Brave taking cryptocurrency donations “for me” without my consent

I am not too familiar with how Brave and BAT (Brave Attention Token), so please chime in. Here's how Brave describes the BAT YouTube donations system: https://basicattentiontoken.org/brave-expands-basic-attentio...

From my understanding, users of the Brave Browser select which YouTubers to donate to, but they don't know whether the channels have opted in to receive donations? What does Brave do with unclaimed donations? Someone pointed out this concern in an earlier submission: https://news.ycombinator.com/item?id=15730661

Furthermore, OP said that they might not be following GDPR due to collection of YouTuber data (to assign donations). IANAL, anyone know how compliant this is?

From the comments there, a lot of projects dealt with that one by acting against such an abuse of their trademarks.

basically he plans to keep it working the way it works now, "opt out" and all - he's confident this is a completely legal way to work

I've thought of something vaguely similar – documenting website behavior and optimization opportunities without the involvement of publishers. It would be nice to have a known online resource/repository for this, kind of like the security vulnerability communication website that I can't remember at the moment.

It's end-to-end encrypted. Mozilla doesn't have the keys.

Who says it has to?

> How would we automate consent from the relevant webmaster, website owner, etc?

Same way Let's Encrypt does for SSL - put a file in `.well-known` indicating you want it and consent to it.

I would also like something like the easy user switching that chrome has, since once user would have one set of session tab logins (twitter, fb, google, etc), and another user would have another. firefox -no-remote isn't that smooth of an experience compared to chrome's user switcher.

There's a huge difference between sending someone money without their prior permission and creating a system to solicit money to send to someone without their prior permission.

If you were wrong about Brave, your concerns about Firefox and Mozilla could be wrong as well.

There's nothing wrong with the all-purpose heavily featured approach of stuff like Chrome and Firefox, and I get that other people like Sync, I just really wish there was a totally stripped down basic internet browser I could trust.

The answer appears to be "technically", and "sue if you think you're big enough".

Not sure why you don't like Brave? You can turn off all of the crypto currency and advertising stuff. I think its a good idea personally. What is the problem in usurping googles ad business, exactly?

I can't really speak to Firefox's performance issues though. I feel like they're just as good on rendering and JS speed, but the overall UI doesn't have the same "fast" feel that Chrome does. Chrome has also seemingly gotten slower for me too.

[0] https://addons.mozilla.org/en-US/firefox/addon/multi-account...

> it's clear that they just don't want people to use their web browser on mobile devices.

Which is clearly user hostile.

Reddit does a similar thing whwre they artificially delay showing thebpage and then block a quarter of it with a banner asking you to use the mobile app.

According to https://brave.com/publishers/

- once you have accumulated $100 in contributions they email “the webmaster at your site” and the owner of your domain according to the WHOIS. I assume this is “webmaster@domain.name”, which I sure don’t have set up on my personal site.

- you have to “check your balance frequently and transfer funds wherever you choose”, which suggests that there’s no way to just say “send my my balance every month” and forget about it.

This whole model totally breaks down when you remember that there’s a ton of independent creators who don’t have their own sites, but instead post stuff on another site. Is Brave going to realize that I’m following this particular person on YouTube, that person on Tumblr, this other person on Deviantart, etc, etc? And are they going to ping them or are they just gonna tell the people who own the site?

The page where you sign up to receive payments (https://publishers.basicattentiontoken.org) makes it sound like they understand YouTube accounts and nothing else, and as a creator whos interest in pivoting to video is nonexistent, screw that, I’ll stick with Patreon and it’s opt-in model that just transfers money into my bank account every month as long as I have patrons.

[0] https://twitter.com/BrendanEich/status/1076187316748615680

> "... Tom has a point, we should let creators say "no thanks" and be auto-excluded. Users may already auto-exclude unverified sites/channels. We will work on this."

This makes your interpretation disingenuous, or uncharitable at best.

[0] https://www.mozilla.org/en-US/foundation/annualreport/2016/

What exactly is your problem with an opt-in service?

It's not like the browser is setting up a crowd funding page for you.. it just lets you know you can pay your favorite content creators how you want instead of a huge unfair chunk going to google.

And for the record, and of you are free to send me money in any which way you can, I even accept trained pigeon courier!

I am backing Mozilla each year with small donations and yet I am not using Firefox. I tried many times and I always return to Chromium (Brave on mobile and Chrome on Desktop).

So my solution is for Mozilla to fork Chromium and see what happens.

Do they? I just skimmed the source and could not find anything that hints at that (and implementing it the way you said it is makes for much more complex code..)

Use of the first person in titles refers to authors, not submitters.

For the average user—think your uncle who's about to ask you tech support questions this weekend—using Firefox Sync is way better for their privacy and security than reusing the same password everywhere. And for those of us who have and use password managers, Firefox Sync is not on by default—unlike Brave's attention-tracking or Chrome's Google logins.

But yeah, the whole situation is ridiculous, might be grounds for a nice lawsuit.

Surely the recipient has to create a PayPal or Western Union account first, which constitutes giving permission for that company to take payment on their behalf.

And in fairness, the complaint isn't even that money is being sent to people without their consent. The problem is that the money isn't actually being sent to those people at all — Brave are keeping it.

On the user-facing side, he’s replacing ads with his own, like a cheap motel WiFi. If you trust this blatant power- and money-grab with your privacy just because you see common cause with his mission to see traditional journalism die, I won’t shed a tear when we find out he’s selling clickstreams to the highest bidder.

But in this case, I'm assuming the user must have a private key (for signing BAT transactions), so they could build a feature in the browser to sign messages using it.

Isn't it pretty much like this? How many people would use some other way of giving a creator money if they knew that the creator isn't actually signed up for Brave's thing and they're creating additional work for them, or that the money might even be distributed to others at some point?

EDIT: some screenshots: https://twitter.com/ummjackson/status/1076221401353207808 - zero indication that's not going directly to the creator

https://github.com/brave/brave-browser https://github.com/brave-intl

You're right the business model is advertising, very similar to Google. However the key difference is that they're trying to enable ads in a way that is privacy focused. They don't let websites track you. The whole point is that there are client-side algorithms that decide what advertisements to serve you.

"Hello. It looks like you are using WordPress!"

"Your domain is NOT using HTTPS.Uh oh! Your domain is NOT using HTTPS. You will need to fix that before continuing."

"The following error was encountered: SSL_connect returned=1 errno=0 state=SSLv2/v3 read server hello A: sslv3 alert handshake failure"

Why do I need to be using HTTPS before you'll think about paying me, Brave? I've been getting along posting comics on my HTTP site for an entire decade, and I'm really not interested in bothering to set that up. You are really not built with any understanding of the level of technical knowledge among people who make art, are you. And I'm unusually technical for an artist.

Oh wait there is a 'choose different verification method'. I can place a trusted file in my domain? Nope. Requires HTTPS. Or I can add a record to my DNS settings; let's try that... looks like I gotta wait for the dns to propagate, that's always fun.

Source: https://github.com/privacytoolsIO/privacytools.io/issues/274...

i found that post because the un-googled chromium author linked to it here: https://github.com/Eloston/ungoogled-chromium/issues/640#iss...

https://github.com/brave-intl/bat-ledger/blob/master/documen...

The current process is the data is anonymized and then sent out for privacy reasons.

They don't adequately explain what happens if a project has no 'lifters' and it sounds like it could have the same problems as Brave.

It shouldn't be opt-out, it should be opt-in -- if the purpose is to give donations to creators then surely those creators should agree to receive donations (especially since donations have to be included in tax filings and so on).

For "donations to a creator" to be used for a different purpose by the party that is mediating donations appears (to a non-lawyer like me) to be some kind of charity fraud.

Brave is a startup with a small team earnestly building a new thing that combines a browser with a tipping system, with creator tools, with ad blocking... it's ambitious!

As it's a new thing, describing it can be messy sometimes. We're always working to make our language better and clearer though. Thank you for letting us know it fell short for you.

To address a point:

We know there's a lot of creators on a lot of platforms. At the moment, we've built support for creator channels in the form of web sites, Youtube channels and Twitch channels. When I joined this past summer I had the same reaction. "What about Tumblr? What about Twitter?" Each new platform takes time to write support for and we have a long list of features requests. We'll get there!

I'd be surprised if this will be deemed legal, once more people will find out that there is a company collecting donations in their name and without their consent.

Contacting creators as soon as they receive their first tip may help. Otherwise it just looks like they're capitalizing on our content and keep the long tail of donations indefinitely, while also making it less likely that we get contributions from Brave users on other payment platforms, since as far as they know, they are already supporting us through Brave.

https://twitter.com/JTremback/status/1076213808706641925

I'm sure there's UI/UX stuff in Patreon that could be better. That doesn't mean they don't want creators to get paid. It just means there's room for improvement.

If a judge finds they've established themselves as a trustee, this argument won't fly. In fact it will make a quite spectacular and expensive thudding sound.

The trustee-beneficiary relationship arises from the situation and does not require a contract to be formed. If you are the legal owner of assets "for the benefit of" someone else, congratulations, you are probably a trustee.

Why does this matter?

Because trusteeship comes with a fiduciary duty. Fiduciary duty is a heavy burden. If it's applied to Brave it will create merry havoc: a pile of money that they cannot touch, under any circumstances. A pile of money that they must return, if it cannot be forwarded to the intended recipient. A pile of money that cannot be mixed with anything else in any way. The requirement to put the interests of the beneficiary ahead of their own. And on and on.

It's an attempt to be clever at marketing, to create an incentive to sign up. But as a legal situation it's a swamp full of unstable turd grenades.

... of course, I am not a lawyer and this is not legal advice. Maybe Brave found a friendly jurisdiction or a quirk in trusts law that they can squeeze through. But given the history of startups wishing that law doesn't real, I kinda doubt it.

Aren't the Brave ads opt-in?

Maybe the legal defense applies the same logic of consent in third-party tracking (third-party provides the service in behalf of the first-party, to whose terms you agreed by using its service. Even that may clash with laws like GDPR):

Brave, third-party, is providing a service to the first-party – the browser's user – who contracted it as a way to provide a best-attempt donation for the creator.

(If it's not obvious, I'm not privy to the details AND US federal and states' law)

The only legal way I can see to do what Brave currently does is to spam the hell out of creators (ah, growth hacking) when someone attempts a donation, but only take the money after the creator signs up.

This is why the "move fast and break things" ethos is a terrible idea for anything more substantial than social media. See Robinhood, Theranos, etc., etc.

IANAL but GDPR refers to personal data collected from users. The only "Youtuber data" being "used" here is publicly gettable data from the Youtuber's channel.

This cycle will repeat for any service that allows a platform to collect payments on behalf of users without asking the recipients for consent in advance.

Bid on the exchanges for the ads you want to block. Then serve cat pictures (or whatever). The creators will get paid through the existing payment infrastructure and you don't need to build an entirely parallel, opt-in system that will probably never gain enough traction to be worth using.

I've seen some "very nerdy" people engage in some "incredibly selfish and shady" activities, so I can't help but laugh at that idea.

Paypal does the same, and automatically returns the money to the sender if it's not claimed for a while.

Wait, but that's exactly what you're doing to Tom Scott by collecting money in his name after he's asked you not to.

For each Publisher URL receiving votes during a Calculation Period that is not a Brave Publisher by the end of that Calculation Period, the BAT corresponding to its votes will not be distributed at the end of that Calculation Period, and will instead be held in an Uphold omnibus wallet for no less than ninety (90) days thereafter. At that time, the undistributed BAT may be sent to Company’s user growth pool, which is a pool of BAT that Company administers to incentivize use of the Platform [..] Publisher Contributions will be calculated solely based on our accounting. Solely as a cost-recovery measure, we may allocate a certain amount of BAT contributed by Brave Contributors each Calculation Period toward our reasonable expenses incurred in facilitating Publisher Contributions. (https://basicattentiontoken.org/contributor-terms-of-service... section 4 "contributions")

Sounds very much like "we can redirect this from escrow if we want to".

My friend Mark had an accident and I think he needs help paying for it. Would you give me some money to help Mark pay for his medical bills? Thank you, I'll just put it in my bank account until Mark asks me for the it.

Trust me, I'm trying very hard to let Mark know I have money for him. I'm going to send a letter to his parent's house so he knows that I have money for him, but only when I get $100. In the mean time I'll just hold on to the money.

Oh Mark never got the money you gave me to give to him?

Well, you only gave me $75 so I never sent him a letter.

Well, it turns out Mark isn't on speaking terms with his parents, so he never got the letter.

Well, he has health insurance and didn't need the money after all.

Where's the money now? I guess it's still in my bank account. No you can't have it back.

The text on the page - as I see it now - says "Do you run a web site or are you a YouTube creator". I think that doesn't say "YouTube accounts and nothing else", since it explicitly mentions "web site" before Youtube.

I do understand the frustration though of those who don't see this. Brave could warn visitors donating when the content owner hasn't set up Brave Payments. Brave could refund said money back to the visitor if it goes unclaimed after a while. Just random ideas from someone who actually likes their attempt.

It was such a great concept that would work all the way from first introduction to a hypothetical future where everyone uses this and nobody sees ads.

Mobile Chrome means zero extensions and ad hell, so Brave it is. Same Chrome engine and UI (swipeable tabs is something I miss in Firefox Android) and adblocking.

That being said, I've been using Brave on Android since early 2017, and it's been great. I don't think the BAT stuff is in the mobile version, but I did see it on the desktop Windows version recently.

If the person doesn't want to make money from their fans, that's their choice and it's not cool to possibly mislead fans into thinking the person is taking their money.

It's a pain for people to have to constantly monitor all the random sites collecting money "for them". New services are popping up all the time, how are people supposed to keep track? No, Brave is not going to be able to find the correct way of contacting everyone.

If your service is great, why not make it opt-in and advertise it? Patreon succeeds because people want to sign up and make money from it when they're ready to do that. I believe you're all trying to do their right thing and not take anybody's money fraudulently but this isn't the right thing.

Or to couch it in the form of a GenX nerd reference: if you're taking donations in my name, you're telling me about them by putting a note to that effect in a locked filing cabinet stuck in a disused lavatory with a sign on the door saying "Beware of the Leopard".

Realistically, I would say it'd look a lot less suspicious if you stopped taking donations for people until they have actually opted in. I'm on Patreon because one of my fans said "hey I really wanna start giving you money for your comics, would you set up a Patreon?", not because Patreon found my stuff and set up a tip jar for me.

Also automate the payouts, if I have ads on my stuff then I get money every so often as long as I've accumulated more than the minimum payout, but I have to remember to go check with Brave? Come on, it can't be more than a couple day's hacking to give a creator the option to say "pay me every month if I'm above $minimum_payout". (And if this is a thing you can now set up to happen regularly, there are webpages that need to be updated to reflect this.)

Your investors are rewarded by the cryptoasset price rising from more people buying the tokens than selling them.

Do you honestly not see the problem here?

And that's even before we get into the TOC which explicitly permit you to confiscate funds not claimed within 90 days for growth marketing use....

I'm surprised how anyone could think this was a good idea, or even legal. What wouldn't surprise me is an incoming class action.

The real issue here is that consumers are using the same tactics creators have used since the first ads appeared on the internet, and now the content creators are upset. If they don't like the new rules then block me, some sites have already done that with Ad Blockers and paywalls.

(1) Any person who, on or in connection with any goods or services, or any container for goods, uses in commerce any word, term, name, symbol, or device, or any combination thereof, or any false designation of origin, false or misleading description of fact, or false or misleading representation of fact, which—

(A) is likely to cause confusion, or to cause mistake, or to deceive as to the affiliation, connection, or association of such person with another person, or as to the origin, sponsorship, or approval of his or her goods, services, or commercial activities by another person, or (B) in commercial advertising or promotion, misrepresents the nature, characteristics, qualities, or geographic origin of his or her or another person’s goods, services, or commercial activities,

shall be liable in a civil action by any person who believes that he or she is or is likely to be damaged by such act.

Your UI really looks like Tom Scott has signed up to receive donations through you, not like you've scraped his photo and name off twitter and written a fundraising plea with zero mention that he's never heard of you and that you won't even try to contact him until $100 accumulates and then only half-assedly.

For most of us this is our first exposure to your model and UI, so that has set a very negative expectation. This looks like a scam and I'm now trying to figure out how to know if you've scammed any of my users without doing anything like installing Brave or signing up because your metrics probably count that as success rather than suspicion.

It's possible that Brave has found some sort of loophole that allows them to do this, but I haven't verified that.

https://en.wikipedia.org/wiki/Money_transmitter

Since Tom Scott didn't sign up, how would Brave know to contact him? Some default webmaster@example.com email that may or may not even be registered?

https://screenshots.firefox.com/tqACbxJj731kH7Ri/pro.coinbas...

The fact that you can't sync container configuration between devices is also a huge pain point, when you have a nontrivial setup.

I still use them, but I accept that I'm going to endure some pain now and then; I can't recommend Firefox containers to people who just want to get work done right now.

Western Union can refund money sent if it hasn't been collected by the recipient.

Western Union doesn't require a minimum amount of money be sent to a recipient before they collect.

Really, it is 1 & 2 together that seem to mark this clearly as fraud. 3 doesn't help either.

Keybase had a better idea: tie various identities to something stronger (private key). That way you can say: I'm X on reddit, Y on HN, Z on YouTube, etc. I think Brave could follow the same model, just make it seamless (or partner with Keybase).

You could take it further. Why one and not multiple owners? Imagine you have a handle H on HN and then that handle publishes 5 messages of "My public key is XYZ". Then if someone were to donate to H through the system you could split it between participants.

And you could run with that! Why even split if you could build some crypto system of control on top of that through smart contracts that lets you basically manage a small organization.

But if the idea was to 1) create token and 2) YOLO and yeah, lawsuits incoming.

But it could be that they have good lawyers and that it is actually legal (although as I write it I don't believe that, haha)

And even without the clause, if they truly held it in escrow forever, taking money unasked without a way of returning it, is still a bad thing. Given this isn't the first "support creators" app doing this and getting publicly shamed for it, I have no idea how that went through.

That said, it's better if it's someone other than Google doing it. Google only has access to bid on the Google exchanges, but a 3rd party can bid on AppNexus, private exchanges (WSJ), etc.

What do you think the word active means?

You're nowhere near them. You're in the same mental headspace as ICO scams because you're also promising that if we give your cryptocurrency a bit of money the riches will rain down for everyone. You need to radically change your rhetorical approaches to this PR disaster (not to mention this "feature") if you hope to start building trust.

I honestly like the BAT idea. This is not the way to implement it, and based on the responses from Eich on twitter, and the representative in this thread, it seems like they aren't going to willingly change their scheme.

https://www.ftccomplaintassistant.gov/

Have you tried it lately? I agree that it used to, but it has improved vastly. It's my daily driver now.

Brave's attempt to find a new way to pay content creators (and, sure, insert themselves into the process) seems to be in good faith. And I'll admit that the complaints are mostly in good faith too, especially that there should be a feature to opt-out, or there should be a way to receive your funds automatically (I'm surprised and don't 100% believe that there is not).

But the complaints and arguments saying this is "fraud" seem to be in bad faith. There's no evidence that these donations are completely irretrievable from the creators they were intended to go toward. Stop emotionally throwing around the word "fraud" as if there's criminal intent here for Brave to keep every penny of donations, zero intent to ever make that money available to the intended recipients.

https://coinmarketcap.com/currencies/basic-attention-token/

And until you write that support do you still take tips and send them to the whois account holder of the domain? Or do you block tips?

This, of course, is exactly the same model as many pieces of toolbar malware, with the genius addition that by letting publishers opt in to receiving a small fraction of the revenue, they hope to make it easier to accept the loss than to sue.

Of course they'll respond by saying that users choose to download and run Brave. But the long term financial success of the project is dependent on most users either not knowing or not caring that their browser is inserting ads into webpages and taking funding from publishers (and maybe "opt-in" to seeing replacements ads through some UI dark patterns, I don't know). Frankly I don't see any real difference between this and the average toolbar that promises to "add value" to the browser.

Brave has the worst business practices of any open source company I know of, and they're a blight on the community in general.

Still need user switching although, because sometimes I want to separate multiple google/twitter/etc accounts for example and still want the automatic url-based container activation.

If brave implemented containers although, I would probably use it because chrome works better than FF.

Relative to that complaint:

> Brave is a startup

... is not relevant.

> with a small team

... is not relevant.

> earnestly

... is not relevant.

> building a new thing

... is not relevant.

> that combines a browser with a tipping system, with creator tools, with ad blocking

... is not relevant.

None of these things are relevant to the complaint being offered. It doesn't require a large team to not solicit money in other peoples' names. It doesn't require an established product to not solicit money in other peoples' names. It odesn't require checking off all the boxes on your feature TODO list to not solicit money in other peoples' names. All it requires is to not solicit money in other peoples' names.

If the tokens are valueless, then what is it they're offering? If they have value, how are they excused from usual rules?

Even more workable is to be opt-in only. That's what I would do (to the point that I developed a protocol that's purely opt-in).

Interest has dropped to 0, and they go to my shitlist with all the other crytpo-scam stuff prevalent these days.

Edit: Now that I've seen the screenshots of just how blatantly Brave pretends the creator has a profile and actively set this up, this is absolutely fraud. From further down in the comments of OPs original link: https://twitter.com/ummjackson/status/1076221401353207808

For example, consider http://www.vim.org, which hosts the text editor Vim. The author, Bram Moolenaar, makes this editor freely-available, and asks that any donations be directed to ICCF Holand, a charity that serves the Kibaale Children's Center in Uganda.

The Brave browser, as it stands now, inserts itself in the middle of this established reader/contributor relationship and now claims that it'll take your donations and administer them on Bram's behalf. The user who falls for this scheme then sees what appears to be _additional_ requests for donations (the _actual_ request). _At a minimum_, this inserted message sows confusion where there once was none. In the worst case, money that would have gone to the ICCF is now held in escrow by Brave, and may or may not be delivered, and if so, will go to Bram directly rather than to the charity he hopes to support.

This is just one example of how the browser intercepting and modifying what you see is a truly bad design (intentional or not).

i'm thinking about starting to accept money on behalf of Hollywood stars like say Tom Cruise. Once $10M is collected (obviously there is no point in bothering Tom with lesser sums) i will do my best to deliver the money to him.

Expanding your point: banks haaaaate this kind of business model. They see it as a fertile breeding ground for chargebacks, which are very expensive to them.

Assuming there is some jurisdiction where this particular arrangement is potentially criminal, what will matter is not why Brave intended to do it. What will matter is that they intended to do it.

Needs a lot better way for them to contact creators, too. Probably they need some actual humans figuring out contact methods for a few years of growth instead of just assuming that "webmaster@domain.name" will get to the right person, and slowly building solutions for multi-user platforms based on the overall revenue of those places.

(Wedging into multi-user platforms by blocking their ads also has the problem of who's gonna pay for the servers if all the ad money gets siphoned off by Brave.)

I don't fully understand what you mean here. Are they attempting to take out loans or credit cards for their own use with this person's information, resulting in potentially ruinous consequences for this person's credit? Rhetorical question in that case, but really, I'd like to understand what you mean.

Is it in reference to your first sentence? My assumption is that people using the Brave browser or extension (I don't know how it works) would see these donation solicitations on every blog and understand that they're (Brave) collecting donations on behalf of just about anyone, not some specific person they are pretending to be, and not in any sense where these people are opting in to their platform one-at-a-time.

FWIW, you can create an account manually and withdraw with << $100 in your account. $100 is just the limit for them to notify you.

I don't know how MacOS works, but if you set your Firefox shortcut to firefox -P you can switch profiles by restarting Firefox. Granted, it's not as nice as Chrome, but it might still be of worth to you in some way.

You have to double click on your special shortcut with the command line option, and if some other program tries to open a url with firefox as the default browser with the -no-remote / -P command, then it will just not work if you have all users open.

While with chrome it's 2 clicks away and no edge cases making other apps opening urls not work.

As far as consequences to the person - asking for donations in and of itself affects one's reputation.

You're taking money on peoples' behalf without their knowledge or permission.

What the fuck more is there to understand?

Here's the bright ethical line: don't accept any money unless you can be assured that you can provide it to the beneficiary. At least failing that, make it abundantly clear to donators that there's no reason whatsoever to expect the funds to actually go to the recipient.

The moral hazard is blindingly obvious: the worse you are at getting funds to where they should go, the more money you make.

This is going viral and it's time to talk to your lawyer about your personal liability in this clusterfuck.

Presumably you'd be entirely happy if I made a fork of Chromium or addon that asked for donations on every Brave related site and personality.

I'd try and tell you via whois data (even when it's twitter and YT that doesn't have whois lookup for end users) when the amount passed $20k. I'd go with $100, but as it's a side project I can't yet add a system to manage smaller donations. It's on the todo list.

You can withdraw funds earlier if you ever happen to randomly discover I'm collecting donations for you. Otherwise I'll sit on it to help with development and hosting costs. Thanks.

Brave Co would be happy with this and would not resort to lawyers?

Chrome Extension: https://chrome.google.com/webstore/detail/clearcoin-the-ad-b...

The main difference is that you don't have to change browsers, just install an extension.

Chrome Extension: https://chrome.google.com/webstore/detail/clearcoin-the-ad-b...

It's for the Greater Good™!

https://ludios.org/tmp/jon_blow-fs8.png

https://ludios.org/tmp/jon_blow2-fs8.png

A company collecting charitable donations? No, that deserves immediate scrutiny. Your business model is beyond sketchy. You're approaching this with an affronted "but we're all nerds here!"

It doesn't matter if you're a nerd working for a crook, a crook claiming to be a nerd, or just a crooked nerd. But the business model has a smell and if you don't recognize it then you're merely complicit.

But acting dumb and carrying on is an inflammatory action, when your actions are ethically bankrupt -- an inflamed response is warranted and quite reasonable in this situation.

It's like, very obvious that this would be an issue.

[1]: https://news.ycombinator.com/item?id=15723512

[2]: https://news.ycombinator.com/item?id=15735214

I wanted to comment on the "fellow nerd" trope -- I don't see why it matters that you (or the majority of Brave) are nerdy. That doesn't mean you are somehow incapable of acting unethically or committing fraud. Many of our "fellow nerds" have broken the law. It doesn't diminish their intelligence, but it does reflect on their morality.

It's a non-sequitur.

I suppose the presumption is, once (if) Brave reaches critical mass, or gets enough press, there won't be a monetizing content creator on the web who isn't aware of it.

My apologies if you know this already. It's just that the "whois" email is not really telling the full story. Unfortunately, this is the best (only?) option they've got to try and contact the creator at this point.

I'll send you $20, if you agree to try to get $15 to the XKCD guy somehow.

If you accept this deal, have you broken the law?

Except the money goes back to the Brave user pool and ends up in the hands of creators who have opted to participate. Brave's hope is that every content creator will eventually register to collect what's theirs. Their business model depends on it.

Before judging, please read their materials (and examine their pedigree). It's pretty clear they are thinking much, much bigger than what you're accusing them of. This a Google level play, not some two-bit micro-transaction scam (if anything, it's a little bit too ambitious).

This all goes without even mentioning the huge privacy gains to be had for end users if their model works. I encourage you to have a look into that as well if it's a topic you're interested in.

Time will tell if they succeed or fail. But if they fail, at least they'll do so "while daring greatly".

You most certainly can go door to door and solicit donations to a charity you have nothing to do with...as long as you actually fulfill the contract.

Strictly speaking, Brave is not doing that. The fact that the originator of the solicitation is Brave, and that the potential end-recipient may not sign up to receive the funds, is disclosed.

It's an escrow fund that would release the funds to a particular party should they choose to claim it. That's how the contribution service is marketed.

I'm kind of confused as to why everyone here is up in arms. The UI denotes whether a publisher is verified or not. I never believed that Brave was trying to mislead me to where my donations were going. This feels like a simple misunderstanding.

Oh, turns out Brave doesn’t have its own UA: https://www.ctrl.blog/entry/brave-user-agent-detection

What a dishonest product.

In that case, get your lawyer to google “passing off”. Just because a photo is publically gettable doesn’t mean you have carte blanche to do what the hell you want with it.

Heck, even just the one add-on that lets you sleep your phone while a YouTube video continues playing is well worth using Firefox. Such a basic functionality isn't enough reason to get YouTube Red.

And then, you have add-ons like ublock origin that give you the Brave-like functionality without all this brouhaha.

Host your own ads and I won't block them. Until then F off.

US criminal courts can order defendants convicted of fraud to pay restitution to their victims.

Standard Chartered Bank, Frankfurt, Germany; SWIFT/BIC Code: SCBLDEFX

IBAN: DE67512305000500136802

Beneficiary Name: SVB-Mozilla Foundation

You're helping a great project that way! (Note: You might not actually be donating to the Brave Browser directly and some of the funds may go to other projects.)

The fact is the original complainant, Tom Scott, and many others, find that practice abhorrent, and the response so far has been deflection or vague promises that the Brave team want to help content creators, whether they want the "help" or not.

I would love to hear how you think Ad Blocking is blatant copyright violation, or how linking to content on the internet is misrepresentation.

Every time the status quo has shifted in advertising people have claimed its illegal and a violation of copyright, but the courts have been much more nuanced. Thankfully in this kind of case you can't separate ad blocking and content discovery from what brave is doing, so if someone is going to pick a fight they will be picking the fight with Google, Microsoft and every other tech company out there not just with Brave

https://www.google.com/search?hl=en&q=Tom%20Scott

You're the bad guys here and you can't see it because you think everyone else is Google and Facebook and tracking people. People want nothing to do with either you or them. But clearly less to do with you.

I'm not surprised that the angle is "sure we're bad but people will have to go for the guys with big pockets first". At least you know you're the bad guys. That's something.

In any event, the confusion is our fault and we're working on updating the UI and language to be clear based on all the feedback we've gotten.

The idea you think I, someone with no affiliation with either Brave, or Google, or Tom, is a bad guy because I want to support content creators is laughable. I think the idea that there is a way users can control their personal information and still support content creators is really upsetting to people who are used to being able to dictate the terms of the internet and get wealthy off the backs of users and creators. I for my part won't let random corporations take my information and sell it to anyone who wants. I know that may make some people want to label me a bad guy and I am ok with that. They can continue to participate in that economy, and creators can block my browser. As long as they allow me to freely obtain their content I will use the systems I find useful to attempt to support an open and fair internet.

In any event, the confusion is 100% our fault and we're working on updating the UI and language to be clear based on all the feedback we've gotten. We must do better.

We shipped a UI/UX that was confusing. We originally used checkmarks to denote creators participating in the program but did not have clear language or markers for creators not participating in then program. Many have pointed out the problem with that, which is helpful!

That's all being updated now and will hopefully roll out very soon. We've heard the feedback and will make sure no creator assets are used for non-verified creators, that it's clear non-participating creators are not in fact participating, and that any tips sent their way will not in fact reach them unless they choose to participate. We're also adding more clarification around what happens to funds "tipped" to non-participating creators.

We want it to be clear if Mark is part of Brave Rewards or not.

I had ads on it just fine without HTTPS. I’ve had PayPal links without it, I’ve had Patreon links. Getting Brave hooked up is a giant pain in the ass compared to everything else I’ve tried.

Most creators are less technical than me and wouldn’t have even gotten that far, and if Brave was taking donations in their name they’d never get paid out. Which kinda sounds scammy to me.

I can set up PayPal donations by including a simple link.

I can set up Patreon donations similarly.

I’ve claimed my site with Google by putting a file in a hidden place. Worked fine over HTTP.

But Brave? Brave, I gotta get this ten year old site converted over to HTTPS. Or wait for DNS to propagate for half a day. All the while y’all might be “taking donations” for me that I’ll never see unless I get this sorted out. Honestly I’ve spent enough time on this that if I don’t see that your site’s seeing my DNS tweak when I poke at it today I’ll probably just see about making my site refuse to serve my content to Brave instead; I’m happy serving my stuff for free but not happy with y’all making money off of it.

Or, better for you personally: how about you hand in your resignation and retain an attorney?

Here's the thing: people who get away with this type of thing (sorry, "exciting and new crowdfunding option for creators", or whatever y'all prefer to call it) tend to get away with it only for as long as the targets of their "fundraising" are small-time creators who don't have the resources to pursue action against it. But sooner or later, even if only by accident, Brave's going to impersonate (sorry, "offer exciting crowdfunding options on behalf of") some entity that has resources, including lawyers, and it's going to end badly.

When that happens, a possible outcome is that they will suddenly "discover" all your statements on their behalf in this thread, and that's when it will end badly for you. Oh, that wasn't our position at all, oh, he wasn't authorized to speak like that on our behalf, oh, that's definitely not what we intended, we'll take action immediately to remedy that! The absolute best outcome of that for you is you get fired for cause. The worst outcomes involve you becoming the target of multiple legal actions.

I'm not an attorney and I'm not giving you legal advice. I will give you sincere personal advice: resign, hire an attorney. Find another job working somewhere that poses less of a threat to you.

As to why people will come after you, let me count the ways:

I know people who blog or create YouTube videos or whatever and are very careful not to monetize, because they're disabled and can't work but still need something to fill their days. But disability benefits are means-tested and income streams are constantly investigated. If a benefits agency decides that your scheme is providing income to a disabled person, congratulations! You just cut off their income, and they probably never even knew you existed. That's bad.

I have worked with several open-source projects that rely heavily on donations to keep going. They all have prominent things on their websites directing people where to go to donate, but you'd like to hijack that and instead send people to something the project doesn't know about and may not be able to collect on (especially given how often you flush the "donations" and how many hoops it seems people have to jump through, which many commenters have identified as something that makes them think this is a scam). Congratulations, you just took resources away from the project. And, for projects which use nonprofit foundations to manage fundraising, you just created tax issues -- what happens when the taxman doesn't believe the "we didn't know about them raising money for us" story?

And round and round and round we go. You're going to be hurting those people to make money. If you have a moral compass, it should be pointing heavily toward getting the hell out of there, as soon as you can.

Plus, crypto in general is in weird legal space to begin with. Lots of people can't afford to have you dealing in potentially unregistered securities in their names and without their knowledge or consent. In the US that could easily lead to federal felonies for them, because of what you did.

So, look. I've seen this pattern again and again and again. What Brave is doing is not a new idea. It's widely, roundly, solidly despised, both because it's an unwarranted intrusion on other people and because it creates such nebulous but frightening potential consequences for them. I've also been waiting for one of these crypto "fundraising" operations to finally go far enough that someone (either an entity with good lawyers, or a regulator) bothers to turn them into a smoking hole in the ground as an example to others. Maybe that's the ultimate fate of Brave; if it is, I won't shed any tears.

Best thing to avoid that, as I said in another comment, is to quit and get a lawyer.

That is precisely what the browser is doing.

This can have harmful consequences for the people they do it to. If someone's on a means-tested disability benefit, for example, and makes youtube videos to blow off steam, what happens when the benefits agency discovers that they have a funding option through Brave? A funding option that they didn't know about, didn't ask for, and didn't get paid out of (because the tokens get quickly flushed into the "growth pool" when uncollected)? Is Brave ready to be responsible for them losing their support mechanism?

If they start collecting on behalf of an open-source project that already has a nonprofit foundation for fundraising, what happens when a tax audit turns up this undisclosed funding stream that the project didn't know about and didn't ask for? Oops, there goes your nonprofit status! Is Brave ready to be responsible for that?

About every six months someone comes up with this "brilliant" "new" idea to crypto-fundraise on behalf of other people without telling them. And we have the same thread where people point out the same problems. And then like clockwork someone does it again. My hope is that one of these times, the people behind it get so utterly and completely financially ruined that it finally puts an end to the cycle. Maybe Brave will be the one to finally face that.

Brave apparently does (based on screenshots shared by others; in order to preserve my right to legal action in the future I'm very carefully never going to personally do anything that would require accepting Brave's ToS).

See my other comments in this thread for why A) that's a bad thing and B) if you work at Brave you should quit and hire a lawyer.

No, it addresses the collection and processing of personal data no matter where it is collected from.

> The only "Youtuber data" being "used" here is publicly gettable data from the Youtuber's channel.

Which is personal data that YouTube has collected or created associated with services they are providing to the user. They are responsible for their collection and use of it, but that doesn't authorize third-party collection and use of it under the GDPR. Particularly, the GDPR definition of personal data subject to the rules it imposes does not exclude information which is “publicly gettable” from some other party than the subject.

Also the idea your in more legal jeopardy working at Brave, then you are working at any other company is silly. There is a distinction in corporate liability between employees and officers of a company ( its why no Thanos employees have been held liable for the fraud there). It makes me wonder what is going on when I see people participating in such strong fearmongering. Especially when you are flat out wrong on some of the basic legal principles you are discussing.

Are you carefully vetting every single entity whose content you show this pop-up on (regardless of what description you choose to use to spin what it is) to make sure none of them have trademarks that could be enforced against you? Because if any of them do, game over. You can hem and haw and deflect and pretend to be helping creators as much as you like, but you don't have the legal right to appropriate someone else's mark to raise money.

And if you are vetting to make sure you don't pop up on anyone who has a trademark, what if that comes out in discovery when someone goes after you, and suddenly you get to answer questions about whether Brave knew that what they were doing might not be legal (as evidenced by the care they took around trademarks), did it anyway, and now it's really over.

And like I said elsewhere: when the shit hits the fan, what's your personal plan for Brave deciding that all your "helpful" comments here weren't authorized and were in fact misrepresenting them, which led to the terrible misunderstandings that provoked the legal action?

I'm trying my best to help you see the ways this can go badly. I'm also very sincere in my advice of "lawyer up". I'm not your attorney and this isn't legal advice, but I think you should have both an attorney and legal advice.

The folks who've run this scheme in the past were mostly small-time, and the worst that happened was they were forced to stop or retool because they weren't worth the effort of going after properly. Brave has attracted enough attention and money to be a lucrative target for someone to eventually turn into a smoking hole in the ground. Please, for your sake, fix this or get out of it ASAP.

You are wrong about this, there is lots of precedent to say this is legal, and even more to say that working at brave is not a legal liability. However I am not your lawyer, nor am I Brave's lawyer, or Tom's Lawyer. I am not at all related to anyone involved in this fight, I am just a lowly internet user who happens to think this is a good model for the future of the internet. Feel free to ignore me and continue to tell people the sky is falling.

If you take all your legal advice from people who repost whole movies onto youtube and put "no copyright intended" in the description as if it's a magic talisman, maybe.

But in the actual world, if you use someone else's trademark to make money, you're gonna have a bad time, and part of that bad time will be learning in excruciating detail what "public domain" and "fair use" actually mean.

"Something is viewable by the public on the internet" is not "public domain". Public domain means copyright has expired on the material, or that the material was for some reason never protected by copyright (such as certain works of the federal government, in the US). "Fair use" is a defense that can be raised to claims of copyright infringement, and uses a multi-factor test. None of the factors are "but it was there on the internet for me to take".

Neither of these involve trademarks, which are a different area entirely. Using someone else's trademark for your profit is very much not "public domain" and not "fair use", and will not end well.

This case was about google getting money while displaying parts of copyrighted material. The court ruled it was fair use. (https://www.documentcloud.org/documents/834877-google-books-...)

This case ( still pending ) was about google being able to display parts of news stories without paying the authors ( the initial ruling was it was legal, but Germany was allowed to impose a "tax", current guidance is that even the tax may not be allowed and Google will be able to display the content ) https://www.nytimes.com/reuters/2018/12/13/technology/13reut...

Since you referenced people who had the same idea as Brave and it was found to be illegal, would you care to reference those specific cases ?

You also keep citing copyright cases. You cited a case where the multi-factor test of fair use was met, without explaining why you think Brave would meet that test.

You have not yet provided evidence of a case ruling that all trademarks are "public domain" free for the "fair use" of anyone for any purpose, and therefore that trademarks provide no protection whatsoever. I await your attempt to do so.

It has a pretty obvious mark under the name if they are verified.

Might I also recommend you update the language on the "tips" overlay itself to remove any implication the money is actually going to the creator when the truth is really that its being held by you, essentially in escrow, until they claim it... which they may never actually do. And even using "tips" to describe the process also seems rather misleading in this case too.

Also, automatically scraping a creator's profile picture and adding it to your own overlay to give yourself the appearance of legitimately representing them is incredibly misleading as well. So might I suggest you stop doing that too.

I've heard of GoFundMe and don't have an account there, either. Now that they seem to be quite happy to take money from people making comics designed to "stick it to the libs" I kinda don't want to have an account there. They don't have a page in my name either.

"I don't want to do business with you, and I don't want to have an account so I can opt out of doing business with you" is, I feel, a valid attitude. Is anyone who hears about Facebook's "shadow profiles" happy to know that Facebook is tracking them despite them not using that site?

"Having a human find a contact method for a creator" is an option. It does not scale but how many times do I see people writing stuff here on HN that advises doing stuff that doesn't scale until you know it's worth automating it? If Brave wants their model to work they need to put the time into this kind of stuff. Hell, have the user who wants to pay a creator via Brave do it: "Hi! We don't have any contact information for this creator yet, and our automated methods can't find anything. Would you tell us how to contact this person?" And then not take money in the creator's name until they actually say yes.

Thanks for your feedback and suggestions.

One of the items listed is looking into blocking all tips to unverified publishers altogether. We hear people's concerns and are going to look into it. In the meantime we've dropped all creative assets (photos) for unverified publishers and are also adding a clear alert saying unverified publishers are in fact not-participating yet in the program. Screenshots in the link. Thanks for your feedback and for caring about this being done properly.

Brave is about to push up a number of hotfixes to our code that address people's concerns. You can read about them here: https://brave.com/rewards-update/

You'll see an express commitment to consider whether to completely block out tips to unverified creators/publishers. That's not a thing we could fix overnight but we're acknowledging it might be the best move and committing to looking into it.

These changes will make it very very clear when creators are not participating in Brave Rewards and will ensure no creator assets are being used.

In response to your other comments, I feel good assuming we're somewhere in the general brand feel of the EFF and Firefox. Brave has never once told people to speculate on the price of BAT (we get asked to do so about once a day and refuse because that's not what we're about). Also, yeah, we've shipped a browser used by 5m people a month around the world. There's a long way to go still but it's a start.

Thanks for your feedback.

Thanks for jumping into the conversation. Also thanks for all the stories on HN over the years.

We've spent a lot of time discussing the feedback from threads like this and tomorrow a bunch of changes will go live. Please take a look at this blog post detailing them: https://brave.com/rewards-update/

We shipped confusing, poorly thought out UI, got a bunch of negative but really thoughtful feedback, and are moving quickly to get things fixed.

We shipped confusing, poorly considered UI and are hustling to get it fixed. Thanks for your feedback.

Thanks for your feedback. We shipped UI that sent the wrong message about unverified creators. Understood. We're hustling to get fixes in place and talking more about what we can and should be doing.

Thanks for your feedback!

As it says in the post, we're definitely planning to talk about whether to block attempts to tip unverified creators altogether.

Thanks for your feedback.

The bottom line is that it will be much much much clearer that unverified creators are not participating in Brave Rewards and what happens to any BAT tips a user tries to send to one. We'll also not be using any creative assets at all from unverified creators like their Youtube images. In the post we also commit to looking into whether to block attempts to tip unverified creators altogether.

Thanks for your passion for creators and for those of modest means and with disabilities. The internet is awesome in part because it's a place where everyone and anyone can contribute.

We'd love another shot at winning your interest. Thanks for caring about finding new ways to get creators paid.

Thanks for caring about this being done in a respectful, thoughtful way. We'll keep trying to do better.

"Brave Software has announced that it is developing a feature allowing users to opt in to receiving ads sold by the company in place of ads blocked by the browser.[8][9][10] Brave intends to pay content publishers 55% of the replaced ad revenue. Brave Software, ad partners, and browser users would each be allocated 15% of the revenue."

We're pushing up fixes tomorrow that (we hope) make it a lot clearer: https://brave.com/rewards-update/

(Sidenote: Thank you for the Hedge Maze puzzles in the Keep. They were a gaming highlight for me last year.)

Thanks for caring about this done in a respectful, creator-first way.

As stated in the post, we're also going to talk about whether Brave users should be able to even try to send tips to unverified creators at all.