Hacker News new | past | comments | ask | show | jobs | submit login
Brave taking cryptocurrency donations “for me” without my consent (twitter.com/tomscott)
323 points by plusCubed on Dec 21, 2018 | hide | past | favorite | 341 comments

I just dug up info on how Brave’s contributions thing works and it feels like such a mess.

According to https://brave.com/publishers/

- once you have accumulated $100 in contributions they email “the webmaster at your site” and the owner of your domain according to the WHOIS. I assume this is “webmaster@domain.name”, which I sure don’t have set up on my personal site.

- you have to “check your balance frequently and transfer funds wherever you choose”, which suggests that there’s no way to just say “send my my balance every month” and forget about it.

This whole model totally breaks down when you remember that there’s a ton of independent creators who don’t have their own sites, but instead post stuff on another site. Is Brave going to realize that I’m following this particular person on YouTube, that person on Tumblr, this other person on Deviantart, etc, etc? And are they going to ping them or are they just gonna tell the people who own the site?

The page where you sign up to receive payments (https://publishers.basicattentiontoken.org) makes it sound like they understand YouTube accounts and nothing else, and as a creator whos interest in pivoting to video is nonexistent, screw that, I’ll stick with Patreon and it’s opt-in model that just transfers money into my bank account every month as long as I have patrons.

My impression is that Brave's current model actively hurts small creators that would otherwise get some of that money sooner on the donation services they have signed up for, without waiting for Brave's $100 withdrawal threshold to be reached, if it ever does.

I'd be surprised if this will be deemed legal, once more people will find out that there is a company collecting donations in their name and without their consent.

Contacting creators as soon as they receive their first tip may help. Otherwise it just looks like they're capitalizing on our content and keep the long tail of donations indefinitely, while also making it less likely that we get contributions from Brave users on other payment platforms, since as far as they know, they are already supporting us through Brave.

> My impression is that Brave's current model actively hurts small creators that would otherwise get some of that money sooner on the donation services they have signed up for, without waiting for Brave's $100 withdrawal threshold to be reached, if it ever does.

FWIW, you can create an account manually and withdraw with << $100 in your account. $100 is just the limit for them to notify you.


>I'd be surprised if this will be deemed legal

I'm surprised how anyone could think this was a good idea, or even legal. What wouldn't surprise me is an incoming class action.

IANAL but I imagine that the donations are in brave tokens and it may or may not be treated as cash (even though the eventual payout is cash) which may or may not be legal depending on a lot of stuff that's beyond my area of expertise.

But if the idea was to 1) create token and 2) YOLO and yeah, lawsuits incoming.

But it could be that they have good lawyers and that it is actually legal (although as I write it I don't believe that, haha)

Trusteeship, tax laws and the like typically apply to anything of value, whether it's legally a currency or not.

If the tokens are valueless, then what is it they're offering? If they have value, how are they excused from usual rules?

Presumably the same way supermarket vouchers have a cash value of $0.0000001

Presumably the same way supermarket vouchers have a cash vale of $0.0000001

We hadn't considered that many creators would interpret our UI/UX as "solicitation" vs. "letting a user do a thing they want to do in our browser."

In any event, the confusion is 100% our fault and we're working on updating the UI and language to be clear based on all the feedback we've gotten. We must do better.


Might I also recommend you update the language on the "tips" overlay itself to remove any implication the money is actually going to the creator when the truth is really that its being held by you, essentially in escrow, until they claim it... which they may never actually do. And even using "tips" to describe the process also seems rather misleading in this case too.

Also, automatically scraping a creator's profile picture and adding it to your own overlay to give yourself the appearance of legitimately representing them is incredibly misleading as well. So might I suggest you stop doing that too.

We just posted up info about the hotfixes going live and I think you'll see your ideas!. This blog post lays out what we're doing: https://brave.com/rewards-update/

Thanks for your feedback and suggestions.

As far as I know none of my fans have even heard of Brave, so they're probably giving me money via Patreon or the occasional commission (and I should probably make the Paypal tip jar a bit more prominent, as well as maybe setting up Ko-fi or its ilk someday). But if Brave finds money to start a serious publicity campaign and get new users then I can definitely see that being a problem.

Needs a lot better way for them to contact creators, too. Probably they need some actual humans figuring out contact methods for a few years of growth instead of just assuming that "webmaster@domain.name" will get to the right person, and slowly building solutions for multi-user platforms based on the overall revenue of those places.

(Wedging into multi-user platforms by blocking their ads also has the problem of who's gonna pay for the servers if all the ad money gets siphoned off by Brave.)

Just to clarify, a content creator just needs to register with Brave once and all further contact will go through whichever channel they choose.

I suppose the presumption is, once (if) Brave reaches critical mass, or gets enough press, there won't be a monetizing content creator on the web who isn't aware of it.

My apologies if you know this already. It's just that the "whois" email is not really telling the full story. Unfortunately, this is the best (only?) option they've got to try and contact the creator at this point.

Like most creators I know, I've heard of ko-fi. I don't have an account there. I haven't felt it fits my working methods. They don't have a page to take money in my name, either.

I've heard of GoFundMe and don't have an account there, either. Now that they seem to be quite happy to take money from people making comics designed to "stick it to the libs" I kinda don't want to have an account there. They don't have a page in my name either.

"I don't want to do business with you, and I don't want to have an account so I can opt out of doing business with you" is, I feel, a valid attitude. Is anyone who hears about Facebook's "shadow profiles" happy to know that Facebook is tracking them despite them not using that site?

"Having a human find a contact method for a creator" is an option. It does not scale but how many times do I see people writing stuff here on HN that advises doing stuff that doesn't scale until you know it's worth automating it? If Brave wants their model to work they need to put the time into this kind of stuff. Hell, have the user who wants to pay a creator via Brave do it: "Hi! We don't have any contact information for this creator yet, and our automated methods can't find anything. Would you tell us how to contact this person?" And then not take money in the creator's name until they actually say yes.

We just posted a list of the many changes we're pushing live to address the problems found in our UI: https://brave.com/rewards-update/ Thanks for your feedback.

> actively hurts

What do you think the word active means?

It's been a while since I started using Brave but I felt they were pretty up front with how the payments worked.

I do understand the frustration though of those who don't see this. Brave could warn visitors donating when the content owner hasn't set up Brave Payments. Brave could refund said money back to the visitor if it goes unclaimed after a while. Just random ideas from someone who actually likes their attempt.

My understanding is that automatically refunding as part of the agreement with the Brave user is probably workable.

Even more workable is to be opt-in only. That's what I would do (to the point that I developed a protocol that's purely opt-in).

After all the very passionate feedback yesterday here and on Twitter, we're reworking things to make it clear who's participating in Brave Rewards and will receive tips and who's not and won't. We erred in shipping UI/UX that didn't make this clear enough. We're fixing this.

You erred in "opt-out" versus "opt-in". Literally your founder advocated this spammy method.

We erred in making it appear non-participating creators had opted in at all when they have not.

We just posted a list of the many changes we're pushing live to address the problems found in our UI: https://brave.com/rewards-update/

One of the items listed is looking into blocking all tips to unverified publishers altogether. We hear people's concerns and are going to look into it. In the meantime we've dropped all creative assets (photos) for unverified publishers and are also adding a clear alert saying unverified publishers are in fact not-participating yet in the program. Screenshots in the link. Thanks for your feedback and for caring about this being done properly.

It's good you are trying to listen to feedback. But do pay attention to a common thread: most publishers don't want opt-out, they want opt-in. I'm biased because I designed a different scheme[0] some time back which I guess in some universes would have made me a competitor.

So speaking as an alt-universe competitor, opt-in is the safest move. You can just as easily calculate an imaginary amount of money that would be collected and tell potential publishers that number (that was my plan, because of this exact scenario).

One more thing:

you should lawyer up.

You need a firm with strengths in consumer law, trademarks, charities fraud and trusts law, preferably able to opine across each of your physical HQ jurisdiction, the governing-law jurisdiction in your ToS and wherever Tom Scott lives.

[0] https://patents.google.com/patent/US9853964B2

That sounds so clumsy that I suspect they really don't care / want folks to fail to collect.

Yeah I suspect this is part of their overall revenue model.

Honest question: Why do you suspect that? (I work at Brave. We're all very, very nerdy here. It'd be helpful to understand why a fellow nerd suspects we're up to no good.)

You're taking money for people without a good way of getting it to them (or ensuring that they want the money at all).

My friend Mark had an accident and I think he needs help paying for it. Would you give me some money to help Mark pay for his medical bills? Thank you, I'll just put it in my bank account until Mark asks me for the it.

Trust me, I'm trying very hard to let Mark know I have money for him. I'm going to send a letter to his parent's house so he knows that I have money for him, but only when I get $100. In the mean time I'll just hold on to the money.

Oh Mark never got the money you gave me to give to him?

Well, you only gave me $75 so I never sent him a letter.

Well, it turns out Mark isn't on speaking terms with his parents, so he never got the letter.

Well, he has health insurance and didn't need the money after all.

Where's the money now? I guess it's still in my bank account. No you can't have it back.

>My friend Mark

i'm thinking about starting to accept money on behalf of Hollywood stars like say Tom Cruise. Once $10M is collected (obviously there is no point in bothering Tom with lesser sums) i will do my best to deliver the money to him.

I find it interesting this was not responded to as it is a great and easily understood description of how one could see Brave as a scam.

Response posted above! I was waiting to make sure I understood what actions we are taking in response to all the feedback.

This was not our intention.

We shipped a UI/UX that was confusing. We originally used checkmarks to denote creators participating in the program but did not have clear language or markers for creators not participating in then program. Many have pointed out the problem with that, which is helpful!

That's all being updated now and will hopefully roll out very soon. We've heard the feedback and will make sure no creator assets are used for non-verified creators, that it's clear non-participating creators are not in fact participating, and that any tips sent their way will not in fact reach them unless they choose to participate. We're also adding more clarification around what happens to funds "tipped" to non-participating creators.

We want it to be clear if Mark is part of Brave Rewards or not.

Why do you even allow donations to "non-verified" websites at all? As far as I can tell, there really isn't any legitimate reason for this, other than forcing website owners to sign up for your payment system.

This is a fair question that's being discussed internally as a consequence of the feedback we're hearing from everyone.

Brave is about to push up a number of hotfixes to our code that address people's concerns. You can read about them here: https://brave.com/rewards-update/

You'll see an express commitment to consider whether to completely block out tips to unverified creators/publishers. That's not a thing we could fix overnight but we're acknowledging it might be the best move and committing to looking into it.

>Where's the money now? I guess it's still in my bank account. No you can't have it back.

Except the money goes back to the Brave user pool and ends up in the hands of creators who have opted to participate. Brave's hope is that every content creator will eventually register to collect what's theirs. Their business model depends on it.

Before judging, please read their materials (and examine their pedigree). It's pretty clear they are thinking much, much bigger than what you're accusing them of. This a Google level play, not some two-bit micro-transaction scam (if anything, it's a little bit too ambitious).

This all goes without even mentioning the huge privacy gains to be had for end users if their model works. I encourage you to have a look into that as well if it's a topic you're interested in.

Time will tell if they succeed or fail. But if they fail, at least they'll do so "while daring greatly".

So people can donate to person X but if they don't claim it in time, the money is given away to all the other users that are using the service? That seems really shady to me that donations would be redirected like that. Either keep the money in escrow forever or don't take unsolicited donations without the person's consent in the first place.


Your UI really looks like Tom Scott has signed up to receive donations through you, not like you've scraped his photo and name off twitter and written a fundraising plea with zero mention that he's never heard of you and that you won't even try to contact him until $100 accumulates and then only half-assedly.

For most of us this is our first exposure to your model and UI, so that has set a very negative expectation. This looks like a scam and I'm now trying to figure out how to know if you've scammed any of my users without doing anything like installing Brave or signing up because your metrics probably count that as success rather than suspicion.

Also: your responses here, and Brendan Eich's on Twitter, seem to assume you are somewhere in the general brand feel of the EFF or Firefox. That this is a big misunderstanding of a clearly well-intentioned feature from familiar volunteers to the public interest.

You're nowhere near them. You're in the same mental headspace as ICO scams because you're also promising that if we give your cryptocurrency a bit of money the riches will rain down for everyone. You need to radically change your rhetorical approaches to this PR disaster (not to mention this "feature") if you hope to start building trust.

We've just published a post detailing the changes we're making to our UI in response to all the great criticism and feedback from the last 24 hours: https://brave.com/rewards-update/

These changes will make it very very clear when creators are not participating in Brave Rewards and will ensure no creator assets are being used.

In response to your other comments, I feel good assuming we're somewhere in the general brand feel of the EFF and Firefox. Brave has never once told people to speculate on the price of BAT (we get asked to do so about once a day and refuse because that's not what we're about). Also, yeah, we've shipped a browser used by 5m people a month around the world. There's a long way to go still but it's a start.

Thanks for your feedback.

> In response to your other comments, I feel good assuming we're somewhere in the general brand feel of the EFF and Firefox.

That's laughable. Trust me, among the people who know about Brave at all, you're associated more with Dentacoin and Bitconnect than EFF and Mozilla. I expect you'll have a rude awakening when you're searching for your next job and people decide they don't want to hire a scam artist.

That doesn't just look like a scam. That is a scam. You can't just go collecting for causes without being empowered to do so. It's the same as people that go door to door collecting money for some charity when they are actually just going to spend it on their own stuff.

Hi Jacquesm. We had no intention to scam people. We shipped a confusing UI that should have been better thought out. In response to all the passionate feedback from creators our product team worked around the clock to push up a bunch of hotfixes that should go live tomorrow. You can read about them here: https://brave.com/rewards-update/

Thanks for jumping into the conversation. Also thanks for all the stories on HN over the years.

The UI isn't the only problem. Take your blinders off. People don't want to be opted into a service like this. I believe it was intentional to make it "look" like everyone is already a part of this (see facebook's creating "shadow accounts" so people think everyone is already on there). This is a scammy move and you need to stop. If you don't think you can get your foot in the door in a new market space legitimately then just stick to making a browser and leave tips/funding to Patreon and others.

That's not true. We spent a lot of time designing the UI for verified creators and did not spend adequate time thinking through the UI for unverified creators. The changes being rolled out tomorrow will address the concerns that have been voiced. No one will look like they are participating in the program who isn't.

The 'spend it on their own stuff' is the illegal part, not the going door to door collecting money part.

You most certainly can go door to door and solicit donations to a charity you have nothing to do with...as long as you actually fulfill the contract.

You might want to cite your “most certainly” because I’m far from sure that’s true in all jurisdictions.

We agree it's confusing and are shipping updates very soon that will make it clear, driven by all the feedback we've received here and on Twitter. We didn't set out to confuse people but clearly we did. Not our intention. We will do better.

You invite users to donate to regularly purchase your cryptoassets whilst designing a dark pattern UX which indicates the cryptoassets are being distributed in a certain ratio amongst YouTubers and other content creators. Your website also falsely claims to be sending these assets to these content creators once a month and falsely claims that browser users can see how the assets have been distributed using this UX. In fact, only a small portion of the assets are actually distributed, and the browser user has no way of knowing whether their intended recipients receive anything.

Your investors are rewarded by the cryptoasset price rising from more people buying the tokens than selling them.

Do you honestly not see the problem here?

And that's even before we get into the TOC which explicitly permit you to confiscate funds not claimed within 90 days for growth marketing use....

We do see a problem here. It's unclear why people are assuming it was intentionally done vs. just poorly thought out UI.

We've spent a lot of time discussing the feedback from threads like this and tomorrow a bunch of changes will go live. Please take a look at this blog post detailing them: https://brave.com/rewards-update/

Even if Brave has the best interests of everyone at heart, this kind of thing has been tried many times and nobody is ever happy with it.

If the person doesn't want to make money from their fans, that's their choice and it's not cool to possibly mislead fans into thinking the person is taking their money.

It's a pain for people to have to constantly monitor all the random sites collecting money "for them". New services are popping up all the time, how are people supposed to keep track? No, Brave is not going to be able to find the correct way of contacting everyone.

If your service is great, why not make it opt-in and advertise it? Patreon succeeds because people want to sign up and make money from it when they're ready to do that. I believe you're all trying to do their right thing and not take anybody's money fraudulently but this isn't the right thing.

I would assume that the accumulating money waiting to be claimed is a carrot to get sites involved.

We've just posted up a rundown on the changes we're implementing in response to feedback from threads like this. Please give it a look and see where it lands for you: https://brave.com/rewards-update/

We shipped confusing, poorly thought out UI, got a bunch of negative but really thoughtful feedback, and are moving quickly to get things fixed.

Basically it feels like you are saying "we will take donations for you but tell you we are getting them in the most obscure ways possible, and we will certainly not make it easy for you to claim them".

Or to couch it in the form of a GenX nerd reference: if you're taking donations in my name, you're telling me about them by putting a note to that effect in a locked filing cabinet stuck in a disused lavatory with a sign on the door saying "Beware of the Leopard".

Realistically, I would say it'd look a lot less suspicious if you stopped taking donations for people until they have actually opted in. I'm on Patreon because one of my fans said "hey I really wanna start giving you money for your comics, would you set up a Patreon?", not because Patreon found my stuff and set up a tip jar for me.

Also automate the payouts, if I have ads on my stuff then I get money every so often as long as I've accumulated more than the minimum payout, but I have to remember to go check with Brave? Come on, it can't be more than a couple day's hacking to give a creator the option to say "pay me every month if I'm above $minimum_payout". (And if this is a thing you can now set up to happen regularly, there are webpages that need to be updated to reflect this.)

> why a fellow nerd suspects we're up to no good

You're taking money on peoples' behalf without their knowledge or permission.

What the fuck more is there to understand?

Here's the bright ethical line: don't accept any money unless you can be assured that you can provide it to the beneficiary. At least failing that, make it abundantly clear to donators that there's no reason whatsoever to expect the funds to actually go to the recipient.

The moral hazard is blindingly obvious: the worse you are at getting funds to where they should go, the more money you make.

This is going viral and it's time to talk to your lawyer about your personal liability in this clusterfuck.

We've shipped a bunch of hotfixes to our UI in response to this thread and others. You can read about them here: https://brave.com/rewards-update/

Thanks for your feedback. We shipped UI that sent the wrong message about unverified creators. Understood. We're hustling to get fixes in place and talking more about what we can and should be doing.

You're taking donations on other peoples behalf without their consent. That's the definition of "up to no good". Why would you assume you can do this and people will be okay with it?

Not our intention. We've just posted up a rundown of the many changes we're pushing up tomorrow to address these concerns and clarify things a lot more: https://brave.com/rewards-update/

Thank you, this is a step in the right direction. Holding users money forever because they donated to a person who may know nothing about your platform is still scummy though. What happens to that money in the mean time? Is it sitting in a bank account you're earning interest on? Is it guaranteed by a financial institution?

You've made the representation slightly better, but this post still sounds like financial fraud.

> A change so that users may contribute only UGP-granted tokens to unverified creators, but can contribute self-funded and grant-funded tokens in any combination to verified creators.

This sounds reasonable, but you could also just not accept donations on behalf of people who haven't signed up for your platform. Why the hell should I as a creator be forced to waste my time opting out when you have no right to use my name to entice users onto your platform anyways? (not that I personally would have any value, I've never created anything anyone would care to donate for, I'm speaking hypothetically of course)

Furthermore, what if I have my own methods to donate to me and instead users of your browser see that I'm an unverified creator and donate through that instead? Now you've lost me donations I otherwise would have gotten. That sounds like serious lawsuit territory right there (though I'm not a lawyer, of course).

Why would I suspect anything else with the way it's presented?

Presumably you'd be entirely happy if I made a fork of Chromium or addon that asked for donations on every Brave related site and personality.

I'd try and tell you via whois data (even when it's twitter and YT that doesn't have whois lookup for end users) when the amount passed $20k. I'd go with $100, but as it's a side project I can't yet add a system to manage smaller donations. It's on the todo list.

You can withdraw funds earlier if you ever happen to randomly discover I'm collecting donations for you. Otherwise I'll sit on it to help with development and hosting costs. Thanks.

Brave Co would be happy with this and would not resort to lawyers?

We agree our UI sends the wrong message. We're pushing up a bunch of fixes to make it clearer tomorrow. You can read about them here: https://brave.com/rewards-update/

Thanks for your feedback!

This almost sounds like something that belongs on /r/fellowkids. Combined with the description in your profile with the whole "I'm on HN to learn from people out there in the trenches" line makes it all come across very badly IMO. (Written from mobile Brave and love the built in script and ad-blocking, but I honestly think you'd be better off addressing some of the concerns here rather than sidling up and saying "hey I'm one of you"

All of the other comments have described (much better than I can) why this is likely some kind of fraud (and definitely unethical).

I wanted to comment on the "fellow nerd" trope -- I don't see why it matters that you (or the majority of Brave) are nerdy. That doesn't mean you are somehow incapable of acting unethically or committing fraud. Many of our "fellow nerds" have broken the law. It doesn't diminish their intelligence, but it does reflect on their morality.

It's a non-sequitur.

Do you return the donations to the donor if they are not accepted by the recipient in some period of time? Like, after a year or something?

No, since they anonymize the flow and thus do not know where the money came from. https://twitter.com/BrendanEich/status/1076198964607610880

What you are doing looks like fraud.

Why not simplify this and make it opt-in?

We've just published a blog post listing then many changes we're pushing up tomorrow to address concerns in this thread and on Twitter; https://brave.com/rewards-update/

As it says in the post, we're definitely planning to talk about whether to block attempts to tip unverified creators altogether.

Is the implication here that "fellow nerds" should always be given the benefit of the doubt for some reason?

I've seen some "very nerdy" people engage in some "incredibly selfish and shady" activities, so I can't help but laugh at that idea.

Not specifically. But yes, fellow people should be given the benefit of the doubt in my opinion. I was asking if Brave had done something to merit not getting that.

Fellow people? Sure.

A company collecting charitable donations? No, that deserves immediate scrutiny. Your business model is beyond sketchy. You're approaching this with an affronted "but we're all nerds here!"

It doesn't matter if you're a nerd working for a crook, a crook claiming to be a nerd, or just a crooked nerd. But the business model has a smell and if you don't recognize it then you're merely complicit.

You're on a thread about Brave shamelessly committing donation fraud and you're surprised people aren't giving you the benefit of the doubt?

This whole episode is a case study of the way people who have convinced themselves they're doing something positive for humanity can find moral justifications for any transgressions along the way.

(putting on my Ravenclaw tie)

It's for the Greater Good™!

> But yes, fellow people should be given the benefit of the doubt in my opinion.

That's... a fascinating approach to monitoring the actions of companies. "This company contains people, so everything is probably fine".

I'm reminded of mail-in rebates.

I am on the business team at Brave. We want people to collect and get paid. It's a huge part of why we come in to work every day, to work on stuff that helps creators get paid.

I'm sure there's UI/UX stuff in Patreon that could be better. That doesn't mean they don't want creators to get paid. It just means there's room for improvement.

People on Patreon intentionally wish to accept donations, while you hide their Patreon ads, links to their other sites, and replace it with your unwanted platform? You can't compare yourself with a service that _someone particularly opted into and wants and set up themselves_ with _misusing someone's brand to take money as an unauthorised third party, while at the same time blocking that person's intended messaging to collect money for themselves_

Right. The sensible thing for any Patreon user to do would be blocking Brave based on UserAgent.

Oh, turns out Brave doesn’t have its own UA: https://www.ctrl.blog/entry/brave-user-agent-detection

What a dishonest product.

Wow, this is even more dishonest than I thought. Intentional choice too, not a "forgot to update after forking x browser".

Come on, man. The 'donation' UI was clearly designed to deceive visitors into thinking that the creator signed up and customized it themselves. Brave fucked up big time, and you aren't doing your employer any favors by commenting here; at this point the only people who should be making statements are Brave's lawyers.

We've just published a rundown on the many changes going into the UI to address concerns like these. You can find it here: https://brave.com/rewards-update/

We shipped confusing, poorly considered UI and are hustling to get it fixed. Thanks for your feedback.

Dude, that UI was not merely 'confusing', it was clearly intentionally deceptive. Nobody here is dumb enough to fall for such blatant PR spin.

If you're sincere, then for starters, how about removing the $100 threshold immediately, and notifying all people who have had donations made to them, so that they can come and claim the money?

You really want to get spammed with "claim your 5ct in donations for signing up on our website!" every day?

I'm suggesting that for starters, they do it once so that people are at least aware that someone is soliciting donations in their name. I don't think that's enough, but it's the biggest source of contention.

I think people may be forgetting that Brave is a very small, new company, and not everything is streamlined yet...

I don't think being a startup justifies switching on the "deduct money from my account to pay these entities" button before you've figured out how and if you can actually pay them.

That's no excuse for financial fraud.

fraud implies intention

Read the terms of service. That's intentional.

What is it that Brave is doing that they did not intend to do? Software doesn't release itself.

And this is intentional, so "fraud".

Maybe, but i'm pretty skeptical of the "taking money but not actually all that capable of getting it to the other person" to be a larger issue than streamlining.

There's some things that you should not even start doing until you're certain that you can do them properly from beginning to end. If that breaks your business model, then your business model was shit.

This is why the "move fast and break things" ethos is a terrible idea for anything more substantial than social media. See Robinhood, Theranos, etc., etc.

A lot of scams are small enterprises.

This. Tabs on the side has been their number one feature request for quite a while now. They're a pretty small team.

I work at Brave on the business team. This is helpful feedback.

Brave is a startup with a small team earnestly building a new thing that combines a browser with a tipping system, with creator tools, with ad blocking... it's ambitious!

As it's a new thing, describing it can be messy sometimes. We're always working to make our language better and clearer though. Thank you for letting us know it fell short for you.

To address a point:

We know there's a lot of creators on a lot of platforms. At the moment, we've built support for creator channels in the form of web sites, Youtube channels and Twitch channels. When I joined this past summer I had the same reaction. "What about Tumblr? What about Twitter?" Each new platform takes time to write support for and we have a long list of features requests. We'll get there!

The complaint is that you're soliciting donations in the names of specific individuals without their knowledge or consent.

Relative to that complaint:

> Brave is a startup

... is not relevant.

> with a small team

... is not relevant.

> earnestly

... is not relevant.

> building a new thing

... is not relevant.

> that combines a browser with a tipping system, with creator tools, with ad blocking

... is not relevant.

None of these things are relevant to the complaint being offered. It doesn't require a large team to not solicit money in other peoples' names. It doesn't require an established product to not solicit money in other peoples' names. It odesn't require checking off all the boxes on your feature TODO list to not solicit money in other peoples' names. All it requires is to not solicit money in other peoples' names.

Here's the deal. If you want what you're proposing to work - you need to copy the model that Google briefly used with Google Contributor.

Bid on the exchanges for the ads you want to block. Then serve cat pictures (or whatever). The creators will get paid through the existing payment infrastructure and you don't need to build an entirely parallel, opt-in system that will probably never gain enough traction to be worth using.

I'm still amazed and saddened that the original Contributor didn't work out.

It was such a great concept that would work all the way from first introduction to a hypothetical future where everyone uses this and nobody sees ads.


That said, it's better if it's someone other than Google doing it. Google only has access to bid on the Google exchanges, but a 3rd party can bid on AppNexus, private exchanges (WSJ), etc.

>Each new platform takes time to write support for and we have a long list of features requests. We'll get there!

And until you write that support do you still take tips and send them to the whois account holder of the domain? Or do you block tips?

Have you addressed the GDPR issue? What is your legal basis for using someone's identity?

That was not our intention. We see how people could argue we were though so we're dropping creator images from our overlay that explains tipping to unverified creators. You can read about this and other changes we're rolling out here: https://brave.com/rewards-update/

Can you break down how user dollar contributions were disbursed in 2018? What percentage was paid out to websites and content creators; what percentage was paid into the user growth fund; and what percentage was taken by Brave as a fee?

the statements from Brave people on this thread seem reasonable ; many inflammatory comments here do not seem reasonable

Sure, Brave's PR approach seems reasonable: act like you're confused and listening, but don't respond to anything resembling criticism.

But acting dumb and carrying on is an inflammatory action, when your actions are ethically bankrupt -- an inflamed response is warranted and quite reasonable in this situation.

I disagree completely. So far, both here and on Twitter, the core complaint, that donations are solicited in the name of people who have no relationship with Brave, and from whom Brave has no consent, has been completely ignored.

The fact is the original complainant, Tom Scott, and many others, find that practice abhorrent, and the response so far has been deflection or vague promises that the Brave team want to help content creators, whether they want the "help" or not.

We just posted up a list of changes going live tomorrow that hopefully address all the concerns listed in this thread: https://brave.com/rewards-update/

Thanks for your feedback.

Honestly I would find it much easier to pay you in BAT fully but Ill be honest, that sounds like a pretty convoluted process.

> makes it sound like they understand YouTube accounts and nothing else

The text on the page - as I see it now - says "Do you run a web site or are you a YouTube creator". I think that doesn't say "YouTube accounts and nothing else", since it explicitly mentions "web site" before Youtube.

That's after a paragraph where I listed like five large sites with tons of users on them.

Oh apparently they understand Twitch channels too, huzzah, ugh.

So I typed my domain into the setup thing and I got this:

"Hello. It looks like you are using WordPress!"

"Your domain is NOT using HTTPS.Uh oh! Your domain is NOT using HTTPS. You will need to fix that before continuing."

"The following error was encountered: SSL_connect returned=1 errno=0 state=SSLv2/v3 read server hello A: sslv3 alert handshake failure"

Why do I need to be using HTTPS before you'll think about paying me, Brave? I've been getting along posting comics on my HTTP site for an entire decade, and I'm really not interested in bothering to set that up. You are really not built with any understanding of the level of technical knowledge among people who make art, are you. And I'm unusually technical for an artist.

Oh wait there is a 'choose different verification method'. I can place a trusted file in my domain? Nope. Requires HTTPS. Or I can add a record to my DNS settings; let's try that... looks like I gotta wait for the dns to propagate, that's always fun.

I mean, they are not wrong, you should be using HTTPS.

Why? I don’t have any user accounts on my site. Just stuff. And I’m too busy drawing new stuff to try and get HTTPS working.

I had ads on it just fine without HTTPS. I’ve had PayPal links without it, I’ve had Patreon links. Getting Brave hooked up is a giant pain in the ass compared to everything else I’ve tried.

Because not using HTTPS allows an end user's ISP to inject their own ads on their rendition of your website. Whether these ads are for third parties or are telling them about how much data they have left on their monthly plan, I think we can agree that protecting users from their scummy ISP or potential bad actors on their Network by throwing https onto your site is worth it.

We're always trying to make the verification process better. On the one hand, it's a pain. On the other, we don't want to let someone other than you pass themselves off as you. The DNS and HTML snippet methods are similar to how verification works for many of Googles publisher and advertiser services, for what it's worth. Sorry this has proven frustrating but I hope DNS updates for you soon!

> we don't want to let someone other than you pass themselves off as you

Wait, but that's exactly what you're doing to Tom Scott by collecting money in his name after he's asked you not to.

So just to compare:

I can set up PayPal donations by including a simple link.

I can set up Patreon donations similarly.

I’ve claimed my site with Google by putting a file in a hidden place. Worked fine over HTTP.

But Brave? Brave, I gotta get this ten year old site converted over to HTTPS. Or wait for DNS to propagate for half a day. All the while y’all might be “taking donations” for me that I’ll never see unless I get this sorted out. Honestly I’ve spent enough time on this that if I don’t see that your site’s seeing my DNS tweak when I poke at it today I’ll probably just see about making my site refuse to serve my content to Brave instead; I’m happy serving my stuff for free but not happy with y’all making money off of it.

DNS still isn't updated, and I got signed out of my session on your site. I'll probably be signed out again by the time I check tomorrow, if I remember to.

That's a ridiculous complaint and you know it. Oh no, you have to wait 5 minutes for DNS propagation, what a scam!

Half a day and it still hadn’t propagated. If I could just stick a snippet of text in my site somewhere like I’ve done to authorize with other things it’d be fine, but Brave wants me to dig into this site that’s been working fine for a decade and make it HTTPS before they’ll let me do that.

Most creators are less technical than me and wouldn’t have even gotten that far, and if Brave was taking donations in their name they’d never get paid out. Which kinda sounds scammy to me.

I'm pinging our support team to see if someone can help you get to the bottom of this.

When they first came up on HN, that was pretty much the chorus: Nice thought, but the implementation isn't practical.

Brendan Eich's defense of this scheme [0] seems a bit weak to me. Do you really think the solution is to make creators opt out? What in the world makes you think it's okay to represent people who have not asked for your assistance and take donations on their behalf? Why is it their responsibility to ask you nicely not to use their name to solicit donations?

[0] https://twitter.com/BrendanEich/status/1076187316748615680

This must be against some kind of law, I'm not sure which though.

Not at lawyer, but using a third party's persona to collect money (for whatever purpose) sounds like a blatant breach of personality rights https://en.wikipedia.org/wiki/Personality_rights

At the very least it should be a violation of trademark law.

(1) Any person who, on or in connection with any goods or services, or any container for goods, uses in commerce any word, term, name, symbol, or device, or any combination thereof, or any false designation of origin, false or misleading description of fact, or false or misleading representation of fact, which—

(A) is likely to cause confusion, or to cause mistake, or to deceive as to the affiliation, connection, or association of such person with another person, or as to the origin, sponsorship, or approval of his or her goods, services, or commercial activities by another person, or (B) in commercial advertising or promotion, misrepresents the nature, characteristics, qualities, or geographic origin of his or her or another person’s goods, services, or commercial activities,

shall be liable in a civil action by any person who believes that he or she is or is likely to be damaged by such act.

IA-definitely-NAL, but I can't see a way that opt-out can be legal here.

Maybe the legal defense applies the same logic of consent in third-party tracking (third-party provides the service in behalf of the first-party, to whose terms you agreed by using its service. Even that may clash with laws like GDPR):

Brave, third-party, is providing a service to the first-party – the browser's user – who contracted it as a way to provide a best-attempt donation for the creator.

(If it's not obvious, I'm not privy to the details AND US federal and states' law)

The only legal way I can see to do what Brave currently does is to spam the hell out of creators (ah, growth hacking) when someone attempts a donation, but only take the money after the creator signs up.

Well, how about this...

I'll send you $20, if you agree to try to get $15 to the XKCD guy somehow.

If you accept this deal, have you broken the law?

Maybe, a few years back I had the idea to create a service identical to what Brave offers today (except based on the traditional banking system, not cryptocurrency) however I stopped after reviewing the money transmitter laws in the United States and determining that they were not compatible with this business model.

It's possible that Brave has found some sort of loophole that allows them to do this, but I haven't verified that.


I have also had this idea (I think everyone who thinks about the problem space for > 30 minutes stumbles on the basic business model).

Expanding your point: banks haaaaate this kind of business model. They see it as a fertile breeding ground for chargebacks, which are very expensive to them.

You could argue it's charity fraud, though the "intended" target isn't being represented as a charity they are being given donations (so "charity donation fraud", I guess). But it's likely some flavour of fraud.

Identity fraud is against the law. Soliciting donations on behalf of an individual without that individuals consent is fraud.

It reminds me strongly of 37signals vs GetSatisfaction: https://signalvnoise.com/posts/1650-get-satisfaction-or-else

I work at ClearCoin, where content creators can opt-in to share in the profit.

Chrome Extension: https://chrome.google.com/webstore/detail/clearcoin-the-ad-b...

My basic objection to the "opt-out" scheme is that my browser is effectively acting as a man-in-the-middle agent, confusing both the reader and the author, and co-opting any existing compensation or donation procedure.

For example, consider http://www.vim.org, which hosts the text editor Vim. The author, Bram Moolenaar, makes this editor freely-available, and asks that any donations be directed to ICCF Holand, a charity that serves the Kibaale Children's Center in Uganda.

The Brave browser, as it stands now, inserts itself in the middle of this established reader/contributor relationship and now claims that it'll take your donations and administer them on Bram's behalf. The user who falls for this scheme then sees what appears to be _additional_ requests for donations (the _actual_ request). _At a minimum_, this inserted message sows confusion where there once was none. In the worst case, money that would have gone to the ICCF is now held in escrow by Brave, and may or may not be delivered, and if so, will go to Bram directly rather than to the charity he hopes to support.

This is just one example of how the browser intercepting and modifying what you see is a truly bad design (intentional or not).

Thanks for laying this out. Due to great posts like this and many others in this thread and on Twitter our eng. team is pushing up a bunch of changes tomorrow. You can read about them here: https://brave.com/rewards-update/

The bottom line is that it will be much much much clearer that unverified creators are not participating in Brave Rewards and what happens to any BAT tips a user tries to send to one. We'll also not be using any creative assets at all from unverified creators like their Youtube images. In the post we also commit to looking into whether to block attempts to tip unverified creators altogether.


What is the difference between a “tip” and a “donation”?

I use the Vim browser, and I want to support the project. Let me just grab the manual to gain a clear understanding of the terms and definitions the browser requires me to understand before I render said support according to the protocol we (reader and author) now find ourselves subject to. Oh Brave new world …

I'd been really loving Brave and using it as my daily driver for a few months now, until that I noticed that little "Brave Ads" icon at the end of the address bar. That's when I realized their entire business model is just in the usurpation of existing Google ad revenue, dressed up with "privacy concerns" for the good PR. This sent me on a journey to find a really solid, free, Chromium based browser that is totally de-Googled, which seems absolutely impossible. I've tacitly settled on Vivaldi, but it's just impossible to really know if they are trustworthy as a company in the long run. Ultimately I feel like I can only trust a browser who's entire build process is open source at this point.

My understanding is that you're experiencing Brave's other project, which is somehow both more scammy and scummy than this one. The idea is to replace the ads already in the web page with "good ads" approved by Brave, and give the original publisher 1/3 of the resulting revenue through some similarly unclear means.

This, of course, is exactly the same model as many pieces of toolbar malware, with the genius addition that by letting publishers opt in to receiving a small fraction of the revenue, they hope to make it easier to accept the loss than to sue.

Of course they'll respond by saying that users choose to download and run Brave. But the long term financial success of the project is dependent on most users either not knowing or not caring that their browser is inserting ads into webpages and taking funding from publishers (and maybe "opt-in" to seeing replacements ads through some UI dark patterns, I don't know). Frankly I don't see any real difference between this and the average toolbar that promises to "add value" to the browser.

Brave has the worst business practices of any open source company I know of, and they're a blight on the community in general.

The ad replacements are opt in, are they not? Ads for me are just straight up blocked.

Brave doesn't insert ads into the browser or otherwise replace web site ads. This is a thing people like to say about the company because it'd be obviously lame if we did this...but we don't do this. Do you have a citation for the claims that Brave does this?

If that's not what your Wikipedia page means, then it could hardly be more misleading.

"Brave Software has announced that it is developing a feature allowing users to opt in to receiving ads sold by the company in place of ads blocked by the browser.[8][9][10] Brave intends to pay content publishers 55% of the replaced ad revenue. Brave Software, ad partners, and browser users would each be allocated 15% of the revenue."

"in place of" is not correct. We're not replacing any ads in the browser. We are building a completely separate ad platform into Brave that will go live in 2019 but calling it a replacement for blocked ads is an inaccurate, weird construction. Not sure who wrote that wikipedia entry. The 55% number is not accurate either.

Could you explain what you mean by "a completely separate ad platform"? My understanding is that Brave's model is to block all native ads with tracking, and in the place on the site where that ad would normally be shown, to show an ad from Brave's own network. Is that accurate? If so, I think "replacement" is a very accurate label.

And here's a bit from Ars Technica's initial review of Brave:

"In practice, Brave just sounds like a cash-grab. Brave isn't just a glorified adblocker: after removing ads from a webpage, Brave then inserts its own programmatic ads. It sounds like these ads will be filled by ad networks that work with Brave directly, and Brave will somehow police these ads to make sure they're less invasive/malevolent than the original ads that were stripped out. In exchange, Brave will take a 15 percent cut of the ad revenue. Instead of using tracking cookies that follow you around the Internet, Brave will use your local browsing history to target ads."


Is that inaccurate? Was that accurate at some point in the past? I don't deny that I could be wrong and misunderstanding what Brave is trying to do, but I would posit that I have done due diligence here. This does seem to be the idea the neutral tech media has of Brave, like it or not.

We're building a way for users to opt into getting a few ads a day in the form of device push notifications (alerts in the top right of your monitor etc). We're not injecting ads into the HTML of sites visitors view. So yes, we're doing ad stuff, but we're not "replacing" the ads that we're blocking. Does the distinction make sense?

To your point about the Ars Technica comments, my understanding of things from conversations since I've joined in July 2018 is that when Brave launched, they put out a lot of info about stuff they were _going_ to do, and one of those ideas was to replace ads. However soon after launch, a lot of folks in the company and outside of the company explained to management that this was a really stupid idea and would be scummy. So Brave never went forward with it though it was a talking point to journalists early on. You could argue that having an idea to do a scummy thing two years ago is very bad. I'd like to think it's good when startups listen to feedback and adjust their product plans accordingly.

> when Brave launched, they put out a lot of info about stuff they were _going_ to do, and one of those ideas was to replace ads

So it's not exactly a baseless claim. I think between that ad idea, and this donation scam, I would _never_ use Brave nor recommend it to anyone. On top of that, it is blood boiling to watch you sit here and try to defend this scheme as a "UI problem" over and over again.

No it is a baseless claim. Brave's never replaced ads and has no plans to do so. And yes, this was a UI mistake that's being fixed as quickly as we can to address valid concerns from users.

Honest question. Why not Firefox? What are your concerns with it?

Firefox runs worse than chrome still, and it doesn't work well at all on my 2 core 2015 macbook pro. It works fine on my 6 core & 4 core machines although.

I would also like something like the easy user switching that chrome has, since once user would have one set of session tab logins (twitter, fb, google, etc), and another user would have another. firefox -no-remote isn't that smooth of an experience compared to chrome's user switcher.

The Containers add-on[0] for Firefox that Mozilla makes has satisfied my need for partitioning. It's on a per-tab basis and also lets you define certain domains to automatically open in a specific container (e.g. Jira always opens in my Work container).

I can't really speak to Firefox's performance issues though. I feel like they're just as good on rendering and JS speed, but the overall UI doesn't have the same "fast" feel that Chrome does. Chrome has also seemingly gotten slower for me too.

[0] https://addons.mozilla.org/en-US/firefox/addon/multi-account...

I use the containers add on, and it's pretty much the only real advantage FF has over chrome.

Still need user switching although, because sometimes I want to separate multiple google/twitter/etc accounts for example and still want the automatic url-based container activation.

If brave implemented containers although, I would probably use it because chrome works better than FF.

If you run Firefox with the -P command line argument, a profile selection screen comes up in which you can create multiple profiles. These are completely separated (down to the HSTS state!) "accounts".

I don't know how MacOS works, but if you set your Firefox shortcut to firefox -P you can switch profiles by restarting Firefox. Granted, it's not as nice as Chrome, but it might still be of worth to you in some way.

I know about the -P command, that is why I was referencing the -no-remote option ;) Firefox has multi-user, it's just janky.

You have to double click on your special shortcut with the command line option, and if some other program tries to open a url with firefox as the default browser with the -no-remote / -P command, then it will just not work if you have all users open.

While with chrome it's 2 clicks away and no edge cases making other apps opening urls not work.

Every time the containers add-on gets updated, it forgets all your preferences.

I've been using containers for some time now (probably since not long after it was announced) to keep my twitter accounts separate, and I've never had to reset or update my preferences.

On at least 3 separate occasions now I've gone to open a container tab, and found that I was back to the default set of (Work, Personal, Shopping, I think). Even better is when this happens, it also resets the count on how many container tabs you've opened, so near the end of the day I'll go to shift containers and get blocked by a "Congrats! You've opened 100 container tabs!" that needs to be dismissed.

This has happened to me several times as well. I use them with the temporary container tabs add-on (so, short-lived containers by default, plus a selection of specific sites that I retain information for, with strict cross-domain isolation), and let me tell you, losing that configuration is painful after setting it up.

The fact that you can't sync container configuration between devices is also a huge pain point, when you have a nontrivial setup.

I still use them, but I accept that I'm going to endure some pain now and then; I can't recommend Firefox containers to people who just want to get work done right now.

Really? Is that a known issue? I haven’t experienced that and I’ve been using containers on Firefox since they were introduced.

I've been running Firefox Nightly, and it's way faster.

Strange. Firefox seems to run just as well as Chrome for me nowadays (on Windows though).

Firefox absolutely sucks on Android. It's fine on Mac OS, but it is so much slower than Brave (Chromium based) and Chrome itself, that it becomes irritating to use. That being said, it does support extensions like Ublock Origin and Ghostery.

Mobile Chrome means zero extensions and ad hell, so Brave it is. Same Chrome engine and UI (swipeable tabs is something I miss in Firefox Android) and adblocking.

> Firefox absolutely sucks on Android.

Have you tried it lately? I agree that it used to, but it has improved vastly. It's my daily driver now.

I did, tried it for a week, honestly the scrolling still feels horrible when compared to Chrome.

Agreed that scrolling is still janky, but the syncing of prefs (especially add-ons) is well worth it, imo.

Heck, even just the one add-on that lets you sleep your phone while a YouTube video continues playing is well worth using Firefox. Such a basic functionality isn't enough reason to get YouTube Red.

And then, you have add-ons like ublock origin that give you the Brave-like functionality without all this brouhaha.

I absolutely agree with that, scrolling feels really janky but I did get used to it.

Do you have old hardware? I use Firefox on my Pixel 2 and it's great, especially with ad blocking.

I'm using Firefox right now om android and its a nice experience. Chrome variants are smoother scrolling I guess but the sync is sure nice in Firefox.

I've tried over and over for decades to like Firefox, but I just don't. I can't say it's a rational decision entirely. But beyond that, I just think that Mozilla's motives can't really be trusted at face value with the amount of revenue they have these days, and their whole profile sync service. It just comes down to incentives, and any company which collects any kind of data has the incentive to profit at our expense regardless of ideology. Especially where people's salaries could depend on it.

What about the whole profile sync service? It's designed to be privacy preserving by encrypting everything locally with a key only you have. https://hacks.mozilla.org/2018/11/firefox-sync-privacy/

Sorry if I misunderstood you, but you said you were using Brave. Perhaps you should review how you evaluate the products you use because your record isn't great.

If you were wrong about Brave, your concerns about Firefox and Mozilla could be wrong as well.

What about the profile sync service can't be trusted?

It's end-to-end encrypted. Mozilla doesn't have the keys.

It's just an attack vector I wish didn't exist at all. There's also metadata. Sure Mozilla doesn't have your passwords, but they know who you have passwords with. That creeps me out.

There's nothing wrong with the all-purpose heavily featured approach of stuff like Chrome and Firefox, and I get that other people like Sync, I just really wish there was a totally stripped down basic internet browser I could trust.

>Sure Mozilla doesn't have your passwords, but they know who you have passwords with.

Do they? I just skimmed the source and could not find anything that hints at that (and implementing it the way you said it is makes for much more complex code..)

I just don't enable it. It's not on by default.

For the average user—think your uncle who's about to ask you tech support questions this weekend—using Firefox Sync is way better for their privacy and security than reusing the same password everywhere. And for those of us who have and use password managers, Firefox Sync is not on by default—unlike Brave's attention-tracking or Chrome's Google logins.

Isn't profile sync opt-in?

"Face value"? Try "source value".

What exactly is your problem with an opt-in service?

Is Mozilla run that lean even with >$500M in revenue?

The majority of that funding seems to come from royalties ($504M of $520M) [0]. What would be the leaner way of collecting those royalties?

[0] https://www.mozilla.org/en-US/foundation/annualreport/2016/

If we didn't do business with any company that was run inefficiently we would not do business with a lot of places. I'm not sure how the efficiency of the business is entirely coupled to whether or not the product is usable and meets user needs in ways that other competing products cannot.

Brave is completely open source and the ads are opt-in.

https://github.com/brave/brave-browser https://github.com/brave-intl

You're right the business model is advertising, very similar to Google. However the key difference is that they're trying to enable ads in a way that is privacy focused. They don't let websites track you. The whole point is that there are client-side algorithms that decide what advertisements to serve you.

Brave is open source where Vivaldi is not. Vivaldi seems to have some performance issues as well.

Aren't the Brave ads opt-in?

Brave ads will be 100% opt-in.

That's not exactly symmetric with the policy for creators... You guys screwed up on this issue, and you need to stop everything else you're doing until you figure out how you're going to fix the screw-up and apologize. Until then, posting here is not helping your brand image. Maybe if you don't understand what you're doing wrong you could re-read this thread until you do, but really you should just hire a CPA. A bank is not allowed to commingle deposits with its own funds. You should not keep money that is intended for creators.

"Will be" or "are"?

"Will be", as in, "are not".

I have Brave installed on my work machine, it's opt-in... I don't have it activated and never even clicked the Ads button. It even shows as disabled in the settings.

I used "will be" because the product has not actually been launched yet in a release version of Brave.

Have you checked out Ungoogled Chromium? Link to their GitHub: https://github.com/Eloston/ungoogled-chromium

I have, and it's great. But it just comes down to trust. At the end of the day you are still trusting some random internet person to distribute the binaries. I don't want to have to build from source just to be able to trust my browser.

Honestly, if you're running a Mac, your rationale seems to point to using Safari as your browser. I had a similar thought process as you, and Apple's incentives as a company seem to align best with mine. Apple's incentive with Safari is to make your user experience of running on Apple products better, to keep you in the ecosystem. Apple has taken a hard stance on exposing, collecting, and sharing user data, and although some of their AI suffers from this (i.e. Siri), their stance is something I can get behind.

Apple seems like the only company that builds a browser that is not incentivized to collect ad revenue. I've been using Safari for everything for the past few weeks, and really liking it. The performance on Apple hardware seems better too, and there are some cool Apple ecosystem features built in. I'm a web developer so there are certain things I still need Chrome for, but in those cases I fire up a single Chrome tab and use Safari for everything else.

I noticed that, too. I tried to use Brave on mobile, and it ran about 5 times slower than Chrome. It's just not worth switching from Chrome IMHO.

Exact opposite experience. I use Brave as my default Android browser specifically beacuse it's fast like Chrome, but without the ads. At work, I don't mind using a non-adblocked PC, but mobile ads are a special kind of hell.

de-Googled Chromium from an entity we trust is key here. Google and Microsoft are not trustworthy. The cool company of the day is not trustworthy in the long run, agreed. The only entity I know that I trust is Mozilla.

I am backing Mozilla each year with small donations and yet I am not using Firefox. I tried many times and I always return to Chromium (Brave on mobile and Chrome on Desktop).

So my solution is for Mozilla to fork Chromium and see what happens.

What about plain Chromium?

take a look at ungoogle chrome if you are on mac or linux. https://github.com/Eloston/ungoogled-chromium

Not sure why you don't like Brave? You can turn off all of the crypto currency and advertising stuff. I think its a good idea personally. What is the problem in usurping googles ad business, exactly?

I've read un-googled chromium is often behind/not up to date with the latest Chromium release/updates (which makes it not secure).

Source: https://github.com/privacytoolsIO/privacytools.io/issues/274...

i found that post because the un-googled chromium author linked to it here: https://github.com/Eloston/ungoogled-chromium/issues/640#iss...

> they said "we'll see what we can do" and that "refunds are impossible".

If a judge finds they've established themselves as a trustee, this argument won't fly. In fact it will make a quite spectacular and expensive thudding sound.

The trustee-beneficiary relationship arises from the situation and does not require a contract to be formed. If you are the legal owner of assets "for the benefit of" someone else, congratulations, you are probably a trustee.

Why does this matter?

Because trusteeship comes with a fiduciary duty. Fiduciary duty is a heavy burden. If it's applied to Brave it will create merry havoc: a pile of money that they cannot touch, under any circumstances. A pile of money that they must return, if it cannot be forwarded to the intended recipient. A pile of money that cannot be mixed with anything else in any way. The requirement to put the interests of the beneficiary ahead of their own. And on and on.

It's an attempt to be clever at marketing, to create an incentive to sign up. But as a legal situation it's a swamp full of unstable turd grenades.

... of course, I am not a lawyer and this is not legal advice. Maybe Brave found a friendly jurisdiction or a quirk in trusts law that they can squeeze through. But given the history of startups wishing that law doesn't real, I kinda doubt it.

By way of disclaimer, I've watched this segment for years because I've sometimes intended to enter it myself on a similar-but-not-identical business model. But being aware of the concept of a trust, I've avoided this idea entirely and watched previous failed attempts (eg Readability) with great interest.

Bonus round: https://twitter.com/BrendanEich/status/1076198964607610880


1. Collects tokens from User A for the benefit of Website B

2. By design, loses track of who gave them which tokens

3. But somehow does not lose track of the tokens when it's time to put them into their own general ledger

4. Which they say they will do, mingling what are probably funds from constructive trusts into their own funds.

"Oh but it's OK!", comes the counterargument, "Our Terms of Service allow us to do this". The problem is that Terms of Service can say anything, you can sign a contract for anything, and still wind up as a trustee for a trust you created through your actions. And one thing that a trustee will be completely buggered by is appropriating trust assets for their own use. It's the kind of thing that the legal system enthusiastically tries to convert into glowing craters.

This whole scene is going to be extensively carpet bombed with popcorn, as a legal situation it is shaping up as disaster heaped high on hilarity.

Again: I am not a lawyer, but in Brave's position I would be looking for some.

Edit: title was changed, I am not Tom Scott

I am not too familiar with how Brave and BAT (Brave Attention Token), so please chime in. Here's how Brave describes the BAT YouTube donations system: https://basicattentiontoken.org/brave-expands-basic-attentio...

From my understanding, users of the Brave Browser select which YouTubers to donate to, but they don't know whether the channels have opted in to receive donations? What does Brave do with unclaimed donations? Someone pointed out this concern in an earlier submission: https://news.ycombinator.com/item?id=15730661

Furthermore, OP said that they might not be following GDPR due to collection of YouTuber data (to assign donations). IANAL, anyone know how compliant this is?

This is so weird, I keep meaning to check out the brave browser but knowing it's tied into cryptocoin nonsense drops my interest level to zero.

I agree, this is a terrible look for the company. They need to apologize, suspend the service and be honest with users about how this works, before announcing a reboot.

That being said, I've been using Brave on Android since early 2017, and it's been great. I don't think the BAT stuff is in the mobile version, but I did see it on the desktop Windows version recently.

I work at Brave. Tips to un-verified publishers sit in escrow for the creator to claim.

IANAL but GDPR refers to personal data collected from users. The only "Youtuber data" being "used" here is publicly gettable data from the Youtuber's channel.

I quote your own terms of service:

For each Publisher URL receiving votes during a Calculation Period that is not a Brave Publisher by the end of that Calculation Period, the BAT corresponding to its votes will not be distributed at the end of that Calculation Period, and will instead be held in an Uphold omnibus wallet for no less than ninety (90) days thereafter. At that time, the undistributed BAT may be sent to Company’s user growth pool, which is a pool of BAT that Company administers to incentivize use of the Platform [..] Publisher Contributions will be calculated solely based on our accounting. Solely as a cost-recovery measure, we may allocate a certain amount of BAT contributed by Brave Contributors each Calculation Period toward our reasonable expenses incurred in facilitating Publisher Contributions. (https://basicattentiontoken.org/contributor-terms-of-service... section 4 "contributions")

Sounds very much like "we can redirect this from escrow if we want to".

Sounds very clearly like "scam" as well!

To be fair, it's entirely possible they're not actually making use of that, or only in very limited circumstances, and it's less "how can we trick people" and more "we didn't really think about what that looks like, because we know we are the good guys", and given their anonymous design they need some out if they don't want to be stuck responsible for funds for eternity. If it's the latter, they're now finding out that especially in combination with the deceptive UI it really looks bad.

And even without the clause, if they truly held it in escrow forever, taking money unasked without a way of returning it, is still a bad thing. Given this isn't the first "support creators" app doing this and getting publicly shamed for it, I have no idea how that went through.

That's a pretty accurate read on things. We've never actually recycled any funds and also hadn't considered that many creators would interpret our UI/UX as "solicitation" vs. "letting a user do a thing they want to do in our browser."

In any event, the confusion is our fault and we're working on updating the UI and language to be clear based on all the feedback we've gotten.

How about instead you shut this off and rebuild it to be explicitly opt-in only?

Or, better for you personally: how about you hand in your resignation and retain an attorney?

Here's the thing: people who get away with this type of thing (sorry, "exciting and new crowdfunding option for creators", or whatever y'all prefer to call it) tend to get away with it only for as long as the targets of their "fundraising" are small-time creators who don't have the resources to pursue action against it. But sooner or later, even if only by accident, Brave's going to impersonate (sorry, "offer exciting crowdfunding options on behalf of") some entity that has resources, including lawyers, and it's going to end badly.

When that happens, a possible outcome is that they will suddenly "discover" all your statements on their behalf in this thread, and that's when it will end badly for you. Oh, that wasn't our position at all, oh, he wasn't authorized to speak like that on our behalf, oh, that's definitely not what we intended, we'll take action immediately to remedy that! The absolute best outcome of that for you is you get fired for cause. The worst outcomes involve you becoming the target of multiple legal actions.

I'm not an attorney and I'm not giving you legal advice. I will give you sincere personal advice: resign, hire an attorney. Find another job working somewhere that poses less of a threat to you.

As to why people will come after you, let me count the ways:

I know people who blog or create YouTube videos or whatever and are very careful not to monetize, because they're disabled and can't work but still need something to fill their days. But disability benefits are means-tested and income streams are constantly investigated. If a benefits agency decides that your scheme is providing income to a disabled person, congratulations! You just cut off their income, and they probably never even knew you existed. That's bad.

I have worked with several open-source projects that rely heavily on donations to keep going. They all have prominent things on their websites directing people where to go to donate, but you'd like to hijack that and instead send people to something the project doesn't know about and may not be able to collect on (especially given how often you flush the "donations" and how many hoops it seems people have to jump through, which many commenters have identified as something that makes them think this is a scam). Congratulations, you just took resources away from the project. And, for projects which use nonprofit foundations to manage fundraising, you just created tax issues -- what happens when the taxman doesn't believe the "we didn't know about them raising money for us" story?

And round and round and round we go. You're going to be hurting those people to make money. If you have a moral compass, it should be pointing heavily toward getting the hell out of there, as soon as you can.

Plus, crypto in general is in weird legal space to begin with. Lots of people can't afford to have you dealing in potentially unregistered securities in their names and without their knowledge or consent. In the US that could easily lead to federal felonies for them, because of what you did.

So, look. I've seen this pattern again and again and again. What Brave is doing is not a new idea. It's widely, roundly, solidly despised, both because it's an unwarranted intrusion on other people and because it creates such nebulous but frightening potential consequences for them. I've also been waiting for one of these crypto "fundraising" operations to finally go far enough that someone (either an entity with good lawyers, or a regulator) bothers to turn them into a smoking hole in the ground as an example to others. Maybe that's the ultimate fate of Brave; if it is, I won't shed any tears.

You make a lot of great arguments against business practices we have no intention of pursuing. We shipped some poorly-considered UI, got a bunch of deserved flack for it, and are pushing up fixes swiftly (tomorrow). You can read about them here: https://brave.com/rewards-update/

Thanks for your passion for creators and for those of modest means and with disabilities. The internet is awesome in part because it's a place where everyone and anyone can contribute.

Everyone will be sued. That much is certain. However, executing machine learning in the browser to protect privacy is a step forward.

Is this why they moved from using Bitcoin to their own BAT token?

Tom Scott did not explicitly sign up for this service. Brave is not even telling users that Tom Scott is not signed up, and Brave has no automated way of contacting him to let him know that someone donated. The system is engineered to move the money towards Brave, with neither the benefactor nor the beneficiary being aware of that. How is that ethical?

I was interested in Brave after hearing it mentioned here a fair bit, for innovating new ways for creators to get paid... after this story though? Knowing they effectively scam users out of money under the pretense of it really being the creator? That's fraud as far as I'm concerned (maybe not legally, but to me it's a con, and scummy).

Interest has dropped to 0, and they go to my shitlist with all the other crytpo-scam stuff prevalent these days.

Edit: Now that I've seen the screenshots of just how blatantly Brave pretends the creator has a profile and actively set this up, this is absolutely fraud. From further down in the comments of OPs original link: https://twitter.com/ummjackson/status/1076221401353207808

We agree the UI in that screenshot tells the wrong story. It doesn't represent what we're trying to do so we're shipping a bunch of changes tomorrow that we hope will fix things: https://brave.com/rewards-update/

We'd love another shot at winning your interest. Thanks for caring about finding new ways to get creators paid.

I don't want to muddle into the legal discussion, but I would like to add that I've been a happy Brave user for several months and have never felt any misunderstanding about where my tips are going. It is very clear to me who is a -verified- publisher and who isn't one. It was also made clear to me that unverified publishers were getting their tips stored in escrow as a carrot to entice them to enroll. Since I obviously like this model as a Brave user, I am also pleased with this approach.

I'm kind of confused as to why everyone here is up in arms. The UI denotes whether a publisher is verified or not. I never believed that Brave was trying to mislead me to where my donations were going. This feels like a simple misunderstanding.

Can you show screenshots of that? What do the prompts from https://twitter.com/ummjackson/status/1076221401353207808 look like for a verified publisher?


It has a pretty obvious mark under the name if they are verified.

Maybe instead there should be a big red "X" or something if they _aren't_ verified

As an outsider I agree, and I think that would have headed off a lot of the complaints.

That said, I did ask the few people I know that have been using BAT. All three of them knew that there was a chance their tip wouldn't be received if it wasn't a verified user. So, from actual users, putting actual money into it, they understood how it worked.

Two of them specifically would only tip to verified accounts. The third said he saw it as an incentive to get the creators to join the platform, though he's also the most vocal and evangelistic about BAT.

Just to kinda follow up, this is exactly what Brave has added.

It has a grayed out message and a link to learn more about what happens to unclaimed funds: http://se.ri0.us/2018-12-23-170628027-eb454.png

Thanks for sharing the screenshots!

We're shipping a bunch of fixes tomorrow that will (we hope) dramatically improve this: https://brave.com/rewards-update/

This... doesn't seem like much of an improvement?

"Not yet verified" would, I think, imply to many people that they will in the natural course of things be verified, and perhaps even that they've asked to be verified.

It would be better to say "Bla is not a user and will not get the money you donate now, and quite possibly not ever", or similar wording. Or just (and this is, er, the obvious approach) not allow this at all for people who haven't asked for it.

This was not our intent. We're shipping a bunch of changes tomorrow that we hope fix this: https://brave.com/rewards-update/

> IANAL but GDPR refers to personal data collected from users.

No, it addresses the collection and processing of personal data no matter where it is collected from.

> The only "Youtuber data" being "used" here is publicly gettable data from the Youtuber's channel.

Which is personal data that YouTube has collected or created associated with services they are providing to the user. They are responsible for their collection and use of it, but that doesn't authorize third-party collection and use of it under the GDPR. Particularly, the GDPR definition of personal data subject to the rules it imposes does not exclude information which is “publicly gettable” from some other party than the subject.

Search on this page for the word "fraud". Here's what I'd do in your position: remove anything on the internet which personally identifies you as an employee of your company. Nobody knows what is going to happen next, but be prepared for it.

There is zero chance an employee is going to get in trouble because a browser company they worked for collected funds in an escrow account to be released in the event that an intended recipient signs up.

There is a non-zero chance that a company in legal trouble will suddenly decide an employee wasn't authorized to speak on their behalf and so clearly misrepresent their perfectly legal and honest intentions, and throw that employee under a bus.

Best thing to avoid that, as I said in another comment, is to quit and get a lawyer.

Might want to hold off until we see what legal discovery turns up in chat logs, emails, etc

Incidentally, a reminder: pre-emptively destroying records under the apprehension that you might be served with a lawsuit is A Bad Idea.

I would think twice about hiring someone if their previous place of work was a scam company, at least because it tells me something about that person's ethical compass.

He calls himself VC, so he may be more liable than you think.


In that case, get your lawyer to google “passing off”. Just because a photo is publically gettable doesn’t mean you have carte blanche to do what the hell you want with it.

Every escrow I've ever come across had the agreement of both parties. This one does not.

Brave is a web browser that takes your money and claims to pay out to your favorite websites and content creators, but in most cases actually pays into a "user growth pool" that funds pyramid-shaped marketing (paying users to use the browser) and referral programs for partner content creators. How is that not fraud?

> How is that not fraud?

The answer appears to be "technically", and "sue if you think you're big enough".

I would be interested in suing them if they have a page up for me. How do I tell if they do?

We're shipping changes tomorrow that will fix the problems with these overlays to make it clear unverified creators are not part of Brave Rewards and won't be receiving tips directly. You can read about them here: https://brave.com/rewards-update/

We don't publish pages for creators at all. We did ship bad UI in our browser that didn't make it clear to opted in users that non-verified creators like yourself aren't part of Brave Rewards.

We're pushing up fixes tomorrow that (we hope) make it a lot clearer: https://brave.com/rewards-update/

(Sidenote: Thank you for the Hedge Maze puzzles in the Keep. They were a gaming highlight for me last year.)

Is it okay if I tip you some BATs?

Fraud is a criminal offense. It needs a prosecutor, not a plaintiff.

In the US legal system there are both criminal and civil forms of fraud. A plaintiff can sue for fraud in civil court, seeking damages or specific performance.

Really? In Europe, if an offense has both civil and criminal forms, criminal courts are authorised for both forms of said offense, difference lying in procedure instead.

Yes really. I doubt that applies to all countries in Europe. The UK legal system is similar to the American one.

US criminal courts can order defendants convicted of fraud to pay restitution to their victims.

Well, I guess the core question is whether their users understand the mechanism they are participating in when they pay their contribution. I don't see the problem of letting their users participate in such a mechanism as long as there is transparency about how it works and that the contribution system has some pretty significant limitations.

We don't do that and don't aim to do that. We shipped some bad UI, got a bunch of flack for it, and are hustling to get it fixed and improved. You can read about what we're doing here: https://brave.com/rewards-update/

Thanks for caring about this being done in a respectful, thoughtful way. We'll keep trying to do better.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact