Users banding together to send crypto anonymously toward their favorite sites and creators is not "parasitic" -- you and your browser are the host, already colonized by tracking scripts for ads if you don't use a no-compromises blocker such as uBO.
Users' right to block is well supported by web standards and case law. Adding a separate, direct to creator funding option is not parasitism, it is found money for creators.
To see someone here call our opt-in (meaning that each user consents without duress) anonymous micro-contributions and (coming up fast) private ads model layered on top such a name tells me that person has confused host and parasite, or is working for one of the parasites.
It was never a given that your browser should become a blind and passive servant to surveillance super-companies either wholly or partly dependent on ads, but such companies did capture arguably 3 of the top 4 browsers.
Now is the time for users to push back, whether by Brave if you like it, a blocker such as uBO on a browser that doesn't track you by default (perhaps when "logged in"; whatever), or another method that works for you. I hope those who have not yet will give Brave a try. https://brave.com/download-dev for the chromium-extensions-ready new version.
We don't replace ads on publisher sites without that publisher as partner; they get 70% of the gross revenue, user gets 15%.
No point repeating something you heard a while ago from the NAA when they wrote a "Cease and Desist" letter to us that did not contain those words (because we weren't doing anything to cease or desist). All our opt-in models require consent.
User-private ads go in user-owned channels (notifications and tabs), not in publisher inventory, if the user opts in. User gets 70%.
You've given them the choice of not monetizing their content or paying you. It's the slimy Mafia business model. There is nothing decentralized about this.
Over 23,000 creators verified but we do not list without consent. You can see verified status in the Payments panel in settings after taking a free token grant to fund your wallet.
From user tweets, people notice washingtonpost.com, theguardian.com, vice.com, other bigs have verfied. From our own announcements, Dow Jones Media Group, Town Square Media, and more to come.
In 2016 we proposed that Brave, a browser, could allow users and publishers to get better revenue through a private ad model that does not entail any tracking or user data in the clear on servers. We ran some placeholder ads to show the concept off. These are disabled now.
This caused a reaction. The letter we got (I mentioned it in my last comment) from a publisher group asserted that the publishers own copyright and trademark on third-party ads on their sites. This was comical in view of malware getting on the New York Times, BBC Online, AOL and other sites the month before (March 2016). Publishers do not own (c) or (tm) on any ads they don't create, of course -- certainly not on so-called third party ads, especially malware. Or they'd be liable.
Anyway, baseline Brave is just a top-speed (better than using JS in extension code) blocker by default. All token options are optional, users and (if involved) publishers choose.
Manuel Araoz did a very early benchmark, one site, where we beat uBO. I don't cite it as fresh or large-N/controlled, but Manuel noticed and asked why. The reason is extensions must be in JS, in API and process sandboxes. uBO does great, uses the chromium extension background page facility to share code among tabs, but still must use JS. C++ beats JS. Also, we block ASAP in the network threads, in the browser "kernel" process. That helps win too.
If anyone wants to benchmark, results welcome, but we do not view uBO on Chrome as competition -- rather we cooperate on blocking tech where we can with @gorhill et al. We are out to take unblocked Chrome user share.
Thank you for the clarification! Do you know how much time is lost between the time a request is handled by the kernel in C++ and the time it would trigger a callback of the web request API? In other words, what is the overhead of the JS API compared to the raw C++ API?
I understand that you are not competing with uBlock. But I’m always a bit sceptical when I read that it’s faster because it’s C++. Since it is not necessarily true and some measurement is needed before being able to reach this conclusion. I understand though that blocking from the network gives some (constant factor?) advantage compared to a JavaScript extension.
I don't have measurements, as noted (others should chime in), but it matters not only in time to get to extension page process or tab process -- C++ in same process vs. JS after C++ across process boundary matters in memory use terms too, direct (allocation) and indirect (cache effects).
I've been doing browsers since JS was super-slow, advocated its use in Mozilla XUL UX back in the day without it being an issue _per se_, watched JITting JS engines make it even less of an issue for such 10Hz or even 60fps deadlines when done right -- but C++ over JS and in same process vs. multiprocess matters for blocking, due in large part to how many requests there are, and how they affect page rendering.
We are benchmarking again now that we have staff, so I'll try to update here if I do get any results. I don't believe we are yet testing vs. uBO+Chrome, though, for the reason given. We are allies.
Note that browsers already do the mechanics of inserting ads today, unless the ad is a fixed element on the served page, which is quite rare. Even then, to pay, ads need confirmation tracking if not target tracking before placement by scripts.
In this sense, all browsers insert the vast majority of ads today. Intermediary businesses insert scripts before, during, and after ads too. Browsers and extensions may block scripts.
The part of the ad ecosystem that Brave transposes to the browser, again if and only if each user and (if in the deal: ad slot in page, not in user space) publisher agrees, is the matching of ad to context including user interest, and the attribution and confirmation of ad view or interaction. This is done without any tracking or user data on servers — including our servers. Also no user fingerprinting on any blockchain, it is super-important to avoid this.
How matching works: if you opt into the ad system, you get a catalog, same as everyone gets in a large region speaking the same natural language. The catalog lists edge url and metadata on each ad or offer. It compresses well and slowly updates. Downloading it or updating it with new ad deals for all in the region/language does not identify you. We have started with global/English for trials.
Local machine learning studies local data, again only if you opt in. This agent sees the sum of all user inputs to the browser: search queries (you own your query log — the search engine does not and the agent does not scrape search results, just user inputs and navigation); e-commerce form filling and buying; social graph edges from you to your friends; tab and window constellations; scrolling on actually viewed content.
With our secret-key cross device sync option, your data can be a full cross device view of your browsing, and only you have the key to decrypt this data. We cannot see it, we see only encrypted blobs in cloud storage. QR code and camera pairing with secret key as wordlist are what you see and do, to use Brave Sync (user testing soon).
Say you are shopping for a new camera during lunch, but on most days go back to work after lunch. The agent knows this and does not bug you too soon. But later, after work, when you are idle, an OS notification floats a brief call to action ad (like a search ad, a few lines of text and minimal image branding). This self dismisses but you can find it in Brave. If you click the View button, Brave is focused if not already and a new tab opens with a full landing page ad or offer.
You can thumbs-down on the ad if it didn’t work. You can close the tab whenever you like. You are not identified to the ad’s brand or any other party by opening tab — Brave shields are still up. But if you like the ad, you can act on it. You get 70% of the gross, which can be large for lead-gen ads such as making a test drive appointment with a car dealer.
Publisher ads work similarly and can even place just based on page context, not on any local user data. We always give the ad space owner 70%. We always pay the user >= what we make.
If you just form an impression, view a video by quartiles, even click on a download button for an app, or open further pages, you are not identified. Chaum blind certificates attest to your ad actions but without any user identifier. We already use the ANONIZE protocol for anonymous contributions to your top sites and YouTube accounts.
In no case do you identify to any party, including us, as a tracked user — unless you choose to, in a clear page in tab aka first party setting.
I know Brave has their own arguably evil agenda, but their Android browser right now is simply amazing. It blocks all ads and trackers, without needing to set up VPNs or proxys or companion apps that mess with your settings and don't always work. If you prefer Chrome over Firefox on your Android then for ad-free browsing it can't be beat.
Slightly off topic, but if you're okay with a bit of setup, there's a cool F-Droid app called Blokada that's like a personal pi-hole.
I had an issue where my firefox browser was great, but the other apps on my phone were extremely noisy with ad networks. This would compliment an ad blocked Brave/Firefox browser nicely.
I second this. I've tried Blokada and DNS66 via F-Droid, and Blokada in particular has worked wonders. It blocks ad hosts at the DNS level, which is more battery-efficient than a traditional adblocker, but that also makes it necessary to clear out your DNS cache. I've only had one notable issue that required me to disable Blokada - adding a bank account to Venmo wouldn't work for some reason.
Domain blocking is still crucial, absolutely necessary -- but in our experience no longer sufficient. The adversary has wormed its way into 3rd party domains that sometimes must be allowed in certain 1st parties; it has even wormed its way into 1st parties via actual inside-1p-firewall code, or CNAME hacks to hide in subdomains.
Nothing against Blokada, but as a realist using ad blockers (not just Brave), I need more than domain blocking these days.
I like how you mentioned fdroid. I am a loyal user. I use Firefox klar. + Duckduckgo.com for all net activities. 100% private and 0 adds and 0 tracking.
> I know Brave has their own arguably evil agenda…
Why do you think this? What have we done to give you this impression? Our primary focus is to protect the user's rights online, and to create a sustainable experience for content creators.
I think given what the advertising industry has been for years, it’s arguable that attempts to sustain them are fairly evil. Being able to opt-in to it is still far less laudable than promoting ad-blocking (but of course that doesn’t allow for you to go ICO and rake it in). It’s not as bad as opt-out, but it’s still wretched, and no amount of “for the content creators” hand-wringing or tokenizing changes that. I do see how blending an ICO with this has the potential to make the people behind Brave richer regardless of long-term success or adherence to current ethics.
Nobody at Brave is getting richer right now, we are a startup. My salary walked back to late 1990s level. The tokens locked up for the team and advisors are nothing compared to years of RSUs at Google or FB.
Anyway, as the last sentence reminds, attacking us based on compensation shows a strange double standard. The huge super-surveillance companies pay people way more than we make, and they do it by raiding user privacy, page load time, radio and so battery life and data plan, and safety from malvertising.
We are out to transplant -- with user consent always, creator too if they are involved -- the necessary minimum viable ads components into a clean ecosystem, to capture some of the huge funding from ad spend ($100B in US on digital this year) and give 70% or 85% to user or user+creator. See other replies on how our ad model preserves privacy.
My Mozilla vow of poverty (look at form 990s to see what top person makes; hardly poverty but more than I ever made) is over. Anyway, the ad hominem with a double standard vs. the huge tracking-dependent businesses is a bad look. Change it.
Random Brave annoyance: when I look at the Mozilla form 990 in Brave, it prompts me to download the PDF. When I look at it in Chrome, in views it inline. I'm fairly certain Brave is capable of viewing PDFs inline; I could swear I've had some load. What gives?
Something throws off our Muon (fork of Electron) browser, but it isn't lack of content-type: or funky content-disposition: or whatever. Good news is it works the way you expect and the way it presents in Chrome (but still via PDF.js, we are not using the 0day factory known as pdfium that Chrome uses) in brave-core. Dev channel: https://brave.com/download-dev, beta channel: https://brave.com/download-beta.
It’s hard to take image advice from someone who seriously goes from accusations of personal attacks to “Change it” in the same sentence. I’ll file that next to taking conflict de-escalation tips from Linus Torvalds. More topically, I have no problem with you trying to strike it rich down the line, only with the thin veneer of altruism you seem driven to coat those motives with.
You picked up the ad hominem axe. Are you really upset with me for my imperative-mode verb use? Ok, don't do better, if that helps. (Reverse psychology :-P.)
The question you seem to be avoiding by tone-policing in wake of attacking my motives is whether ad spend can be replaced quickly enough to save the "good" content. Perhaps it is time to let the ad-funded world burn, and rebuild afterward. I'm not yet convinced, so excuse me for trying to reform ad-spend rather than just go for baseline blocking + optional voluntary anonymous token contributions, and no other option.
Did I really? Looking back over our brief exchange I’m not seeing it, you just seemed to use my supposed impropriety as a justification to turn this into a fight. It’s a pattern that seems to hold throughout comments on this thread when you’re questioned on the ethics or wisdom of BAT. A more cynical person would suspect that your position is sufficiently untenable that you’re employing a bit of the dead cat strategy.
Why is your only recourse, on the question of how to replace ad funding and keep even just the top 10% of the web alive, to attack our motives or ethics? Better to give a plausible version of how our rejecting ads, even skipping tokens for anonymous donations it seems, and just blocking to burn the ad-funded world down a little faster, leads to a better wider world later.
You seem to be conflating criticism of your actions with criticism of you personally. That’s not a game worth playing. As you said I’m questioning your motives in the context I already laid out, of existing solutions which are superior for the consumer. I’ll leave it to others who have already commented extensively to question the technical means.
It’s also worth pointing out that I’ve explained the core issue I have with your plan have nothing to do with your motives or ethics. I’m not sure how many times I need to repeat the idea that something like uBlock Origin is a superior performer, and “but the ad-supported content!” argument is unmoving for reasons I’ve already stated. It’s not that I’ve failed offered a broader perspective, it’s just that you’ve focused a lot on what you perceive as a personal attack, despite it being nothing of the sort.
"Nothing personal", you attacked the team, not just me. If you want to do that all day long, go for it.
But what I'm asking you to do, as a better course of action, or on top if you prefer, is say what "existing solutions" are superior and why they win. We started with baseline ad blocking and some of our users, who see the ecosystem problem of free-riding (which you still dismiss), asked us to build an option for giving back. So we prototyped with Bitcoin, and when that got expensive and cut off users who could not buy it, we created the Basic Attention Token instead.
Again if you dislike our ethics, no need to rehash. But I'm still interested in how you think pure blocking, AKA "free riding", will result in a superior outcome for anyone in the long run. Publisher revenues have been falling for years, decades if you look at newspapers. How do your top ten sites keep their lights on?
"Nothing personal", you attacked the team, not just me. If you want to do that all day long, go for it.
I’m done with attempts to frame yourself or your “team” as a wronged party.
But what I'm asking you to do, as a better course of action, or on top if you prefer, is say what "existing solutions" are superior and why they win. We started with baseline ad blocking and some of our users, who see the ecosystem problem of free-riding (which you still dismiss)
I don’t dismiss it, I encourage it. I’ve actively stated several times that it’s a model in need of a bullet in the neck. I’ve pointed out that much ad-supported content and “journalism” exists on a scale between useless and toxic. Moreover, the ad industry itself is inseparable from the industry of information brokering, creating demand for crap, and the subsequent environmental catastrophe of modern consumer culture. The death of it, and the noisy bollocks which exists to draw attention to it would be a good thing. Given their history they don’t deserve more chances, and it’s reasonable to suspect that even if they started off allowing for good intentions, over time the envelope would be pushed until we were back where we are now.
I understand that you disagree with what I’m saying on several levels, but the good news is that ad blocking is free and easy, not to mention popular compared to what you’re attempting.
asked us to build an option for giving back. So we prototyped with Bitcoin, and when that got expensive and cut off users who could not buy it, we created the Basic Attention Token instead.
Again if you dislike our ethics, no need to rehash. But I'm still interested in how you think pure blocking, AKA "free riding", will result in a superior outcome for anyone in the long run. Publisher revenues have been falling for years, decades if you look at newspapers. How do your top ten sites keep their lights on?
Less noise, more signal. Will “free riding” kill loads of clickbait, outrage factories, and “journalism” that is really a collection of affiliate links? Yes, and it’s a feature, not a bug. As a bonus it could even encourage a more functional and less societally destructive means of remuneration for content creators that isn’t mediated by profiteering sociopaths who call themselves advertisers.
Yes, just below is a comment where you said you "already explained that the majority of ad-supported content is hot garbage, more clutter than content." I won't quibble!
But in the interest of greater knowledge, I'll try one more time to get something less broad that addresses risk. Here is a top-by-revenue-and-subscriptions publisher trade group. They get 80% in aggregate of revenue from ads, are shifting away from ads, but cannot drop ads. Ideas other than high dose rad & chemotherapy (to use your "cancerous" trope) welcome.
How is offering a completely voluntary option to subject yourself to a more benign version of advertising than the standard, in order to fund the content you use, "wretched"?
“More benign” yet still cancerous, is the answer to your question. I’ve already explained that the majority of ad-supported content is hot garbage, more clutter than content. I’ve pointed out that the ad industry has decades of questionable-at-best track record, so “wretched” naturally follows. I’ll grant that it’s less wretched than the current state of advertising affairs, yet more wretched than currently available ad blockers.
> the majority of ad-supported content is hot garbage
I cannot argue with that, I very much agree. But plenty of people not only like consuming what I deem hot garbage, they're more than comfortable supporting it via ads; something I would never subject myself to if given a chance.
But I don't believe I should be able to dictate how other people experience their content or how they fund it, and there are still mountains of ad-supported content that is actually good and that would likely be non-viable on a patronage/subscription system due to things such as their target demographics.
So, Brave seems to tick our own boxes of "no ads" and provides the option for others to subject themselves to them. Unless we're arguing for going back to the old "pre-mainstream" Internet (to which I say, there are many places for that, and the Tor network is particularly fertile for fostering such a culture) then I say the Brave model improves the situation on every front.
On android it is essentially identical to Chrome in every way apart from the Brave icon next to the address bar that controls the blocking.
I really like it.
I tried the desktop version though and did not like the look and feel of the UI - tabs under the address bar etc. Felt like it was a slavish copy of Safari and I did not like it. Much prefer Firefox on desktop.
I have also learnt of Brave's plans to replace a sites ads with its own ads which I do not like. Will move off of Brave on mobile when Firefox is workable on android (last time I tried it was awful, clunky and slow on android).
Try https://brave.com/download-dev for better desktop browser that is coming to stable very soon. Almost all chromium extensions work - any using Google accounts/sync do not.
Opting-in by default is refreshing to see, and offering to share some portion of the spoils more equitably is too. Still, I fundamentally dislike advertising and find that content supported by it is often grossly inferior to other content. I’m not convinced that the middle path here is the right one, rather than evangelizing ad-blocking and forcing the internet to adopt alternative revenue streams. Slapping an ICO on the problem is certainly a good way to get people invested in defending Brave, but I’m not convinced that it has any lasting value.
Cutting advertisers off at the knees does, and as a stance it isn’t subject to being degraded through its relationship to advertisers and their money.
If you dislike ads, then don't opt in. You are welcome to use baseline Brave and just block. But why comment as if you mean to tell others what to do?
If you think the web can do without $100B in US on digital this year, ~$250B globally that goes through ads, then please demonstrate replacement funding models, or just show some evidence of any that could scale that big.
We can't count ads out, but by lifting 3rd party to 1st ad context (avoids brand safety and reverse: bad ads on good content), aligning interests, and cutting out all the trackers and other intermediaries that evolved because browsers were passive slaves to the system, we hope to more than replace the value of our users to publishers that was "lost" via our users blocking by default.
I think the web as it exists today is bloated with “content” that could never survive without that money, and the loss of that “content” would be a gain for the web. I’m hard-presses to think of many worthwhile examples of ad-supported content; certainly HN here doesn’t take that path.
You could argue HN being an advertising platform for YC and certain YC posts being inserted early on like hiring posts are ads. So using HN isn’t a good example at all.
Absolutely. And the idea that he’s trying to convince us that as users we would like to support this “economy”, is preposterous. I want it to go away. If it needs ad revenue to exist, it’s very unlikely to be of value to me.
I’ll stick with Firefox, as Mozilla is the only organization users can truly trust today for their privacy
I am among the founders of Mozilla, and I'll speak only about what is public and happened or at least started while I was there:
1. We rejected 3rd party cookie blocking patches, three times. Safari has had a blocker from birth.
2. We got too dependent on Google revenue shares while Google turned from search (1st party ads) to full surveillance (1st and 3rd) superpower.
3. Tracking protection work that started while I was there was delayed for years, then allowed only in private tabs, then a pref was added. Now, after Safari and Brave have taken the lead, Mozilla is turning on tracking protection in some form by default (which is good).
The claim that Mozilla is the only organization users can truly trust for privacy is belied by these facts.
I tried my best to get the tracking protection patch shipped after you left. There were no realistic technical concerns with it. The entire engineering team wanted to enable it. The patch was ready for prime time. I was overruled for non-technical reasons. I left not too long after.
Second point: I don't have to convince anyone that ads are necessary to fund most of the visible web. They obviously are doing it, poorly, and if the hundreds of billions gross spend per annum globally (rising to a trillion in a few years) went away, many sites would shut down -- including newspapers and other homes for journalists.
You may not care; I care about some but not others so do not take this as me twisting your arm. But "I'm all right Jack" is a bad attitude in view of the fact that ad-funding is required for millions of sites today.
Second point: I don't have to convince anyone that ads are necessary to fund most of the visible web.
You’re selling an ICO based on that premise, I’d argue that yes you do very much need to convince at least some people of that. In addition I’d argue that you need to convince people (against the evidence of their own experience) that the majority of the “visible web” isn’t a dumpster fire that would be better off dead.
Our token sale is over, it ended in 24 seconds. I'm not selling anything, least of all to you who are free to use Brave as a baseline ad blocker. Publishers working with us call that "free-riding".
It's great you don't like most content. Who does? Sturgeon's Law (90% of everything is shit) has not been repealed. But we do not all agree on which 90%, and even the top 10% by many measures needs ads. Why are you trying to make your animus against ads into a universal? Seems cultish.
I've been using Firefox on mobile and have no issues with it. I'd try it out again now, with quantum under the hood it's purring along smoothly for me.
Also (to anyone who doesn't know) you can install Firefox addons on Firefox mobile, so uBlock Origin works (can personally confirm it) to block ads.
Anything above baseline blocking, protection against fingerprinting, etc., is optional and must remain so or our core users would bolt. So please feel welcome to use in default mode.
BTW, chromium bloat rep in part comes from Chrome not blocking ads and tracking well. Extensions must use JS and so use more memory. Brave uses C++ in the network threads of the browser process.
The first time I heard of Brave, I thought Oh cool, a privacy focused, chromium based browser. But I must say I'm honestly appalled by its parasitic business model.
Content creators are strong armed into becoming verified publishers, while users have to trust Brave that their data is handled properly and carefully.
What're you talking about? Their content creator program is completely voluntary, and their business model (and the Basic Attention Token) is designed to serve content creators, and is not driven by ads or data collection (like Chrome is).
Brave is the only hope I see for a strictly "privacy-by-default" browser, which is not powered by an ad-based business model. Brendan Eich isn't a dumbell, he knows what is wrong with broswer-based privacy and what needs fixing.
PS: I use Brave on Android and the experience has been better than Chrome.
Brave has multiple layers to actually help content-creators. It is beyond me how anyone can frame it in the opposite direction.
Layer 1: Blocking everything that is not helpful for the user (i.e. being a browser that is a user-agent first and foremost), thus doing essentially the same as content-blocking extensions or other content-blocking browsers (Opera mini, UC)
In this way, there is nothing to be outraged about, since this is a reaction to a complete lack of respect for human dignity and the state of the web on the side of the publishers. The only thing that is parasitic are the ad-networks that pray on vulnerable people. It is easy to overlook that for years browsers have ignored the user so that many gullible people nowadays think that this is how things are supposed to be, but just like ad-tech, users can lobby against the state of things with chosing their software.
Layer 2: Allowing privacy-friendly ads, as opt-in, to help publishers get money and get free from the parasitic ad-networks at the same time
Layer 3: A future-proof patreon like payment network to help publishers survive the ad-backlash, and connect readers and publishers on a new, voluntary, respectful level while also being privacy-friendly.
Honestly I can't see how anything of this is problematic for anyone, except for Brave's rivals (Google, Facebook, Criteo, etc.)
I believe most of the FUD is, in fact, coming from those rivals.
Brave proposes cutting out a bunch of middlemen through the token market and making the browser something like an anticheat system: opt in and it does its best to serve quality ads while preventing click fraud.
There are a lot of details in the execution that matter to make this competitive, but the basic idea resolves many of the current conflicts of interest that make adtech a miserable market.
It's astounding how many willing employees Google has to comment voluntarily, out of their own awe of the mothership, in favor of anything Alphabet does. They're so many, it's like machine learning, Google barely has to try or know what's going on.
I always have to remind myself how poisoned the well of tech commentary has become with behemoths like FB, GOOG, AMZN.
We don't even have ads out of user trials or paying yet, so he was not dishonest. Ads are opt-in, we have to win users over to get any revenue share to us -- and it's always <= what the user gets.
Note how we take a much smaller (Patreon sized) 5% off the anonized contribution flow, so if we had enough ad-averse users contributing, we'd be ok just on that basis. It's not all about ads, but no one can count out ads right now -- $100B gross spend in US this year on digital advertising!
While I "technically" have a conflict of interest, when brave launched I had some concerns about how and when creators were paid, and the responses amounted to brave stealing from them unless they signed up.
Unlike patreon (or Google contributor), if the page doesn't sign up, brave still replaces the ads, but they end up keeping the money.
In those cases, their business model is much closer to a Comcast than an uBlock, and it certainly appears like strong arming creators/sites into joining, or forcing them to forgo revenue and donate it to the browser. If you can't see why that would be upsetting to content creators, idk.
I think there are some subtle, but important, differences though.
Brave users by default block all ads. So those users won't see the ads on content creators sites anyway. Content creators shouldn't feel outraged towards those more than they can feel outraged about any other ad-blocking users.
Some of those Brave users might opt-in for ads that are promised not to compromise their privacy.
So I totally understand that some creators might feel strong-armed if they already use ads. But they shouldn't feel any worse than when faced with ad-blocking users. They do have the chance to opt-in and rely on privacy-respecting ads and get some revenue that they otherwise wouldn't get.
I guess if there was an alternative ad model that was less intrusive, and content creators relied on it, they might have a much stronger reason to be upset. I'm not aware of many creators that use privacy-friendly ads, and it seems like Brave is at least attempting to create this model?
No affiliation with Brave whatsoever. Only found out about it a couple of weeks ago.
Assuming I'm a creator, the ussue is that brave is monetizing my content and I get nothing unless I opt in to brave, instead of the system that I already have set up to monetize myself.
Ad blockers don't make money by replacing the ads. Brave does. That's why it's more similar to an isp hijacking ads than ad blocking, it's just happening in the browser instead of in the network.
Brave isn't making money if its users choose to block ads.
Users now have the choice to make money from opting-in to ads. But only ads that protect their privacy. Brave enables this, and takes a smaller cut than the user.
Sites choosing to monetize themselves are doing so at the expense of the user, whose privacy is compromised in the process.
I don't think Brave or the User is hijacking things here more than you can say that monetizing sites are hijacking user privacy.
Monetizing sites don't give the user the option to pay for content via other means, or ads that protect their privacy (or even the awareness of what transaction takes place). At least Brave and its users are giving sites the option to get revenue here (revenue that otherwise would be lost if users opt for ad-blocking instead).
N.B. Looking at [0], Brendan Eich stated that "We don't replace ads on publisher sites without that publisher as partner; they get 70% of the
gross revenue, user gets 15%.".
>Brave isn't making money if its users choose to block ads.
Correct. I don't disagree at all with this statement. In the context of just blocking ads, Brave is doing approximately the same thing as any number of other browsers or ad blockers which aren't really objectionable.
>Sites choosing to monetize themselves are doing so at the expense of the user, whose privacy is compromised in the process.
Sure, ok.
>Sites choosing to monetize themselves are doing so at the expense of the user, whose privacy is compromised in the process.
If as Eich claims, they have permission from all publishers, than this is more ok. But if not, the difference is that in one case, the reader, the ad company, and the publisher all get something of value (an article, money & data, money respectively). But if Brave is actually replacing ads without publisher consent, then the user and brave get something of value, and the publisher gets nothing.
>Monetizing sites don't give the user the option to pay for content via other means, or ads that protect their privacy (or even the awareness of what transaction takes place). At least Brave and its users are giving sites the option to get revenue here (revenue that otherwise would be lost if users opt for ad-blocking instead).
Depends, Brave actually explored an option to monetize in a patreon like fashion [0]. Which sounds great, but there's a huge caveat that makes me less inclined to believe Eich elsewhere. Specifically, The "Payments" tool allows any user to donate to any creator or site. Then Brave sends an email to the webmaster address for that internet site (which often doesn't match the publisher: think subdomains). Then, if people continue donating and the site owner never registers, brave will eventually just keep any money donated to the site[1].
In other words, if I run a popular hosted blog (yes these exist, and are probably some of the best candidates for patreon-like funding), I can't actually get verified because I don't control the DNS records for my site, and I will have to sit back and watch as people unknowingly donate money to Brave instead of me.
They then market this as
>Brave even lets you contribute to your favorite creators automatically
What happens to the small sites that don't track users, but display some ads to keep the servers running? Hope that they get "rewarded with BAT's accordingly to the users attention" ?
Btw, I'm guessing you are a Brave employee, that many Buzzwords in one comment would otherwise be quite astonishing, how does Brave guarantee a users privacy? I assume brave "phones home" in order to replace ads with ads Brave gets compensated for.
Also, I read a lot about a transparent way funds are distributed among publishers, where is the code?
I just see the potential, and want Brave to succeed.
> "What happens to the small sites that don't track users, but display some ads to keep the servers running? Hope that they get "rewarded with BAT's accordingly to the users attention" ?"
What happens to them nowadays, now that most users block ads? They struggle, and they will continue struggling. Brave won't change any of that.
The brilliance of creating a utility token like BAT is so that the creator (Brave) can get rich off speculation, and a horde of people will defend the creator online because they have a couple bucks invested.
It's one of the most insufferable parts of anything to do with cryptocurrency and it's why it's hard to have honest discussion.
I certainly don't think it's necessary nor useful to try and label you as a shill. It's just that BAT is one of the reasons why it's hard to take Brave seriously, and it's why you shouldn't be so dismissive of people who raise issues with Brave much less call them shills of ad-tech or rival browsers (as you did).
Layer 3 implies that there is some system that tracks user to reward content creator according. How is this not a tracking system?
Without knowing the implementation details it looks like Brave is (1) removing all the competition, (2) except the ones that play nice, (3) force content creators to buy into their system.
I think it's good that they are trying to find a solution for content creators to monetize their content. Instead on making suppositions on the OP, why not address those points? Why is using Brave not like building the tracking even further into the browser?
You can assume whatever you want, but arguing that people who disagree with you have ties to the ad-tech business is explicitly prohibited by the site guidelines.
Why I never use it. I will always stick to Firefox. Firefox has yet to irritate me. A few plugins here or there is not as awful as most of what Google does.
Besides if I REALLY wanted to I could run one of the GPL forks of Firefox. They may be dated after a while but they work usually.
Edit: I meant to say GNU forks like IceWeasel and GNU IceCat which are licensed as GPL usually. There's other forks too.
It's GPL compatible, and I wrote GPL instead of GNU. There's IceWeasel which is a Debian fork of Firefox to debrand it from all the Firefox trademarks and logos.
I don't know much about this browser, but I'm finding it strange that multiple accounts are describing it using the same adjective ("parasitic") without actually explaining what it does.
Brave blocks third-party ads and trackers (which are not only harmful to users, but often make up more than 50% of all data loaded).
Brave is testing an optional digital advertising model which operates via local (on the user's device) machine-learning to match ads. If a user opts into this component, they will earn up to 70% of the ad revenue.
In the future we will offer publishers (websites) the ability to partner, permitting Brave to display ads on their pages. In this arrangement, publishers will receive 70% of the ad-revenue (far better deal than what most see today), and users will receive 15% for their attention.
In either model, the user must first consent to see ads.
I'm not sure how that post is misleading. And your responses are either evasive or does not contradict what is originally being claimed.
>Brave blocks third-party ads and trackers (which are not only harmful to users, but often make up more than 50% of all data loaded).
Considering "replacing" ads involve removing the original ones, I'm not sure how this this disproves mswift42's post
>Brave is testing an optional digital advertising model which operates via local (on the user's device) machine-learning to match ads. If a user opts into this component, they will earn up to 70% of the ad revenue.
>In the future we will offer publishers (websites) the ability to partner, permitting Brave to display ads on their pages. In this arrangement, publishers will receive 70% of the ad-revenue (far better deal than what most see today), and users will receive 15% for their attention.
There's still 30% and 15% left, respectively in those examples. Is brave taking any % of that? if so, they're making money off of replaced ads.
>In either model, the user must first consent to see ads.
I fail to see how consent is relevant to a post about what Brave's business model is, especially one that's making a statement without any moral judgement.
shows the token holders pie chart. We have the UGP+reserves largest account, 23% of all tokens. Not a majority. Bittrex liquidity pool is second. Other accounts, which we do not own, total over 70,000.
Stupid lie, easily disproven, onlookers educated. But I recall USENET trolling, and miss it compared to the low HN version.
Thanks for the correction. It's not a majority (unless some of the other wallets are also you) but a plurality by a wide margin. The point still stands.
Oh come on! "Hoarding a majority" and "scam". You were corrected and ack'ed the point grudgingly (as if 23% is enough to do more than dump the price if we sold fast, which we will not - this pool is for the users & creators, to drive growth). Have the decency to retract the false claim cleanly.
> No, you weaseled to "plurality" as if that mattered.
By a wide margin. Of course it matters. Why wouldn't it? Selling all of it would drop the price but not enough to keep the plurality owners from getting rich. Claiming that just because it's half as much hording as I incorrectly claimed (and quickly and happily corrected) makes it OK just shows another example of your poor ethics.
It's a scam because you're stealing from publishers and then using tokens to leverage your ill-gotten gains.
> It's just self-debasing name-calling, which any fool can do.
This sentence, even in isolation, shows a complete lack of self-awareness.
And here we loop back to a stupid, trollish claim that at least can be refuted: "steal from publishers" is false, users have rights to ad-block, by law and by design of the Web.
We pay publishers far more than the sub-40% they get on a good day from programmatic advertising.
If this is your limit on arguing to justify slurs, find a new hobby. It's boring and it makes you look silly or envious.
The idea I'd dump BAT we reserved for users is also silly or vicious: I'd be destroying the project and my company. And the price would drop very quickly. To work the order book in the face of falling liquidity would require some buyers who do not see the project risk. And I'd be out of job, and I am not independently wealthy and wouldn't be on good odds after trying such a stunt.
Enough for onlookers. Now go do something better! Note how I did not call you a fool yet. There's still hope, if you stop the foolish, self-defeating and easily falsified comments.
> "steal from publishers" is false, users have rights to ad-block, by law and by design of the Web.
I never claimed otherwise. Ad blocking is completely legal.
> We pay publishers far more than the sub-40% they get on a good day from programmatic advertising.
Sub-40% of what? People care about the actual money they're being paid, not revenue shares of different-sized pies.
That's all beside the point though. You hold the publishers over the barrel, so they have no choice but to accept your terms, whatever they may be. You're exactly like a piracy service that offers content to users for free and then offers to pay the content owners in a token owned by the piracy service.
> The idea I'd dump BAT we reserved for users is also silly or vicious: I'd be destroying the project and my company. And the price would drop very quickly
You're obviously going to sell what you have, slowly at first for income, and faster when your scam fails.
1. We have too little share to "hold publishers over a barrel"
2. Glad you agree users have right to block, so no one is holding anyone over a barrel -- we could just let publishers get nothing. Would you retract "scam" then? Argue consistently for a change.
3. You have not in any event supported "scam". Look the word up! If you mean we are "extorting", see 2. Our users want to support their sites, we help them. This is all found money above the zero that users by right to adblock leave publishers with today. Get it?
I'm done replying; almost all onlookers are way smarter than you and they have enough info to see through your slurs. Plus, the indentation level is too deep!
Thanks, and for the "please". Always good to keep your cool. This troll pops off with "scam" and then throws "lack of self awareness", which may be typical on HN, but in my youth and in person, it would quickly lead to a fight.
People need to get out from behind computers and interact f2f more.
"It's a scam because you're stealing from publishers and then using tokens to leverage your ill-gotten gains."
But we are not stealing from publishers, per your own agreement that users have the right to block ads. You are contradicting yourself. Anyway, this does not justify "scam", which is not the same word as "theft" if noun or "steal" if verb. Duh!
How tokens "leverage" anything (no debt, no forward market, no speculation) is beyond me, but save it.
I followed your previous link. The link immediately above is to a newer post (14 minute ago) than the one from you to which I was replying. No time travel on HN.
"Scam" (glad you looked it up) means "a dishonest scheme; swindle", i.e., someone was deceived. Whom did we deceive? You keep abusing it to mean extortion or theft, while admitting users can block without compensating anyone.
Reminder: we don't put ads on pages unless the particular publisher partners and the user agrees. No one is deceived. Since our baseline mode is just blocking, no one is owed, either.
I read every one of your comments. When you link to something I was supposed to have read before the prior reply from me to which you are responding, it's customary to link to the earlier in thread, or root of subthread -- not to your latest.
As for "dense", you still don't employ "scam" by its meaning, even after citing that meaning -- and you contradict yourself about users' right to block ads and right to donate. If users do not owe publishers anything in lieu of ad blocking, but we help users anonymously route tokens to publishers anyway, who is scammed? Answer directly.
The link was for the comment to respond to. This argument about commenting custom is completely uninteresting and off-topic. I'm leaving this as a courtesy, so you can try to think from someone else's perspective. I sincerely hope it will help you with other problems in your life.
I am simply trying, with no small frustration, to keep the discussion in one thread to make it easy to follow.
I'm not the one making threats of physical violence or calling someone a troll for making the same criticism that many others (including the newspaper industry) have made, a criticism that remains unanswered except with disingenuous deflections about "40%" rev share of smaller pies.
Oh, you mean my "when I was young" remark? Don't be dense, that is a memory not a threat. On the other hand, if you were in a f2f situation, you'd behave better than you are here. Give it some thought.
40% was not disingenous (we pay 70%, so you seem confused; again). It was to show that Brave users can more than pay for the cost of their ad blocking. When has a "scam" improved revenue to publishers who lost it to users, whom you agree have the right to block ads? Don't bother torturing "scam" further.
Your first comment is a bit misleading; Brave blocks third-party ads and trackers by default. You don't have to give BAT to anybody for this functionality—it's our baseline.
We block third-party ads and trackers because they have been leverage to spread malware, inject crypto-mining scripts into pages, push malicious extension onto unsuspecting users, and more. Not to mention, the entire model of unannounced tracking is in stark contrast to GDPR and relevant legislation.
The user ought to be sovereign over their machine, their experience, and their data. That is what Brave believes.
We understand that blocking ads and trackers will result in some impact to many websites. It is for this reason we created the User Growth Pool during our token sale, setting aside 300M Basic Attention Tokens.
For several months we have been channeling the UGP funds into the wallets of content creators. We do this via regular, monthly grants to users (which wind up going to their top sites), referral links which pay $5 in BAT for every user you bring to the Brave platform, contests (such as our 100K BAT giveaway), and more.
We understand that has helpful as the UGP is, it won't be there forever. As such, the web needs to be sustained by some other means. This is why we're developing Brave Ads.
Brave Ads is a completely-opt-in digital advertising model which doesn't leak private data, doesn't reward fraudsters and scammers, and doesn't put Brave in any position to abuse your trust as a user.
With Brave Ads, consenting users will benefit from local (on your device) machine-learning, which uses it's knowledge of the user to select the best ads to display. The ML operates off of local data, meaning nothing is sent out to third parties, and Brave isn't collecting personal information about you.
If the user consents to seeing ads, they will also collect up to 70% of the ad revenue. Users will finally get paid for their attention; they've had their attention stolen from them for far too long.
As I stated earlier though, all of this is optional. If you choose not to participate in Brave Ads, you still get a solid ad-and-tracker blocker in Brave. And you still get the option to directly support your favorite content creators out of your own pocket.
However, I think a fundamental issue arises if you are going to pay people to see ads: What if someone forks Brave, and creates a browser which blocks all Brave ads, while pretending to click on them?
Neither of the two solutions I can think of are pleasant ones: you either need to somehow verify that that ads are viewed by a human (i.e. CAPTCHAs), or use DRM-like mechanisms to hide a token in Brave’s brinary, so that only “honest” browsers can get paid.
Any network with grants or revshares of tokens or other units of account that might exchange to money, and humans in the loop, will have fraud. Blockchain cannot stop it and has really nothing to offer yet on this front -- reputation on chain is a hope, some say a vain dream.
What Brave offers that's far better than today's joke of an antifraud system for ads is as follows: 1/ integrity-checked open source native code, which cannot be fooled by other JS on page; 2/ looking at all the sensors, even the ones without web APIs, to check humanity.
(1) requires SGX or ARM equivalent, widespread on mobile. JS by contrast cannot be sure of anything unless the antifraud script knows it runs first, and publishers cannot guarantee this in general or easily.
(2) is a material advantage over JS, which has only some but not all sensor APIs.
Applications might want to implement their own pinch-to-zoom. I can imagine that Google Maps in mobile browsers does that, otherwise you'll just see upscaled images instead of the application fetching new, higher resolution tiles.
What platform are you on? It works perfectly in both Brave and Firefox installations (unmodified) on Android (version 9, Pie). (Tested on wikipedia articles). However, keep in mind that individual web pages can disable this behavior with meta viewport. (https://www.w3schools.com/Css/css_rwd_viewport.asp)
I've looked at using brave instead of Firefox because I'd install fewer extensions to get what I want in terms of ad blocking and privacy. Fewer extensions is a regular goal of mine. That said, Brave isn't quite there yet for me on the desktop but based on the roadmap, I'll be checking it out again in a few months. In the meantime, Brave is my primary mobile browser.
It was a little too limited for me. I have 3 sites I visit regularly and have tabs open for each makes my workflow a little easier.
I liked focus and the DDG browser but settled on brave as the best for fit for me.
I don't love any of them but brave works best for the limited way I use my phone. I do check in on the DDG and focus browsers every 3 months or so to see if I want to switch.
Brave decided to protect users by default from privacy concerns, it may not be perfect, I'm going to give it a go and see.
Firefox offers various privacy features (check about:config), but they're opt-in and typically have a bar to entry for users to be willing to change settings and know what they will do.
Mozilla might claim to care about privacy, but by not clamping down on third party content and referers, it left most of its userbase in the position of having their privacy invaded by default when using their product. If you care about privacy you fix that, they didn't.
The built in ad-blocking is more performant, it’s based on chromium, so compatibility with some marginal sites. Other than that they’re pretty comparable. Brave has some crypto-related compensation scheme for websites but it’s completely opt-in and optional.
> This app has access to: Device & app history Allows the app to view one or more of: information about activity on the device, which apps are running, browsing history and bookmarks
Yes. We are looking into better ways to roll but it's hard on Android because of course-grained permissions; also you can't have a high-power importer put the imported stuff in a place the main app can use, as far as I know. Apps are not allowed by store rules to "interfere" with one another. :-/
I can see you're getting a lot of negative feedback here, so as a hopefully countervailing force: this was the thread that finally got me to try Brave on my iPad, iPhone, and mac. I like it so far!
I never thought I'd use any ad blockers, purely on moral grounds. But so many sites have gotten completely unusable in the last year or so: half a dozen auto-playing videos, some of which follow you around the page, text that won't stop flying around the screen long enough for you to read it, etc. It's starting to seem like there is no other choice. If I used it for nothing else, Brave is a whole lot better than Safari on iOS for blocking unnecessary crap.
You really shouldn't get into it with trolls, though. You've had quite a few comments in the last day or so that ended up flagged dead. Not a good look for a CEO.
Negative? This thread is nothing in terms of negative feedback, and just by counting handles (not counting comments, esp. the now dead ones -- btw that flagged subthread was a net win too), I see way more positive than negative.
Questions are never negative and all good if not loaded/trick. Anti-ads or anti-token politics, not so much -- but part of the package deal. The ohmygodel comments were quite good and I'm grateful for them - hope to connect by email.
I support Brave's vision for the Web, but it currently seems to represent a step backwards for privacy. Making payments to providers essentially involves sending your Web browsing history to Brave. The FAQ states that "we do not know which BAT wallet is associated with the lists of sites that you choose to support". I believe that is false.
I think it works like this: (1) Brave Browser submits its transactions to a Brave server to exchange a BAT for an Anonize ballot (anonize.org), (2) each ballot has the name of a site you visited randomly added by the browser with probability proportional to the frequency of site visits, and (3) the ballots are sent to a Brave server. Key here is that the token and ballot submissions are sent directly (e.g. not through a proxy or Tor). In addition, I believe the ballots may be submitted as a batch (i.e. at one point in time). Therefore, it is easy for Brave to see your votes for your visited websites, all coming at once, all from your IP address. That IP address may well be the same one used to exchange the BAT for ballots as well.
There are additional problems regarding visits to unusual and identifying websites that I feel like Brave hasn't begun to consider, either. Suppose that every and only time that Brave receives a ballot for your personal website, they also receive a ballot for some unpopular and sensitive website. They can then conclude that the owner of the website also visits that sensitive site.
These problems must be addressed before Brave can be considered seriously by privacy-conscious users.
No history sent to Brave - did you assume this, or read it somewhere?
We use ANONIZE2 based on https://anonize.org/ to blind ourselves to your history. Can’t be evil > Don’t be evil. We see only zero-knowledge proofs that say how many votes go to sites or YouTube or Twitch accounts. These proofs do not link to user id or to ine another (so no fingerprint by clustering). They go over an IP address masking service to our accounting server, while your monthly budget goes in a single token transaction.
Note Google and other ad tech powers do track your history. Logging into Chrome even gives your history over for ad targeting. Blendle, Flattrplus, other such services also see your history. But we do not.
I understand that Anonize is used for anonymous ballots. I understand that Brave used to submit its ballots via a single-hop proxy. My understanding is now that Brave no longer uses this proxy, which wasn't a good solution anyway because the proxy sees the user's entire set of ballots (aka browsing history). Thus Brave is now given all the ballots directly from the user, and thereby learns the user's browsing history. I do agree that other browsers and services also track users around the Web. Eliminating that is a goal that I support and that I think Brave does as well. I think that it is failing to achieve that goal. Either you don't realize the technical reality of your solution, or you are being misleading.
No, we do not see any user id. IP address we do see for any “tokens sent to user wallet” cases, for antifraud and per terms & privacy policy, but that is not a useful id and (more important) we do not use it for other purposes per GDPR. See GDPR’s “purpose limitation”. We would face 4% of global revenue fine if we violated this, and we are holding FB, G, and others to same standard.
For IP masking in the case where you buy your own tokens, we have two options: 1/ relaying at IP level where we would not see your IP address and the partner would not see any encrypted payloads; 2/ Tor, which is already integrated. More to do but you led with “we see user history” and that is just false in all these cases. We do not see history of sites visited or supported on a linkable to user basis.
An IP address is an identifier. If it weren't, there would be much less reason to use a VPN or Tor.
Suppose I understand you correctly and you do see the network IPs and timestamps of submitted tokens and ballots. Is your argument then that you can be trusted to follow your privacy policy? If we rely on trusting you to follow policy, then why not get rid of your zero knowledge proofs entirely?
By saying that you "have two options", it sounds like you are saying that there are two mitigations for the privacy problem that you could use but do not yet.
(1) is the one-hop proxy, which used to be used in the form of Private Internet Access service, but it seems like it is not currently being used by Brave. If you did use such a service and encrypted the publisher identities under Brave's public key, then that would be a improvement, although still not really private because Brave would receive the results in a batch from Private Internet Access. Browsing histories are essentially fingerprints for each user. The ten sites I visit each week are almost certainly not shared by any other Brave user on the planet, and moreover they are frequently identifiable (consider sites for individuals, companies, sports leagues, scohols, etc.). From [0]: "Our results show that for a majority of users (69 %), the browsing history is unique and that users for whom we could detect at least four visited websites were uniquely identified by their histories in 97 % of cases."
(2) has the same batching problem as (1). It would be superior, though, because it would be harder for Brave and the proxy system to collude or (more likely) be forced to cooperate with some authority.
To handle the batching problem, you should at least choose to upload each Anonize ballot at a uniformly random time in each month and on a separate connection (i.e. TCP connection or Tor circuit). You should also explain how this works in a technical document to give people the ability to understand what exactly they are signing up for when they enable payments in Brave. Ideally you would use a cryptographic protocol more suited to strong anonymity than a proxy network, such as a verifiable mix network or a secure-multiparty-computation protocol.
Please read up on GDPR "purpose limitation". We cannot use IP address except for antifraud, so it is not legally viable for us to try to link zero-knowledge proofs into a profile based on IP address. Also, my home AT&T IP address wanders often, so do many others; mobile is even more variable. But my main point here is purpose-limitation where we take IP address for antifraud. Which we must do, or our user growth pool would be quickly taken by fraudsters.
As we are all open source and will get annual audits when scaled beyond trials, I think you are mistrusting prematurely.
On linkability for users who buy their own BAT and so do not require the antifraud terms: as noted in my item 1, we are talking to PIA about using an IP relay (not full VPN). This got delayed by their work on handshake.org but we're restarting it.
Tor (item 2) is better and batching is not an issue. We do not make cross-site/channel linkable batches in any event. Each ANONIZE session paying a given domain or YouTube/Twitch account is separate from every other. Putting these through separate Tor circuits is possible, as we also randomly space them out in time.
I don't know why you are telling us to do things we already do. Did you find a bug in the open source? We pay bounties.
Separate thing, not promising it on a schedule yet so really FWIW: our BAT roadmap's "Apollo" phase aspires to decentralize as much as possible. This could certainly include p2p flows with ZKPs in state channels or better. We are looking at OMG's Plasma implementation.
So the ultimate goal is to get away from ANONIZEd traffic to a blind accounting server. But as I say, lots of problems to solve before promising this. Yet with Ethereum scaling and anonymity support, for users who buy their own BAT (where I claim your objection to IP address has most merit), we could go p2p on-chain for decentralization w/o fraud risk for bring-your-own-BAT users.
Interesting, but decentralization does not equal privacy. Indeed, it might make privacy worse by sharing the data more widely and making it even easier to get copies of the data. Consider, for example, BitTorrent, which has a pretty decentralized distribution protocol that also makes it easier for third parties like the MPAA to observe who is sending and receiving the files.
Even using a privacy-enhanced blockchain isn't necessarily sufficient. Blockchains do not provide anonymous messaging. Therefore, a recipient R of a transaction can identify the sender S if R can observe S sending the transaction. Yes, this problem affects Bolt, Zcash, Monero, etc.
That's basically using a proxy, and so it has the same security. If the proxy is/geos bad (say, your VPS provider reveals your IP to some interested guys with guns), then you lose (anonymity). If your proxy remains good, then all that can be learned is the transactions originated at the proxy. However, the proxy does serve as a potential pseudonym, and so if the collection of transactions reveals something identifying, even if any one transaction doesn't, then you lose.
I am reasonably familiar with the contents of GDPR, having looked into it more after attending a lecture on the subject [0].
> We cannot use IP address except for antifraud, so it is not legally viable for us to try to link zero-knowledge proofs into a profile based on IP address.
If your users must rely on you obeying a policy, then please just say that. Right now, it seems to me that you claim to use technical means to prevent Brave from learning browsing histories [1].
> my home AT&T IP address wanders often, so do many others; mobile even more variable.
IP addresses can be so identifying that they have been ruled as personally-identifiable information by the European Court of Justice [2].
> I think you are mistrusting prematurely. But as noted in my item 1, we are talking to PIA about using an IP relay (not full VPN). This got delayed by their work on handshake.org but we're restarting it.
Thank you for stating clearly that you aren't using PIA (aka "IP masking") at the moment for Brave Payments. You might consider your users who are worried about data breaches and compromised servers as much as they are worried about Brave's intentions. Please don't take my criticisms personally.
> Putting these through separate Tor circuits is possible, as we also randomly space them out in time.
Oh, you do randomly delay ballot submissions? I have not been able to find any such logic in the code but would be happy to be pointed to it. The specific way in which you choose delays is, of course, crucial to it providing security.
> If your users must rely on you obeying a policy, then please just say that.
I did just say that, several times -- but with conditions that do not make it a matter of "policy" only. We agree IP address should be masked for self-funded users. Working on it!
We are very familiar with how any user log can be used as a history, but anonized proofs that can't link to a user id except illegally to IP address are not on the same level of threat as the Blendle, Flattrplus, etc. histories taken in the clear -- never mind Google et al. surveillance. To equate the tech and not make any distinctions does a disservice to us in my view. I'm not sure you did equate, but see next paragraph.
Tech alone is never enough for anything like what we are doing. Addresses matter, if not IP then on blockchain. There are side channels. There will be bugs. IMHO you have to include the social and legal constraints, too. Even a p2p with ZKP solution has some risk due to the blockchain addresses, which need purpose-limited terms under GDPR too.
On road, will get you links to code for randomizing time between ANONIZE sessions as soon as I can.
> Tech alone is never enough for anything like what we are doing.
You'd be surprised how far you can get. For example, protocol design exist that provide strong message anonymity: mixnets, DC-nets, and secure multiparty computation (MPC). Tor is great at its goals, but it accepts weaker security for low latency that Brave doesn't need. Tor is also unfortunately blocked in many companies and countries by technology and/or policy. Mixnets are freely available [0]. MPC is sold commercially [1]. (I have no personal or professional connection to either project.)
> On road, will get you links to code for randomizing time between ANONIZE sessions as soon as I can.
Looking forward to it.
Many thanks for the serious engagement. I look forward to recommending Brave to my friends and colleagues in the not-distant future!
Here's a non-tech issue that already causes some idealists to scorn us: most publishers want to be paid in fiat. That means AML/KYC/anti-sanction-list/etc. Pretty unideal but we are not waiting for others to achieve Utopia. We want to help creators get users funding them sooner, and while some take crypto, most (esp. of size) want fiat.
Honestly, I don't know why you need a blockchain in the first place. Just run your own accounting servers, which you already are doing for the Anonize ballots. It is certainly possible to take in money from identified (i.e. non-anonymous) users and pay out money to identified publishers without being able to determine which users are responsible for which payments to the publishers. However, I also don't see any problem with using Ethereum for transferring money.
Oh, that q ("why you need a blockchain") is easy. Fiat only would require us to be an MSB or MTA, heavy licensing lift and no ability to grant users for free from the user growth pool we precreated before the BAT sale. The user growth pool is the number one reason in my view.
Also we like macro-auditability from funding wallet to omnibus settlement, to show we took the %ages we promised.
From Marshall Rose: "the first deals with the delay in before asking for ballots (after a contribution) and the second deals with each delay between submitting each ballot."
New "brave-core" (chromium refork to get front end but w/o Google accounts/sync), the new implementation; narration by Serg Zhukovsky:
Thanks! The protection of the delay-based ballot-mixing looks somewhat weak.
I see that the delay from one ballot batch to the next is set to a uniformly-random time between 10 and 60 seconds. I also see that the ballot batch size is 10.
Let's assume that you have fixed the problem of the ballots being submitted in the clear and that they are instead send through a proxy on different TCP connections (or through Tor on different circuits). Let's also say that the news reports are correct and Brave has 4 million active users, and moreover that all have enabled payments (this is generous). Furthermore, assume that (1) there is no reason payments would start being submitted on any particular day or time, and (2) say, 20 publishers are paid 20 tokens each on average. Then the average number of users uploading ballots in any given minute - let's call them "neighbors" - is roughly (20 ballots/user / 10 ballots/batch)(20 publishers/month)(4e6 users)/(30 days/month)/(24 hours/day)/(60 minute/hour) = 3704 neighbors. That's not a very big anonymity set, but it's not nothing. Early adopters got screwed, though.
However, it gets worse. Based on BatClient::prepareVoteBatch() (bat_client.cc), it looks like each batch has ballots for a single publisher (if I'm wrong, privacy erodes even further). How many of those 3704 simultaneous uses are uploading to the exact same domain? I don't know how to guess (to be conservative, we should assume none). Moreover, unless the last batch happens to be a multiple of 10, that one will be unique in being a size less than 10. Both of these things make it easy in many cases to determine when you are finished uploading ballots for one publisher and are moving onto the next. If many of your neighbors have split a publisher's votes across multiple batches, then it seems unlikely that they will move to the next publisher at the same time, making your ballot submissions more linkable across publishers, exactly the problem we were worried about.
In addition, the time of each batch isn't independent because the delay is applied after the last one. For example, if one batch appears is sent quickly by chance, then the next one is more likely to be sent at a time close to the initial batch. Thus, to link two batches, you only need to consider the batches that end in the 10-60 seconds preceding the start of the second one. How many of your 3704 neighbors ended a batch then? The longer a batch upload takes, (due to latency & bandwidth), the less likely that the batch of any other user has ended in that short time frame.
There is also the issue of semantic linking. If I'm a relatively rare group, the sites I visit are likely to be linkable to each other as distinct from those of my neighbors. For example, suppose I speak Catalán and am involved in regional politics, or that I am a teenage boy in Iceland. How many of my sites are linkable based on those characteristics? And this linking can happen across "gaps" in the ballot-upload stream, where there is uncertainly about how the uploads are linked together, allowing you to get the inference "back on track".
Fortunately, the timing stuff seems fixable. Hiding the IP and separating ballots across connections is an essential first step, of course. but to handle timing issues after that, simply do the following: (1) submit all ballots individually; (2) schedule each ballot upload independently of the other ballots and at a uniformly-random time over, say, the next week or two, and if the user isn't online, reschedule.
The semantic issues with small populations seems harder. I think Brave should prevent itself from learning about votes for publishers unless enough people vote for the publisher. I don't see how to do this without a more powerful cryptographic protocol (it is absolutely doable, though, using MPC for example).
Thanks. Marshall Rose said in reply "That is a very good analysis about the traffic pattern. You are right about the batching of ballots for a similar publisher. That is an optimization to reduce the total voting period."
We will work on improving the system. Please mail me first at brave dot com if you want to correspond further. Thanks again.
By the way, please do let me know if I'm wrong and Brave does provide good privacy while enabling payments. I have turned off Brave Payments because of the privacy issue, but I would like to be able to re-enable them. Also, if my understanding is incorrect and there are written descriptions of Brave's technical design, I would love to read them. I have read and understood the Anonize IEEE S&P paper.
Brave claims to be 2-8 times faster than Chrome & Firefox on popular news sites. If Brave is based on Chromium, no ways it can be twice faster than Chrome. If it based on a new developed browser kit, it’s too fantastic to be true. It’s already a respectable performance if a new browser kit can come close to the unicorn browsers like Chrome & Firefox (Quantum). The whole thing is too fishy for my taste.
It's faster because it neither loads nor displays the ads, which are a huge portion of the page weight. In my subjective experience using Brave, I'd say 3-4x is about right.
BTW, the rampant inefficiency and bugginess of ads is what prompted me to install first AdBlock and then Brave in the first place. I have no problem with viewing ads or supporting content publishers; I do have a problem when the sheer weight of all the ads and trackers they include on their page means I'm waiting 10+ seconds for the page to load and there's a good chance of it locking up entirely. If the damn ad networks would just follow best practices regarding efficient & robust JS serving I wouldn't block them, but they don't, so I do.
As others have pointed out, Brave is much faster largely due to us blocking third party ads and trackers. These can account for more than 50% of your data at times. As a result, blocking them will result in better performance.
Block current ad tech and replace it with their own. Where does Brave hope to be in 10 years? Controlling the internet ad marketplace via their BAT token platform. Once the initial creators have earned their take and lost their will the platform values will be slowly (rapidly?) eroded and we'll be right back where we are today.
They actually explain what exactly is stored and what it is used for. You can see and control it as well. But on hacker news and this is an unpopular opinion.
You can for almost all of it. Don't sign in, or disable all kind of personalization and storage from your account settings. You can alao delete all your history, forever.
The problem with this approach is it feels like there are teams of smart people at Google with all of these "outs" in a shared doc and a timeline to slowly close them off one by one. There's no way to "win" in the longrun against that.
There’s adaway for Android (needs root) that downloads, merges and replace /etc/hosts with your favorite hosts blacklists, working system wide and not consuming extra battery: https://adaway.org
I respect the CEO's right to keep details of his opinions on other people's rights to himself. Unfortunately, the appearance of his Prop 8 donation makes me not want to send money his way. There are plenty of browsers out there.
Installed brave on Linux, the autocomplete is sluggishly slow which I guess is due to history search but makes it completely unusable. There's an open issue for that, but I wished they didn't market it with such a critical bug.
If anyone from Brave is here, I look forward to customizing the install location on Windows. I need to install to a secure area, not my user directory. I look forward to giving it a good test when I can.
i have lot count of the number of browser projects that positioned themselves as an alternative to XYZ existing product. not saying it doesn’t happen (chrome) just that there are often several attempts made that rise and fall quickly. adding cryptocurrency may be an interesting spin...but in the end it’s just a spin and the core loop is not much different. best of luck to them!
Just need to say that I really appreciate different people taking different approaches to ad security and privacy enhancement. I have so distressed by the amount of malware that has been infecting people's networks from mainstream sites it scares the dickens out of me.
The privacy things also really disturbs me.
I don't mind seeing an ad and you getting paid for it when I read the latest changes to the HPV guidance from the FDA for example, but I don't want multiple evil places like "addthis" "add-to-'any" and the likes to be creating some kind of profile and selling it.
The newspaper ads did not tell others that I read the "whatever article" in the paper.
I also can not stand moving ads. SO many really good articles are ruined by animated gifs/mp4s jumping for attention. It saddens me, and likely the authors of really good long form articles, I think from the Atlantic and NYTImes recently I was taken out of the feeling and captivating moments of articles to look at the moving distractions next to them many times.
This not only made articles take twice as long to read, but made them much less impactful, and harder to remember.
These are some of the reasons I posted a while back (http://www.ideasandwritings.com/2016/adblock-into-fairblock/ ) the desire to have an ad-blocker with some 2 way communication so I could have settings that block all third party ads, and moving ads, but would gladly accept static self served ads from sites that had reasonable privacy policies.
I would take it further and offer up some extra data points to those ads the were guaranteed secure so you could make more money and "i could get awesome ads relative to me" - I imagine many others would be happy to offer city, sex, and age for example, if privacy was controlled by "reputable publisher on list here" for example.
For these reasons I seriously applaud this project. It's not perfect, but it seems to be the closest to what I wrote about some time ago - and I think it's a huge jump in the right direction.
I applaud all the attempts, ad blockers, micro payments, different models for payments and attention - lets try everything and find what works for different people.
So glad to see publishers jumping on board to get some ad revenue from those who would choose to block privacy stealing, possible malware sending ads. Now if we can fine tune it a bit more I'd love to see some back and forth discussion between my browser and the ad server. (no alcohol ads, yes to tech, static only please, male, etc)
Heck I might actually click and buy to support more if the ads get better, not just more attention stealing which seems to be the race to the outrageous that clickbait and such is going.
Brave, DuckDuckGo, Vivaldi, etc... are examples of the parasitic products that are trying to make use of the current privacy paranoia to earn a very tiny market share while they aren't any different from the big players. They only look innocent because they are small not because they are different.
How do you think these products are parasitic? And how do you think they add the same as Chrome?
I’m not familiar with Vivaldi, but DDG has a different business model because it’s self imposed limitations on user data that has privacy sensitivity.
And Brave is quite different as it eschews ads altogether and rather uses its Basic Attention Token for users to directly find sites and take a cut [0]. This method requires no user data and is really different that Chrome that requires extensive user personal data to maintain its desired profit margins.
You can make a thin argument about Brave being parasitic. Blocking ads, but allowing people to opt-in to ads for which Brave takes a cut. But I don't even see any argument at all for bringing DuckDuckGo or Vivaldi into the discussion.
* DDG is a search engine that doesn't track its users. It kinda sorta emulates Google's look-and-feel, but so does Bing and Wolfram Alpha and search.yahoo.com and everyone else.
* Vivaldi is yet another Chromium-based browser, for the microscopic niche of Opera fans who feel that Opera "went mainstream". If it's parasitic to base a browser on Chromium, then Chrome itself is a parasite for forking off KDE's WebKit.
Are you arguing that using privacy concerns as a marketing tool, to compete for a slice of Google's monopoly, makes one a "parasite"? Because not only is that a poor argument in the abstract, it doesn't even apply as Vivaldi doesn't really promote itself on privacy grounds.
I think that a small company has to treat their users more carefully. Big companies get various kinds of lock-in (depending on the product): inertia, user familiarity, network effects, and a large percentage of the users that don't do things like put thought into their choices and switch.
I think that they will tend to behave better as small companies. Most large companies started off as small companies doing good things. But you should probably accept that if they become dominant players, you will have to jump ship again at some point.
I don't know about "paranoia". Google, Facebook, etc. can gather a lot of information and perform very sophisticated analysis on it, and aside from what we know they do with it, they can accidentally leak it, get compromised, or just flat-out get more evil in what they can and will do with it as time goes on.
i had a similar idea. a local client that scrapes (ahem, reads) forum sites and formats the content in a consistent way. with much more powerful UI. like tapatalk, but actually good.
oh, and it removes site ads and inserts it’s own. then it holds the forums hostage to get into its own ads model.
I am going to build something similar to your first part, essentially a client-side proxy backed by a headless browser that serves up your favorite sites' content sans crap.
To your second part, I won't be doing any of that ad replacement (consent or not, just like I don't with my Chromium-based browser with native ad blocking).
Brave doesn't insert ads onto publisher sites without publisher consent. We have a parallel digital advertising component (opt-in) which leverages machine-learning on your device to match ads, and pay you as much as 70% of the ad revenue. This model is faster, safer, and more beneficial to everybody involved.
Brave moved away from that to Muon[1], which (IIRC) was originally very close to Electron, but now[2] actually is just a minorly-patched version of upstream Chromium.
They've since moved from Muon to Chromium for the browser chrome[3].
The link to brave.com has been around for a while in various incarnations on Hackernews. Interestingly OP didn't trim the /index/ part of the URL so the main URL has another chance to be part of the frontpage.
The Brave browser loads pages faster, because it completely ignores the web standards (i.e. it does not show you what the author wanted you to see). Precisely, it does not load and display some elements, which it considers to be ads (or at least that is what they want us to believe).
If the page author writes <body id="ads"> ... , normal browsers will show you the content of the <body>, while Brave will show you nothing (in 0.001 seconds) :D
Personally, I think that using browsers, which add / remove / rewrite (i.e. censor) the web content for you, is quite dangerous. If it rewrites the Google Search results once in a while, or rewrites some part of the news, you would not even notice.
Users' right to block is well supported by web standards and case law. Adding a separate, direct to creator funding option is not parasitism, it is found money for creators.
To see someone here call our opt-in (meaning that each user consents without duress) anonymous micro-contributions and (coming up fast) private ads model layered on top such a name tells me that person has confused host and parasite, or is working for one of the parasites.
It was never a given that your browser should become a blind and passive servant to surveillance super-companies either wholly or partly dependent on ads, but such companies did capture arguably 3 of the top 4 browsers.
Now is the time for users to push back, whether by Brave if you like it, a blocker such as uBO on a browser that doesn't track you by default (perhaps when "logged in"; whatever), or another method that works for you. I hope those who have not yet will give Brave a try. https://brave.com/download-dev for the chromium-extensions-ready new version.