In light of last week’s enactment of the California Consumer Privacy Act and our monthly theme, Pursuing Privacy, Street Fight posed questions on surveillance capitalism, privacy, Big Tech, and the future of digital advertising to Brendan Eich, CEO of Brave, one of the leading companies championing privacy-first solutions in the tech industry.

I was pleasantly surprised to see you use the phrase “surveillance capitalism” to describe the state of the corporate internet. In her book on surveillance capitalism, Shoshana Zuboff argues that privacy is actually not a sufficient framework for understanding just how pervasive surveillance in the service of the data-driven economy, spearheaded by Google and Facebook, has become. Privacy, Zuboff warns, could lead us to believe we just need a few restrictions or more “transparency,” a word often thrown around by Big Tech, to make data collection permissible. What we really need, she argues, is to challenge Google and Facebook’s fundamental presumption that they have the right to our (sometimes very intimate) information and to use it not only to improve their products but also to predict and influence our behavior.

Do you share the opinion that we need such a fundamental challenge to Big Tech’s and ad tech’s business models?

Yes, the entire industry is in need of a fundamental shift from tracking to privacy by default and by design. Today’s online ecosystem is fueled by an ad industry riddled with fraud, poor consumer experience with no privacy, and publishers losing dollars to ad-tech intermediaries. While consumers become more privacy-aware, most tech giants are muffling concerns by introducing features that seemingly give consumers control over how they are tracked online. In fact, our Online Privacy and Experience Sentiment survey found that 33% of web users have not changed their privacy settings from default values on Google, strongly suggesting that new “opt-out” features are not enough to protect most users.

To truly preserve consumer privacy, Big Tech needs to switch to a privacy-by-default approach. Nothing will change otherwise. Until then, consumers will remain confused about where their data is being used, and tracking and data monetization will remain pervasive on the web.

How is Brave challenging the status quo of data collection and data-driven advertising?

Brave, the privacy-oriented browser with over 10 million monthly active users globally, is rooted in privacy-by-default and provides an equally beneficial environment to users, advertisers, and publishers. In today’s complex, often corrupt online ecosystem, fraud, slow performance, and privacy invasion are pervasive. People want to enjoy content without being bogged down by poor experience. Seventeen percent of consumers list slow load times as a main gripe with online browsing, and 26% say there are too many ads on the web, according to our survey.

Brave allows users to opt-in to Brave Rewards and reward publishers for good content via the 70% of ad share revenue they get for viewing privacy-preserving Brave Ads. Users have the choice to view relevant ads, and advertisers are certain that they reach attentive consumers. The system’s privacy-first approach natively blocks trackers, invasive ads, and device fingerprinting, and because ad matching happens directly on the user’s device, their data is never sent to anyone, and they see rewarding ads without web-wide mass surveillance.

Brave’s approach preserves user privacy by making decisions only in the browser where your data originates in all browsers — no server tracking even from us. Advertisers see unmatched results with their campaigns: Our click-through rate is 14%, compared to the industry average of 2%. To date, Brave Ads has delivered nearly 475 privacy-preserving ad campaigns, sparking 130 million ad confirmation events, from major brands.

Are there limits to what a single company like Brave (or DuckDuckGo or Freckle’s Killi) can do to challenge the reigning paradigms of our surveillance economy? How much help do you need from legislators to realize your vision of a society that respects privacy again? How will GDPR and CCPA help with that?

In general, “stubborn minorities” of leaders and expert users definitely move markets. And so Brave, with our growing user base, is already leading the charge among other browsers. We’ve seen other browsers adopt the tracker-blocking features we integrate by default, and some browsers which kept tracking protection optional are now enabling it by default.

However, privacy regulations are necessary to forestall arms races between trackers and protective browsers, by establishing the legal requirements for a privacy-first online environment: one where advertisers don’t have access to every person’s personal information and users cannot be tracked without consent. We’ve found that consumers have realized this as well. Our survey showed that 61% of users believe that the government should take responsibility in protecting consumer privacy online. So far, we haven’t seen GDPR impact the digital advertising world the way we were hoping, but things are beginning to move with big companies making some changes to the way they collect data, and we’d anticipate CCPA to have a similar effect for digital advertising and user privacy.

We believe that the GDPR is essential. Brave is leading a campaign with 21 privacy activists and organizations to use the GDPR to stop the most pernicious part of the surveillance economy. Google’s vast “DoubleClick/Authorized Buyers” ad business is under statutory investigation in Ireland – its lead GDPR authority – due to Brave’s GDPR complaints and evidence against it. And the IAB — the tracking industry trade body — is under investigation in Belgium, which is the lead GDPR authority, thanks to our evidence, too. The outcome of these investigations is not about fines but about imposing bans on illegal data processing. That is what is going to happen. And you may well see Brave at the European Court of Justice to make sure it does. In the United States, we have been pushing hard for new privacy laws, and CPRA – which we think will supersede the CCPA – is a sign of what can happen. As we saw with automobile emissions control laws in the 1970s, as goes California, so goes the nation.

Let’s suppose surveillance were ‘defeated’—that ubiquitous data collection were no longer common practice and that consumer data could only be used with user permission to improve products/services instead of being used with little or no permission to improve ad tech products and boost the data collector’s revenue. What does ad tech look like in such a world? How can an industry so dependent on granular understandings of individual consumers’ behavior and personalities operate differently after years hooked on that inexpensive and lucrative substance (user data)?

Our mission with Brave in full is to prove that data collection is not required for better advertising and marketing. We start with the observation that much of what passes for “granular understanding” is fraud-ridden where it is not simple regression-based statistics, or even the assignment of users (e.g., as “auto intenders”) to a category based on just one site visit.

We believe in contextual advertising but do not stop there. For behavior targeting, our approach uses an in-browser agent that studies all the valuable data feeds in every browser: navigation, search queries, ecommerce form filling and submitting, page views and visibility known in fraud-free terms by the browser’s rendering engine. All of these feeds inform the agent so it can pick the best user ad from a catalog that all users in a large region download and update without identifying themselves. Ad views are tallied using an anonymous PrivacyPass protocol, for high authenticity, and even multi-step attribution from start of research to high-end product buy, but with anonymity until the user chooses to sign in or identify while buying.

The goal with Brave Ads is to show you privacy-respecting ads that are relevant to the user in the right context. Since Brave Ads are opt-in, meaning each user has to choose to enable Brave Rewards, brands know with certainty that when their campaigns run with Brave, their ads are viewed by people who welcome advertising. The platform’s anonymous-but-accountable campaigns ensure that advertisers are connecting with the users they are seeking, removing the excessive costs, privacy, security, and fraud risks currently associated with middlemen in digital advertising. Once advertisers realize the benefit of promoting their companies respectfully, it should be a no-brainer.

A word on fraud: All apps can be “botted” or run by human fraud actors, but Brave uses the best Operating System (OS) and native-code-only antifraud techniques, without identifying users. In contrast, ad tech based on third-party script tags in a first-party publisher page cannot even be sure which way is “up.” The entire browser environment can be faked, as in the “Matrix” movies. This is how fraud bots now work using cloud infrastructure. The limitations on JavaScript in a web page prevent antifraud scripts from being effective. They are used by advertisers as “CYA” relief and not much more. Brave’s full native+OS advantage shines in a way no remote script can ever come close to equaling.

Most people, even those highly informed about privacy and its violation, still use aspects of Google and Facebook. What do you say to people who claim Google, Facebook, and their ilk are simply too ingrained in people’s lives to challenge? Is this an argument for antitrust concerns?

Our survey found that 80% of web users feel more aware of the need to protect their privacy than they did one year ago, and 82% wish the web were more privacy-oriented. We also found that consumers are losing trust in the Big Tech companies — 52% of web users say they do not trust companies like Facebook and Google, and 41% say these companies have not done a sufficient job protecting user privacy. We are now at an inflection point in the industry where consumers are demanding a more privacy-centric web experience, and if Big Tech does not change, web users will likely shift their loyalties.

US antitrust law is clear in proscribing monopolies or market powers from taking over other markets by strong-arm tactics such as “tying.” This law was the basis for the US v. Microsoft case that found Microsoft abused its Windows OS monopoly by tying Internet Explorer into the default browser position, and otherwise playing rough to kill Netscape. Many people now clearly see how Google and Facebook have changed over the last 15 or more years, as they turned from being successful in one market, with open platforms, to buying and tying apps and services across multiple markets. Their growth has come at a huge price in loss of privacy, damage to innovation outside of their increasingly narrow world views, and meaningful choice for everyone.

What do you make of the argument often trumpeted by advertisers and ad tech companies that users are fine with advertising as long as it’s personalized and therefore pertinent to the person seeing the ad?

Some consumers do want personalized ads, and if that’s the case, they should be able to opt-in. However, in the current landscape, consumers are being followed, tagged, and tracked without their knowledge, and as a result, consumers feel stalked by ads online and the value of personalization is shrinking. In our survey, we found that 21% of users say one pain point they experience while browsing is “ads that seem to follow me around the web.” Advertisers need to move away from “following users” around the web with ads that exploit user privacy. And as we have all experienced, the targeting is often bad even with heavy tracking: you shop for shoes and see shoe ads for a month; you visit a car site and you’re an “auto intender,” etc.

Take the claims of personalization excellence from third-party ad-tech vendors with a grain of salt. Ad fraud estimated at 20% or higher means that advertisers are paying fraudsters every month for fake views, so it’s clear that personalization without authenticity is not worth the price paid. The best personalization is done on your devices and privately synchronized (encrypted with a key only you hold) among them. That’s where all your data originates. Then you control your experience, build direct relationships with the brands advertising to you, and yield the best results for the ecosystem as Brave scales up to prove this new model. We intend it to inform future web standards so that all apps can use it.