Script Blocking Exceptions Update
We have received many questions about script blocking exceptions being reported by several news outlets and blogs. This conversation is about script loading, not tracking. Loading a script from an edge-cache does not track a user without third-party cookies or equivalent browser-local storage, which Brave always blocks and always will block. In other words, sending requests and receiving responses without cookies or other means of identifying users does not necessarily create a tracking threat.
Brave aims to maintain a working Web, while reducing or eliminating the invasive tracking that has become so ubiquitous online. In order to do this, we make the conventional distinction between first-party and third-party content, granting different permissions to each.
First parties are the websites you’re directly accessing, whereas third parties are embedded widgets and other resources in the page, which are indirectly accessed. If a user navigates to a website, they may find that several other requests will be made to fetch resources on other websites. Depending on the website, Brave may cancel the request entirely, or permit it while severely limiting access to user data.
We found that blocking certain third-party scripts broke many sites, so predicated on our cookie blocking and fingerprinting protection, we hardcoded some exceptions to ensure the best possible user experience. For example, Facebook and Twitter both contain widgets which web authors can integrate into their online properties. These widgets aim to make it easier for users and publishers to connect by allowing users to authenticate through Facebook or Twitter, rather than creating and maintaining an account with the publisher themselves. The exception list covered by several news outlets allows both of these widget sets to operate on a leash. They can load, but they cannot access local data on the client so as to track the user.
For many publisher implementations, blocking the script request would break Facebook-based OAUTH and Facebook likes and shares.
Fingerprinting is not always a reliable tracking method.
At Brave, we continually work to protect users without breaking the Web and users can always be assured that we are doing everything in our power to prevent third-parties from eavesdropping on their browsing experience. We are working to eliminate these script-blocking exceptions without blocking the embedded widgets with which some users do choose to interact.
Continue reading for news on ad blocking, features, performance, privacy and Basic Attention Token related announcements.
This post is a follow-up to our announcement, Brave Launches New Swag Store Powered by Origin, from April 2020. Earlier this year, Brave unveiled its fully revamped Brave Swag Store, the official source for Brave and Basic Attention Token-branded merchandise such as...
Brave Ads campaigns are now supported in 191 countries with over 2.4 billion ad confirmations to date (a 140% increase from our last report in July). To date, there have been 2,039 campaigns…
Introduced in April 2019, Brave Ads provide Brave’s current 18M monthly active users the choice to opt-in to privacy-preserving advertising.
Brave Research is a highly dynamic team of researchers and developers whose goal is to push the envelope when it comes to some of the more adventurous aspects and needs of the Brave browser and the underlying ecosystem.
We are excited to announce that Gemini and Brave have partnered to make it easier for users to buy, sell, store, and earn crypto when using the Brave browser.
This is second in a series of blog posts describing new and proposed web standards and how they support or threaten web privacy. This post is written by Senior Privacy Researcher Peter Snyder (@pes10k). In a Nutshell… Google is proposing a new standard...