Policy & legislation

Brave highlights critical CCPA omission in letter to the Attorney General of California

Oct 15, 2019

Brave has written to the Attorney General of California to highlight a critical omission in the CCPA regulations proposed last week.

Brave writes to all European governments to press for strong ePrivacy protections

Oct 10, 2019

Brave has written to EU Member States to urge the prohibition of cookie walls, and the inclusion of privacy by default, in the ePrivacy Regulation.

Competition issues in digital markets

Oct 7, 2019

This note presents a submission from Dr Johnny Ryan of Brave, and Dr Orla Lynskey of the London School of Economics, to the UK Competition & Markets Authority.

zkSENSE: a privacy-preserving mechanism for bot detection in mobile devices

Oct 7, 2019

This research was conducted by Stan (Jiexin) Zhang, a research intern at Brave and a PhD student at the University of Cambridge, Dr. Panagiotis Papadopoulos, Security Researcher at Brave, and Dr. Ben Livshits, Chief Scientist at Brave. We gratefully acknowledge the valuable feedback of Prof. Alastair R. Beresford of the University of Cambridge. Bots are automated programs that often mimic human behavior for monetary or criminal purposes. They have become a serious and pervasive problem for many industries, especially for the online advertising market. In 2013, it was discovered that the Chameleon botnet harvested around 6 million dollars per month from advertisers. The proliferation and the wide variety of mobile devices created opportunities for fraudsters to gain profit by abusing the ad ecosystem and exploiting low-cost mobile devices. In particular, recent news has reported that phone farmers have been using bots to automate phone clicks and touch movements to generate revenue from ad views.

Why marketers must conduct GDPR Data Protection Impact Assessments of RTB

Sep 24, 2019

This note examines the GDPR requirement that marketers conduct data protection impact assessments (DPIAs) when buying digital media using “real-time bidding” advertising.

Brave Tops Browser First-Run Network Traffic Results

Sep 18, 2019

What this post explores today is how browsers behave by default, on their first-run, with no preexisting user profile. By default, Brave blocks third-party trackers (and the ads that rely on them). It also prevents fingerprinting, auto-play of media, crypto-mining, and access to media input devices.

Brave uncovers Google’s GDPR workaround

Sep 4, 2019

Brave presents new RTB evidence, and has uncovered a mechanism by which Google appears to be circumventing its purported GDPR privacy protections.

Response to IAB Europe statement on its failure to answer the Irish Data Protection Commission

Aug 13, 2019

Dr Johnny Ryan responds to IAB Europe. Four months on, both I and the Data Protection Commission are still waiting for the first explanation of how “IAB Europe is confident that the way it obtains consent for the use of cookies on its website complies with the requirements of the law”.

IAB Europe fails to answer Irish Data Protection Commission

Aug 9, 2019

Formal GDPR complaint against IAB Europe’s “cookie wall” and GDPR consent guidance.

A summary of the ICO report on RTB – and what happens next

Jun 26, 2019

This note summarizes the ICO report on real-time bidding, which vindicates the GDPR complaints initiated by Brave, and points toward the solution.

Major publisher group DCN tells regulators “the sky won’t fall” if RTB switches to safe, non-personal data.

Jun 19, 2019

DCN's CEO, Jason Kint, says removing personal data from bid requests might disadvantage adtech companies, but the sky won’t fall for publishers.

Brave answers US Senators questions on privacy and antitrust

Jun 17, 2019

Brave has responded to questions for the record from the US Senate Judiciary Committee from Senators Whitehouse, Booker, Graham and Leahy.

Requirement Analysis of Decentralized Virtual Private Networks (dVPNs)

May 23, 2019

In this blogpost we explore the ecosystem of decentralized Virtual Private Networks (dVPNs), a new form of VPNs with no central authority. DVPNs are fairly recent VPN solutions where the users are both client and server, in the sense that when they join a dVPN they also offer a portion of their upload bandwidth to carry traffic for other users.

Google faces first investigation by its European lead authority for “suspected infringement” of the GDPR, following formal complaint from Brave

May 22, 2019

Today, Ireland’s Data Protection Commission (DPC) has announced a major GDPR probe into “suspected infringement” by Google’s DoubleClick/Authorized Buyers advertising business. The probe was triggered by a formal complaint from Dr Johnny Ryan, Chief Policy Officer at Brave, the private web browser.

Dr Johnny Ryan’s testimony at the US Senate Judiciary Committee

May 21, 2019

Dr Johnny Ryan of Brave testified today at the US Senate Judiciary Committee hearing on “Understanding the Digital Advertising Ecosystem and the Impact of Data Privacy and Competition Policy”.

Ad Tech GDPR complaint is extended to four more European regulators

May 20, 2019

GDPR complaints about Real-Time Bidding (RTB) in the online advertising industry were filed today with Data Protection Authorities in Spain, the Netherlands, Belgium, and Luxembourg. The complaints detail the vast scale of personal data leakage by Google and other major companies in the “Ad Tech” industry. This week marks one year since the introduction of the GDPR.

A worrying adtech exemption to California’s new privacy law

Apr 16, 2019

Brave writes to the California Senate Judiciary Committee, opposing a new adtech exemption in the California Consumer Protection Act (CCPA). Brave also co-signs today's letter from 28 technology companies supporting the Privacy For All amendment to fix loopholes in the CCPA.