Blog
Research Category
New data on GDPR enforcement agencies reveal why the GDPR is failing
New data from Brave reveals that European governments have not equipped their national authorities to enforce the GDPR. Brave has called on the European Commission to launch an infringement procedure against 27 European governments.
Brave uncovers widespread surveillance of UK citizens by private companies embedded on UK council websites
Brave has uncovered widespread surveillance of UK citizens by private companies embedded on UK council websites. “Surveillance on UK council websites”, a new report from Brave, reveals the extent of private companies’ surveillance of UK citizens when they seek help for addiction, disability, and poverty from their local government authorities.
Accurately Predicting Ad Blocker Savings
Estimating the slow road not taken
We have written before on Brave’s performance, energy and bandwidth benefits for the user. Brave Shields is our primary mechanism for protecting user privacy, but many users know by now that ad and tracker blocking (or just ad blocking for short) makes the web faster and generally better for them. So far Brave’s estimates of the users’ time saved have been very conservative and somewhat naive: we take the total number of ads and trackers blocked, and multiply that by 50 milliseconds. Why this specific number? It is at the low end of what others have estimated to be third-party JavaScript execution overheads, but in fact both in the third-party impact study and in our measurements in this study, the average and median impact of an ad or tracker is more than 10 times higher. Clearly, it is time for an update.
Significant Battery Savings with Brave on Mobile: Brave Consumes 40% Less Battery than Other Leading Browsers
Brave mobile users can expect up to two and a half extra hours of browsing per battery charge. This research was conducted by Dr. Matteo Varvello, performance researcher at Brave, and Dr. Ben Livshits, Brave’s Chief Scientist. We are continuing our series of posts...
Memory Savings in Brave: 33% to 66% memory reduction over Chrome
This research was conducted by Dr. Andrius Aucinas, performance researcher at Brave, and Dr. Ben Livshits, Brave’s Chief Scientist. We are continuing our series of posts evaluating Brave browser's performance. This time we look at one aspect that often frustrates web...
Brave requests European Commission antitrust examination of online ad market
Investigation needed to stop anticompetitive practices that hurt publishers, restrict innovation, and limit consumer choice.
38 businesses and organizations urge European Governments to break ePrivacy deadlock
Brave and a coalition of more than 30 businesses and organizations urges European Governments to break the deadlock on the ePrivacy Regulation in an open letter.
French regulator shows deep flaws in IAB’s consent framework and RTB
French regulator’s decision against Vectaury confirms that IAB “Transparency & Consent Framework” does not obtain valid consent, and illustrates how even tiny adtech companies can unlawfully gather millions of people’s personal data from the online advertising “real time bidding system” (RTB).
Evaluating the End-User Experience of Private Browsing Mode
Nowadays, all major web browsers have a private browsing mode. However, the mode’s benefits and limitations are not particularly understood. Through the use of survey studies, prior work has found that most users are either unaware of private browsing or do not use it. Further, those who do use private browsing generally have misconceptions about what protection it provides.
However, prior work has not investigated why users misunderstand the benefits and limitations of private browsing. In this work, we do so by designing and conducting a two-part user study with 20 demographically-diverse participants: (1) a qualitative, interview-based study to explore users’ mental models of private browsing and its security goals; (2) a participatory design study to investigate whether existing browser disclosures, the in-browser explanations of private browsing mode, communicate the security goals of private browsing to users. We asked our participants to critique the browser disclosures of three web browsers: Brave, Firefox, and Google Chrome, and then design new ones.
We find that most participants had incorrect mental models of private browsing, influencing their understanding and usage of private browsing mode. Further, we find that existing browser disclosures are not only vague, but also misleading. None of the three studied browser disclosures communicates or explains the primary security goal of private browsing. Drawing from the results of our user study, we distill a set of design recommendations that we encourage browser designers to implement and test, in order to design more effective browser disclosures.
SpeedReader: Reader Mode Made Fast and Private
Most popular web browsers include “reader modes” that improve the user experience by removing un-useful page elements. Reader modes reformat the page to hide elements that are not related to the page’s main content. Such page elements include site navigation, advertising related videos and images, and most JavaScript. The intended end result is that users can enjoy the content they are interested in, without distraction.
In this work, we consider whether the “reader mode” can be widened to also provide performance and privacy improvements. Instead of its use as a post-render feature to clean up the clutter on a page we propose SpeedReader as an alternative multistep pipeline that is part of the rendering pipeline. Once the tool decides during the initial phase of a page load that a page is suitable for reader mode use, it directly applies document tree translation before the page is rendered.
Based on our measurements, we believe that SpeedReader can be continuously enabled in order to drastically improve end-user experience, especially on slower mobile connections. Combined with our approach to predicting which pages should be rendered in reader mode with 91% accuracy, it achieves drastic speedups and bandwidth reductions of up to 27x and 84x respectively on average. We further find that our novel “reader mode” approach brings with it significant privacy improvements to users. Our approach effectively removes all commonly recognized trackers, issuing 115 fewer requests to third parties, and interacts with 64 fewer trackers on average, on transformed pages.
Brave calls for a “United States GDPR” in letter to the National Telecommunications and Information Administration
Brave presents the case for a US federal privacy law that builds on the GDPR, protecting innovation, interoperability, and supporting US leadership.
Who Filters the Filters: Understanding the Growth, Usefulness and Efficiency of Crowdsourced Ad Blocking
Ad and tracking blocking extensions are among the most popular browser extensions. These extensions typically rely on filter lists to decide whether a URL is associated with tracking or advertising. Millions of web users rely on these lists to protect their privacy and improve their browsing experience. Despite their importance, the growth and health of these filter lists is poorly understood. These lists are maintained by a small number of contributors, who use a variety of undocumented heuristics to determine what rules should be included. These lists quickly accumulate rules over time, and rules are rarely removed. As a result, users’ browsing experiences are degraded as the number of stale, dead or otherwise not useful rules increasingly dwarfs the number of useful rules, with no attenuating benefit. This paper improves the understanding of crowdsourced filter lists by studying EasyList, the most popular filter list. We find that, over its 9 year history, EasyList has grown from several hundred rules, to well over 60,000. We then apply EasyList to a sample of 10,000 websites, and find that 90.16% of the resource blocking rules in EasyList provide no benefit to users, in common browsing scenarios. Based on these results, we provide a taxonomy of the ways advertisers evade EasyList rules. Finally, we propose optimizations for popular ad-blocking tools that provide over 99% of the coverage of existing tools, but 62.5% faster.
Why GDPR is Kryptonite to Google & Facebook on Anti-Trust
This is Brave’s response to a call for stakeholder input from the European Commissioner for Competition, Margrethe Vestager.
Brendan Eich writes to the US Senate: we need a GDPR for the United States
A ruling of the European Court of Justice this month in the “Facebook fan page case” exposes marketers to severe legal risk from programmatic advertising.
Regulatory complaint concerning massive, web-wide data breach by Google and other “ad tech” companies under Europe’s GDPR
Latest updates: read more about the RTB complaints. Mail list: receive updates & research notes in your inbox. Dublin, Ireland and London, United Kingdom, Wednesday, 12 September 2018 -- Simultaneous complaints have been filed with European data protection...
Critical data protection problems in the IAB’s new OpenRTB 3.0 Spec
A ruling of the European Court of Justice this month in the “Facebook fan page case” exposes marketers to severe legal risk from programmatic advertising.
Understanding Redirection-Based Tracking
This blog post describes ongoing work conducted at Brave by Peter Snyder and Ben Livshits. It is the third in a series of research-oriented posts that share both present investigations and future vision. We are constantly looking to improve and automate the privacy...
The Mounting Cost of Stale Ad Blocking Rules
This blog post describes ongoing work conducted at Brave by Antoine Vastel, Peter Snyder, and Ben Livshits. It is the second in a series of research-oriented posts that share both present investigations and future vision. We are constantly looking to improve and...
Europe’s top court signals new risk for marketers from ad tech
A ruling of the European Court of Justice this month in the “Facebook fan page case” exposes marketers to severe legal risk from programmatic advertising.
AdGraph: A Machine Learning Approach to Automatic and Effective Adblocking
Filter lists are widely deployed by adblockers to block ads and other forms of undesirable content in web browsers. However, these filter lists are manually curated based on informal crowdsourced feedback, which brings with it a significant number of maintenance challenges. To address these challenges, we propose a machine learning approach for automatic and effective adblocking called AdGraph. Our approach relies on information obtained from multiple layers of the web stack (HTML, HTTP, and JavaScript) to train a machine learning classifier to block ads and trackers. Our evaluation on Alexa top-10K websites shows that AdGraph automatically and effectively blocks ads and trackers with 97.7% accuracy. Our manual analysis shows that AdGraph has better recall than filter lists, it blocks 16% more ads and trackers with 65% accuracy. We also show that AdGraph is fairly robust against adversarial obfuscation by publishers and advertisers that bypass filter lists.