[ ] Yeah, so that’s the really radical idea, and it’s not fully implemented. Brave, with the right opt-in - we wouldn’t wanna surprise users with this, but Brave should be your personal Google; it should be your personal data set and machine learning, which adds value to the data.

You know how people say “Facebook sells your data”? They don’t, because if they did, it would all get quickly arbitraged to a low price, and it’s seasonal enough, there’s enough repeated behavior among users that it wouldn’t be necessary for them to keep selling it. It would be extracted and in bulk. Facebook doesn’t sell all your data. What they do is they say “Come onto our platform and do ads”, or “Come onto our platform and transact in a very limited way with the data.” That’s what Google does with the web. Google is a really brilliant, once-in-a-generation business. They started with search ads - very clean, because when you’re searching, you have strong intent, you’re looking for something, you’re willing to see a promotion, especially if it’s algorithmically well-placed. It could be better than the organic results that Altavista would have found in ‘98. That’s why Google started rising fast then, and they did search ads even then; they were making enough money they got the famous angel investment from Andreas Bechtolsheim. He asked them, “How do you make money?” and Sergey said “Placed results, search ads.” Andreas said, “I’m using Altavista, but they get tricked by pages that put a little dictionary in the HTML comment, and suddenly that page is authoritative for every word in that dictionary, and they get undue search rank in Altavista. What do you do about that?” Larry Page said, “Oh, we take care of that because we count incoming links to do reputation, pagerank.” Then Andreas said, “How much are you making?” This was like ’98, when Sergey and Larry were still I think on Stanford campus. They said, “A hundred thousand a month and growing”, and Andreas said, “Let me go to my car and get my checkbook”, and he wrote a famous angel investment check which paid off very well.

That search ad business is still strong for Google, but search is kind of flattening out. The smartphone is less of a searchy device, it’s more of a social and bespoke search, or custom app experience. Voice is rising, AI is changing things… Search is flattening. It’s gonna be a challenge for Google to keep satisfying Wall-Street’s needs as a public company.

Google also did something clever - in 2008 they bought DoubleClick, because they saw if you didn’t convert all those search ads on the search engine result page, those quality texty result up top that were clearly identified at ads, but sometimes could be better than the organic results – if you didn’t click on those, you went off into the organic results, and you visited publisher sites and ecommerce sites… You kind of got distracted and surfed a bit for fun, celebrity-stalked somebody a bit… Then you came back to your major purchase, but maybe you did it through an ecommerce site and Google had no piece of that action. So they bought DoubleClick, because DoubleClick had a display ad business. They were all over publisher sites, they were on a lot of ecommerce sites. And they had cookies, they could be audience profiles by tracking people across sites.

[ ] That gave Google a more complete model of the user, from search, through browsing to various sites that DoubleClick had cookies on or other footprint on, and Google’s been integrating things ever since - YouTube’s gotten big… In some way they’re the web, eating their own ecosystem, but they’re also getting a more complete user model.

I think you may have seen, even Chrome will now be mixing your history into the advertising model if you don’t opt out, I believe. Powerful business, but it’s got some downsides. Increasingly, Google and Facebook own 90 cents of every marginal ad dollar spent. Every extra ad dollar being spent this year above last year, 90 cents out of it goes to Google and Facebook. And that’s not a stable setting, even if you don’t mind those two being the new duopoly on search and ads, or social and ads, because Facebook’s coming after Google, and Google’s search business is flat. So there’s a problem there.

Also, there’s a huge privacy problem. People just don’t like being tracked that way. They get retargeted by bad ads, they get creepy ads, ads that make your eyes bleed, parasite pictures, belly fat reducers, wrinkle reducers… And they get malware now. Malware is actually being placed, and has been for a few years. This is kind of an under-reported story, because a lot of it works by being ransomware - it holds your PC hostage, encrypts the disk and says, “Here’s how buy Bitcoin and send Bitcoin”, and it charges not too much. So grandma paid $600 or $1,200 to get her pictures back of her grandchildren, and she’s too embarrassed to admit it.

There was a hospital in Southern California where all the systems in the hospital were thrown by ransomware. That gets you more on the FBI and Interpol radar, but these are criminal gangs hiding in nation-states that don’t necessarily prosecute them. They’re using very sophisticated exploit kits; that’s the payload that downloads and tries a bunch of vulnerabilities.

The ones we know about from the last year and a half, Angler in particular, used Flash and Silverlight and Java plugin vulnerabilities. Brave turns off plugins by default. The plugins should die, Steve Jobs was right. Thoughts on music - he was right about DRM; thoughts on Flash - he was right about Flash. God bless Steve Jobs. [laughter]

I’m not gonna endorse everything he ever did, but he did two solid things there for the web and for security. These exploit kits now are trying browser vulnerabilities. I’m pretty sure Neutrino is the one that superseded Angler and it’s trying browser vulnerabilities, because every sophisticated endpoint software is endlessly vulnerable, and you have to keep patching it. That’s what Chrome does, that’s what Firefox does, that’s what Microsoft does now… It was one of the lessons of the last 15 years in browsers, that you have to release all the time to keep ahead of the exploits. You have to fuzz-test your codebase with travesty JavaScript-generated JavaScript that finds all the safety bugs.

[ ] These exploit kits are out there, and they’re coming in through ad exchanges. How do they do it? They actually create fake ad agencies. These are fake businesses, with fake CEOs and CMOs, fake people pictures, bios, and they go and buy ads… They put custom creative ads into ad exchanges. They pay the fees to get into the exchange, and then in real-time bidding processes automated ad exchanges place these ads on publisher pages, sometimes even gateway to other exchanges. They get onto a Chrome ad exchange at a low price, but they can claim to guarantee some conversion or some performance to the publisher who wants to sell the ad space for the ad. And the publishers fall for this every time, because they wanna fill out every space they can with ads, even at the bottom of the page, where the parasite pictures are. And they generally don’t directly sell that to brands or agencies; it’s not good space, so they say “Oh sure, programmatic ad partner. Come on in and own my space and put whatever you want in there.” Programmatic means automated, if it means anything. So he goes and says “Okay, let’s use this ad exchange…” It’s AOL, or OpenEx or Yahoo!…

Pretty soon, you don’t know where those ads are coming from. They’re coming from Russia, but they look like legitimate ads. And here’s the crazy thing - sometimes if you scan their JavaScript, they all come with JavaScript, for tracking pixels to confirm that the ad was viewed, things like that. You don’t see anything overtly bad; you might see some funny little image, a processing loop that maybe is commented innocuously look like it’s doing something to do gamma correction on the image. What it’s actually is taking a graphic decoding of an exploit kit loader from image pixel perturbations. In other words, it’s taken out of the hiding, some kind of signal, a covert message in an image or a picture is being done to hide the guilty code that’s gonna load the Angler exploit kit.

This leads to the New York Times, BBC, AOL and other top sites in late March having ransomware malvertising on their properties. If you think about it, this is actually an outrage, right? Why should world-class online publishers tolerate this? Why should they not control the quality of the ads. Why shouldn’t they have only direct, trusted relationships? Well, as I say, the bottom of the fold, and even the middle of the fold (middle of the page) ad spaces just aren’t as valuable as the top, and even big publishers that have direct sales forces and their own tech teams and do beautiful, custom sponsorship ads…

[ ] My favorite example, Louis Vuitton handbags on Elle.com. That takes up the bottom half of the frontpage, it looks nice, it’s a trustworthy ad as far as I know - there’s very little third party about it; there’s some tracking… It’s a custom video ad from Questra or somebody, but it’s pretty legit. That’s not the problem. It’s the stuff below that that all the publishers want to fill their space and make a little bit of money. Otherwise, if they leave the space dead, they’re just leaving money on the table. And that leads to malware coming on the pages.

To get back to Brave, we saw this coming. We said ad blocking - even in 2015 when we started - was rising. We started May 2015. We didn’t know that iOS, thanks to Tim Cook, would start making ad blocking easy to use with Safari. They make it an app install model, instead of a browser extension model. They make it content blocking, and it rose quickly to the top of the app store last fall and it became very popular until it saturated short-term demand, and it changed the whole conversation. It made people across the ecosystem - from the marketers who spend on advertising, to the publishers who rely on whatever of that spend is left after all the middle players and the parasites have taken their skim - it made everybody say “Oh no, ad blocking is not going away. It’s not just AdBlock Plus or uBlock Origin. Now it’s iOS. It’s Apple. And Apple had walked away from advertising as a business I think twice. But it wasn’t just because ads are annoying or unaesthetic; that’s a very shallow way to characterize it. Ads are actually dangerous, because they’re over delegated through these ad exchanges, and there’s no contractual relationship.

Doug Crockford knew this. If you remember Doug’s work at Yahoo! with AdSafe, which was a static verifier for JavaScript and was kind of like before Google Caja, which became Secure EcmaScript, AdSafe was Doug’s very picky way of trying to get Yahoo! ads not to contain malware. This has been a longstanding problem, and as I said, it’s under-reported because ransomware - the price the criminals extract is low enough people are embarrassed and they can pay it, get their system back… It’s very hard to track these criminals down. But even ignoring the ransomware threat, just the privacy problem that your data profile is constantly being sucked out of your machine and you’re not benefitting from it, you’re actually suffering from increasingly worse ads, even ignoring the malware; just annoying ads. Retargeting, which is when you get hammered by an ad you’ve already seen… Because it sometimes nags you into buying something you wouldn’t, or in the best case reminds you of something you forgot you do wanna buy. It has a little bit of lift, like a fraction of a percent, and that means that it’s gonna get done; it’s not gonna be left on the table. That money is not gonna be left on the table.

So advertising has become this toxic parasite system, in my opinion. It’s over delegated, there’s too much principal versus agent conflict of interest, there are layers of that, and along with that, there are layers of confirmation bias in the data that’s extracted in the model.

[ ] They say they have great data, all these ad tech companies; they wanna go public or they wanna get bought by Oracle, and they say they have magnificent data which will increase yield. But if you look year to year, the actual performance of advertising, the so-called yield, doesn’t really go up. Money just goes from one pocket to a different pocket. Publishers are still suffering, and there are long-term negative externalities, like secular trends that are bad for everybody, like the rise of ad blocking and the rise of malvertising.

Brave is trying to address this, but not just - I’m being very negative here - we’re not just gonna cure something that’s bad; we wanna make things actively better. We wanna make this anti-Google, personal Google. We want you to be in charge of your data, and that means not only should you not have bad ads or annoying ads or dangerous ads, you should have a piece of the action. You should get revenue, you should be able to control the terms of the economics. And if you don’t want ads, you can donate, and then you can block guilt-free.