Note: This is the second in what will be an ongoing, regular series of blog posts, describing new privacy-related features in Brave. This post describes work done by Research Engineer Anton Lazarev, Performance Researcher Andrius Aucinas, Senior Privacy Researcher Peter Snyder, and Senior Software Engineer Pete Miller.

The TL;DR

Brave is releasing a new system for hiding unwanted, privacy harming page elements. These include empty page space caused by blocking trackers, and third-party ads that cannot be blocked at the network layer. Brave’s system uniquely attempts to hide tracking third-party ads, while supporting sites that use privacy-preserving first-party ads. You can help test this system by downloading and using Brave Nightly. If everything looks good from testing, third-party cosmetic filtering will be in Brave’s stable release soon.

Problem: Blocking on the Network Layer Isn’t Enough

As discussed in a previous blog post, one way Brave protects Web privacy is by blocking (and sometimes replacing) network requests related to privacy-harming advertising on the web. This not only prevents advertisers and data brokers from tracking you on the web, but also improves performance, and makes the Web more pleasant visually.

However, sometimes blocking network requests to known trackers is not enough. In some cases this is because blocking privacy-harming advertisements leaves large empty blocks on websites (e.g. white space where the advertisements would have appeared); in other cases some unwanted advertisements are difficult to block on the network layer (e.g. advertisements served from unpredictable URLs, or advertising-content mixed with user serving content, etc.).

This post describes a novel way that Brave will start hiding page elements related to third-party tracking and third-party advertising, without harming first-party, privacy respecting advertisements. Brave’s approach is unique, and designed to improve Web browsing for users without harming sites that respect user privacy. Before describing the unique way Brave does this, we first need to give some background on how most ad-and-tracker-blocking on the web works.

Background: How Filter Lists Work

Brave, along with many other popular Web tools like AdBlock Plus and uBlock Origin, use filter lists to determine which Web resources to allow, and which to block. EasyList and EasyPrivacy are the two most popular such lists, but many other lists exist too, targeting language or interest specific parts of the web.

Filter lists, broadly speaking, consist of two types of rules: network rules, which describe URLs that should be blocked, and cosmetic rules, which describe page elements that should be hidden. These are distinct, but often work in tandem. For example, a network rule might block a request to a privacy-harming third-party iframe, and a related cosmetic rule might hide the page element that the iframe was placed in, to prevent an unseemly empty space from appearing in the page.

Filter list authors do not label whether a cosmetic rule targets first-party ads, third-party ads, or both. In general this is because most tools using these filter lists are not concerned with the distinction. Brave though, is different; we want to block privacy-harming third-party ads, but allow privacy-preserving first-party ads.

Hide Privacy-Harming Ads, But Leave Privacy-Respecting Ones

While Brave uses many of the same filter lists that other tracking and ad blocking tools use, Brave’s mission differs from existing filter list using tools; Brave aims to protect privacy and browsing aesthetics, without harming sites that are privacy-respecting. Put differently, Brave aims to block third-party trackers and ads (which are, in practice, often indistinguishable), without affecting solely first party ads.