Brave, the popular crypto-enabled browser, is finally allowing users to withdraw their Basic Attention Tokens (BAT). Unfortunately, this withdrawal process requires you to verify your identity – a major disappointment for the countless Brave users who crossed their fingers for a fully decentralized and trustless web browser.
Brave still has a lot to offer: it’s also an advertising ecosystem and a source of revenue for web publishers. They’re also working hard to add new features over time, so some centralized aspects might not stay that way forever. But until then, it’s still a highly centralized platform whose future depends on a single company.
For both enthusiasts and skeptics of the Basic Attention project, it’s worth taking the time to examine how much control Brave has acquired, and whether it’s asking its users for too much trust.
How Centralized Are Brave Withdrawals?
Brave has been distributing BAT tokens to users who view its advertisements since March. Until now, general users couldn’t cash out their tokens – instead, Brave only allowed you to tip your tokens to web content publishers and social media users. That’s is still an option, so in this sense, Brave is decentralized: it can’t stop you from donating your tokens.
Cashing out is a different story. You’ll need to withdraw your BAT through Brave’s partner company, Uphold. Since Uphold is connected to banks and financial services, it will ask you to verify your identity. This is necessary due to Know-Your-Customer (KYC) regulations, but it also means that withdrawals are a centralized choke point.
Brave could introduce KYC-free withdrawal options in the future, but there’s no guarantee. One member of the BAT team recently stated that you will be allowed to withdraw BAT tokens to Ethereum addresses in the next few months – but immediately after, they also suggested that this will still require an identity verification.
How Centralized Are Brave’s Publisher Rewards?
BAT tokens have been circulating long before users gained the ability to withdraw them, and this has provoked controversy as well. In January 2018, Brave CEO Brendan Eich stated that Brave is able to claw back unclaimed BAT. This is not a KYC process; instead, it is intended to combat denial-of-service attacks and fake ad statistics.
Later that year, Monero’s Riccardo Spagni heavily criticized this policy on Twitter: he argued that Brave would not just claw back unclaimed tokens, but also use KYC and other “excuses” to prevent publishers from claiming those tokens in the first place. Eich and Brave contested this, essentially arguing that there is no overlap between policies.
The bottom line is that Brave doesn’t have a great deal of centralized control over tipping, but it doesn’t hold unclaimed tips forever. Furthermore, Brave can’t confiscate tokens once they are in anyone’s wallet. This aspect of the Brave ecosystem is still (mostly) decentralized.
How Trustless Is Brave’s Privacy Scheme?
The debate over Brave and the BAT token has caused a lot of drama, but tokens are only part of what Brave has to offer. Brave is also balancing transparency and privacy in its ad ecosystem. Brave uses an “authorized-but-anonymous” ledger that allows participants to “agree on behavior without linking that behavior to personas, browsers, or wallets.”
This means that Brave and its various ad partners can make use of user browsing activity without revealing it. Brave knows how much BAT is being donated to each site, but not who is donating it. Additionally, advertisers can deliver targeted ads privately – ad matching happens on your own device, not on the advertiser’s end.
Currently, there’s no way to verify any of this, but the Basic Attention Token whitepaper suggests that a way to view an audit trail will eventually be developed. The end result is that Brave is fairly trustless – since Brave and its advertisers don’t have full access to your browsing activity, you don’t need to trust them to handle your data securely.
Brave’s Future Plans, and the Bigger Picture
Right now, Brave is very centralized in one major way: its withdrawal process relies heavily on third-party KYC. Uphold has the power to block withdrawals, and Brave’s forums are littered with stories of blocked accounts. However, as Brave adds more withdrawal options, more exit gateways may open up.
For end users, withdrawals to Ethereum wallets and hardware wallets will provide alternative withdrawal routes, and gift card options are also being introduced via the TAP Network. For content publishers, Brave is planning to offer KYC verification through Civic rather than Uphold.
None of these changes will satisfy hard-core decentralization advocates, but they are a step in the right direction for the project. Based on how Brave has handled its BAT token ecosystem and its advertising network, it’s fair to say that Brave is still largely committed to decentralization and trustlessness. But you might have to trust them on that.