Disclaimer: I do consulting work for Brave. Opinions my own.
Maintaining a browser is a huge amount of work. The web evolves constantly and security fixes are extremely important. Being competitive in the space requires a very large amount of engineering resources.
A commercial entity has a sustainable path to providing those resources. While nobody likes ads, I think they're opt-in in Brave and at the end of the day they're a potential source of funding for the necessary development efforts. Brave also has a unique way of serving ads in a privacy-friendly way.
Most of Brave is developed in the open. Where it isn't, there are good reasons why such as for example security. But I'm also privy to some of the internal discussions. It is amazing how much thought and effort the people at Brave put into privacy, even when it is not visible to the outside world. Again serious engineering resources are devoted to changing Google's Chromium implementation to make it better for privacy. One discussion I vaguely remember was how browser caching can be used to fingerprint users in a very subtle way, and Brave engineers thought very long and hard about how to close this particular loophole of the web.
In short, I don't think "commercial" is bad and having seen some of the internal discussions, I trust Brave a lot when it comes to privacy.
It's normal in any open source project to keep security mailing lists and things of that nature private. And for good reasons.
One of the reasons is they are dealing with security related bug reports. Public disclosure before having a fix in place puts users at risk.
Besides that 'security' is a process that all groups are responsible for. So it can't help being _developed_ in the open if the project is open. Which Brave is.
I agree with the above. I guess I interpreted the comment as saying some code parts of Brave are not open for security reasons. I don't actually know whether this is true or not.
Code wise, sure, but if you're discussing a 0-day in the wild, you may want to keep it private while you work out the details and the solution, otherwise you're inviting more abuse.
> A commercial entity has a sustainable path to providing those resources....
[...]
> ...having seen some of the internal discussions, I trust Brave a lot when it comes to privacy.
I felt similarly about Google while I worked there. There were and still are a great many very skilled people focusing on security and privacy within Google, with good intentions. I personally had my own work vetted multiple times for security related stuff, and I was quite impressed.
Yet, Google has grown a bit of a PR problem with respect to privacy issues.
The (potential) problem is structural. Commercial entities exist to make money for investors. Protecting user privacy is a different goal. We also live in a world of grey areas, so judgement calls need to be made.
What structurally prevents the Brave corporation from changing once those people leave, leadership changes, acquisitions happen or Brave is acquired?
I see no particular structural reason to trust Brave more than Google. They're both companies that go to great lengths to respect and preserve user privacy. They're both corporations that exist to make money for investors.
What would I trust even more than Brave or Google? Something run under some form of governance that is legally accountable at a primary and structural level to what it is actually aiming to provide (e.g. privacy) rather than to making money (most every corporation in the world).
One difference between Google and Brave is that Brave has privacy as its selling point to users. If they compromise on that, then they will become less attractive to users. As such, they are much better aligned with users when it comes to privacy. I would say that actually is a structural reason.
Brave is an ad company, in the sense that their only revenue is from ads.
Brave has every motivation to make external tracking as useless as possible, because it increases the relative competitiveness of their own ad platform. Since they own the browser, they can track as much as they want. I'm not saying that they do this today, their implementation might be very privacy focused right now.
I also appreciate that you need money to maintain a browser, even if it's just a layer on top of Chromium.
But we've seen again and again that maximizing revenue always wins out in the long term.
As long as primary revenue for Brave is ads I don't see why I should trust them any more than Google. Less so in fact, because Google doesn't depend on Chrome to generate revenue. For them it's just a helpful sidekick.
> This is like saying non-profits are donation companies
Not sure how true that is. Non profits definitely rely on donations as their sole income, and are incentivized to take actions to maximize donations, but the difference is that (ideally) they can't really line their own pockets with the income that comes in. So the only reason they would maximize their income is to put more money into the things that they do.
This is not the case with Brave. The browser is a front, or a channel, for their token and ad network. They only need to keep the browser part of it functional enough to keep traffic. They have no real incentive to improve the browser beyond that point, especially if other competitors stagnate and the money keeps coming in.
All I remember brave for is some crypto nonsense, and looking at wikipedia it seems they were doing some kind of suspect "content creator payments" that were opt-out and not forwarded?
At the face of it, it sounds like they had a "Donate to platypus" button but you'd only get the donations if you knew to sign up with them on the back end? Gross.
It's opt-in for people to choose Brave over another browser.
It's opt-in for creators to accept payouts.
All the complaints mentioned in your link were resolved 2 years ago. Brave returns money to donators if the creator doesn't sign up within 90 days. And creators status with Brave is clearly prominent in the UI.
The list of sketchy stuff in Chrome over the years makes Brave look saintly. And Firefox and even Safari.
The "crypto nonsense" is the Basic Attention Token. If you enable ads, you get paid in cryptocurrency for your attention.
Completely optional too. First time I've ever seen an advertiser allow users to simply turn off the ads. Plenty of people use Brave on mobile just for the built-in ad blocker. It's not as good as Firefox + uBlock Origin but it's still a huge improvement over Chrome.
Why is it "nonsense"? Seems like a good thing to try and see if it works as a way to pay content creators. Maybe it doesn't, we will see. But why call it "nonsense"?
The short answer is that yes, Brave as a company does have some competing incentives which rightly should be constantly criticised, HOWEVER, Brave the browser performs well in multiple independent reviews of browser privacy. A nice one is https://privacytests.org/, though there are also some academic studies which I will link if I find.
>This website and the browser privacy tests are an independent project by me, Arthur Edelstein. I have developed this project on my own time and on my own initiative. Several months after first publishing the website, I became an employee of Brave, where I contribute to Brave's browser privacy engineering efforts. I continue to run this website independently of my employer, however. There is no connection with Brave marketing efforts whatsoever.
>I am committed to maintaining this website's accuracy and impartiality. It is my goal not to promote any browser here, but rather to offer objective test results for all browsers that encourages a general improvement in privacy across the industry.
>By keeping this project fully open source, I endeavor to provide the maximum possible transparency and verifiability of the tests and results. Anyone who wishes to check the results can clone the git repository and run the browser tests independently. Ideas for additional tests, or code (pull requests) for additional tests that provide further insight into browser privacy, will be gratefully accepted.
Interesting. Wondered why results are displayed there as they are; the ones at the top look bad for Vivaldi, for example. Speaking of which Proton don't include Vivaldi. Perhaps as they have their own email client built right into their browser. Nope, I don't work for Vivaldi. It's one of several that I use.
It is not a comprehensive argument that "brave better", just that it sends less tracking information by default. Still, I think that's an important metric.
Privacy Badger is not recommended these days. It actually makes you more fingerprintable in some cases. Its better to use in-browser anti fingerprinting.
Brave's adblock is actually based on the filtering used by ublock (check out the filter list pages for both browsers!). However, it is inferior to ublock on Firefox (or librewolf) as there is more sophisticated CNAME uncloaking (among other things) on FF/LW.
Many comments here that I agree with, but I'd add that thinking purely in terms of commercial vs non-commercial is very reductive.
Mozilla is a not-for-profit company, and that matters, but they do engage in advertising deals and things of the sort. Non-profits do have less incentives for unethical behavior, but they don't have zero incentives.
I don't think we can only recommend non-commercial companies, although giving points for being so is good.
(Biases disclaimer: I like Brave, I prefer Firefox by a tiny margin)
Yes, that situation is strange to me. Mozilla makes hundreds of millions (or more?) annually. In what tangible way is it different from a for-profit company?
So is Mozilla. Mozilla makes there money through product placement (mostly from Google) though they now make some money on the side selling (targeted) ads through out the browser.
They also still have trouble with websockets. Sometimes it just fails to reconnect, and will not work before restarting the browser or opening a private window. This is what drove me away from it, as well as recommending our clients to use another browser. There's an issue here from april 21 https://github.com/brave/brave-browser/issues/15410 which initially seemed geared towards Phoenix Liveview, but others have trouble with other frameworks and applications as well it seems.
yes. Brave is functionally sort of like a mafia protection racket. They just insert themselves between you and whatever you're browsing, block everyone else's ads, and insert their own. except their ads are supposedly the good ones, and they cut you in on it by giving you some of their made up token currency
Nothing wrong with that. Every browser should do that by default.
> except their ads are supposedly the good ones
You can literally turn them off. Only way for advertising to get better than that is to stop existing.
Also, if you do turn them on, they're the most benign ads I've ever seen. Basically a small text notification. Easily dismissed and ignored.
> they cut you in on it by giving you some of their made up token currency
They pay you in cryptocurrency for your attention. The idea was for people to spend those coins on the sites they like. I think the execution could have been better. Most people just amass a large amount of coins and exchange for other cryptocurrencies or USD.
It's not "made up". At the top of the cryptocurrency bull market, 1 BAT was worth almost two dollars. I've seen people with thousands of BATs just from browsing.
of course it is. It's a pre-mined token that has only one incentive, and that is to get more people to use Brave and BAT. They could have simply payed you in dollars, Ethereum or Bitcoin directly, right? No harder to credit you with an existing, relatively stable crypto currency. The difference is of course, they would have to actually pay for that and you'd have no incentive to pump up the currency.
it's pretty genius in a way to bolt a MLM scheme on top of a browser.
Brave Ads are better than the ads they block in my opinion. They are opt in. They aren't targeted/tracking. They appear as notification bubbles so they don't disrupt page content. They don't run javascript which can be a security and performance problem.
I agree. As far as advertising goes, they're almost tolerable. I never thought I'd ever see the day an advertiser would allow people to turn off the ads.
The wat they organize that (claim at least, but from my understanding, that is correct), is to align those interests with those of its users. You can opt out, in, determine yourself to which extent.
Maintaining a browser is a huge amount of work. The web evolves constantly and security fixes are extremely important. Being competitive in the space requires a very large amount of engineering resources.
A commercial entity has a sustainable path to providing those resources. While nobody likes ads, I think they're opt-in in Brave and at the end of the day they're a potential source of funding for the necessary development efforts. Brave also has a unique way of serving ads in a privacy-friendly way.
Most of Brave is developed in the open. Where it isn't, there are good reasons why such as for example security. But I'm also privy to some of the internal discussions. It is amazing how much thought and effort the people at Brave put into privacy, even when it is not visible to the outside world. Again serious engineering resources are devoted to changing Google's Chromium implementation to make it better for privacy. One discussion I vaguely remember was how browser caching can be used to fingerprint users in a very subtle way, and Brave engineers thought very long and hard about how to close this particular loophole of the web.
In short, I don't think "commercial" is bad and having seen some of the internal discussions, I trust Brave a lot when it comes to privacy.