AMA with Tom Lowenthal

Welcome to the eleventh post in our series of BAT Community-run AMAs.

The ongoing AMA series on Reddit is a seven-month-long event that features various guests from the Brave and BAT teams. The goal of the series is twofold: to give fans of the project an opportunity to interact directly with team members, and to give team members—especially those who operate largely behind the scenes—a chance to share their insights and offer the community a window into their work.

The most recent AMA took place on January 16th and featured Tom Lowenthal, Brave’s Privacy & Security Product Manager. Tom answered both pre-submitted and live questions from Redditors concerning a variety of topics, like how to educate people who aren’t concerned about online privacy and what he believes to be the greatest advantage of choosing Brave over other web browsers. Tom named his favorite infosec conferences, revealed his favorite spot in the Bay Area to enjoy afternoon tea—Pardee Home Museum—and shared the name of his favorite book—Blindsight by Peter Watts. When asked what he perceives to be the biggest threat to Brave’s success, his tongue-in-cheek reply was: “Climate change and the collapse of US democracy.”

Highlights can be found below, with a link to the full AMA at the bottom of this post.

The next AMA will take place on Wednesday, January 30th, and will feature Joel Reis and Sergey Zhukovsky, Senior Software Engineers for mobile platforms at Brave.

For the full list of upcoming BAT Community AMAs through March 2019, see below.

digits1000digits: What kind of actions can an average person take in their own browsing / internet habits to financially incentivize big companies to NOT mine user's data? How can I end the gross violation of user privacy by large online platforms without completely disconnecting from them?

Tom: I love this question because it's one of my favorite topics to rant about.

Systemic disregard of privacy and personal agency isn't something that can be fixed by individual "consumer" action. Your marginal behavior isn't what tips the scales and makes it easy for the surveillance-industrial complex to operate. Mass surveillance and misbehavior are facilitated by a lack of consequences for unethical action. As an individual, the market/price signals you send are negligible. And you hurt your own prospects by disconnecting far more than you hurt the companies abusing you. We need to use society's big guns to solve these problems: laws, norms, and consequences.

octal: Do you have any thoughts on Chaumian blinded tokens compared to blockchain-type cryptocurrencies?

Tom: Blinded tokens are a different sort of tool from shared ledgers. Shared ledgers let you (hopefully!) avoid a double-spend without having to rely on any one arbiter of truth. But there are a huge array of tradeoffs which have to happen to make that work. Blinded tokens work when you have an issuer which everyone relies on. Shared ledgers seem more useful as a general payment-network, but I'd rather have a subway pass which uses blinded tokens.

nemomendel: Hi Tom, One of the most interesting aspects of Brave, IMO, is the ability for advertisers to “target” their ad placement without collecting any personal data. I think that’s revolutionary! Is this capability something that is currently ready or is there still work to be done? Thanks for your time!

Tom: We released the first test of ads in the dev release channel yesterday. It doesn't have all the pieces yet, but it has core functionality: getting the list of ads and picking the right ones to show you. There's always going to be more work, but this is a really big milestone. I'm very excited.

SuperSiayuan: What's the biggest threat to Brave? Have you guys seen any cyber attacks on your systems? How prepared do you think you are to withstand one of sufficient magnitude and complexity? How intertwined is Uphold in Brave's equation for success (ie. if Uphold is breached or folds, how impactful would that be to Brave)?

Tom: The biggest threats to Brave's success are probably climate change and the collapse of US democracy. Those doomsday scenarios are becoming more disruptive with every passing day. But if they don't stop us, I don't think there's much which can keep us from making a better web.

@Ringbarkis from X (formerly Twitter): What is the greatest advantage of using Brave instead of Chrome or Firefox?

Tom: The number one thing that Brave does is actively protect you against online tracking. You don't need to install or configure anything, it's all set up for you.

The second thing Brave offers is a way to pay the sites you visit. This gives them an option to get away from surveillance-based advertising while still having the money to keep going. That's the path to a better web.

tripper21: How does the ad catalogue work with keywords? Is it looking for keywords based on the article being read? If so, does that mean when an advertiser submits an ad, they have to specify which keywords they are targeting? And finally how does it know if I’m looking to buy a car and I’m reading a car article, that I’m being targeted for a car that is in my price range and not a car out of it? As we all know cookies take care of a lot of these issues, how does Brave look to overcome them?

Tom: The ads system uses the standard ad categories used in other online advertising. Whenever you visit a page with ads turned on, Brave uses machine-learning to estimate which categories are most applicable to that page. Over time, your browser accumulates a score for you in these categories. The ads in the catalog are also labeled by category. When the ad engine thinks that now is a good moment for an ad, it tries to show you an ad whose categories match yours.

SuperSiayuan: How did you get hired at Brave? Do you like the culture there? Does Brendan talk about OKR's and how he created JavaScript in 10 days?

Tom: I got hired by Yan after a few too many conversations about browser security. I think Brendan might have moved on from bragging about JS; that or he just assumes that everyone knows by now. Mostly when he talks to me it's "Please build this thing to be even better and have it finished sooner." — normal CEO stuff

kirkins: Wondering why you don't think it's a privacy issue that Brave reveals what browser is being used to Tor exit nodes when you use the address bar or right click for search.

Given only 1 million people use the desktop version and even less would use the tor windows, doesn't being able to narrow down what browser a user is running help narrow down identification significantly?

Tom: When you make a DuckDuckGo search in a private window with Tor, you're connected to DuckDuckGo via HTTPS. Exit nodes don't what the URL string is, only the host you're connected to.

bat-chriscat: How do you like to respond to people who say things like the following? "I don't really care about my privacy online. I understand there are these trackers, but I don't really care in my everyday life." "Privacy is not a big deal if you have nothing to hide!"

Tom: First of all, those people are wrong. They do have something to hide. Everyone has something to hide. You close the door when go to the bathroom, and you whisper when you want to avoid hurting someone's feelings. But you also live in a police state which wields incredible punishments for the mildest of perceived insults. Cardinal Richelieu's words have never been truer.

It's not just yourself you need to be concerned with. If you think you "have nothing to hide", you're probably among the people who have least to fear from the terrible power of the state. You're probably white, and a man, straight, cis, a citizen… the list goes on. You owe it to those who are at greater risk to protect them. Privacy is a massive challenge as an individual pursuit, and so much easier as an accepted norm. Stand up for your privacy to protect the people who are in danger whether or not they stand up for theirs.

@Jamesjimjimmy from X (formerly Twitter): With security being one of the biggest challenges in the cryptocurrency space how does Brave plan to educate new users about personal wallet security, phishing & password hygiene?

Tom: Education is a pretty rough way to ensure security. Fundamentally, it's just not a particularly-effective way to protect people. We need to build things which don't require study to use safely.

Read the full AMA here.    

Read Ryan Watson and Kamil Jozwiak’s AMA from December 12th, here.

Follow the BAT Community’s Updates here:

Upcoming BAT Community AMAs:

February 2019
Holli Bohren, Chief Financial Officer
Ben Livshits, Chief Scientist

March 2019
Marshall Rose, Senior Software Engineer
Catherine Corre, Head of Communications

Related articles

Ready for a better Internet?

Brave’s easy-to-use browser blocks ads by default, making the Web cleaner, faster, and safer for people all over the world.