Hacker News new | past | comments | ask | show | jobs | submit login
Wikipedia Is Now a Brave Verified Publisher (brave.com)
281 points by yagodragon 46 days ago | hide | past | web | favorite | 357 comments

We signed up for Brave's setup at PortableApps.com after a few users asked about it. They hold your last 90 days in escrow, so you can find out how successful it is once you sign up. We were looking at around 10 cents a day for a bit under a million monthly users for that timeframe over the summer. And we can't even access it since Brave only works with one crypto provider and they aren't licensed in New York. The process was also pretty buggy and the magic link email login was clunky/kinda broken.


> 10 cents a day for a bit under a million monthly users

To clarify, do you mean a million monthly Brave users? Or just a million monthly users in general? 10 cents a day might actually be a lot if you were only getting one or two Brave users a month.

Users in general. We can't track Brave users because it blocks Google Analytics.

Not being able to track users is literally the main feature of Brave, so I'm not surprised it's difficult. It's as it should be.

I don't think the person you're replying to was saying they were surprised or expressing any opinion on whether they should be able to or not - they just said they can't.

sure you can. easily done with basic server side tracking by parsing the User-Agent header. you should be logging this any way in some kind of access log.

Their User-Agent is indistinguishable from Chrome, on purpose so I don't think you can just rely on that

Well, if it's Chrome and is untrackable, then it's Brave, easy.

That is not how that works. What about actual Chrome with ad blockers then? What about other browsers pretending to be Chrome? There are add-ons that allow you to randomise your user agent, etc, etc.

Does Chrome consult with ad blockers when it reports user activity to google?

That’s a feature for me as a user.

>We can't track Brave users because it blocks Google Analytics.

Isn't it possible to somehow look at user agents and do a raw count with some JS?

This should be possible by monitoring server logs with something like GoAccess

Brave uses the Chrome User Agent.

Uphold is working hard to acquire the bitlicense for New York. They shared on Twitter earlier this month that they hope to have this resolved soon.

It's worth noting that Creators also have a referral program whereby $5 in BAT can be earned for each user brought to the Brave platform. brave.com/refer

Thank you for your incredible patience and participation. We hope to see positive developments on the bitlicense front soon. Please do let us know if there is ever anything we can do for you in the interim.

Thanks for the details jonathan, but the referral program is a bad fit for PortableApps.com. Brave isn't interested in our standardized portable software format (download, install, auto-update, and manage hundreds of real apps in one system using an open format and open source tools). And the browser's 'portable mode' itself isn't actually portable. In fairness, though, all Chrome-ish browsers are broken portably.

Are there any plans to get rid of uphold on the publisher side and allow external wallets? It was a huge turn off to me when I signed up.

We need a regulated entity to do directed (tips, recurring), user-anonymous, off-chain transactions, and to comply with OFAC and other hard regulations. We can't do it ourselves. Wallet is the least of the issue, even if the publisher were willing to take BAT.

Our future phase (Apollo) blockchain work will move more txns on-chain but not solve all regulatory problems. No blockchain can do that unless you are using p2p directly, and then on the current big chains you don't have anonymity or low fees. This may change, we're working on it.

Please do not require people to submit their government ID in order to withdraw their tokens, after you inserted yourself in the donation flow of creators by offering to accept donations on their part from a priviledged UI.

We use platforms which do not ask for our ID, and we would prefer if you would not reduce the probability of Brave users donating to us because they think those BAT tokens will reach us.

Yes, unverified creators are marked as such, but a donation call in the browser UI is a powerful default, more so than the donation service preferred by the creator, which can only be shown as a web page.

> Please do not require people to submit their goverment ID in order to withdraw their tokens

Not verifying ID almost certainly causes a violation of American, British and European anti-money laundering code.

Disclaimer: I am not a lawyer. This is not legal advice.

So blockchain.com is breaking the law by not asking all their customers to upload their government ID and a selfie in order to withdraw the crypto they have received to a private wallet?

Blockchain.com's privacy policy states that, for anti-money laundering purposes, they'll collect:

> Passport and/or national driver’s license or government-issued identification card to verify your identity

(from https://www.blockchain.com/legal/privacy). That's consistent with every other exchange I've used.

Verification is only required to use their exchange, and not for withdrawing to a crypto wallet.

Brave would be able to offer BAT withdrawals for creators in a legally sound way.


AML laws aren't anywhere near as precise as most people expect. It basicly boils down to "if bad guys use your platform, and you can't trace them, you're gonna go to prison".

10 cents per day money laundering?

We inserted ourselves? Our users are not passive victims, they chose to send tokens, mostly ones they earned from opt-in ads we provide. Your framing is telling. Users who want to get an ad revenue share and donate anonymously do not need to KYC, note well.

If you want to send p2p on a big blockchain, knock yourself out. This will do nothing to support the publishers you can see at batgrowth.com (more all the time, see batgrowth_bot on Twitter). It's a fine thing to do when you are sure of the destination address, and willing to fingerprint yourself on-chain. We never "insert ourselves" there -- no one can. That is the beauty of it. But it doesn't solve all problems.

Thanks for sharing your real world experience. For the sake of clarity, is that a million monthly figure for your entire site or for just Brave users? If the former, would you be willing to share the number or percentage of Brave users?

All users. We don't track brave users as they block Google analytics. The users who requested we participate thought it would be a good way to get 'free money' from Brave users like them that we were leaving on the table. That's definitely not the case.

Free money isn't free money?

Sure it's only a few bucks a month but look at that in terms of your user base. What are you going to assume your marketshare of Brave users is? For context consider the marketshare of Firefox is in the single digits. Brave is probably a fraction of that. If we assume Brave's popularity is 10% of that of Firefox, that'd give you an expected userbase of < 1% Brave users.

That'd be $3/month for, at most, 10k users. If your entire userbase was on brave that'd be $300/month for doing literally nothing. It's really quite a nice model.

Actually this also understates the profit per person for another reason. In Brave you have to opt in to the site rewards system. So you're likely not only seeing a fraction of your userbase paying you but a fraction of your Brave users.

If our entire userbase switched to Brave and we made $300 a month from them, I'd have to shut the site down.

Either way, it's really not worth the time and effort to set it up right now unless you're a huge site like wikipedia and you don't have any ad revenue to lose.

I do think it will be interesting what this does to donations to wikipedia. It would make sense, I think, that Brave users may donate less per user overall as they feel they are contributing by using Brave.

Here's an estimate, rough and from small-N sample size:



"Looks like 26 people donated 50.35BAT in 25 days. comScore has 100 page/day browsing average. Assume 1<=N<100 http://aternos.com pages per day for all 26 ppl & all unblock ads there: at most .65N x PageCPM <> 50.35 BAT or PageCPM <> 77.46BAT / N =~ $20/N. I believe BAT wins."

Again, disclaimers: rough, small-N, lots of other problems. We will do proper case studies as we can. But assuming we would max out at $300 to you is unjustified.

Thanks for that, Brendan. More data is always helpful, even when small-N like this. We're going to continue participating and monitoring it for PortableApps.com and see how things shake out. Also, the login page caching and editor issues seem resolved over the last few months so I updated my post in our forums.

The median donation to Wiki is, of course, $0. By giving anything users would be giving infinitely more than the regular user.

It'd be quite interesting to know what your aggregate CPM is. One way you could probably determine brave users is by contrasting raw user agents against your analytics data. The discrepancy there is going to be some mixture of Brave and those running other things that also block analytics like uBlock. But it should at least you give you a very rough ballpark CPM that's probably going to be much more reliable than e.g. a survey.

One other important figure that Brave could probably roughly answer (but also probably won't) would be what percent of Brave users opt in ads.

We do share numbers, working to get up from the 40% opt-in we had on desktop now that we've got ads on Android (iOS to-do). The opt-in is mid-teens right now, I think -- we will drive it up cleanly via telling users about it and rewarding them for joining.

To clarify a couple things since I never expected this to be a top comment... the visitor numbers were overall, we don't know how many monthly Brave users we have by design (Brave blocks Google Analytics and uses a Chrome user-agent). I could possibly come up with a way to specifically identify them anyway, but that kinda goes against what said user is trying to achieve by using Brave, so I don't want to do that. I do roughly calculate page loads that block Google Analytics server-side (anonymized) so we have a better idea of overall visitor numbers than GA alone provides.

Brave fixed a few of the complaints I had in the last few months with logins, header editing, and verifying with Uphold, so I've updated my linked forum post to reflect that.

I think it will be interesting to see how Brave's concept/tech will continue to evolve as it matures and has some traction.

It might interest you that Kraken recently started listing Brave's BAT as well:


I've been using Brave for almost a year and haven't been shown a single ad, I think it's only been a few months since the ads were enabled though. I wonder if the same happens for others.

Just to be clear you opted in to the program? Top right menu icon -> Brave Rewards.

By default no ads are shown.

Right, as soon as ads became enabled on mobile I made sure to opt in.

Any chance you'll do this with Coil.com next? Setup should be way way simpler and access the donations should be possible without any crypto at all.

We don't require the publisher to take crypto either. Why did you think we did?

Coil's Chrome extension is not doing well, I suspect in part because of Coil's absolutely terrible privacy policy.




Had to look it up, it looks like he put $1000 towards California's Proposition 8 (to un-legalize same-sex marriage). In March 2014, he was named as Mozilla's new CEO, but resigned 9 days later under fire. https://www.cnet.com/news/mystery-startup-from-ex-mozilla-ce...

Can't find anything on the origin of the company name, I assume that's just hyperbole.

s/hyperbole/projection, also a lie/.

Brave is named for its users, who have to stand up to the surveillance status quo, sometimes at a price in lowing their shields or otherwise tangling with anti-ad-blockers.

I really like what Brave is doing. I wish it was built on Firefox instead of Chromium. I just don't see myself leaving Firefox without major upheaval in the browser space.

Mozilla's focus is user's rights online and privacy. They have a track record doing that. Brave (AKA AdBuddy) is just another product, desperately looking for a revenue stream, notably believing contaminating all news regarding browser technology with its presence is the way to go.

The last thing the world needs is a predatory vendor trying to force itself somewhere it's not needed. Its non existing market share is the proof.

I think he meant build on Gecko/Servo not Blink.

Whatever Mozilla's focus is when you load Firefox you experience the following:

1. On ESR first time it loads two pages load including

https://www.mozilla.org/en-GB/firefox/60.8.0/firstrun/ https://www.mozilla.org/en-US/privacy/firefox/

You then find first party cookies are set by Google Analytics

_ga GA1.2.1671101194.1567114471 _gat_UA-36116321-1 1 _gid GA1.2.377831647.1567114471

In the EU this would breach the ePrivacy Directive - as there is neither consent or information supplied in advance. Privacy is not just about information captured about you, but about privacy of what you have stored on your electronic devices.

Note: https://ico.org.uk/about-the-ico/news-and-events/news-and-bl... Myth 2: Analytics cookies are strictly necessary so we do not need consent

2. If you then type "privacy" into the address bar, it loads https://www.google.com/search?q=privacy&ie=utf-8&oe=utf-8&cl... directing users into the most privacy invasive service on the internet with no advance warning. I now have a wealth of Google cookies from their search domain, but there are also cookies set for DoubleClick and Adservices.

I'm now enrolled into surveillance capitalism and all I did was open Firefox for the first time, type "privacy" and press enter.

Mozilla talk a lot about privacy, but their products and websites don't live up to the privacy standards we need and if anything they're on the wrong side of the fence when it comes to acting on privacy - they still make things worse and not better; although it has to be acknowledged that they have improved a lot with the tracking protection features that have slowly been making their way into Firefox.

You might find this interesting to read https://twitter.com/jonathansampson/status/11658588961766604...

Relevant context:

1. Mozilla only enabled Google Analytics after signing a contract with Google that that data would not be fed into Google's models. There's no reason to believe Google would violate that legal agreement.

2. The Twitter thread you linked is by a Brave employee. It should be judged by the facts it shows, but is good context to keep in mind w.r.t. their presentation.

Are you at Mozilla? That contract was referenced in a bug long ago. I'm not sure it can be enforced, given how Google's revamped Analytics 360 works.

No I'm not. I'd imagine that a contract would be enforced by both parties respecting it, especially given that there's not that much to win for Google, and much to lose if, say, an employee would leak that it was being violated.

Let's see the contract and its term, if not hear from Google that it is in effect. Sorry, but reputable blockers block GA because it is now tied into Google's overall ads/data business and they say as much in touting it, in their privacy policy even with its carve-outs, and in others' experience with it.

For Mozilla to use GA instead of self-hosted Matomo is odd to me as a founder of mozilla.org (none are left at Mozilla now, FYI). We do the latter at Brave. Is it just for convenience?

You're right.

Do you have a better solution? I'm not asking to be glib, I actually want a browser that does a better job of protecting my privacy.

No solution, but I think we'll never find one if debate, about problems with web privacy, suggests Mozilla is the answer - until they put into actions their words, they shouldn't be seen as the way to go.

Whilst I have reservations about Brave, from a privacy standpoint they appear to be more trustworthy and some of the actions they are involved with, like complaints to regulators are far beyond anything we've seen of Mozilla - sure they may have corporate motives, but right now they appear to align far better with consumer privacy.

There are forks of Firefox that are trying to improve on delivery of privacy



I am not wholly comfortable using Brave because of its dependency on Chromium, too much of a dependency on a single web rendering engine reminds me of IE days.

I would suggest to anyone, install them both and more, you might love browsing the web in emacs (someone must) - if you find a website that doesn't work on Firefox and you need Chrome, then why not use Brave instead?

Personally I'm trying both, I also bought a Librem Laptop so I have PureBrowser too and I'm not afraid to throw some of my money and inconvenience at products that are better at protecting my privacy: for techies we can all do this with relative ease. For non-techies, which is where we really need the sea of change (and who are unlikely to read this), then we can advise them towards Apple's products and make them aware of products like Brave so it can be their "backup" browser if not their first choice - not perfect, but I'd prefer my family to browse using Safari, Firefox (with privacy settings I have to sit down and sort out for them) or Brave; than Chrome.

> Whilst I have reservations about Brave, from a privacy standpoint they appear to be more trustworthy and some of the actions they are involved with, like complaints to regulators are far beyond anything we've seen of Mozilla - sure they may have corporate motives, but right now they appear to align far better with consumer privacy.

There's a lot for me to think about in your post, and most of it I agree with, but I wanted to comment on this bit. While I agree that Firefox has made some very problematic decisions over the years, Brave is far worse in my opinion. My biggest 3 objections are here:


I can't find anything from you at that link.

Would you mind inlining your biggest 3 objections? Thanks.

It looks like my post fell off the front page, so the hashtag link doesn't work. :/ Copy-pasting my comment here:

Looking into this only briefly, it didn't take long to find a lot of very questionable decisions made by Brave:

1. They're positioning themselves as both an advertiser and a privacy advocate[1], which strikes me as more of a strategy for bootstrapping revenue than a trustworthy moral position. The entire point of crypto micropayments is to pay for content with crypto rather than attention/privacy. Why should I view Brave's ads rather than the other ads on the internet from advertisers who also claim their ads respect privacy? The fact that Brave has decided to get into bed with advertisers at all shows they're committed to profit, not to users: micropayments are just a way to diversify for Brave, which will quickly fall to the wayside if it fails to provide the revenue they want.

2. The entire concept of a Brave Verified Publisher stinks. It positions Brave as a censor. If this system takes off, then suddenly Brave has control over who gets paid for content on the internet, and can censor content they don't like. And this isn't hypothetical, they plan to do this: their TOS[2] explicitly contains a code of conduct which contains a long list of things they will terminate your account for: they promise to use their power as censors to enforce of US copyright/patent law and also a wide variety of subjective social norms. This also shows their commitment to being an advertiser rather than an application that serves users: if you're serving users then you let them pay for the content they want to pay for, but if you're serving advertisers, then you can't let advertisers brands be seen as supporting questionable content.

3. BAT based in Ethereum seems to be basically a way to ride the wave of cryptocurrency hype while still positioning themselves as a central authority/middleman. If they weren't trying to position themselves as a middleman, they would just make the micropayments in Ether directly, or better yet, in a cryptocurrency that doesn't have a history of forking the blockchain to fix an bug in a major users' contract[3]. If they weren't trying to ride cryptocurrency hype, they'd just allow micropayments via a much-simpler-and-more-reliable REST API or similar since they're already the central authority anyway.

I don't think we can trust Brave with our privacy or attention. I don't think we can trust Brave with the decision of who gets paid for content. I don't think we need Brave as a middleman to pay content publishers. I don't like the state of how content is paid for on the internet, but I don't think Brave is the solution.

It's disappointing to me that Wikipedia has decided to associate their name with Brave's. A big part of why I respect Wikipedia is their long-standing policy of keeping independent from advertisers, and it seems naive of them to have not realized that Brave is an advertiser. I can understand why Wikipedia has made this decision, but I still think it is a compromise of Wikipedia's values, and I hope they'll reverse their decision in the future.

[1] https://brave.com/brave-ads-waitlist/

[2] https://brave.com/terms-of-use/

[3] https://www.coindesk.com/ethereum-executes-blockchain-hard-f...

Too many words, I'll use fewer.

1. Ad spend last year was over $100M in the US alone, ~$300M globally. Heading toward $1T globally. Users subscribing or paying out of goodwill won't cover this if we block it all and corner the market. We are doing anonymous and private ads (also donations and subscriptions, note well), no conflict with user in data or revenue share. Read my comments here, e.g., https://news.ycombinator.com/item?id=20841558. For you to claim a conflict, you have to show we make more than the user, cheat the user, or somehow steal or leak data to our advantage.

2. We are in the middle phase of a multiyear roadmap, where the last phase will distribute domain verification to many oracles, if we can't bake it into validators on-chain. If you know of an existing blockchain solution, please lay it on us. Also for handling OFAC and other KYC regulations (where we use Uphold today). We cannot intermediate ad revshares, and no blockchain today can either. We do not censor, our test for domain ownership or channel control is objective. If you think we won't get on to phase 3 of our roadmap, fine -- but don't use your speculations as if they were facts.

3. Here is a chart from end of 2017 showing relative volatility. BAT was 2nd least volatile above USDT, we beat Bitcoin and Ether. But we also have other advantages via BAT, including our user growth pool. If you discount that then you are arguing we should find a billionaire to replace it with Ether out of the grace of his or her charity. Who might that person be? Your argument here is cheap unless it's you.


I don't find these to be objections based on reason so much as misunderstandings or hostile speculations that we will fail. You aren't required to agree with us, we're not imposing any system on you. If you don't like BAT, just use Brave with its default settings. If you don't like Brave, there are lots of other browsers. If you have rational arguments against any bug or design flaw in our intentional work to replace surveillance with privacy tech for donating and advertising, I'm all ears.

$100B of course, my B key turned into an M key lol.

1. If you're saying that it's impossible to make money without accepting money from funders whose motivations conflict with users', that just means that a for-profit organization is not the way to build a browser that serves users.

A "conflict of interest" doesn't necessarily imply that you've done anything wrong yet, it merely says that the incentives are strongly in favor of you doing something wrong. In my experience, that means that when the cards are on the table you will do the wrong thing, not because you're a bad person or anything, but because you don't want to give up your funding and business.

It may just be that making a lot of money and serving users are fundamentally incompatible. And anyone who actually wants to prioritize serving users over making a lot of money needs to at least be open to that possibility. I really hope they aren't incompatible, for both your sake and mine--I'd like to be rich as much as anyone.

2. This is a non-reason. Domain ownership is already verified by certificate authorities, and there's no reason anyone should trust your centralized authority more than CAs centralized authority. In the very best case, where you do exactly what you're claiming you're going to do and allow other oracles, you've pointlessly reinvented CAs. But you haven't gotten there yet, so right now it just looks like you've created a CA system where you're the only CA, which is objectively worse.

If you want a blockchain solution, fixing the bugs in Namecoin[1] would be a start, although admittedly that technology has yet to play out in practice. It's possible a similar system could be implemented on top of BAT. The difficulty here is that you'd be reinventing the DNS system in tandem.

Let's be clear here, your TOS says you can censor people based on subjective criteria.[2] So if you claim "we do not censor", why don't you say that where it's legally binding?

3. So if you're arguing volatility is the issue, why didn't you just use USD? If you needed funding--again, that's your problem, not one users care about. You don't get a free pass on technology decisions that harm users just because they helped you get funding.

I am genuinely sad that corporations have proven themselves untrustworthy so many times that I can't trust you. As I've said elsewhere, you seem like a decent person with good intentions.

[1] https://www.namecoin.org/

[2] "As a condition of use, you promise not to use the Service for any purpose that is prohibited by the Terms of Use. For purposes of the Terms of Use, the term “Content” includes, without limitation, any information, data, text, photographs, videos, software, scripts, graphics, and interactive features generated, provided, or otherwise made accessible on or through the Service. By way of example, and not as a limitation, you shall not (and shall not permit any third party to) take any action (including contributing any Content) that: would constitute a violation of any applicable law, rule or regulation; infringes any intellectual property or other right of any other person or entity; is threatening, abusive, harassing, defamatory, libelous, deceptive, fraudulent, invasive of another’s privacy, tortious, obscene, offensive, or profane; constitutes unauthorized or unsolicited advertising, junk or bulk e-mail; contains software viruses or any other similar computer codes, files, or programs; or impersonates any person or entity." -- quoted from https://brave.com/terms-of-use/ , note that later it says, "Brave may terminate your access to all or any part of the Service at any time if you fail to comply with these Terms of Use, which may result in the forfeiture and destruction of all information associated with your account."

I will be brief, as replies growing ever longer is a bad condition. Also I do not want to argue about imponderables.

I’m aware of Namecoin, whose Wikipedia page says

“A 2015 study found that of the 120,000 domain names registered on Namecoin, only 28 were in use.[12]

Onename co-founder Muneeb Ali on 12 September 2015 at the Blockstack Summit 2015 stated that the Namecoin network is not decentralized and the mining group Discus Fish controls 60-70% of its hashing power.”

I was at the 2015 Blockstack Summit and can vouch.

I already noted we will distribute if not decentralize publishers verification. Namecoin can’t do YouTube or other UGC accounts, as we do. Handshake might pan out for domains, we are in touch. In our current Gemini phase we have to comply with laws, but we won’t kick out or unverify a site or channel based on legal content it hosts. Our rep would be trashed if we did.

This may be where we part company. I’m well aware of conflicts of interest and the difference between intentions and outcomes from Mozilla and prior experience. Brave nevertheless has put its reputation at stake, with open source and incremental work to decentralize as much as possible. We may fail for lots of reasons, but going bad and trying to steal from our users is highly unlikely. It would be quickly defeated. This is by design.

We were never really likely to reach any agreement, so I'm fine with parting ways as amicably as is possible given that we disagree so fundamentally. I really do wish you the best; I hope I'm wrong and that you succeed in a way that's good for users.

I have a collective solution but not an individual solution: pressure Mozilla to change.

This is the direction I'm currently on.

They might need an Apple-like "courage" moment, and replace Google with DuckDuckGo or Startpage as their default search service.

Come to think of it, I would expect the same move from Apple as well, on Safari.

That would kill their primary revenue source. I agree, it needs to be done. Hopefully the new Mozilla CEO will figure out a way to do it.

Safari/DDG user here. Presumably Firefox could load the search results into a container that throws away all the cookies after the search is done. Doesn’t it work like that for FB?

Presumably, the real problem is that this would be against Google’s terms of the agreement between google and. moz, but - at least technically - there is no reason to throw away access to google if that’s seen to be a desirable default.

Of course - I’m guessing that google is gonna add its own tracking variables to URLs, so any search result returned by google really is going to be suspect regardless of what we do.

GNU Icecat?

The downvotes you are receiving for pointing out facts illustrates the cesspool of Firefox hypocrisy that hacker news has become.

Honestly typing "privacy" into a UI that is designed to act as a search field for Google, and blaming that on Mozilla somehow, that's a stretch. What's next? Typing "which company faked the moon landing" and WOW you're redirect to Google! It must have been them.

It's nothing but opinionated. You can't honestly call this a "fact" and go on to claim that HN is hypocritical. That's... is there a word for hypocrisy about hypocrisy?

(The first point made is not even that bad, it's just that quagmire following it which dilutes the whole thing)

If Mozilla wanted to respect privacy the "UI that is designed to act as a search field for Google" could be a "UI that is designed to act as a search field for DuckDuckGo", it wasn't that long ago it was a search field for Yahoo. What's notable here is that Google is the default and in doing so is endorsed and recommended by Mozilla for its users.

So the fact here is that Mozilla made that choice to be in bed with Google.

The sad irony is Chrome on Android will insist on asking users for the default search engine choice (in the EU at least https://www.techspot.com/news/81273-google-android-users-eur... ).

Maybe think about it another way. Imagine Greenpeace defaulted to offering to book supporters private planes to get to every protest. It is this nature of extreme distance from organisational values that Mozilla is expressing when it defaults to Google search.

Let's completely neglect in those "facts" that Google offers the best search engine and that people want to use it

Brave defaults to Google in most countries, but we get paid $0 for it. We also disable auto-suggestions based on key by key tracking to Google as you type your search term, leaving it as an option some users choose to enable.

This isn't that hard (except for doing without the big bucks, which is hard: Brave is building up small revenue to large, not profitable yet -- again, we pay the user >= what we make, 70% of gross revenue for user-private ads, 15% for publisher partnered ads [not yet launched]).

I'm saddened that Google is the default. I hope Brave asks users in the future, but understand there are probably a few different goals being juggled whilst Brave grows.

I think that ship has pretty much sailed, but in either case that has nothing to do with Firefox's decision. If they wanted to use Google, for whatever reason, they could do so while supporting user privacy by piping it through e.g. Startpage.

They just want the Google $$$, privacy be damned.

I won't violate any NDA still binding me to Mozilla by agreeing that the default search deal in Mozilla is and historically has been done for funding the company. If they wanted to switch, they could -- but it would hurt financially, big time. That could imperil the project as a whole. It would definitely limit salaries at the top.

What happens when you turn on chrome or brave ?


You've been downvoted, but your words deserve a reply. Profit motive does not go away in a "non-profit" (Mozilla Corp is the for-profit subsidiary of Mozilla Foundation; top salary last seen [2017] was $2.3M+). It takes innumeracy or worse to miss that Mozilla depends for its profits (to pay such salaries and bonuses) mainly on the Google search deal.

In my opinion, this conflict of interest between users and Mozilla's search revenue share held back tracking protection in Firefox over the years.

Meanwhile Brave has a transparent rate card, where we pay the user 70% of the gross revenue for user-private ads, and 15% for publisher ads (not yet deployed; the publisher makes 70% and we take same as the user). So we get <= what users get, and will fail if our users don't like the private/anonymous ad model enough to opt in at sufficient scale that we can cover our costs.

Good luck pressuring Mozilla to cut its top exec's pay from seven figures. Your words are empty.


Mozilla says I was not fired: https://blog.mozilla.org/blog/2014/04/05/faq-on-ceo-resignat.... Are they lying?

On “racist”, you are wrong. But you seem to have trouble with the truth, so I will stop here.

“ I wish it was built on Firefox instead of Chromium. “

I commented in another thread. This is one area where Mozilla has failed. It should have been the goto engine for projects like Electron or Brave or even MS Edge instead of Chromium. But the last time I looked Mozilla was not very friendly towards developers who want to use their engine.

Everyone is also switching to headless chrome for automated testing since it's faster than Gecko.

I don’t know if FF has changed in this regard but it takes a long time to get rid of a perception of poor performance and this should have been their first priority long ago (which seems to be the case with their Rust work and GeckoView/mobile preview browser). In addition to how far they were behind Chrome security wise for so long, such as isolated tabs.

But I agree, this should have been Mozilla's niche that they owned. Owning the early adopters is critical to mainstream success IMO. We're the ones that regular people listen to when making tech choices.

They still don't have isolated per-domain render processes... That means if I exploit any renderer, I can take all your cookies for online banking and your webmail.

Presumably they don't want to split their Google funding.

(Brave employee here)

Curious: what are some of the shortfalls you see in Chromium?

Before I joined Brave, the desktop browser was originally using Gecko (from Firefox). Ultimately, there were some problems and the decision was made to move to Chromium. On iOS, Brave is forked from Firefox though

You can check out more detail on Reddit where folks asked why FF was not used (which has links to more detailed info): https://www.reddit.com/r/BATProject/comments/9jpqde/brave_br...

>Curious: what are some of the shortfalls you see in Chromium?

That it's a Google-controlled project. Seriously, that's it. I have no reason to believe Google has my best interest at heart.

Don't turn that around and say "Oh, you think Mozilla is looking out for you?" because I don't. I just trust Google less.

This is kind of silly. When you copy open source code, it doesn't give any magic access to the people who wrote it. If there is anything wrong with it, it has to appear on the source code somewhere.

The question you should be asking is whether you trust Brave to vet the source code and remove anything that seems like a problem.

It isn't silly. How about I don't trust either one of them?

Brave is (and you are) saying I should trust Brave because they're going to rip out Google's tracking and insert their own instead. No thank you. I'll stick with Firefox and whatever chicanery Mozilla is up to.

If you don't trust Brave, how would that be any better if they were using Firefox as the base for their browser over Chromium?


It’s just confusing because then your original comment is a non-sequitur, not particularly relevant to the context of the discussion about trusting Brave on FF vs Brave on Chromium, because, as you say, if you don’t trust Brave then the base doesn’t matter.

There isn’t any whataboutism in the post you are replying to.

No, you didn't go back to my original post, which said I don't trust Google. My apology was about the language I used.

I still don't understand why you would prefer if Brave was based on Firefox instead of Chrome. One of your comments sounds like you're worried about Brave inserting tracking. Brave could do that regardless of what it's based on.

No, we rip out Google's tracking and insert nothing.

Brave Ads are opt-in and client-based. There is no server side tracking of users or data in the clear. I can say more on how all this works, but I will pause here. Search for "catalog" elsewhere to find another comment explaining it a bit more.

Absolutely not silly. By shipping a Chromium-based browser they weaken Gecko and Firefox. A real risk is that we are left with Blink and Webkit being the only two engines. That makes it easier for Google to use their influence to push for standard changes that benefit them (see: DRM).

The team has been capturing deviations from Chromium on a wiki page here: https://github.com/brave/brave-browser/wiki/Deviations-from-...

The page goes over (high level) how the project is built and links to patches where functionality was disabled or modified (ex: proxied, etc)

It's not silly. Google 100% controls upstream chromium, and they can afford to make decisions about it in a vacuum.

So what? Brave does not have to incorporate every decision from upstream.

They would be screwed if google decided to actively cut off downstream chromium projects by making breaking code changes, licensing changes, etc.

Many browsers would be screwed, and Google would for some of the code be in breach of the open source licenses governing the file or library. It's not likely for that and for many other reasons, but who knows? Anyway by the time Google went this evil, we'd hope to be big enough to do our own engine.

IMO just because it's open source doesn't mean it's safe.

I would trust a closed source project that has been thoroughly and extensively vetted by a third-party auditor I trust far more than an open source project that has no audit for me to reference.

As I am not a professional security auditor, my ability to understand the minutiae of developer decisions (intentional and unintentional) in some multi-million-LOC project is basically a limit approaching zero. My looking at the source code to give myself a false sense of security would only increase my risk, IMO.

It's like a restaurant tells you "yeah we have a clean kitchen, you can go take a quick look yourself!" and it's like, do you know to check that water and disinfectant buckets can't be within x feet of each other? To temp every fridge and warmer to ensure no danger zones? To monitor glove usage and hair net usage? And a thousand other things?

Being open source basically means that a nice auditor could do some audit work for free to help the community, but that's about it from my perspective.

Unless some of you are actively code reviewing the entirety of Chromium prior to launching any build of it ???

Can you give an example of a closed-source project you trust because it has been audited by a third party?

Just about all certificate authorities are trusted by billions of people a day to encrypt their data. Almost all of CAs are privately held companies, the only way they are trusted is by being audited by a third party. For info about the inclusion process see https://www.ccadb.org/ and https://wiki.mozilla.org/CA/Information_Checklist

LetsEncrypt is an example of a non-profit open source based CA.

The deGoogle movement has been gaining steam ever since the ad-block announcement, and I'm a 100% behind it

Which happened after Brave launched.

Okay, but it's not like Brave couldn't have seen that coming. It doesn't take a genius to see that a browser run by one of the world's largest advertisers is going to prioritize advertisers over users.

I’m just speaking from personal experience as someone who defended Chromium for quite a long time and finally hitting my peak. I’m sure I’m not alone.

I'm curious - how are the two related? What's the significance of the fact that Brave launched, _and then_ Google changing the extension API in a way that affects ad blockers?

The argument against using Chromium has increased significantly with that move.

Before you could argue that the open source Chromium was largely immune to Google's various small bad behaviours, but when they make such a large close-minded move, at a certain point you can't keep supporting the platform as a whole when they are so hostile to the open internet. Even if it's indirect support.

Also, it can't be ignore that Firefox's recent move towards parity with Chrome has played a big role in giving people the option to even switch.

> On iOS, Brave is forked from Firefox

You mean the platform that specifically disallows competing browser engines, making Firefox just a shell over a Safari-enabled web view and that can't even access Safari's content blockers? The only Firefox that's not running a Firefox engine under the hood? That Firefox?

Given you're a developer for Brave, it's not possible for you to not know this, therefore your statement is misleading at best.

The pitfalls of Chromium are obvious... it gives Google the power to impose on the market whatever engine feature they want, they are the ones defining the web standards and there's nothing Brave can do about it because Brave does not have the capacity to maintain a full fork, or to fight for web standards, just like it doesn't have the capacity to build a browser without piggybacking on somebody else.

Don't get me wrong, nowadays even Microsoft admitted total defeat, but then Brave should recognize its total dependence on Google and its continued goodwill.

(iOS engineer at Brave here) All iOS browsers are based on webkit. WKWebView, which is what we use, does have full access to content blockers. This is how we do ad-blocking, HTTPSE upgrades, and script blocking.

You're right - all browsers on iOS (as far as I know, including Chrome) are wrappers around Safari. I didn't mean to imply Brave on iOS was based on Gecko, simply that it was originally forked from Firefox on iOS

We do have upstream contributions to Chromium. Nowhere near as many as Microsoft (we may only have a few), but we do try to contribute back when possible

> Brave should recognize its total dependence on Google and its continued goodwill

What do you mean? Brave is based on Chromium, which is open source. Google can't stop people from using it.

(Disclosure: I work for Google)

Google is the dictator of what gets accepted into Chromium and what does not. That's how open source development works -- even if the code is available to everyone, its maintainers control its future.

Regardless of how Chromium is run [1] Brave is still in a position to make their browser work however they want. They can choose what Chromium features to enable, and take the code any direction they want.

[1] Your categorization doesn't match what I've seen. Microsoft has been driving substantial changes as Edge moves onto it.

More significantly, (as far as I know) there is not much open discussion about Chromium’s goals or roadmap. The reduction of Adblock blacklists in Chromium was announced, there wasn’t some public mailing list where a flame war began over it.

Not OP, but I'd imagine that it is Brave seems to be a browser that advocates for the user (and presumably in the future, publishers too with the pay thing). As such, the ideals seem more aligned with Firefox than Chrome (and by extension, Chromium).

Basically, you guys are in a weird space where your decisions aren't looked at purely from a technical lens, but also an ideological one.

Welcome to current year.

But don't let browsers pretend to be neutral runtimes for the terrible third party scripts on which surveillance advertising depends. They are not neutral. The big-4 browsers in the west apart from Apple are partly or fully captured by $100B ad businesses.

We are all in a weird space. Best to fight back at the endpoint with the right browser. Could be Safari, Firefox, or Chrome with opt outs and uBO and other defenses (but risks remain in Chrome especially), if you are not game for Brave.

Not saying you guys are wrong, just saying where it seems you get blowback for what another vendor doing more or less the same thing wouldn’t even register as a talking point. Not saying it’s fair, but it seems people hold you to something of a righteous/ideological expectation that Google et al can’t meet so they don’t even complain of it there.

In my mind, considering the push you’re making, you’d validate that vanilla chromium meets the requirements to achieve said push. If it didn’t, it’d be a non-starter and you’d have went a different route (leveraging aspects of Firefox’s stack maybe if, again, it met requirements).

The monopoly google has over the web standard is probably the biggest issue.

Multi-account containers have become Firefox's killer feature that will keep me from switching. They are super handy for separating work accounts, managing my kids accounts, etc. while never having to worry about logging out of my primary accounts.

being firefox on iOS is somewhat irrelevant to the rendering engine discussion tho, because iOS is forcing webkit on all its browsers, firefox is just a chrome around webkit.

Easy. Google has a lot of influence over Chromium development.

Presumably they also have a veto, at least, on Firefox development as they're paying handsomely for it?

Mozilla project would dissolve before they let google tell them how to make their browser

They're paying to let FF make Google it's default search provider

Yes, and you think Google will keep paying regardless of how they develop? If there's not review system in place then Google must be extremely poor at negotiating contracts and conducting business relationships. Similarly Mozilla probably would be reckless to not even know that a change would cause their primary source of income (100s of millions $USD) to stop.

Any idea when Brave will support password sync across machines / devices? It's a bit of a limitation right now.

agreed, everytime i am in the settings and elsewhere i realize i'm using chrome and hate myself for a moment

Brave being based off chrome is actually great and your comment illustrates that. If it is based on FF, it will cut into FF market share which is already shrinking. Now, it cuts into Chrome which means two privacy focused browser instead of one.

What? It’s a separate browser, it cuts into the market share of whatever the user was using before.

It cuts into market share regardless. Why would market share changes matter for browser engine?

IIRC it was actually originally Firefox. I wonder what exactly made them switch?

This is correct. Note that both of our founders are from the Firefox team originally. Our CTO, Brian Bondy, originally built the first Brave prototype on the Gecko engine. Unfortunately, after much testing, it was clear that a modified Chromium would be the better route forward. You can imagine this was not a decision taken lightly, as both of these individuals have lived and breathed Gecko/Mozilla for years prior.

It doesn’t speak for Mozilla that even with these people Chromium turned out to be the better option.

Mozilla has been admitting that Gecko is a huge drag since around the time they decided to break the extension model.

Actually, they have said so for much longer. The fact they started writing a completely new engine (Servo) in early 2012 was in itself an admission of defeat -- so many "embeddable Gecko" projects have been started and killed, over the years, that the only way forward is to replace with something new.

>lived and breathed Gecko/Mozilla for years prior

but they don't anymore ? So if someone lives and breathes policeman life and then becomes a drug dealer, is it just like buying drugs from a policeman ?

Would the story be different with Quantum now?

No, the decision was based on a spreadsheet with many items concerned with web compatibility, HTML5 DRM plugin free-as-in-beer, extension support, etc.

Chromium without Google tracking is dominant, this is just a fact (it will change some day; not soon). The best way to counter this is not to die on the wrong hill (engine wars) right now -- it is to go a level up and fight for privacy and user sovereignty where Google cannot defend: blocking all tracking, paying users 70% of user private ad revenue.

> No, the decision was based on a spreadsheet with many items concerned with web compatibility, HTML5 DRM plugin free-as-in-beer, extension support, etc.

This is a spreadsheet I'd be interested to see. Was this compiled before or after Firefox supported WebExtensions?

This was in late 2015, but WebExtensions support in Firefox is never complete vs. Chrome, and you are ignoring DRM and all the other junk (gmeet screen sharing extension! ChromeCast! the list goes on... Chrome is the new IE, but at least most is open source or free as in beer).

> or free as in beer

IE was also free as in beer.

"Fighting for privacy" and third-party ads do not belong in the same sentence.

You are correct. That’s why it’s not in the sentence. Brave blocks third party ads by default.

Lotta green handles fibbing about us here.

We don't do third party ads. We block third party tracking which takes out third party and most first party ads. We also block fingerprinting, cryptomining, and other threats.

> We don't do third party ads.

Are the ads hosted by the websites your users visit? If not, they're third-party ads, with you being that third party.

> Lotta green handles fibbing about us here.

Oh don't worry, I'd make the exact same comment from my other (non-green, thousands of karma) profile, I just like to occasionally switch aliases.

The contract-based party numbering, first and third remain in common vocabulary, does not distinguish the browser or user as zeroth party. Putting tags on a page that cause tracking ads to run from unrelated businesses and their servers is the only useful “third party ad” definition here. Browser-based ads that use anonymity tech are a different category.

If you insist on a reductionistic definition that rules out anything other than a static ad on the same site as the publisher, you will get stuck trying to improve the Web and how it is funded. I understand objecting to all ads other than static images that click through into same origin forms, or whatever, but that won’t pay the bills for most publishers.

While I don’t like Brave, from what I’ve read the ads are decided on locally, so no information is sent to the advertiser. Again, this is what I’ve heard.

Yes, perfect. I absolutely want to download ALL ads instead of NO ads.

With all due respect, that isn't how the solution works. Users must first opt-in to Brave Ads. Once they do, they download a regional catalog. This is a text document, compressed down to about 3 MB in size. Your machine (via on-board machine-learning) studies this for relevancy. When a relevant ad is found, you are given 70% of the revenue, and a notification is displayed on your operating system. You have control from the start, even over the frequency of ads you'll see within an hour.

Why would anybody be interested in this? Content that depends on ad revenu especially written for it, is not worth consumption. The idea of solving a non existing problem is the problem with AdBuddy (AKA Brave). The way to go is ad and tracking blockers and let advertisers find a way to get to users without exploiting their ignorance. I don’t care and don’t need to build a relationship or accommodate a publisher. This is not what the internet of for.

If anything i see it as the revenge to chrome

I'm a publisher relying on ad revenue, and I hate Brave. It's not because it blocks my ads (I also contribute to an ad blocker list myself), but because Brave can swap my ads with its own. This is theft!

Brave is similar to Opera. It's not a mainstream browser, and they also want to make money. Dipping into publisher revenue and using some broken BAT crypto currency to reward publishers is not the way to do it. The currency itself is mostly useless and unstable, plus you will be making peanuts compared to even the lowest CPM country in AdSense.

What we need is an ad provider that provides a meaningful experience to advertisers and non-invasive ads to publishers. An entirely context-based, tracking-less, controlled (iframed and sandboxed).

A browser is a user-agent and it should stay that way. I like certain things Brave is doing (such as proxying Google Safe Browsing API requests), but for all this BAT nonsense, I would still stick with Mozilla.

> What we need is an ad provider that provides a meaningful experience to advertisers and non-invasive ads to publishers

That's like saying "all we need is some honest and wise politicians and some smart non-corrupt government officials". Excellent idea, too bad nobody figured out how to get some and have them stay that way. Until we find a magic way to do it, we should assume the way it is now is the one we'd have to deal with, and deal with it in ways that are available presently, not imaginary.

Tracking is the worst part of ad-tech. Ads can be annoying or entertaining, marketers will keep making them. Brave's opt-in ads use no tracking, match ads locally based on data generated in any browser, kept in cleartext only on your device. Matching is against a catalog that's the same for all users in a large population who speak the same language. Confirmation of views/clicks uses a protocol based on privacy pass (Chaum blind signature cryptography).

The problem with tracking ad-tech is the sum of the massive conflicts of interest it creates: advertiser vs. user vs. intermediary vs. publisher. Brave aligns with users first by paying them 70% of the user ad revenue, with publishers who partner with us who get 70% while the user gets 15% (so 1/ we pay 70% to owner of ad slot; 2/ we always pay user >= what we take). We then help users support creators, anonymously and easily, not only website publishers but especially youtubers and others. See https://batgrowth.com/ and sign up -- we pay $5USD in BAT per new 30+ day user you refer. https://brave.com/refer

By aligning with users first, we are confident great creators will do well as their users support them with automated contributions, pinned subscriptions, and tips. Who loses? The ad-tech intermediaries we block. You already give your data to your browser. Don't let it be a blind slave of the middlemen. They are not needed.

Update: we are paying more than $5USD in some regions now. Today we sent a new rate card to affiliates, ranging from $7.50 down to $1 (BAT equivalent). This is to close arbitrage gaps in different regions. We'll update at most quarterly.

> but because Brave can swap my ads with its own. This is theft!

AFAIK this is not true. To get in-page ads, you (the page owner) have to opt-in and will be paid over 60% of the profit.

70% not 60.

Of course, we do not replace ads without publishers as paid partners. That would be wrong, also legally unsound whether you think it wrong or not. Thanks for pointing this out.

> Brave can swap my ads with its own. This is theft!

If true, this should be at the top. Brave should be sued into the ground for doing this.

I'm fine with ad blocking, but this is outright larceny.

I don't want to be uncivil and call you a liar, but can you explain why what you are saying about the ad replacement is true?

Brendan Eich has repeatedly said that they do not replace ads: https://news.ycombinator.com/item?id=20831627

For what it's worth, I find Brendan's position on homosexuality to be on the wrong side of history and on the wrong side of faithfulness (I do not intend to put words in his mouth, but this comment feels like a strong acceptance that he has feelings or opinions about gay people that are hard to rationally, and intelligently defend) [0]

I want to make it clear I have no stake in protecting Brendan or Brave (I work for an analytics company!), but parroting bullshit you heard, or misrepresenting a company that affects your business is not taking the high ground even when the thing you are shitting on is led by a person whose position many people find despicable.

[0] Brendan Eich says, "As for homophobe, I reject your definition. Call me what you want there" // https://news.ycombinator.com/item?id=20792783

What shows bad faith here is you taking my rejection of a loaded word as me being irrational. Mobs of activists including some green handles and longtime HN users would love to drive me out of a job. I am not here to explain an alternative point of view to you. Get to know people with whom you do not share all superficial or even deep beliefs. I am here for hacker news about Brave.

Thanks for calling out parroting bullshit based on personal dislike or animus. But FWIW, I don’t see evidence of Ayesh doing that. Peace.

Yep, you are right and I do regret this back-handed defense to some extent, thanks for engaging despite my bad faith.

You've been doing a great job of defending Brave, I wish you didn't have to, especially to the HN crowd.

I had never read the Brave ad model before.

They want to display ads while respecting user privacy, which is nice from a user point of view, but do advertisers actually want that rather than being able to target 35-40 years old in Ohio that are using shaving products twice a week ?

Brave developer here. Great question! Brave Ads are entirely opt-in, and work via on-device machine-learning. The machine-learning bits study your browsing habits in a private, non-leaky manner.

Once a day, your device downloads an aggregate catalog of many ad options to be studied locally. If/when an ad is found that fits your interests (as inferred by your browsing habits), the ad is displayed as an OS notification and 70% of the ad revenue is deposited into your in-situ wallet.

So on the topic of targeting, Brave is able to deliver a better experience for Advertisers and Users, without the need to leak user information across the Web. The on-device ML bits learn about their user over time, delivering a better experience with maturity.

I hope that helps!

I would never opt-in to ads even if there was some upside. That's like asking if I'd like to see billboards on a beautiful drive through Colorado and in return you'll throw some change in my center console. I'll just take the beautiful drive and you can keep the cash.

> The machine-learning bits study your browsing habits in a private, non-leaky manner.

I think everyone's been around the internet long enough to know that nothing is private forever and everything has leaks. Relevant: https://twitter.com/briankrebs/status/1045091640480804864

Your beautiful drive through Colorado requires quite a bit of maintenance and financial support. Somebody has to pay for that. With Brave, Advertisers can pay for it (without getting hold of your data) by way of users. Alternatively, you may choose to "fund the roads" yourself by depositing your own tokens into Brave's wallet—that too is possible.

Brave aims to sustain the roads that grant you access to that scenery. For some users, they are able to pay a bit out of pocket (depositing their own tokens). For others, they can take advantage of a private advertising system that finds relevant ads, while paying the user 70%. This allows users to passively support the roads, if you will.

Unlike billboards down the side of the highway (which, I agree, aren't pleasant to see), only the users who wish to see ads are shown ads. And they always determine how many are shown (which is not the case with billboards). Brave Ads are tuned over time, too. As a user engages the app, the ads will become more and more relevant (unlike billboards). All that said, the default experience is (and will remain) an ad-free experience.

To your Krebs citation, he is absolutely correct. Give your data to somebody, and it's likely they'll lose it, leak it, or sell it. That's why Brave avoids your data as best we can. Brave Ads takes place _on your machine_, where your data naturally lives. You don't entrust us or anybody else with it.

I hope this helps!

You are supremely lost. If you carry the analogy, you're saying the billboards destroying my view through Colorado are somehow paying for my roads. Well, actually taxes pay for my roads. And no, viewing ad's on Brave does not somehow make my internet better or faster. It just clutters the experience.

The only thing that will opt into this crap are the selenium bots I write to farm some Brave cash or whatever you're calling it, until I realize that the AWS fees are more than the Brave cash I'm getting and shut them off for good.

> If you carry the analogy, you're saying the billboards destroying my view through Colorado are somehow paying for my roads. Well, actually taxes pay for my roads.

You are entirely misinterpreting the Brave engineer's good faith argument. The argument wasn't that billboards somehow pay for roads. You introduced that analogy, and the reply showed where your anology falls apart. The argument was that unlike roads, most websites aren't funded by taxes and won't be for the foreseeable future. The engineer also points out some ways Brave ads are different from billboards: they are opt-in, they are personalized, they give you useful tokens for your attention, etc.

It's impossible to ignore that every major browser is subsidized by either user tracking or OS sales. Even the privacy focused Firefox, which I use and love, is funded almost completely by Google ads.

And lastly, one great thing about Brave is it's completely (besides maybe Widevine, which isn't their fault) FOSS, so you are free to fork it and remove the Brave ads functionality. In fact it's probably not even hard to write a script to do it automatically. But no one has successfully funded large scale browser development while being FOSS and not relying on ads.

Also, I know people who would opt-in, though I wouldn't myself.

Let's break down what the the rep from Brave said... I don't think I misinterpreted anything.

> Your beautiful drive through Colorado requires quite a bit of maintenance and financial support.

Roads cost money.

> Somebody has to pay for that.

Someone has to pay for the roads.

> With Brave, Advertisers can pay for it (without getting hold of your data) by way of users. ... Brave aims to sustain the roads that grant you access to that scenery.

Ad's (billboards) can pay for a great browser experience (the roads)...

So, therefore I said: Billboards don't pay for roads, taxes do. I get that the analogy isn't 1:1. However, stating that is an easy way to demonstrate that Brave doesn't have a market. Just like I don't need billboards to pay for my roads, I don't need ad's to pay for my browser experience. Firefox is open-source, and adblock exists. Come off it.

If you use Firefox, ads pay for your browser experience. It's just one extra level of indirection (Advertiser -> Google -> Firefox vs. Advertiser -> Brave).

With regards to original argument, my impressions was you didn't assume good faith and respond to the strongest plausible interpretation of what the Brave developer said, as the Hacker News commenting guidelines suggest you do. Take that how you will.

>>Your beautiful drive through Colorado requires quite a bit of maintenance and financial support. Somebody has to pay for that. With Brave, Advertisers can pay for it (without getting hold of your data) by way of users. Alternatively, you may choose to "fund the roads" yourself by depositing your own tokens into Brave's wallet—that too is possible.

Well, a lot of internet was built by people who want to share for sharing sake. Then companies figured there was money and so they started lining up those highways. Now, people do not have a decent way of knowing which highways have no ads. The equivalent is that people do not have a search engine which will send me only to sites which have no ads. Google has been spammed to death for every imaginable keyword. Every recommendation engine only shows based on eye balls.

If all these ad supported publishers die, we would have a much better internet where we can read genuine content, not some marketing based stuff. Hint: Look at the non ad supported Hacker news!

The people who built the internet for sharing sake are still there, and still ad free.

How's that better than just installing adblock?

Define “adblock” please. I hope you mean something good like uBlock Origin and not bigger share extensions that take fees from Google and others to whitelist ads.

Yes, a proper adblocker. Why would someone who's savvy enough to know about and use Brave not just install an adblocker?

We have nearly 7M users, we get people who are fooled by the "adblock" word in extension stores.

> I would never opt-in to ads even if there was some upside. That's like asking if I'd like to see billboards on a beautiful drive through Colorado and in return you'll throw some change in my center console. I'll just take the beautiful drive and you can keep the cash.

This, and the fact that Brave has decided to get in bed with advertisers at all seriously undermines their credibility.

Only if you assume we enable tracking for Brave Ads. But we do not. Please look deeper, otherwise you're just writing false stuff based on assumptions.

No, nothing in my post is false. I knew how your ad model works when I wrote that post. You're in bed with advertisers because you're taking money from them and providing them a service.

Look, I don't have anything against you personally. I'm sure you're a good, kind person with pure intentions. But tracking or not, advertising is not the way to fund a browser that serves users. You'll always be beholden to advertisers for your cash flow, and you're always going to be making choices between prioritizing users or prioritizing your income. Sometimes the choices will seem minor and it won't be clear which direction to go, and you'll compromise and the focus on users will be eroded. And at some point the choice might be between screwing over users and shutting the doors of your company due to lack of funding or something else. Historically, some people have chosen users[1] but most have chosen to stay open.

I hope you prove me wrong, I really do. But you'll excuse my skepticism at this point.

[1] https://en.wikipedia.org/wiki/Lavabit

You did not justify “in bed with” or even define it usefully. My reply said we don’t track, and if you know about us, you also know we give the larger revenue share to the user. And ads are opt in per user, so “in bed with” better fits our relationship with our users.

Any browser requires high trust, but most of the bigs have not stopped tracking, as they have been built or coopted by ad companies. Who is in bed with whom?

On Lavabit, you are changing the threat model from ad businesses to national security agencies, but I will play along. Read https://brendaneich.com/2014/01/trust-but-verify/ and think it through. If we tried cheating our users to help advertisers somehow, we would be found out and roasted into a crisp on all media by our lead users.

> You did not justify “in bed with” or even define it usefully. My reply said we don’t track, and if you know about us, you also know we give the larger revenue share to the user. And ads are opt in per user, so “in bed with” better fits our relationship with our users.

You said in your other post to me:

"Ad spend last year was over $100M in the US alone, ~$300M globally. Heading toward $1T globally. Users subscribing or paying out of goodwill won't cover this if we block it all and corner the market."

So you're saying that most of your funding comes from advertisers, not from users. By the design of your business model you've chosen to be more in bed with advertisers than with users.

What I quoted also implies that you had to do that, because you couldn't get the funding you wanted otherwise. But I'm saying you never have to do anything. You chose this business model, not because it served users, but because it makes you money. I'm sure your intentions are good, that you think that having that money will allow you to serve users. But I'm saying that conflicts of interest this fundamental rarely play out as intended.

> Any browser requires high trust, but most of the bigs have not stopped tracking, as they have been built or coopted by ad companies. Who is in bed with whom?

This is a perfect solution fallacy. I totally agree that there's no major browser that hasn't been coopted by advertisers to some extent (except maybe GNU Icecat). This is a big criticism I have of Mozilla, for example, but at least they admit there's a problem and try to take steps to prevent it--although I'll reiterate: they're not enough as far as I am concerned. So far, in this thread, you have yet to even admit that there is a problem, which means you can't possibly take steps to mitigate it.

> This is a perfect solution fallacy.

No Sir -- not from me, anywhere in anything I ever wrote. Browsers are imperfect. For one thing they have 0days.

Brave is imperfect too.

Before we correspond more, please tell me how you took my big-picture realpolitik point about western ad powers acquiring or otherwise getting control over 3 of 4 top browsers as having anything to do with perfect vs. good?

It's pointing at other browsers and saying, "Look, they're not perfect either, so it's okay for Brave to not be perfect". Sure, that's true, but it's no excuse for Brave not aiming for perfection.

I never said that either. Don’t put words in my mouth.

I said 3 of 4 top browsers are owned by or almost wholly dependent for revenue on huge ad businesses. That matters. You can see it in Apple’s ITP and prior third party cookie blocker, in Safari from 2003. Apple is not dependent on ads that need tracking.

Okay, yes, it does matter that 3 of the 4 top browsers are dependent on ads for revenue. Where I'm confused is why you think that this is a defense of Brave, which is also dependent on ads for revenue.

Because as I diagrammed repeatedly, the problem is not “ads” as ritually impure funding model, but tracking. Safari and Brave block tracking. Edge and Firefox are late to this party and not yet blocking hard by default.

It is not ads but tracking which creates perverse conflicts and hazards, including regulatory and ‘browsers as blind ad tech runtimes’ capture.

With regards to your link, that's very well-written and I agree with almost everything you said in that link. This is particularly important to remember:

"The unfortunate consequence is that software vendors — including browser vendors — must not be blindly trusted. Not because such vendors don’t want to protect user privacy. Rather, because a law might force vendors to secretly violate their own principles and do things they don’t want to do."

And that doesn't just apply to the NSA forcing you to backdoor your own software under threat of arrest. It also applies to major sources of funding forcing you to backdoor your own software under threat of defunding you.

I want a browser made by people who would shut down their business rather than compromise users. And so far in this conversation, it doesn't even sound like you've considered that possibility or believe it could happen, so how can we trust that you'd do that?

I would shut down Brave rather than backdoor our open source. Can you imagine? Note: I'd do this on moral grounds, but even if I were some kind of toady to the state, I'm not stupid. The back door would be discovered and I'd be strictly worse off then. It wouldn't pay for the state actor, either.

Thanks for chiming in.

So from the FAQ : https://brave.com/faq/#all-ads-blocked

> Each ad request is anonymous, and exposes only a small subset of the user’s preferences and intent signals to prevent “fingerprinting” the user by a possibly unique set of tags.

It means that advertisers still get some feedback on the "intent signals" of the users that have seen their ads ? So it is private in the sense you cannot be uniquely identified but some of your intents are somewhat leaky ?

Not quite, I think that FAQ item needs to be updated. The model works like this:

The user opts-in to Brave Rewards/Ads. This kicks off a machine-learning model that begins to study the user's habits and interests.

On a daily basis, the user downloads a regional ad catalog (as to other Brave users in their region). This catalog contains numerous ad options, which your device studies for relevance.

If/when your device identifies an ad within the catalog that might be of interest to you, it displays the ad as an OS notification. At this time, 70% of the ad revenue is deposited into your in-situ wallet.

At this point, the user has made absolutely no contact with an advertiser. If the user chooses to click on the ad, it is opened in its own tab in the Brave Browser. This tab, like all others, is subject to Brave's default security/privacy settings. No third party trackers, etc.

The advertiser will know that you are interested in their product/service, because you clicked the ad. But no other information about you is given to them; only what can be inferred from standard first-party browsing online.

Brave aims to keep your data private, and on-device. It is never leaked to us, or anybody else. You are sovereign over your data, and you decide with whom it is shared. That's our goal, always.

> At this time, 70% of the ad revenue is deposited into your in-situ wallet.

Brave needs to know when and which ad has been shown to the user, to deposit that ad's revenue right? That means whenever an ad is shown "locally", it still needs to contact Brave server with user's identity behind of some encryption. Brave then shows the proof of ads being presented to users to ad provider to get revenue.

Sure, the user's interests are studied locally (and inefficiently because it runs on user's computer), but the result feeds back to Brave. How does that improve privacy?

At some point, Brave may either leak the data accidentally or decide to sell the data, because the data, which capture each uniquely identifiable user's interests, is valuable.

Or am I misunderstanding something here?

We use a variant of privacy pass (Chaum blind signatures):


The key is no user identifiable events and no ability to link events for a given user together. Advertisers want authentic aggregate results — they don’t want (at first or in bulk, also not legal in many places) user ids. We built an authentic but anonymous ad system.

Man, just copy and paste that answer into the FAQ as is. Nailed it.

Thanks that's very clear and helpful.

Does the viewing of an ad leak data? Eg, if they know my IP viewed an ad, and they were targeting males 15-25, wouldn't that leak the data? Are there systems in place to prevent this sort of data leak as well?

So it has to download every possible ad (to mask my identity/preference)?

Catalogs are regional, so you aren't downloading every possible ad. You're downloading a ~3MB or so file that has ads for your region. Others in your region download the same catalog, which prevents fingerprinting.

When do you build a digital assistant/agent that works on a similar model.

I would even volunteer some data for off machine I could choose which data goes. Aka speech data for training an agent.

How do you prevent ad fraud while respecting privacy?

We don't rely on extension and/or DOM APIs like other approaches—we're the browser. It's much harder to fool the browser. Additionally, because our models are built on client-side operations, analysis on the client can be done without the need to leak any data from the user's session. That's about as much as I'm happy to discuss. Fraud prevention is one of the few opaque areas in our project, for good reason. I hope that helps!

So fraud prevention is closed source? How is that fair?

There are two acceptable ad models for me:

Paying, if it goes [almost] entirely to the publisher, not to see them

Not paying anything to anyone, and still not seeing them (ad blocking)

Brave ads are targeted through on-device matching. I'm not sure how well this will scale tho. Described in "Relevance" here: https://brave.com/brave-ads-launch/

Correct. Once a user opts-in, machine-learning bits on the user's device take over and begin to study browsing habits and interests. These ML bits then decide what types of ads are likely to be of interest to the user.

What are your scaling concerns? I'd love to hear more!

I would assume that once a lot of advertisers are on the platform the ad catalogue can quickly grow to the size of GBs, which would be unfeasible to hold on smartphones.

The catalog contains edge-cached URLs and metadata for the ads. The size remains small, as we're not compressing down images, rich media, video or other assets in the catalog.

(I work at Brave, and am on the team bringing the ad platform to market)

Could you clarify a tiny bit? I’m not sure I follow. If you are not including images or video in the ads, does that mean that you are downloading them at view time from somewhere, or that the ads have no images or video?

Also, what are edge cached urls?

Ads first appear as OS notifications on your desktop. This notification displays plain-text content from the regional ad catalog. You get 70% of the ad revenue at this point.

If you click the notification, Brave opens a tab in the Brave browser and navigates to the advertisement location. At this point, the ad can load images, video, etc.

Important to note, however, that ad pages are not given any special treatment in the Brave browser. They are subject to the same privacy/security restrictions on all other pages. Third parties are severely limited, if not entirely prevented from engaging in the session.

Catalogs are regional, and reflect only active campaigns. So far, the file hovers around 3 MB when compressed. We are able to optimize size even further, as needed. It will always remain small enough to be downloaded easily.

They'd probably prefer targeted advertising, but if they have to choose between too many or too few people seeing their ad, they'd probably pick too many.

Generally speaking, Advertisers aim to get better value for their buck, so to speak. In the early days of online advertising, it was not uncommon to pay for impressions that may or may not be set before the eyes of a relevant audience. Around 2009 the process of Real-Time Bidding was created, and advertisers began to get better value, but at the expense of an unethical auction process that took place for each ad-slot on a page.

With Brave Ads, advertisers know that they're reaching a party that is interested (Brave Ads are opt-in). Advertisers know that attrition of value due to fraud and middle-men is reduced in our model. Users know that they don't have to sacrifice privacy or security to participate, and that on-device machine-learning progressively delivers a better experience over time.

BAT token is tradable on exchanges, and price floats and is unstable. Donation receivers need to worry about exchange rates risk - https://www.coingecko.com/en/coins/basic-attention-token

How about USD or USD stable currencies for this?

Does BAT fluctuate that much?

Lately I see one of two things : 1. The market is up, BAT loses value because BTC sucks all the air out of the room with n00b investors. 2. The market is down, BAT loses value because BTC valuation scares off investors.

Otherwise, Brave/BAT team can announce features & partnerships all day long and the price literally never budges.

Exactly it. An ICO was done and it is openly traded, there is going to be fluctuation whether up/down it is still an FX risk for receivers of BAT. Until we see more goods and services payable with BAT, it will a problem

u can always exchange it for USD/USDT or sth , probably easy with a script even

Would it be possible to fork Brave and change it to use US Tether, Libra or some other stable coin?

Even better: fork it, create your own cryptocurrency like BAT, make ICO and become a millionaire!

There is no reason everybody to use BAT.

Not tether. Tether is super sketchy and potentially a scam.

BAT is Brave's own token that they did an ICO for so I doubt they would move to something else.

Does brave still suck up money from people even when the site owner hasn't set up brave payments?

I think the answer is "not anymore" based on what's in their FAQ.

> Publishers must verify ownership of their properties with Brave in order to receive contributions from Brave users. If a publisher has not verified ownership, then a user’s contributions will be held in reserve inside the browser for 90 days. The browser routinely updates an internal list of all verified publishers to determine whether a property can receive contributions. At the end of the 90 day period, any contributions marked for unverified publishers will be released back to the wallet. No funds leave the browser except to go to verified creators.

> Previous versions of the Brave desktop browser worked differently. Until version 0.58.21, released on January 11, 2019, browsers with Brave Rewards enabled would contribute BAT to content creators whether or not they had verified. Brave would then hold contributed funds for those publishers in escrow until they’d verified.


I'm glad to hear it

No, but they still haven't shown remorse for claiming those payments were held in escrow when in fact Brave held the payments, and planned to take them after 90 days. https://news.ycombinator.com/item?id=18736743

Your link doesn’t match your text. You say they “planned” to take funds but when I followed the link, I found a TOS that allowed them to take a portion of the funds, or redistribute all of the funds back to end users without taking any, and a post from a Brave employee saying they never took any for themselves

I see why you read it that way, but I can't read it so charitably after they claimed payments were held in escrow when they weren't.

I don't believe this program was live 90 days before the uproar, so I don't give much credit for them not taking the donations.

Ah, you're right, it's okay to take my money as long as you tell me you're going to take my money beforehand in a TOS that nobody reads. Caveat emptor!

So the money I thought that I had donated to a content creator goes to some random people instead and that's somehow okay?

And not just that, they’ve moved/are moving to a model of displaying their own ads instead, which are invariably for some scammy crypto-of-the-day which even FB and Google ban from their ad platforms

Sorry, I'm not sure what you're referring to. Brave has 2 ad-models (one still in the works). First, the User Model. In this model, user's must first opt-in to participate. If/when they do, advertisements are shown (at a user-controllable rate) as OS notifications. When a notification is shown, 70% of the revenue is deposited into the user's wallet.

The second model is the Publisher Model; this is in the works now. Under this model, Publishers will be able to opt-in the system as well, and have ads displayed on their pages. Under this model, publishers receive 70%, and the user receives 15%. But both models require consent before any ads are displayed.

They're saying that the quality of the ads shown are terrible.

The types of ads shown by early participants is skewed toward blockchain and security topics. For many users, this is not very interesting. But the inventory changes and diversifies with time. We're seeing this happen today, already. The machine-learning model within the browser will also adapt over time, getting smarter and more attuned to your interests and habits.

Quality will increase with Time and Inventory. We're seeing positive trends here, as more and more diverse advertisers are lining up to join the platform.

> some scammy crypto-of-the-day which even FB and Google ban

The comment you first replied to said that the ads were so bad and scammy that they shouldn't be shown to anyone, not that they were poorly targeted.

You're free to disagree with what they said, but it's weird to respond as if they'd said something else entirely that you already agree with.

he mentioned that they were crypto ads. Most crypto related companies are not scams, yet fb and google and reddit ban them to appease government officials. Frankly , with fb & google having monopolised the space its not surprising that brave is picking up their leftovers. There are not many ways to solve this chicken and egg problem

We'll see how long that lasts once the VC money runs out.

Blocking ads and displaying your own certainly is an "ad replacement" model though, and websites that don't want to participate have no choice.

Ads are being blocked, already, on hundreds of millions of devices. Brave users are usually former users of ad-blocking extensions in Chrome and Firefox. As such, these users were beyond the advertising system, far out of reach of Advertisers or Publishers. Brave changes this.

Brave brings security and privacy minded folks back into the system by offering a better deal for all parties. Users get paid without giving up data, Advertisers get better value for their spend. And Publishers don't have to weigh their sites down with third-party scripts to monetize content.

We're not doing ad replacement. We will not without publisher as partner. Anyone saying otherwise is repeating a falsehood.

That's simply false. They don't do ad replacement.

You have to volunteer yourself to receive ads and they come in like system notifications, not anywhere near the content.

thats a bit of semantics. if they block someone elses ads, and display their own ads they are still replacing what a persons attention is drawn to, even if it is an overlay instead of injected into the page. (its literally called an attention token, diverting attention to a new target.)

should they be allowed to create an ad driven piece of software? absolutely? but if that software is an ad blocking browser, its creating a new interesting gray area.

(Brave employee here) We block 3rd party ads and tracking, that collect user data, often without their knowledge or consent. Brave Ads are disabled by default, to ensure that no one sees ads that is not interested in viewing ads. This provides a benefit to advertisers as well, as they currently dump a lot of money into a dumpster fire, and are basically tasked with measuring how many of the pixels appeared on the screen for a certain amount of time. Brands don't know if people that viewed the ad were interested in advertising. People get shotgunned with ads. We're approaching this differently.

We've introduced advertising that is private by default, with a new approach to measuring and accounting for ad event confirmations through our ad confirmation protocol.

We have some information regarding the confirmation protocol here, for those interested. https://github.com/brave/brave-browser/wiki/Security-and-pri...

Aside from providing advertising that's private by default, our ad platform includes people in the process, by rewarding them for their attention (70% of the rev share for the ads viewed). People can then contribute those tokens to publishers and creators (like Wikipedia), or hold the tokens. In the future, people will be able to redeem tokens for gift cards, premium content, etc.

We'll be introducing additional ad units in the future for publishers, with a cleaner deal and better rev share than they currently receive (publishers will receive 70% of the revenue, people will receive 15%, Brave will receive 15%).

If we were just replacing publisher ads with other ads from the existing ad ecosystem, I'd understand and agree with the sentiment. That said, we're bringing new methods for ad delivery, accounting and matching to the market, all designed to function without leaking your information from your device. Hope this helps.

You don’t block third party ads; you block first party ads that the website depends on for revenue

We don't block 1st party ads. We block tracking tags including GPT/GTM, which will block some direct sold ads. We can with the publisher as partner fix this, but not by whitelisting tracking.

has it ever come up to run something similar to Opera's old community driven javascript site patch library/database?

I think it would be amazing to have a browser, that instead of just blocking ads, had a way for you to set "whatever the community thinks is best" and have the browser pull down the best stylish/tampermonkeyish patches for a site, or completely new css. (you would also have a drop down with "see other popular views, and "set this view as default for this site, along with the ability to rank/vote on which template applies best for that site.) Or the user could have an option on first run that asks "ideally what would sites look like" and then have it pull the most appropriate modification to match that template. A user could lean towards "let the site express its identity and clean it up a little bit" OR "strip it down to just the essentials" OR "just fix the bugs."

In an ideal world, I would prefer to use a browser that, by default, homogenizes as much of the layout of a site as possible, with a one click option to "see it how it was intended." I think reader modes go a little too far, because they destroy content layout and nav in the process of cleanup. It would be nice for some elements, like navigation to come through, but in a standardized way, so the menu bar at new york times and washington post render identically, but still let me bounce between their different verticals. RSS readers sort of accomplish that, but I would rather be able to also BROWSE the web. RSS readers clean up one layer deep, but in a hyperlinked world dont let you get very far.

Greaselion is coming up as I write this. Stay tuned.

I just visited https://techmeme.com/river in Brave and on the right you will their first party sponsored posts, alive and well.

The problem is more nuanced than "they block someone elses ads, and display their own," though. Modern digital ads (since their start in the early-mid 90s, have been about data collection. In 2009, online advertising was further adapted to include a process known as Real-Time Bidding, where users are auctioned off (usually in less than 100ms) for each ad-slot on each page they visit. The ad industry has been transforming more and more into a system of _surveillance capitalism_.

These changes to the digital advertising industry have driven mass adoption of ad and content blockers. In 2015, more than 500 million users were blocking trackers, and ads/content that relied on them. This protects user privacy and security, but hurts the sustainability of the Web we all know and love. Brave aims to deliver a fully developed solution.

Brave's model (which is predicated on user-consent, and privacy-by-default) seeks to fully-solve the aforementioned problems. We offer advertising without compromising user trust, and better value to advertisers/publishers during the process. Perhaps most importantly is that Brave Rewards brings disillusioned users who once ran ad and tracker blockers back into the fold.

I'm not defending the ad industry, the worst players have ruined it for everyone. It is 100% a safety hazard to surf the web without ad and javascript blocking. I absolutely support users having the choice of what programs to render on their devices, and being allowed to control what javascript executes when a page loads. If it breaks the site while your mucking with its local execution, thats on the user (although ideally all sites should have accessibility compatibility, and work as just plain text. 1st party ads would still work fine.) And although I find them annoying, paywalls and ad blocking detection are choices that publishers can choose to make.

Not at all. If you have contributions/tips earmarked for a property that is not verified, those rest in your wallet for up to 90 days. If, during that period, the property becomes verified, the tokens are transferred. Otherwise, after the 90-day period, the tokens are released back within the wallet to be used elsewhere.

Are the tokens released back to the original payer or a pool account?

Yes, BATs stay in your wallet until they become verified

I understan Wikipedia does not have ads, but other websites do.

In the early 2000s, toolbars that replaced a website's ads with different ads were considered malware. Instead of the website that bears the cost of delivering content getting the money, the browser is now getting the money.

How is Brave Browser different in this regard than those malware toolbars?

The only difference is that consumers have agreed to let the browser do this.

How do we know that all the consumers realize the browser is doing this? How do we know all consumers with those toolbars didn't know?

I imagine those consumers also "agree" to website Terms of Service that don't allow this.

I wonder if websites will fight back, closing accounts or doing more to stop people who use adblockers or Brave.

> I wonder if websites will fight back, closing accounts or doing more to stop people who use adblockers or Brave.

My personal belief is that websites are free to track users as much as they want, but users are free to respond however they want. If it becomes an arms race, so be it, but I think in the end the result will be adtech finally having to fix itself which is a very good thing.

Same here; I block ads. I am denying revenue to the website. What I am not doing, is giving a middleman that money instead.

My conscience is okay with ad-blocking. It is not okay with helping someone steal.

I don't block ads but I just tend to avoid abusive websites.

In Brave a user has to actively go to their settings and turn on ads. It's turned off by default.

I hope the default never flips.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact