavy that burden is for you. In practice browser vendors who choose Chromium don't challenge Google's Web platform decisions except in very narrow cases like FLoC. In contrast Mozilla and Apple examine every Google-proposed Web platform feature or change to see whether it makes sense.

Mozilla's influence over the Web platform is much lower than it was but it is also far from zero. Lots of major sites still test in Firefox. Apple has even more influence. That is why Google doesn't yet has absolute power over the Web platform.

> Browser vendors can carry small patches against Chromium but significant changes are very costly to carry long-term as the code changes under you. Furthermore, Google controls how heavy that burden is for you.

This is fundamentally wrong; at any point anyone can hard fork chromium and then the long term costs of maintenance and rate of code change are completely out of Google's control.

> In practice browser vendors...

This is because Google generally makes great choices with Chrome that don't need to be second guessed. One of the reasons for Chrome's ubiquity is Google makes a great browser.

No-one is going to hard-fork Chromium. The reason you adopt Chromium is because you don't want to pay to maintain your own browser engine.
> The reason you adopt Chromium is because you don't want to pay to maintain your own browser engine.

Same argument applies to Gecko, but if people want to get in to the web browser game it makes a lot more sense to start with a de-facto open standard - which is Chromium. There are already a lot of browsers based on that engine, which is apparently named Blink according to Wikipedia, with backers who could easily choose to maintain an engine if they wanted to.

If the world ends in 12 months then sure, no-one is going to fork Chromium. But in the future, at some point Google will start doing a bad job maintaining it and Chromium could well be forked. If someone decides they need a browser engine to maintain full time they're probably going to fork Chromium as the technically strongest starting point and start maintaining a branch themselves. Forking Gecko would get them ... not much useful. Maybe some PR points.

The Blink license says people can fork it. There isn't any legal or technical reason that it is unforkable. At some point, it will be forked.

Using Gecko (or Webkit) would have added extra risk for Brave. When you're starting a company, especially a browser company that's going to take on Google at some level, you need to minimize all unnecessary risks. I don't blame Brendan for doing that.

Plus, when Brendan started Brave, Firefox was further behind in performance and architecture than it is now.

Plus, Brendan's departure from Mozilla was somewhat messy and I don't blame him for not wanting to keep a Mozilla dependency.

> Having 2+ splits web developers in what they choose to support.

Having one engine, Chromium, would mean Google gets a completely free hand to make almost all decisions about how the Web works. Also, Web sites would have no chance of noticing they depend on Chromium bugs --- very bad for the future of the Web (and for Chromium).

Now, Webkit is also a very viable engine. The problem with relying on Apple is that they have a powerful disincentive to let the Web platform be a viable competitor to iOS.

This is why Mozilla matters.

Hi roc, just FYI we started Brave in 2015 based on Gecko, using the Graphene multiprocess/sandboxing code from that era's FirefoxOS. We switched late in the year after listing all the problems to solve (DRM was one, many others) in order to compete with Chrome. Mozilla or my departure was not an issue.
No, Manifest V2 support remains internally and for "Enterprise Chrome" customers. Therefore we at Brave have promised that we would support V2 on by default for extensions including uBO (not needed on Brave) and uMatrix. HTH
Firefox has had a load of conflicts of interests that people don't want to mention. For example, >90% of their funding comes from Google for being the default search engine. That means Mozilla doesn't want to upset Google too much.

As a result, what have we seen? Safari has added new privacy features, that should have been obvious, before Firefox. DuckDuckGo, which Mozilla staff generally recommend, isn't the default which is odd for how vocal Mozilla likes to be about how we're great for your privacy and an open web.

The point is that by receiving >90% of their funding from Google, Mozilla can continue existing. And also be a hypocrite in their actions.

>As a result, what have we seen? Safari has added new privacy features, that should have been obvious, before Firefox.

Firefox has added plenty of "obvious" privacy features that no other browser has. Container tabs are amazing (and incredibly useful even apart from maintaining privacy).

Where is uBlock Origin or uMatrix for Safari? They can't exist because Apple doesn't really care about the browser extension ecosystem and doesn't implement the APIs. Apple has very different priorities than Mozilla does, and that's not a dig at either of them.

Given that, I'm not sure it's a great idea to assign ulterior motivations to the delay, especially since Firefox does eventually get those features.

https://techcrunch.com/2021/02/24/mozilla-beefs-up-anti-cros...

>It doesn't matter much when the engines involved are BSD license vs GPL

Without a competing engine, Google is free to cease development on Chromium and start a new private fork, and autoupdate all Chrome browsers to that new fork. Then they can add all sorts of web features that only they support. Every browser dependent on Chromium will fall behind in security updates and web features, and become more unusable than Firefox is today.

If Google did that, we'd be better off with the Mozilla corporation taking over Chromium development than continuing to develop Gecko.

The erosion of interest in Firefox over the years raises a pretty basic question: if Google followed through with that scenario, how effective would Firefox be? They're got steamrolled in the last decade with massive amounts of funding (from Google).

Brave is literally showing that if someone wants to compete with Google, they're going to start with chromium as a base. Your argument is similar to "if someone wants to compete with Google, they need to be able to use Gecko/Webkit!". People with skin in the game are saying whatever the theoretical merits are to your argument, it is wrong. Gecko isn't part of the competitive equation any more.

FF + uorigin + a dns blocker like pihole seems to be where it’s at right now. Maybe EFF privacy badger on top

Any better options out there? Been thinking of adding protonvpn

FF now does DNS over HTTPS by default (Preferences > General > Network Settings), it defaults to using NextDNS and is configurable.

Some people will be uncomfortable with this default, but it's a step up from consumer ISPs who _will_ track you, to a 3rd party who Mozilla says wont.

I add Mullvad VPN (because wiregaurd is frickin awesome), which also allows you to use their DNS servers, but for this you actually have to turn off FF's DNS over HTTPS to allow the wiregaurd interface to pick up the DNS requests - they have a really good "leak" checker page while using their servers to check for various protocols https://mullvad.net/en/check/

Yes yes I know, VPN doesn't unbreak the internet, but here we are.

The other great thing is, in case you wanted to support Mozilla, the MozillaVPN is using Mullvad's service, and routinely provides great service. I will add though, if you're a huge privacy advocate, and don't want to supply your email or card details to Mozilla but want to use a VPN, Mullvad directly is still the best choice imo.
I use Mozilla VPN, but the program (Ubuntu 20.04) 1+ times per day just closes and it does not have a network kill switch.

So I have to continue to use Firefox's DoH to prevent my university to occasionally take a peek at my traffic. Assuming they don't bother reversing IPs to domain names.

You don't need a "network kill switch" with wiregaurd, you might be using the openVPN option which mullvad also provide for compatibility. Because wiregaurd is stateless you don't have to worry about stuff leaking through while physical layers go up and down, you can just leave the wg interface up and keep hoping around safely... I literally haven't taken my current wg connection down in days, yet my computer is put to sleep every night.

If you use Linux you don't even need an app (not Firefox's or Mullvad's), you can just pop one of the wiregaurd configs (mullvad.net can generate them for you) into /etc/wiregaurd and then use the super simple wg-quick cli interface to bring it up. You can also tell systemd to bring up a specific interface at startup with one line.

>FF now does DNS over HTTPS by default

Just checked & mine was off. Not that I mind since it's supposed to hit the local pihole anyway

I would add a VPN for sure. People always complain that it just shifts the trust to them instead of your ISP, but there's many VPN providers who I trust a hell of a lot more than any ISP.
Another shady practice: you could donate to any website, but Brave itself received the amount if not claimed by the website creator. Users did not know. (https://davidgerard.co.uk/blockchain/2019/01/13/brave-web-br..., https://redd.it/a8g1i9)

Don't use Brave. Tell others not to use it.

That's not true. If the website or user does not claim the rewards within 3 months it goes back to the user.
Correct. Tips and contributions to unverified properties remain [on the user's device] for up to 90 days. The browser will make routine attempts to send the tip through; if it fails to do so after 90 days those rewards are unlocked and can be given to another creator.
Brave can't send BAT to a site that doesn't accept BAT. For example, HN doesn't. When I click on the BAT icon, the first thing I see is a message saying the tokens will remain in my wallet until the site accepts my tip.
This is now how it used to work - which is why the OP uses “could” instead of “can” - see the linked article.
The way it "used to work" was that Brave gave users BAT for using the Browser and Brave Payments (now Brave Rewards). The user could then visit a site/channel, and Brave would communicate if the property was verified or not (e.g. a verified property had a check-mark, and an unverified property did not). If you tipped a verified property, the BAT (as gift from Brave) would go to the creator's associated wallet. If the property was not verified, the BAT would go into a settlement wallet, awaiting the creator's registration. Again, this was Brave's BAT effectively being earmarked for a creator who had not yet verified. The feedback at the time from the community was that the UI/UX was confusing; indeed it was. We quickly modified the model, and today it is substantially better as a result. Unverified properties are now as explicitly identified as verified ones, and tips to the former are held on-device for up to 90 days.
Just because something is not perfect, it should not be condemned. I don't understand why alternatives are often held to much higher standards than the established service.
aren't the alternatives in this case held to a lower standard? Like the kind of shady behavior you see from these alternatives, often in some way tied into crypto stuff, you don't even see from Google or Microsoft, let alone from someone like Mozilla

Brave runs on the exact same ad model as Chrome, they just inserted themselves as the middle man. There's no actual value provided here and it's basically just "big corporate bad" marketing

"Brave runs on the exact same ad model as Chrome…"

You couldn't be more mistaken here. I covered the history of digital advertising and the introduction of Brave's model here: https://www.youtube.com/watch?v=LsrrT502luI.

In short, Brave's model is largely the inversion of Google's model. With Brave, users must opt-in. Google doesn't ask you to opt-in. With Brave, user data remains on device. Google requires the remote collection of your data, as well as the broadcasting of it to third-parties. With Brave, users decide when and how many ads they will be shown. Google shows you as many as they can get away with. With Brave, user's collect 70% of the revenue for their participation. Google gives you nothing, but takes quite a bit. With Brave, Brave Software learns nothing about you, your interests, or your browsing history. Google learns quite a bit about you, harvesting as much data as they can get away with, and using it across contexts and domains.

I did test out Brave a while ago and the reward system was on by default. I had to go to the settings to turn it off, and in fact this option did not sync. So whenever I installed it on a new device I had to turn it off again, and I suspect that's deliberate. I also don't think that Google shares my information with third parties, pretty sure they say explicitly they don't do that.

And as to Brave's model of pooling users and preserving anonimity, isn't this exactly what Google's FLoC is? As far as I'm aware the dreaded third party cookies seem to be on their way out. I'll give Brave props for being a frontrunner on this, but that's not an inversion of Google's model, this appears to be exactly where everyone is going.

Brave Ads/Rewards is definitely OFF by default in Brave (I just double-checked, https://imgur.com/UIASmf4). You're invited to enable it during the Welcome screen, but it's off by default. If you install Brave today (make sure you don't have an old profile sitting around in %localappdata%/BraveSoftware/ already) and observe otherwise, that's a bug (please let us know).

I think you're misunderstanding how Brave's anonymity works. We don't rely on something like k-anonymity where we hide users behind some common cohort ID. Suffice it to say, we're not big fans of FLoC: https://brave.com/why-brave-disables-floc/. Brave's anonymity is based on the inversion of the flow of data. Rather than collecting information about users, Brave transmits data from advertisers to the user's device for local scrutiny.

Google is in no way moving towards the Brave model; it they are far too dependent on user data, IMHO. Brave, on the other hand, was born with a Can't be Evil mindset; every step of the way we have built the application and service to preclude abuse and overreach.

It may be unrelated, but this blog post and the rather lively HN discussion made me install Brave for the first time.

Out of all chromes of Chrome I have sampled, Brave has the best visual polish. Best regards to your UI/UX design team.

Relevant part;

>What happens if you send a tip to an unverified creator?

I click “tip” for my YouTube channel, and the screen below comes up. The “Learn more” link goes to the Brave FAQ, which says that no funds leave the browser until the creator verifies — but admits that previous versions of Brave worked differently, and sent the tokens to Brave in the hope that the creator would sign up at some point.

It would seem this is possibly no longer the case, I'd love an update on it.

Did any lawsuits come out of this? That seems like actual fraud, and Eich or others in the company should be in prison.
The money goes back to the wallet that sent it after a period of time if no one claims it.
Lots of people are pointing out that this isn't the case anymore, but the fact is that it used to work this way, and they only changed it after backlash. That was enough to turn me off of Brave forever.
Yeah, I too dislike it when companies respond positively in response to criticism.

I prefer the orgs I interact with to be perfect and never make mistakes and when they do (but they don't because I only interact with perfect institutions) I prefer them to double-down instead of improve.

Your hyperbole seems to be purposefully taking the parent post in bad faith.

He is expressing skepticism towards their original intentions and you like how they responded. No need to talk past each other.

I don't agree. GC cannot speak to their intentions, so at the end of the day this is just holding them to a standard that it is unreasonable to ever hold any institution to. Humans make mistakes and organizations are comprised of humans. What matters is how they address such mistakes, which I've only seen positive improvement from Brave.
The point is that Brave can't be trusted by default. It's nice that they roll back dark patterns when they're caught by people like Tom Scott, I guess?
I think there is a difference between an imperfect implementation of something that has never been done before (especially when your competition is an adtech giant oligopoly) and "dark patterns".

Worth pointing out that part of the reason it was hard to just refund people who donated to non-verified creators was Brave actually caring about privacy, so the donations in question were completely anonymous.

So when it was pointed out that it's still a problem, they came up with a solution that I think strikes a good balance.

> So when it was pointed out that it's still a problem, they came up with a solution that I think strikes a good balance.

Fair enough.

To me, it couldn't have been more obvious that collecting "money" in creators' names and also misrepresenting that was Bad™. I'll try to be gracious and chalk this up to "lack of common sense" instead of "part of the evil plan".

Actually I'm less charitable than "lack of common sense" and chalk it up to hubris – I think what happened is that they couldn't really imagine why someone wouldn't want to accept donations from their viewers/consumers, regardless of source, and so just defaulted to collecting for everyone assuming everyone would love to hop on board the BAT train. This of course turned out not to be the case for various reasons and yes is pretty obvious in hindsight.

But I'm still willing to forgive if I think the course-correction is adequate, which in this case it was.

The BAT that was moving around at that time was from Brave. We allocated hundreds of millions of tokens back in 2017 to a User Growth Pool. We distributed tokens to users of the Brave Browser, and allowed them to send those tokens off to their favorite content creators. This is similar to how PayPal lets you email money to anybody, even if they aren't signed up on PayPal. Our thought here was that users could effectively earmark the BAT they received from us, and that creators could sign up and claim those tokens.

We identified verified creators as such, but didn't make the non-verified state as explicit. We largely followed a similar pattern to that of Twitter (checkmark for those who are verified, and nothing for those who aren't).

When you visited a YouTube channel, website, etc., we would show you the name and favicon for that resource in the tipping UI. In the case of some YouTube channels, the page name was just the YouTuber's name, and their favicon was a picture of their face.

The changes that Tom Scott and others suggested back in 2018 were ground-breaking. They helped us realize some naïve decisions in the UI/UX of the tipping process and more. We moved quickly to implement those changes (https://brave.com/rewards-update), and the entire system is now substantially better as a result. But there was never any ill-motive involved. We had BAT, and we wanted users to give it to their favorite creators. Tom Scott approved of the changes at the time, which was a nice way to wrap things up

The difference with emailing money on PayPal is that the recipient is notified. Brave was collecting currency on behalf of people without even notifying them.

Just because someone can collect the money/currency at a later date doesn't make it fine. If I collected money on behalf of charities yet only gave the money to the charity if they explicitly asked me for it, I doubt that would go down well with donors.

I could even use the situation to my advantage by gaining interest on the donations in the time between it is donated and I pass it on. I suspect Brave was benefiting in a similar way - all the donated money would not be traded while Brave were holding onto it, creating a scarcity which would benefit BAT's prices.

You're missing one of the earliest points in my response; the tokens people were "sending" to creators [were from Brave]. We gave the user 5 BAT and asked them who they'd like to support with it. User's could pick a creator, and we would work on notifying that creator that [BAT from Brave had been directed towards them by Brave users]. All of that aside, the feedback from users around this time was phenomenal, and helped us redesign the system into something substantially better.
Ah OK, I thought they were able to donate BAT they earnt from ads, that is definitely different. Still misleading, but better.
We didn't have the ability to earn from ad-notifications at that time. These events and changes (https://brave.com/rewards-update/) predate the launch of Brave Ads, which we introduced in April of 2019 (https://brave.com/brave-ads-launch/). I wouldn't say "misleading," as this suggests deliberate deceit. Our UI/UX was nascent, and naïve. The feedback we received was timely, and incredibly helpful. I'm pleased we were able to turn around the updates quickly, which have since served to make for a substantially better experience
When somebody shows you who they are, believe them.
Yeah; from what I can tell, Brave's history is basically a long list of:

1. Do something shady and/or incompetent to make money

2. Ignore an internet backlash calling them out for it

3. "Fix" said shady thing

4. From then on out, aggressively deny doing that thing everywhere it's mentioned, without acknowledging that it used to be the case

Brave seems like an adequate browser for some niche use cases and probably has some cool tech. I do not trust the company or people behind it to have my best intentions in mind.

It definitely feels like they like to constantly push boundaries, and not in a good way.

In addition to some of the other oddities with the article (i.e. the absolutely wrong claim about Brave's ad blocker), I think the security between Chromium and Firefox is a bit too simplistic? This piece [1] might go too far in the other direction, but at the very least it outlines why there are deficiencies in Firefox, comparatively.

[1]: https://madaidans-insecurities.github.io/firefox-chromium.ht...

This article is really complete and straight to the point.

I really like that madaidan keeps it updated.

The one thing the OP article doesn't actually do is claim that Firefox is more SECURE than Chrome/Brave, the arguments (mostly bad) are that it more private. And that pretty much goes without saying for Chrome, since its entire raison d'etre is to strip privacy from its users for Google. It's unfortunate that on platforms outside macOS you have to choose between risking your privacy being invaded or your device being invaded.

The reality in any case is that in every pwn contest every year, all the major browsers are exploited, usually with full sandbox escapes; Chrome has better security implementation but a huge install base that makes effort to crack it worthwhile, while Firefox is easier but has trivial market share.

I found a list [0] on HN awhile ago of "free, open source and privacy respecting services and alternatives to privative services".

I have been using many of the items before I came across the list, and started using some after going through it.

Many items on the list are viable and practical alternatives to proprietary products commonly used.

[0]: https://github.com/pluja/awesome-privacy

Firefox user here. I've looked into Brave, but decided I didn't really want it.

This article is incredibly slanted. It takes every single possible fact it can and spins it into "Brave Bad."

Something like this:

> Brave is just another Chromium skin. So at the end, when using Brave or any other Chromium based browser, you’re giving marketshare to Google and supporting their evil web empire.

Is simply not true. Every browser that isn't Chrome, every search page that isn't google.com, sends a message to not just Google but other competitors in the space that users want change.

In addition, in an ideal world Chromium would be able to build enough momentum through community support (or support from MS or others) to provide a healthy fork, free from Google's clutches.

I agree that Firefox is better - it is my personal web browser of choice - but that doesn't mean that Brave is bad software, or that the people behind it are evil, and anything that tamps down Google's monopoly is good in my mind.

the biggest deal is hardcoded whitelist imho. rest of the article is just raw emotions
You can't fully block certain services without breaking pages. Block Facebook and you break hotlinked images and comments on some sites. Block Twitter and embeded tweets break. Some people use these services to login too. And so on.

I assume most users here understand this and would be able to fix the page, but the average user doesn't know how to do that. But then more advanced users should use uBlock Origin too, which lets you block Facebook, Twitter, Disqus, etc, too, so I don't think it's a major issue for us.

I understand this as well, but I would very much prefer if I could flip block/unblock on those cookies at will
Brave the company has made some egregious missteps, but the problem with Brave is that there is so much FUD around it it's incredible. People keep repeating the same bullcrap which has been debunked hundreds of times, and Brave gets reviled much more than it deserves. Every time a Brave article is posted on HN the first 5 top comments are the same trite, wrong arguments, whose first reply is usually someone clarifying and correcting OP.

There's a long road ahead to cleaning up the Brave name, if it's at all possible in the first place.

For me the best feature of Brave is the ability to reward the content publishers without watching their ads, basically YouTube Premium for web. I just wish more publishers would opt into this program.
I am currently using brave on android because it is the last latest stable browser that provides stacked Tab layout like this.

https://github.com/michael-rapp/ChromeLikeTabSwitcher

Latest chrome and it's derivatives(except brave) have removed this in favour of grid layout which i dislike(they also brought in tab groups which i despise entirely)

I know that brave has shady stuff like blockchain and ads, but they can be turned off. On desktop, i use firefox and i want to use firefox on android too but i find android firefox(fenix) janky.

Please suggest me good browser and also a suggestion to chrome developers:

Please don't remove things that we like. atleast provide option to enable it

Brave is a scam, but recommending palemoon or icecat a is (for different reasons) also a bad idea.
Can you elaborate on why palemoon and icecat are bad ideas? Haven’t used either. Am assuming they’re further behind on the latest web standards?
They both lack the manpower to keep up. I personally don't mind missing on the latest features, but I don't want my software to be full of old security holes that were patched long ago in upstream Firefox.

Besides, I have once witnessed a conversation between Palemoon developers and some distro's packagers about usage of palemoon logo or trademark or something like that. The developers spoke in a very entitled tone and it was quite off-putting.

How exactly is Brave a scam? The author certainly couldn't argue this point (detailed response to their claims can be found here: https://news.ycombinator.com/item?id=27552530).
The fact that author's arguments are flawed (imo not all of them are) does not imply their claim is incorrect. A lot has been written on the topic Elsewhere, I'm sure you will be able to find some better explanations if you so desire.
I currently have Firefox, Edge, and Chrome open. I also have Opera and Vivaldi installed (and I think I might have Maxthon too). I use them for different purposes. Firefox for personal stuff, Chrome on my second monitor for social networks and twitch, Edge for my main work. Vivaldi for my part time job. I say the more browsers the better and I am definitely rooting for Firefox to help chip away at chromium's dominance.

I don't have Brave installed because I am not overly concerned with privacy and the other browsers seem fast enough. I have ublock origin, noscript, and privacy badger installed on Firefox. That is good enough for me. I also think BAT is not really worthwhile.

In 2001 or so I considered entering into an encrypted email correspondence with my brother, for fun. I quickly gave up on the idea because I realized that I didn’t trust that my computer or my brother’s computer didn’t already have spyware of some kind, I didn’t trust the integrity of any encryption/decryption tools that existed, didn’t trust myself not to lose the passwords or leave them lying around, and didn’t trust that some day I wouldn’t just stupidly leave my laptop somewhere with the password entered. Etc., etc. It was obvious that actually having even one meaningfully secret conversation would actually require involved and somewhat ridiculous lifestyle changes.

Having thought this through long ago, I have never understood why people behave as though a chat client or browser that they download from the open internet would be meaningfully secure.

So closing your bathroom door isn’t worth it because someone can ram it? :)
I live in a house with toddlers. This is absolutely true. I leave the door open so it doesn't bash into my leg when they come hammering on it.
(comment deleted)
What is "it" that would bash into your leg? The door? Are your toddlers strong enough to ram closed door with enough force for it to bash into your leg?
If I suspect there are invisible people who can make money off of pictures of me taking a dump and can phase through doors, then I indeed might not close the bathroom doors. These metaphors never work because encrypting your text messages is qualitatively different from quotidian intuitions about privacy.
Exactly. I sleep outside because a meteorite would crush a house; therefore a house is useless.
Do you lock the doors on your house? Why bother? Someone could break a window?

Security is about identifying and mitigating threat models.

For example, if you're concerned with mass surveillance an encrypted messenger will stop that.

Just because something doesn't protect against CIA 0days doesn't make it worthless.

A house is almost nothing like a computer along any dimension that the metaphor could possibly make sense.

Besides, unless you've built your own encrypted messenger, you're still putting trust in several agents that you have no reason to trust.

I understand Eich has been controversial and Brave gets a lot of flak in return, regardless of issues like the ones raised in the article. Yet, I remain a fan of Brave because of Brave Rewards. I love being rewarded based on my usage, even if the amount is worthless and the ads are random crypto shit. The idea of a company actually spreading revenue based on my attention back to me makes me happy and I wouldn't mind if more ad-based services do this.
> even if the amount is worthless and the ads are random crypto shit.

Maybe you are not valuing your own resources enough. Ads draw time, concentration and other mental resources. So i can only believe that it will be a net-negative in the end. It can feel rewarding, but financially, the advertiser can't pay you enough.

That's true, the whole thing on my end is likely some fallacy.

On another note, I've always thought the idea of constructing your own ad profile could be interesting. Like selecting the types of products and related content that you'd want to be pushed.

From my understanding this is kind of the goal of social apps but it's obviously not self-directed. I guess it is in some capacity based on your behavior but it's not like you're intentionally clicking selecting you'd be interested and actually would maybe buy.

Fear mongering.

A competitor maybe? Someone with an agenda against Eich because of the donation debacle?

Privacy-wise, either Firefox or Brave are better than Chrome.

Ads are annoying but they do fund the net.

(comment deleted)
If you've visited /g/ lately you know how much Brave is pumping threads that are basically just ads for Brave. I wouldn't immediately jump to competitor conclusion (and even they were they have good points) To be Brave's model has always been bat shit insane.

>Ads are annoying but they do fund the net. This is a complete lie. If your website can not survive without ads then it shouldn't exist. Running a website takes almost no capital. Only people who are afraid about ad insdustry being destroyed (expect of course the people running the industry) are shitty blogs and useless news sites, because the truth is their content is so sub par that no one in their right minds would pay anything for it, but at least they can scam people into being sold onwards to advertisers.

Everyone should be running uBlock Origin. Everyone should be running ad blocking DNS. Websites that don't allow adblocks aren't worth visiting in the first place.

Disagree. Brave's approach to funding is at odds with privacy. The concept of warming up to ads to get paid is capitulating to the advertising industry.

While I did not appreciate the tone of the article, there are some valid points there. Brave may be better than Chrome but there are still better options. It might be better to get a common cold virus than it is to get covid-19, but I'd still rather not get any virus. Sites that don't work right when you block all of the tracking lose me, I won't capitulate.

"Brave's approach to funding is at odds with privacy."

Elaborate, please. Brave's ad model is built for privacy and security. User's must first opt-in. Your data remains on your device. Ad catalogs are downloaded and reviewed locally. You are rewarded when you see an ad notification. I repeat, rewards are granted when your attention has been spent; no clicks necessary. I discussed the model further in this recent 5-minute video: https://youtu.be/LsrrT502luI

Brave is its own ad network and offers targeting to over 200 IAB categories. I don't agree that profiling my demographics and offering them up for sale is protecting my privacy, even if that does not include PII.

If I want to skip out on Brave Ads then I don't really need the Brave browser.

You're going to have to help me understand how Brave's current ad model is at odds with protecting your privacy. Brave [does not] send any data to advertisers. That means no PII from the user, no meta data from the user, and no cohort ID or anything else for the user.
> Brave [does not] send any data to advertisers.

What about Brave itself? Brave Ads offers a lot of IAB advertising categories for sale to advertisers. If everything is pushed to the client and happens on the client, how does Brave Ads even know which IAB categories might be missing (and not exactly for sale in its network)? How would an advertiser know if/when an ad was even served?

The model still relies on assessing the folks that install Brave to know what you have to sell, and advertisers at least feeling like they are getting value from that advertising, most want some kind of measurable result. It would seem that some information is flowing back to Brave to allow for attribution and payments. Why do I trust anyone to hold this information? How can I know what happens to this information in the future? I can probably be deanonymized from Brave data.

No, Brave (the browser) doesn't send user data to Brave (the company) either. Matching happens on device. Categories are enumerated in the regional ad catalog. Local, on-device machine-learning decides whether a given ad is appropriate for the user. The data which comes back consists of cryptographic attestations; no user data. See https://github.com/brave/brave-browser/wiki/Security-and-pri... for more information. We have also added a way to anonymously detect conversions, such as when a user purchases a product or service after having viewed an ad-notification. This too relies on cryptography, and not user data. Although, if you purchase a product from an advertiser, you are likely already giving them some form of user data (e.g. Name, Address, etc.), but Brave doesn't have/transmit any user-data to ourselves or advertisers.
> The data which comes back consists of cryptographic attestations; no user data.

I'll be honest, I have no idea what that means, other than data going from the Brave browser going to the Brave Ad network. And I cannot see or verify that data. I don't want a browser that is a browser and an ad network, in which case I don't need Brave.

I'm interested in how you define 'user data'. Do you mean PII? In my opinion, if I interact with the Brave web browser and Brave creates a log of that then that is 'user data', its not browser data or advertising data. PII is one kind of user data. Data I enter into browser windows is another kind of user data. My interactions with the browser, as generated by me the user, generate user data too.

This made some decent points but relied too much on FUD.
I switched from Brave to Bromite on Android.