Why does Brave need its own blockchain token? Either it's centralised and doesn't need blockchain. Or it's trying to be decentralised, and then might as well use an existing token like BTC or ETH. I understand that the latter may be too expensive for micropayments, but surely that comes with the territory when you're using a blockchain.
You pretty much identified one of the main issues. We initially launched Brave Rewards (called 'Payments' at the time) with Bitcoin. Unlike HODLers, Brave users only wanted to purchase $5 or $10 at a time. In 2017, network fees and congestion got so bad that users would see 90% fees, and still not know when their BTC would arrive.
We pivoted to the BAT, built on ERC-20. This relieved us from large fees and heavy network congestion, as well as enables us to do things like create a User Growth Pool (300M BAT) to drive growth. As an example, we recently sunsetted our referral program which generated more than $13M in rewards for publishers. Initially we had planned to stop the program after $1M had been distributed, but a healthy UGP enabled us to go much bigger.
There is no animus towards BTC today. In fact, for our verified creators (https://creators.brave.com), we'll even auto-convert your received BAT into BTC (or ETH).
I've been using Brave for a couple of years, already (I think) and I'm quite happy with it.
By default it might spawn some ads but you can easily disable it forever.
It's the fastest there is.
I love it, the only thing I feel it is missing is default support for .bit domains. With all the censoring going on of different sites at the DNS level, it is time to have a distributed alternative.
I'm not familiar with .bit domains specifically, but you can expect more developments in this space from Brave this year. We added support for IPFS last year, and are working on building upon this work even more.
.bit domains are domains by the Namecoin network. Little is known that namecoin was one of the first altcoins. Long before ethereum and litecoin. They use a blockchain to decentralise DNS like technology. You should have a look at it
Brave's (privacy-respecting) ad notifications are off by default. But I would encourage you to reconsider these features, unless (or even if) you support content creators out of your own pocket. Sponsored Images, for instance, is a high-quality image that appears on every 4th new tab. 70% of the associated revenue goes into your wallet, which can then automatically flow out to the verified sites and properties you visit throughout the month. It's a great way to convert your attention into real support for the people who make the Web enjoyable. And best yet, there is no user data involved or exchanged.
Content creators can verify their properties (sites, YouTube channels, Twitch accounts, and more) via creators.brave.com. If users have already attempted to tip you within the past 90 days, you may find that rewards arrive shortly after you sign up.
Tips only leave user wallets when their intended recipient is verified. They will remain in the user's wallet for up to 90 days awaiting the verification of their intended recipient. After that time, they are folded back into the user's balance, and able to be given to another creators.
That just means BAT gets to keep in circulation purely because of a low conversion rate?
Realistically, how many tipped users are going to sign up within 90 days unless one of your users explicitly tells them to? This just sounds like "we do pay them, kinda"
Listing an affiliate link is not an egregious offense. But you keep posting that link all over this thread as though it were. There was no data involved, no privacy impacted, and no opaqueness to the feature. The affiliate link suggestion was shown to the user before any navigation.
Afaik dissenter from Gab is a fork from Brave, presumably without the crypto.
Last I checked (briefly after it was released), I didn't care that much for the right leaning comments. But maybe it has improved or it can be filtered.
For a web browser, that's certainly getting into dangerous territory. You want your web browser to be updated as rapidly as possible; zero days are a fact of life.
There are some apps for which I would agree, but not when it comes to web browsers. And my apologies, Gab's Dissenter hasn't been updated since v1.5.114, which was released back in March of 2020. So their last major build for Windows and Linux is nearing a year without an update. Their macOS build (0.70.122) is from November of 2019.
Brave seems to pop up here every now and then. With its past history of scammy behaviour (https://www.theverge.com/2020/6/8/21283769/brave-browser-aff...) and how they collect money without actually promising to give it to people that they claim to act opn behalf of, its not a browser anyone should trust.
There are so many better alternatives to brave for those that want to donate to content creators or just browse the web. I have never understood the fascination or usefulness of brave. I would caution people against using it.
There is no "scammy" behavior in our past. What you're linking to here is an affiliate link offering from pre-search UI in the browser. This involved no user data, no privacy impact, etc. See the official response here (with screenshots, so as to clarify how the feature actually worked): https://brave.com/referral-codes-in-suggested-sites/.
If an affiliate link offering (shown plainly, and prior to any navigation event) worries you, wait until you see what other browsers are getting away with. If you're using Chrome, Edge, or Firefox, your browser serves as an out-of-the-box keylogger, sending each keystroke off to Google (Chrome and Firefox) or Bing (Edge) as you type into the address bar. Even an unintentional pasting of sensitive information gets transmitted.
What other browser has injected a referrer to a link that has been entered into a browser URL bar and has benefited the company personally? As a engineer that has worked on global products myself, I find it extremely concerning that something like that made it to the public and it seems quite unbelievable that it was a simple mistake, but then again, I wasn't the person who coded it. There has been plenty of 'mistakes' that brave has needed to backtrack on and apologise for. Other browsers that have been around longer than brave have not been found to behave in ways brave has even though I am sure many researchers poke holes in it. If you would like to point out the behaviour of other browsers and compare it to the controversies that Brave has had, feel free to do so and prove many of the doubters wrong. The affiliate link is one of many examples. My other point is that you can also get the privacy protections Brave touts from other browsers as well, but without the shady past that Brave has a history of.
Can you link some other examples then? You keep using the affiliate link one but it doesn't seem very convincing to me. My takeaway from the comments on this post has been that some people really don't like brave but are either unwilling or unable to explain with more than surface-level criticisms.
I think if you just google for 'Brave controversies' you would get quite a few, like I just did now. There are also plenty of links in this submission. From content injection to taking money on behalf of people that have no idea its even happening, and this coming from a browser whose selling point is privacy.
Your first link is incorrect; Brave doesn't whitelist trackers. The Facebook/Twitter option enables embedded posts from those platforms on other domains. These frames, however, do not transfer cookies and do not permit the third-party access to storage. You can alter this behavior in brave://settings/socialBlocking.
Your second link suggests Brave replaces ads on websites; this is also wrong. Brave removes harmful third-party ads and trackers (as these harvest user data, and violate privacy). Brave offers an alternative model (Brave's privacy-respecting opt-in model) instead, which reward users with 70% of the associated revenue, while leaving their data untouched.
Your third link is, I believe, asking about our in-situ tipping buttons. These are triggers for the Tipping panel within Brave, enabling you to tip BAT to users on Twitter, GitHub, and elsewhere. I'm not sure what concerns you about this; these can be turned off in brave://rewards, if you like.
The last link you provided is also quite misleading. Brave distributed BAT grants to users, enabling those users to earmark tokens for content creators. Our interface at the time identified "verified" creators as such, but didn't make an equally explicit identification of unverified creators. This lead to some confusion. But as a result of Tom Scott's feedback in 2018, we saw massive improvements made to our UI/UX and tipping model over 48 hours or so. Today unverified creators are clearly identified as such, and tips are held for them on the user's device, rather than in a settlement wallet. See also https://brave.com/rewards-update/
That you had to google these and didn't know them offhand made me skeptical, but I'll attempt to summarize the articles to see what the criticisms are:
2. https://www.computerworld.com/article/3284076/brave-browser-...
This is about the opt-in basic attention token system, where users can replace ads served by websites with ones that reward them with cryptocurrency. I have used brave for a while and don't use this system (using the built in ad block instead). I don't see this as a negative.
4. https://twitter.com/vj_chidambaram/status/107647481470831001...
This is apparently about the basic attention token system donation feature not sending out donations that do not meet a threshold. Again, I do not use this system. But I saw this mentioned by someone else in one of the comments on this post and the response mentioned Brave has changed their policies to refund people within 90 days if the donation is not claimed.
A few notes (you'll see that I also had a response below):
1. We whitelist scripts to load, so as to enable Facebook and Twitter posts to be embedded into other sites. But, we don't whitelist/enable the tracking aspect of these scripts. We block them from accessing cookies and other local storage. You can modify this behavior in brave://settings/socialBlocking
2. Brave has never replaced ads on pages. We block harmful, third-party ads and trackers. And, separately, we offer a privacy-respecting digital advertising model. As you point out, our model of showing ad notifications is opt-in.
3. These are harmless tip-triggers shown near Tweets, GitHub comments, and more. Similar to what you would see with an extension like Pocket, where buttons are added near items so you can add them to a reading list, etc.
4. Tips made to unverified creators remain in the user's wallet. There's no threshold requirement here; if you tip 1 BAT to a verified creator, that tip will go out immediately. If you tip 1 BAT to an unverified creator, it will remain in your wallet for up to 90 days.
Umm I knew of them, I was being sarcastic as I had to do your job of researching something rather than you actually spending some effort to do your own job.
I think everyone's threshold for what constitutes breach of trust is different. If you accept content injection, unreported whitelists and other similar behaviour from a browser which touts privacy as its selling point ok, then thats your call. But this kind of behaviour is unacceptable from my and many other people's perspective. Which other major browser injects any content in to a website without the users request? Do you see people being ok with being impersonated by Brave without their knowledge? Especially when these mistakes just seem to keep happening, at some point you have to question the intention. Again maybe you are ok with it, but people should be informed about these practices and make their own call. To most people, this is not ok. What other browser has had this level of controversy (outside of chrome possibly) and they have been in business longer than brave.
You are not responding to my investigation of your issues and just asserting your initial argument again. You have not demonstrated content injection beyond some BAT related tipping feature. All of the controversies you have pointed to are extremely minor and justifiable. I become more convinced as I read your posts you started with your conclusion and are working backwards to evidence.
The fact that you disingenuously refer to search suggestions as a "keylogger" doesn't make me feel anymore confident in the honesty of your company. I feel as if this is a immature response given you purposefully avoid describing what it actually is (which is still something I disagree with being a default).
I think it's a fair description to be honest. Granted, it's not some always running process grabbing your keypresses across different programs, but it is still a horrible privacy violation that is operating without most people's understanding.
Accidentally screw up a copy-paste? ctrl-z as quick as you like, it's too late, one of your passwords has been sent out to google...
It's a bit of an impassioned description of the feature, but this is a comment on HN, not some company press release. How neutered do we have to be that we can't make a point with emotion behind it. It's clearly much more hyperbole than "immature" or dishonest, is all I'm saying.
The reality is that users aren't necessarily aware that their keystrokes (and any unintentionally pasted input) are being sent to Google long before they explicitly navigate anywhere. Inspect the network activity and you will see a log of individual keystrokes (depending on how quickly you type) sent to Google. Firefox waits until you have 2 characters in the address bar before they send them off.
You realise other browers can also opt out of this feature right? Why did you even use this example if you have this feature, I mean keylogger, also in brave? Your responses here are not necessarily helping you or your product.
I'm aware you can opt-out of this in other browsers, but the default is to emit user input to Google, without the user being made aware. In Brave, if you wish to send your keystrokes to a third-party, you must opt-in. That's the key difference here.
No difference? There's a huge difference between transmitting user input with and without explicit consent. Do you think there is no difference between me taking your car without asking, and you lending me your car?
> how they collect money without actually promising to give it to people that they claim to act opn behalf of
This has not been the case for a long time.
Any effective solution in this space is going to be controversial. Brave is far from perfect, but it is much better than allowing Apple or Google to control your browser and doesn't require any tech expertise to use. Those companies generally don't apologize or revert their scummy practices.
Back in 2018, Brave gave tokens from our own UGP (User Growth Pool) to users. These tokens could then be directed to websites, YouTube channels, and more. If the intended recipient wasn't verified, the tokens would go into a settlement wallet. But note, the tokens people were sending were almost entirely those which they first received from Brave (it was not yet possible to earn rewards at that time). So users were getting tokens from Brave, then earmarking those tokens for content creators.
Payout totals are coming soon to that page; I've been working with our team to establish those APIs so that the build-script for that page can pull in that information
It seems Brave is often combatting some bad pattern on the web by replacing it with something worse.
The latest affiliate link controversy was from 2020 [1]
Weird ad browser notifications is not that old [2]
Probably others. Happy to be wrong, I haven't researched it much, but what exactly is the case that they have a good track record of any significant length?
The affiliate link "controversy" didn't impact user privacy or security in any way. Brave offered a pre-search affiliate option for some keywords before the use navigated. Our mistake was doing this for fully-qualified domains too. Read https://brave.com/referral-codes-in-suggested-sites/ for more details, including screenshots.
Regarding your second concern about ad notifications, these are Brave Ads. They're opt-in. And they're built on privacy and anonymity. See https://brave.com/rewards for more. A quick summary: users who opt-in to Brave Ads receive a regional catalog of ads. Their browser, locally on their device, studies the catalog for relevant items. When an ad can be shown (users determine frequency), a notification is displayed. At this time, 70% of the associated revenue is directed towards the user.
Brave Rewards is a way for users to support content creators on the Web without having to sign up for services, hand over personal information, or dig into their own pocket. It's a way to passively translate your attention into real, substantive support for the sites you visit.
You have to explicitly find and enable the ad notifications. It can actually be a bit of a PITA to enable. It's not even supported on my phone. The purpose is if you want to support websites, but don't want to spend money. The ad revenue goes in a wallet, and you decide who to disburse it to (they do have to be registered as a Creator -- Brave's system is subject to KYC laws). The revenue is small and not worth the notifications, so transferring funds to your wallet is generally a much better option.
That thread looks like someone had a device with ads explicitly enabled. Perhaps someone else set it up, or he just forgot about it. That happens all the time with software.
The case is that most of the bad press is inaccurate and overblown, and Brave has changed course when needed. Their track record is imperfect, but far better than the mainstream alternatives.
I don't have sources other than that I've been using Brave as my primary browser on all devices.
[1] is the exact same link linked to by OP and is not convincingly an issue
[2] is about an opt-in system that is easily disabled if accidentally opted into
This was overly harsh, but Google has a lot of sway over the direction of the Chromium project which is unfortunate. Sampson from Brave also told me that they have yet to not have a patch accepted by Google. Who knows what the future holds regarding the direction of the Chromium project.
I believe we have had patches accepted by Google. But the idea that Google controls Brave because Google controls Chromium is not exactly right, IMHO. There are a lot of contributors to Chromium, from various companies. And there are a lot of projects that don't contribute to Chrome (or haven't been successful in doing so), but do patch. Brave patches Chromium (as does Microsoft). You can read more about how we deviate from the project here: https://github.com/brave/brave-browser/wiki/Deviations-from-...
It's a matter of preference and threat models. Brave isn't perfect, and has had some controversy in their business practices. They also have some telemetry and cryptocurrency ads. For non-technical users I still think Brave is the best overall bet, especially on mobile devices. There's a great privacy comparison linked in a different thread.
For more technical people, ungoogled-chromium [1] is probably the cleanest option. It's completely free from ads, telemetry, "pings", "experiments", and the like.
More specifically, Brave's clever use of "farbling" is one really neat element of the anti-fingerprinting logic. After all, if a browser just blocks access to certain APIs, that blocking itself could be enough to fingerprint a user. We instead farble the results of certain APIs: https://brave.com/privacy-updates-4/
I am fairly technical and I prefer Brave because of the ads. It's the one model I think that has acceptable ethics and that can be an alternative to Surveillance Capitalism. Crypto is just an implementation detail, but an important one if you really want to make it a global alternative and that can include the unbanked.
It made me contribute to content creators way more than I have with Flattr (now owned by scammy EyeO, remember them?) or with Patreon. I can not do any of that with any other offering.
So it's sending some amount of telemetry, but it's not so bad compared to mainstream browsers. A more detailed comparison is available in this report linked by another commenter: https://www.scss.tcd.ie/Doug.Leith/pubs/browser_privacy.pdf
Isn't Hacker News a website on things that gratifies own's curiosity? How does an article about how to get started with a browser that isn't new is supposed to fulfill this requirement? By making us ask ourselves these questions?
These mentions which just look like ads need comments like yours at the top of the post.
It's not even hard! The presentation of a new version with interesting new features would fit the bill.
Incidentally, I like the idea of the affiliate link behavior if it was opt-in. I'd opt into it, if it really provided some trickle of funding back to Brave.
Brave is my favorite browser. It's the best web experience out of the box. No digging into settings to specify my default search engine (DuckDuckGo), ads are blocked by default without having to turn on extensions (which I see as an attack vector).
De-Google Chromium, Firefox with the right extensions installed, Safari if you like the walled garden and apple ecosystem
Im sure there are more but all the bells and whistles Brave touts you can get elsewhere and you are not using a product from a company that has shady practices
Normally I use Firefox, but as it didn't run well on SailfishX/Android, an alternative was needed. Tried Brave, adapted some settings and this browser runs very well, I can recommend it. And, at least for me, Brave is very useful!
Addressed numerous times in this post already, but (in summary) those were BAT grants given to Brave users from Brave itself, for the purpose of allowing those users to earmark tokens for certain creators. During a couple days in December, 2018, our UI/UX received a few major changes in response to tremendous user feedback. As a result, Brave tipping system is many times better today.
To be honest, thats a claim that you have not proven. If anything, Firefox and safari are probably more trustworthy based on my own subjective opinion. They have never injected affiliate links or promised to do things which are borderline scam-like behaviour.
I personally treat all software with a level of distrust. But brave has done things which all point to a certain behaviour in which people should think twice before using the product. You can get the benefits of privacy that Brave touts from other browsers. If you want to donate to content creators, plenty of ways to do so as well.
For a long time Firefox called home... not to Mozilla but to Google upon installation (hence, before you could install any privacy extensions that would have prevented Google tracking). This was only rectified after a number of tweets about this problem became viral. The fact that Mozilla’s survival depends on its relationship with Google also created some other issues over time so after being a user for many years, I decided that Firefox was no longer a viable option for me.
Safari is a non starter since I can’t even use it outside of Apple’s walled garden (no Linux or Windows version is available).
All of the above in my personal opinion outweighs the issues that Brave had, which I don’t negate but in my eyes are minor.
So for now I stay with Brave.
Edit: I guess what I’m trying to say is that there is no perfect solution out there and you have to evaluate pros and cons based on your personal circumstances or goals.
BS. Do a Google search on Firefox. The querystring has an identifier for Firefox.
It's no different than what happened with Brave, except that Brave acknowledged it was bug behavior and that the identifier is only for the browser, not user data.
As for ways to donate to content creators, please do tell: is there any solution out there that let us be rewarded by getting privacy-preserving ads and to contribute the proceeds further to other people?
Its very different IMO, one benefits the CEO financially the other is an identifier for tracking purposes. One was done without informing the user the other is a common methodology that many websites do with parameters such utm_ (not that I am advocating for tracking). They are, IMO, very different practices. Im sure you disagree but when you modify a URL for financial gain without informing your users and then backtrack only when you get caught out, its a different ball game.
Im not going to get in to the game of finding specific ways to donate to content creators. There are ways to do it. If you want to do it anonymously, I am sure you can do so as well, I have never been interested in doing so. If the reason you want to use brave is to donate money anonymously, more power to you, personally, I would caution people against using it due to their past shady behaviour (The affiliate link is just one of many examples).
Mozilla’s very existence is based on its financial ties with Google, those utm parameters are there because of that relationship.
There are also other issues stemming from that problematic relationship e.g. Firefox privacy settings by default are more lenient towards Google than Facebook (you get a prompt inviting you to install the official Fb container, by contrast the unofficial Google container did not even get the “trusted” status, hence making it less visible to new users, even though it’s based on the same code).
Sorry, this seems like just an attempt for you to rationalize your double standard.
> There are ways to do it.
It's more than "donating anonymously". I asked if you can point an alternative that lets me monetize my attention and give it forward. Show me any system as straightforward as Brave that lets me give 2-3€ every month to wikipedia and archive.org and any one else I desire.
> The affiliate link is just one of many examples.
Extraordinary claims and extraordinary evidence. I see you already failed at providing an alternative for supporting content creators, will you also back out of showing what "many examples" you are talking about?
PS.: Curious that you single out the CEO. If you don't want to use Brave for having a beef with the CEO it's one thing, but at least be honest about instead of making it about the product.
You have been provided evidence by multiple people on Brave's shady practices yet you are the one who seems to be such a fervent supporter in the face of much evidence provided to you that no other mainstream browser (besides chrome maybe) has shown so consistently even though they have been around longer than Brave. You tell people 'what have you been smoking' then when you are proven wrong, you still try to come up with excuses. I never even knew the CEO until I came across the last hacker news article on Brave's dodgy behavior. Stop making assumptions about people on the internet.
Why should I research for you a topic which does not negate the shady practices that Brave has been at fault for? If you want to donate money using Brave go for it, the evidence of what Brave has done, and done so consistently on many fronts is out there. If you want to look into it, go for it, I am not your personal researcher, a lot has already been done for you.
> such a fervent supporter in the face of much evidence
Two different people talking about the exact same issue does not constitute "much evidence".
I am not a supporter of the "browser". I am a supporter of having an alternative way to have a healthy economy on the internet that does not rely on Ad Tech.
Tracking, privacy violations, the billions of dollars that go to waste due to ad fraud and the maintenance of an oligopoly that only exists due to it all... These are the real "shady practices" that we should be be pissed about, not "they added a button to the webpage that is actually aligned with their value proposition".
If Brave ever gets to do something that violates user privacy or works as a hostile user-agent, then I would gladly be the front of the line to call out for "shady practices". But the points you are arguing are none of that. What you are doing is basically Googling for "Brave Controversies" and spitting out whatever confirms your biases. This is irresponsible and creates a self-reinforcing loop of bad, unfounded reputation for you people that are working on something you don't care about, but that is important to a growing number of people.
> If you want to donate money using Brave go for it.
It's not a matter of "donate money using Brave". Brave is not the point. Brave is just a tool to build something bigger: a way to have a global digital economy free from Surveillance Capitalism. If lynks gave me that, I would use it. But Apple and Microsoft is not interested in doing that, and Mozilla has shown nothing but some naive idealism and very kind words of support (while at the same time paying enormous amounts of money to its board members). I would love to go back to Firefox if they had something similar to the BAT network. I would love if Mozilla started offering paid services to foster and fund an open web free of tracking and privacy violations, but they don't.
Brave (the company, through the browser) does. They have built a (completely opt-in and configurable) system that allows people to receive money for attention and which lets them use this to circulate in the economy, or even cash out. So when I ask you for an alternative, it's not because I want you to do the work for me. It's for you to realize that there is not any other system out there that compares to this, which then maybe will make you understand that the only reason I am "fervent supporter" of Brave is because it's the current best shot we have.
Does wikipedia actually get the money from your attention? That appears to be the foundational problem behind Brave's BAT approach: it's not opt-in for the website.
Yes, they do. The recurrent donations can only be given to verified accounts.
You can send tips to unverified accounts (different thing from a monthly donation), and if the target does not verify their account in 90 days you get the funds back.
Note, tips to unverified accounts [never leave your wallet]. If the intended recipient doesn't verify within 90 days, the rewards are merely unlocked in your wallet, and able to be tipped elsewhere.
The first was not link hijacking. It was a bug, acknowledged and fixed. Don't attribute to malice what can be explained by incompetence.
The second... You are technically right, but I thought you meant the browser was injecting their own ads on someone else's page. The tip button does none of that, it does not disturb the user or gets in the way of any action, can be disabled and is there to help the creators network. I don't see anything to get worked up about.
Safari is good, my dealbreak is the adblockers. Ive been using Safari since 2 months im already desperate to use Firefox, Chrome or even give Brave a try.
And no, none of the available adblocker for Safari works well.
I like keychain, it makes Safari the only browser with password management I trust. Browser dev history has been littered with poor implementations. I want to say Chrome still stores shit unencrypted, but this is just what I recall off the top of my head from reading tech news. I'm no expert, and that's pretty much my point. I trust keychain and don't want to write a phd thesis on how secure the other options are.
I like the ios integration. Other browsers offer this, but it's just another account to worry about - do i trust this company, will they still be around (and still be trustworthy) in ten years? browser history is the most personal thing I do on a computer so this matters a lot to me. (I guess both of these points are just tldr walled garden)
The lack of good adblocking kills it for me. It's too much of a sacrifice, even with a pihole running at home.
Also, as you said, they move slowly. Not just with shiny new tech, but also basic privacy things like if I type "old.reddit.com/r/embarrassingThingsImInto" or whatever, why are they still defaulting to http, and waiting for the web server to decide to upgrade the connection (leaking the initial request)? Why is defaulting to https hidden away in the developer menu? Developers are the only people these days who should be dealing with http anyway, and in those cases there's probably a ".local" at the end they could use to make a determination.
I don't think it's helpful to group Google, Mozilla, Apple and Microsoft together like this, as though they were all "of a kind". There are some very different business models and priorities among them.
As a fan of classic Opera (up to version 12) I'm currently more interested in Vivaldi browser, as it has quite a few unique UI features from old Opera, like turning images off right from status bar, sidebar browsing, window tiling and upcoming integrated email client and RSS reader will be neat.
The extension route isn't feasible. If you don't control the underlying APIs, you can't guarantee service moving forward. We saw this with the Manifest v3 alarms and how they threatened the existence of uBlock Origin and other fine extensions. There's a lot more that can be said about this topic, but I'll leave it at that for now :)
A hypothetical Brave Rewards extension would pretty much just check which domains you visit and proportionally send them BAT tokens. As long as there are APIs to check the current domain and send HTTP requests to Brave's servers I think it would be fine.
"Firefox BAT extension might not work in the future" is still better than no Firefox BAT extension. I like the idea of Brave but my preference for Firefox is greater.
It's not a matter of "might not work in the future," it would be broken on arrival due to the limited abilities offered by the current extension APIs.
As for Firefox vs Brave, I would encourage you to check out the independent study by Leith, of Trinity College in Dublin. Leith found Brave to be in its own class as the "most private" browser tested (including Firefox): https://www.scss.tcd.ie/Doug.Leith/pubs/browser_privacy.pdf.
You could perform a similar test yourself. Setup Fiddler on your machine (installing the root cert to inspect HTTPS traffic), set aside %localappdata%/Mozilla and %appdata%/Mozilla, then launch Firefox. The traffic (without any user interaction) is a surprise to many. Compare with Brave (be sure to set aside %localappdata%/BraveSoftware beforehand).
I've never quite understood why I would want to use Brave as its just another chromium browser with some ideas about advertising. I found your post interesting.
The paper you linked to is limited in scope to the browser itself calling home with unique identifiers. The paper says nothing about what happens when the browser visits say Facebook.
In terms of the browser calling home and uniquely tracking you all by itself, the paper says Brave does a good job. But Brave still calls home for things and Brave can still collect IP addresses and browser fingerprints the same as any other site.
I would really appreciate a few examples. Ads, love them or not, have funded the Web thus far. Blockchain is making it even easier to integrate support into the Web. Brave sees the potential in both, and leverages the two together. Users are able to privately and anonymously be rewarded for viewing an occasional ad notification, and turn that into meaningful support for content creators. All other methods of supporting those who make the Web great tend to involve digging into your own pocket (not everybody has disposable income), and/or handing over personal details to a third party. Brave's approach requires neither of those.
I re-read it twice, but I don't see anything in the blog post advocating censorship:
> 1. Reveal who is paying for advertisements, how much they are paying and who is being targeted.
> 2. Commit to meaningful transparency of platform algorithms so we know how and what content is being amplified, to whom, and the associated impact.
> 3. Turn on by default the tools to amplify factual voices over disinformation.
> 4. Work with independent researchers to facilitate in-depth studies of the platforms’ impact on people and our societies, and what we can do to improve things.
> These are actions the platforms can and should commit to today. The answer is not to do away with the internet, but to build a better one that can withstand and gird against these types of challenges. This is how we can begin to do that.
I read the blog post as claiming that deplatforming / silencing isn't the answer. A lot more (outlined above) is required.
> 3. Turn on by default the tools to amplify factual voices over disinformation.
> 4. Work with independent researchers to facilitate in-depth studies of the platforms’ impact on people and our societies, and what we can do to improve things.
I'll help you. These two are the overt censorship.
When (often hyper-partisan like Snopes) fact checkers are the ones determining what you can see based on THEIR OWN interpretation of "hate speech" or "inciting violence" then that's censorship.
Alternatively, if you don't want to see something on Twitter / Parler / Gab / etc, just don't follow that person instead of calling for them to be censored.
> When (often hyper-partisan like Snopes) fact checkers are the ones determining what you can see based on THEIR OWN interpretation of "hate speech" or "inciting violence" then that's censorship.
This viewpoint is the culmination of years of hacking the
Overton window. In any two-party environment where only _one_ party regularly _does_ proliferate bigotry and violent attitudes, any reasonable/neutral observer will appear to be a partisan for the opposition by default.
To assume this wouldn't be the case wrongly assumes that ideas should naturally fall along a Normal distribution, with the most morally-correct views centered precisely at x=0 (bipartisan) along the left/right axis.
The probability of both factions promoting bigoted/violent attitudes at precisely the same rate is, well, impossible. Inevitably there will be a higher penetration of these ideas in one side or the other.
I'm not making the claim that the balance is immutable (it's always changing), but at this moment (and for the past decade, at least) there is one side where those ideas are _far_ more widely seen as acceptable or encouraged.
They also claim that The New York Times and news outlets the NYT recommends represent "factual voices" that need to be amplified.
I'm looking for alternatives after 24 years with Mozilla.
I used to worry about their sinking market share. Now I celebrate it (2.66% if mobile browsers are included).
Unfortunately most alternatives are based on Chromium, and Google is of course also not a neutral player.
Still, there are some interesting browsers to be discovered. Opera has some really nice features now (like workspaces and a free VPN), but it's closed source and partially owned by a Chinese company. But it shows that innovation is still possible in the browser space.
I just ended 17 years of FF fidelity. I was already using Brave on mobile and sometimes on desktop. With the bookmark import tool and my password stored on Bitwarden, it takes a couple of minutes to have a comfy browsing environment.
The only issue I see with Brave is Qwant is the default search engine. Qwant is heavily backed up from the French government and answer to censor request very easily, I have more trust in DDG for privacy & censorship.
I just installed Brave for Android, and for me Google was the default. It's very straightforward to change to Startpage or DDG, but much more worrying than the default engine is that it does not seem to be possible to add a custom search engine such as one using Searx! That's an absolute necessity in my opinion.
I don't know if Brave supports it, but I learned a while back that in Firefox you can add "smart bookmarks" (I think that's what they're called) where you put a "%s" in the url and then when you hotlink the bookmark it will substitute any words after the bookmark keyword into the url.
I've used that trick to add custom search keywords for multiple websites that didn't have an "official" Firefox search engine.
I know, as I said in my comment. DDG is okay I guess, but why is it not possible to use a truly custom engine? I personally want to use an instance of Searx.
I will now try Vivaldi, which is also based off Chromium.
You mean backing Google because of Chromium? It's not my favorite link, but I also don't see how Google benefits? Except perhaps by open source contributions to Chromium that can be reintegrated into Chrome?
I'm with you- I read Mozilla's statement in a well-intentioned light, and believe that they are still as much of a leader of internet freedoms as they've ever been. It's true that there's a complicated situation around censorship and moderation, and the national conversation turning to this area doesn't make the lines any clearer, but Mozilla certainly doesn't deserve the level of criticism I've observed in some forums for this statement. If you feel as sure as I do, and would like to support their cause, it's more effective to donate what you can to the Mozilla Foundation than to further engage with the narratives these threads imply.
I could agree with this view if the article was titled something like "Deplatforming is not the answer"
When you are in a politically charged moment like we were when that post went live, a headline of "We need more than Deplatforming" is implicitly stating that the actions taken were correct and justified. That is obviously something a large portion of the country is going to disagree with.
Ever since the ousting of Brendan Eich over his Prop 8 donations, right-leaning people have been a bit wary of Mozilla. Many of us still backed them because the ideas they claim to stand for seem noble.
Blog posts like the one in question make it very hard not to feel like Mozilla's position is "we disagree with you and we don't want you around." If they don't want us as users, then maybe it's better we go elsewhere. Brave is a logical place for such people to look since it is run by Eich, which was where everything started.
> I read the blog post as claiming that deplatforming / silencing isn't the answer. A lot more (outlined above) is required.
Those other things are also called for in the post, but the actual post title was "We need more than deplatforming" (emphasis added). In other words, mere deplatforming / silencing isn't enough, according to the post.
The post reads (to me) like calls for web sites and advertisers to implement these practices (like transparency in advertisers), not like features/changes that will ship in Firefox. I'll gladly change my tune, of course, when I see a patch land that blocks users from viewing certain content.
This was the final straw for me. I'm migrating to alternatives after a very long time with Firefox. I just can't trust the product of a wildly ideological organization which clearly has hangups about free speech and how users spend their time on the internet. (For some reason you never hear these people about Tor which undoubtedly has been conducive in many human rights violations).
I've tried Brave and it looks and feels good. And the ability to donate to random Twitter users directly from the browser interface is a brilliant and innovative feature that I intend to start using.
Brave doesn't have popups unless you explicitly go out of your way to ask for them. Out of the Box, the web is quite a nice experience with Brave, which is not the case with any other browser I know of.
Brave does have ads in the browser's empty tab. I'm fine with that, if that's how they monetize it. I've even clicked on a few because they were interesting to me, which I haven't done in years on any other platform.
"Brave has ads" is a good thing. Please, allow me to explain :)
When you launch Firefox for the first time, you're already being setup and prepared to be served to Google. Your data and more are being primed. The address bar serves as a key-logger, and your inputs (before ever explicitly navigating anywhere) are being sent to Google.
Brave's ad notifications are opt-in; you have to turn them on. You decide their frequency. They're built on privacy. Users in a common region (e.g. United States) share a regional catalog. Your browser downloads a copy of this catalog, studies it locally, and decides when/if it should show any of the ads listed therein.
When a Brave Ad is displayed, 70% of the revenue goes into a digital wallet. When you see an ad in Firefox, there's a good chance you just lost a little bit of your data, and received nothing in return. In Brave, these rewards stack up, and can be passively or actively distributed to the sites and properties you appreciate most online.
While your arguments make sense, I find the continuous calling of other browsers as having keyloggers disingenuous. The only difference for Brave you've mentioned elsewhere in the thread is that it's opt-in by default instead of opt-out, which is fair.
Also, by this logic any text field that does something with your input before explicitly pressing a submit button is also a keylogger. That just doesn't make sense.
When an application sends your keystrokes (or an accidental/unintended paste) off to a third-party without your consent, I think it is fair to call that a keylogger.
> …by this logic any text field that does something with your input before explicitly pressing a submit button is also a keylogger.
I respectfully disagree, since there are many things a text field can do with input which doesn't violate the user privacy (e.g. local spell-checking, input sanitization).
My objection is with the automatic transmission of keystrokes to third-parties without the explicit consent of the user. Whether we agree to call this "key-logging" or not isn't as important.
We can both agree that this could result in the unintended sharing of very sensitive data—that's the point I'm trying to make. Cheers!
I have one remaining worry about Brave: If I choose to auto-contribute to sites, would it be possible to deanonymize me and derive what I look at from the BAT blockchain? E.g. if someone knows some of the sites I look at can they find out the rest?
These contributions aren't made on the public blockchain, so there is no way (not even for Brave) to know which site(s) you're supporting. Note also that (by default) the Brave Rewards wallet has no requirement for KYC. As such, there is no information about [you] connected to these transactions.
Brave and uBlock Origin use common lists. One area where uBO goes a step further than Brave is in cosmetic filtering. That said, we're going to be pushing some updates this year which bring Brave up to speed in this category.
@Jonathansampson will Brave adopt Manifest V3 (which will in principle remove some functionality from adblockers) from Chrome/Chromium ? Or do you plan to use your own solution ?
A piece of software injecting behaviour that aims to benefit the CEO of the company and earn him money should be considered what exactly? Have you ever seen any other browser do anything like that? I think you are simplifying the issues here. They did not advertise what they did, and only changed their behavior when they were caught out. I can point to quite a few other things Brave has done that is similar in nature. I think people should be informed about the product before considering using it since it pops up on HN once every 3 months.
Its ok to differ on the opinion about wether an explanation is reasonable or not and we differ on that. How one can make that mistake to me is a bit worrisome. To me, thats not a developer bug (nor does their explanation provide any proof that it is), its an intentional way for someone to benefit financially without informing their users. Also have a look at the +1 posters history. Some more interesting behaviour.
If you want and care, do some of your own research on some of the other 'mistakrs' brave and their CEO have done. Ive never seen such mistakes happen regularly with other browsers that have been around longer. Feel free to use Brave, Im just informing the public.
What are you suggesting? Fire up Fiddler today, and spend a few minutes or more observing Brave's network activity. You will find no instance where Brave (the company and developers) are watching or tracking users; it's against our very core.
You keep linking to the affiliate suggestion as though it were something alarming; it isn't. And that's the response from those in the InfoSec community. To pair this mistake with the ominous warning that Brave "can potentially watch and track your every move" is silly.
I’m just saying that if you were one of those who liked it when Mozilla got rid of Brendan Eich, there is no reasonable way you could then justify switching to use a browser from that same person.
(Note that I am not expressing a personal preference.)
I simply don't get BAT.