Brave & the Basic Attention Token (BAT)

The Brave browser is a Firefox clone, with built in native adblocker. Recently it has integrated a cryptocurrency called the Basic Attention Token (BAT) directly into the browser itself, intended to facilitate micro payments in their cryptocurrency to content creators on Twitch and Youtube, etc, instead of using the official donation methods.

Brave takes a 5% cut on all transactions, meaning the service isn’t free. Additionally their payment services provider takes fees, resulting in a slightly more expensive fee structure than existing services such as Patreon.

The main selling point of the Brave browser is the privacy and ad-blocking built in. It is extremely similar to the Tor Browser bundle, but doesn’t give as much anonymity or privacy, due mainly to whitelisting some trackers and ads, and not properly hiding your IP address. Brave does have Tor support, but implementation faults mean it does not fully hide your IP address.

Tests on previous and the latest version of the Brave browser found that the users IP address was easily detectable in situations where the earlier Tor Browser hid it. It was also extremely easy to distinguish between Brave browsers and the Tor Browser bundle, and assign trackers to the much rarer Brave configuration to follow them around.

Anyone signing up to the BAT tokens will have their browsing and BAT payments tracked by Uphold, whose trackers are whitelisted by default in all versions of the Brave browser tested. Uphold uses KYC verification to gather complete personal details from it’s users.

Recently Brave got into a spot of trouble with a number of content creators due to it’s early implementation of the BAT donation system, which falsely represented a large number of youtubers and others as being signed up to the service when they aren’t. This was changed two days later to say that these people were “unverified”.

The premise of the system is that anyone can obtain BAT tokens from Uphold, and then donate them to any URL which represents a person or company, it is possible to donate tokens to Wikipedia’s url via Brave for example.

That person can then register with Uphold and verify they are the domain controller, to then receive BAT tokens they have been given. These they can then sell to Uphold for real money.

However, because Wikipedia does not use external fundraisers, it will never collect the donations made to it, this is true of the vast majority of people listed as able to receive BAT, because they have not signed up, and many are completely unaware of it altogether. According to it’s terms of use, uncollected tokens go to Brave, who will recycle them into it’s profits.

Uphold is the only option for buying and selling BAT, meaning it is a controlled market. BAT is fully premined and closed source, and relies on proprietary wallets built into the Brave browser software.

Uphold itself is not regulated in any jurisdiction, therefore it has no obligation to refund any money you put into it, and there is no personal incentive for those running it to keep your money safe. Uphold makes a number of claims that make it appear to be regulated, these are easily debunked:

Claim: Uphold works with licensed banking partners in the US

Reality: Uphold holds a commercial bank account in the US

Claim: Uphold is partnered with an Authorised Payment Institution regulated by the FCA (UK Financial Conduct Authority)

Reality: FCA regulation does not apply to partnered institutions, this simply means nothing.

Claim: Uphold is regulated by the United States Treasury Department regulator, FinCEN

Reality: FinCEN is not a regulator. Fully named the “Financial Crimes Enforcement Network”, this is a way of reporting financial crime and suspicious customers. It does not impose regulation on uphold itself in any meaningful way.

Claim: And in Uphold’s case, an actual bank in the loop, for all settlement flows.

Reality: Uphold has a bank account which it uses to send and receive money.

In short, reinventing Patreon as a cryptocurrency powered browser plug-in has not created a paradigm shifting payment service. Use with caution, and don’t use it for sensitive applications, as neither your payments or browsing will be fully anonymous, and Uphold will keep logs of your activity on it’s servers in the US. Note that it’s payment service is unregulated with no customer protections, more expensive than alternatives, and there’s a high chance your money will never reach the intended recipient.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.