[pmurt7]

The entire ad catalog is sent on your machine and some ad engine running inside the browser decides which ads to show you. It's funny seeing all these folks nitpicking at Brave but who are fine using Google or Microsoft every day

[gentleman11]

Do you have to download the chosen ad or is it already on your system? If you selectively downloaded ads, your ip address could give you away and you get a floc like situation

[jonathansampson]

The ad catalog for your region is downloaded; it comes with click-through URLs, titles, body text, and some other information. There is no connection made beyond this to retrieve any other ad-related data. You can see what your own regional catalog contains by visiting https://sampson.codes/brave/ads/my_region/.

[gentleman11]

Thanks for clarifying!

[ehutch79]

I don't really care about brave either way, it's just dubious that the ads are somehow untrackable when you apparently get credit for seeing them some how?

[jonathansampson]

We use zero-knowledge proofs and blinded tokens to track when an ad has been viewed by a user. But there is no user data involved here. The magic of cryptography is that you can prove you viewed the ad without telling us anything about you

[x4e]

Do you have any reading material about how you achieved this?

I can't really see how zero-knowledge proofs could solve this. There is no cryptographic way to prove that software executing on a clients machine triggered a notification. Especially on Linux where an open source notification manager could be modified to reject it.

[freebuju]

Assuming you have gone through this [0] and it did(n't) click for you.

I'm equally not so convinced on this anonymous ad system they claim to have built. The browser claims to generate an adID based on your history but encrypt this info to the advertiser. Maybe someone who has actually interacted with the ad platform can provide more insight on what information is exposed.

Zero-knowledge advertising sounds practically like an oxymoron to me, but hey they claim to have made it work.

[0] https://brave.com/themis/

[jonathansampson]

Certainly! Check out the resource detailing our Ad Confirmation process at https://github.com/brave/brave-browser/wiki/Security-and-pri... (it's a little old, but should be helpful). We leverage the Privacy Pass approach too, so reading https://www.petsymposium.org/2018/files/papers/issue3/popets... will also help understand our process. I hope this helps!

[x4e]

Perhaps I am misunderstanding what you sent, but isn't this just a way for the user to report that they viewed an add, not prove that they viewed it?

[jonathansampson]

The cryptographic proofs are baked-into the confirmation and reporting process.

A sufficiently-capable attacker could conceivably trick the browser into thinking a native OS ad-notification was displayed, we do rely on the OS to inform us at this point (though preview versions of Brave do not have this dependency), but we have considered this as well.

The main threat here would be an attacker who attempts to automate the confirmation process, and potentially duplicate it across various VMs or OS instances. Fortunately, we've considered this too. For reasons I hope are obvious, I can't go into greater detail here.

[nieve]

Ah, I hadn't noticed you declaring your financial interest before and was wondering if you were a Brave employee.

[mthoms]

You misunderstand. The sensitive data here is your browsing history (and all that it infers). Brave never sees that.

But yes, when you view an ad, that gets recorded somewhere (so that you can get rewards, and the advertiser can be billed).

You decide if you’re comfortable with this or not. The feature is easily turned on or off.