Fledgling web browser Brave, which doubles as an ecosystem for rewarding content creators with its native cryptocurrency, has drawn heavy criticism for the way it intends to combat fraudsters looking to exploit its platform for profit.
Riccardo Spagni, spiritual leader of privacy-focused cryptocurrency Monero, says those in charge of Brave may have inadvertently afforded themselves power to “steal” unclaimed Basic Attention Tokens (BAT), Brave’s internal ERC-20 token.
Oh wow – this is amazing, I just read up on the clawback. The BAT ToS let’s them steal “unclaimed” tokens after 90 days, but they can also use “Sybil attack investigation” and KYC/AML excuses to prevent you from claiming your coins for 90 days. They’re basically the mafia.
— Riccardo Spagni (@fluffypony) November 22, 2018
Spagni also accused Brave devs of using complicated Know-Your-Customer and Anti-Money-Laundering (KYC/AML) regulations as excuses for affording themselves the ability to keep BAT intended for content creators within the ecosystem arbitrarily.
To find the truth, Hard Fork spoke with lead Brave co-founder and former Mozilla CEO, Brendan Eich, to step us through what powers the team actually has right now, and why they might be necessary.
But first – this is what Brave does
Brave is a new browser which encourages users to reward their favorite content creators (like YouTubers) by anonymously sending BAT tips to those publishers.
Devs built Brave (and BAT) with the intent to lessen impact of the internet’s growing reliance on ad-blocking software, which cuts off critical ad-revenue streams to creators. Brave users are able to send tokens to content creators ‘directly’ from within the Brave browser.
The idea is, if a browser-integrated tipping solution exists, both revenue and quality of user experience would both dramatically increase.
There are two ways for users to get BAT into the Brave browser to reward publishers. They can purchase BAT from a cryptocurrency exchange and send it to an internal wallet managed by the Brave browser, or they can take part in monthly funding campaigns to receive free BAT for tipping.
These free BAT tokens come from a special pool, called the User Growth Pool (UGP). Every month, Brave distributes grants from the UGP to encourage people to browse the web with Brave and send tokens to the sites and channels they visit.
OK, so what’s the problem?
The controversy centers on the way Brave is said to handle instances of fraud. As there is real profit at stake (BAT is actively traded on exchanges), special considerations must be made to ensure the tokens distributed by tippers end up with legitimate content producers.
For example, Eich told Hard Fork “hundreds to thousands of fraudulent users” (many of them bots) are currently receiving grants. When they do, they immediately forward the funds to YouTube accounts with “two videos having only a hundred views (or far fewer) each,” an obvious case of fraudsters posing as content creators to steal revenue.
While that is true, this argument is about language in Brave’s terms of service agreement, which has been claimed opens avenues for Brave admins to steal “unclaimed” tokens after 90-days of inactivity.
Further, other related anti-fraud procedures are said to prevent users from claiming BAT donations for a different 90-day period, implying BAT could be permanently confiscated from users if they are ‘deemed’ to be fraudulent.
Eich says this is simply not the case.
“The only person who can move BAT from a wallet is the person who has that wallet’s key. If we’re talking about BAT that you own, Brave doesn’t have the key,” Eich told Hard Fork. “There’s nothing we can do to touch your BAT. BAT in a wallet you control cannot be ‘confiscated.’ KYC has nothing to do with this fact, and in any event, user-provided wallet KYC is not yet implemented.”
It’s worth mentioning here that major cryptocurrency broker Coinbase recently added BAT to its list of supported cryptocurrencies, amplifying the need for Brave to install appropriate KYC/AML regulations.
Eich says the controversial parts of Brave’s policy simply describe what happens when BAT is distributed by Brave’s integrated wallet, and have absolutely no bearing on what Brave admins can do with purchased BAT that has been imported to the browser by a user.
If a user claims BAT, but doesn’t hand it out within three months (90 days), it is reintroduced to the UGP, ready for the next month. This removes the problem of having BAT locked out of circulation by users who suddenly stop using the platform for an extended period of time.
“We make this clear to users when we offer these grants, and when showing them unspent with an expiration date in
the user interface,” Eich assured Hard Fork “We’re not going to hold a potential grant in limbo forever waiting for it to be used.”
Eich then stated it was incorrect to assume that this grant expiration policy means Brave contains a smart contract method for “confiscating” on-chain BAT from the browser wallet.
Brave’s BAT token is subject to third-party KYC
Eich specifically told Hard Fork that the free BAT distributed by UGP grants are not written to the Ethereum blockchain (confirmed) until after anti-fraud checks, and before they are handed out to verified content creators.
This is important. It means that the anti-fraud checks are absolutely integral to Brave’s BAT ecosystem, as content creators are effectively cut off from receiving BAT tokens sent by anyone Brave flags as a fraudulent user.
Similarly, creators are currently unable to to receive any tips at all unless they first prove ownership of their site or channel, as well as undergo KYC checks with third-party service, Uphold Inc.
As it stands, there is no time limit on how long Uphold can hold BAT destined for a creator, pending its KYC checks. Eich also assured Hard Fork that Brave has never taken tokens from a creator who has waited too long to verify themselves, claiming that any tokens bound for unverified creators just sit, for up to 90 days.
“We don’t hand out free BAT when someone is trying to game this system, say by running many instances of Brave in a cloud hosting service so that they can try to claim a bunch of grants without actually using the browser,” implored Eich. “When people try to defraud the UGP like that, we flag those creator accounts. But it’s important to emphasize that this isn’t someone using their own BAT — it’s someone fraudulently trying to claim free BAT handouts from Brave.”
Remember – the 90-day window that allows Brave to reclaim “unused” BAT tokens only relates to the ‘free’ tokens distributed through the monthly grants, and this is only possible as tokens are never actually written to the blockchain until all parties meet the required KYC procedures.
“Whatever we use to judge fraud, that affects only virtual tokens. If a fraudster wants to buy BAT and send to a fraud creator account, we don’t care. Uphold checks AML,” stated Eich.
Introducing a new concept: Proof-of-Browsing
The BAT platform isn’t just made up of Ethereum smart contracts. It includes both in-app and server-side code that ensures browser interactions between users and creators are authentic, meant to prevent Brave from being defrauded of the free token grants it hands out each month.
Brave flags fraudulent users and confirms phony creators aren’t mistakenly receiving tips with a few fraud-fighting techniques. Eich colloquially refers to these measures as “Proof-of-Browsing,” a cute spin on Bitcoin’s Proof-of-Work.
“[Proof-of-Browsing] is not a consensus protocol — just a turn or phrase aptly capturing our goals,” admitted Eich. “While Blockchain provides means of achieving distributed integrity, it does nothing to curtail client-side fraud. We therefore observe that many applications using blockchain nevertheless must invest in fighting fraud on the edge.”
Eich’s Proof-of-Browsing involves delayed BAT token payouts, preceded by “off-chain analysis” of how the free grants are distributed by the platform each month, to make certain that they’re being sent to real humans.
Hard Fork also learned Brave will be adding special technology called Secure Remote Attestation, used to check people are being rewarded for using the Brave browser by analyzing client-side inputs like mouse movements. After all, it can’t allow bots to illegitimately farm cryptocurrency just by faking surfing the web.
To this point, Eich actually concedes these measures render Brave (and BAT) “semi-centralized.” While not perfect, using Uphold allows Brave to pay legit creators securely by way of the Ethereum blockchain, especially if they want to receive their revenue in fiat, or a cryptocurrency other than BAT.
“We will decentralize much of the BAT platform over time, but as our roadmap describes, not all at once and up front. That is neither scalable nor anonymous on today’s main blockchains,” stated Eich. “We will be adding [peer-to-peer] options in 2019, although they are not in demand with most creators. I realize this is maximalist heresy. It is true in our experience, anyway.”
Ultimately, Eich doesn’t really see the point of Brave adopting overzealous KYC/AML procedures that end with on-chain token confiscation, something he says is technically impossible.
He concluded that KYC with custody may be a good idea in some scenarios, but it is a poor match for grant-giving and ad revenue-sharing contexts, where fraud prevention is acutely needed.