More than 15 years af­ter cre­at­ing JavaScript, Bren­dan Eich con­ceded that JS had “a lot of stu­pid in it.” Mr. Eich, I re­gret to say that the same is true of your new web browser, called Brave.

The re­gret is sin­cere. I’ll never be a fan of JavaScript. But Bren­dan Eich achieved some­thing au­then­ti­cally great with Mozilla. In 1998, while still a Netscape em­ployee, he helped start the Mozilla project. Start­ing in 2003, he worked at Mozilla for 11 years, ship­ping in­flu­en­tial soft­ware, es­pe­cially the Fire­fox web browser. But more than that, a core part of Mozilla’s iden­tity has al­ways been its ex­cel­lent ethics around open source and web cit­i­zen­ship. That would’ve been a ter­rific legacy for any soft­ware engineer.

Ap­par­ently, how­ever, Mr. Eich has un­der­gone some kind of late-ca­reer con­ver­sion to the dark side of the force. With Brave, Mr. Eich wants to ruin my work—and that of every other cre­ator who’s still prop­ping up what’s left of the ad-free in­ter­net—so that he (and his ven­ture in­vestors) may profit. How? By lay­er­ing ads over my ad-free web­site, while con­vinc­ing web users that they’re part of some vir­tu­ous new economy.

Sorry Mr. Eich, but I refuse to co­op­er­ate. As soon as I fig­ure out how to de­tect the Brave web browser by tech­no­log­i­cal means—a task you’re de­lib­er­ately mak­ing dif­fi­cult, be­cause you know that many pub­lish­ers would like to do the same—I will make sure that every Brave vis­i­tor gets this as their land­ing page.

Be­cause they de­serve to know that Brave is bullshit.

For web users, Brave is a com­pany, founded by Mr. Eich, that makes an epony­mous web browser. Ac­cord­ing to Brave, its browser of­fers two key benefits:

1. The “speed, se­cu­rity, and pri­vacy” that comes from au­to­mat­i­cally block­ing ads and trackers.

2. The vir­tu­ous plea­sure of giv­ing “pub­lish­ers back their fair share of In­ter­net revenue.”

Be­fore we go fur­ther, let’s no­tice that Brave’s pitch bla­tantly side­steps the fact that web pub­lish­ers al­ready have a pre­ferred way of get­ting their “fair share” of on­line rev­enue: ads.

Hey, I don’t like those ads ei­ther. Though I’m skep­ti­cal that block­ing them does much good in the aggregate.

It’s def­i­nitely true, how­ever, that block­ing them makes web brows­ing faster. Al­though every web browser sup­ports ad block­ing (usu­ally through ex­ter­nal plug-ins), Brave is the first to de­clare to­tal war on the ad econ­omy of the web.

Well—sort of. Brave the browser, like every other web browser, is free to end users. But be­cause Brave the com­pany, like every other tech com­pany, has bills to pay, and in­vestors to en­rich, it needs a rev­enue model. And that model is—pre­pare to un­hol­ster your com­plete lack of surprise—ads.

But wait—come back! Not just any ads. New and im­proved ads. Ads that are “pri­vate” and “au­then­tic” and “re­ward­ing” and a bunch of other vir­tu­ous no­tions sprayed side-to-side like Febreze in a frat-house bath­room. But once you wave away the spring-fresh scent, the stench of the grubby re­al­ity re­turns: it’s just Brave’s ads for Brave’s advertisers.

Per­haps con­cerned that users might de­tect that Brave is do­ing noth­ing more than sub­sti­tut­ing one set of ads for an­other, Brave has put some trendy mis­di­rec­tion into the trick: cryp­tocur­rency. Brave has in­vented some­thing called the “Ba­sic At­ten­tion To­ken”. When users watch Brave’s ads, Brave pays them for their at­ten­tion with this crypto coin. In turn, users can kick back some of this use­less scrip to web cre­ators in a process Brave calls “tip­ping”—maybe in the sense of restau­rants, or maybe in the sense of cows.

To close the cir­cle, web cre­ators who want their “fair share” of this use­less scrip must reg­is­ter with Brave as “con­tent cre­ators” and con­sent to the usual in­va­sive in­dig­ni­ties. Let’s say that one more time, be­cause it’s im­por­tant: if you’re a Brave user, your tips don’t go to cre­ators di­rectly. Rather, they go into an es­crow, which Brave uses as lever­age to re­cruit cre­ators into Brave’s new world.

The best I can say for Brave is that it’s clever. Not the ads per se. But the au­dac­ity of in­tro­duc­ing a pri­vate ad­ver­tis­ing ecosys­tem. And rop­ing users and cre­ators into it with a crypto coin.

But in all other ways, it’s just as aw­ful as the sys­tem it pro­poses to re­place. Worse, really, be­cause Brave takes its bad idea and lay­ers on the usual whipped-bull­shit virtue top­ping that tech com­pa­nies de­ploy so we can’t quite see what’s really go­ing on. More­over, Brave’s tim­ing couldn’t be bet­ter: as Big Tech’s rep­u­ta­tion keeps tak­ing hits, Brave can hold it­self out as the con­trar­ian op­tion to re­pair the web.

As one of the cre­ators who I guess is sup­posed to be grate­ful to Brave, I dis­agree. Once I scrape away the top­ping, it’s ap­par­ent Brave is serv­ing up the same old shit sandwich.

About which, more be­low. But first, let’s rewind.

The most dis­ap­point­ing as­pect of this story is that be­fore Brave, Bren­dan Eich had an im­pres­sive track record. He’s a soft­ware en­gi­neer who’s been in­volved in web browsers as long as there’s been a web. Shortly af­ter he joined web pi­o­neer Netscape in 1995, he claims he had to cre­ate JavaScript “in ten days or some­thing worse … would have happened.”

In 1998, Eich helped spin out Netscape’s source code into the open-source Mozilla project. In 2003, Eich left Netscape for Mozilla, serv­ing the project in var­i­ous ca­pac­i­ties un­til 2014.

To give Mr. Eich his due: in the last 25 years, one could ar­gue that Mozilla has been one of the top five cit­i­zens of the in­ter­net. They’ve al­ways had good ethics. They’ve made a lot of really good soft­ware, most of all the Fire­fox web browser. They’ve led by ex­am­ple and held them­selves ac­count­able. And Mozilla has sur­vived de­spite the com­mer­cial web of­ten be­ing hos­tile to Mozilla’s val­ues. For what­ever part of this Mr. Eich was re­spon­si­ble for, he de­serves credit and gratitude.

I hes­i­tate to men­tion what hap­pened next, be­cause it’s not strictly part of Mr. Eich’s tech­nol­ogy port­fo­lio. And yet. It does seem to play a role in Brave’s ori­gin story, much the same way that Mr. In­cred­i­ble’s (r)ejec­tion of In­cred­i­boy led him to be­come Syndrome.

In March 2014, Mr. Eich was ap­pointed CEO of Mozilla Cor­po­ra­tion. That’s the kind of job you don’t take un­less you plan to stick around for a while. Days later, peo­ple of the in­ter­net dis­cov­ered that Mr. Eich had fi­nan­cially sup­ported Cal­i­for­nia Propo­si­tion 8, a no­to­ri­ous 2008 bal­lot mea­sure that wanted to ban same-sex mar­riage in Cal­i­for­nia. Back­lash fol­lowed. Af­ter of­fer­ing a heart­felt non-apol­ogy, Mr. Eich resigned.

I don’t care if Mr. Eich is po­lit­i­cally con­ser­v­a­tive. I’m not. But I don’t think he owed any­one an apol­ogy. His views were not a se­cret. Still, I don’t see him as a vic­tim ei­ther. Records of po­lit­i­cal do­na­tions are pub­lic for a reason.

If any­thing, the board of Mozilla should’ve no­ticed the like­li­hood for con­tro­versy be­fore they el­e­vated him to CEO. If they had, maybe they wouldn’t have made the ap­point­ment. Or maybe they would’ve found a way to work around the PR prob­lem. In any case, maybe Mr. Eich would’ve re­mained at Mozilla. The ker­fuf­fle would’ve faded. And Mr. Eich could’ve gone back to be­ing a rich, fa­mous, and in­flu­en­tial web engineer.

In­stead, he left. Shortly there­after, he started work on the com­pany that be­came Brave, which eth­i­cally speak­ing is Mozilla’s ex­act an­tipode. I have no spe­cial in­sight into Mr. Eich’s mo­ti­va­tions. But given the tim­ing of events, it’s hard not to see Brave partly as a re­sponse to his in­vol­un­tary exit from Mozilla. As a browser maker, Brave’s com­pe­ti­tion is more than just Mozilla Fire­fox. But Brave’s the­ory of the web seems al­most like the Bizarro-world re­frac­tion of Mozilla’s.

For in­stance, in an in­ter­view at the time, Mr. Eich was con­cerned that as CEO, his free speech was be­ing sup­pressed, and that the rush to judg­ment was in­con­sis­tent with Mozilla’s “prin­ci­ples of in­clu­sive­ness”. In gen­eral, free-speech pro­tec­tions don’t ex­ist be­tween pri­vate par­ties, like em­ploy­ees and em­ploy­ers. But we can leave that aside—it was a prin­ci­ple that Mr. Eich, as CEO of Mozilla, as­pired to. By con­trast, as CEO of Brave, Mr. Eich has made it his mis­sion to sup­press a large cat­e­gory of speech he doesn’t like: other peo­ple’s ads.

In the same in­ter­view, Mr. Eich de­scribed Mozilla as “the anti-walled gar­den”, and his be­lief that users should not “have to put [their data] into some other walled gar­den where they don’t get as good a deal.” But that’s ex­actly how Brave works: you trade your per­sonal in­for­ma­tion and at­ten­tion on fi­nan­cial terms that are set by Brave, not you. Oh sure, as you gen­er­ate crypto wealth, Brave will let you re­duce the share you give to pub­lish­ers. But not Brave’s share.

If Mr. Eich had wanted to be ac­cu­rate, he would’ve called his new browser “Ads and Cryp­tocur­rency”. Not so in­spir­ing, I guess. The name he chose in­stead—Brave—is cen­tral to his virtue marketing.

The name Brave im­plies that other tech com­pa­nies are shrink­ing from the job of im­prov­ing the bro­ken as­pects of the web. Near the top of that list is what is now a decades-long fail­ure to de­vise a sus­tain­able model to fund cre­ators and publishers.

There is truth to this cri­tique. As I write this, Google’s Chrome browser is by far the most pop­u­lar. But Google gets al­most all its money from ads, and has no in­cen­tive to do any fa­vors for pub­lish­ers. Like­wise Face­book, de­spite oc­ca­sional grunt­ing noises to the contrary.

But the idea that Brave is some­how stick­ing its neck out is laugh­able. Here’s what I find most cow­ardly about Brave:

1. Zero in­no­va­tion. Brave isn’t of­fer­ing a new idea. It’s just sub­sti­tut­ing one set of ads for an­other. It’s as if you were punch­ing your­self in the face for days, and some­one handed you a rock in­stead. If ads are the orig­i­nal sin of the web, Brave is not lead­ing us to terra nova.

2. Dis­hon­esty. With its non­sense about pri­vacy and au­then­tic­ity and in­tegrity, Brave is hold­ing out its ad sys­tem as some great eth­i­cal leap for­ward. It’s not.

   For pub­lish­ers, it’s the same old shake­down—nice web­site you’ve got there, shame if some­thing hap­pened to its rev­enue—but run by Brave in­stead of Google or Face­book. Brave will only dis­trib­ute your “fair share” if you ca­pit­u­late to their terms. One of which is that you have no say in whether the share is ac­tu­ally fair.

   For users, Brave is still go­ing to col­lect data about you. As Brave puts it, “When you join Brave Re­wards, your browser will au­to­mat­i­cally start tal­ly­ing … the at­ten­tion you spend on sites you visit.” Brave will then feed this data to their “ad match­ing” al­go­rithm to tar­get you with ads. Oh, sorry—in Brave’s ad mar­ket­place, “users be­come part­ners in­stead of tar­gets”, so I guess they’ll “part­ner” you with ads. Feel better?

   By the way, Brave says its “ads ... do not col­lect in­for­ma­tion about you”. But ob­vi­ously, Brave it­self still does—they ex­plic­itly say so—be­cause it’s es­sen­tial to their “ad match­ing” al­go­rithm. Ad­ver­tis­ers, in turn, buy ac­cess to this al­go­rith­mic tar­get­ing. Thus, ad­ver­tis­ers may not have the data, but they get the ben­e­fits of the data.

   This shell game around pri­vacy is a re­cur­ring theme. For ex­am­ple, Brave boasts that the ad match­ing “hap­pens di­rectly on your de­vice” and that they don’t up­load your per­sonal data to the cloud. Well, right—they don’t need to, be­cause you’ve al­ready done them the huge fa­vor of in­stalling their browser, thereby mak­ing it easy to feed at the trough of your per­sonal data. More­over, this “lo­cal stor­age” wrin­kle doesn’t take Brave out of the busi­ness of col­lect­ing, stor­ing, and prof­it­ing from per­sonal data (which is, in fact, their en­tire pitch to ad­ver­tis­ers). Just the up­load­ing of it. If tar­geted web ad­ver­tis­ing is a shit sand­wich, then Brave is merely cut­ting off the crusts.

   Even then, Brave’s pledge not to up­load per­sonal data comes with a huge caveat: they still re­port “event ac­tiv­ity”—aka an­a­lyt­ics—to ad­ver­tis­ers. This nec­es­sar­ily in­volves trans­mit­ting in­for­ma­tion from browsers back to Brave cen­tral com­mand. Though Brave claims they trans­fer data with­out “ex­pos­ing or iden­ti­fy­ing the user”, good luck fig­ur­ing out what ex­actly that means.

   An­other ex­am­ple: to re­deem Brave’s cryp­tocur­rency for cash, Brave re­quires users to cre­ate a dig­i­tal wal­let with a com­pany called Up­hold. Up­hold, in turn, re­quires a pile of valu­able in­for­ma­tion—birth­date, home ad­dress, photo ID, etc. Thus, Brave keeps it­self smelling sweet on pri­vacy partly by of­fload­ing the more nox­ious as­pects to a third party. But ul­ti­mately, get­ting the full value out of Brave still means sac­ri­fic­ing a lot of privacy.

3. Free­load­ing. One of the sneaki­est as­pects of Brave is the im­plied con­nec­tion be­tween gen­er­at­ing cryp­tocur­rency while brows­ing and pay­ing out that cur­rency later. It sounds like web users are pay­ing for what they read. In some cases, they might.

   But that’s not guar­an­teed. By sub­sti­tut­ing its own ads, Brave is also sev­er­ing the con­nec­tion be­tween where the ads are seen and who gets the money for those ads. Brave con­verts the web into a clean sub­strate for de­liv­er­ing its own ads, with­out guar­an­tee­ing any pay­ment to any publisher.

   For in­stance, sup­pose a Brave user spends 99 hours on Ter­rific.com and 1 hour on Shady.com. As I un­der­stand it, the Brave gilt gen­er­ated dur­ing those ses­sions is dis­trib­uted pro rata, but only if a) the user has opted into Brave ads (thereby gen­er­at­ing crypto coins), b) both Ter­rific.com and Shady.com have reg­is­tered with Brave as “con­tent cre­ators”, and c) the user has not cho­sen a dif­fer­ent dis­tri­bu­tion scheme.

   Like what? The user can in­stead de­cide for them­selves who gets the money from those ses­sions. For in­stance, they could pledge 100% of it to Shady.com, where they spend al­most no time, and none to Ter­rific.com, the site that morally earned it. Or if there’s ac­tu­ally a liq­uid mar­ket for Brave’s cryp­tocur­rency, the user could just pocket the cash value. In that case, Brave just be­comes a cash trans­fer from ad­ver­tis­ers to users, ac­com­plished while stand­ing on the backs of publishers.

   In sum, Brave is ex­ploit­ing pub­lish­ers to make its ads and cryp­tocur­rency valu­able, and de­mol­ish­ing those pub­lish­ers’ own ad­ver­tis­ing, while mak­ing no rec­i­p­ro­cal com­mit­ment to keep­ing those pub­lish­ers solvent.

   What’s the al­ter­na­tive? Brave could’ve cho­sen to re­tain some per­cent­age of the crypto-coin wealth gen­er­ated by their users—like a tax—and re­dis­trib­uted it to pub­lish­ers. But they didn’t. They could’ve cho­sen to is­sue cash dis­tri­b­u­tions to pub­lish­ers who didn’t want to par­tic­i­pate as reg­is­tered cre­ators. But they didn’t do that ei­ther. Brave’s loy­alty lies with users. Fair enough. But the lop­sided asym­me­try of the sys­tem is revealing.

   Worse, sign­ing up as a Brave “con­tent cre­ator” is not the end of the strug­gle, but merely the be­gin­ning. In the bad old days, you had to lure peo­ple onto your web­site. But once you did, at least you had a shot at show­ing them a few ads. Un­der Brave’s sys­tem, you still have to lure them onto your web­site, but then also make sure you com­pete ef­fec­tively against other Brave con­tent cre­ators to pre­serve that “fair share” you keep hear­ing about.

   More broadly, it’s easy to fore­see that a sys­tem where users con­trol dis­tri­bu­tion of crypto coins will suf­fer from forms of sys­temwide cheat­ing that have noth­ing to do with con­tent cre­ation. Brave’s cre­ator econ­omy is likely to de­scend into an­ar­chic cor­rup­tion in about five sec­onds. The eth­i­cal cre­ators will start to dis­ap­pear from the sys­tem as they find them­selves even more un­der­paid than be­fore. Af­ter that, the usual race to the bot­tom will ensue.

As an eco­nomic mat­ter, Brave will fail, be­cause there’s no way for it to suc­ceed. Web ads are a rot­ten busi­ness—a form of re­gres­sive tax­a­tion upon the web’s least so­phis­ti­cated users that de­pends on es­ca­lat­ing lev­els of sur­veil­lance to sus­tain any value. Brave is pan­ning for gold in a river of sewage.

As a web user and pro­gram­mer my­self—not in Mr. Eich’s league, but I mud­dle through—I no longer think that any level of ad tar­get­ing is com­pat­i­ble with a mean­ing­ful de­f­i­n­i­tion of pri­vacy. Two problems:

1. Fi­nan­cial in­cen­tives cre­ate a con­flict of in­ter­est. The mo­ment you feed per­sonal data into an ad-tar­get­ing al­go­rithm, and sell ac­cess to that al­go­rithm, you cre­ate a con­flict of in­ter­est. On one side, the user, who wants to pro­tect their pri­vacy; on the other, the ad­ver­tiser, who wants to pay to in­vade it. If you’re se­ri­ous about pri­vacy, the only co­her­ent way to re­solve this con­flict is to elim­i­nate the ad­ver­tiser. Re­ar­rang­ing the tech­no­log­i­cal pieces on the board—as Brave does—may look pret­tier. But it can’t cure the conflict.

2. These are not your grandma’s al­go­rithms. The idea that min­i­miz­ing the data go­ing into the al­go­rithm some­how pro­tects pri­vacy is con­tra­dicted by what we know about to­day’s AI and ma­chine-learn­ing al­go­rithms, which are de­signed to make in­fer­ences about what’s missing.

   For in­stance, the EFF has found that even if you block data track­ers, “fin­ger­print­ing” al­go­rithms can still de­duce your iden­tity from seem­ingly generic clues left by your browser. And a re­cent in­for­mal test of Ama­zon’s Rekog­ni­tion soft­ware showed that it could iden­tify a hu­man face with cer­tainty from a blurry 20 × 26 pixel se­cu­rity-cam­era image.

   These are just ex­am­ples. I have no idea how Brave’s ad-match­ing al­go­rithm ac­tu­ally works. But in gen­eral, when a com­pany says it will ap­ply “ma­chine learn­ing” to our per­sonal data—as Brave ex­plic­itly does—we should take it as a promise to in­fer de­tails that we might not even know were de­tectable. Again, if you want to op­ti­mize for pri­vacy, there’s only one re­li­able so­lu­tion: don’t feed per­sonal data to the al­go­rithm at all.

   “But there’s no way for Brave’s al­go­rithm to make in­fer­ences, be­cause it can only ac­cess a user’s lo­cal data.” Oh really? Speak­ing as the world’s worst AI pro­gram­mer, here’s how I would cir­cum­vent this prob­lem. I’d buy a gi­ant pile of per­sonal data col­lected from other sources—oh yeah, it’s out there—and pack it into each copy of my soft­ware. Then, when I ex­am­ine a cer­tain user’s lo­cal data, I can still make in­fer­ences about that user in a wider sta­tis­ti­cal context.

   For in­stance, the pur­chased data might al­low me to learn that peo­ple who visit both Ter­rific.com and Shady.com are 10× more likely to own a pug. So when I see Ter­rific.com and Shady.com in a cer­tain user’s browser his­tory—bingo! Serve that ad for pu­glovers.net! Best of all, I can still truth­fully claim that I don’t ag­gre­gate data from my users. Again, I have no idea if Brave does this. Point is—the “lo­cal” re­stric­tion doesn’t nec­es­sar­ily seem like an obstacle.

By the way, I don’t say this as a pri­vacy op­ti­mizer or ab­so­lutist. Like most, I sac­ri­fice slices of pri­vacy all the time to get inane web good­ies for free. My point is just that a pri­vacy-re­spect­ing ad-tar­get­ing sys­tem strikes me as a con­tra­dic­tion in terms. Though for the same rea­son, the idea that it could ex­ist is great mar­ket­ing, like “zero-calo­rie french fries”.

It would’ve been pos­si­ble, for in­stance, for Brave to build the same browser with­out the ads or ad tar­get­ing. Of course, in that case, they would’ve had to charge users. But they didn’t want to. Or more pre­cisely, as a ra­tio­nal eco­nomic ac­tor, they must’ve found that ad­ver­tis­ers were will­ing to pay more for user pri­vacy than the users themselves.

Hence the irony. Though Brave presents it­self as a browser maker, its busi­ness model most strongly re­sem­bles that of an or­di­nary ad-based web pub­lisher: sell­ing user at­ten­tion to ad­ver­tis­ers. Like many os­ten­si­ble tech dis­rupters, Brave seems to mis­un­der­stand why the cur­rent equi­lib­rium ex­ists. Per­sonal data is hugely valu­able to ad­ver­tis­ers. Brave will likely dis­cover that their min­i­mal-data-up­load pol­icy will re­duce the price of their ads, which means—yep, push­ing a lot more ads. In turn, users will com­plain, de­mand­ing fewer ads, which means—yep, pro­vid­ing more per­sonal data. A vi­cious cir­cle? Wel­come to the jun­gle, Brave.

Be­yond that, the fact that Bren­dan Eich has done a lot of good for the web, es­pe­cially at Mozilla, makes the ex­is­tence of Brave all the more in­ex­plic­a­ble and dispiriting.

You know what would’ve been brave, Mr. Eich? Charg­ing users for your soft­ware—on the idea that per­sonal pri­vacy is worth it—and punc­tur­ing the myth that web browsers must be free. Or help­ing pub­lish­ers find a way to in­duce more read­ers to pay for the ma­te­r­ial they find valu­able, with­out the un­nec­es­sary in­di­rec­tion of ads and cryp­tocur­rency. Like I do.

—Matthew But­t­er­ick Brav­er­ick™
12–17 De­cem­ber 2019