Hacker News new | past | comments | ask | show | jobs | submit login
Brave files adtech complaint against Google (reuters.com)
464 points by petethomas on Sept 12, 2018 | hide | past | web | favorite | 265 comments

From what I understand, Google isn’t actually giving away people’s data to “hundreds of companies” for advertising purposes.

When an advertiser wants to target a specific group of people, Google doesn’t say “here’s everyone’s private data, good luck”. GOOGLE does the filtering and targeting internally.

I’m sorry but that isn’t evil or bad. Unless we want to start paying for google searches and Facebook, this is how it’s going to be. And personally, I actually like getting ads relevant to my life. For example, I even got my current job based off a highly relevant Facebook ad.

My personal suspicion is that people are just jealous of how much success Google and Facebook have had.

> My personal suspicion is that people are just jealous of how much success Google and Facebook have had.

Ah, yes, a classic: "All criticism of success and power stems from envy."

Impervious to pushback (since that would only prove you'd pushed the hot button of painful truth) and always plausible-sounding, this is truly a brilliant weapon for snuffing out legitimate complaints and healthy conversation.

> Unless we want to start paying for google searches

I, and many others, would jump at the chance to pay for an internet without advertising and dark advertising tactics. I happily pay $10/month for youtube red, just to avoid the ad videos, and that's cheap at the price.

There are more than billion people in India who will be internet users and who don't have the ability to shell out this kind of money. 10 dollars is probably 2 day salary for many workers.

By the same logic, Google cannot charge much for targeting ads at those same people. So I am not sure what your point is.

Price discrimination is harder to scale than ad targeting.

... they engage in price discrimination when they do ad targeting. You know it doesn't cost an advertiser the same amount to target people in India as it does over here, right?

Yes. Perhaps consider reading comments in the light of, rather than in order to snarkily make, the obvious points.

To be fair, advertisers are significantly less likely to complain about price discrimination than end users.

The point is that targeted ads are a small price to pay for services like google that are so instrumental to the lives of most people. The reach that this model provides probably outweighs the benefits from being purely subscription based anyway.

> The point is that targeted ads are a small price to pay

That's your personal opinion, and that's ok. However, others may and do have a different opinion.

Why is Google instrumental? I can use the internet without Google. Search engines like DuckDuckGo are free. Other email like ProtonMail is available for free. You can run free services and use different ad models, they don't have to be spyware based.

I paid for YouTube red until I got tired of googles own ads promoting their own content which I had zero percent interest in. I’d dismiss and disable it and it’d just come back the next day. So much for ad-free.

Now I use youtube-dl and avoid supporting google in every way I can. They seem to break every principle and promise made to a calculated degree so someone can always point at someone else doing it worse. The real result is they are eroding the status quo. Privacy, content rights, fair search, unburdened UX, have all taken big hits over the last decade and it’s all by choice. Google didn’t accidentally end up here.

I find Microsoft’s behavior annoying and desperate but it’s also not so different from Google. We just consider the contexts different since Google “owns” its website it can do what it wants even if it’s on in a browser on my machine vs the windows shell.

> would jump

This used to exist: https://contributor.google.com/v/beta

Not many people were interested, so it got scaled back to an opt in model.

So it's not that many others willing to pay for this.

I do think that Google has data sharing with "hundreds of companies". These are not advertisers, these are ad companies. They recently updated to comply with GDPR.



Edit: And about it being "evil" or "bad", let's just say that it is "unnecessary" (from a user viewpoint). You can still make money from ads without hovering up user data. But then you don't make money from users not clicking on the ad, and it is slower to build up an effective profile. Relevant ads are better than irrelevant ads, but nothing beats no ads at all. The best future ads will not look like ads at all (but will be hidden inside reviews and editorials).

You'd prefer paid reviews over ads? Ads are honest. You know who paid for them and the intent is clear.

Ads honest? And their intent is clear? What is honest or clear about an ad that says "doctors dont want you to know this"?

That's not the point. The point is the ad is clearly marked and separate from the content you want to see. The other type of ad is known as "selling out." Where a legit content creator abuses their viewers trust in them to put out false information for financial gain. I would much rather have the first option. Although I think a paid tier with no ads is respectable as well.

Modern advertising is an industry rife with abuse and coercion. The ad industry is to blame. Content creators can be evil to, but enabled by the ad industry who is happy to be in like company.

If I followed you around with a paper advertisement, wrote down where you frequent and who you talk to in my notebook, and left a copy of the advertisement everywhere you went, you would call the police. Online advertising does just that and much more and they do it with impunity.

You can't really draw parallels with the virtual and real world. Starting at someone's Facebook profile pic is not the same as standing next to the person and doing the same.

But the tracking is in the real world. Adtech for tracking your presence in store and then online and connecting the dots has been in action for some time. You don't even need GPS enabled.

I meant "the best" for the advertisers, not necessarily for the users. It is possible to do this transparently and there are times when users may actively search such "ads" out (and being paid a small fee, instead of that fee going to ad click companies), but the trend is going to obfuscation. You can block ads, but you won't block content.

In a sense this complaint and PR is such a form of obfuscated advertising. The money and technological skills is in the hands of the advertisers, not the users, so this will be an unfair fight (advertisers will be better at hiding ads, than users are able to detect them).

At least reviews don’t mine bitcoin on my box, come with malware, chug my processor, and track me across the web. Ads stink, but it’s the fact that ads have become synonymous with info brokering, spying, and all of the rest that makes me ready to dance on the industry’s grave. Maybe 5 or 6 years ago I’d have cared about what Brave had to say, now I have uBlock Origin and uMatrix and I evangelize it to everyone I know offline. I won’t be going back because of a long delayed come-to-Jesus moment had out of desperation.

Besides, a lot of ad supported sites are hideous, and the sooner they can’t support themselves and stop cluttering the net, the better. HN will still be here, most of the sites with articles submitted here will be too. The best content out there is free, crowdfunded, or paywalled, while the worst of clickbait is ad supported. Besides, it’s so much more relaxing to avoid ads, I don’t have to waste thinking about how they’re trying to manipulate me into buying tat, make me feel inadequate unless I buy their products, etc. When you stop seeing ads online, on tv, and then you watch some cable or unfiltered internet... it’s horrible. Marketing is a grim, tiring, assault on the senses aimed at the absolute lowest common denominator, and I’m glad to be rid of it and hopefully eventually, the businesses which make it.

This industry that abused everyone it could until a technical means to fight back was developed, doesn’t deserve any more chances. This whole, “oh we’re the good parasites, we’ve figured out that it’s bad to kill the host, we just want a slice out of you,” shtick deserves to go over like a lead balloon.

> When an advertiser wants to target a specific group of people, Google doesn’t say “here’s everyone’s private data, good luck”. GOOGLE does the filtering and targeting internally.

> I’m sorry but that isn’t evil or bad.

It isn't evil, but it can be bad, and very much so.

Google doing the filtering and targeting follows after Google has profiled and labeled you, an action you generally would have no recourse against. This is similar to the No Fly List: you might have no idea how you got on there, but once you're on it, that sticks.

With Google's reach being what it is, the consequences after having been automatically labeled can be a frightening thought. You don't even have to have a Google account to feel the effects, shadow profiling can lead to the same result.

One of the positive things of the GDPR is that it recognized this problem in Article 22, and provisioned that a data subject has a right to contest decisions based on automatic profiling.

or this is just a PR stunt on a company who's trying to trumpet their "we block trackers like Google" functionality.

I'd bet it's a PR stunt. They're getting all kinds of publicity from this.

...that said, I installed Brave this weekend and am posting this comment from it, and I gotta say that it's really nice viewing a web without ads. I'd forgotten how pleasant browsing the web can be when you're not downloading the 100 or so ads & trackers on a typical news article and playing cat-and-mouse with their anti-AdBlock code. So from my selfish user's POV, this is a win.

Or you can just install uBlock Origin. I don't see what Brave brings to the table.

Brave is mostly used as a mobile browser.

It is far more practical to download an already adblock-included brower than having to mess with extensions on mobile.

I installed it soon after switching to Android from iOS and I have no complaints, it is fast and it just works.

> It is far more practical to download an already adblock-included brower than having to mess with extensions on mobile

You don't need to "opt in to receiving ads sold by Brave Software in place of the blocked ads" for that.


It's less seamless and user-friendly to have to install F-droid and deal with whatever OS permissions are needed before installing Bromite.

The earlier concern about data sharing and privacy by advertising companies is not an identical problem to users being served ads.

I suggest reading this comment from one of the dev: https://news.ycombinator.com/item?id=17972072

> We're not simply replacing ads. We're rescuing an industry.

That's nice, but as a user I have no interest in rescuing the ad industry. The sooner it dies, the better.

I had AdBlock rather than uBlock Origin for Chrome, but my experience with it was that it had odd stability issues (eg. certain PDFs would crash the tab, so would a certain window.open call on a niche site I frequent, or accessing a TurboTax download took me to TurboTax's internal login page for their Box account) and many news sites have counter-AdBlock pages where they put up an annoying popup if they detect you're using AdBlock. Not sure if you get those with uBlock Origin, but they don't show up on Brave.

Saves more than half your phone's battery life too. And content creators get paid.

The real world is hardly binary. Both the complaint may be valid, and part of a PR strategy.

Unless we want to start paying for google searches and Facebook, this is how it’s going to be. And personally, I actually like getting ads relevant to my life.

I do not like targeted advertising one bit. It makes the ads boring, repetitive, and potentially embarrassing. I want to see ads relative to whatever content I am consuming. If that content is so general that it can't be targeted, then so be it. All other advertising works this way, and it has been doing just fine. Not to mention 3rd party scripts running, which only happens because the advertisers and content producers do not trust each other, so they sacrifice the security of their users.

If you run an ad campaign at a targeted audience, why can't the campaign have a specific page marker (campaign=only-christians (coded as AB1)) that reveals personal data?

We never had a choice of an alternative model. The monopolies involved demand privacy for their services.

You can serve ads without targeting or target content instead of audience: broadcasters have had to do this for a long time and it can be very profitable.

It is evil and bad to profile people and worse to force it on them by abuse of market position. Audience targeted ads are a form of discrimination.

Some of the data Google harvests has the potential to get people killed. For instance, when Google are gathering data about who uses membership areas of political sites, frequent sites for certain sexualities, using regulator pages to blow the whistle, etc. Google doesn't have a right to collect this data. It's evil.

> Unless we want to start paying for google searches and Facebook, this is how it’s going to be.

Not necessarily. There is always the model of selling ads without such obnoxious tracking. If Google would base their targeting only on the phrase typed into the search bar, then I'd be okay with that. But them stalking me everywhere I go around the web is not cool.

Consider that all data a company owns about you could be used against you. Now I'm not a criminal but I don't know what data Google (and other companies) collect about me and how that data could be interpreted to put me in a bad position. So I'd rather just avoid tracking as much as possible.

Even if that's true, adversaries can see what ads you're being served, and that in itself could be sensitive data. And then there's data from cookies and other tracking tools.

I would be all over any search engine subscription that guaranteed that none of my information would ever be stored in any way. Just give me the option to pay!

Yea, I mentioned in the essay that "In many cases, advertisers managed “remarketing” lists of “anonymous” visitors that was being tracked by cookies from a central console without thinking of the privacy problems, treating visitors almost as numbers. "

Brave's strategy of replacing ads with other ads isn't going to do anyone any good. They could've used payment channels to build a content distribution network, but alas...

I'd like to respond, as a developer on the Brave project. We don't simply replace ads with other ads. The entire ad landscape has been co-opted by those who aim to collect as much data about you as is possible.

Over 600 million devices were running some form of ad-blocking software in 2017, and that was an increase of 30% from the year prior. This number keeps growing, year over year. Something has to be done.

Users who come to Brave are already blocking ads. They understand the risk involved in letting third-party software collect information about them, their person, their browsing habits, and more. Further, the risk of drive-by downloads is on the rise (or the growing popularity of crypto-jacking).

Brave blocks ads and trackers for safety and privacy reasons. But we are not so naive to miss the impact this has on well-meaning publishers. This is why we created the User Growth Pool, and the Brave Payments system. Every month we pour hundreds of thousands of dollars back into the pockets of content creators by way of BAT (Basic Attention Token) grants, distributed freely to users of the Brave browser.

But grants won't last forever, something sustainable has be erected in place of the incumbent digital advertising system. This is where Brave Ads comings into play.

For users who opt in, Brave can deliver better quality ads, without the risk of personal data leakage. We do this by using local machine-learning to understand the user better, and making local decisions as to which ads should or should not be shown, and when (the user controls all of this). Furthermore, the user gets 70% of the ad revenue for browser-private ads.

When you consider the amount of money lost to digital ad fraud each year (over $20,000,000,000 I believe), you can see how the Brave system would lead to a much better, and more sustainable future for the web.

We're not simply replacing ads. We're rescuing an industry.

I'm curious, do you have any evidence that most people are installing ad blockers as a privacy measure?

I don't have any hard evidence, but I imagine most people block ads because they don't want to have to scroll past a bunch of banners and videos to read the article they want to read. Certainly there are many people who are concerned about privacy, but I don' think that's what's driving the popularity of ad blockers. At least personally I have always viewed ad blockers like DVRs for the web.

I install ad blockers because I don't want to get auto redirected to a porn site which some unscrupulous ad vendors make possible. I tried going blocker free at work for 6 months. uBO got installed the day I was sent to a porn site by malicious JavaScript after clicking on an innocuous link.

Google won't address the JavaScript problem with their ad network so I cut them off.

Sample bias here. But this hasn't happened to me since the early 2000's. I do not have any ad blocker, no ad bothers me, unless its an adult site, they've gone really crazy there.

I got forcibly redirected on a baseball statistics site multiple times while not using Adblock (my mobile phone which didn't have it). It happens all the time.

Then I guess you are a lucky person. Read up on one of the many ad based exploit toolkits[1].

It took a crypto malware to convince a company I was working with to install uBlock. No more ads, no more flash, no more ransomware.

[1] https://heimdalsecurity.com/blog/ultimate-guide-angler-explo...

Just stating: I do think they attempt to address this, they have a great malvertising team, but the problem is huge. If the attack is broad enough it absolutely gets addressed... it’s just such a logistical challenge, and malvertisers are exceedingly clever about their wares

The Internet for people who don't know about ad blockers must be a horrible place, it's no wonder everybody started using apps for everything.

Aren't apps also crippled by ads?

Yes. Apps are a step backwards because they are in a much less user-controlled space. App adoption is more correlated with mobile platform adoption as opposed to demand for ad blocking.

Not nearly as much as mobile web.

Some have ads, but they are definitely not crippled by ads and malware.

Not that horrible. I don't use an adblock at work, even if what I'm browsing is limited to the register and HN with the linked pages and it's usable.

I'm not aware of any evidence that shows that directly. But there a good number of surveys that show that people don't want advertising to target them based on their interests.


"Contrary to what many marketers claim, most adult Americans (66%) do not want marketers to tailor advertisements to their interests. Moreover, when Americans are informed of three common ways that marketers gather data about people in order to tailor ads, even higher percentages - between 73% and 86% - say they would not want such advertising. Even among young adults, whom advertisers often portray as caring little about information privacy, more than half (55%) of 18-24 years-old do not want tailored advertising. And contrary to consistent assertions of marketers, young adults have as strong an aversion to being followed across websites and offline (for example, in stores) as do older adults."

Also see https://papers.ssrn.com/sol3/papers.cfm?abstract_id=1989092 (64% find the idea of ad targeting to be invasive, most participants would prefer random ads to targeted ads) https://news.gallup.com/poll/145337/internet-users-ready-lim... (67% of those polled said advertisers shouldn't be able to "match ads to your specific interests based on websites you have visited")

References all came from a paper by Jonathan Mayer. Third-Party Web Tracking: Policy and Technology which I'd heartily recommend to anyone who is interested enough to be this deep into the comments (https://jonathanmayer.org/publications/trackingsurvey12.pdf)

I'm going to second this.

My usage of ad-blockers is to make webpages _readiable_. When ever the privacy aspect of it comes up its like, "well that's nice." Just the bandwidth overhead of ads alone makes it worth it.

Absolutely. I went to the New York Times on a low res machine (1366x768 or so) and there was one visible line of text after the ads

I do both, fwiw. I'd definitely be curious to see the privacy numbers, but yea I'd wager most everyone I know blocks ads purely because the ads are obtrusive.

I run Adblock software for privacy, primarily.

Ad blocking just makes the internet better in every way.

Even an asshole like me will remove ublock origin if websites start to self-host ads. But they won't.

I use it because the web becomes usable and fast again, and also because I don't want ad companies making money from my activity and privacy.

When they pay me, they can get some of my data. I'm just waiting for their call.

This is an unpopular opinion I also hold. There is no right to advertising to me. If you want me to use your product, pay me.

I don't understand. Is there a certain context you are referring to, or is this how you feel about all online advertising? I'll accept one's claim to rights to browse without advertising if it's accepted that one doesn't have a right to consume ad-supported content without consuming advertisements. It seems only fair to me.

Don't send me the content if you don't want me to render it as I see fit, I make no promises about how I will consume that data.

That seems like an overly rigid and adversarial perspective. I don't think online advertising is always done well or ethically, but in general, I support the notion that having access to good content requires a way to compensate content creators.

> That seems like an overly rigid and adversarial perspective

It's the truth. You don't get to control how I render the page, on what device, whether I've decided to use links (or lynx) today, or any of that. It's my computing device, I'll render data as I please.

> I support the notion that having access to good content requires a way to compensate content creators.

Sure, but again if you send me the data, I'll render it as I see fit. Let's find another way that doesn't involve stalking, and trying to shove commercial messages in my face every few seconds.

That's a design consequence, not a design consideration. Local TV stations can't control the way you consume their signals either, but it's not as easy to for you to filter out the content and disregard the pulp, i.e., inline advertisements.

That's entirely true. But then the tv signal doesn't ask the tv to tell a few dozen other entities its deepest secrets.

That I know of. With smart TVs I guess it could well.

So can I ask, how would I as a website developer do that? If I don't want you blocking my ads, costing me money for servers and hosting, and removing my income stream, how do is signal to you or enforce that I will only send you content on the stipulation that you make a few promises on what you will display?

Because in my experience, offering paid options to remove all ads and tracking if you want doesn't stop or even put a dent in the adblocking crouds. Trying to not send content to those blocking ads only increases anger and often reduces the performance of the page for everyone, and gating all content behind paywalls is not only opposite to how I feel information should flow and impacts some users more than others (someone making minimum wage has to give up a lot more for a $1/month subscription than someone making $150k/yr), but also destroys the ability for many to discover my content, and makes discussion and interaction significantly harder.

And other approaches like closed off apps or alternate formats like video can be a much worse experience for the user, and can hurt those who need accessibility considerations.

So I genuinely want to know if there is a better way that I'm missing, because if I can't, then my options are to "sell my soul" and just try and for you to be tracked as much as I can, or just close down my service entirely (which if you ask my users, would be a bad thing and would negatively impact them)

You could statically serve ads from your servers, bypassing all targeting and user data collection but I understand that's not so lucrative.

Honestly at this point I don't feel like it's my problem. The web's not short of content but it is too rammed with advertising. It's gone too far and I'm not interested in seeing any of it, ever.

Your best bet is just to block folks like me. Make the deal explicit - turn on ads, get content. I'll probably move on somewhere else at that point.

I'm not going to be unblocking ads anytime soon.

Sounds like you've covered all the bases, including shutting down your service, but you've rejected every option that doesn't involve selling out your users to advertises. It comes off as a sense of entitlement that you have some sort of right to profit off this service when you don't.

I don't sense much entitlement in thoroughly thinking through the options of how to keep a website running.

Actually, the air of entitlement I detect in this entire discussion is around people who strongly believe that everything should be free and magically self-sustaining.

I don't believe that.

But neither do I believe that I'm obligated to render data the way you ask me to.

If you're giving out free widgets with ads engraved on them, I have the right to sand off the advertisement or cover it with something I dislike less.

Some widgets are useful. Most ads are not useful. Bundling your free widget with an advertisement doesn't mean I have an ethical obligation to look at the advertisement or keep it there.

If you want to make money on your widgets I'd recommend selling them rather than trying to sell your consumers to advertisers.

Free and ad-supported are not the same thing. Similarly, advertisements don't require that the provider disregard your privacy entirely. I just don't understand why anyone would think it's ethical to block ads for an online news source that pays its content creators with ad revenue. It's part of the implied contract of consumption.

For the average user, i believe problem #1 is the ads themselves when they are obnoxious and annoying. Plain ads, even when super-targeted are not that annoying i think. Apart from rare cases when the ad touches something sensitive (which the user should be have been able to block in the 1st place). What does Brave do to reduce the "annoying" factor of ads? If your system becomes popular, you are going to have a lot of obnoxious ads in the system.

I hope brave is able to make a dent in this system - alternatives and competitoin are always welcome.

There's a great deal of focus being given to solving the "annoying ads" problem today. Sadly, these are considering only the aesthetics. Ads are permitted to track and harvest users and data as long as they do so quietly. See https://twitter.com/jonathansampson/status/94326717839616000... for a fun short story ;)

We're currently testing user-private ads right now; these originate as signals outside of the browser (system-level prompts). If the user engages the notification, a private tab is opened and the advertisement is shown. In the future, we'll be testing publisher-ads (but only with publisher consent).

We'll have more information to share in the future on how quality will be handled. Please keep following official channels for further developments.

Isn't Brave using the blink engine from Chrome - which was funded by Google based on the ad revenues?

The BAT grant is just Brave burning VC money to get some market share and eventually some pie of the Adtech eco-system?

Also, not sure how ad fraud is relevant here or how Brave will prevent it?

Yes, Brave is using the Blink engine (via Chromium). Chromium is an open source project with many contributors (including Google). Google uses this as part of their larger strategy involving ads and trackers, no doubt. But at the end of the day, it's a tool for displaying websites. To what ends you use it is dependent upon your end goal. Google used to tell everybody "Don't be evil" was at the core of their being; Brave says "Can't be evil". This is a stark difference-Google maintains the capacity to do harm, whereas Brave precludes it.

The Basic Attention Token User Growth Pool was created during our Token Sale in 2017; not from VC funds.

Ad Fraud is relevant because it claims more and more digital advertising dollars each year. Estimate today put it over 20 billion. By reducing middle-men, clearing up reporting, and more, there is less revenue lost, and therefore more revenue for creators and users alike.

By moving ad-matching and more into the Browser, we make it much harder to defraud the system. Further, this system rests solely in the user's domain; you control what is shown and with what frequency.

I actually think that pushing ad matching to the browser will make ad fraud substantially easier, since you will collect less of the data that you could use to detect and block it. It also opens you up to entirely new forms of abuse, such as giving the end user the power to e.g. choose only the highest CPM ads to maximize their revenue share. Should be fascinating to see how you deal with these factors.

We do this by using local machine-learning to understand the user better, and making local decisions as to which ads should or should not be shown

I pitched almost this same idea to Netscape in 1997. I managed to get a physical meeting with a fairly high level person, but was essentially laughed out the door. It’s interesting that you have a pool of users that have embraced this idea. Netscape - at the time the world’s dominant browser company - thought users would see this as too invasive. The quote I remember was “we just went through a shit storm over the rising use of cookies...this would be that x10”.

As you may or may not know, we have a handful of Netscape alumni working on the Brave project today :) Glad to meet another hacker from the original browser wars!

One thing that gives our users great comfort is the fact that this is an optional component. As it's baseline, Brave blocks ads and trackers. If you don't want to see them, you stick with the default, out of the box experience.

But advertising is what keeps the web open and free-to-low-cost for the masses. Walled gardens and paid subscriptions ad a high degree of friction to the industry; to much friction and you'll melt the system. Ads are a better route, for now. But ads, as we have come to know them online, are suffering greatly.

Brave's model gives the user the power to decide whether or not they participate, and to what degree. As for client-side machine learning, I suspect users today will understand the benefits better than we would have 20 years ago. In fact, Tim Cook praised the iPhone and Apple Watch for utilizing similar features (using similar terminology).

Another difference between users today and users in the early-to-mid 90's is the lived experience. In the 90's, as a Netscape user myself, I had little concern about invasive ads and trackers. Sure, we had web bugs, but not anywhere on the scale of what we have today. Today, our attention is being harvested for the profit of others. This limited commodity is being sold around every corner, and everybody but me is getting a cut.

With Brave Ads, users who opt-in to the new experience will make as much as 70% of the ad revenue (70% goes to ad-slot owner, which is the user in the case of browser-private ads). Now, you're able to enjoy the benefits of high-quality ads, the liberty of being private and secure online, and a portion of the revenues themselves.

I'd love to know more about what you pitched, from a historical perspective. I always love an inside story :)

Basically what I developed was a local engine that could use characteristics like browser history, programs installed, computer usage stats, etc. to target ads. It had a scripting language so that instructions to implement new targeting criteria to scan the computer for could be sent down without changes to the underlying software. For example, if Netscape wanted advertisers to be able to target Microsoft Office users, we would include instructions for the software to search the computer for Office and watch for future installs of it. No data ever actually left the user’s computer, as is the case with your model - the fact that they matched a given characteristic was simply stored in a local database.

Websites that wanted to place targeted ads on their site could then do so with some special markup indicating exactly what criteria they wanted to use. They could specify an almost limitless number of different creatives and corresponding targeting criteria right in their HTML. My thought was that they could pay Netscape for the privilege of enabling highly targeted ads.

The privacy downfall here, at least in Netscape’s opinion, was that sites could extrapolate whether or not someone matched the criteria by watching to see which banner their browser downloaded. I countered this by having an option for the software to download 5 or 10 other banners in random order in addition to the one that actually met the targeting criteria in the background, but that wasn’t good enough to overcome the perception of privacy issues in their eyes.

Was all of this to lie dormant until user consent was granted? Curious how that process would have looked.

At the time, clickthrough/shrink wrap license agreements were not nearly as controversial/legally questionable as they are today. My thought was to just include it in the license agreement, and give users the ability to opt out in the settings. In many ways the technology actually protected privacy, and thus I (perhaps naively) viewed it more as a privacy enhancement than something sinister that needed special permission. But given their sensitivity to the issue, had they actually implemented it, I am certain they would have at least given it its own checkbox during install.

I appreciate the walk down memory lane; curious what the web would have been had it been for something client-side like that, rather than web bugs.

Better models definitely exist, and I'm convinced Brave has proposed one with great potential. Let's catch up in 10 years to discuss this again ;)

> We do this by using local machine-learning to understand the user better, and making local decisions as to which ads should or should not be shown, and when (the user controls all of this)

You realise that's what every ad-revenue driven company says right?

My thoughts exactly. I really hoped there was something I missed about Brave, but it seems they are worse than I thought. Not just position itself as the middleman to take a cut from ad revenue, but trying to profile the users as well? All this with a PR crap of rescuing an industry. Call me old fashioned, but I would prefer my browser displaying documents.

I think what he's saying is that they do the inferences from localhost, more or less (see e.g. https://www.microsoft.com/en-us/research/publication/serving...)

There are a number of proposed systems under the rubric of "privacy preserving advertising systems" and they are very different than what ad-revenue driven companies are doing today and similar to what he is proposing above.

I don't think most ad-revenue driven companies claim that these things are done locally, which seems key.

If it's about privacy then why not just block trackers and allow ads? It seems like a page from Eyeo's playbook, another company trying to insert itself as a middleman for advertising.

Someone can correct me if wrong but I believe tracking can be as simple as monitoring the IP address doing a GET for even a static ad image, which you then save with information such as the referer header to track a person across the internet.

It can. Which is why Brave modifies the referer header, and has integrated support for Private Tabs with Tor (for users who wish to go even deeper into the shadows). Not to mention, by cutting out third-party ads and trackers, you greatly reduce the size of your footprint. The first-party may attempt some degree of tracking, but it would pale in comparison to what presently exists online.

> We're not simply replacing ads. We're rescuing an industry.

This stinks of meaningless PR copy. You're rescuing an industry most people would like to see gone. If you want to do good, move away from Google-created products, and focus on the benefit for the common person, not for an industry.

> Furthermore, the user gets 70% of the ad revenue for browser-private ads.

I've installed and tried Brave a few times for this specific reason that I keep reading about, but I've never figured out how to receive these kickbacks from enabling and viewing ads. Was I just not looking close enough, or is this still a beta/planned feature?

Whether your reasons are ideological or economical, I support your work and project. I have µblock, privacy badger and container on firefox, but Shield enabled on Brave and I opt-ed in for Brave payments and Brave ads.

- Why does the publisher not get a say about how their content is paid for? - Do you have evidence that users care more about ads privacy than intrusiveness?

"For users who opt in, Brave can deliver better quality ads, without the risk of personal data leakage. We do this by using local machine-learning to understand the user better, and making local decisions as to which ads should or should not be shown, and when (the user controls all of this). Furthermore, the user gets 70% of the ad revenue for browser-private ads."

Sorry. This is just wrong. You don't nor never will have the volume of data that the major ad platforms have collected for 15+ years. You don't have the pure analytical power of these companies in compute capacity. You will not serve better ads by disabling third party retargeting platforms.

There are many positive ways to spin an obvious blockchain-craze inspired endeavor, and I applaud the Brave team for blazing a trail, but you are calling out all the wrong value propositions.

Fraud is not as big of a deal as you state it is. It is not a problem for the primary ad networks to which the lions share of the ad revenues goes to in the first place. Companies like WhiteOps and Moat already do a great job of fraud detection when an advertiser is not buying from one of the popular and safer exchanges.

I applaud your conviction, but the problem with advertising is not solved by attempting to de-throne Google and Facebook.

> This number keeps growing, year over year. Something has to be done.

Yeah, find some other way to make money than ads.

Whenever you tell me that I have to watch ads for the good of capitalism, I feel a horrible contradiction in my gut. I don't want ads at all.

It's like everyone has wasps and needs their wasps to get into my car and some businesses promise me that their wasps aren't so bad, so can I please roll down my windows so a few wasps get through? Honest, these are good wasps. You won't mind these wasps too much.

People don't want ads. Ads are inherently adversarial. They interrupt, they manipulate, they intrude, they try to provoke a need in you that you didn't have before you watched the ad. The conversation has to be about how do we do better than ads, not how do we do better ads.

All sensible points. But you're missing some key points about the Brave Ads proposal. For starters, it's entirely optional. If you don't want ads, you don't get ads. You must opt into this system to see any ads.

Secondly, for those who opt in, they decide how often they'll see an ad. And unlike annoying interstitial ads and more, Brave Ads begin outside of the browser as a system notification. If you wish to see the ad, click the toast. If you don't, simply dismiss or ignore it.

As for the desire to see ads, many users (myself included) don't mind this. In fact, I enjoy high-quality ads that don't require me to give up personal information. I'd love to know about a sale at my favorite store, gift ideas for my wife's birthday, and more. The problem is, to get this today, I have to hand over too much to Google and Facebook. Unacceptable.

With Brave's on-device machine-learning, you hand over nothing. Ads are proposed to your device, and your device choosing what you might like to see. And you, as always, remain in complete control. Should you decide to see an ad, you'll even get paid for your attention (70% of the revenue in user-private cases).

But the baseline is always the same; if you don't wish to see Brave Ads, Brave won't show you Brave Ads. That's our promise to you.

Let's say bees. "I see the problem is bees in your car. We would like to solve this by filling your car with different, quieter bees. In exchange for this, we are willing to give you some of the honey."

More like, "in exchange, we'll make more honey that you can buy from us too."

I gain nothing by watching ads. All I get is the creation of a need or desire that I didn't have before I watched the ad. Ads increase demand. Telling me that your business will fail unless I voluntarily inconvenience myself is not endearing me to your business.

If you wish not to see ads (even ads which don't track, and pay you 70% of their revenue), then you stick with the default, out-of-box experience. Brave is an ad and tracker blocker, by default.

No, if I don’t want ads I use an ad blocker and script manager that only exists to block out what you’re selling. As a bonus I get to hope that far from being able to help save this wretched industry, I can help to hammer some nails in its coffin. Your business model would only be remotely appealing if things like uBlock Origin, NoScript and uMatrix didn’t exist. Fortunately they do, so I don’t even have to think about malware ads, inefficient ads, and just plain annoying ads. Even better I don’t have to “be the product being sold” or have to waste my mental energy critically thinking through the bullshit that is advertising.

Life without endless, wheedling attempts to sell, upsell, and generally manipulate you into buying more crap is frankly better than the alternatives. I can’t tell you how many cord cutters I’ve met who lost their tolerance for tv advertisement once they weren’t bathing in it every day. Ads are miserable, they drive a consumer culture that is pointless, and lead to endless loads of clickbait and “content” thst exists just be a platform form advertisement.

The industry doesn’t need saving, it needs euthanizing.

"I gain nothing by watching ads."

You get the site getting revenue, which allows it to continue existing and creating the content you enjoy.

I don't generally like ads, but sometimes they do advertise a product that I needed anyway or is better than what I was using before.

No, Brave says "no bees" by default. Secondly, you are hoisting upon ads a prejudicial bias by likening them, necessarily, to bees. Ads aren't the problem; the bees who hide behind them are. Either way, if you don't want them, you don't get them. It's an opt-in system.

Brave's home page proudly promises to "Block Ads" in big red <H4> tags and tries to convince you that the "average" user is losing hundreds of dollars a year over ads. Are you sure you want to talk about hoisting a prejudicial bias upon ads?

The new bees also never sting anyone, which is pretty good.

When a site advertises to support itself, it's entering a consensual and mutually beneficial relationship with visitors: readers give up a sliver of their attention and in exchange get otherwise-free content.

Are you suggesting that we make it illegal to enter into this kind of consensual and mutually beneficial business arrangement?

Brave doesn't touch first-party ads. If you wish to advertise to your visitors, we respect that. But opening a tunnel to third party ads and trackers, which are foisted upon the user without their consent, is not okay.

Ads are no longer pixels on the screen; they're so much more than that. They're monitoring your activity, your movement, your most intimate details, and more. They're collecting this data, storing it, selling it, and all without your consent.

Users have the right to protect themselves. Unfortunately, the current solution (simple ad-blocking) hurts the web and all who create it. Brave wishes to deliver a better solution; one that protects the user, and serves the content creator.

By improving the system, you reduce fraud, which in turn creates more revenue for the content creators and users alike. Everybody benefits under this model, unlike the current model, where everybody is equally, and increasingly suffering.

What is the fraud you're trying to reduce? I know advertisers think that not watching their ads is fraud. Is that what you mean?

Not at all. Fraud is more like ad-stacking; triggering false impressions, bot-driven click-farms, and more.

> Brave doesn't touch first-party ads. If you wish to advertise to your visitors, we respect that.

That's pretty interesting. So, as an online publisher, if I make my own deals directly with the advertisers and then host and serve the assets myself, Brave doesn't flag it.

I used to do this, but it's very time consuming. I've essentially delegated this work to Adsense.

But AdSense doesn't do a good job of it. I've seen ads that mess my browser's scroll bar, mine Monero, and pretend to be warnings from the FBI. That's why I use an ad blocker.

Frankly, you should take responsibility for every resource that your web page pulls down. I don't really care whether you do it yourself or have someone else do it, but if your ad network is serving up malicious JavaScript on a regular basis, then they're not doing their job right and you should fire them.

TL;DR: Brave lied about blocking 3rd party JS and I no longer trust them.

The main reason I don't use Brave anymore is because I don't trust the Brave team to be transparent about what they're doing. I remember switching to Brave a year or two ago really rooting for them and the model they were positing. I though that blocking third-party JavaScript by default was a great idea - no more Firefox plugins! Well, I soon realized that Brave did not block all third-party JS and instead let "whitelisted"(by whom?) JS through. When I asked one of the Brave team members why this was so and informed them that I found this practice misleading at best I was given a song-and-dance about "rescuing the industry" instead of a technical explanation for the issue at hand(blocking third-party JS essentially didn't work).

I can't be bothered to use a browser who's developers can't be bothered to be honest about the feature set and how they work.

Brave doesn't promise to block all third-party scripting; that isn't necessarily a bad thing. If we were to block all third-party scripts, the web as a whole would largely crumble. Instead, we are judicious about which scripts we block, and which ones are harmless.

As for transparency, we couldn't be more open. Take it from me, an ex-Microsoft engineer, Brave is an open book. We talk about features before they're shipped, our source is open to all (github.com/brave/browser-laptop, github.com/brave/brave-browser, github.com/brave/browser-core, etc.), and we regularly host AMAs. The openness of this company still, to this day, gives me wonderful culture shock.

With regards to your conversation with one of the Brave team members, do you have a link? I'd love to gather context and establish a frame of reference. The only white lists we have in brave are for ua-strings and siteHacks.

For some websites, we'll identify ourselves as "Brave". To all others, we identify as Chrome. This is for many reasons (which I'm happen to discuss if you're interested), but this is the first white list. The second "white list" would be our siteHacks.js file. This file contains special logic to repair sites which are broken as a result of ad/tracker blocking. But again, this isn't letting flagged scripting through to the user, this is laying our own custom logic on top of an otherwise broken experience.

I hope this explanation helps shed some light on the matter. If you have any questions, comments, or feedback, please do not hesitate to reach out. Again, we're open and eager to share.

Correction: The third GitHub link should have read github.com/brave/brave-core (instead of "browser-core").

So you're replacing ads with other ads, and you have reasons. Everyone who makes money has reasons why his profit is in reality some kind of selfless social good. It's what it takes to reconcile human psychology with capitalism.

You're still replacing ads with other ads.

This is like scoffing at dialysis as nothing more than replacing blood with blood. The system is suffering at the hands of innumerable bad-actors who commit fraud, abuse, and more. Users and Publishers alike are both suffering.

The users have already responded en masse with the explosive growth of ad and tracker blocking software. We acknowledge the necessity for this move, as the industry has become overrun with parasites. But we also recognize that bloodletting isn't the solution; bleeding the publishers of their revenue isn't the solution.

Brave introduced Brave Payments as a means of supporting content creators. We're staking users with $500k/mo to support their favorite sites. But this isn't a short-term solution while we work on the long-term solution of reforming digital advertising.

This is a fair point under some ways of looking at the problem. It could be that advertising is just nasty no matter how it is implemented, and thus any system that uses advertising will be tainted. I'm sympathetic to that analysis and am constantly trying to flesh it out.

With that said, what jonathansampson is proposing mitigates at least one harm of advertising: ubiquitous tracking which violates privacy.

They're trying to replace ads with ads that don't require tracking by third parties.

There's actually a whole area of research on this that's pretty fascinating called privacy preserving advertising.

https://www.microsoft.com/en-us/research/publication/serving... https://crypto.stanford.edu/adnostic/ https://www.microsoft.com/en-us/research/publication/privad-... https://ieeexplore.ieee.org/abstract/document/6234417/

> So you're replacing ads with other ads, and you have reasons.

If a website owner changes from an ad supported website to reading ad copy in a podcast, your same criticism would apply.


* by changing from ads to ads they get rid of entire classes of bugs: cryptominers, drive-by malware, click-jacking, etc. Perpetuating a capitalist system by requiring users to take undue risks to support my content != perpetuating a capitalist system without making users take those risks.

* by changing from ads to ads, I get rid of an entire class of privacy-invasions for my audience. Perpetuating a capitalist system while making users leak enormous amounts of data to who knows where != an perpetuating a capitalist system without making users do that.

There are probably other points to make. But that's enough to assert that ads != ads in your comment.


Do you have any alternatives planned for monetization of ads? I would highly prefer to simply pay the content provider itself.

We're experimenting with that model today; users can simply purchase BAT from someplace like Uphold, and give it to the sites they visit most.

For users who don't necessarily have the funds to purchase BAT, safe, private ads offers an option to learn BAT (which can, in turn, be given to their favorite sites).

Maybe we, the people, don't want you to rescue this industry.

Maybe the "digital ad fraud" they're screaming is the sign they belong rightfully in the void we're trying to bury them.

We've seen enough shit from the ad industry, and it's time to leave them behind as humanity progress and improve.

It's not just the ad industry, publishers need some form of revenue in order to do what they do.

So what are the alternatives to ads? They’re going to continue to die until there’s a real alternative.

More and more publishers are moving to subscriptions and seeing real, sustainable businesses materialize.

NYTimes seeing 2/3 of its digital revenue from subscriptions: https://www.nytimes.com/2018/08/08/business/media/new-york-t...

TheAthletic growing like wildfire on subscription model: https://www.adweek.com/digital/the-athletic-built-its-compan...

SubStack raises for subscription newsletters: https://www.axios.com/substack-raises-2-million-newsletters-...

Brave offers micropayments for content.

Indeed! Subscription models work for some, but not for most. This adds friction to the user. Now they have to manage different accounts, monitor their monthly spending for each, and more.

With Brave Payments, the user needs only to fund their wallet with BAT, and browse the web. By default, each property will receive a portion of the user's monthly allotment, relative to the amount of attention to user spent on that property's domain.

If a user has chosen to give $10 worth of BAT to 5 sites, and one of them received 80% of the user's attention, then that site will get $8 worth of BAT. The rest of the sites will get the remainder, pro rata.

Brave goes a step further though, and issues BAT grants monthly to users. So users don't need to fund their wallets to participate. Soon, users will be able to fund their wallet by opting into Brave Ads.

and how are we going to find out about the new products of humanity? from hacker news?

Clearly, they haven't gotten the message.

In all that, I noticed you weren't giving the publishers any kind of choice in the matter.

Not sure what you mean, publishers are already suffering as a result of bad-actors parasitically attaching themselves to the incumbent digital advertising network.

Brave is offering publishers a solution to their dying revenue streams. First, by way of monthly grants (we give $500k/mo to publishers right now), and secondly through a better advertising model. Note, publisher ads is not presently an option; we're testing user-private ads, which are ads shown in a private tab, not owned by any website.

They get the same deal they offer consumers: take it or leave it.

Consumers are choosing to go to those websites. Publishers are not choosing to serve their content through Brave.

Their situations seem pretty similar to me. "Take it or leave it" for the little human doesn't translate to "choose among these options or leave it" for the big corporation. They can read headers. They're also running javascript in the browser itself, so we'll see something like those pathetic "please turn off your ad blocker" messages soon enough...

No one deserves to stay in business. If the model doesn't work, find one that does.

Wasn't Brave created by the person who created JavaScript (the biggest privacy/security issue in browsers) and donated money to support Prop 8 in California? Not exactly a trustworthy brand if you ask me.


Privacy and security issues predate the creation of JavaScript. Web Bugs (beacons, tracking pixels, etc) popped into existence with in 1993 after cookies and third-party images began to flourish on the web.

JavaScript came along in 94/95 to breath life into the web. It's an amoral tool; what matters more is the hand that wields it. Sadly, many have chosen to do some pretty terrible things with it. But many more have chosen to do some pretty terrific things with it.

Brendan created JavaScript, helped it to grow strong, and is now here to combat the abuse we see online by those who have chosen to do harm with it. You're watching the arch of redemption unfold before your very eyes ;)

Just to get people on the same page, Doc Searls has a good post on the difference between advertising and adtech, and why replacing adtech with advertising is something one might want to do:


> Advertising isn’t personal, and doesn’t have to be. In fact, knowing it’s not personal is an advantage for advertisers. Consumers don’t wonder what the hell an ad is doing where it is, who put it there, or why.

> Advertising makes brands. Nearly all the brands you know were burned into your brain by advertising. In fact the term branding was borrowed by advertising from the cattle business. (Specifically by Procter and Gamble in the early 1930s.)

> Advertising carries an economic signal. Meaning that it shows a company can afford to advertise. Tracking-based advertising can’t do that. (For more on this, read Don Marti, starting here.)

> Advertising sponsors media, and those paid by media. All the big pro sports salaries are paid by advertising that sponsors game broadcasts. For lack of sponsorship, media—especially publishers—are hurting. @WaltMossberg learned why on a conference stage when an ad agency guy said the agency’s ads wouldn’t sponsor Walt’s new publication, recode. Walt: “I asked him if that meant he’d be placing ads on our fledgling site. He said yes, he’d do that for a little while. And then, after the cookies he placed on Recode helped him to track our desirable audience around the web, his agency would begin removing the ads and placing them on cheaper sites our readers also happened to visit. In other words, our quality journalism was, to him, nothing more than a lead generator for target-rich readers, and would ultimately benefit sites that might care less about quality.” With friends like that, who needs enemies?

Versus the top four things he says about adtech:

> Adtech is built to undermine the brand value of all the media it uses, because it cares about eyeballs more than media, and it causes negative associations with brands. Consider this: perhaps a $trillion or more has been spent on adtech, and not one brand known to the world has been made by it. (Bob Hoffman, aka the Ad Contrarian, is required reading on this.)

> Adtech wants to be personal. That’s why it’s tracking-based. Though its enthusiasts call it “interest-based,” “relevant” and other harmless-sounding euphemisms, it relies on tracking people. In fact it can’t exist without tracking people. (Note: while all adtech is programmatic, not all programmatic advertising is adtech. In other words, programmatic advertising doesn’t have to be based on tracking people. Same goes for interactive. Programmatic and interactive advertising will both survive the adtech crash.) Adtech spies on people and violates their privacy. By design. Never mind that you and your browser or app are anonymized. The ads are still for your eyeballs, and correlations can be made.

> Adtech is full of fraud and a vector for malware. @ACFou is required reading on this.

> Adtech incentivizes publications to prioritize “content generation” over journalism.

He also makes the point that adtech is fundamentally closer to direct marketing (mail spam, email spam... all spam except meaty SPAM):


Brave replacing adtech with advertising is intelligible if you understand the distinction being made.

This write up doesn't seem to address efficient market theory, which is one of the chief demands driving adtech. The write up is more a list of complaints and harkens back to the good old days of out of home advertising, which is still relevant today, but moving towards obsolescence.

For example, their first point about Advertising not needing to be personal is disingenuous. Advertising needs to be relevant, and personalization is one facet of relevancy. A perfect ad is 100% relevant to every buyer it is consumed by, meaning the ad is personalized for each consumer. Is personalization necessary? Not if your goal is inefficient advertising.

As someone who worked in AdTech and Advertising, AdTech is just the technology of automated identification of online visitors and the sale of that information. There's no need for a whole article, you can comprehend it from the term itself.

Doesn't adtech enable smaller advertisers (say, self-published book authors) to reach a niche audience in a way that traditional advertising would make infeasibly inefficient and expensive?


They are ensuring user privacy by doing all machine learning locally. Google had the unofficial "don't be evil" motto and Brave has "can't be evil" as a motto.

Its admirable what brave is trying to do. Practically speaking, its one of the best chance we have of creating a new internet where the incentives are more privacy focused. Hope they succeed.

They're so admirable that they take a 5% cut of your donations to sites you visit and replace ads with their own.

Call me crazy, but in no future can I imagine anyone willingly paying their browser vendor for anything. Brave isn't the future, it's yet another cash grab.

The real future is fully-decentralized websites, and it doesn't require new browsers.

Edit: Fixed inaccuracy pointed out by Brave developer

You're 100% incorrect; the ad blocker is on by default. And Brave doesn't show any ads by default. I would like to invite you to actually download the application before making such egregious claims.

Also, consider reading my response to "replacing ads" here: https://news.ycombinator.com/item?id=17972072

How is an adblock on by default going to save the internet? No one likes paywalls.

Content creators get paid via Basic Attention Token. Wow ppl reply without reading anything. BAT is all about attention. Pay attention!

But what if I'm not interested in these particular digital tokens out of the pool of thousands? I get they have a dollar value associated with them, but I don't want them. I want exactly 0 of them. I want 0 pretend cash tokens of any kind. Why would the browser vendor get to decide this on my behalf?

I prefer not paying for content, which includes micro-transactions. I don't think I'm alone on that sentiment. If publishers won't get enough "BAT" through micro-transactions, the content will end up behind a paywall.

> The real future is fully-decentralized websites, and it doesn't require new browsers.

Let's say I want to run a forum. Something equivalent to, hmm, https://forums.sufficientvelocity.com/

How do I do that as a decentralized website?

Both ZeroNet and Freenet have decentralized forums. Freenet's forum is called FMS. They have decentralized microblogging too - ZeroMe on ZeroNet and Sone on Freenet. This is a post I wrote about ZeroNet's decentralized microblogging: https://bluishcoder.co.nz/2017/10/12/zerome-decentralized-mi...

Moderation is a must, unfortunately. Matters of trust make it difficult to run code on the users' computers, even if NAT and so forth didn't get in the way.

I like the vision of decentralized computing, but I'm afraid it'll be at minimum very inefficient, and possibly infeasible.

ZeroNet has moderation in that site owners can remove posts. Users can self moderate via mute/block.

Freenet's FMS allows moderation using a web of trust. You provide trust to users pseudo-anonymous identities. And you can choose to trust who they trust. Trust scores are computed and any identity below a level will not be seen by your identity.

Freenet's Sone has similar functionality using a web of trust plugin (FMS has its own trust implementation) that can be used by other plugins.

Hypothetically, you could use something akin to Usenet's technical model (as that was a fully-decentralized message board collection).

But that will have implications for latency of post updates, security, and complexity of maintaining the system.

> you could use something akin to Usenet's technical model (as that was a fully-decentralized message board collection).

That was effectively funded by taxpayers by way of universities.

Maybe the answer is public funding for online content, but we should be clear about it. This is an economic problem, not a technical one. Federation might slice the economic problem into smaller pieces, but they still need to be paid for.

Slice it down enough, and the average user can donate without much issue

Slice it down even further, and it can simply be the cost of entry. In the same fashion that P2P sharing communities usually require that you make X gb of data available before you can join, or closed torrent communities require an even seed/leech ratio, your federated network can require that you allow upload and 10gb of hard drive space to use (or vary based on usage or something)

Distribute the cost to the point that for any given person the cost is negligible is the ideal.

The GP did ask a very technical question, without any requirement stated on profitability.

The example used (Sufficient Velocity) does not appear to be profit-based either.

Eh. My vision is something more like Twitter.

At the very core it comes down to whether or not people will have always-connected device that can do simple tasks for them. Imagine a layered webs-of-trust from Layer 2 up. Person P1 can trust router R1 (the one they use at home) to accept messages for them. They follow P2, P3, P4 on this future Twitter. P2 may entrust their friend's router. To deliver messages from internet piece to internet piece you use the WoT to make sure that the packets you are sending are from trusted computers. Some institutions, like banks, say, may be more forgiving than others because they have a profit incentive, so if your home computer gets hacked they may disallow your packets for a while, but once you get a fixed computer you're off to the races again.

Forums could be done in a multitude of ways, but what you are primarily asking for is for open forums. But it isn't possible to secure an open forum. We see this over and over again as spammers push their garbage down everyones throats or gloss it up by astroturfing. We can have relative anonymity, for example, Person P1 signs trust to Alias A5. We could even use something more complicated like what Monero does, but I worry at some point it will just turn into another form of money and that is antithetical to the whole model which should harshly punish people and devices that supply trust for cash.

Anyway, I know its a bit abstract, but you could have a forum. And it could be more or less realtime (since I'm getting updates pushed to my own device) but you're right, it is way more complicated and wouldn't truly be the same thing.

Not quite identical, but you mostly just described mastodon.


Yeah, there you go. I'm finding it harder to keep track of everything these days. Thanks for linking.

> How do I do that as a decentralized website?

Well, depends on what you mean by decentralized and whether you meant distributed instead. If your use case allows centralization that you control, just put it on your always-on home computer and expose it as an onion service over Tor. The more infrastructure requirements you have (e.g. HA, load balancing, backups, etc) the larger the burden of course.

Of course, if it must be distributed/decentralized using others' resources (beyond just disk space), this is not a very mature area and the app has to be written to take advantage of the limited options that do exist.

The question is more how to monetize it without annoying the users with ads and/or paywall.

Some sort of "chain" of messages, hmmmm

A blockchain!

It seems to me that a lot of tech companies do slightly shady things under the guise of social progress and what not. It's the gateway to market share, then "dominance" to dictate whatever they want. While challenging Google is important, it's a good PR move nonetheless.

Brave is also built on top of Chromium. What ramifications that might have I'm not sure.

Chromium is a tool; how you use it is up to you. Brave removes any parts that may phone-home to Google. At the end of the day though, Chromium is less important than the principles upon which the company is founded. With Brave vs Google, that's "Can't be evil" vs "Don't be evil". The difference is subtle, yet profound.

Call me crazy, but in no future can I imagine anyone willingly paying their browser vendor for freely-implemented adblocking.

If the browser provides a value add through integration and support, then I could completely imagine that.

Brave isn't the future, it's yet another cash grab. The real future is fully-decentralized websites, and it doesn't require new browsers.

If we make it too hard to make a profit while protecting our privacy while it's too easy to make a profit by eliminating privacy, there's only one way that story can end.

Or maybe the future is regular users being annoyed by plain dumb advertising to stop clicking on them, bringing CTR down too much, and the industry finally try to use some information they got in a meaningful way and make advertising not that annoying and quite useful.

Unfortunately, unlikely.

For one thing, the clickthroughs are certainly important, but advertising is also just impressions and brand recognition---even if somehow everyone magically stopped clicking on ads, companies like Coke and Pepsi would still pay top-dollar to remind you you're thirsty for sugar-water right now, and if you're reading websites or watching videos online instead of watching TV or reading a newspaper, that's where they'll do it.

But additionally, a very, very small number of Internet users click on ads. And those clicks float the entire industry. I'm not super-excited about any solution that assumes a tiny minority of people stop doing a thing; statistically, it's unlikely to pan out that way.

The users are getting paid for browsing. Why wouldn't they want to be paid for browsing? They can use that to potentially pay for articles.

Despite what the anti capitalists wish, the future is likely to be more cash grabs.

A new internet where $273 billion advertising industry does not exist?

Can I ask what the amount of money that can be made has to do with this? First of all: they make a case against a particular type of advertising, not all of them. While I honestly believe an argument can be made against any type of advertisement, that's not what they're doing. Second: if an industry is based on immoral practices, what do we care if they make a lot of money? It's like saying "we should not go against slavery, it's a $X billions industry". If they make the money by using data the users did not know they were giving, then I don't care how much money they make: they should not be making it.

Human weighting of incentive signals differs. "We should not go against slavery, it's an $X billions industry" isn't precisely how the US South thought about the problem, but ultimately they did go to war because they recognized that chnage in the status quo would bring utter economic ruin to a powerful sector of the populace with the political and social clout to goad the rest into war.

So yeah, "That industry makes an awful lot of cash" is useful to factor into one's thought process when one tries to reason through how one could tear it down. If nothing else, it's a first-approximation barometer of how much people will spend to oppose your efforts.

Absolutely agree it gives an idea of what we're fighting. What I wanted to point out is that, whether or not they make a lot of money off of it, this fact should have no consequences on whether we allow it or not.

Slavery is a bad analogy. The increased buying power of the new consumers (freed slaves) is economically more beneficial than having them locked in as non-consumers (slaves).

A new internet where Brave gets a cut of the advertising, apparently. Yay?

A new internet where the major players continue making their money but have to adopt more consumer friendly practices.

I used Brave for a while, and still like it, but ultimately this bug[0] prompted me to move back to mobile Chrome, unfortunately. Hope they fix it soon!

[0] https://github.com/brave/browser-android-tabs/issues/459

Ya. I like the idea, but it was took buggy for me on iOS.

I love to invite the two of you to try the desktop builds; we recently announced the developer preview builds of our brave-core version (on track to be our 1.0 release). This version will also bring some unity to the desktop, iOS, and Android versions.

You can find this version online at brave.com/download-dev

Also, thanks for the bug link. If there are any other items on iOS and/or Android that I can review, please do share.

I use Brave primarily on mobile. Saves maybe >50% battery. Chrome when i need to. Set Brave as the default so other apps use it. So fast.

Via advertising networks, I have been able to send messages to my friends via vanilla advertising campaigns. If you are not aware, understand that your internet activity can pinpoint you exact via simple ad networks and nothing else. I like Brave.

I would love to read more about how you did this. I bet it would be illuminating for many HN readers.

No GP, but [1] How I targeted the Reddit CEO with Facebook ads to get an interview at Reddit) may be of interest to you.

1: https://news.ycombinator.com/item?id=17110385

Where can I file my adtech complaint against Google? (No where, trust me.) Their "algorithms" think an SVG on my site is malware (it's downloaded from the Apple website -- you know those "Get it on the app store" buttons?)

Now we can't even show an in-house ad without getting an error about the site having "malware".

Google (and Facebook) already have consent from the majority of users who don't care about this and would rather keep access to gmail, youtube, and social networks.

Nice try, like GDPR itself, but the intent does not match the implementation. There are trillions in market cap standing in the way and this will end in nothing but a waste of legal fees.

GDPR consent doesn't work like that...

OP is working in the ad space and he's been complaining about the GDPR forever. They're still in the denial phase.

I'm sure you think you know something about me from a cursory browsing of my comment history, but that wouldn't reveal anything important like the fact that I'm one of the top 5 people in the ad industry who has called for regulation for years, and actually spent the time and money on trying to make it happen, and also did so in the US market which completely dwarfs anything in Europe.

But since you're operating on assumptions and have nothing better to offer than saying "denial", then I'll just go ahead and assume that your experience with both adtech and GDPR amounts to something less than insignificant and that your future comments on this topic will remain lacking.

As a European I can't help but wonder if other proposed reforms, such as Article 11 and Article 13, will do more good to the end user than not, just like what happened with GDPR.

I've seen so many enraged comments related to the new copyright laws, that my instinct says it will be a good thing.

People keep saying this but that's exactly how it's being done. This is what happens with regulation "on principle" instead of by the letter, which is what GDPR chose to be.

So, what you are saying is that my gmail doesn't work. Huh, that's weird, should I tell google?

No, that's not what I'm saying, but you already know that. Either way this isn't very productive unless you have some arguments.

My best interpretation is that you feel that people wrongly assume that if they don't accept tracking they will loose access to their services.

That unethical companies tries to push that view isn't particularly unexpected. But that doesn't detract from the massive success it has had in imprinting the notion that personal data must be treated with respect and comes with responsibilities. This is a game changer.

Also now, for the first time, if you are in the know you have something you can do.

I'd really like to know how you would have done this.

"The GDPR is the first data privacy regime that foresees heavy fines for serious violations - of up to 4 percent of a company’s global turnover."

What would happen if a company decided that 4 percent of turnover is much cheaper than properly securing all of their data, and just chooses to pay the fine every year?

For a public company? Probably rapid replacement of the C-suite. Almost nobody has margins fat enough to put up with that.

Would pulling out of EU be a better decision in this scenario?

Depends on how large the company's expected market is there. In most cases, the sheer size and wealth of the EU makes this also a bad idea.

Of course, there are hypothetical scenarios - though I can't think of a realistic one right now - where the EU division is only profitable with the economies of scale enabled by worldwide data-sharing. The assumption that anything and everything can be done profitable in a GDPR-compliant way is naive at best, deluded at worst, but not universally wrong.

Though between GDPR and the link tax proposal I can see news aggregators ceasing to exist entirely within the EU. Which seems very likely to do a great deal of harm to a lot of newspapers.

Good. Then someone with a different business model, not relying on selling the user, would fill the gap. And make billions.

The EU is a huge market. Why would you not want to sell to them?

Is it per year? Per month? Per a judge's choice? Anyone got a reference to where it's defined?

Per incident, but that's so highly theoretical as not to make sense to speak about it.

Practically: per reasonable timeframe, where a company who continues to do bad things a good time after been fined can get another fine.

Brave is trying to fix the broken ad-tech industry with a monopoly on the decision of what gets tracked and what doesn't. I am not behind it at all.

Respectfully, you're not at all correct. Brave is aiming to cut out the tracking entirely. No user tracking. That's our default, out of the box behavior.

Brave Ads, which is an optional component, also will not track the user. Local machine-learning will decide what willing users are interested in, and whether or not to show them particular ads.

The Brave Ads system is antithetical to the current form of digital advertising. Rather than radiating personal information to innumerable third parties, you secure your data on your device, and let your device privately and securely determine what you would like, or would not like, to see.

"Local machine-learning will decide what willing users are interested in, and whether or not to show them particular ads."

How are you countering my claim? It is trying to establish a monopoly on the ad-targeting protocol. Brave is not a regulated party, and as well-intended as Brave could be, all it essentially doing is moving one part of the architecture to the client, and granting control over it to a single party.

Google used to "do no evil" what guarantees Brave will not?

You're downplaying the implication of "moving one part of the architecture to the client". This inversion of the model means the user is sovereign over their data. It means ad fraud (responsible for billions lost) is dealt a massive blow. It means the publisher doesn't have to watch hand after hand take from their revenue before it reaches them. It means the user, finally, can get paid for the limited commodity called "Attention".

As for what guarantees Brave won't do evil, look at our design principles. When it came to syncing data from one device to another, we designed it in such a way that we could never see what data was moving from device to device. Encryption on the machine shields all eyes, including our own, from your data. Consider also Payments--the user's ability to support content creators. Even here we implemented the ANONIZE protocol to protect your anonymity and privacy. That alone wasn't satisfactory, so we also channel the info through a VPN to mask your location as well.

All that we do remains open, and engineered in such a way that Brave couldn't abuse your trust even if we wanted to. This future friendly principle ensures that Brave couldn't turn sour on you in the future; not without a massive re-engineering effort beforehand. But even then, all of our code is open and auditable.

Google was "Don't be evil," but Brave is "Can't be evil." The difference is subtle, yet profound.

Theoretically, could the (server-side) records of which ads the local machine learning decided to serve be reverse engineered to extract most of tracking info?

Local AI keeps sending this guy ads for shoes and cottage cheese == this guys keeps searching for shoes and cottage cheese?

There will definitely be clever attempts to game the system, but bringing the experience into the browser, and onto the user's device, gives us the home advantage.

We have a passionate group of security-minded folks internally who have been exploring ways to game the system, and closing those holes preemptively.

I'd love to see us publish something in the future about specific types of attacks which work on the present-day model, but not on our model. Additionally, what types of new attacks could be possible, and how we've prepared.

Suffice it to say, having the home-field (the user's machine) advantage is going to play well in our favor.

Great topic!

Seems like a strange choice to file a GDRP complaint in a country that will stop being an EU member state in less than a year, but I'm sure their lawyers know more than I do

The UK Government has said GDPR will continue to apply after Brexit, and passed the laws to make that the case.


The official reason given being: "Over 70% of all trade in services are enabled by data flows, meaning that data protection is critical to international trade."

While Britain is on course to leave the EU (one specific body), it will continue to co-operate at a European (continent) level in all sorts of ways. Common data protection legislation being one example.

I'm curious though why Brave chose Britain and Ireland as the two places to complain. Maybe because English speaking?

Google EU routes all revenue through an Irish shell corporation, right?

I wonder if they're gambling that Brexit will implode?

Seems like a lot of people are. ;)

They are arguing that the surveillance core of adtech is a GDPR violation, if I understand correctly.

> The complaint argues that when a person visits a website, intimate personal data that describe them and what they are doing online is broadcast to tens or hundreds of companies without their knowledge in order to auction and place ads.

It would be great if someone with real expertise in GDPR or adtech could provide context: Isn't this violation obvious and therefore don't the adtech companies have a strategy prepared? Could a ruling effectively outlaw the modern surveillance-based online business model and therefore wouldn't this issue be existential for adtech?

I don't know the details of GDPR and its application; perhaps this issue is narrower than it appears or maybe there are substantial ways to workaround a ruling and preserve the adtech model.

So the publisher, through a platform, issues a bid request to an exchange with a lot of information in it. The parameters of that bid request contain all kinds of context like the site, the browser or device, etc. Critically, it also includes the cookie. The way GDPR has been interpreted by Google (btw Google is considered to be overly conservative in its approach by the adtech world): Cookies can only be passed by publishers who get consent to collect and pass them, and they must get consent for each adtech vendor. Furthermore, Google will not pass those cookies to anyone else because it can't be sure that the vendor receiving them was given consent by the user. Other platforms haven't done that last part; and some publishers are even saying that they refuse to collect affirmative consent. This is because people interpret it differently. From my reading, Brave seems to be trying to drive for a new interpretation: it's not only a matter of cookies, which is the parameter associated with a user, it's a matter of ALL the info even when it's not related to tracking a single user. My guess is that Eich's hoping to get a court to adopt this new stricter interpretation, but if that were to happen it would mean that the regulators' guidance thus far would be moot and all of the mitigations the adtech world has gone through to prepare would be out the window.

Is that guidance publicly available? As a layman, Brave's interpretation makes perfect sense - those parameters are related "to an identified or identifiable natural person".

Article 4.1 itself, as it goes on, defines personal data in a way that it relates specifically to that which can identify someone, so it doesn't mean literally anything about the ad placement simply because a person is seeing the ad. Definition of personal data: "any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person."

Generally speaking, ad networks don't sell personal data. That's their secret sauce - selling it is largely counterproductive. I can't call up Yahoo, and ask to buy the personal data of "forapurpose". If I could, it would take me a few million dollars to build a clone of their most valuable asset - their user database.

What they sell is ad spots in webpages, when those webpages are visited by people who satisfy some demographic matrix. The data itself, generally, does not get sold.

While it is technically correct that ad networks don't sell personal data, it is also irrelevant. It's not the bits that matter, it's what one does informed by the bits. Ad networks sell _actionable insights_ informed by personal data.

An ad network answers the question 'what is the best way to spend $$$ and win this election' _using_ personal data of millions of people, but not _revealing_ the personal data to the paying customer. The paying customer is highly unlikely to have the technical acumen to turn personal data into actionable insights anyways, service readily provided by the ad network. The fact that personal data was not revealed is irrelevant, the end effect was bought by anyways.

The evil is in collecting personal data to begin with, not in the technical manner it is used against the people it belongs to.

While there is some evil involved with targetted advertising there is a significant difference between that and direct data selling. The latter would be way worse. One tries to sell you weird stuff after you look up the infamous giant barrel of lube after hearing about all of the joke reviews. The other gives the lines of an honest man to hang you with to anyone willing to pay and spin you as a colossal pervert.

It is why video rentals were protected information. That and the sublime trolling of reading Robert Bork's video rentals into official record after he stated there was no constitutional right to privacy.

Fair enough. N:M surveillance is worse than N:1 surveillance from a personal perspective. Though unclear if that also holds at scale. They are still both evil and much worse than no surveillance.

I wonder about the disconcerting counterpart of radical transparency as in everyone surveilled and everyone has access. It would require a lot of soul searching about destroying all of the uncomfortable private hypocrisies but would force honesty and limit corruption. It would probably force either tolerance of previously dark secrets or conformity. Unfortunately cognitive dissonance is also a powerful force. Hypocrisy is only okay when we do it and all that.

We're going off into the weeds of philosophy, but...

Do you mean it's evil to collect the personal data for the purpose of selling ad impressions of it's evil to collect personal data, full-stop? I want companies like Google collecting my personal data to, for example, provide me context-relevant search and map navigation results and voice-assistant actions. So it doesn't seem like evil-full-stop passes the smell test.

Thanks. How does that apply in this case? Does GDPR allow the collection but ban the selling of data?

Also, per the article, the complaint claims that the collected information is shared with many other companies. How does that square with what you are saying? Are they sharing it with partners but not selling it to them? Does that make a difference under GDPR?

Used to be in adtech- google didn’t provide these things to us. Maybe there were other products we could have purchased, but google just gave us a userid and all the tracking was done on our side. There are definitely third parties we could buy this data from. I left pre gdpr but my vague understanding is google has nothing to worry about in rtb but the adtech companies are at fault here if anyone. Especially if you consider the amount of lawyers google pays vs brave

The OpenRTB spec does contain data that many assume will be found to be personal under GDPR. The IAB is an industry group for people that use OpenRTB. They have built a standard on how to gather and transmit the GDPR consent requirements from publisher through the OpenRTB ecosystem. You can find it at http://advertisingconsent.eu/

The trackers that generate analytics data for the ad networks do sell personal data and it is made available to anyone who wants to pay.

Currently the adtech companies trying to rely on the legal basis of Consent - they get the user to explicitly agree to the processing required for targeted advertising with a popup advert.

There is a great NGO of lawyers called NOYB (None of Your Business) in Austria who has filed complaints with Facebook, WhatsApp, Instagram and Android about the consent dialogs not being valid under GDPR.

The complaint PDFs are worth glancing through to see how disingenuous the adtech companies are in their attempts to appear to comply with consent, when I think anyone reasonable would agree they are not.


I'm curious as to the detail of Brave's complaint, which seems to add even more to this.

I am not familiar with everything relevant here but...

Often sites using ads will have JavaScript enabled. If I wanted to extract private information about my users - I need only scrape the content of sponsored advertisement.

Google does the hard work of aggregating and anonymizing the data, I simple scrape their results on my page.

I 'm all for the EU trying to enact protectionist measures against the US invaders, but I'd rather they would do it in a straightforward, china-firewall way, than with these firework-like regulations that don't benefit the EU at all y (I mean, let's admit it after 20 years, EU just can't compete). On the one hand, GDPR has not reduced my ad revenue (Nor google's), despite not having tracked ads (which reinforces my belief that tracking is marketed as way more effective than it is). Now, this directive will not deprive Google of any revenue, while it will actively hurt the eu publishers big time (which google will drop).

Good, whatever the result will be, it will hopefully clarify what GDPR is all about.

Maybe they can get Netflix working on Linux in addition to trying to use governments to shut down their competition. I _want_ to use brave, but without a fully working browser its hard to switch off firefox.

Can you elaborate as to what issue(s) you're seeing with Netflix? I know that we use WideVine for DMR content; it could be that this simply isn't an option for the time being. If you can share more information, I'll do my best to address it in a timely manner.

Also, version information would be helpful. In brave-muon you can find this in about:brave. In brave-core, it's in about:version. Thank you!

Netflix reports widevine isn't available. I am running stock ubuntu and I installed Brave from the official brave-apt. Here is the github issue where you are tracking when it will be done https://github.com/brave/brave-browser/issues/413

Also for good measure my version info

Brave: 0.23.105 V8: rev: 9a46f8f5cb22a9daf2af21989aed25911aa6f839 Muon: 8.0.9 OS Release: 4.15.0-29-generic Update Channel: Release OS Architecture: x64 OS Platform: Linux Node.js: 7.9.0 Brave Sync: v1.4.2 libchromiumcontent: 68.0.3440.84

Thank you for the excellent response, and for linking to the issue on file. Glad to hear that it's already on our radar, and being tracked.

All the best!

Use Brave by default and use other browsers when necessary.

The problem with GDPR is that it allows the website to decide how to ask the user for permission. That means the website can have a big bold button saying "I agree" next to a small gray link saying "I do not agree". Moreover if the user clicks "I do not agree" the website can nag the user often until he or she chooses the 'correct' option.

This comes at the same time that Malwarebytes starts flagging Brave as malware[1].

[1] https://twitter.com/lukesawczak/status/1039854898068815873

Malwarebytes has had a few (seemingly) false positives lately. Anecdotally, I was just hit by it falsely flagging BeyondCompare and my password manager.

I assume they have just upped the ante of their heuristics, but am still concerned about the fallout, since I am starting to ignore them.

Not related, but considering that it does not scan except on demand, why is it ALWAYS running? Who vouches for Mr. Malwarebytes?

It was indeed a false-positive: https://twitter.com/thomasareed/status/1039939712704819200. As for vouching for MB, I know some of the people behind the project, and they're spectacular. For years I have assisted with deobfuscating malicious JavaScript and more. They seem, to me, to have the purest of intentions.

(Not an official Brave endorsement, but I personally like their team)

Not to mention more aggressive upselling in the free version via popups. Closing the application sends it to the system tray where it will later remind you to "update" MalwareBytes by buying a license.

In June, I too had an auto-update from Beyond Compare failing due to Malwarebytes and it made me think their servers were compromised. Nope, false positive.

It looks like this happens often enough, there is a whole page dedicated to false positives.


That has nothing to do with Brave, it's just another failure of antivirus / antimalware approach. Nothing new.

EDIT: not sure why they prefer blacklisting to whitelisting, anyone know the reasons?

Because if it is whitelisted then anything new or obscure is blocked. Fine with enterprise IT but not consumers.

Here is my take on it: with blacklisting, each update brings tons of new patches/signatures. It proves to users that the devs of their security suite are hard at work, and it's a neverending race. So all in all, a very good strategy for the AV industry.

of course it has nothing to do with brave

What kind of conspiracy are you suggesting?

It's not like false positives are uncommon.

And indeed, it feels like one should assume that a program that replaces page-originated requests for web resources with requests for different web resources would look an awful lot like malware to a naive heuristic based on the design of past malware.

Brave doesn't do that. Brave blocks ads and trackers. In some (half a dozen or so) cases, we might load an internal resource (known as a siteHack, for fixing broken experiences), but we don't substitute network requests.

Could this be related to some sort of bundle-ware in the Brave installer?

Or in affiliate-type linking into Brave installer ?

Google Chrome cracked down on these 2 yrs ago but making they are making a comeback ?

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact