No solution, but I think we'll never find one if debate, about problems with web privacy, suggests Mozilla is the answer - until they put into actions their words, they shouldn't be seen as the way to go.
Whilst I have reservations about Brave, from a privacy standpoint they appear to be more trustworthy and some of the actions they are involved with, like complaints to regulators are far beyond anything we've seen of Mozilla - sure they may have corporate motives, but right now they appear to align far better with consumer privacy.
There are forks of Firefox that are trying to improve on delivery of privacy
I am not wholly comfortable using Brave because of its dependency on Chromium, too much of a dependency on a single web rendering engine reminds me of IE days.
I would suggest to anyone, install them both and more, you might love browsing the web in emacs (someone must) - if you find a website that doesn't work on Firefox and you need Chrome, then why not use Brave instead?
Personally I'm trying both, I also bought a Librem Laptop so I have PureBrowser too and I'm not afraid to throw some of my money and inconvenience at products that are better at protecting my privacy: for techies we can all do this with relative ease. For non-techies, which is where we really need the sea of change (and who are unlikely to read this), then we can advise them towards Apple's products and make them aware of products like Brave so it can be their "backup" browser if not their first choice - not perfect, but I'd prefer my family to browse using Safari, Firefox (with privacy settings I have to sit down and sort out for them) or Brave; than Chrome.
> Whilst I have reservations about Brave, from a privacy standpoint they appear to be more trustworthy and some of the actions they are involved with, like complaints to regulators are far beyond anything we've seen of Mozilla - sure they may have corporate motives, but right now they appear to align far better with consumer privacy.
There's a lot for me to think about in your post, and most of it I agree with, but I wanted to comment on this bit. While I agree that Firefox has made some very problematic decisions over the years, Brave is far worse in my opinion. My biggest 3 objections are here:
It looks like my post fell off the front page, so the hashtag link doesn't work. :/ Copy-pasting my comment here:
Looking into this only briefly, it didn't take long to find a lot of very questionable decisions made by Brave:
1. They're positioning themselves as both an advertiser and a privacy advocate[1], which strikes me as more of a strategy for bootstrapping revenue than a trustworthy moral position. The entire point of crypto micropayments is to pay for content with crypto rather than attention/privacy. Why should I view Brave's ads rather than the other ads on the internet from advertisers who also claim their ads respect privacy? The fact that Brave has decided to get into bed with advertisers at all shows they're committed to profit, not to users: micropayments are just a way to diversify for Brave, which will quickly fall to the wayside if it fails to provide the revenue they want.
2. The entire concept of a Brave Verified Publisher stinks. It positions Brave as a censor. If this system takes off, then suddenly Brave has control over who gets paid for content on the internet, and can censor content they don't like. And this isn't hypothetical, they plan to do this: their TOS[2] explicitly contains a code of conduct which contains a long list of things they will terminate your account for: they promise to use their power as censors to enforce of US copyright/patent law and also a wide variety of subjective social norms. This also shows their commitment to being an advertiser rather than an application that serves users: if you're serving users then you let them pay for the content they want to pay for, but if you're serving advertisers, then you can't let advertisers brands be seen as supporting questionable content.
3. BAT based in Ethereum seems to be basically a way to ride the wave of cryptocurrency hype while still positioning themselves as a central authority/middleman. If they weren't trying to position themselves as a middleman, they would just make the micropayments in Ether directly, or better yet, in a cryptocurrency that doesn't have a history of forking the blockchain to fix an bug in a major users' contract[3]. If they weren't trying to ride cryptocurrency hype, they'd just allow micropayments via a much-simpler-and-more-reliable REST API or similar since they're already the central authority anyway.
I don't think we can trust Brave with our privacy or attention. I don't think we can trust Brave with the decision of who gets paid for content. I don't think we need Brave as a middleman to pay content publishers. I don't like the state of how content is paid for on the internet, but I don't think Brave is the solution.
It's disappointing to me that Wikipedia has decided to associate their name with Brave's. A big part of why I respect Wikipedia is their long-standing policy of keeping independent from advertisers, and it seems naive of them to have not realized that Brave is an advertiser. I can understand why Wikipedia has made this decision, but I still think it is a compromise of Wikipedia's values, and I hope they'll reverse their decision in the future.
1. Ad spend last year was over $100M in the US alone, ~$300M globally. Heading toward $1T globally. Users subscribing or paying out of goodwill won't cover this if we block it all and corner the market. We are doing anonymous and private ads (also donations and subscriptions, note well), no conflict with user in data or revenue share. Read my comments here, e.g., https://news.ycombinator.com/item?id=20841558. For you to claim a conflict, you have to show we make more than the user, cheat the user, or somehow steal or leak data to our advantage.
2. We are in the middle phase of a multiyear roadmap, where the last phase will distribute domain verification to many oracles, if we can't bake it into validators on-chain. If you know of an existing blockchain solution, please lay it on us. Also for handling OFAC and other KYC regulations (where we use Uphold today). We cannot intermediate ad revshares, and no blockchain today can either. We do not censor, our test for domain ownership or channel control is objective. If you think we won't get on to phase 3 of our roadmap, fine -- but don't use your speculations as if they were facts.
3. Here is a chart from end of 2017 showing relative volatility. BAT was 2nd least volatile above USDT, we beat Bitcoin and Ether. But we also have other advantages via BAT, including our user growth pool. If you discount that then you are arguing we should find a billionaire to replace it with Ether out of the grace of his or her charity. Who might that person be? Your argument here is cheap unless it's you.
I don't find these to be objections based on reason so much as misunderstandings or hostile speculations that we will fail. You aren't required to agree with us, we're not imposing any system on you. If you don't like BAT, just use Brave with its default settings. If you don't like Brave, there are lots of other browsers. If you have rational arguments against any bug or design flaw in our intentional work to replace surveillance with privacy tech for donating and advertising, I'm all ears.
1. If you're saying that it's impossible to make money without accepting money from funders whose motivations conflict with users', that just means that a for-profit organization is not the way to build a browser that serves users.
A "conflict of interest" doesn't necessarily imply that you've done anything wrong yet, it merely says that the incentives are strongly in favor of you doing something wrong. In my experience, that means that when the cards are on the table you will do the wrong thing, not because you're a bad person or anything, but because you don't want to give up your funding and business.
It may just be that making a lot of money and serving users are fundamentally incompatible. And anyone who actually wants to prioritize serving users over making a lot of money needs to at least be open to that possibility. I really hope they aren't incompatible, for both your sake and mine--I'd like to be rich as much as anyone.
2. This is a non-reason. Domain ownership is already verified by certificate authorities, and there's no reason anyone should trust your centralized authority more than CAs centralized authority. In the very best case, where you do exactly what you're claiming you're going to do and allow other oracles, you've pointlessly reinvented CAs. But you haven't gotten there yet, so right now it just looks like you've created a CA system where you're the only CA, which is objectively worse.
If you want a blockchain solution, fixing the bugs in Namecoin[1] would be a start, although admittedly that technology has yet to play out in practice. It's possible a similar system could be implemented on top of BAT. The difficulty here is that you'd be reinventing the DNS system in tandem.
Let's be clear here, your TOS says you can censor people based on subjective criteria.[2] So if you claim "we do not censor", why don't you say that where it's legally binding?
3. So if you're arguing volatility is the issue, why didn't you just use USD? If you needed funding--again, that's your problem, not one users care about. You don't get a free pass on technology decisions that harm users just because they helped you get funding.
I am genuinely sad that corporations have proven themselves untrustworthy so many times that I can't trust you. As I've said elsewhere, you seem like a decent person with good intentions.
[2] "As a condition of use, you promise not to use the Service for any purpose that is prohibited by the Terms of Use. For purposes of the Terms of Use, the term “Content” includes, without limitation, any information, data, text, photographs, videos, software, scripts, graphics, and interactive features generated, provided, or otherwise made accessible on or through the Service. By way of example, and not as a limitation, you shall not (and shall not permit any third party to) take any action (including contributing any Content) that: would constitute a violation of any applicable law, rule or regulation; infringes any intellectual property or other right of any other person or entity; is threatening, abusive, harassing, defamatory, libelous, deceptive, fraudulent, invasive of another’s privacy, tortious, obscene, offensive, or profane; constitutes unauthorized or unsolicited advertising, junk or bulk e-mail; contains software viruses or any other similar computer codes, files, or programs; or impersonates any person or entity." -- quoted from https://brave.com/terms-of-use/ , note that later it says, "Brave may terminate your access to all or any part of the Service at any time if you fail to comply with these Terms of Use, which may result in the forfeiture and destruction of all information associated with your account."
I will be brief, as replies growing ever longer is a bad condition. Also I do not want to argue about imponderables.
I’m aware of Namecoin, whose Wikipedia page says
“A 2015 study found that of the 120,000 domain names registered on Namecoin, only 28 were in use.[12]
Onename co-founder Muneeb Ali on 12 September 2015 at the Blockstack Summit 2015 stated that the Namecoin network is not decentralized and the mining group Discus Fish controls 60-70% of its hashing power.”
I was at the 2015 Blockstack Summit and can vouch.
I already noted we will distribute if not decentralize publishers verification. Namecoin can’t do YouTube or other UGC accounts, as we do. Handshake might pan out for domains, we are in touch. In our current Gemini phase we have to comply with laws, but we won’t kick out or unverify a site or channel based on legal content it hosts. Our rep would be trashed if we did.
This may be where we part company. I’m well aware of conflicts of interest and the difference between intentions and outcomes from Mozilla and prior experience. Brave nevertheless has put its reputation at stake, with open source and incremental work to decentralize as much as possible. We may fail for lots of reasons, but going bad and trying to steal from our users is highly unlikely. It would be quickly defeated. This is by design.
We were never really likely to reach any agreement, so I'm fine with parting ways as amicably as is possible given that we disagree so fundamentally. I really do wish you the best; I hope I'm wrong and that you succeed in a way that's good for users.
Safari/DDG user here. Presumably Firefox could load the search results into a container that throws away all the cookies after the search is done. Doesn’t it work like that for FB?
Presumably, the real problem is that this would be against Google’s terms of the agreement between google and. moz, but - at least technically - there is no reason to throw away access to google if that’s seen to be a desirable default.
Of course - I’m guessing that google is gonna add its own tracking variables to URLs, so any search result returned by google really is going to be suspect regardless of what we do.
Do you have a better solution? I'm not asking to be glib, I actually want a browser that does a better job of protecting my privacy.