A Georgetown Law professor recently told me that many of his students have switched to a security- and privacy-focused web browser called Brave. I decided to try it, and was pleasantly surprised. I was a bit late to the party I’ll admit–Brave has been around for four years–but I was far from alone: Brave users increased from 1 million to 5.5 million during 2018. That growth has come mainly through word of mouth.

advertisement

advertisement

What’s the draw? The point of Brave is to look, feel, and act much like Google’s market-leading Chrome browser while still aggressively protecting the security and privacy of the user’s personal data. The developers obviously went to a lot of trouble to remove as many friction points and trade-offs as possible for people coming over from Chrome, while keeping users safe from risky sites, ads, malware, and cookies that track you around the web. Brave is built on the same open source Chromium browser framework that is the foundation of Chrome. Brave is the creation of Brendan Eich, a cofounder of Mozilla. Back in 1995, he invented JavaScript–the browser code that makes websites interactive rather than static pages of text and images. JavaScript was later used by legions of ad-tech companies, Google and Facebook among them, to help manage the process of displaying targeted ads in your browser. At the bottom of the window you can see your browser furiously parsing all those JavaScript instructions while you wait for your page to load. This process chews up system resources, drains battery power, and heats up your device. It’s also been a carrier for malware, and the de facto tool of ad-fraud artists. So there’s some irony in the idea that Eich’s 21st century creation, Brave, spends much of its time blocking that JavaScript code. As a result, pages load faster and more securely. But advertising is still publishers’ main means of getting paid for their content. So Brave is also building a cryptographic platform with the aim of helping consumers put payments in the pockets of their favorite publishers. Eich likens it to a loyalty club. I recently talked to Eich about Brave’s master plan at the company’s offices in San Francisco’s SOMA district. Fast Company: What kinds of people are coming to Brave? Brendan Eich: Among the lead users, you find multi-browser users that are some Chrome, some Firefox, and some Brave. They’ll say “I’m really” worried about privacy on these sites,” or “I can’t stand the ad overload on these sites, so I’ll use Brave for those.” But then they have a bookmark in Firefox that keeps them using it a little bit. They may use Chrome even though they’re aware of the problems; they may use uBlock Origin, which is a very good ad blocker. We’re trying to get them to use Brave full time and drop Chrome.

advertisement

FC: It’s very apparent that you’ve removed a lot of friction for people who are coming from Chrome over to Brave. Are there any further steps to that that you think you have to do? BE: One of the steps we can’t take that some users want is the Google account system because they like sharing their data that way. But if we turn that back on, we’re at great risk of people tracking our users. Another point of friction is just little look and feel things. People say, “You know what, Chrome has this.’ We’re already very close to the user interface, maybe too close in some ways–but they have this extra thing called Chromecast. I can Chromecast [stream to a TV or audio system] from Chrome and not from Brave. For some reason, Google and the open source [Chromium] has it off by default. So we’re turning it on. These are little and easy to fix, but we’ve knocked down the big points of friction, mainly the extension ecosystem. You can load any Chrome extension. You go to the Chrome web store and it’ll say Install In Chrome, but it really is installing in your Brave instance that you’re running. We support all the extensions that aren’t using Google accounts or sync. FC: Where will your near-future growth come from? BE: Let’s say we have almost 6 million users. We’re going to get to 10 million in the middle of the year, we hope. That kind of scale will get you some law students. It will get you some mom-and-Pop users–people who are not tech savvy, but their kids are and they recommended it. They will not know what a blockchain is, but they will understand this idea of rewards or loyalty points. And you know, you have to go to tens of millions before you really get people who are more like the [mainstream]. We’ll get some of them now. It’s a statistical fact and as you grow you get more. FC: How does Brave make money now, and what’s in the immediate future for developing the browser?

advertisement

BE: This year we’re going to do some ads that the browser privately matches against your interests–all locally [on your device]–and puts them in the place that the publisher has arranged for us to have an ad. The ads are static, so we don’t hit the browser’s performance, we don’t hit page load, we don’t drain your battery, and they won’t look like these crazy flyover ads. But it will allow publishers to get the big revenue share. We give 70% to the owner of the ad space. And then we get the same 15% that we give to the user. That’s why we use the triangle logo–you have users, advertisers, and publishers. This is something that hasn’t been fully tried. It’s complex. So it’s a multi-year mission. You have to do the browser, you have to do the token, you have to put them together. But so far so good. “We’re not going to just let you ride for free.” FC: Can you drill down on how Brave’s token system works? BE: If we’re blocking ads, publishers are not getting any revenue associated with that Brave user. So we thought, what can we do? And our users actually said to us “I never click on an ad, but I know I’m hurting my publishers a tiny bit even by blocking the impression-based ads–what can I do?” This was always the plan with Brave: We’re not just going to let you ride free. We’re not just going to be destructive to the publisher while helping the user. I think the user has the right to block. But let’s help the publisher, if the user consents, by giving the user a cryptographic token, a crypto currency that can be donated back to the publisher. We started with bitcoin, but the problem we had with bitcoin was that you have to buy it. So we were asking the user out of their own goodwill to buy bitcoin to give back. And a lot of users won’t–nor should they. There’s a way to do this that doesn’t charge the user. It pays the user to give back. So we created the Basic Attention Token (BAT) based on Ethereum (an open-source blockchain-based computing platform) as a better alternative to bitcoin because we could do several things with it that bitcoin didn’t allow. The main one was we could pre-create a bunch of tokens. Before we sold a billion, we created 500 million, and over 300 million of those were used to form a user growth pool that we can give to our users in small grants, and give to creators who refer new users. So we’re using it to build the ecosystem and deal the user back in. Some users buy the Basic Attention Token and they make a monthly commitment–sort of tithing to their favorite sites—but most users won’t. So we’re going to give them grants to get them going if they don’t want to donate.

advertisement

Related: Incognito Mode won’t really keep you private. Do this instead “A user loyalty club in the browser” FC: So that’s the token system. Now can you explain how the Brave ads work from a user point of view? BE: I think of it as a user loyalty club in the browser. It’s like a little search engine text ad without the search results page. We time it not to annoy you so we look for keyboard activity in desktop operating systems. [For example] there’s going to be a notification promoting a camera we knew you were looking for, but not buying, online. If we can find a better deal or maybe a better camera, we can try to interest you in that notification. But no need to search: We can infer your interests from the totality of your data feeds in the browser. [It’s] all on-device, all local machine learning, nothing on our servers. We don’t want to see it. We don’t want to see your history. We want “can’t be evil” by cryptography and math, instead of “don’t be evil” by good will. In our developer channel now you can get these ads. [We] have a bunch of ads running and people like them. Some of the ads I’ve seen are for a cryptographic currency wallet. Some of them are for a VPN. There’s some for techy sorts of products. We’re not charging the advertisers; this is a play-to-learn phase for a few months. And there’s a little CPM [cost per thousan[ model where even if you don’t click on it, or you dismiss it, there’s some value to that impression. If you do click on it, it opens a tab in the browser that is like the search ad landing page you’d get with a Google search ad. FC: Is working on the model for publishers a fairly new thing for Brave, or were you thinking about that from the start? BE: To get scale on this ecosystem, users became our first constituency, because we could give them a faster browser than Chrome and without all the nonsense. Publishers are hard. It’s enterprise. You keep telling them we’ve got a better way to deal with your ad-blocking user base because some of them have 30% of their monthly unique users using ad blockers. You need to turn those [users] around. Some of them would pay, some of them would donate back, some of them would [click] a private ad and give the revenue share back. It’s been a hard sell. They aren’t that technical. They see us as the enemy because we block ads by default. So I knew from even from Mozilla times learning about ad tech and talking to publishers they were going to be slow to convince.

advertisement

[Later this year Brave plans to offer publisher-integrated, Private Ads. Publishers will work directly with Brave to place the ads within their sites or channels, and they’ll receive 70% of the revenue share. That, Brave points out, is a much higher percentage than what they currently get from programmatic ad placements.] “Privacy matters more situationally” FC: Do you think people care more about convenience than they do about personal data privacy? Is that changing? BE: You have to test it. People say “I don’t care about privacy.” And you’ll say, give me your unlocked phone. And they’lI say, “Wait a minute, no, I’m not giving you my unlocked phone!” Young people who might say they don’t care were for years doing dissolving messages on Snapchat, whether for naughty purposes or not. So they cared. Now you’re seeing all the messaging apps claim to be end-to-end encrypted. So you see that privacy matters more situationally, if we’re messaging–especially with sensitive messages. It matters more as you see people discover data breaches or people who are mad at Facebook as they think it facilitated bad political outcomes. And that’s not going away. FC: Privacy is obviously one big problem with the digital advertising industry, but I know you’re concerned about eliminating ad fraud, too. BE: Fraud [i.e. inauthentic ad views or clickthroughs] is very low in the Google search ad inventory. Just like Facebook has big data and lots of power against fraud on their main inventory, their feed ads. But the publisher ads that Google does are a lesser business than their search business. There’s just a lot of fraud because the publishers want to have vendors in addition to Google … So the publisher space is crowded with vendors who are getting their scripts on the publisher’s page, and those JavaScripts–which are my creation from 1995–none of them know which way is up. They don’t know what ground truth is because they’re all running in some arbitrary order. And the environment they’re running in could have been prepared by an earlier script or by a fraud bot in a cloud instance. Augustine Fou, an independent ad fraud researcher, has estimated that 10s of billions out of the $100 billion spent last year in the US on digital advertising was taken by fraud, and the rate of fraud has been observed to range from 3% to 100% depending on the campaign. [If] there’s a demand-side platform–there often is–it takes separate fee. There may be some other players, so called supply-side platforms that help find the ad the best slot on the publisher page or amongst a set of publishers. All those intermediaries take fees, so do they care if it’s fraud? They get paid either way. They have perverse incentives. So the money that’s left over for the publisher and the media owners, the IAB [Interactive Advertising Bureau] estimates, is 55% at present. It’s more like 20% to 40% depending on how fraud costs are reckoned. You end up with this very inefficient market that leaks data, that facilitates fraud, and that’s also used to distribute malware.

advertisement

FC: What effect has privacy legislation like the EU’s General Data Protection Regulation (GDPR) had on that whole programmatic ad ecosystem? BE: There have been GDPR fines for smaller players. This is hilarious because it just shows you how the system just leaks user data all over. I believe we’re going to have all the European countries saying the real-time bidding process that’s used for modern digital advertising is a huge data breach under GDPR because it broadcasts your latitude, longitude, and personal identifiers in terms of segments you’re bucketed into, like you’re looking for a certain in medical solution that may be very private or embarrassing. You’re looking for something related to your kids that shouldn’t be leaked. Personal data is being broadcast. There have been other fines but they haven’t hit the big ones, Google and Facebook, and I think they will, it’s just a matter of time. I think the regulators don’t want to muff it.