Brave Browser[edit | edit source]

Brave Browser
Basic Information
Release Year	2016
Product Type	Web Browser
In Production	yes
Official Website	https://brave.com/download/

Brave is a free and open source web browser based on chromium.^[1] Privacy focused by design, it comes equipped with a dedicated ad-blocker^[2] that operates independently from the Chromium codebase and is therefore not subject to Google's WebExtension update.

Launched in 2016 by Brave Software, the company's business model is primarily based on ad revenue generated through its Brave Rewards Program. More broadly, it leverages its own cryptocurrency, Basic Attention Token (BAT). By opting into the Brave Rewards program, users receive occasional ad notifications on their desktop and have the option to donate BAT tokens to verified publishers, such as website owners and online creators.

Consumer impact summary[edit | edit source]

This section is incomplete. This notice can be deleted once all the placeholder text has been replaced.

Overview of concerns that arise from the conduct towards users of the product (if applicable):

User Freedom
User Privacy
Business Model
Market Control

Incidents[edit | edit source]

Affiliated links in the address bar[edit | edit source]

In June 2020, it was discovered that when users typed 'binance.us' into the address bar, they were suggested the url 'binance.us/en?ref=35089877', which included a referral code for Brave Software, Inc.^[3]

The issue was later addressed publicly by Brave's founder and CEO, Brendan Eich, who apologized and referred to the incident as a 'mistake'.^[4]

Unverified publishers and BAT Tips[edit | edit source]

Before 2020, the Brave Rewards panel misled users by not clearly indicating whether the content creator they intended to tip was a verified publisher and, therefore, able to receive the BAT sent to them. This led users to believe that the publishers they tipped had received the funds, even if they had not.^[4]

While Brave claims that all BAT purchased by users is held indefinitely until claimed by the publisher, this does not necessarily apply to BAT acquired through other means, such as promotional tokens gifted by Brave.^[3]

Following the controversy, an update was implemented to clearly indicate in Brave whether a publisher was unaffiliated with the platform. Initially, tips sent to unverified creators were returned to the user after 90 days if unclaimed. This policy was later changed to completely prevent users from tipping unverified creators.^[1]

Controversial background services[edit | edit source]

In October 2023, a user reported that Brave Browser had installed multiple binaries and services running in the background, which were updating themselves without their knowledge.^[5] Upon further investigation, the user discovered that six services were operating with local system privileges:

Brave Elevation Service (Local System)
Brave Update-Service “brave” (Local System)
Brave Update-Service “bravem” (Local System)
Brave VPN Service (Local System)
Brave VPN Wireguard Service (Local System)

Additionally, the user found two tasks in the Windows Task Scheduler configured to run with the highest privileges. These tasks ensured that all six services remained active; if any service was disabled, the tasks would automatically reactivate and restart them.

The user criticized the use of local system privileges for network services, highlighting that such practices introduce significant security vulnerabilities and are generally unnecessary for a browser.

Even after uninstalling Brave, the user reported that update services, tasks, and binaries remained on their system, further exacerbating their concerns about Brave's intrusive behavior.

References[edit | edit source]

↑ ^1.0 ^1.1 Brave browser source code https://github.com/brave/brave-browser/
↑ Brave rust based ad blocker source code https://github.com/brave/adblock-rust
↑ ^3.0 ^3.1 Twitter thread from 6 June 2020 by @cryptonator1337 addressing the binance referral code injection https://web.archive.org/web/20200606164737/https://twitter.com/cryptonator1337/status/1269201480105578496
↑ ^4.0 ^4.1 Brendan Eich apologizing for the affiliated links issue on twitter https://web.archive.org/web/20200701040411/https://twitter.com/BrendanEich/status/1269313200127795201
↑ "Brave has become malware". Brave Community. Oct 2023. Retrieved 15 Mar 2025.{{cite web}}: CS1 maint: url-status (link)

[:0-1] 1.0 ^1.1 Brave browser source code https://github.com/brave/brave-browser/

[2] Brave rust based ad blocker source code https://github.com/brave/adblock-rust

[:1-3] 3.0 ^3.1 Twitter thread from 6 June 2020 by @cryptonator1337 addressing the binance referral code injection https://web.archive.org/web/20200606164737/https://twitter.com/cryptonator1337/status/1269201480105578496

[:2-4] 4.0 ^4.1 Brendan Eich apologizing for the affiliated links issue on twitter https://web.archive.org/web/20200701040411/https://twitter.com/BrendanEich/status/1269313200127795201

[5] "Brave has become malware". Brave Community. Oct 2023. Retrieved 15 Mar 2025.{{cite web}}: CS1 maint: url-status (link)

[1]

[2]

[3]

[4]

[5]