Hacker News new | past | comments | ask | show | jobs | submit login
Brave buys a search engine, promises no tracking, no profiling (theregister.com)
931 points by samizdis 38 days ago | hide | past | favorite | 411 comments



"The service will, eventually, be available as a paid option..."

How my viewpoint has shifted over the years. 10-20 years ago this would have instantly turned me off, but now this is the most exciting line in the entire thing to me. As long as we all expect free, we can't expect privacy.

@Brave team, who I rather expect will be reading this, I can't believe that Cliqz doing tracking on me to improve its results for free will be in my interests if it's free. But if I'm a paying customer, you might be able to convince me that you're doing some semi-invasive tracking but not actually selling it to anyone, because it wouldn't be worth losing me as a customer.

I'm actually excited about the idea of a search engine that I pay for. Been waiting for DDG to do it but last I knew there's still no option there.


Simply paying for a service doesn’t remove the economic incentive for the service provider to add tracking. It will always be more profitable to track users, except in cases like DDG or Brave that stake their reputation on privacy. For instance, I pay for groceries, yet my grocery store tracks my purchases and sells that information. We can’t rely on the market to protect our privacy. Government regulation is needed.


It is necessary, but not sufficient. But you are correct. This is part of why I phrased this in terms of my belief, rather than absolute truth. There's no way to convince me you aren't tracking if it's free. If it is not free, and significantly larger in magnitude than the virtue of tracking, then you at least stand a chance of convincing me.

Grocery stores track you because they can use it to analyze and increase sales, a fairly direct benefit that is difficult to "compete" with as a consumer. Internet companies use it to sell you ads, which is pretty much just about the money, barring exciting conspiracy theories. We can put a decent number on how much money that is, and it really isn't that much money. Facebook makes on the order of $20-40 per year in revenue from a user [1], and the nature of the business is they do better per user than most other people. For something like Cliqz we could easily be "competing" with a revenue of less than $1/year/user, at which point the business case of that extra dollar vs. the catastrophic loss in business if they get caught is a plausible set of incentives I can believe for them to not do it. Not proof, but plausible.

[1]: https://news.ycombinator.com/item?id=19462402


Grocery stores do not just use the data internally but also sell their Point of Sale data to third parties that analyze it and then sell their analysis to anyone willing to pay for it (mostly that is CPG companies). Point is: it isn't necessarily a direct benefit to the end customer.


I have never looked this up, but anytime I'm checking out at a brick and mortar store, I'm asked, casually, "Phone number?" Or "Zip code?" As if thats information that is necessary to check out. My response is always, politely, "you don't need that information." It annoys my wife because she thinks I'm being rude, but frankly the question I'm being asked is uncouth. Would you ask a stranger how many children they have or what time they get off work? Not unless you had some intention to use that information!


I hope you realize that grocery stores track you in other ways than just your zip code or phone number [1]. You have a beacon in your pocket that is always searching for SSIDs or Bluetooth IDs, which is more than enough to uniquely ID you. You can combine that with facial rec now and link a face, sex and estimated age to the SSID combo. Who names their phone “<Your name>’s iPhone”? They can get your name too.

If you truly wanted to be paranoid, set your device to airplane mode (don’t forget your smartwatch or wallet Tile), cover your face (this shouldn’t be hard these days) and only then venture into a store. Oh, and pay your groceries with cash.

[1] This article is from 8 years ago, so just imagine how far we came from that time: https://lifehacker.com/how-retail-stores-track-you-using-you...


I actually requested a card at Safeway (wanted for convenience, not privacy), but apparently they are not giving those out anymore. You have to give them your phone number or else accept the additional costs for your food and lack of benefits at the gas station.

The rewards card is a much better model in my opinion because while it gives them quite a bit of data, it does provide some anonymity. I'm sure it is possible to reconstruct from that data who I am (i.e. convert it into direct PII like name and address), but that at least takes a lot more effort and processing than if they have my phone number.

Most people are ok giving up SOME privacy for the sake of convenience/cost savings. I doubt most people are truly willing to give up all privacy for said benefits once they understand what they are actually giving up.


The typical model that I'm familiar with on those rewards cards is that they just ask for that same info for you to get the card in the first place, so it's of basically no benefit privacy-wise. I suppose this can differ from place to place, and you could always supply a different number or one not strongly linked to you, I guess.


Is there anything stopping you from getting a card for 555-867-5309?

They need a phone number. I've never heard of any store actually trying to use it to contact you.

PS: If you ask nicely the cashier will almost always punch in a working number for you. They want the reward points.


Not at most places and often times that number will have a large reward points pool already built up because others are also using it to avoid giving out their number.


You use your reward card when paying with a credit card? Or have you only ever paid cash?

Because if you have, your reward card has probably already been linked to your credit card, phone number, email, etc. by now.


That at least takes extra processing and data sets. I think that does matter as far as privacy is concerned. We tend to think of privacy and security as all or nothing, but it really doesn't have to be that way and may be impossible to achieve if you go down that route.


Rewards cards offer zero anonymity. Their entire purpose is to keep track of your purchase activity so you can be profiled by data brokers.


Just say "no thanks" and you get the same result while sounding less rude.


> It annoys my wife because she thinks I'm being rude

You are being rude. The innocent cashier is forced to ask you that question and has no power to change the rules. Why not be polite to them? If you really want to change things, try asking to speak to the manager (after you're done checking out, of course!).


> You are being rude. The innocent cashier is forced to ask you that question and has no power to change the rules.

Then the person being rude is the person forcing the cashier to do this. The customer should push back, so the cashier can push back.


Both are rude.

The cashier and customer should both realize that neither of them want to do this, and be polite about it.

The cashier has to do that all day, every day though, so I feel like they get a pass.


If you push back, nothing happens to you.

If the cashier pushes back, they may be punished (up to and including getting fired — there's more competition for cashier-level jobs than you think).


How is not giving personal information rude? He is just telling them the truth that they don't need that information which is correct. If a cashier were to ask you your bra size would you be okay with it? Why is it okay to ask for phone number which will give you all that and more.


politeness and truth are orthogonal concepts. You can be both right and rude. Watching the Big Bang Theory can provide a feel for this.

you can be both honest and polite.

Politeness is also relative to whom you are speaking to.


Just poison the data.

Phone number? 212 555 1212. (You could change to the local area code if you feel like it.)

ZIP code? 90210, in Beverly Hills, of course. Or 01234, which is Pittsfield, Massachusetts.


Local area code plus Jenny's number has worked everywhere I've ever tried


Smart. Years ago I registered the number 500-5000 everywhere I could in my neighborhood. Just from word of mouth, the number got so popular they banned it at the local grocery store!


Give the phone number and zip of the store asking for the information. This way if there is data leak it is theroretically possible to track who originally asked for the data. This self-reference trick can be done with email address as well. The idea is that, in the event of unwanted data sharing, the consumer needs some way to know where the personal data came from originally.


The problem is that this info is tied to warranty information sometimes.


for expensive purchases maybe that's important

for my weekly purchase of bread, bacon and ketchup it's definitely not


I don't know what I'd do without the feeling of security I get from my comprehensive ketchup warranty.


I had a massive ketchup blow-out recently. It took out my entire refrigerator. There was leftover lasagna and broken beer bottles everywhere.

I'm just glad I'd bought the extended warranty.


Agreed.


How do tourists react to those questions, or how does your wife react to stores not asking such questions in other countries?


> It is necessary, but not sufficient

Doesn't DDG contradict that?


DDG makes me nervous because I don’t actually understand their business model. Which isn’t to say they don’t have a well-known and viable one but I haven’t personally looked into it and as a result my gut feeling is that they are probably not an exception to this.

I use them anyway because they at least claim to be private and haven’t yet given me specific reason to doubt it. I probably should at some point take the time, though, to try to actually understand how they can viably exist in a way that isn’t going to succumb to the same corrupting incentives as google.


Their business model is simple:

- build a useable search engine

- show ads to users

User acquisition is based on word of mouth and a bit of guerrilla marketing: they are a search engine with decent quality that doesn't spy on you.

Not spying and not selling tracking data to others cost them some opportunities but gives them "free" users that would otherwise have stayed with Google.

The last few years Google has been busily lowering their quality so even if DDG haven't improved much they feel very close to Google these days. (Also, retrying in Google takes 2 seconds from DDG, while retrying in DDG after trying in Google first takes 15 seconds and more thinking.)


One of their core tenants (privacy) is unprofitable. There will be internal pressure to drop it.

Note how their predecessor, Google, started out lovable and quirky but then that facade crumbled under the weight of success.

I like DDG, I use DDG, I recommend DDG. And I don't even care about the privacy. All that matters to me is my search habits, emails and business-related-data are controlled by different entities.

But at some point I expect the privacy aspect of DDG will be a memory rather than a current talking point. The incentives are pretty simple.


When DDG does that we move on to the next option. It seems like the only way to not be eventually screwed over is to periodically move on from what you use.

This is why it's important to have replacements around. Particularly smaller and newer businesses that aren't yet interested in squeezing out every drop from you.


My worry with that business model is that people concerned about privacy enough to switch to DDG probably are really likely to use adblock


I use an ad blocker and DDG, but I still see ads when I search for something. The ads appear like Google search ads, but clearly labeled, so I doubt my ad blocker is going to be able to detect them without a feature to specifically target DDG.

I don't have a problem with those ads, since they're not overly intrusive, they're clearly labeled, and they're not targeted to me based on my personal information. Plus, DDG actually gives me the option to disable ads completely.

That's what "don't be evil" should look like.


Personally, I don’t mind an ad or two. It’s not ads, per se, that have me using an ad blocker... it’s the “bad UI impact of tons of ads and pop-ups” that keep me in ad block mode. When a site wants me to turn off the ad blocker and it doesn’t look insane, I’m happy to comply. Same with DDG.


If it ever leaked that DDG was tracking user data, they would lose their only competitive advantage and lose all their users


My worry is that if they ever achieved a dominant, Google-like position in the marketplace, that they would eventually lapse and go for greed. Even if the current DDG leadership is principled in this respect, companies go through turnover. Can't be evil > don't be evil.


If/when that happen the HN crowd should look at it as a business opportunity.

I can be an early customer.


Given that Google owns that position, and is being evil in order to maintain it, that is very, very unlikely. I'll stick with DDG and take that risk.


DDG lets you turn off their ads in their own settings, so I don't think they're worried about it.


DDG is registered as a Brave creator, so they can get some revenue from Brave users without ads.


As others have mentioned, they run ads — based on the search query of the page they appear on. They also (not unlike Brave) participate in affiliate programs. They get referral commissions when they funnel people to Amazon or eBay, whether through their shopping carousels or through !bangs.

> use them anyway because they at least claim to be private

Me too, at least there's probably some chance they get sued if they’re as terrible as Google. But

> haven’t yet given me specific reason to doubt it

I do doubt they’re as private as they could be, because they act a lot like I imagine a honeypot does, hide their source code, and have had serious past privacy problems in other products (https://news.ycombinator.com/item?id=23708166 ‘We’re not collecting your info, our servers are receiving it but just trust us we just throw it away’).


Don't they have ads? In reality, tracking doesn't do much when it specifically comes to search engine ads, since the user is literally giving you their intent in the search query itself. Tracking is more useful for showing ads as you browse the web in general. DDG can do effective search ads without any actual tracking, and that's their business model, which is very similar to Google Search.


DDG does have ads, but with a limited scope, your search patterns are only used for a limited time.


'tracking' is a broad term but websites do track what you click on and if you return to the search results and click another link after clicking on the first link - this indicates that the first link didn't give the searcher the correct answer they were looking for. Whether or not that's tracking is up to you. DDG also of course does tracking for security purposes - scraping their search results doesn't go over well unless you also have a financial stake in outwitting their anti-abuse stuff.


> 'tracking' is a broad term

Right, in this context though it's referring to users themselves being tracked. Tracking how well the results to a specific query did doesn't require any sort of user-specific data. You're just logging stats about the results themselves, not the user.


I'm not sure DDG can be considered an example of the default position in the search market.

Granted, OP didn't explicitly state they were discussing the most common behaviour in the market, but it remains a stretch to take them to be be stating a law that must be strictly true for any social construct that could be called a market.


Well, since the thing it is "necessary but not sufficient" for is me to be convinced you aren't tracking me, it does not. I use them as the best current alternative, but as I alluded to in my first comment, I'd be much more comfortable with them if I could give them some money.


But paying for a service connects your real world credit profile to this transaction. I feel privacy is already broken with the credit card companies selling this information.

When someone tracks you and you don't pay they will try to link your online activities and identify other activities online to tailor an ad to you.

I can confuse and lie to the second group but I can't hide from the first group.

Anything that requires you to pay by credit card means you are already being tracked. For privacy I'm against pay services.


I'm not worried about a company knowing I am their customer, with some name and credit card number.

I'm worried about them participating in the global privacy free for all where they sell my info everywhere and abusively correlate it with the info others have to learn things about me.

Search terms are a particularly rich source of this sort of thing.

I don't think "privacy" is much about keeping all info away from people, I think it's about the correlation. Keeping info away is a natural and sensible precaution in an environment of rampant correlation, but if that didn't exist I wouldn't need to resort to complete information starvation.

YMMV.


The credit card company is the one selling your relationships and purchase habits and they know exactly who you are and can connect you to everything else important in your life.


Services like Privacy.com offer single purpose credit cards which can help mitigate the linking of an account to a payment source.


Now you have to trust privacy.com and still worry about the others.


True, although it does shift some of the parties you need to trust. It’s not a perfect solution but, I think, it’s a good solution given what’s currently available. At least privacy.com is a central company which bases its reputation on privacy and as such has an incentive to avoid reputational harm.

“Don’t let perfect be the enemy of good”


What about Wikipedia? Do you consider the minimal logging they claim to do to be “user tracking” in the bad sense? Or do you think they’re doing more bad user tracking in secret?


Wikipedia is a special case for me because it's owned by a non-profit which has thoroughly proven it can sustain itself on donations and grants.



I'm sure reasonable people can disagree about how much money Wikipedia needs to raise and what projects are essential, but the main point stands.

Although, I'm not sure it's reasonable to call linear expense growth "cancerous".


The author of that certainly has a point, but the cancer analogy feels SO forced and is really off-putting.


Yeah… I almost didn't link it because of that.


That article doesn't seem to account for actual traffic growth.


Internet companies outside of the ad space also track you because they can use it to analyze and increase sales, much like grocery stores. They use it to inform product decisions by answering questions such as: Which features are our users using the most? Which features are the most profitable users using the most? How do we get more people to the end of the sales funnel? etc.

Are you ok with this kind of tracking? Genuinely asking... Personally I see it as "less bad" than straight up selling my data to another company, but I would still prefer companies didn't automatically track me at all, and instead relied on interviews with real users. Or at least make the tracking opt-in, Nielsen style.


I'm on the fence about this. From personal experience I'll nearly always opt-out just because I can. However I think this kind of user tracking is a better way to inform product decisions than user interviews.

Asking a user for their opinion about something doesn't generally provide as much valuable insight as monitoring their usage of a product.


I don't subscribe to magazines because if I subscribe to one, suddenly I'll get dozens of ads to subscribe to different magazines in the mail.

I'm not ok with that data being sold at all. I'm not signing up to receive advertisements


> We can’t rely on the market to protect our privacy.

You don't get from your first point to here.

The cause of the market failure is that once you give your data to someone, you can't know what they do with it. The solution is for them to never have it in the first place.

This has technical solutions. Your data stays on your device, not their servers, or if it is on their servers then it's encrypted. Don't do anything client-server that could be federated or P2P etc. Publish the source code.

This needs a business model. But "you pay money to fund development and then get software including source code that you run on your device" is a business model. If people want this they can have it. Go stuff cash into some open source projects by subscribing to their Patreon or Substack or whatever people are using now, and then use them.

The alternative doesn't actually solve the problem. You give your data to Google, the government says Google can't do X with it, but you still have no way to verify that they're not doing X because once they have your data, X happens entirely at Google where you have no way of observing it.

It also fails to protect against covert defections by both parties where the government gets all your data in exchange for looking the other way while the corporation does whatever they want with it too. You need to be able to prove that it's not happening, or it is.


Seems to me that depends on the kind of regulation. If it's just "trust the regulator to keep ahead of Google" than that's one thing. But we can add other constraints on top of that. E.g., we could require that Google's privacy-relevant code be open source, and that they must give you data all data related to you, such that individuals could audit things and prove or disprove that Google's behavior matches their claims.

Especially if we add bounties for catching Google's transgressions, I expect we could do quite well open-source, personalized regulation.


> E.g., we could require that Google's privacy-relevant code be open source, and that they must give you data all data related to you, such that individuals could audit things and prove or disprove that Google's behavior matches their claims.

What happens if they lie? They have the data, they give you the code that does the user-facing thing with the data, then they copy the data to some other system where some unspecified foreign subsidiary uses it for arbitrary nefarious purposes without telling anybody.

And as much as it might help to have a law requiring cloud services to publish all their source code so people can verify that they're doing at least that part of what they say they're doing, do you really expect that to be enacted?


I think the right regulatory fix depends a lot on which particular service we're talking about and what the threats are. But the general goal of mandatory transparency reporting is to minimize the size of the possible lie. And I think that works even better when individuals and civil society groups have the opportunity to verify that. E.g., look at how many companies have been caught hoovering up data thanks to individual investigators looking at app behavior.

I don't think a law requiring all code to be published would get passed. But key code for, say, personalization algorithms? That seems doable. Places like health departments, ag inspectors, and workplace safety agencies get to inspect the physical machinery of production all the time. No reason we can't start extending that in to the virtual realm. Companies won't be excited for it, but they might prefer it to some of the more heavy-handed proposals going around now. (E.g., section 230 reform, antitrust concerns.)


>Government regulation is needed.

Hopefully not the kind of regulation that puts a breaking burden on companies like Brave, while letting big tech do whatever they want after a token fine.


Agreed. Just look all other paid software, computer services, and even computing machines.

Microsoft charges you for a Windows license and still tracks you. I have little doubt Adobe, et al, are selling your data. Amazon surely makes money when I buy something from their site, but they track me anyway. Etc, etc.


Exactly. We could end up like cable television where we pay for the service and STILL get shown ads and in the Internet's case, tracked.


We already have enough regulations and we still have so much problems. For one thing, it is selective enforcement. Secondly, the penalty is peanut. If penalty is a percentage of total revenue, it will change the behavior of the executive of the tech giant. Add some jail time for repeating offenders is a good idea too.

Lastly, the reason why regulations don’t work is regulations is written by lobbyists here in the US. Guess who these lobbyists represented?


>> Simply paying for a service doesn’t remove the economic incentive for the service provider to add tracking.

No, but it can remove the necessity.

Some people can be satisfied with a business of X profitability, but once it goes public there is really no hope IMHO.


Agreed, however thats a poor example. Your purchases are tracked via loyalty programs, which you are compensated for with a reduced price on goods.


But, they hiked prices when the loyalty programs started in my area. At the very least, there’s a moral hazard of double dipping (charge normal margins for loyalty card users, double margins for everyone else).


You don't have access to the alternate universe where they didn't introduce a loyalty program to compare prices. Grocery prices go up naturally due to inflation so it's impossible to disentangle.

Groceries are also one of the most price sensitive items people buy and grocery stores run on incredibly thin margins so it's dubious to believe that a grocery story has much control over their pricing, independant of a loyalty card. If they could raise prices after the introduction of a card to increase total profits, why couldn't they have done it before then?

Far more likely is that they're using the extra revenue from the card to lower prices for you and gain market share from their competitors but the lower prices are swallowed up by general price increases.


People who don't sign up loyalty programs and other similar schemes have shown that they aren't price sensitive. They're the ideal segment to fleece via price discrimination.


I don't understand why that makes it a poor example?


The original comment I was referring to mentioned that paying for a service does not free you from tracking, and used groceries as an example. That is a poor example because you are being compensated for your opting in to tracking.

A better example would be something you pay for, and you’re still tracked with no compensation.

Does that answer your question?


Indeed. Nearly every cell carrier in the US was selling their customer's data. See:

https://www.zdnet.com/article/us-cell-carriers-selling-acces...


Simply paying for a service doesn’t remove the economic incentive for the service provider to add tracking.

In fact it does the opposite. People with a demonstrated willingness to pay for stuff are more lucrative to track.


The grocery store sells everything I buy to who, and is that information personally identifying? This seems insane that me buying a brand of toothpaste could be fed back into Google for more surveillance, but here we are.


Yep. That's why "loyalty cards" exist. Since they're not allowed to associate your purchases (or really any data) with your CC number to build a profile they give you a separate ID number that you key-in/scan when you buy things.

"Oh but you don't have to use your loyalty card."

Technically true but it's not "get a discount if you use your loyalty card" it's now "pay really inflated prices if you don't."


For what it's worth, I know people share loyalty cards across large groups to mess this up. Me, I just eat the cost. Developing a "I will not play your games" has been great. I know people who absolutely obsess over gamified consumption (e.g., airline miles) and I'm glad to have the brain space for things that matter.


I have to say I think loyalty cards are a distraction, why can’t they just track my via my card info/Apple Pay? I mean the thing is literally a kind of unique identifier...


This is already happening, only it's the credit card company doing the tracking and not to grocery store.


It certainly is if you use any kind of reward or "points" card .


Until the situation improves, maybe we can just pay cash for groceries?


Not sure I follow your logic. Targeted ads are profitable because consumers continue to use services that track and then target them.

If consumers didn't use these services because of such behavior, it would no longer be profitable to do so.

It's not the job of the market to protect your privacy, that's your job. Don't use a search engine that tracks you if you're worried about being tracked. It really is that simple.

As for guarantees about not being tracked, that's agreed upon in the ToS – so if the ToS says "we can track you however you want" (e.g. Googles) then don't use it. If it says "we won't track you" (DDG's) then do.


> Targeted ads are profitable because consumers continue to use services that track and then target them.

Demand based systems aren’t always a good measure. Human trafficking has demand and people use those services. And there’s a, sadly, large number of people who want and purchase if available. No it needs to be fought on the supply side by stopping traffickers and protecting trafficked.

Companies use targeted ads because they work and are available. Not because they are moral.


Pretty wild comparison.

Tracking is amoral, human trafficking is immoral.


They certainly aren’t equivalent by any means. But disproving GP’s point that targeted ads are used because people want them, therefore should be allowed.

Targeted ads and the data slurping involved is immoral to me. Not human trafficking bad, but probably as bad as working for coco cola.


I didn't say that people want them, merely that they are choosing to participate in the system. People being sex-trafficked are not, which is why it's an apples-to-orangutans comparison.


While the magnitude is different I think the relationships are similar.

I don’t choose to have my data included for targeted. Victims don’t choose to be trafficked. Marketers choose to buy ads using the data. Perverts choose to buy sex from victims.

Each has people choosing to use, and not choosing to be victims. Both have an intermediary selling the ads or the humans.


You are choosing to have you data included for targeting.

That is what you are agreeing to when you agree to the ToS.

There is no "victim" here, because you have agency.


I don’t think so. Aside from frequently being included into Google’s data by sites that use GoogleAnalytics without ever asking me anything, these TOS click throughs aren’t honest agreements as they are long and confusing and change over time.

Even if I never log in and go to Google.com without an account they are using data on me and I never clicked anything.

I don’t have agency to avoid Google collecting data on me unless I stop using the internet. Perhaps if I always use TOR or something.

And that’s me who works in this area day in and day out. “Average users” definitely don’t have agency and can’t be expected to give informed consent to these data collections.

In medical research before informed consent [0] was law, experiments would have “click through TOS” that patients would accept without understanding, often with some token offering.

I don’t think it’s accurate or fair to say that random users clicking through agreements in exchange for free services have agency.

[0] https://www.ama-assn.org/delivering-care/ethics/informed-con...


At least you can probably take them to court if you pay for the service and not being tracked but they still do.


Unless they have a carefully-worded Terms of Service and Privacy Policy.


I would assume it would be mediated.


Depends on the goal of the organization, really. For organizations that follow the current business dogma (maximize short-term profit/increase shareholder value) then yes, they always have an incentive to screw over whomever they can.

But that's not how everybody thinks. The Craigslist leaders, for example. From 2006: "She recounts how UBS analyst Ben Schachter wanted to know how Craigslist plans to maximize revenue. It doesn’t, Mr. Buckmaster replied (perhaps wondering how Mr. Schachter could possibly not already know this). 'That definitely is not part of the equation,' he said, according to MediaPost. 'It’s not part of the goal.'" [1]

I do agree that privacy regulation is necessary to set a floor, though. Since our current system over-rewards juicing short-term metrics, we have to compensate by blocking the worst of the exploitative behaviors.

[1] https://dealbook.nytimes.com/2006/12/08/craigslist-meets-the...


Craigslist is the exception, not the rule.


Did I give you some reason to think I was suggesting otherwise?


There was no tracking on Cliqz, nor it will be any in Brave. To know more about the underlying tech of Cliqz there are interesting posts at https://0x65.dev, some of them covering how signals are collected, data, but no tracking. I did work at Cliqz and now I work at Brave. I can tell for a fact, that all data was, is and will be, record-unlinkable. That means that no-one, not me, not the government, not the ad department can reconstruct a session with your activity. Again, there is no tracking, full anonymity, Brave would not do it any other way.


Please let us know if that changes.

Brave buying Cliqz is the first corporate acquisition that's actually made me feel better about the acquirer, ever. I have no idea how to react to that. Keeping up the dev blog would probably make me start recommending Brave, where before I recommended against it.

Incidentally, do you know what's happening to the Cliqz browser?




100% this. There is a glass ceiling to the quality of a search engine if it's free; it starts with G.

The paid option hasn't been explored yet, and for good reason I think: in principle, you need training data for it to be any good. And, again in principle, the only way to amass user data is for the service to be free, leveraging that to sharpen the tool.

So in principle, I reckon this is doomed to fail. But I might be wrong. I HOPE I'm wrong. And that's enough.


Personally, I don't have a problem with a service using aggregated usage data to improve their algorithms, even if that is technically "tracking" me. It's the selling of personalized segment data that bothers me.


You can't have one without the other. The economic incentives are just too intense.


I don't understand. Why can't you have one without the other?


ohduran probably means that there is no a priori logical reason for the two to go together. In theory they could be separated. However, it is far too enticing of a profit opportunity to use aggregated data if one has it en masse to sell personalized data.

I happen to disagree; almost any for-profit business is going to be doing some sort of aggregated usage data. I mean at the most basic level they've got to be tracking the number of customers they have. That doesn't mean all for-profit businesses ultimately devolve into data selling businesses.

Although perhaps ohduran is advancing a more nuanced argument. In particular perhaps the more detailed usage data you track, the more likely the siren call of selling that data is to be attractive. In order to compete with Google on search quality, perhaps you do need sufficiently detailed usage data that the call becomes irresistible.

I'm still not convinced that's true, but I could see how it plays out.


Oh wow, perhaps I was too terse and left too much room for interpretation. I meant that there is no way for a for-profit company to eventually sell personalized segment data once it has it, even if there were initial promises not to do so.

In that regard, the "siren call", as dwohnitmok says, it's a very appropriate way of encapsulating what I meant. You can be bold and not do it, but as soon as you have investors, they are going to demand it , pressure you into doing it, and if you do not comply replace you with someone who will not be sitting in a potentially profitable line of business and do nothing.


That's not really true. Google & Facebook only sell targeting for a reason: it's more profitable than selling the data itself. Why would you sell the user data you worked so hard to collect when you can sell targeting on it again and again? It's actually in Google & Facebook's interest that no one except them have data on you.


What kind of training are the users providing that makes G better? I thought their secret was that they have better infrastructure to crawl and organize information?

I don't see how a paid search engine has a disadvantage here.


One very simple metric to improve search results is testing how long a user visits a site. When users search for something, click a link and return to google seconds later you can assume that the result did not match what the user was searching for.


Then why aren’t Google results any better (arguably worse) than search engines that don’t do this?


They are better IME - I use DDG but still need to switch to Google for many searches to find what I'm looking for.


Because they're so dominant they can make changes to the system that make it worse. Haven't you noticed the decline in quality of Google search results over these past few years?


What makes you think Google's results are worse?


i find google is useless at this. They throw out irrelevant results that the Wise Men of Google think you want to see, or that they'd like you to see. DDG pay more attention to your wording. The drawback is they have fewer indexed pages.


You find Google is useless at what?


showing the results i'm looking for


They are better. Maybe not to you but there's a reason Google is as big as it is. DDG, Bing, etc. are just awful.


I'd also wager this is probably the most useful or close to the most useful metrics you can use. With this metric, plus the user's persona (male or female, teen or elderly, and so forth), you have a fairly accurate user driven ranking system.


Why can't search engine just ask the user if this site was relevant instead of using tracking to do it?


Because then SEOs would write bots to keep clicking that their site is relevant to everything.


But you can get SEOs to fake metrics, too.


because the underlying assumption is that what they'll tell you is the truth, and that's not necessarily the case. Think of a Firefox plugin in, AdNauseam style, that always says NO.


But there's nothing stopping the same people from gaming existing logic that tracks user behavior except security through obscurity. But you also get dirty data via tracking where it's indistinguishable from backend if user found what they want or just gave up on trying for example.


It's a good point. I'm no expert, so take this with a grain of salt, but assuming that it's just a matter of infrastructure, then Bing wouldn't suck so much. Microsoft has the means, the engineering power and the incentive to crush a direct competitor. And yet, it sucks.

So in practice, the more data you have, the better the engine is. I don't have a theoretical reason for why that is the case, but thing is I don't actually need it.


Every time you click a result link, and every time you bounce back from that link, probably also scroll position and hovering, you are providing potentially useful training data.


One possible upside is the Metafilter principle: If you charge $5, you get a higher quality signal by excluding a lot of chaff. The probability that your search engine user is human gets much closer to 1, and you save a lot (but not all) of the anti-abuse effort. This gives you better signal on which websites are interesting, so you need possibly orders of magnitude less data to do a good job.


Back in the day (late 90s) there was a company called Copernic that had a good search engine with a REALLY good desktop client. I remember being able to do all sort of filters, sorting and crazy searches. IIRC It was paid, and it was really way ahead of the simple search operations you can even currently do with Google (actually, Google has constantly removed search abilities as time goes by, like for example, anyone remember when Google Search could show tweeter search results? or that you could "block" domains from search results)


Honestly, there should be some sort of never-forget meme about Google removing the + operator when they started up their stupid social network that failed and then never put it back >:(

Just checked wikipedia, and it seems it'll be ten years ago this June that google stole + and forced quoting upon us for pure vanity reasons.


If someone is wondering (like I did) what the + operator was for:

foo +bar +baz

was equivalent to

foo "bar" "baz"


It stood for logical AND, so really your search term would be read as:

foo AND bar AND baz. It would be more accurate to type it as foo + bar + baz.


They've unfortunately conflated "must have" and "spelled exactly", which aren't the same thing.


This explains so much. I thought they were distinct operators. I thought quoting meant must match exactly, and the plus meant must be present. So +"baz" meant it must be exactly baz, and it must be present. +baz meant baz, or some variant like bazzes must be present.


On that last point, searches like `-site:example.com` looks like they still work.


I would not get too excited until you read the agreement they present you with. If you are a paying customer and they make promises, such as privacy-related ones, then those could theoretically be enforceable, with quantifiable damages at least equal to what you have paid. Will they accept that potential liability. Google won't. If Brave breaks their privacy promises to millions of paying end users, will they try to prevent the possibility of class-actions when potentially hundreds, maybe thousands or more of them all simultaneously "ask for their money back". Does paying by itself magically transform empty promises into kept ones What if the promisor can break the promise and keep the payments.


My views similarly changed on email. It would have been inconceivable for me to pay for email 10 years ago. Now I'm happy to pay for a service that does the basics well, is primarily considering my interests, and will have competent customer service if something goes wrong.


I've really 180'd on this over the past two years. I've always loved business models that allowed free access, but now I'm very much focused on a business models that are sustainable, and without relying on being able to sell my data to keep the lights on. A service I can pay for access, in a sustainable business arrangement, is my new preferred model.


What if it's less profitable to run a paid search engine? Will they run both free/paid side-by-side? And how can one be certain they won't profit off the query data on the backend anyways?

Is there any reason I should think Brave won't prioritize profit motives first in 5, 10 years when investors or markets expect returns?


I do think that fewer things need to be free. But there’s no reason to believe that free means we must lose our privacy.

OTA television, for example, had been providing decades worth of extremely expensive programming for free. And this lost us absolutely no privacy.

There is no reason that ads have to invade our privacy. They can go back to targeting based on broad geographical and age demographics.

Let’s do a thought experiment. Let’s say the government passes a law that says that ads cannot be based on any factors more privacy invasive than your zip code and 10 year age range. It’s not like companies would stop paying for ads. They would pay less, but probably still enough to maintain free services, like Google did in its initial days.


there's also lots of smaller niche platforms/services that don't, sometimes even funded exclusively by donations. I think the size of the organization has a lot to do with the likelihood that your data is getting harvested as well.


> As long as we all expect free, we can't expect privacy.

Not if the project is a non-profit. Wikipedia is free and privacy friendly (or pay what you want through donation if you want).


Paid services have the real name and credit card. It's too risky to assume they won't turn evil in the future.

I barely trust my ISP.


Cable in the 1980s comes to mind:

https://www.nytimes.com/1981/07/26/arts/will-cable-tv-be-inv...

Short answer: Yes, there will be ads eventually, even if you pay for it.


> I'm actually excited about the idea of a search engine that I pay for. Been waiting for DDG to do it but last I knew there's still no option there.

I wonder if that's because they're using Bing search results rather than crawling the web themselves?


give me the option to block certain sites from results and prioritize others, I would pay a monthly fee just for that level of customization. I hate searching to download something and only finding spam in the top 5 results.


I was going to say something similar.

I'm convinced that it's possible to build a better search engine than Google by using community-influenced results, rather than try to do magic.

I'd definitely pay for a search engine where we can collectively downvote to hell any SEO spam. That would be the only way to incentivize sites to provide actual quality rather than cheating the algorithms.


> As long as we all expect free, we can't expect privacy.

Paid is still centralized. Decentralization isn't an answer, because people make their own decisions and a collective decision contains a lot of power. The only way to achieve true decentralization is to eliminate communication entirely. I believe it is referred to "Babel's tower". Centralization means we have no freedom and no privacy. With decentralization, 51% could conspire to murder the 49%. That experiment, taken after a few iterations, would quickly turn us extinct.


The idea is interesting. My view on the economics side is that the flaw is that this is a for profit company trying something new to make more profit. There's nothing wrong with that except that what they are selling is a commodity (bing, google, duck duck go, ..).

So, that doesn't sound like a sound plan. In fact it sounds a lot like everything Mozilla tried and failed to make money with in the last few years. Maybe users will pay for X .... nope they won't pay for X either. Ironically, Mozilla's main business remains reselling Google's search.

What's Brave's business model at this point? I'm assuming that the attention token business is at this point not really delivering substantial revenue.

Anyway, a couple of weaknesses here with both these business models (search and BAT):

- They are tied to Brave the browser, which while popular has a tiny market share. So, both solutions are cut off from the vast majority of users, including the fraction of a percent likely to be an early adopter of this (i.e. by actually paying). Fractions of fractions don't add up to a whole lot of revenue.

- That browser happens to be built by Google and also depended upon by Apple & Microsoft (i.e. Chromium). Between those three, they control access to most of the users via their apps stores and operating systems. They also control the main contenders Cliqz is supposed to compete with: Google, Bing & DDG (which is Bing). That sounds like an uncomfortable place to be as a would be competitor. Also, there's the Apple and Google tax to worry about with any kind of revenue: Brave users putting more cash in the coffers of Apple and Google basically.

- Users might pay for quality. That raises the question how you will get that. DDG is popular but a key reason for people to not use it remains that sometimes they just aren't good enough. And it's basically Bing, which depends on MS putting loads of cash and resources in it. I found myself reaching for Google a lot in the half year I used it until ultimately I decided that I did not have time for too many fruitless searches where I wasted time before ending up finding what I needed on Google. I reverted back to Google. And that's not because I enjoy being tracked or in their clutches: they are just that good.

- Brave as a walled garden for exclusive paid features does not make sense: it's too small. Both BAT and search as commercially offered features would have more users (and thus paying users) if they weren't tied to Brave the browser. IMHO both would actually need to be structured under a non profit organization for long term success (for users, not for Brave).


have you heard of greed? Do you think they care about loosing customers in that scenario? Where will they go? Dont be soo naive... they might start with honest and clean intentions but that will most likely change, or the pople running the company will change, people are soo easily corupted, especialy in a world filled with vice


My opinion has definitely changed over the last 10 years from I'll use anything if it's free, to I'm willing to pay for a better service.

Spotify is something I'll gladly pay for because it just works and is less hassle than ads and playlists and searching for youtube videos.


> I'm actually excited about the idea of a search engine that I pay for.

Right now you can pay to host an instance of the internet meta-search engine SearX: https://searx.github.io/searx/


Consider that it’s not just the changing times but also your own changing economic situation. Would you have had a spare $20/month foe a search engine subscription as a 16 year old? I sure had better uses for my money back then than something like this, privacy be damned.


I don't really mind the ads on search engine as long as they aren't tracked and are based on the search. This is the way startpage does it.


I would like to say, paying customers have even more valuable tracking data, since it signals that you have good disposable income.


I don't really even want to think what I would pay Google to access their search engine if they made it a paid service tomorrow.


i would probably just switch to bing or duckduckgo (aka bing) at this point. google used to be unparalleled in finding what you're actually looking for but their search results have steadily been getting worse.


There is a cost in order to be free(ed).

Would be a nice study to determine the monthly rate one is willing to pay in order not to the be the service.


Perhaps the going rate could be established in "units of text editor subscription".

How much time do you spend in search bar and results versus one of several non-coding text editors that you subscribe to? Price accordingly.


It's still kinda not private, because GTM/GA/ etc on 3rd party sites are going to track where your click came from.


We block all those. Were you thinking of other browsers?


Many things are free, such as Linux kernel and Debian distro.

However if someone's expenses grow with userbase, everything you said is right.


bat tokens will eventually make sense to everyone we’re probably just 10 years too early into the private browsing space


So basically a search engine that is worse than Google and that I will have to pay for. Sign me right up!!


In my understanding what Cliqz did, at least in the beginning, was to buy clickstream data and then build an index on top of that. So in a sense they just scraped Googles' search index, as almost all users rely on Google for finding stuff on the web. The clickstream data gives you both the search query and the website(s) users visit after searching, so it's pretty easy to build a search index from that, at least for popular searches (it might be more difficult for the long tail of search queries).

A lot of the clickstream data you can buy comes from browser extensions btw, and often gets collected without users knowing about it (looking at you, "Web of Trust"). I think their reliance on such data was the reason Cliqz acquired Ghostery, which also collects a copious amount of "anonymous" data from its users. On one hand it's a neat idea since you're basically standing on Googles' shoulders, on the other hand it's at least questionable for a "privacy-first" company as the generation of the search index is based on personal data mined from (often unwitting) users.

That said I don't know how their system evolved, so maybe today they have another way to build their index.


Bing might have also done this to improve their index https://searchengineland.com/google-bing-is-cheating-copying...


That's one side of it. The ironic thing is they probably used exactly the same tactic as the search engine in the article:

https://www.quora.com/Did-Bing-intentionally-copy-Googles-se...


No, Brave Search won't copy search results that users do not click on. You own your queries and clicks. Only users who opt into anonymous logging to help Brave Search send unlinkable records up, and those records are not scraped from unclicked links in SERPs.


I was referring to this bit in the top level comment:

> In my understanding what Cliqz did, at least in the beginning, was to buy clickstream data and then build an index on top of that

I don't know if that's what cliqz actually did, but if they did do that it sounds very similar to what bing did.


From https://www.siliconfilter.com/hiybbprqag-google-claims-bing-... it seems Google engineers laid a trap by using IE with Bing Toolbar and Bing Search Suggestions enabled. Not clear what was gathering the data, but this article doesn't say whether the Google engineers clicked on the bogus-keyword's result link. If they did, then clickstream as you say. If they didn't, something in the IE+Bing mix scraped links from whole Google results pages.


I work at Ghostery. Yes, Cliqz bought Ghostery for the Human Web data, since we have so many more users than Cliqz ever did. What gives you the impression that any data we are collecting is not appropriately anonymous?

The Ghostery extension is open source, so feel free to link to anything in the code that looks suspect to you


I'm not saying it's not anonymous, just that it's impossible to assert the anonymity.

Also, I saw a lot of "anonymous" clickstream data offered by other companies, which was often trivial to de-anonymize. We did a DEF CON 25 talk about it, just google "Dark Data DEF CON 25". Robustly anonymizing high-dimensional data like user clickstreams is practically impossible, and often knowing a combination of 4-7 websites a user regularly visits is enough to identify him/her in a pool of millions of users (see the talk for details), so I'm highly doubtful about any company that claims it can robustly anonymize such data. If you're confident your data is anonymous why not release a large sample and have researchers look at it?

So while I'm not saying Ghostery is also doing that I don't have a lot of good faith in these data collection practices in general (also, I think before Cliqz acquired Ghostery it collected a lot of data like cookies from the users). Again, it's a smart way to collect data but I wouldn't call it very privacy-friendly.


It is trivial to de-anonymize if records are linkable, which is the case you mention on Dark Data DEFCON25. Another famous case was the de-anonymization of the Netflix data set.

However, you are assuming that HumanWeb data collection is record-linkable, which is not the case, precisely to avoid this attack.

If what is being collected is linkable: e.g. (user_id, url_1), ... (urser_id, url_n). No matter how you anonymize user_id, it will eventually leak. A single url containing personal identifiable information, e.g. a username, will compromise the whole session. No matter how sophisticated the user_id generation is. The real problem, privacy-wise, is the fact that record can be linked to the same origin. An attacker (or the collector) has the ability to know if two records have the same origin.

The anonymization of HumanWeb, however, ensures that linkability across data points is not present. Hence, an attacker cannot know if two records come from the same origin. As a consequence, the fact that one url might give away user data, for instance a username, it would not compromise all the urls sent by that person.

If you are interested in more details I recommend this article: https://0x65.dev/blog/2019-12-03/human-web-collecting-data-i...

[Disclaimer I'm one of the authors]


I still see a lot of ways in which users could be de-anonymized, sometimes a single URL is already sufficient and side channels like the quorum mechanism might leak information as well. Maybe it's really anonymous, but personally I don't trust any mechanism that doesn't have a statistical anonymity guarantee, differential privacy being the preferred one as it's the only anonymity model that hasn't been broken yet.

Anyway, it's great that Cliqz did this work and I don't want to diminish it, I'm just very cautious when companies claim they're only collecting anonymous data, there were just too many cases in which promises have been broken.


As mentioned in my previous comment:

There is a better way to service users interests; initially it was "keywords" - but now it can be more structured;

"I want to learn [topic]" and the response may be a step-by-step how-to on how to learn [topic]

TBH this was a subject addressed on NPR this morning.. People staying at home are talking about the old infra of edu where people cant be in person - but nobody is talking about the opportunity on changing the structure of learning at all - there should be seen the opportunity on changing the way in which we learn something.


Brave has a long way to go to build real trust. Too many reckless stuff: hijacking links, suspicious url-rewriting, crypto-token stunts, forgetting to communicate with users about serious privacy leaks with their faulty TOR window... also it looks like they care about privacy only in their PR brochures.


Also zero transparency for users and publishers.

On one browser installation I stopped getting payouts, reached out to them via reddit (like they asked for) and provided all the information they asked for: ghosted.

I'm also a publisher, for weeks now I can't login and it seems like I'm not getting payouts anymore either. Never got any mail about it. Sent them an email about it February 23rd, no answer so far.

If I'd have to guess, the one client somehow got blacklisted maybe because I used too many Brave installations and they think they're fraudulent? (Though I only used like 5, Brave & Brave Beta each on a desktop & laptop, then on another desktop just one installation. Also, I still get payouts for the other installations.) Or it's just another one of the bugs that eats payouts and users' BATs.

Publisher account I even have less of an idea, it's totally fine, teen-rated gaming websites with a couple of thousand organic (search traffic) uniques/month. I did sent BAT from my unconnected Browsers (you only can connect a maximum of 4 browsers to a wallet, ever) to my site to tip myself. As far as I know that isn't against the TOS either (even makes them more money because they douple dip).

But, even if they don't suspend you without any notice, it's completely non-transparent as a publisher too. You get zero statistics, just a bundled payout each month. I'd never use them like this as a publisher for bigger sites, pretty sure I mailed them about that too in the past and also did not get any reply.


Also the fact that they boast "we blocked X many ads" directly above a Brave-owned embedded avertisement directly in the browser itself.

Scummy stuff.


You can easily remove cards, top sites, adblock counts, and advertisements from the Brave home page. It's customizable.


Their point is not that there is an adblock counter, but that brave injects ads on their own homepage to inflate the apparent usefulness of their browser. It's similar to labeling a casino a buffet and saying you don't need to gamble.


I guess some just want everything for free. It's not like they're hiding it. It's right in front of your face. It's just some are too lazy to turn it off or simply don't care.


That's a feature, not a bug. The point of the Brave ad blocker is to (optionally) replace unethical ads with ethical ones so you can compensate the content creators you browse. How is this scummy?


Because it removes a revenue stream for many sites and small businesses (oftentimes the most important or only revenue stream) and replaces it with a setup where Brave happily benefits from holding that income in escrow until you can convince them to hand over whatever percent they think is fair to share... in their crypto. That is, of course, assuming they don't ghost you, which seems like a common complaint among publishers.

The company's got a long list of shady practices and "mistakes" where they haven't paid creators and/or screwed over users for their own profits. Even if you give them the benefit of the doubt and assume they just constantly make honest mistakes, no other browser dominates the news every other month with so many privacy scandals.


While it is sort of a hostage situation (websites must sign up for Brave rewards to get a payout), would you rather websites get no revenue at all? If the prevailing mentality of most web users is to install their adblocker of choice, I see Brave as an approach that tries to cater to everyone.


> If the prevailing mentality of most web users is to install their adblocker of choice

This is not the prevailing mentality of "most" web users, in fact it's not even possible for it to be because the most common user agent is Chrome on Android.

Brave is an attempt to funnel as many oblivious users as possible into a pipeline where native ads are automatically blocked, for the precise purpose of being able to execute the "hostage situation" that you mention. The premise that the target market for Brave is the tiny group of people who are willing to look at one kind of ad (provided by Brave) but not a different kind of ad (provided by the publisher) so that the publisher can get a fraction of what they would have received from the native ad (if they opt into a crypto scam) is laughable. Most people who want to block ads just want to block all ads.


Brave Ads are opt-in and will remain so. You seem to be ignoring our brand promise, which if we violate it, lead users will roast us to a crisp. Also, consent is required under new privacy laws. If you don't want to use the opt-in revenue models in Brave, and just free-ride using best-in-class tracking protection, feel free. That's the baseline default.


I'm sure you've defined "Brave Ads" such that this is technically true, but calling your approach to ads "opt-in" is terribly misleading. Last time I opened Brave, I was immediately greeted by a full page ad on the new tab page. [1] To be clear, I have never opted in to seeing any ads in Brave.

If you haven't been roasted by your users over this, I suppose that's informative about who the users are.

The Brave FAQ also says

> Are all ads blocked or can users allow some or all? Tracking scripts (trackers) and ads that depend on them are blocked by default.

So this implies that Brave does not even block all ads by default now? If you go back to 2019 [2] the same line in the FAQ says "Ads and trackers are blocked by default".

[1] https://cloudflare-ipfs.com/ipfs/Qme89K2feqd7pYvUHetXPCJ7yrY...

[2] https://web.archive.org/web/20190607005611/https://brave.com...


Sponsored images are tracker-free. We had SpaceX images in the New Tab Page (NTP) without getting paid, and supporters suggested we do more and charge. If you don't like these images, turn them off ("Customize" controls on lower right). That our users mostly like these images means not only that they didn't roast us, but that we got some revenue to keep alive and keep going. This is a win in our book, but I realize not everyone agrees.

Our early website writers oversimplified. We didn't block ads so much as tracking, so the text changed. But then the code evolved, and now we block both using the same lists as uBO, only with aggressive shields required to block first-party ads that don't have tracking or whose tracking we nullify. This requires more nuance to describe. I'll get someone to work on the website docs, but the ground truth is what the browser does. If you set your global shields to aggressive and see an ad, please file a bug or DM me on Twitter and we'll work to fix it. Thanks.


Hi Brenden,

I never opted in to ads on the homescreen of Brave. How do I opt-out of them?


Customize controls on lower right.


Ads completely overwhelm my mobile and mac book pro. Sorry?


I'll admit that if the GP holds the opinion that all ad blockers are "scummy" then I wouldn't be bothered. But considering I never see ublock origin get criticism here I have to assume that when most people criticize Brave's business model, they don't actually care about the publishers.


Agreed. I just don’t see why I should not continue to use Firefox, Multi-Account Containers, and DuckDuckGo, and just use Tor Browser if I want to use TOR.

The whole crypto thing in Brave especially rubs me the wrong way, it feels like a Ponzi scheme.


It’s chrome with extra features, and not owned by Google. You don’t have to participate in their crypto nonsense, and you don’t have to use their TOR browser

It’s basically just convenient


The only recklessness in sight is your comment repeating a complete fabrication. We never "hijacked links". See https://news.ycombinator.com/item?id=25841456.

The Tor leak was already fixed in Brave Nightly when independently discovered. We were fixing as part of a HackerOne bug report, which per standard practice is not disclosed until patched in all releases. The mistake there was not forgetting to disclose, it was not airlifting the fix into Brave Stable and intermediate releases right away. We have already made process fixes; automated network leak testing is the biggest one.

If you don't like crypto-tokens, don't use them. They're optional in Brave. They have no privacy impact.


Cliqz’s Human Web used servers from FoxyProxy to remove IP address info. Will you continue to partner with FoxyProxy (as a matter of outsourcing the “trust us, we’re not tracking your IP”) component? If not FoxyProxy, then who — this 3rd party companies’ reputation matters.


We drop IP already when proxying a number of Google services, see https://github.com/brave/brave-browser/wiki/Deviations-from-....

We've used Fastly in the past to drop IP, implemented using VCL. I believe we're using other vendors now as well. Unlikely to use FoxyProxy but the idea is the same. We don't log IPs and don't let them get to us or to Google or other service providers, where possible.

If you are interested, https://brave.com/brave-private-cdn/ describes how we go to even more effort to avoid seeing fingerprints as well as identifiers including IP addresses.


You forgot one. Whitelisting cross-site trackers from sites like Facebook and Twitter.


All browsers allow those social widgets by default, because blocking them breaks too many pages. Brave is not alone in this regard. We're working on a better default that blocks but replaces with mock objects bundled with Brave's binary that activate the real widget on click. In the mean time, you can turn them off and risk broken pages via "Social media blocking" settings.


Also doesn't help that Brave's CEO is a right wing guy (asked to leave Mozilla because of his radical comments) and a COVID conspiracy theorist "masks don't do anything"


I'm not sure what the relevance of it either way. Even though he left Mozilla due to his public opposition to marriage-equality for same-sex couples, to connect that with his current company seems like a stretch.

And even being an anti-masker in the COVID19 context, however misguided that might be, isn't really related to the browser's functionality.


>I'm not sure what the relevance of it either way.

The subject of this sub-thread discussion is that it's about "Brave has a long way to go to build real trust." and so it's not limited to functionality, it's about trust. Therefore a leader who is seen to be "misguided" in some parts is relevant to trust in the project they lead.

I agree it's not relevant to functionality but this sub-thread is about trust which is more of softer issue.


Maybe some people just feel gross participating in a project to make this guy richer?


I can understand that. But while I disagree fundamentally with the Brave CEO's political stances on the aforementioned topics, I just don't see a strong connection between those and his product, which is politically neutral from a left/right perspective.

It's nothing like, for example, the clear connections between the political views of the execs/funders of Parler and Gab and their their products.


I agree, there are certainly heaps of odious people who have created great things in technology. And I don't even mind using these things if the creator is not making money off of them. (There's an open source project whose author says, on the project's webpage, that he dislikes the idea of anyone who doesn't embrace white nationalism using the software. I don't think he was joking.)

I suppose I'm reading JacobSuperslav's comment differently than you. You're reading them as saying (in response to a comment listing reasons not to trust Brave) "here are some additional reasons not to trust Brave", which you're saying doesn't follow. I agree that it doesn't follow, but I'm reading their comment as saying "Brave's untrustworthiness is one reason not to use it, but another reason why you might not want to use it is..."


In a free market, you can of course spend your money any way you like; if you think a company shouldn't ought to hire people you as a customer disapprove of, then you can boycott that company. But the fact that we're increasingly viewing corporations as responsible and sharing in the guilt of an employee's personal and political views worries me a great deal. It's like we're progressively losing the ability to compartmentalize, and to permit others to compartmentalize, and I think it's fundamentally threatening society's ability to function as a diverse collection of viewpoints.


> But the fact that we're increasingly viewing corporations as responsible and sharing in the guilt of an employee's personal and political views worries me a great deal.

For me it's sort of the other way around entirely. I don't view corporations as "responsible" or "sharing in the guilt", in fact I don't really see corporations as moral entities at all, except insofar as that's sometimes useful to persuade their CEOs to do things (e.g. not destroy the planet with pollution).

I don't know anything about Brave's corporate structure (and don't care to), so take the following as hypothetical. In any business, there are a number of people at the top trying to get rich. And that business will also employ any number of people who are not going to profit (e.g. janitors). I'm sure any business the size of Google employs a few racist janitors, it's just the law of large numbers. I don't "blame" Google for employing these people, nor does it dissuade me from doing business with them.

But when the person at the top running the company and directly profiting from it has terrible views, maybe I have a moral obligation not to give them my money, if that's possible. And if the board of directors of a company chooses to retain a CEO with deplorable views, maybe I have an obligation not to give them my money, either. So I think you can argue that someone has an obligation not to do business with Brave without saying that you blame the corporation as such. This goes double when the people are the top are funneling those profits into campaigns to deny people their rights.

At a high enough level of abstraction, a corporation is just a profit-creation engine. At a high enough level of abstraction, cancer is just a reproduction-oriented microbe. I suppose it doesn't make sense to blame either of them for what it does. Even so, I don't think it's right to aid them.

> society's ability to function as a diverse collection of viewpoints.

I worry about this too, quite a lot actually. But I think one requirement for society to have the ability to function as a diverse collection of viewpoints is that we collectively not tolerate people who have views antithetical to society functioning in that way. It's one thing to believe that it's wrong for gay people to be married: it's another thing to push for the state to prevent them from marrying.


I mean, and I believe that it's one thing to believe that it's wrong to push for the state to prevent gay people from marrying, but it's another entirely to push for companies to fire people who believe that.

I am in favor of gay marriage, but I believe society can survive without it. I'm not sure it can survive without political compartmentalization.

I guess you could call me a libertarian in that I believe that the first and best defense from government, corporate and mob tyranny is to just go somewhere else. The enforcement of mere majority moral beliefs on the entirety of society directly threatens that belief. You may say that's just democracy, but I disagree; I think majority rule is not quite the same. ("51% democracy", if you will.) The flourishing of a society and its peoples is maximized if locally contradictory views can exist simultaneously, preferably by a process of self-sorting. But such a process would, if moral fault is propagated along corporate and financial lines, either damage the economy by effectively decoupling large sections from each other (you see this in the right-wing news market, which has become almost totally disjunct from the left-wing news market, and the split is propagating across logistics lines), or else damage liberty by enforcing the most effective and motivating (!not! the most morally just) beliefs through chilling effects and monopoly positions. That's why I think the decision to support a corporation must be decoupled from the views of the employees, so that the political arena can be insulated from the economical one, allowing a connected economy at the same time as a diverse society.


The relevance is having a CEO that is not widely esteemed is terrible for PR. This is why Mozilla fired him


His politics are irrelevant to me. I use firefox 95% of the time but when websites just don't cooperate with it I'll use Brave as a chrome fill in.


> His politics are irrelevant to me

The fact that he is anti-science and happy to play fast and loose with other people's lives should give you a hint how he might run a company.


I don't feel that good about this.

The thing is that Cliqz was "majority-owned by Hubert Burda Media" [1], and that "The deal, terms undisclosed, makes Cliqz owner Hubert Burda Media a Brave shareholder." [2]

Doesn't Hubert Burda Media have a interest in removing ad-blocking technologies from the web? Couldn't partnering with Brave get them into a privileged position where they are capable of displaying ads and build user profiles?

[1] https://en.wikipedia.org/wiki/Cliqz [2] https://www.theregister.com/2021/03/03/brave_buys_a_search_e...


If so that makes sense as Brave is happy to show you "ethical ads” instead of the ads already on a page if you so choose and reward you and the original content creator(maybe) with their very own funny money.


When you sign up as a BAT publisher, you choose what currency to get paid in. It's just as easy to pick USD, and then it will auto-convert the BAT to dollars, and you would hardly even know it involves crypto. It's not some ponzi scheme.


But the amount of USD you get varies by BAT-USD exchange rate, e.g. you actually get paid in BAT, correct?

I must admit that I find this business model genius: replace website ads with your ads, pocket the revenue, and "pay" users in a self-issued cryptocurrency. Stealing ad revenue from websites while simultaneously doing an ICO.


That's correct. But advertisers bid in BAT too, so if the value drops, they would pay more nominally, and it would all balance out.

As a user, I prefer Brave's ads though. They're not actually on websites. And calling adblocking "stealing" seems like a bit of an exaggeration. Brave still pays out a larger share of their revenue to publishers than Google does. As a publisher, Brave's scheme seems fair to me too. The only one really hurt is Google.


I don’t dispute that you can get real money out the far end but even if you ignore the problematic aspects of crypto as a technology you still have to deal with the problematic aspects of it as a currency including rapid fluctuations in value and the time it takes to settle a transaction.


I guess that could a bit annoying at times, but ad revenue isn't some super precise amount. Price fluctuations should balance themselves out, and the minor settle time is not a big deal when you're typically paid monthly.


Excited that Brave is playing a pioneering role here with leveraging cryptocurrencies and distributed tech (including Web3) who's time, it looks like, will come. It helps that a Browser is close to a perfect environment from which to challenge the incumbents heavily dependent on ad revenues.

> Brave Search's index there will be informed the activities of participating Brave users, in terms of the URLs they search for or click on, and adjacent web resources that don't require extensive crawling.

This is quite similar to Amazon's now-defunct A9.com which, iirc, had some form of hybrid search engine that was built on search / ad results from Google and the data Amazon collected via the Alexa toolbar.

> The Brave Search team has written a paper explaining its use of the term, titled "GOGGLES: Democracy dies in darkness, and so does the Web." The browser upstart aims to replace the tyranny of Google's inscrutable, authoritative index with a multiverse of indices defined by anyone with the inclination to do so.

Again, very similar to WAIS. Has Eich been speaking to Brewster Kahle? :)

[0] https://en.wikipedia.org/wiki/A9.com#History

[1] https://en.wikipedia.org/wiki/Wide_area_information_server


No, I haven't been talking with Brewster. The Goggles paper is from the Tailcat team.


It's very exciting. So far Brave is not so popular in the cryptocurrency space compared to its peers. That will change I'm sure.


> Brave is not so popular in the cryptocurrency space compared to its peers.

KYC-hostage demands from a company that claims to be "privacy focused"...

https://twitter.com/fluffypony/status/1065594144796610560


You do understand it's based on regulation, right? That there is no way to do what they are doing legally without KYC for withdrawals? What exactly does your implying use of the word "hostage" mean? That you don't like the laws of the countries Brave is operating in?


I understand that's what they're claiming. If they were serious about their principles, like Lavabit, they would have simply discontinued the "custodial wallet service" that they claim is subject to anti-privacy regulation. Nobody is claiming that the Brave browser software itself is subject to any anti-privacy regulations. They wouldn't have to sacrifice their entire business on the altar of principles like Lavabit did -- they'd only have to sacrifice one feature.

But they don't have nearly the same level of integrity that Lavabit did.

And, of course, if they're exaggerating the "but but muh regulations" aspect, then none of the above applies.


I don't understand your criticism, it doesn't seem to make much sense.

They have done exactly what you are proposing, in that they don't require users to provide KYC to use the browser. KYC is only required to use an additional, optioal feature inside the browser. It works well without any private information, and it even allows some wallet features like redistributing your tokens to content creators you like.


> They have done exactly what you are proposing,

No.

They haven't done this:

> like Lavabit, they would have simply discontinued the "custodial wallet service" that they claim is subject to anti-privacy regulation


> Brave Search's index there will be informed the activities of participating Brave users, in terms of the URLs they search for or click on, and adjacent web resources that don't require extensive crawling.

> Brave also envisions users taking a more active role in their search results through a filtering mechanism.

"It allows different groups to run their own sort of Turing complete filter rules, sort of like ad blocking rules in the search service and not in the browser, to have a community moderated view of the global index," he [Brendan Eich, Brave founder] explained. "It's called 'Goggles.'"


I'd love to be able to filter out, for instance, pinterest.

I'd actually pay nominal amounts of money for a search service that had my interests in mind; as opposed to advertisers and thought police.


Shameless plug, but I've been working on a project [0] that does exactly this. Currently it just has a few filters I've created for myself and only supports web search (and a few !bang like re-directs), but I'm working on implementing user accounts that will be able to create their own filters.

[0] https://hadal.io


Pretty cool. It filters by URL?


Yup, that's exactly it. I've found that there are certain websites that I have basically no interest in seeing. Eventually I might incorporate more granularity to get sub-domains or something like that, but for now it's just whole websites based on URL.


I was pretty sure that it could be done in Google with operators in the search box (going back a few years), but I don't use Google any more and one reason I stopped was that it kept incrementally degrading the ability to refine individual searches manually. Anyhow, I just did a DDG search and came across this [1], which looks interesting for your use case (although that Pinterest is mentioned is a coincidence). I've not tried it out, so I can't recommend, comment or anything.

[1] https://www.techsupportalert.com/content/how-remove-pinteres...


Me too — most image searches need a "-pinterest" term added.


   google.*##.g:has(a[href*=".pinterest."])
   
   google.*##a[href*=".pinterest."]:nth-ancestor(1)
Add to uBlock Origin 'My Filters' Section :)


> and thought police

Copyright interests pay large cash to make sure you know is truly best for you. You could show a little gratitude.


Indeed. I'll keep that in mind.


You can just add -site:pinterest.com in DuckDuckGo. I think you can do the same in Google.


I'm well aware of the various search flags. I can also think of at least 10 domains I'd like to permanently obviate from every search. Adding flags for all of these every time is unwieldy. I have toyed with browser extensions to achieve this, but I quickly learned that using many of these flags will compromise search results. A good solution will require a search engine that anticipates this use case.


Turing incomplete. Thanks, will get a correction to the reporter.


Fixed. Thanks again.


Cliqz seemed like a very promising search engine [1], so I'm glad that they've found a new home where they can try again.

[1] https://web.archive.org/web/20200501194956/https://cliqz.com...


It really worked quite well, especially when compared against ddg. Fantastic that it will survive in some form and that the work was not for nothing.


"The service will, eventually, be available as a paid option..."

This is the future of services on the internet. The 'cult of free' should die off as people realize they don't want to be bought and sold like digital cattle.


I wonder if payment in BAT will be an option?


> payment in BAT

payment in Basic Attention Token... isn't that exactly how the Google, Facebook, Twitter, etc advertising business models work. BAT is basically a reward for watching adds right?

I like the idea of paying my content producers directly better, see for example https://coil.com. Cut out the middleman


It's an optional reward, and that is the key difference in my opinion.


Probably, but you'll probably have to KYC as well...


As long as your crusade against free doesn't impact our free public libraries, free healthcare, free education.

(All of which are not really free because we pay for them with taxes. )


I have been developing a simple mantra: Pay for stuff I use. Mostly software so far. As far as “free stuff” provided by the government, I feel there is a baseline that a government should provide, as that should be their purpose. Where that line is, and what services are provided is a source of intense debate. “Pay for stuff I use” is a great starting point, but hardly a hard and fast rule.


The SaaS project I'm working on won't have a free tier. We think it's unfair to make paying customers support free customers.


Does the customer on the $40 plan think it unfair he pays for more resources than the customer on the $20 plan?


That's different, they're both paying.


As a paying customer I don't care about customers on the free plan. I don't think anyone has time to consider such things.


Wouldn't you prefer to pay less?


If you're setting prices based on cost shouldn't the prices be astronomically higher during the first few years of the business?


Irrelevant. You're changing the subject.


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: