
Brave files adtech complaint against Google - petethomas
https://www.reuters.com/article/us-europe-privacy-complaint/mozilla-co-founders-brave-files-adtech-complaint-against-google-idUSKCN1LS2JL
======
nightsd01
From what I understand, Google isn’t actually giving away people’s data to
“hundreds of companies” for advertising purposes.

When an advertiser wants to target a specific group of people, Google doesn’t
say “here’s everyone’s private data, good luck”. GOOGLE does the filtering and
targeting internally.

I’m sorry but that isn’t evil or bad. Unless we want to start paying for
google searches and Facebook, this is how it’s going to be. And personally, I
actually _like_ getting ads relevant to my life. For example, I even got my
current job based off a highly relevant Facebook ad.

My personal suspicion is that people are just jealous of how much success
Google and Facebook have had.

~~~
jonahx
> My personal suspicion is that people are just jealous of how much success
> Google and Facebook have had.

Ah, yes, a classic: "All criticism of success and power stems from envy."

Impervious to pushback (since that would only prove you'd pushed the hot
button of painful truth) and always plausible-sounding, this is truly a
brilliant weapon for snuffing out legitimate complaints and healthy
conversation.

> Unless we want to start paying for google searches

I, and many others, would _jump_ at the chance to pay for an internet without
advertising and dark advertising tactics. I happily pay $10/month for youtube
red, just to avoid the ad videos, and that's cheap at the price.

~~~
h43k3r
There are more than billion people in India who will be internet users and who
don't have the ability to shell out this kind of money. 10 dollars is probably
2 day salary for many workers.

~~~
finnh
By the same logic, Google cannot charge much for targeting ads at those same
people. So I am not sure what your point is.

~~~
luoji_
The point is that targeted ads are a small price to pay for services like
google that are so instrumental to the lives of most people. The reach that
this model provides probably outweighs the benefits from being purely
subscription based anyway.

~~~
geezerjay
> The point is that targeted ads are a small price to pay

That's your personal opinion, and that's ok. However, others may and do have a
different opinion.

------
martindale
Brave's strategy of replacing ads with other ads isn't going to do anyone any
good. They could've used payment channels to build a content distribution
network, but alas...

~~~
jonathansampson
I'd like to respond, as a developer on the Brave project. We don't simply
replace ads with other ads. The entire ad landscape has been co-opted by those
who aim to collect as much data about you as is possible.

Over 600 million devices were running some form of ad-blocking software in
2017, and that was an increase of 30% from the year prior. This number keeps
growing, year over year. Something has to be done.

Users who come to Brave are already blocking ads. They understand the risk
involved in letting third-party software collect information about them, their
person, their browsing habits, and more. Further, the risk of drive-by
downloads is on the rise (or the growing popularity of crypto-jacking).

Brave blocks ads and trackers for safety and privacy reasons. But we are not
so naive to miss the impact this has on well-meaning publishers. This is why
we created the User Growth Pool, and the Brave Payments system. Every month we
pour hundreds of thousands of dollars back into the pockets of content
creators by way of BAT (Basic Attention Token) grants, distributed freely to
users of the Brave browser.

But grants won't last forever, something sustainable has be erected in place
of the incumbent digital advertising system. This is where Brave Ads comings
into play.

For users who opt in, Brave can deliver better quality ads, without the risk
of personal data leakage. We do this by using local machine-learning to
understand the user better, and making local decisions as to which ads should
or should not be shown, and when (the user controls all of this). Furthermore,
the user gets 70% of the ad revenue for browser-private ads.

When you consider the amount of money lost to digital ad fraud each year (over
$20,000,000,000 I believe), you can see how the Brave system would lead to a
much better, and more sustainable future for the web.

We're not simply replacing ads. We're rescuing an industry.

~~~
britch
I'm curious, do you have any evidence that most people are installing ad
blockers as a privacy measure?

I don't have any hard evidence, but I imagine most people block ads because
they don't want to have to scroll past a bunch of banners and videos to read
the article they want to read. Certainly there are many people who are
concerned about privacy, but I don' think that's what's driving the popularity
of ad blockers. At least personally I have always viewed ad blockers like DVRs
for the web.

~~~
kevin_thibedeau
I install ad blockers because I don't want to get auto redirected to a porn
site which some unscrupulous ad vendors make possible. I tried going blocker
free at work for 6 months. uBO got installed the day I was sent to a porn site
by malicious JavaScript after clicking on an innocuous link.

Google won't address the JavaScript problem with their ad network so I cut
them off.

~~~
guiomie
Sample bias here. But this hasn't happened to me since the early 2000's. I do
not have any ad blocker, no ad bothers me, unless its an adult site, they've
gone really crazy there.

~~~
icelancer
I got forcibly redirected on a baseball statistics site multiple times while
not using Adblock (my mobile phone which didn't have it). It happens all the
time.

------
_red
Its admirable what brave is trying to do. Practically speaking, its one of the
best chance we have of creating a new internet where the incentives are more
privacy focused. Hope they succeed.

~~~
Sephr
They're so admirable that they take a 5% cut of your donations to sites you
visit and replace ads with their own.

Call me crazy, but in no future can I imagine anyone willingly paying their
browser vendor for anything. Brave isn't the future, it's yet another cash
grab.

The real future is fully-decentralized websites, and it doesn't require new
browsers.

Edit: Fixed inaccuracy pointed out by Brave developer

~~~
Filligree
> The real future is fully-decentralized websites, and it doesn't require new
> browsers.

Let's say I want to run a forum. Something equivalent to, hmm,
[https://forums.sufficientvelocity.com/](https://forums.sufficientvelocity.com/)

How do I do that as a decentralized website?

~~~
fixermark
Hypothetically, you could use something akin to Usenet's technical model (as
that was a fully-decentralized message board collection).

But that will have implications for latency of post updates, security, and
complexity of maintaining the system.

~~~
munificent
_> you could use something akin to Usenet's technical model (as that was a
fully-decentralized message board collection)._

That was effectively funded by taxpayers by way of universities.

Maybe the answer is public funding for online content, but we should be clear
about it. This is an economic problem, not a technical one. Federation might
slice the economic problem into smaller pieces, but they still need to be paid
for.

~~~
setr
Slice it down enough, and the average user can donate without much issue

Slice it down even further, and it can simply be the cost of entry. In the
same fashion that P2P sharing communities usually require that you make X gb
of data available before you can join, or closed torrent communities require
an even seed/leech ratio, your federated network can require that you allow
upload and 10gb of hard drive space to use (or vary based on usage or
something)

Distribute the cost to the point that for any given person the cost is
negligible is the ideal.

------
losvedir
I used Brave for a while, and still like it, but ultimately this bug[0]
prompted me to move back to mobile Chrome, unfortunately. Hope they fix it
soon!

[0] [https://github.com/brave/browser-android-
tabs/issues/459](https://github.com/brave/browser-android-tabs/issues/459)

~~~
therealdrag0
Ya. I like the idea, but it was took buggy for me on iOS.

~~~
jonathansampson
I love to invite the two of you to try the desktop builds; we recently
announced the developer preview builds of our brave-core version (on track to
be our 1.0 release). This version will also bring some unity to the desktop,
iOS, and Android versions.

You can find this version online at brave.com/download-dev

Also, thanks for the bug link. If there are any other items on iOS and/or
Android that I can review, please do share.

------
andirk
Via advertising networks, I have been able to send messages to my friends via
vanilla advertising campaigns. If you are not aware, understand that your
internet activity can pinpoint you exact via simple ad networks and nothing
else. I like Brave.

~~~
harryh
I would love to read more about how you did this. I bet it would be
illuminating for many HN readers.

~~~
berbec
No GP, but [1] How I targeted the Reddit CEO with Facebook ads to get an
interview at Reddit) may be of interest to you.

1:
[https://news.ycombinator.com/item?id=17110385](https://news.ycombinator.com/item?id=17110385)

------
lwansbrough
Where can I file my adtech complaint against Google? (No where, trust me.)
Their "algorithms" think an SVG on my site is malware (it's downloaded from
the Apple website -- you know those "Get it on the app store" buttons?)

Now we can't even show an in-house ad without getting an error about the site
having "malware".

------
manigandham
Google (and Facebook) already have consent from the majority of users who
don't care about this and would rather keep access to gmail, youtube, and
social networks.

Nice try, like GDPR itself, but the intent does not match the implementation.
There are trillions in market cap standing in the way and this will end in
nothing but a waste of legal fees.

~~~
tjoff
GDPR consent doesn't work like that...

~~~
blub
OP is working in the ad space and he's been complaining about the GDPR
forever. They're still in the denial phase.

~~~
manigandham
I'm sure you think you know something about me from a cursory browsing of my
comment history, but that wouldn't reveal anything important like the fact
that I'm one of the top 5 people in the ad industry who has called for
regulation for years, and actually spent the time and money on trying to make
it happen, and also did so in the US market which completely dwarfs anything
in Europe.

But since you're operating on assumptions and have nothing better to offer
than saying "denial", then I'll just go ahead and assume that your experience
with both adtech and GDPR amounts to something less than insignificant and
that your future comments on this topic will remain lacking.

------
jimbokun
"The GDPR is the first data privacy regime that foresees heavy fines for
serious violations - of up to 4 percent of a company’s global turnover."

What would happen if a company decided that 4 percent of turnover is much
cheaper than properly securing all of their data, and just chooses to pay the
fine every year?

~~~
Kalium
For a public company? Probably rapid replacement of the C-suite. Almost nobody
has margins fat enough to put up with that.

~~~
devmunchies
Would pulling out of EU be a better decision in this scenario?

~~~
Kalium
Depends on how large the company's expected market is there. In most cases,
the sheer size and wealth of the EU makes this also a bad idea.

Of course, there are hypothetical scenarios - though I can't think of a
realistic one right now - where the EU division is only profitable with the
economies of scale enabled by worldwide data-sharing. The assumption that
anything and everything can be done profitable in a GDPR-compliant way is
naive at best, deluded at worst, but not universally wrong.

Though between GDPR and the link tax proposal I can see news aggregators
ceasing to exist entirely within the EU. Which seems very likely to do a great
deal of harm to a lot of newspapers.

------
DevKoala
Brave is trying to fix the broken ad-tech industry with a monopoly on the
decision of what gets tracked and what doesn't. I am not behind it at all.

~~~
jonathansampson
Respectfully, you're not at all correct. Brave is aiming to cut out the
tracking entirely. No user tracking. That's our default, out of the box
behavior.

Brave Ads, which is an optional component, also will not track the user. Local
machine-learning will decide what willing users are interested in, and whether
or not to show them particular ads.

The Brave Ads system is antithetical to the current form of digital
advertising. Rather than radiating personal information to innumerable third
parties, you secure your data on your device, and let your device privately
and securely determine what you would like, or would not like, to see.

~~~
DevKoala
"Local machine-learning will decide what willing users are interested in, and
whether or not to show them particular ads."

How are you countering my claim? It is trying to establish a monopoly on the
ad-targeting protocol. Brave is not a regulated party, and as well-intended as
Brave could be, all it essentially doing is moving one part of the
architecture to the client, and granting control over it to a single party.

Google used to "do no evil" what guarantees Brave will not?

~~~
jonathansampson
You're downplaying the implication of "moving one part of the architecture to
the client". This inversion of the model means the user is sovereign over
their data. It means ad fraud (responsible for billions lost) is dealt a
massive blow. It means the publisher doesn't have to watch hand after hand
take from their revenue before it reaches them. It means the user, finally,
can get paid for the limited commodity called "Attention".

As for what guarantees Brave won't do evil, look at our design principles.
When it came to syncing data from one device to another, we designed it in
such a way that we could never see what data was moving from device to device.
Encryption on the machine shields all eyes, including our own, from your data.
Consider also Payments--the user's ability to support content creators. Even
here we implemented the ANONIZE protocol to protect your anonymity and
privacy. That alone wasn't satisfactory, so we also channel the info through a
VPN to mask your location as well.

All that we do remains open, and engineered in such a way that Brave couldn't
abuse your trust even if we wanted to. This future friendly principle ensures
that Brave couldn't turn sour on you in the future; not without a massive re-
engineering effort beforehand. But even then, all of our code is open and
auditable.

Google was "Don't be evil," but Brave is "Can't be evil." The difference is
subtle, yet profound.

~~~
spiritcat
Theoretically, could the (server-side) records of which ads the local machine
learning decided to serve be reverse engineered to extract most of tracking
info?

Local AI keeps sending this guy ads for shoes and cottage cheese == this guys
keeps searching for shoes and cottage cheese?

~~~
jonathansampson
There will definitely be clever attempts to game the system, but bringing the
experience into the browser, and onto the user's device, gives us the home
advantage.

We have a passionate group of security-minded folks internally who have been
exploring ways to game the system, and closing those holes preemptively.

I'd love to see us publish something in the future about specific types of
attacks which work on the present-day model, but not on our model.
Additionally, what types of new attacks could be possible, and how we've
prepared.

Suffice it to say, having the home-field (the user's machine) advantage is
going to play well in our favor.

Great topic!

------
kingbirdy
Seems like a strange choice to file a GDRP complaint in a country that will
stop being an EU member state in less than a year, but I'm sure their lawyers
know more than I do

~~~
frabcus
The UK Government has said GDPR will continue to apply after Brexit, and
passed the laws to make that the case.

[http://www.blplaw.com/expert-legal-insights/articles/gdpr-
an...](http://www.blplaw.com/expert-legal-insights/articles/gdpr-and-brexit-
uk-government-unveils-data-protection-plans)

The official reason given being: "Over 70% of all trade in services are
enabled by data flows, meaning that data protection is critical to
international trade."

While Britain is on course to leave the EU (one specific body), it will
continue to co-operate at a European (continent) level in all sorts of ways.
Common data protection legislation being one example.

I'm curious though why Brave chose Britain and Ireland as the two places to
complain. Maybe because English speaking?

~~~
floatingatoll
Google EU routes all revenue through an Irish shell corporation, right?

------
forapurpose
They are arguing that the surveillance core of adtech is a GDPR violation, if
I understand correctly.

> The complaint argues that when a person visits a website, intimate personal
> data that describe them and what they are doing online is broadcast to tens
> or hundreds of companies without their knowledge in order to auction and
> place ads.

It would be great if someone with real expertise in GDPR or adtech could
provide context: Isn't this violation obvious and therefore don't the adtech
companies have a strategy prepared? Could a ruling effectively outlaw the
modern surveillance-based online business model and therefore wouldn't this
issue be existential for adtech?

I don't know the details of GDPR and its application; perhaps this issue is
narrower than it appears or maybe there are substantial ways to workaround a
ruling and preserve the adtech model.

~~~
vkou
Generally speaking, ad networks don't sell personal data. That's their secret
sauce - selling it is largely counterproductive. I can't call up Yahoo, and
ask to buy the personal data of "forapurpose". If I could, it would take me a
few million dollars to build a clone of their most valuable asset - their user
database.

What they sell is ad spots in webpages, when those webpages are visited by
people who satisfy some demographic matrix. The data itself, generally, does
not get sold.

~~~
pacala
While it is technically correct that ad networks don't sell personal data, it
is also irrelevant. It's not the bits that matter, it's what one does informed
by the bits. Ad networks sell _actionable insights_ informed by personal data.

An ad network answers the question 'what is the best way to spend $$$ and win
this election' _using_ personal data of millions of people, but not
_revealing_ the personal data to the paying customer. The paying customer is
highly unlikely to have the technical acumen to turn personal data into
actionable insights anyways, service readily provided by the ad network. The
fact that personal data was not revealed is irrelevant, the end effect was
bought by anyways.

The evil is in collecting personal data to begin with, not in the technical
manner it is used against the people it belongs to.

~~~
Nasrudith
While there is some evil involved with targetted advertising there is a
significant difference between that and direct data selling. The latter would
be way worse. One tries to sell you weird stuff after you look up the infamous
giant barrel of lube after hearing about all of the joke reviews. The other
gives the lines of an honest man to hang you with to anyone willing to pay and
spin you as a colossal pervert.

It is why video rentals were protected information. That and the sublime
trolling of reading Robert Bork's video rentals into official record after he
stated there was no constitutional right to privacy.

~~~
pacala
Fair enough. N:M surveillance is worse than N:1 surveillance from a personal
perspective. Though unclear if that also holds at scale. They are still both
evil and much worse than no surveillance.

~~~
Nasrudith
I wonder about the disconcerting counterpart of radical transparency as in
everyone surveilled and everyone has access. It would require a lot of soul
searching about destroying all of the uncomfortable private hypocrisies but
would force honesty and limit corruption. It would probably force either
tolerance of previously dark secrets or conformity. Unfortunately cognitive
dissonance is also a powerful force. Hypocrisy is only okay when we do it and
all that.

------
cjhanks
I am not familiar with everything relevant here but...

Often sites using ads will have JavaScript enabled. If I wanted to extract
private information about my users - I need only scrape the content of
sponsored advertisement.

Google does the hard work of aggregating and anonymizing the data, I simple
scrape their results on my page.

------
buboard
I 'm all for the EU trying to enact protectionist measures against the US
invaders, but I'd rather they would do it in a straightforward, china-firewall
way, than with these firework-like regulations that don't benefit the EU at
all y (I mean, let's admit it after 20 years, EU just can't compete). On the
one hand, GDPR has not reduced my ad revenue (Nor google's), despite not
having tracked ads (which reinforces my belief that tracking is marketed as
way more effective than it is). Now, this directive will not deprive Google of
any revenue, while it will actively hurt the eu publishers big time (which
google will drop).

------
GuB-42
Good, whatever the result will be, it will hopefully clarify what GDPR is all
about.

------
dkhenry
Maybe they can get Netflix working on Linux in addition to trying to use
governments to shut down their competition. I _want_ to use brave, but without
a fully working browser its hard to switch off firefox.

~~~
jonathansampson
Can you elaborate as to what issue(s) you're seeing with Netflix? I know that
we use WideVine for DMR content; it could be that this simply isn't an option
for the time being. If you can share more information, I'll do my best to
address it in a timely manner.

Also, version information would be helpful. In brave-muon you can find this in
about:brave. In brave-core, it's in about:version. Thank you!

~~~
dkhenry
Netflix reports widevine isn't available. I am running stock ubuntu and I
installed Brave from the official brave-apt. Here is the github issue where
you are tracking when it will be done [https://github.com/brave/brave-
browser/issues/413](https://github.com/brave/brave-browser/issues/413)

Also for good measure my version info

Brave: 0.23.105 V8: 6.8.275.24 rev: 9a46f8f5cb22a9daf2af21989aed25911aa6f839
Muon: 8.0.9 OS Release: 4.15.0-29-generic Update Channel: Release OS
Architecture: x64 OS Platform: Linux Node.js: 7.9.0 Brave Sync: v1.4.2
libchromiumcontent: 68.0.3440.84

~~~
jonathansampson
Thank you for the excellent response, and for linking to the issue on file.
Glad to hear that it's already on our radar, and being tracked.

All the best!

------
MarkMc
The problem with GDPR is that it allows the website to decide how to ask the
user for permission. That means the website can have a big bold button saying
"I agree" next to a small gray link saying "I do not agree". Moreover if the
user clicks "I do not agree" the website can nag the user often until he or
she chooses the 'correct' option.

------
_xgw
This comes at the same time that Malwarebytes starts flagging Brave as
malware[1].

[1]
[https://twitter.com/lukesawczak/status/1039854898068815873](https://twitter.com/lukesawczak/status/1039854898068815873)

~~~
sam_goody
Malwarebytes has had a few (seemingly) false positives lately. Anecdotally, I
was just hit by it falsely flagging BeyondCompare and my password manager.

I assume they have just upped the ante of their heuristics, but am still
concerned about the fallout, since I am starting to ignore them.

Not related, but considering that it does not scan except on demand, why is it
ALWAYS running? Who vouches for Mr. Malwarebytes?

~~~
jonathansampson
It was indeed a false-positive:
[https://twitter.com/thomasareed/status/1039939712704819200](https://twitter.com/thomasareed/status/1039939712704819200).
As for vouching for MB, I know some of the people behind the project, and
they're spectacular. For years I have assisted with deobfuscating malicious
JavaScript and more. They seem, to me, to have the purest of intentions.

(Not an official Brave endorsement, but I personally like their team)

------
fiatjaf
The Basic Attention Token is an idea waiting to be reimplemented with Bitcoin
and Lightning.

~~~
nil_pointer
What is special about implementing anything Bitcoin+Lightning? BAT clones are
already being developed on EOS and IOTA (both speedy networks with 0 cost
transactions). Here's the IOTA advertising project:
[https://oysterprotocol.com/](https://oysterprotocol.com/)

~~~
fiatjaf
Didn't know that. It's good news people are willing to reimplement BAT.

Special about Bitcoin+Lightning is that these are probably going to last and
truly function as money while these others you cited don't.

~~~
sincerely
This is a really strange claim, from the perspective of someone not invested
in any specific implementation of crypto or blockchains...why would the first
product in a given (tech) category be the one that lasts the longest? That
would be like expecting WebCrawler to be the dominant search engine or Six
Degrees to be the dominant online social media site, or Mosaic to be the
browser with the highest usage %. I can't figure out why someone would make
this argument unless they have a personal interest in keeping Bitcoin's value
high.

~~~
fiatjaf
Basically you think Bitcoin cannot ever be "the one that lasts the longest"
just because it was the first implementation? That's a valid argument, but it
makes no sense to think that all other arguments that claim the contrary are
invalid and can only be made by people with evil intentions of enriching
themselves.

~~~
sincerely
I mean, you just made the claim without any sort of support besides saying
that BTC + Lightning alone will "truly function as money" and, absent any
arguments, it's much easier to imagine the opposite.

I think it's reasonable to think that people that just say "bitcoin good
altcoin bad" without really saying anything else aren't making good faith
contributions to discussion and may have other motives.

------
atomical
A few typos in the article:

> Were the regulator to find in favor of the plaintiffs, that could undermine
> the foundations of the data-driven model on with the online ad industry -
> forecast by research firm eMarketer to grow to $273 billion this year -
> depends.

with = which

The GDPR is the first data privacy regime that foresees heavy fines for
serious violations - of up to 4 percent of a company’s global turnover.

foresees = oversees ?

~~~
dmix
foresees is perfectly fine in that sentence.

~~~
atomical
Are they actually predicting that outcome?

