Hacker News new | past | comments | ask | show | jobs | submit login
Brave buys a search engine, promises no tracking, no profiling (theregister.com)
931 points by samizdis on March 3, 2021 | hide | past | favorite | 411 comments

"The service will, eventually, be available as a paid option..."

How my viewpoint has shifted over the years. 10-20 years ago this would have instantly turned me off, but now this is the most exciting line in the entire thing to me. As long as we all expect free, we can't expect privacy.

@Brave team, who I rather expect will be reading this, I can't believe that Cliqz doing tracking on me to improve its results for free will be in my interests if it's free. But if I'm a paying customer, you might be able to convince me that you're doing some semi-invasive tracking but not actually selling it to anyone, because it wouldn't be worth losing me as a customer.

I'm actually excited about the idea of a search engine that I pay for. Been waiting for DDG to do it but last I knew there's still no option there.

Simply paying for a service doesn’t remove the economic incentive for the service provider to add tracking. It will always be more profitable to track users, except in cases like DDG or Brave that stake their reputation on privacy. For instance, I pay for groceries, yet my grocery store tracks my purchases and sells that information. We can’t rely on the market to protect our privacy. Government regulation is needed.

It is necessary, but not sufficient. But you are correct. This is part of why I phrased this in terms of my belief, rather than absolute truth. There's no way to convince me you aren't tracking if it's free. If it is not free, and significantly larger in magnitude than the virtue of tracking, then you at least stand a chance of convincing me.

Grocery stores track you because they can use it to analyze and increase sales, a fairly direct benefit that is difficult to "compete" with as a consumer. Internet companies use it to sell you ads, which is pretty much just about the money, barring exciting conspiracy theories. We can put a decent number on how much money that is, and it really isn't that much money. Facebook makes on the order of $20-40 per year in revenue from a user [1], and the nature of the business is they do better per user than most other people. For something like Cliqz we could easily be "competing" with a revenue of less than $1/year/user, at which point the business case of that extra dollar vs. the catastrophic loss in business if they get caught is a plausible set of incentives I can believe for them to not do it. Not proof, but plausible.

[1]: https://news.ycombinator.com/item?id=19462402

Grocery stores do not just use the data internally but also sell their Point of Sale data to third parties that analyze it and then sell their analysis to anyone willing to pay for it (mostly that is CPG companies). Point is: it isn't necessarily a direct benefit to the end customer.

I have never looked this up, but anytime I'm checking out at a brick and mortar store, I'm asked, casually, "Phone number?" Or "Zip code?" As if thats information that is necessary to check out. My response is always, politely, "you don't need that information." It annoys my wife because she thinks I'm being rude, but frankly the question I'm being asked is uncouth. Would you ask a stranger how many children they have or what time they get off work? Not unless you had some intention to use that information!

I hope you realize that grocery stores track you in other ways than just your zip code or phone number [1]. You have a beacon in your pocket that is always searching for SSIDs or Bluetooth IDs, which is more than enough to uniquely ID you. You can combine that with facial rec now and link a face, sex and estimated age to the SSID combo. Who names their phone “<Your name>’s iPhone”? They can get your name too.

If you truly wanted to be paranoid, set your device to airplane mode (don’t forget your smartwatch or wallet Tile), cover your face (this shouldn’t be hard these days) and only then venture into a store. Oh, and pay your groceries with cash.

[1] This article is from 8 years ago, so just imagine how far we came from that time: https://lifehacker.com/how-retail-stores-track-you-using-you...

I actually requested a card at Safeway (wanted for convenience, not privacy), but apparently they are not giving those out anymore. You have to give them your phone number or else accept the additional costs for your food and lack of benefits at the gas station.

The rewards card is a much better model in my opinion because while it gives them quite a bit of data, it does provide some anonymity. I'm sure it is possible to reconstruct from that data who I am (i.e. convert it into direct PII like name and address), but that at least takes a lot more effort and processing than if they have my phone number.

Most people are ok giving up SOME privacy for the sake of convenience/cost savings. I doubt most people are truly willing to give up all privacy for said benefits once they understand what they are actually giving up.

The typical model that I'm familiar with on those rewards cards is that they just ask for that same info for you to get the card in the first place, so it's of basically no benefit privacy-wise. I suppose this can differ from place to place, and you could always supply a different number or one not strongly linked to you, I guess.

Is there anything stopping you from getting a card for 555-867-5309?

They need a phone number. I've never heard of any store actually trying to use it to contact you.

PS: If you ask nicely the cashier will almost always punch in a working number for you. They want the reward points.

Not at most places and often times that number will have a large reward points pool already built up because others are also using it to avoid giving out their number.

You use your reward card when paying with a credit card? Or have you only ever paid cash?

Because if you have, your reward card has probably already been linked to your credit card, phone number, email, etc. by now.

That at least takes extra processing and data sets. I think that does matter as far as privacy is concerned. We tend to think of privacy and security as all or nothing, but it really doesn't have to be that way and may be impossible to achieve if you go down that route.

Rewards cards offer zero anonymity. Their entire purpose is to keep track of your purchase activity so you can be profiled by data brokers.

Just say "no thanks" and you get the same result while sounding less rude.

> It annoys my wife because she thinks I'm being rude

You are being rude. The innocent cashier is forced to ask you that question and has no power to change the rules. Why not be polite to them? If you really want to change things, try asking to speak to the manager (after you're done checking out, of course!).

> You are being rude. The innocent cashier is forced to ask you that question and has no power to change the rules.

Then the person being rude is the person forcing the cashier to do this. The customer should push back, so the cashier can push back.

Both are rude.

The cashier and customer should both realize that neither of them want to do this, and be polite about it.

The cashier has to do that all day, every day though, so I feel like they get a pass.

If you push back, nothing happens to you.

If the cashier pushes back, they may be punished (up to and including getting fired — there's more competition for cashier-level jobs than you think).

How is not giving personal information rude? He is just telling them the truth that they don't need that information which is correct. If a cashier were to ask you your bra size would you be okay with it? Why is it okay to ask for phone number which will give you all that and more.

politeness and truth are orthogonal concepts. You can be both right and rude. Watching the Big Bang Theory can provide a feel for this.

you can be both honest and polite.

Politeness is also relative to whom you are speaking to.

Just poison the data.

Phone number? 212 555 1212. (You could change to the local area code if you feel like it.)

ZIP code? 90210, in Beverly Hills, of course. Or 01234, which is Pittsfield, Massachusetts.

Local area code plus Jenny's number has worked everywhere I've ever tried

Smart. Years ago I registered the number 500-5000 everywhere I could in my neighborhood. Just from word of mouth, the number got so popular they banned it at the local grocery store!

Give the phone number and zip of the store asking for the information. This way if there is data leak it is theroretically possible to track who originally asked for the data. This self-reference trick can be done with email address as well. The idea is that, in the event of unwanted data sharing, the consumer needs some way to know where the personal data came from originally.

The problem is that this info is tied to warranty information sometimes.

for expensive purchases maybe that's important

for my weekly purchase of bread, bacon and ketchup it's definitely not

I don't know what I'd do without the feeling of security I get from my comprehensive ketchup warranty.

I had a massive ketchup blow-out recently. It took out my entire refrigerator. There was leftover lasagna and broken beer bottles everywhere.

I'm just glad I'd bought the extended warranty.


How do tourists react to those questions, or how does your wife react to stores not asking such questions in other countries?

> It is necessary, but not sufficient

Doesn't DDG contradict that?

DDG makes me nervous because I don’t actually understand their business model. Which isn’t to say they don’t have a well-known and viable one but I haven’t personally looked into it and as a result my gut feeling is that they are probably not an exception to this.

I use them anyway because they at least claim to be private and haven’t yet given me specific reason to doubt it. I probably should at some point take the time, though, to try to actually understand how they can viably exist in a way that isn’t going to succumb to the same corrupting incentives as google.

Their business model is simple:

- build a useable search engine

- show ads to users

User acquisition is based on word of mouth and a bit of guerrilla marketing: they are a search engine with decent quality that doesn't spy on you.

Not spying and not selling tracking data to others cost them some opportunities but gives them "free" users that would otherwise have stayed with Google.

The last few years Google has been busily lowering their quality so even if DDG haven't improved much they feel very close to Google these days. (Also, retrying in Google takes 2 seconds from DDG, while retrying in DDG after trying in Google first takes 15 seconds and more thinking.)

One of their core tenants (privacy) is unprofitable. There will be internal pressure to drop it.

Note how their predecessor, Google, started out lovable and quirky but then that facade crumbled under the weight of success.

I like DDG, I use DDG, I recommend DDG. And I don't even care about the privacy. All that matters to me is my search habits, emails and business-related-data are controlled by different entities.

But at some point I expect the privacy aspect of DDG will be a memory rather than a current talking point. The incentives are pretty simple.

When DDG does that we move on to the next option. It seems like the only way to not be eventually screwed over is to periodically move on from what you use.

This is why it's important to have replacements around. Particularly smaller and newer businesses that aren't yet interested in squeezing out every drop from you.

My worry with that business model is that people concerned about privacy enough to switch to DDG probably are really likely to use adblock

I use an ad blocker and DDG, but I still see ads when I search for something. The ads appear like Google search ads, but clearly labeled, so I doubt my ad blocker is going to be able to detect them without a feature to specifically target DDG.

I don't have a problem with those ads, since they're not overly intrusive, they're clearly labeled, and they're not targeted to me based on my personal information. Plus, DDG actually gives me the option to disable ads completely.

That's what "don't be evil" should look like.

Personally, I don’t mind an ad or two. It’s not ads, per se, that have me using an ad blocker... it’s the “bad UI impact of tons of ads and pop-ups” that keep me in ad block mode. When a site wants me to turn off the ad blocker and it doesn’t look insane, I’m happy to comply. Same with DDG.

If it ever leaked that DDG was tracking user data, they would lose their only competitive advantage and lose all their users

My worry is that if they ever achieved a dominant, Google-like position in the marketplace, that they would eventually lapse and go for greed. Even if the current DDG leadership is principled in this respect, companies go through turnover. Can't be evil > don't be evil.

If/when that happen the HN crowd should look at it as a business opportunity.

I can be an early customer.

Given that Google owns that position, and is being evil in order to maintain it, that is very, very unlikely. I'll stick with DDG and take that risk.

DDG lets you turn off their ads in their own settings, so I don't think they're worried about it.

DDG is registered as a Brave creator, so they can get some revenue from Brave users without ads.

As others have mentioned, they run ads — based on the search query of the page they appear on. They also (not unlike Brave) participate in affiliate programs. They get referral commissions when they funnel people to Amazon or eBay, whether through their shopping carousels or through !bangs.

> use them anyway because they at least claim to be private

Me too, at least there's probably some chance they get sued if they’re as terrible as Google. But

> haven’t yet given me specific reason to doubt it

I do doubt they’re as private as they could be, because they act a lot like I imagine a honeypot does, hide their source code, and have had serious past privacy problems in other products (https://news.ycombinator.com/item?id=23708166 ‘We’re not collecting your info, our servers are receiving it but just trust us we just throw it away’).

Don't they have ads? In reality, tracking doesn't do much when it specifically comes to search engine ads, since the user is literally giving you their intent in the search query itself. Tracking is more useful for showing ads as you browse the web in general. DDG can do effective search ads without any actual tracking, and that's their business model, which is very similar to Google Search.

DDG does have ads, but with a limited scope, your search patterns are only used for a limited time.

'tracking' is a broad term but websites do track what you click on and if you return to the search results and click another link after clicking on the first link - this indicates that the first link didn't give the searcher the correct answer they were looking for. Whether or not that's tracking is up to you. DDG also of course does tracking for security purposes - scraping their search results doesn't go over well unless you also have a financial stake in outwitting their anti-abuse stuff.

> 'tracking' is a broad term

Right, in this context though it's referring to users themselves being tracked. Tracking how well the results to a specific query did doesn't require any sort of user-specific data. You're just logging stats about the results themselves, not the user.

I'm not sure DDG can be considered an example of the default position in the search market.

Granted, OP didn't explicitly state they were discussing the most common behaviour in the market, but it remains a stretch to take them to be be stating a law that must be strictly true for any social construct that could be called a market.

Well, since the thing it is "necessary but not sufficient" for is me to be convinced you aren't tracking me, it does not. I use them as the best current alternative, but as I alluded to in my first comment, I'd be much more comfortable with them if I could give them some money.

But paying for a service connects your real world credit profile to this transaction. I feel privacy is already broken with the credit card companies selling this information.

When someone tracks you and you don't pay they will try to link your online activities and identify other activities online to tailor an ad to you.

I can confuse and lie to the second group but I can't hide from the first group.

Anything that requires you to pay by credit card means you are already being tracked. For privacy I'm against pay services.

I'm not worried about a company knowing I am their customer, with some name and credit card number.

I'm worried about them participating in the global privacy free for all where they sell my info everywhere and abusively correlate it with the info others have to learn things about me.

Search terms are a particularly rich source of this sort of thing.

I don't think "privacy" is much about keeping all info away from people, I think it's about the correlation. Keeping info away is a natural and sensible precaution in an environment of rampant correlation, but if that didn't exist I wouldn't need to resort to complete information starvation.


The credit card company is the one selling your relationships and purchase habits and they know exactly who you are and can connect you to everything else important in your life.

Services like Privacy.com offer single purpose credit cards which can help mitigate the linking of an account to a payment source.

Now you have to trust privacy.com and still worry about the others.

True, although it does shift some of the parties you need to trust. It’s not a perfect solution but, I think, it’s a good solution given what’s currently available. At least privacy.com is a central company which bases its reputation on privacy and as such has an incentive to avoid reputational harm.

“Don’t let perfect be the enemy of good”

What about Wikipedia? Do you consider the minimal logging they claim to do to be “user tracking” in the bad sense? Or do you think they’re doing more bad user tracking in secret?

Wikipedia is a special case for me because it's owned by a non-profit which has thoroughly proven it can sustain itself on donations and grants.

I'm sure reasonable people can disagree about how much money Wikipedia needs to raise and what projects are essential, but the main point stands.

Although, I'm not sure it's reasonable to call linear expense growth "cancerous".

The author of that certainly has a point, but the cancer analogy feels SO forced and is really off-putting.

Yeah… I almost didn't link it because of that.

That article doesn't seem to account for actual traffic growth.

Internet companies outside of the ad space also track you because they can use it to analyze and increase sales, much like grocery stores. They use it to inform product decisions by answering questions such as: Which features are our users using the most? Which features are the most profitable users using the most? How do we get more people to the end of the sales funnel? etc.

Are you ok with this kind of tracking? Genuinely asking... Personally I see it as "less bad" than straight up selling my data to another company, but I would still prefer companies didn't automatically track me at all, and instead relied on interviews with real users. Or at least make the tracking opt-in, Nielsen style.

I'm on the fence about this. From personal experience I'll nearly always opt-out just because I can. However I think this kind of user tracking is a better way to inform product decisions than user interviews.

Asking a user for their opinion about something doesn't generally provide as much valuable insight as monitoring their usage of a product.

I don't subscribe to magazines because if I subscribe to one, suddenly I'll get dozens of ads to subscribe to different magazines in the mail.

I'm not ok with that data being sold at all. I'm not signing up to receive advertisements

> We can’t rely on the market to protect our privacy.

You don't get from your first point to here.

The cause of the market failure is that once you give your data to someone, you can't know what they do with it. The solution is for them to never have it in the first place.

This has technical solutions. Your data stays on your device, not their servers, or if it is on their servers then it's encrypted. Don't do anything client-server that could be federated or P2P etc. Publish the source code.

This needs a business model. But "you pay money to fund development and then get software including source code that you run on your device" is a business model. If people want this they can have it. Go stuff cash into some open source projects by subscribing to their Patreon or Substack or whatever people are using now, and then use them.

The alternative doesn't actually solve the problem. You give your data to Google, the government says Google can't do X with it, but you still have no way to verify that they're not doing X because once they have your data, X happens entirely at Google where you have no way of observing it.

It also fails to protect against covert defections by both parties where the government gets all your data in exchange for looking the other way while the corporation does whatever they want with it too. You need to be able to prove that it's not happening, or it is.

Seems to me that depends on the kind of regulation. If it's just "trust the regulator to keep ahead of Google" than that's one thing. But we can add other constraints on top of that. E.g., we could require that Google's privacy-relevant code be open source, and that they must give you data all data related to you, such that individuals could audit things and prove or disprove that Google's behavior matches their claims.

Especially if we add bounties for catching Google's transgressions, I expect we could do quite well open-source, personalized regulation.

> E.g., we could require that Google's privacy-relevant code be open source, and that they must give you data all data related to you, such that individuals could audit things and prove or disprove that Google's behavior matches their claims.

What happens if they lie? They have the data, they give you the code that does the user-facing thing with the data, then they copy the data to some other system where some unspecified foreign subsidiary uses it for arbitrary nefarious purposes without telling anybody.

And as much as it might help to have a law requiring cloud services to publish all their source code so people can verify that they're doing at least that part of what they say they're doing, do you really expect that to be enacted?

I think the right regulatory fix depends a lot on which particular service we're talking about and what the threats are. But the general goal of mandatory transparency reporting is to minimize the size of the possible lie. And I think that works even better when individuals and civil society groups have the opportunity to verify that. E.g., look at how many companies have been caught hoovering up data thanks to individual investigators looking at app behavior.

I don't think a law requiring all code to be published would get passed. But key code for, say, personalization algorithms? That seems doable. Places like health departments, ag inspectors, and workplace safety agencies get to inspect the physical machinery of production all the time. No reason we can't start extending that in to the virtual realm. Companies won't be excited for it, but they might prefer it to some of the more heavy-handed proposals going around now. (E.g., section 230 reform, antitrust concerns.)

>Government regulation is needed.

Hopefully not the kind of regulation that puts a breaking burden on companies like Brave, while letting big tech do whatever they want after a token fine.

Agreed. Just look all other paid software, computer services, and even computing machines.

Microsoft charges you for a Windows license and still tracks you. I have little doubt Adobe, et al, are selling your data. Amazon surely makes money when I buy something from their site, but they track me anyway. Etc, etc.

Exactly. We could end up like cable television where we pay for the service and STILL get shown ads and in the Internet's case, tracked.

We already have enough regulations and we still have so much problems. For one thing, it is selective enforcement. Secondly, the penalty is peanut. If penalty is a percentage of total revenue, it will change the behavior of the executive of the tech giant. Add some jail time for repeating offenders is a good idea too.

Lastly, the reason why regulations don’t work is regulations is written by lobbyists here in the US. Guess who these lobbyists represented?

>> Simply paying for a service doesn’t remove the economic incentive for the service provider to add tracking.

No, but it can remove the necessity.

Some people can be satisfied with a business of X profitability, but once it goes public there is really no hope IMHO.

Agreed, however thats a poor example. Your purchases are tracked via loyalty programs, which you are compensated for with a reduced price on goods.

But, they hiked prices when the loyalty programs started in my area. At the very least, there’s a moral hazard of double dipping (charge normal margins for loyalty card users, double margins for everyone else).

You don't have access to the alternate universe where they didn't introduce a loyalty program to compare prices. Grocery prices go up naturally due to inflation so it's impossible to disentangle.

Groceries are also one of the most price sensitive items people buy and grocery stores run on incredibly thin margins so it's dubious to believe that a grocery story has much control over their pricing, independant of a loyalty card. If they could raise prices after the introduction of a card to increase total profits, why couldn't they have done it before then?

Far more likely is that they're using the extra revenue from the card to lower prices for you and gain market share from their competitors but the lower prices are swallowed up by general price increases.

People who don't sign up loyalty programs and other similar schemes have shown that they aren't price sensitive. They're the ideal segment to fleece via price discrimination.

I don't understand why that makes it a poor example?

The original comment I was referring to mentioned that paying for a service does not free you from tracking, and used groceries as an example. That is a poor example because you are being compensated for your opting in to tracking.

A better example would be something you pay for, and you’re still tracked with no compensation.

Does that answer your question?

Indeed. Nearly every cell carrier in the US was selling their customer's data. See:


Simply paying for a service doesn’t remove the economic incentive for the service provider to add tracking.

In fact it does the opposite. People with a demonstrated willingness to pay for stuff are more lucrative to track.

The grocery store sells everything I buy to who, and is that information personally identifying? This seems insane that me buying a brand of toothpaste could be fed back into Google for more surveillance, but here we are.

Yep. That's why "loyalty cards" exist. Since they're not allowed to associate your purchases (or really any data) with your CC number to build a profile they give you a separate ID number that you key-in/scan when you buy things.

"Oh but you don't have to use your loyalty card."

Technically true but it's not "get a discount if you use your loyalty card" it's now "pay really inflated prices if you don't."

For what it's worth, I know people share loyalty cards across large groups to mess this up. Me, I just eat the cost. Developing a "I will not play your games" has been great. I know people who absolutely obsess over gamified consumption (e.g., airline miles) and I'm glad to have the brain space for things that matter.

I have to say I think loyalty cards are a distraction, why can’t they just track my via my card info/Apple Pay? I mean the thing is literally a kind of unique identifier...

This is already happening, only it's the credit card company doing the tracking and not to grocery store.

It certainly is if you use any kind of reward or "points" card .

Until the situation improves, maybe we can just pay cash for groceries?

Not sure I follow your logic. Targeted ads are profitable because consumers continue to use services that track and then target them.

If consumers didn't use these services because of such behavior, it would no longer be profitable to do so.

It's not the job of the market to protect your privacy, that's your job. Don't use a search engine that tracks you if you're worried about being tracked. It really is that simple.

As for guarantees about not being tracked, that's agreed upon in the ToS – so if the ToS says "we can track you however you want" (e.g. Googles) then don't use it. If it says "we won't track you" (DDG's) then do.

> Targeted ads are profitable because consumers continue to use services that track and then target them.

Demand based systems aren’t always a good measure. Human trafficking has demand and people use those services. And there’s a, sadly, large number of people who want and purchase if available. No it needs to be fought on the supply side by stopping traffickers and protecting trafficked.

Companies use targeted ads because they work and are available. Not because they are moral.

Pretty wild comparison.

Tracking is amoral, human trafficking is immoral.

They certainly aren’t equivalent by any means. But disproving GP’s point that targeted ads are used because people want them, therefore should be allowed.

Targeted ads and the data slurping involved is immoral to me. Not human trafficking bad, but probably as bad as working for coco cola.

I didn't say that people want them, merely that they are choosing to participate in the system. People being sex-trafficked are not, which is why it's an apples-to-orangutans comparison.

While the magnitude is different I think the relationships are similar.

I don’t choose to have my data included for targeted. Victims don’t choose to be trafficked. Marketers choose to buy ads using the data. Perverts choose to buy sex from victims.

Each has people choosing to use, and not choosing to be victims. Both have an intermediary selling the ads or the humans.

You are choosing to have you data included for targeting.

That is what you are agreeing to when you agree to the ToS.

There is no "victim" here, because you have agency.

I don’t think so. Aside from frequently being included into Google’s data by sites that use GoogleAnalytics without ever asking me anything, these TOS click throughs aren’t honest agreements as they are long and confusing and change over time.

Even if I never log in and go to Google.com without an account they are using data on me and I never clicked anything.

I don’t have agency to avoid Google collecting data on me unless I stop using the internet. Perhaps if I always use TOR or something.

And that’s me who works in this area day in and day out. “Average users” definitely don’t have agency and can’t be expected to give informed consent to these data collections.

In medical research before informed consent [0] was law, experiments would have “click through TOS” that patients would accept without understanding, often with some token offering.

I don’t think it’s accurate or fair to say that random users clicking through agreements in exchange for free services have agency.

[0] https://www.ama-assn.org/delivering-care/ethics/informed-con...

At least you can probably take them to court if you pay for the service and not being tracked but they still do.

Unless they have a carefully-worded Terms of Service and Privacy Policy.

I would assume it would be mediated.

Depends on the goal of the organization, really. For organizations that follow the current business dogma (maximize short-term profit/increase shareholder value) then yes, they always have an incentive to screw over whomever they can.

But that's not how everybody thinks. The Craigslist leaders, for example. From 2006: "She recounts how UBS analyst Ben Schachter wanted to know how Craigslist plans to maximize revenue. It doesn’t, Mr. Buckmaster replied (perhaps wondering how Mr. Schachter could possibly not already know this). 'That definitely is not part of the equation,' he said, according to MediaPost. 'It’s not part of the goal.'" [1]

I do agree that privacy regulation is necessary to set a floor, though. Since our current system over-rewards juicing short-term metrics, we have to compensate by blocking the worst of the exploitative behaviors.

[1] https://dealbook.nytimes.com/2006/12/08/craigslist-meets-the...

Craigslist is the exception, not the rule.

Did I give you some reason to think I was suggesting otherwise?

There was no tracking on Cliqz, nor it will be any in Brave. To know more about the underlying tech of Cliqz there are interesting posts at https://0x65.dev, some of them covering how signals are collected, data, but no tracking. I did work at Cliqz and now I work at Brave. I can tell for a fact, that all data was, is and will be, record-unlinkable. That means that no-one, not me, not the government, not the ad department can reconstruct a session with your activity. Again, there is no tracking, full anonymity, Brave would not do it any other way.

Please let us know if that changes.

Brave buying Cliqz is the first corporate acquisition that's actually made me feel better about the acquirer, ever. I have no idea how to react to that. Keeping up the dev blog would probably make me start recommending Brave, where before I recommended against it.

Incidentally, do you know what's happening to the Cliqz browser?

100% this. There is a glass ceiling to the quality of a search engine if it's free; it starts with G.

The paid option hasn't been explored yet, and for good reason I think: in principle, you need training data for it to be any good. And, again in principle, the only way to amass user data is for the service to be free, leveraging that to sharpen the tool.

So in principle, I reckon this is doomed to fail. But I might be wrong. I HOPE I'm wrong. And that's enough.

Personally, I don't have a problem with a service using aggregated usage data to improve their algorithms, even if that is technically "tracking" me. It's the selling of personalized segment data that bothers me.

You can't have one without the other. The economic incentives are just too intense.

I don't understand. Why can't you have one without the other?

ohduran probably means that there is no a priori logical reason for the two to go together. In theory they could be separated. However, it is far too enticing of a profit opportunity to use aggregated data if one has it en masse to sell personalized data.

I happen to disagree; almost any for-profit business is going to be doing some sort of aggregated usage data. I mean at the most basic level they've got to be tracking the number of customers they have. That doesn't mean all for-profit businesses ultimately devolve into data selling businesses.

Although perhaps ohduran is advancing a more nuanced argument. In particular perhaps the more detailed usage data you track, the more likely the siren call of selling that data is to be attractive. In order to compete with Google on search quality, perhaps you do need sufficiently detailed usage data that the call becomes irresistible.

I'm still not convinced that's true, but I could see how it plays out.

Oh wow, perhaps I was too terse and left too much room for interpretation. I meant that there is no way for a for-profit company to eventually sell personalized segment data once it has it, even if there were initial promises not to do so.

In that regard, the "siren call", as dwohnitmok says, it's a very appropriate way of encapsulating what I meant. You can be bold and not do it, but as soon as you have investors, they are going to demand it , pressure you into doing it, and if you do not comply replace you with someone who will not be sitting in a potentially profitable line of business and do nothing.

That's not really true. Google & Facebook only sell targeting for a reason: it's more profitable than selling the data itself. Why would you sell the user data you worked so hard to collect when you can sell targeting on it again and again? It's actually in Google & Facebook's interest that no one except them have data on you.

What kind of training are the users providing that makes G better? I thought their secret was that they have better infrastructure to crawl and organize information?

I don't see how a paid search engine has a disadvantage here.

One very simple metric to improve search results is testing how long a user visits a site. When users search for something, click a link and return to google seconds later you can assume that the result did not match what the user was searching for.

Then why aren’t Google results any better (arguably worse) than search engines that don’t do this?

They are better IME - I use DDG but still need to switch to Google for many searches to find what I'm looking for.

Because they're so dominant they can make changes to the system that make it worse. Haven't you noticed the decline in quality of Google search results over these past few years?

What makes you think Google's results are worse?

i find google is useless at this. They throw out irrelevant results that the Wise Men of Google think you want to see, or that they'd like you to see. DDG pay more attention to your wording. The drawback is they have fewer indexed pages.

You find Google is useless at what?

showing the results i'm looking for

They are better. Maybe not to you but there's a reason Google is as big as it is. DDG, Bing, etc. are just awful.

I'd also wager this is probably the most useful or close to the most useful metrics you can use. With this metric, plus the user's persona (male or female, teen or elderly, and so forth), you have a fairly accurate user driven ranking system.

Why can't search engine just ask the user if this site was relevant instead of using tracking to do it?

Because then SEOs would write bots to keep clicking that their site is relevant to everything.

But you can get SEOs to fake metrics, too.

because the underlying assumption is that what they'll tell you is the truth, and that's not necessarily the case. Think of a Firefox plugin in, AdNauseam style, that always says NO.

But there's nothing stopping the same people from gaming existing logic that tracks user behavior except security through obscurity. But you also get dirty data via tracking where it's indistinguishable from backend if user found what they want or just gave up on trying for example.

It's a good point. I'm no expert, so take this with a grain of salt, but assuming that it's just a matter of infrastructure, then Bing wouldn't suck so much. Microsoft has the means, the engineering power and the incentive to crush a direct competitor. And yet, it sucks.

So in practice, the more data you have, the better the engine is. I don't have a theoretical reason for why that is the case, but thing is I don't actually need it.

Every time you click a result link, and every time you bounce back from that link, probably also scroll position and hovering, you are providing potentially useful training data.

One possible upside is the Metafilter principle: If you charge $5, you get a higher quality signal by excluding a lot of chaff. The probability that your search engine user is human gets much closer to 1, and you save a lot (but not all) of the anti-abuse effort. This gives you better signal on which websites are interesting, so you need possibly orders of magnitude less data to do a good job.

Back in the day (late 90s) there was a company called Copernic that had a good search engine with a REALLY good desktop client. I remember being able to do all sort of filters, sorting and crazy searches. IIRC It was paid, and it was really way ahead of the simple search operations you can even currently do with Google (actually, Google has constantly removed search abilities as time goes by, like for example, anyone remember when Google Search could show tweeter search results? or that you could "block" domains from search results)

Honestly, there should be some sort of never-forget meme about Google removing the + operator when they started up their stupid social network that failed and then never put it back >:(

Just checked wikipedia, and it seems it'll be ten years ago this June that google stole + and forced quoting upon us for pure vanity reasons.

If someone is wondering (like I did) what the + operator was for:

foo +bar +baz

was equivalent to

foo "bar" "baz"

It stood for logical AND, so really your search term would be read as:

foo AND bar AND baz. It would be more accurate to type it as foo + bar + baz.

They've unfortunately conflated "must have" and "spelled exactly", which aren't the same thing.

This explains so much. I thought they were distinct operators. I thought quoting meant must match exactly, and the plus meant must be present. So +"baz" meant it must be exactly baz, and it must be present. +baz meant baz, or some variant like bazzes must be present.

On that last point, searches like `-site:example.com` looks like they still work.

I would not get too excited until you read the agreement they present you with. If you are a paying customer and they make promises, such as privacy-related ones, then those could theoretically be enforceable, with quantifiable damages at least equal to what you have paid. Will they accept that potential liability. Google won't. If Brave breaks their privacy promises to millions of paying end users, will they try to prevent the possibility of class-actions when potentially hundreds, maybe thousands or more of them all simultaneously "ask for their money back". Does paying by itself magically transform empty promises into kept ones What if the promisor can break the promise and keep the payments.

My views similarly changed on email. It would have been inconceivable for me to pay for email 10 years ago. Now I'm happy to pay for a service that does the basics well, is primarily considering my interests, and will have competent customer service if something goes wrong.

I've really 180'd on this over the past two years. I've always loved business models that allowed free access, but now I'm very much focused on a business models that are sustainable, and without relying on being able to sell my data to keep the lights on. A service I can pay for access, in a sustainable business arrangement, is my new preferred model.

What if it's less profitable to run a paid search engine? Will they run both free/paid side-by-side? And how can one be certain they won't profit off the query data on the backend anyways?

Is there any reason I should think Brave won't prioritize profit motives first in 5, 10 years when investors or markets expect returns?

I do think that fewer things need to be free. But there’s no reason to believe that free means we must lose our privacy.

OTA television, for example, had been providing decades worth of extremely expensive programming for free. And this lost us absolutely no privacy.

There is no reason that ads have to invade our privacy. They can go back to targeting based on broad geographical and age demographics.

Let’s do a thought experiment. Let’s say the government passes a law that says that ads cannot be based on any factors more privacy invasive than your zip code and 10 year age range. It’s not like companies would stop paying for ads. They would pay less, but probably still enough to maintain free services, like Google did in its initial days.

there's also lots of smaller niche platforms/services that don't, sometimes even funded exclusively by donations. I think the size of the organization has a lot to do with the likelihood that your data is getting harvested as well.

> As long as we all expect free, we can't expect privacy.

Not if the project is a non-profit. Wikipedia is free and privacy friendly (or pay what you want through donation if you want).

Paid services have the real name and credit card. It's too risky to assume they won't turn evil in the future.

I barely trust my ISP.

Cable in the 1980s comes to mind:


Short answer: Yes, there will be ads eventually, even if you pay for it.

> I'm actually excited about the idea of a search engine that I pay for. Been waiting for DDG to do it but last I knew there's still no option there.

I wonder if that's because they're using Bing search results rather than crawling the web themselves?

give me the option to block certain sites from results and prioritize others, I would pay a monthly fee just for that level of customization. I hate searching to download something and only finding spam in the top 5 results.

I was going to say something similar.

I'm convinced that it's possible to build a better search engine than Google by using community-influenced results, rather than try to do magic.

I'd definitely pay for a search engine where we can collectively downvote to hell any SEO spam. That would be the only way to incentivize sites to provide actual quality rather than cheating the algorithms.

> As long as we all expect free, we can't expect privacy.

Paid is still centralized. Decentralization isn't an answer, because people make their own decisions and a collective decision contains a lot of power. The only way to achieve true decentralization is to eliminate communication entirely. I believe it is referred to "Babel's tower". Centralization means we have no freedom and no privacy. With decentralization, 51% could conspire to murder the 49%. That experiment, taken after a few iterations, would quickly turn us extinct.

The idea is interesting. My view on the economics side is that the flaw is that this is a for profit company trying something new to make more profit. There's nothing wrong with that except that what they are selling is a commodity (bing, google, duck duck go, ..).

So, that doesn't sound like a sound plan. In fact it sounds a lot like everything Mozilla tried and failed to make money with in the last few years. Maybe users will pay for X .... nope they won't pay for X either. Ironically, Mozilla's main business remains reselling Google's search.

What's Brave's business model at this point? I'm assuming that the attention token business is at this point not really delivering substantial revenue.

Anyway, a couple of weaknesses here with both these business models (search and BAT):

- They are tied to Brave the browser, which while popular has a tiny market share. So, both solutions are cut off from the vast majority of users, including the fraction of a percent likely to be an early adopter of this (i.e. by actually paying). Fractions of fractions don't add up to a whole lot of revenue.

- That browser happens to be built by Google and also depended upon by Apple & Microsoft (i.e. Chromium). Between those three, they control access to most of the users via their apps stores and operating systems. They also control the main contenders Cliqz is supposed to compete with: Google, Bing & DDG (which is Bing). That sounds like an uncomfortable place to be as a would be competitor. Also, there's the Apple and Google tax to worry about with any kind of revenue: Brave users putting more cash in the coffers of Apple and Google basically.

- Users might pay for quality. That raises the question how you will get that. DDG is popular but a key reason for people to not use it remains that sometimes they just aren't good enough. And it's basically Bing, which depends on MS putting loads of cash and resources in it. I found myself reaching for Google a lot in the half year I used it until ultimately I decided that I did not have time for too many fruitless searches where I wasted time before ending up finding what I needed on Google. I reverted back to Google. And that's not because I enjoy being tracked or in their clutches: they are just that good.

- Brave as a walled garden for exclusive paid features does not make sense: it's too small. Both BAT and search as commercially offered features would have more users (and thus paying users) if they weren't tied to Brave the browser. IMHO both would actually need to be structured under a non profit organization for long term success (for users, not for Brave).

have you heard of greed? Do you think they care about loosing customers in that scenario? Where will they go? Dont be soo naive... they might start with honest and clean intentions but that will most likely change, or the pople running the company will change, people are soo easily corupted, especialy in a world filled with vice

My opinion has definitely changed over the last 10 years from I'll use anything if it's free, to I'm willing to pay for a better service.

Spotify is something I'll gladly pay for because it just works and is less hassle than ads and playlists and searching for youtube videos.

> I'm actually excited about the idea of a search engine that I pay for.

Right now you can pay to host an instance of the internet meta-search engine SearX: https://searx.github.io/searx/

Consider that it’s not just the changing times but also your own changing economic situation. Would you have had a spare $20/month foe a search engine subscription as a 16 year old? I sure had better uses for my money back then than something like this, privacy be damned.

I don't really mind the ads on search engine as long as they aren't tracked and are based on the search. This is the way startpage does it.

I don't really even want to think what I would pay Google to access their search engine if they made it a paid service tomorrow.

i would probably just switch to bing or duckduckgo (aka bing) at this point. google used to be unparalleled in finding what you're actually looking for but their search results have steadily been getting worse.

I would like to say, paying customers have even more valuable tracking data, since it signals that you have good disposable income.

There is a cost in order to be free(ed).

Would be a nice study to determine the monthly rate one is willing to pay in order not to the be the service.

Perhaps the going rate could be established in "units of text editor subscription".

How much time do you spend in search bar and results versus one of several non-coding text editors that you subscribe to? Price accordingly.

It's still kinda not private, because GTM/GA/ etc on 3rd party sites are going to track where your click came from.

We block all those. Were you thinking of other browsers?

Many things are free, such as Linux kernel and Debian distro.

However if someone's expenses grow with userbase, everything you said is right.

bat tokens will eventually make sense to everyone we’re probably just 10 years too early into the private browsing space

So basically a search engine that is worse than Google and that I will have to pay for. Sign me right up!!

In my understanding what Cliqz did, at least in the beginning, was to buy clickstream data and then build an index on top of that. So in a sense they just scraped Googles' search index, as almost all users rely on Google for finding stuff on the web. The clickstream data gives you both the search query and the website(s) users visit after searching, so it's pretty easy to build a search index from that, at least for popular searches (it might be more difficult for the long tail of search queries).

A lot of the clickstream data you can buy comes from browser extensions btw, and often gets collected without users knowing about it (looking at you, "Web of Trust"). I think their reliance on such data was the reason Cliqz acquired Ghostery, which also collects a copious amount of "anonymous" data from its users. On one hand it's a neat idea since you're basically standing on Googles' shoulders, on the other hand it's at least questionable for a "privacy-first" company as the generation of the search index is based on personal data mined from (often unwitting) users.

That said I don't know how their system evolved, so maybe today they have another way to build their index.

Bing might have also done this to improve their index https://searchengineland.com/google-bing-is-cheating-copying...

That's one side of it. The ironic thing is they probably used exactly the same tactic as the search engine in the article:


No, Brave Search won't copy search results that users do not click on. You own your queries and clicks. Only users who opt into anonymous logging to help Brave Search send unlinkable records up, and those records are not scraped from unclicked links in SERPs.

I was referring to this bit in the top level comment:

> In my understanding what Cliqz did, at least in the beginning, was to buy clickstream data and then build an index on top of that

I don't know if that's what cliqz actually did, but if they did do that it sounds very similar to what bing did.

From https://www.siliconfilter.com/hiybbprqag-google-claims-bing-... it seems Google engineers laid a trap by using IE with Bing Toolbar and Bing Search Suggestions enabled. Not clear what was gathering the data, but this article doesn't say whether the Google engineers clicked on the bogus-keyword's result link. If they did, then clickstream as you say. If they didn't, something in the IE+Bing mix scraped links from whole Google results pages.

I work at Ghostery. Yes, Cliqz bought Ghostery for the Human Web data, since we have so many more users than Cliqz ever did. What gives you the impression that any data we are collecting is not appropriately anonymous?

The Ghostery extension is open source, so feel free to link to anything in the code that looks suspect to you

I'm not saying it's not anonymous, just that it's impossible to assert the anonymity.

Also, I saw a lot of "anonymous" clickstream data offered by other companies, which was often trivial to de-anonymize. We did a DEF CON 25 talk about it, just google "Dark Data DEF CON 25". Robustly anonymizing high-dimensional data like user clickstreams is practically impossible, and often knowing a combination of 4-7 websites a user regularly visits is enough to identify him/her in a pool of millions of users (see the talk for details), so I'm highly doubtful about any company that claims it can robustly anonymize such data. If you're confident your data is anonymous why not release a large sample and have researchers look at it?

So while I'm not saying Ghostery is also doing that I don't have a lot of good faith in these data collection practices in general (also, I think before Cliqz acquired Ghostery it collected a lot of data like cookies from the users). Again, it's a smart way to collect data but I wouldn't call it very privacy-friendly.

It is trivial to de-anonymize if records are linkable, which is the case you mention on Dark Data DEFCON25. Another famous case was the de-anonymization of the Netflix data set.

However, you are assuming that HumanWeb data collection is record-linkable, which is not the case, precisely to avoid this attack.

If what is being collected is linkable: e.g. (user_id, url_1), ... (urser_id, url_n). No matter how you anonymize user_id, it will eventually leak. A single url containing personal identifiable information, e.g. a username, will compromise the whole session. No matter how sophisticated the user_id generation is. The real problem, privacy-wise, is the fact that record can be linked to the same origin. An attacker (or the collector) has the ability to know if two records have the same origin.

The anonymization of HumanWeb, however, ensures that linkability across data points is not present. Hence, an attacker cannot know if two records come from the same origin. As a consequence, the fact that one url might give away user data, for instance a username, it would not compromise all the urls sent by that person.

If you are interested in more details I recommend this article: https://0x65.dev/blog/2019-12-03/human-web-collecting-data-i...

[Disclaimer I'm one of the authors]

I still see a lot of ways in which users could be de-anonymized, sometimes a single URL is already sufficient and side channels like the quorum mechanism might leak information as well. Maybe it's really anonymous, but personally I don't trust any mechanism that doesn't have a statistical anonymity guarantee, differential privacy being the preferred one as it's the only anonymity model that hasn't been broken yet.

Anyway, it's great that Cliqz did this work and I don't want to diminish it, I'm just very cautious when companies claim they're only collecting anonymous data, there were just too many cases in which promises have been broken.

As mentioned in my previous comment:

There is a better way to service users interests; initially it was "keywords" - but now it can be more structured;

"I want to learn [topic]" and the response may be a step-by-step how-to on how to learn [topic]

TBH this was a subject addressed on NPR this morning.. People staying at home are talking about the old infra of edu where people cant be in person - but nobody is talking about the opportunity on changing the structure of learning at all - there should be seen the opportunity on changing the way in which we learn something.

Brave has a long way to go to build real trust. Too many reckless stuff: hijacking links, suspicious url-rewriting, crypto-token stunts, forgetting to communicate with users about serious privacy leaks with their faulty TOR window... also it looks like they care about privacy only in their PR brochures.

Also zero transparency for users and publishers.

On one browser installation I stopped getting payouts, reached out to them via reddit (like they asked for) and provided all the information they asked for: ghosted.

I'm also a publisher, for weeks now I can't login and it seems like I'm not getting payouts anymore either. Never got any mail about it. Sent them an email about it February 23rd, no answer so far.

If I'd have to guess, the one client somehow got blacklisted maybe because I used too many Brave installations and they think they're fraudulent? (Though I only used like 5, Brave & Brave Beta each on a desktop & laptop, then on another desktop just one installation. Also, I still get payouts for the other installations.) Or it's just another one of the bugs that eats payouts and users' BATs.

Publisher account I even have less of an idea, it's totally fine, teen-rated gaming websites with a couple of thousand organic (search traffic) uniques/month. I did sent BAT from my unconnected Browsers (you only can connect a maximum of 4 browsers to a wallet, ever) to my site to tip myself. As far as I know that isn't against the TOS either (even makes them more money because they douple dip).

But, even if they don't suspend you without any notice, it's completely non-transparent as a publisher too. You get zero statistics, just a bundled payout each month. I'd never use them like this as a publisher for bigger sites, pretty sure I mailed them about that too in the past and also did not get any reply.

Also the fact that they boast "we blocked X many ads" directly above a Brave-owned embedded avertisement directly in the browser itself.

Scummy stuff.

You can easily remove cards, top sites, adblock counts, and advertisements from the Brave home page. It's customizable.

Their point is not that there is an adblock counter, but that brave injects ads on their own homepage to inflate the apparent usefulness of their browser. It's similar to labeling a casino a buffet and saying you don't need to gamble.

I guess some just want everything for free. It's not like they're hiding it. It's right in front of your face. It's just some are too lazy to turn it off or simply don't care.

That's a feature, not a bug. The point of the Brave ad blocker is to (optionally) replace unethical ads with ethical ones so you can compensate the content creators you browse. How is this scummy?

Because it removes a revenue stream for many sites and small businesses (oftentimes the most important or only revenue stream) and replaces it with a setup where Brave happily benefits from holding that income in escrow until you can convince them to hand over whatever percent they think is fair to share... in their crypto. That is, of course, assuming they don't ghost you, which seems like a common complaint among publishers.

The company's got a long list of shady practices and "mistakes" where they haven't paid creators and/or screwed over users for their own profits. Even if you give them the benefit of the doubt and assume they just constantly make honest mistakes, no other browser dominates the news every other month with so many privacy scandals.

While it is sort of a hostage situation (websites must sign up for Brave rewards to get a payout), would you rather websites get no revenue at all? If the prevailing mentality of most web users is to install their adblocker of choice, I see Brave as an approach that tries to cater to everyone.

> If the prevailing mentality of most web users is to install their adblocker of choice

This is not the prevailing mentality of "most" web users, in fact it's not even possible for it to be because the most common user agent is Chrome on Android.

Brave is an attempt to funnel as many oblivious users as possible into a pipeline where native ads are automatically blocked, for the precise purpose of being able to execute the "hostage situation" that you mention. The premise that the target market for Brave is the tiny group of people who are willing to look at one kind of ad (provided by Brave) but not a different kind of ad (provided by the publisher) so that the publisher can get a fraction of what they would have received from the native ad (if they opt into a crypto scam) is laughable. Most people who want to block ads just want to block all ads.

Brave Ads are opt-in and will remain so. You seem to be ignoring our brand promise, which if we violate it, lead users will roast us to a crisp. Also, consent is required under new privacy laws. If you don't want to use the opt-in revenue models in Brave, and just free-ride using best-in-class tracking protection, feel free. That's the baseline default.

I'm sure you've defined "Brave Ads" such that this is technically true, but calling your approach to ads "opt-in" is terribly misleading. Last time I opened Brave, I was immediately greeted by a full page ad on the new tab page. [1] To be clear, I have never opted in to seeing any ads in Brave.

If you haven't been roasted by your users over this, I suppose that's informative about who the users are.

The Brave FAQ also says

> Are all ads blocked or can users allow some or all? Tracking scripts (trackers) and ads that depend on them are blocked by default.

So this implies that Brave does not even block all ads by default now? If you go back to 2019 [2] the same line in the FAQ says "Ads and trackers are blocked by default".

[1] https://cloudflare-ipfs.com/ipfs/Qme89K2feqd7pYvUHetXPCJ7yrY...

[2] https://web.archive.org/web/20190607005611/https://brave.com...

Sponsored images are tracker-free. We had SpaceX images in the New Tab Page (NTP) without getting paid, and supporters suggested we do more and charge. If you don't like these images, turn them off ("Customize" controls on lower right). That our users mostly like these images means not only that they didn't roast us, but that we got some revenue to keep alive and keep going. This is a win in our book, but I realize not everyone agrees.

Our early website writers oversimplified. We didn't block ads so much as tracking, so the text changed. But then the code evolved, and now we block both using the same lists as uBO, only with aggressive shields required to block first-party ads that don't have tracking or whose tracking we nullify. This requires more nuance to describe. I'll get someone to work on the website docs, but the ground truth is what the browser does. If you set your global shields to aggressive and see an ad, please file a bug or DM me on Twitter and we'll work to fix it. Thanks.

Hi Brenden,

I never opted in to ads on the homescreen of Brave. How do I opt-out of them?

Customize controls on lower right.

Ads completely overwhelm my mobile and mac book pro. Sorry?

I'll admit that if the GP holds the opinion that all ad blockers are "scummy" then I wouldn't be bothered. But considering I never see ublock origin get criticism here I have to assume that when most people criticize Brave's business model, they don't actually care about the publishers.

The only recklessness in sight is your comment repeating a complete fabrication. We never "hijacked links". See https://news.ycombinator.com/item?id=25841456.

The Tor leak was already fixed in Brave Nightly when independently discovered. We were fixing as part of a HackerOne bug report, which per standard practice is not disclosed until patched in all releases. The mistake there was not forgetting to disclose, it was not airlifting the fix into Brave Stable and intermediate releases right away. We have already made process fixes; automated network leak testing is the biggest one.

If you don't like crypto-tokens, don't use them. They're optional in Brave. They have no privacy impact.

Cliqz’s Human Web used servers from FoxyProxy to remove IP address info. Will you continue to partner with FoxyProxy (as a matter of outsourcing the “trust us, we’re not tracking your IP”) component? If not FoxyProxy, then who — this 3rd party companies’ reputation matters.

We drop IP already when proxying a number of Google services, see https://github.com/brave/brave-browser/wiki/Deviations-from-....

We've used Fastly in the past to drop IP, implemented using VCL. I believe we're using other vendors now as well. Unlikely to use FoxyProxy but the idea is the same. We don't log IPs and don't let them get to us or to Google or other service providers, where possible.

If you are interested, https://brave.com/brave-private-cdn/ describes how we go to even more effort to avoid seeing fingerprints as well as identifiers including IP addresses.

Agreed. I just don’t see why I should not continue to use Firefox, Multi-Account Containers, and DuckDuckGo, and just use Tor Browser if I want to use TOR.

The whole crypto thing in Brave especially rubs me the wrong way, it feels like a Ponzi scheme.

It’s chrome with extra features, and not owned by Google. You don’t have to participate in their crypto nonsense, and you don’t have to use their TOR browser

It’s basically just convenient

You forgot one. Whitelisting cross-site trackers from sites like Facebook and Twitter.

All browsers allow those social widgets by default, because blocking them breaks too many pages. Brave is not alone in this regard. We're working on a better default that blocks but replaces with mock objects bundled with Brave's binary that activate the real widget on click. In the mean time, you can turn them off and risk broken pages via "Social media blocking" settings.

Also doesn't help that Brave's CEO is a right wing guy (asked to leave Mozilla because of his radical comments) and a COVID conspiracy theorist "masks don't do anything"

I'm not sure what the relevance of it either way. Even though he left Mozilla due to his public opposition to marriage-equality for same-sex couples, to connect that with his current company seems like a stretch.

And even being an anti-masker in the COVID19 context, however misguided that might be, isn't really related to the browser's functionality.

>I'm not sure what the relevance of it either way.

The subject of this sub-thread discussion is that it's about "Brave has a long way to go to build real trust." and so it's not limited to functionality, it's about trust. Therefore a leader who is seen to be "misguided" in some parts is relevant to trust in the project they lead.

I agree it's not relevant to functionality but this sub-thread is about trust which is more of softer issue.

Maybe some people just feel gross participating in a project to make this guy richer?

I can understand that. But while I disagree fundamentally with the Brave CEO's political stances on the aforementioned topics, I just don't see a strong connection between those and his product, which is politically neutral from a left/right perspective.

It's nothing like, for example, the clear connections between the political views of the execs/funders of Parler and Gab and their their products.

I agree, there are certainly heaps of odious people who have created great things in technology. And I don't even mind using these things if the creator is not making money off of them. (There's an open source project whose author says, on the project's webpage, that he dislikes the idea of anyone who doesn't embrace white nationalism using the software. I don't think he was joking.)

I suppose I'm reading JacobSuperslav's comment differently than you. You're reading them as saying (in response to a comment listing reasons not to trust Brave) "here are some additional reasons not to trust Brave", which you're saying doesn't follow. I agree that it doesn't follow, but I'm reading their comment as saying "Brave's untrustworthiness is one reason not to use it, but another reason why you might not want to use it is..."

In a free market, you can of course spend your money any way you like; if you think a company shouldn't ought to hire people you as a customer disapprove of, then you can boycott that company. But the fact that we're increasingly viewing corporations as responsible and sharing in the guilt of an employee's personal and political views worries me a great deal. It's like we're progressively losing the ability to compartmentalize, and to permit others to compartmentalize, and I think it's fundamentally threatening society's ability to function as a diverse collection of viewpoints.

> But the fact that we're increasingly viewing corporations as responsible and sharing in the guilt of an employee's personal and political views worries me a great deal.

For me it's sort of the other way around entirely. I don't view corporations as "responsible" or "sharing in the guilt", in fact I don't really see corporations as moral entities at all, except insofar as that's sometimes useful to persuade their CEOs to do things (e.g. not destroy the planet with pollution).

I don't know anything about Brave's corporate structure (and don't care to), so take the following as hypothetical. In any business, there are a number of people at the top trying to get rich. And that business will also employ any number of people who are not going to profit (e.g. janitors). I'm sure any business the size of Google employs a few racist janitors, it's just the law of large numbers. I don't "blame" Google for employing these people, nor does it dissuade me from doing business with them.

But when the person at the top running the company and directly profiting from it has terrible views, maybe I have a moral obligation not to give them my money, if that's possible. And if the board of directors of a company chooses to retain a CEO with deplorable views, maybe I have an obligation not to give them my money, either. So I think you can argue that someone has an obligation not to do business with Brave without saying that you blame the corporation as such. This goes double when the people are the top are funneling those profits into campaigns to deny people their rights.

At a high enough level of abstraction, a corporation is just a profit-creation engine. At a high enough level of abstraction, cancer is just a reproduction-oriented microbe. I suppose it doesn't make sense to blame either of them for what it does. Even so, I don't think it's right to aid them.

> society's ability to function as a diverse collection of viewpoints.

I worry about this too, quite a lot actually. But I think one requirement for society to have the ability to function as a diverse collection of viewpoints is that we collectively not tolerate people who have views antithetical to society functioning in that way. It's one thing to believe that it's wrong for gay people to be married: it's another thing to push for the state to prevent them from marrying.

I mean, and I believe that it's one thing to believe that it's wrong to push for the state to prevent gay people from marrying, but it's another entirely to push for companies to fire people who believe that.

I am in favor of gay marriage, but I believe society can survive without it. I'm not sure it can survive without political compartmentalization.

I guess you could call me a libertarian in that I believe that the first and best defense from government, corporate and mob tyranny is to just go somewhere else. The enforcement of mere majority moral beliefs on the entirety of society directly threatens that belief. You may say that's just democracy, but I disagree; I think majority rule is not quite the same. ("51% democracy", if you will.) The flourishing of a society and its peoples is maximized if locally contradictory views can exist simultaneously, preferably by a process of self-sorting. But such a process would, if moral fault is propagated along corporate and financial lines, either damage the economy by effectively decoupling large sections from each other (you see this in the right-wing news market, which has become almost totally disjunct from the left-wing news market, and the split is propagating across logistics lines), or else damage liberty by enforcing the most effective and motivating (!not! the most morally just) beliefs through chilling effects and monopoly positions. That's why I think the decision to support a corporation must be decoupled from the views of the employees, so that the political arena can be insulated from the economical one, allowing a connected economy at the same time as a diverse society.

The relevance is having a CEO that is not widely esteemed is terrible for PR. This is why Mozilla fired him

His politics are irrelevant to me. I use firefox 95% of the time but when websites just don't cooperate with it I'll use Brave as a chrome fill in.

> His politics are irrelevant to me

The fact that he is anti-science and happy to play fast and loose with other people's lives should give you a hint how he might run a company.

I don't feel that good about this.

The thing is that Cliqz was "majority-owned by Hubert Burda Media" [1], and that "The deal, terms undisclosed, makes Cliqz owner Hubert Burda Media a Brave shareholder." [2]

Doesn't Hubert Burda Media have a interest in removing ad-blocking technologies from the web? Couldn't partnering with Brave get them into a privileged position where they are capable of displaying ads and build user profiles?

[1] https://en.wikipedia.org/wiki/Cliqz [2] https://www.theregister.com/2021/03/03/brave_buys_a_search_e...

If so that makes sense as Brave is happy to show you "ethical ads” instead of the ads already on a page if you so choose and reward you and the original content creator(maybe) with their very own funny money.

When you sign up as a BAT publisher, you choose what currency to get paid in. It's just as easy to pick USD, and then it will auto-convert the BAT to dollars, and you would hardly even know it involves crypto. It's not some ponzi scheme.

But the amount of USD you get varies by BAT-USD exchange rate, e.g. you actually get paid in BAT, correct?

I must admit that I find this business model genius: replace website ads with your ads, pocket the revenue, and "pay" users in a self-issued cryptocurrency. Stealing ad revenue from websites while simultaneously doing an ICO.

That's correct. But advertisers bid in BAT too, so if the value drops, they would pay more nominally, and it would all balance out.

As a user, I prefer Brave's ads though. They're not actually on websites. And calling adblocking "stealing" seems like a bit of an exaggeration. Brave still pays out a larger share of their revenue to publishers than Google does. As a publisher, Brave's scheme seems fair to me too. The only one really hurt is Google.

I don’t dispute that you can get real money out the far end but even if you ignore the problematic aspects of crypto as a technology you still have to deal with the problematic aspects of it as a currency including rapid fluctuations in value and the time it takes to settle a transaction.

I guess that could a bit annoying at times, but ad revenue isn't some super precise amount. Price fluctuations should balance themselves out, and the minor settle time is not a big deal when you're typically paid monthly.

Excited that Brave is playing a pioneering role here with leveraging cryptocurrencies and distributed tech (including Web3) who's time, it looks like, will come. It helps that a Browser is close to a perfect environment from which to challenge the incumbents heavily dependent on ad revenues.

> Brave Search's index there will be informed the activities of participating Brave users, in terms of the URLs they search for or click on, and adjacent web resources that don't require extensive crawling.

This is quite similar to Amazon's now-defunct A9.com which, iirc, had some form of hybrid search engine that was built on search / ad results from Google and the data Amazon collected via the Alexa toolbar.

> The Brave Search team has written a paper explaining its use of the term, titled "GOGGLES: Democracy dies in darkness, and so does the Web." The browser upstart aims to replace the tyranny of Google's inscrutable, authoritative index with a multiverse of indices defined by anyone with the inclination to do so.

Again, very similar to WAIS. Has Eich been speaking to Brewster Kahle? :)

[0] https://en.wikipedia.org/wiki/A9.com#History

[1] https://en.wikipedia.org/wiki/Wide_area_information_server

No, I haven't been talking with Brewster. The Goggles paper is from the Tailcat team.

It's very exciting. So far Brave is not so popular in the cryptocurrency space compared to its peers. That will change I'm sure.

> Brave is not so popular in the cryptocurrency space compared to its peers.

KYC-hostage demands from a company that claims to be "privacy focused"...


You do understand it's based on regulation, right? That there is no way to do what they are doing legally without KYC for withdrawals? What exactly does your implying use of the word "hostage" mean? That you don't like the laws of the countries Brave is operating in?

I understand that's what they're claiming. If they were serious about their principles, like Lavabit, they would have simply discontinued the "custodial wallet service" that they claim is subject to anti-privacy regulation. Nobody is claiming that the Brave browser software itself is subject to any anti-privacy regulations. They wouldn't have to sacrifice their entire business on the altar of principles like Lavabit did -- they'd only have to sacrifice one feature.

But they don't have nearly the same level of integrity that Lavabit did.

And, of course, if they're exaggerating the "but but muh regulations" aspect, then none of the above applies.

I don't understand your criticism, it doesn't seem to make much sense.

They have done exactly what you are proposing, in that they don't require users to provide KYC to use the browser. KYC is only required to use an additional, optioal feature inside the browser. It works well without any private information, and it even allows some wallet features like redistributing your tokens to content creators you like.

> They have done exactly what you are proposing,


They haven't done this:

> like Lavabit, they would have simply discontinued the "custodial wallet service" that they claim is subject to anti-privacy regulation

> Brave Search's index there will be informed the activities of participating Brave users, in terms of the URLs they search for or click on, and adjacent web resources that don't require extensive crawling.

> Brave also envisions users taking a more active role in their search results through a filtering mechanism.

"It allows different groups to run their own sort of Turing complete filter rules, sort of like ad blocking rules in the search service and not in the browser, to have a community moderated view of the global index," he [Brendan Eich, Brave founder] explained. "It's called 'Goggles.'"

I'd love to be able to filter out, for instance, pinterest.

I'd actually pay nominal amounts of money for a search service that had my interests in mind; as opposed to advertisers and thought police.

Shameless plug, but I've been working on a project [0] that does exactly this. Currently it just has a few filters I've created for myself and only supports web search (and a few !bang like re-directs), but I'm working on implementing user accounts that will be able to create their own filters.

[0] https://hadal.io

Pretty cool. It filters by URL?

Yup, that's exactly it. I've found that there are certain websites that I have basically no interest in seeing. Eventually I might incorporate more granularity to get sub-domains or something like that, but for now it's just whole websites based on URL.

I was pretty sure that it could be done in Google with operators in the search box (going back a few years), but I don't use Google any more and one reason I stopped was that it kept incrementally degrading the ability to refine individual searches manually. Anyhow, I just did a DDG search and came across this [1], which looks interesting for your use case (although that Pinterest is mentioned is a coincidence). I've not tried it out, so I can't recommend, comment or anything.

[1] https://www.techsupportalert.com/content/how-remove-pinteres...

Me too — most image searches need a "-pinterest" term added.

Add to uBlock Origin 'My Filters' Section :)

> and thought police

Copyright interests pay large cash to make sure you know is truly best for you. You could show a little gratitude.

Indeed. I'll keep that in mind.

You can just add -site:pinterest.com in DuckDuckGo. I think you can do the same in Google.

I'm well aware of the various search flags. I can also think of at least 10 domains I'd like to permanently obviate from every search. Adding flags for all of these every time is unwieldy. I have toyed with browser extensions to achieve this, but I quickly learned that using many of these flags will compromise search results. A good solution will require a search engine that anticipates this use case.

Turing incomplete. Thanks, will get a correction to the reporter.

Fixed. Thanks again.

Cliqz seemed like a very promising search engine [1], so I'm glad that they've found a new home where they can try again.

[1] https://web.archive.org/web/20200501194956/https://cliqz.com...

It really worked quite well, especially when compared against ddg. Fantastic that it will survive in some form and that the work was not for nothing.

"The service will, eventually, be available as a paid option..."

This is the future of services on the internet. The 'cult of free' should die off as people realize they don't want to be bought and sold like digital cattle.

I wonder if payment in BAT will be an option?

> payment in BAT

payment in Basic Attention Token... isn't that exactly how the Google, Facebook, Twitter, etc advertising business models work. BAT is basically a reward for watching adds right?

I like the idea of paying my content producers directly better, see for example https://coil.com. Cut out the middleman

It's an optional reward, and that is the key difference in my opinion.

Probably, but you'll probably have to KYC as well...

As long as your crusade against free doesn't impact our free public libraries, free healthcare, free education.

(All of which are not really free because we pay for them with taxes. )

I have been developing a simple mantra: Pay for stuff I use. Mostly software so far. As far as “free stuff” provided by the government, I feel there is a baseline that a government should provide, as that should be their purpose. Where that line is, and what services are provided is a source of intense debate. “Pay for stuff I use” is a great starting point, but hardly a hard and fast rule.

The SaaS project I'm working on won't have a free tier. We think it's unfair to make paying customers support free customers.

Does the customer on the $40 plan think it unfair he pays for more resources than the customer on the $20 plan?

That's different, they're both paying.

As a paying customer I don't care about customers on the free plan. I don't think anyone has time to consider such things.

Wouldn't you prefer to pay less?

If you're setting prices based on cost shouldn't the prices be astronomically higher during the first few years of the business?

Irrelevant. You're changing the subject.

Mozilla was sending your browser history to Cliqz in Germany. https://www.zdnet.com/article/firefox-tests-cliqz-engine-whi...

Mozilla never did such a thing. The browsing history was never sent in any shape or form. As the journalistic article you quote states, Mozilla put in place the HumanWeb[1,2,3], which was a privacy preserving data collection which ensured record-unlinkability, hence no session or history. Anonymity was guaranteed and the framework was extensively tested by privacy researchers from both Cliqz and Mozilla. Disclaimer: I worked at Cliqz.

[1]https://0x65.dev/blog/2019-12-02/is-data-collection-evil.htm... [2]https://0x65.dev/blog/2019-12-03/human-web-collecting-data-i... [3]https://0x65.dev/blog/2019-12-04/human-web-proxy-network-hpn...


> Users who receive a version of Firefox with Cliqz will have their browsing activity sent to Cliqz servers, including the URLs of pages they visit.

The chosen excerpt omits the fact that it is predicated on the HumanWeb. In the technical papers above there is a more precise description on what and how was collected. There was no user tracking, session or history being sent as all data points are anonymous and record-unlinkable by the receiver. The vague language, required for a general audience journal, certainly does not help.

Yup. As far as I'm concerned cliqz (and mozilla) completely lost my trust with that spyware.

Modified installers, randomly served to customers with no notification, opt-out by default, and sending full browser history to random servers is just too much for me to ever trust them that they have my privacy interests as their goal.

Glad to see more interest in privacy focused search, but why not just not contribute to something like duckduckgo that's already doing good work in that space?

Duck duck go simply proxies other search engines. While they have been gaining traffic, they will never be as good as google/bing etc.

Good privacy focused search requires novel innovations and a solid attempt to "solve" the problem rather than simply wrapping some other engine.

They should have some small team working on their own search engine. A handful of skilled programmers can accomplish a lot over a couple of years.

Do we know that they don't?

As many mentioned, DDG is Bing and Google under the hood. That being said, DDG is great and I’m very thankful it exists.

Shameless Plug: I’m involved in a project called Private Search [1], and we are always interested in partnerships with browsers. Feel free to contact me directly. My email is in my profile!

[1] https://private.sh

DDG is the wolf disguised as the sheep. If you consider the vast possibilities a company is able to trace you over the internets it's largely irrelevant where are you coming from, as long as you hop once over a server operated by BigCorp.

And in the case of DDG the results come from Bing. From the rain in the eaves.

Or better to https://yacy.net or SearX.

Because DDG merely uses Google and so under the covers.

Plus, we don't know DDG respects privacy, it's just some generic statement they make.

As generic as Brave's then. What's your point?

That both are worth ziltch.

I believe it's a legally binding statement. Which is not as good as a mathematical proof, but better than nothing.

Afaik it's Bing?

There was this wonderful podcast featuring Eich a few days ago:

"Brendan Eich: JavaScript, Firefox, Mozilla, and Brave"


There was quite a discussion on HN about the podcast joined by Brendan Eich himself:


I keep waiting for Apple to introduce their own search engine. They are already pushing on the privacy angle, so it would seem to make logical sense to dump Google and have their own search engine. I think switching the iPhone/Safari search engine to their own search would be devastating to Google.

Basically, they would be doing a similar strategy that Microsoft used against Netscape. As I remember it, in the MSFT/Netscape case, they gave away IE and the web server, crippling Netscape's ability to make money. MSFT didn't have to make money off either as they made money off the OS.

In this case, ads are the core of Google revenue. Apple, however, doesn't need to care about that (yes, it would be a loss in revenue). So they dump Google and Google loses a major source of revenue and data.

Obviously there would be some anti-trust issues - I assume that's what is holding them back.

If making a search engine like Google was easy to do Apple, Microsoft or Amazon would have done it long ago. Of any of these Apple is the worst position to do it since they don't have the same scale of infrastructure as the others.

>If making a search engine like Google was easy to do Apple, Microsoft or Amazon would have done it long ago.

Microsoft did: https://www.bing.com/.

Doesn't Microsoft already have Bing?

Using brave for more than a year now on my phone I sometimes forget how terrible mobile browsing is for most people. The only thing that reminds me is when I sometimes open a website in Chrome.

If the trend of paid search engines or browsers start I am buying. Ads and tracking are cancer of modern life. It's literally offering free stuff to make your life worse in exchange. It's "I will give you this item if you let me punch you in the face" kind of deal.

I can't wait to support a company that collects money for their software and uses part of it to fight the cancer.

can we trust brave? They have become too shady in my opinion like inserting referral etc?

I tried brave a year ago because I heard good things. I stopped using it within a month. The cryptocurrency and referral stuff told me all I needed to know: their motives are not aligned with the user. If you let your monetization strategy alienate your users then you won’t be getting far. Early adopters need clear messages of trust.

When the messaging is “we’re desperate for money” and I don’t trust you, why would I expect you to value my privacy? I won’t be trying brave again until they at least try to address this.

Seems to me that you're a small minority, and that most Brave users feel that the company IS aligned with them. The cryptocurrency was a key aspect for early user adoption, and the referral stuff is something that I only ever see mentioned on HN by clearly-biased commenters.

The messaging is not 'we're desperate for money', it's 'we're not funded by selling our users' personal data and are working to make a browser product that can self-sustain', something that, as of now, no other browser has been able to do.

When someone flags legitimate concerns you can’t dismiss them with them being “clearly biased” and saying “most people don’t feel that way”.

When I ask, “why should I trust brave?”, the response I get is biased gaslighting. I guess that means I shouldn’t trust them.

The amount in which I've experienced this exact scenario on Hacker News is quite disheartening.

When I provided a cite wherein Brave was caught whitelisting trackers, I was responded to with basically "those who are so quick to criticize Brave" don't give the same scrutiny to other browsers. Whelp, other browsers don't position themselves as the Privacy King like Brave and its adherents do.

Whataboutism isn't a defense.

Your description of it being gaslighting is very apt.

And why is it whitelisting them?

Does Firefox/Mozilla sell users' personal data? They claim not to.

User data mostly has short shelf life so what happens is API renting, not selling. That's what Google does via its ad exchange, which is fed by many signals but notably by search. Search ads also make Google the most money, but all their businesses use a single ad exchange.

Firefox has a default search deal with Google that makes most of their revenue. So does Safari (edit: the Safari deal of course does not make most of Apple's revenue, but it is rumored to be big, multiple $B/yr). These are how personal data flows to Google for big money back. (Chrome is worse: if you log into a Google account in any tab, then unless you opt out via your account settings, your navigation is tracked by the mothership.)

Brave doesn't have such a Google deal, and Brave Search won't collect personal or re-identifiable data.

Not sure, I don't use Firefox. I'd assume they don't, given that a lot of the privacy ethics in Brave carried over from Mozilla.

I personally trust Firefox way more than Brave.

What is the referral stuff? The crypto is optional.

They got caught with the fingers in the cookie jar and quickly backtracked:

"Brave Software's co-founder and CEO, Brendan Eich, said on Twitter that he didn't believe there was anything wrong with injecting affiliate codes into web addresses. However, it seems the backlash worked, as Brave's developers are introducing a toggle for the suggestions, and the functionality will be disabled by default starting with the next stable release."


We fix bugs we didn't know about as soon as they're reported. To assert malice not stupidity needs more evidence, or else it's just based on your ill will. ICYMI, thread:


If it were a bug then why say it is fine? I'm not saying it wasn't but normally I don't see people calling something a bug and at the same time defending it?

The only defense from me was for refcoded keywords (all browsers do this).

As someone new to Brave, threads like this only increase my trust in Brave. Any comment negative about Brave is voted up here on HN, any comment in favour of it is voted down, and as soon as someone asks for evidence of Brave's negative behaviour, they backtrack and shift to a different argument or share something flimsy and intentionally misportrayed. At this point I'm not sure if it's intentional FUD or just some people's knee-jerk reaction to anything crypto-related (along with political biases), but I've learnt that criticism of Brave should never be taken at face value here.

Yes listening to the CEO who earn money from good pr is smarter than listening to smart people on HN. Try that life philosophy out elsewhere too.

Should we not fix bugs? As for “smart people”, if you are flattering yourself, give it a rest. I just replied to your misguided comment that we should switch engines and go out of business to fight Chromium monoculture. Not smart!

You never could trust Brave. Their business has been unethical since its founding.

People are so desperate to like Brave that they can't see the bad things. I wouldn't trust Brave, especially when there are better options like Mozilla that isn't part of the monolith that is Chrome. It's the new Internet Explorer no matter what skin you theme it with.

Mozilla depends almost entirely on Google for revenue. As Firefox loses share, it gets less. This looks likely to spiral down until a collapse of some sort. I was stunned to learn that Apple has hired 35 people (almost all engineers) from Mozilla over the last few years.

And when Firefox dies what do you think will happen to chromium? Suddenly APIs will be removed if needed by Brave or adblockers (already happening). Brave is helping keep chrome as the defacto standard, IE. helping nailing the coffin shut above Firefox. Brave is part of the problem, not the fix. The better Brave gets the worse it is.

Edit: Spelling.

Engine monoculture is a problem requiring deep pockets to fix. Servo was spun out but I don't think it has a single sponsor who will gut it through to market. Blaming us at Brave for not dying on this hill is deeply wrong. We don't have the funding or people to do it. You should save your ire for Mozilla, for mismanaging Firefox and Servo.

I doubt Google will mess more than they have with Chromium, with Microsoft, Samsung, and Opera (not to mention Yandex) all using it. This is the way evolutionary kernels work (see Constantine Dovrolis's work). Get over it, and stop blaming the little browsers!

I blame all browsers based on Google's work. No-one forces anyone to use blink in their product. I'm no fan of Mozilla either btw. But it's the best option we got.

If we switched engines, we’d fail. You say you care about Chromium/Blink monoculture but your advice to us, all else equal, makes it worse by cementing it via Chrome’s monopoly. Please reconsider.

I am really impressed with Brave team work, they are spearheading work that pushes web forward, kind of what Mozilla was supposed to do.

I really love ipfs work they did and completely ready that not everything will pan out.

Anyone building (or in this case, buying) a search engine takes a fight they cannot meaningfully make impact.

1. Privacy is a feature, not a platform. If the search engine cannot deliver better results than google or bing (a tall order) then there is no reason to use it no matter how private.

2. Google has a 20+ year head start and billions invested. You will not catch up playing the same game (eg - broad search). Google, for all its faults, is amazing technology. If you try to be a general search engine and compete I do not see a win.

3. Find another strategy, like BETTER search results within a niche. Curated by subject matter experts and enthusiasts.

4. Source your search results from trustworthy data sources. SEO has ruined search. Google setup the rules and the Black/Grey/Whitehat practitioners out-smartted them every step of the way. It is full of crappy data sources.

5. Curation, not scale is the key here. I don't see a win for Brave.

You said it yourself that SEO has ruined search. That’s a HUGE advantage for a smaller search engine. The seo people aren’t going to spend their time targeting a small search engine. And they definitely won’t target it at the risk of hurting their Google rankings

Exactly -- SEO is a non-starter if I get to curate what goes into the index in the first place. And for transparency-sake I would want to see what sites are indexed, as well as if any of them are "boosted" in rankings.

Goggles sounds cool at first, but it's very hard for me to imagine goggles that I'd be interested in actually using. Maybe clever people will come up with something awesome, but the fact that I can't come up with an example that I would want is a bit of an alarm bell.

Remove Pinterest results, remove Quora, remove blogspam...

What I want to see in a search engine is this: An array of customizable buttons that you can select to hint at the type of search that you are doing. News, Technical, Shopping. Especially one to filter out all shopping related results.

For example, if I want to learn about a country, I do not want any travel related stuff in my search results. On the other hand, if I am looking for ideas for my next holidays, throw all the flight, hotel, beach infos about that country at me that you have.

Or give me a button that limits my search result to stackoverflow and stackexchange. Their own search engine sucks ass, so i have to rely on google (using "site:stackoverflow.com").

Give me this and a decent search results, and you have a paying customer.

A way to compete with Google is to leverage user's search trails in the browser - by recording the click paths on Google (and other search engines).

Recording and intersecting search trails is covered by this patent:


The rationale is here:


Related: https://news.ycombinator.com/item?id=26328872

(I'm not sure if even duplicated)

Matching the accuracy of Google results will be a challenge. It's remarkable how (at least for the topics I tend to search for) good the results are compared to every alternative (Bing, DDG etc). I made a search tool that filters, modifies, resorts, and adds to results from Bing's API. I no longer use it, because the base Bing results (This applies to everything else I've tried too) aren't on the same level as Google's.

That's interesting cos on the few occassions I've accidentally used Google (e.g. when searching on someone else's device) I've been surprised by how bad Google is nowdays. I have the same experience when I set up a new device for myself. I'll be like "Wow these results are unusually bad... Oh wait this is Google, let's change the default search engine to DDG now. Let's try again, ah that's much better!" Pretty much the only Google property I still fall back onto every now and then is Maps but even there OSM is improving all the time.

i find that google drive me towards certain websites. This ruins my user experience. They also omit many websites.

After a long period of relative dominance by a single provider, there’s recently been a lot of interesting things happening in the search space. Specifically around privacy, there are multiple projects and companies working to offer us control how (and whether) our search activity is captured and monetized. But there’s no such thing as a free lunch — companies providing search services need to monetize SOMEHOW, and I think that’s the key thing to pay attention to when evaluating new services.

Brave’s approach seems to be to straddle the line a bit between free and paid — the article says there will be an option to pay for a completely ad-free version of the Brave Search service, while also having a free option that is ad supported (albeit via the unique BAT model).

It’s exciting to see these types of services starting to become available. Competition and user choice in search is a good thing for everyone involved.

Disclaimer: I work at Neeva[1], a subscription based never-any-ads search engine. These opinions are my own.

[1] https://www.neeva.com

I don't know much about Brave - What is their position on censorship (other than instances when it is legally required)?

Likely the same as Google, no policy on censorship until they feel like censoring something.

The Register article mentions it in passing, pointing to the "Goggles" paper [1] that Brave has published. But the Brave paper actually gives no more information than that quoted in the article; it seems not to address its stance on censorship, but merely to pass the buck in the Goggles use case:

There will be Goggles created by creationists, anti-vaccination sup- porters or flat-earthers. However, the biases will be explicit, and therefore, the choice is a conscious one. We do not anticipate any need for censorship in the context of Goggles. Clearly illegal and sensitive content like child pornography or extreme violence should already be filtered out by the host search engine at the index layer. Consequently, such content should not be surfaced by any Goggle.

[1] https://drive.google.com/file/d/1-B3ZvHpbnxsT2OdnUH8vS3-tvTv...

Love the audacity of building back better multiple dimensions of our internet experience.


> end the debate about search engine bias by turning search result output over to a community-run filtering system called Goggles

Not sure why something "community-run" would automatically/necessarily solve bias... So looking forward to deeper thinking by the Brave team.

Brendan Eich is doing some very important work. I hope this succeeds!

Looks like Brendan is, in a sense, in the process of cloning Google, only in reverse order: browser, ads, and now search!

Dismantling the shit one turd at a time.

Why are people so hesitant of sharing their browsing information? I think it's physiological. I'm happy that there're algorithms that analyze my behavior. Google doesn't identify me personally, it just sees me as a behavioral pattern. But it's nice to have alternative approaches.

Quote: " If you don't market it, you can lose to somebody who just puts privacy perfume on a pig and tells you it smells great and tastes delicious."

Well, pigs are tasty in the first place. Secondly, this plays on the assumption that pigs are filthy animals, which is very wrong. They like water, they like to get wet precisely because they like to be clean from parasites on skin. The fact that they do this in mud is because how humans are raising them in small filthy enclave. Given the choice, pigs will go and bathe in clean water, not mud. Or go ask any hunter to tell if they saw wild boars that are full of mud instead of actually being clean.

Do you think the BAT idea will turn out to be a better system in the end ? in a socially good way, people who want to contribute to society will have better data/incentives and users will have a less crowded time online.

Are there any brave users out there? no pun. I use ff with DDG on PC and safari with DDG on ios. Never understood the reason for a move. The ad rewards was just too much information for me, from brave.

See https://brave.com/transparency for our growth to date and other stats.

The ad system is off by default, AKA opt-in. Did you hear otherwise?

I've recently moved to Brave because of their addition of IPS (which I see as an interesting technology). I've been really happy with Brave - especially on Mobile which feel way snappier.

Also not having to install a 3rd pary ad blocker (uBlock Origin) makes me feel more comfortable. Firefox should ship with a good ad blocker - it does not.

I've not played around with BAT yet - it's on my TODO list.

Brave seems to be pushing the boundaries more than other browsers, and it'll be interesting to watch where things go.

Obv meant IPFS

Switched to Brave about 6 months ago on macOS, iOS, Android, and Windows. Very happy with it.

The Cliqz Tech blog : https://0x65.dev contains many informations about how their constructed their private search engine

It's worth mentioning that Brave is also a browser which was silently replacing links in webpages for their affilate links to make a profit: https://decrypt.co/31522/crypto-brave-browser-redirect

I don't trust their promises.

For whatever reason, this never bothered me. The service wasn't any worse for it, I didn't really feel taken advantage of... technically they were part of how I might have gotten to one of those links.

I guess there's the loss in privacy where it's known what browser I use, but that's not the kind of privacy loss that worries me.

They've got to pay the bills somehow, and while they should have been more up-front about doing it this way, and it is a breach of trust, it still landed in the realm of "reasonable asking for forgiveness" to me.

> I don't trust their promises.

Maybe I'm just not seeing which promise it was that was broken so badly.

> Maybe I'm just not seeing which promise it was that was broken so badly.

The unspoken promise that web browsers should be impartial user agents that render the content as its authors intended, rather than man-in-the-middle agents that modify the content as they see fit.

The fact this change also benefitted Brave authors directly is an additional breach of trust.

Inexcusable in my opinion, and with the other shady cryptocurrency dealings mentioned in a sibling comment, it's enough for me to never want to use their browser or anything associated with them.

I appreciate they're trying to change the status quo of how the web works and is monetized today, but they started on the wrong foot and their reputation is forever tarnished in my eyes.

- It alters the content that is served to you. It violates the expectation that your browser is a neutral agent.

- It monetises the content created by other people. As someone who lives off the content I create, I'd take offence to that, particularly if it changes already monetised links.

> "...silently replacing links in webpages..."

That's incorrect. Brave added a feature to the browser which would list Affiliate Links, if any, in pre-search UI. As the user typed something into the address-bar (e.g. 'Bitcoin'), Brave (the browser) would check local data to see if there were any relevant affiliate links. If it found one, it would enumerate it among the other search suggestions in the address-bar dropdown.

Note, affiliate links were not inserted into pages. Links on pages were not modified. Requests en-route were not re-routed. There were many ways people described this feature; most of them were incorrect. So what was the problem?

Our implementation of this feature had a mistake; it matched against fully-qualified URLs. As such, if you typed 'binance.us' into your address bar, and Brave had an affiliate code for that domain (which would be visibly shown before the user navigates), the browser sent you to the affiliate link instead of the non-affiliate link.

When this issue was brought to our attention, we confirmed the (undesired) behavior, owned the mistake, fixed the issue, and confirmed that no revenue would be made from that affiliate link. Mistakes do happen in software, and they will happen with Brave (try as we might to avoid them). What's important is that we moved quickly, fixed the issue, and maintained transparency.

Traffic attribution is not uncommon in browsers though; open Firefox and type something in your address bar. When you hit Enter, you'll find that Firefox adds a traffic-attribution token to the URL too (although they do this only after the request is being issued; Brave showed the token before navigation).

I hope this helps provide a bit of context to a very misunderstood bug in Brave's past.

They did address it as an error on their part. [https://nakedsecurity.sophos.com/2020/06/09/brave-ceo-apolog...]

"An error in judgment". That's kind of like, I'm sorry we got caught. The fact they thought something this was a good idea at all is telling.

No, it was a bug, the refcode was supposed to go only on keywords (as all browsers do).

And contrary to upthread, we never "replaced links in web pages".

That's not true. It was never replacing links in webpages. It was redirecting if you typed the URL. Which, I would honestly be okay with. It's at no cost to me, and I understand Brave needs to make money. I could see how Binance would be upset, but not me myself. Virtually all browsers make money by search referrals, and I don't see how that would be different from my point-of-view. That seems extremely mild to me.

Also, when people got upset, Brave changed it too. It's not like they promised to never make money. I don't see that as a reason to trust Brave any less. It seems like a good influence on the web.

The fact that they raised money through ICO and issued coins on a dubious blockchain just compounds to the suspicion.

I am using Firefox and I trust Mozilla more than I trust Bravo.

Eich (Brave CEO) co-founded Mozilla, FYI

Sure, but it's probably a good thing he's not at Mozilla now, because he would have also pulled Firefox down the same path Brave has gone with micropayments using BATs, which isn't exactly uncontroversial.

See the Tom Scott and BAT incident. Kinda shady how it was handled.

It might be controversial, but I still think Mozilla would be in a better place today if Eich was still in charge.

The entire development team would have walked if he stayed. Nobody wants to work with someone who hasn't done anything technically relevant in 30 years and can't seem to stop pushing his far-right views in places where they are irrelevant.

Just a few weeks ago he went on an anti-Fauci and anti-mask conspiracy rant in the thread about him appearing on Lex Fridman's podcast, when nobody was even discussing politics.

The entire development team would not have walked. I know this because many told me, and even sent letters and cards after I left. But such a claim is false on its face: people do not all act in unison in such a circumstance.

Your second paragraph is easily disproven. I didn't bring up Fauci, someone else did to derail the discussion about my conversation with Lex:


That derailing comment is flagged and now dead.

I've flagged your comment here, it is either dishonest or else just sloppily malicious in the wishful thinking mode with which you led in the first sentence.

Mind that there also is a reason why Brendan Eich is no longer at Mozilla.


And Larry Sanger co-founded Wikipedia, doesn't mean we should trust him.

Bernie Madoff was also a philanthropist.

Firefox sends telemetry to Google servers: https://threadreaderapp.com/thread/1165858896176660480.html

For the love of BOb, we desperately need a search engine that obeys booleans (DDG doesn't) and isn't Google. Please let this be it.

Competing with Google is going to be difficult. I have a question: What is the consensus on forwarding any search "terms" to Google and then "scraping" the results back into the user - sort of a "proxy" search.

I mean - Google built their business on searching the internet, why can't there be a business that starts by searching Google?

Forget Google, how are they gonna compete with DDG who has the "privacy conscious" market niche pretty well covered. That seems to be their main competitor here.

Having a semi-popular browser where they can set the default search engine would normally help, but if it's not free, I don't see why anyone would pay when, again, DDG does the same thing for free.

Let alone the rumors of Apple wanting to make its own search engine...

Their own browser's users would probably just end up paying in their BAT tokens or be able to use it for free, as long as they have ad rewards program enabled in the browser.

Even if it turns out to be better, my question is how are they practically going to onboard users like me (and the people I know.) Like I might try it out of curiosity because I saw it here on HN but I really doubt a lot of people care. DDG works fine for them.

Good point. It’s the DOS (Windows) vs Unix/Linux argument in a way.

You mean like Startpage?

> What is the consensus on forwarding any search "terms" to Google and then "scraping" the results back into the user - sort of a "proxy" search.

Isn't this what DuckDuckGo does but with Bing?

My understanding is that “DDG” have their own “web crawler”?

What I understand from your reply is that they don’t?

So if I search on Bing for a specific keyword, I will get the same results from DDG.

What about misspelled words? I have used DDG before.. for about two weeks. They offer poor suggestions for my misspelling.

What I’m suggesting is using Google results even after misspellings. What are the laws on scraping Google for suggestions/misspellings?

How do you continue once you are big enough to be a threat to Google?

Brave is still based on Chromium, and Google is the opposite of "no tracking, no profiling".

I'll stick to Firefox + DDG, thanks.

Are you worried about tracking in the Chromium code? If so please see https://github.com/brave/brave-browser/wiki/Deviations-from-....

Otherwise if you are worried about engine monoculture, please see https://news.ycombinator.com/item?id=26337402.

If neither of these is the issue, what is?

Glad someone is pursuing this model. I am doing well enough that its absolutely worth it to me to pay my way out of the “proliferation of personal data” game.

Thinking on it I had an amusing thought: I wonder if there will ever be a google premium :) All tracking, no ads.

“What if we could give customers a button. They’d press it at the end of the year and it would automagically file their taxes for them.”

This is exactly how it works in Chile, you pretty much check the numbers and make sure they match with your figures and done. For free.

Are you posting in the right thread?

I use BRave exclusively on both my machines and my mobile devices.

I have one request within brave:

I want "Use Profiles" a switchable profile that states what I am using Brave for - and session states.

So let me explain:

1. I am using brave to do personal browsing at home and thus my 30 open tabs are related to my personal browsing etc.

A cool way of implementing this would be instead of CTRL+SHIFT+N would be CTRL+SHIFT+N[1-9] to shift to VIEW and would take me to that tab-stack... and there would be a page that would allow me to manage each tab-stack around [TOPIC] - Meta Book marks...

2. Educational tabs (bookmarks) associated with learning something - so I want tab grouping/session grouping around the resources I read for learning a topic

3. Work topics - so a group of resources related to work.

4. To sum up the above, basically VIEWS that I can dictate what bookmarks, sites, resources, etc relate to which view.

Kind of like multiple desktops - I want sep viewing environs that allow me to group, classify and segment knowledge tunnels... and overlap them as desired.

Love Brave.

I use 1tab for this. works in Brave and Chrome

The Brave browser already has tracking itself, so even if the search engine doesn't..

The browser does not track users. What have you seen to suggest otherwise? Any data? It's fairly trivial to examine the network activity of a browser, as Leith has done at https://www.scss.tcd.ie/Doug.Leith/pubs/browser_privacy.pdf, and determine to what degree (if at all) it is tracking a user.

I would love a search engine that searched mainly only Stack Overflow, Stack Exchange, Twitter, Flickr, and Reddit.

Google results are currently awful, full of blogspam and Pinterest-mirrored images. I don't remember when this changed.

A search funnel would be an interesting thing (does this exist?) whereby you whitelist "only give me results from these resources" - and where 'resources' can include the whitelists of others that you trust or have subscribed to.

Basically you could have a search engine that only replies with information from whom are also of the same interest as you - or people you congenially follow etc...

So you could say " show me everything about X" and the results are only from those who are actually connected to X in some way - based on the interest subscription graph as opposed to a keyword graph...

I may be a moron on this subject - but I do recog that there is room for improvement...

I added the following to a previous comment:

*"A cool way of implementing this would be instead of CTRL+SHIFT+N would be CTRL+SHIFT+N[1-9] to shift to VIEW and would take me to that tab-stack... and there would be a page that would allow me to manage each tab-stack around [TOPIC] - Meta Book marks..."*

I mean, you can search only those sites with Google.

Just add:

  (site:stackoverflow.com OR site:superuser.com OR site:serverfault.com OR site:stackexchange.com OR site:twitter.com OR site:flickr.com OR site:reddit.com)
You could make your browser do that automatically.




I'd rather give my business to a search engine with good defaults.

And I don't want only those big sites. I'd also like to see authored blogs, traditional forums, national newspapers, various wikis, etc.

Fair enough. I was just giving the option if you didn't know, but I actually feel the exact same.

Cliqz? Wasn’t that the company behind that Firefox scandal with the Mr. Robot ads?

I am good with ecosia.org ;-)

I hope it will be able to find relevant results like google did last decade.

I think without profiling search results would be worse.

Searching for "cucumber" means something very different to me and my dad for instance. Without profiling both of us get worse results.

Headline two years from now: “Brave apologizes for breaking their promise on search and tracking users anyways. Promises to do better.”

I still don’t understand basic attention token, but I know people that do understand it and I support them!

Instead of showing ads on websites, Brave blocks them and has an option to show you ads from the browser itself. If you elect to see these ads, it will pay the revenue from the ads to the websites you use or designate. It uses a cryptocurrency called BAT as the medium of transferring funds.

I wish them the best of luck. DuckDuckGo is my go to, but it leaves a lot to be desired.

> DuckDuckGo is my go to, but it leaves a lot to be desired

I have a fantasy where a lone basement nerd storms DDG HQ and teaches them about quotes at gunpoint.

They won’t be alone, I’m coming with them :(

That also my reaction when reading the title.

More than a privacy focus search engine I want a equally good search engine as Google. Google has some defects but it's by far better than the competition.

It's good to see more competition in the search space, but I have to wonder: is Search really still the golden goose at Google? Between Android, Chrome, and YouTube, Google seems to have all the profiling data and all the eyeballs it could ever ask for. How wrong am I?

Yes I believe search produces the lion's share of revenue for the company still. But yeah, all of their products/services work together to build a comprehensive dataset about the user.

> The Brave Search team acknowledges that not all filters will show results that are agreeable to everyone. "There will be Goggles created by creationists, anti-vaccination supporters or flat-earthers," the paper says. "However, the biases will be explicit, and therefore, the choice is a conscious one."

What could possibly go wrong?

Brave has earned the trust and respect of the community by fixing several high profile bugs. They have also dinged themselves by pushing their crypto ad system. How will this pan out?

"We'll see" said the zen master.

The crypto ad system is their best feature. You get browser ads instead of website specific ads and so any website can get money simply from users using brave. Also you can choose which websites get some of your specific ad money. It feels more like the money being made off of you is also being spent by you. Taking power away from big tech.

I feel that ads are a terrible way to pay for stuff. I think the future is paying for stuff I use, directly.

I think one issue with this is you would probably have to identify yourself. Many companies would only offer credit card / paypal to pay for the stuff you use. With BAT (or an alternative) you can pay without identifying yourself (more than say IP).

I mean who does like ads but if you do get ads, wouldn’t you prefer you choose who profits from them

I see the industry moving away from ad based services. We’ve known for awhile it’s a terrible transfer of value.

Excited to see how long it takes for them to be outed on yet another controversy, say it was "accidental" and rollback on this new service. Their MO is pretty clear at this point.

@Brendan, well done! There's some way to go but I like the direction you took, in particular the concept of "goggles". When will you release the first beta?

And hence no profit?


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact