Difference between revisions of "Brave Browser"

From SI410
Jump to: navigation, search
Line 67: Line 67:
 
<br clear=all>
 
<br clear=all>
  
Another time that Brave Browser did not uphold their promises on privacy was their addition to auto-completing links to redirect users to affiliate links, “presumably for profit.” One user reported that when typing in “binance.us” to Brave Browser, it was auto-completed with "binance.us/en?ref=35089877." While the auto-completing of this link actually sent users to the right place, this incident rubbed users the wrong way. Because Brave Browser gives users the option to keep or remove ads, users were not pleased that Brave Browser was auto-completing links without notifying users that they were doing so.<ref>Engadget HD. (8, June 2020). [] Retrieved 7 April 2021. [https://go-gale-com.proxy.lib.umich.edu/ps/i.do?p=STND&u=umuser&id=GALE%7CA655333954&v=2.1&it=r&sid=summon "Brave privacy browser 'mistake' added affiliate links to crypto URLs."]</ref>
+
Another time that Brave Browser did not uphold their promises on privacy was their addition to auto-completing links to redirect users to affiliate links, “presumably for profit.” One user reported that when typing in “binance.us” to Brave Browser, it was auto-completed with "binance.us/en?ref=35089877." While the auto-completing of this link actually sent users to the right place, this incident rubbed users the wrong way. Because Brave Browser gives users the option to keep or remove ads, users were not pleased that Brave Browser was auto-completing links without notifying users that they were doing so.<ref>Engadget HD. (8, June 2020). [https://go-gale-com.proxy.lib.umich.edu/ps/i.do?p=STND&u=umuser&id=GALE%7CA655333954&v=2.1&it=r&sid=summon "Brave privacy browser 'mistake' added affiliate links to crypto URLs."] Retrieved 7 April 2021.</ref>
  
 
A third incident that Brave Browser had was because of their Tor browsing mode. Tor’s main objective is to conceal a user’s location when browsing online. Brave Browser had a bug that caused the website being visited to send a DNS query to your local device, which makes it possible for others to find your location. This bug was able to be verified by using an application, Wireshark, to analyze DNS traffic.<ref>Abrams L. (19, February, 2021) [https://www.bleepingcomputer.com/news/security/brave-privacy-bug-exposes-tor-onion-urls-to-your-dns-provider/ "Brave privacy bug exposes Tor onion URLs to your DNS provider"] Retrieved 7 April 2021</ref>
 
A third incident that Brave Browser had was because of their Tor browsing mode. Tor’s main objective is to conceal a user’s location when browsing online. Brave Browser had a bug that caused the website being visited to send a DNS query to your local device, which makes it possible for others to find your location. This bug was able to be verified by using an application, Wireshark, to analyze DNS traffic.<ref>Abrams L. (19, February, 2021) [https://www.bleepingcomputer.com/news/security/brave-privacy-bug-exposes-tor-onion-urls-to-your-dns-provider/ "Brave privacy bug exposes Tor onion URLs to your DNS provider"] Retrieved 7 April 2021</ref>

Revision as of 16:48, 8 April 2021

Brave Browser
Brave-logo.png
Braveex.png
"Brave Browser" download link
Type Web Browser
Launch Date 2015
Status Active
Product Line Brave Browser
BAT
Platform Windows
macOS
Linux
Android
iOS
Website www.brave.com


Brave Browser is an open-source browser application focused on prioritizing user privacy and democratizing online advertising. It has been developed using the Chromium web browser as a foundation, like Microsoft Edge and Opera. Brave is specifically focused on the user privacy niche and blocks all ads and trackers by default. Brave Software was co-founded in May 2015 by CEO Brendan Eich (creator of JavaScript and former CEO of Mozilla Corporation) and CTO Brian Bondy.[1] Brave is headquartered in San Francisco, CA. As of February 2021, Brave Browser had over 25 million monthly active users. [2]

Key Features

Ad and Tracker Blocking

Brave Browser blocks all ads and third-party trackers by default. On any given tab, the browser has an option to enable and disable a display showing how many items have been blocked or modified on that particular page, such as cross-site trackers, connections upgraded to HTTPS, and scripts blocked.[3] The Brave Browser does not serve individual user browsing data on its servers, unlike most other browsers; instead, all user data is aggregated before being returned to Brave's servers. The ads and trackers that are blocked by default can also be customized by the user at any time. [4] However, user browsing data is still saved on users' local devices in order to ensure that ads that they may opt-in to see are still relevant. Brave also advertises that the fact that all ads are blocked, enabling faster browsing times for the user.

Basic Attention Token (BAT)

BAT logo

The Basic Attention Token (BAT) is an Ethereum based token that can be traded on a wallet embedded in the browser itself. BAT is the unit of exchange used for browser features such as Brave Rewards. BAT had its initial coin offering (ICO) on May 31st, 2017.[5] In under 30 seconds, 1,000,000,000 BAT were sold for a total of 156,250 Ethereum.[6] BAT improves the efficiency of digital advertising by creating a new unit of exchange between publishers, advertisers, and users. BAT allows users to have greater agency over the ads they see online: users can block ads, pay to see different ads, or view ads and earn BAT tokens in exchange.[7] Advertisers also benefit from this model by achieving higher returns on advertising investment. This is delivered through better ad targeting (based on local user data) and reduced fraud.

Brave Rewards

Brave Rewards has a two-pronged benefit: it allows users to support their favorite content creators, and it allows users to earn money. For the former, Brave allows users to send their favorite content creators (YouTubers, Twitter users, blog owners, etc.) BAT, which can be converted to cash. This practice is known as tipping. Users can choose to either set up recurring payments or make a one-time payment. For the latter benefit, users can choose to earn money by opting in to view ads. Rather than traditional banner ads, Brave displays its ads as a push notification that users can choose to interact with. The aim of this ad format is to create a more engaging ad experience that benefits all parties involved.

Currently, Brave has over 735,000 registered content creators with many notable names such as Philip DeFranco, The Washington Post, wikiHow, XXL, Vice, and The Guardian to name a few.[8] In the current e-commerce system, digital content creators receive an estimated half of their revenue due to ad-blocking users and many digital ad platforms are monopolized by Google, Facebook, and Amazon.[9] Thus, Brave Rewards is highly appealing to content creators as it attempts to equalize systemically disproportionate streams of revenue.

IPFS Integration

IPFS is the protocol that Brave uses instead of HTTP, which is what most browsers use. IPFS is known as a peer-to-peer protocol. This is because it uses distributed nodes near the user to send data. This can result in faster web browsing in certain areas. In contrast, HTTP has a centralized server that transmits data to users. This can be slow in some areas if the distance from the user to the server is far.

Another benefit to IPFS is that content restricted in some parts of the world, such as Turkey, Thailand, and China, are now available to them because of IPFS.[10]

Other Features

  • Tor integration for anonymous browsing by concealing user location and usage information
  • Auto-suggesting search terms and searching from the address bar
  • Option to use DuckDuckGo for private window search
  • Built-in password manager
  • Fingerprinting prevention, cookie control, and HTTPS upgrading
  • Support for most Chrome extensions

Planned Features

According to Brave’s BAT roadmap of 2021, Brave developers are aiming to increase crypto and decentralized finance (DeFi) accessibility by creating their own cryptocurrency wallet using Ethereum, an open-source blockchain technology.[11] The Brave Wallet will replace existing crypto wallets and have redesigned UI/UX as well as mobile support. A JavaScript Ethereum Provider API, used to connect web apps with Ethereum blockchain, will now be supplied to web pages by default and more options for buying crypto with fiat payment methods, currencies without intrinsic or use value, will be unlocked. Brave is also looking to support integrated NFT redemption usage(source) within its browser and enable payment of transaction fees through BAT. To further spread DeFi, Brave is creating a new decentralized exchange aggregator with monetary incentives for Brave/Bat users. Aside from future optimizations in accountability and anonymity, to achieve their final endgame of building a Decentralized Web, Brave is researching BAT use in search engines, e-commerce, VPN, IPNS-verified content, and IPFS content pinning. According to public IPFS documentation, IPFS refers to “a distributed system for storing and accessing files, websites, applications, and data.”[12] IFPS uses content-based addressing while IPNS solves the issue of creating updatable addresses when content is updated. By tying BAT with multiple Decentralized Web systems, Brave is associating their browser and its reward system with other public efforts towards decentralization.

Ethical Considerations

Brave's advertising model

Data Privacy

Data privacy while browsing online is a point of contention regarding Internet privacy in the modern-day. Brave offers a robust feature list on metrics related to online privacy and data ethics. By keeping all data local and privatized, Brave does not monetize user data the way many browsers do. Instead, its primary revenue driver is its usage of BAT.[13] This business model allows them to monetize browsing while still returning 70% of revenue to Brave users themselves.[14] This allows for incentive alignment with users who are focused on privacy and Brave's monetization strategy and business model.

Online Advertising Ecosystem

The main concern with Brave's lack of individualized user collection is whether or not users would see relevant ads if they chose to opt-in to see ads in order to earn BAT. Although Brave does not collect individualized user data, it still practices machine learning on aggregated and anonymized data to ensure that ads users see are relevant for them.[15] By approaching advertising this way, Brave addresses common ethical concerns of monetization user behavior data, while still employing machine learning as an effective tool to display relevant ads. By choosing to implement ads in-app instead of using a third-party ad service, Brave Browser also eliminates the 3rd party ad broker and allows for revenue to be returned to the users.


User Expectations of Privacy

Brave's new tab disclosure

Users frequently have misconceptions about online privacy and how private browser modes work.[16] These include overestimating the function of private browser modes, such as assuming protection against ISP tracking of browsing history. A study has suggested this causes a negative impact on user privacy when using the Brave Browser, as users may engage differently when they expect a certain degree of anonymity.[17] This study also suggested that the new tab disclosure, which attempts to explain the difference between Brave’s two modes, is not effective at educating users on the impact on browsing privacy.

Failure of Privacy Promise

When Brave Browser was released, privacy was their main policy. By design, Brave Browser would inherently provide better privacy than other browsers. Brave addressed a big issue, surveillance capitalism, by “blocking trackers, invasive ads, and device fingerprinting.”[18] However, there have been some moments where Brave has failed to uphold their promises on privacy. There are multiple instances of the Brave Browser not delivering on its claim to provide privacy protection. One claim that has been found to be misleading is that all traces of browsing history are cleared on closure.[19] Fragments of browser data and activities are still accessible on RAM after closing the browser, though they are lost on computer shutdown. Another instance of compromised privacy was seen when a leak, originally seen in a patch introduced on October 14, 2020, was released in a stable build on November 20, 2020.[20] This leak revealed DNS information and server logs that could be traceable through high-level network access, such as law enforcement, posing a potential safety concern for users in regions with browsing restrictions. The leak was fixed on February 4, 2021 after being present in the stable build for 91 days. In another study, the Brave Browser was found to be vulnerable to the same attacks as Chrome, as it is built off of Chromium, which can reveal some browsing history information through CSS and Javascript weaknesses.[21]

Another time that Brave Browser did not uphold their promises on privacy was their addition to auto-completing links to redirect users to affiliate links, “presumably for profit.” One user reported that when typing in “binance.us” to Brave Browser, it was auto-completed with "binance.us/en?ref=35089877." While the auto-completing of this link actually sent users to the right place, this incident rubbed users the wrong way. Because Brave Browser gives users the option to keep or remove ads, users were not pleased that Brave Browser was auto-completing links without notifying users that they were doing so.[22]

A third incident that Brave Browser had was because of their Tor browsing mode. Tor’s main objective is to conceal a user’s location when browsing online. Brave Browser had a bug that caused the website being visited to send a DNS query to your local device, which makes it possible for others to find your location. This bug was able to be verified by using an application, Wireshark, to analyze DNS traffic.[23]



References

  1. Brian Bondy. [1] Retrieved on 11 March 2021.
  2. Brave Browser. "Brave Blog" Retrieved on 11 March 2021.
  3. Brave website. [2] "Blog] Retrieved on 11 March 2021.
  4. Brave website. [3] "Blog] Retrieved on 11 March 2021.
  5. [4] Retrieved on 11 March 2021.
  6. [5] Retrieved on 11 March 2021.
  7. [6] Retrieved on 11 March 2021.
  8. Brave (2019). "Earn more for content you publish to the web - Brave Creators" Retrieved on 8 April 2021.
  9. Williams, R. (2019, August 23). "Google: Publishers Lose Half Of Ad Revenue From Cookie Blocking" Publishing Insider Retrieved on 8 April 2021.
  10. Bonifacic, I. (2021, January 19). "Brave browser now supports peer-to-peer IPFS protocol" Retrieved on 7 April 2021.
  11. Brave (2021, February 22). "BAT Roadmap 2.0" Retrieved on 8 April 2021.
  12. Schilling, J. (2019, December 3). "What is IPFS? | IPFS Docs" IPFS Docs Retrieved on 8 April 2021.
  13. https://gizmodo.com/brave-wants-to-destroy-the-ad-business-by-paying-you-to-1834283860] Retrieved on 11 March 2021.
  14. https://social.techcrunch.com/2019/04/24/brave-ads/] Retrieved on 11 March 2021.
  15. https://brave.com/intro-to-brave-ads/] Retrieved on 11 March 2021.
  16. Wu, Y., Gupta, P., Wei, M., Acar, Y., Fahl, S., & Ur, B. (2018, April). Your secrets are safe: How browsers' explanations impact misconceptions about private browsing mode. In Proceedings of the 2018 World Wide Web Conference (pp. 217-226).
  17. Fehlhaber, A. L., Acar, Y., Fahl, S., Gutfleisch, M., Theis, D., & Wallkötter, F. Poster: When Brave Hurts Privacy: Why Too Many Choices do More Harm Than Good.
  18. Krill P. (19 November 2019) "'Privacy first' Brave browser exits beta." Retrieved 7 April 2021.
  19. Mahlous, A. R., & Mahlous, H. Private Browsing Forensic Analysis: A Case Study of Privacy Preservation in the Brave Browser.
  20. Powers, B. (2021, February 23). Brave browser leak exposed user domain info for months. Retrieved March 18, 2021, from [7]
  21. Smith, M., Disselkoen, C., Narayan, S., Brown, F., & Stefan, D. (2018). Browser history re: visited. In 12th {USENIX} Workshop on Offensive Technologies ({WOOT} 18).
  22. Engadget HD. (8, June 2020). "Brave privacy browser 'mistake' added affiliate links to crypto URLs." Retrieved 7 April 2021.
  23. Abrams L. (19, February, 2021) "Brave privacy bug exposes Tor onion URLs to your DNS provider" Retrieved 7 April 2021