Unwanted Attention: Brave Browser, BAT, and the Opt-Out Problem
Brave Browser and BAT are two high-profile entities in the crypto space at this point, and they’ve launched headfirst into controversy this week over something as simple as a user trying to opt-out of their token-based revenue system. What comes next?
Update 12/23/18: Article updated with Tom Scott’s comments to Bitsonline.
Subscribe to the Bitsonline YouTube channel for great videos featuring industry insiders & experts
Twitter Opt-Out Kerfuffle Highlights the Problem
The incident kicked off when Tom Scott, video producer and self-styled maker noticed the Brave Browser overlay was soliciting BAT donations on his YouTube page without his knowledge or consent.
In response, Scott wrote an extensive Twitter thread covering the incident, which eventually caught the attention of Brave CEO Brendan Eich.
I don't ask for donations or crowdfunding on any platform. If that ever changes, it'll be incredibly obvious. If someone's asking you for money or suggesting that you can donate to me, it's not true and you should stay well clear.
— Tom Scott (@tomscott) December 21, 2018
This isn’t the first time Brave has courted controversy: their ICO and extremely extensive telemetry via the “intent casting system” they’ve built has been criticized since the beginning of 2016 for venturing into dangerous privacy territory.
Of course, those particular criticisms were largely speculative. This time around, things are a bit different.
As Scott explained in his thread, Brave Browser apparently represents prominent online personalities as accepting donations of Brave’s BAT regardless of whether the person is even aware that the donations exist.
“So if you thought you’d donated to me through Brave, the money (or their pseudo-money) will not reach me, and Brave’s terms say they may choose to just keep it themselves,” Scott said.
“It looks like they’re ‘providing this service’ for every creator on every platform,” he added. “No opt-in, no consent … Brave believes opting every creator into their system, and holding donations without consent, is ethical and in line with privacy laws. They also claim that a domain name or YouTube channel URL is not personally identifiable information. I disagree strongly with both of those.”
Brave’s CEO Eich later explained Brave’s “user flows are off-chain” in a “semi-decentralized” fashion, a suggestion that Scott’s concerns could ultimately be addressed.
We have a semi-decentralized approach because blockchains are slow, costly, not anonymous, & immutable. Funding and settlement wallets on chain allow auditing to see us take fees we promised and no more, but user flows are off-chain & use ZKP anonymity. All ids off chain, in db.
— BrendanEich (@BrendanEich) December 22, 2018
Still, Scott wasn’t impressed.
“I think opting untold numbers of people into a donation system, and taking donations on their behalf without their consent, is unethical,” Scott told Bitsonline. “I also believe that it’s a strong GDPR violation, but ultimately that would be up to the regulator!”
“I’m glad that Brave is making their UI clearer, but I don’t believe that’s anywhere near enough to justify their approach. The system should be 100% opt-in.”
Where to Next?
In effect, Brave is seemingly injecting false liquidity into their system by soliciting donations from the BAT userbase on behalf of people completely outside their ecosystem.
The full extent of this practice is unknown for now, but the application does not yet feature an opt-out mechanism or any transparent way to check that you’ve been included in the scheme without using the app in the first place.
Brave has quietly acknowledged the issue and is working on scaling back this problem — one they engineered in the first place — but right now you’ll have to file a formal GDPR request with them if you want to be taken out of their system.
We've heard your feedback and we're making changes to Brave Rewards (available tomorrow). It will 1) clearly indicate which creators have not yet joined & 2) not show unverified creator images in tipping panel. More features for near-term, see details: https://t.co/vwTt6ED6gV
— Brave Software (@brave) December 23, 2018
If this abuse is anything to go by, concerns about how much information they’ve been collecting on users while playing lip service to privacy were well founded after all.
What’s your take? Is Brave in the wrong here or not? Let us know in the comments section below.
Images via Pixabay