How the Brave Browser Stole Private User Data and How They Got Caught: A Cautionary Tale of Untrusted Privacy! 🕵️‍♂️

Privacy is a currency that many users are willing to sacrifice for convenience.April 12, 2025

{ Updated 2025-04-20 }

In the digital age, privacy is a currency that many users are willing to sacrifice for convenience. Browsers that promise to safeguard user data while providing a faster, more efficient online experience have become a major selling point for millions. One such browser that has prided itself on being a champion of privacy is Brave.

Its bold claims of blocking ads, trackers, and safeguarding users' online activities attracted a substantial following, making it one of the most downloaded privacy-focused browsers in the world. But in the last five years, Brave has faced accusations of breaching its users' trust by secretly collecting private data.

This blog post delves into how Brave allegedly stole private user data, the series of events that led to their exposure, and the key players in their partnership ecosystem that might cast further doubt on their privacy practices.

The Rise of Brave: Privacy Promises and Bold Claims

Launched in 2016 by former Mozilla CEO Brendan Eich and JavaScript creator Brian Bondy, Brave Browser promised to revolutionize the way users interact with the web. Its core selling points were:

• Ad and Tracker Blocking: Brave blocked intrusive ads and trackers by default, reducing page load times and improving user experience.
• Incentivized Browsing: Brave introduced the Basic Attention Token (BAT), a cryptocurrency designed to reward users for their attention to privacy-respecting ads.
• Privacy by Default: Brave touted itself as a browser that never tracked users, emphasizing that it didn't store browsing history or share personal data with third-party advertisers.

Given these claims, Brave rapidly gained popularity among privacy-conscious individuals, touting itself as a hero in the fight against Big Tech's growing data surveillance apparatus.

The Controversy: Data Collection and the "Private" Ads

Despite Brave's strong stance on privacy, there were early signs of issues regarding the browser's actual practices.

The most significant controversy came to light in 2020, when Brave was accused of collecting private user data through its Private Ads feature...

Here's how the situation unfolded:

1. The Built-In Ad System

Brave’s default advertising system, which aimed to reward users with BAT tokens, allowed the browser to display privacy-respecting ads while users were browsing. The idea was that instead of tracking users across the web, Brave would show them ads based on anonymous browsing patterns without identifying them individually. This would, in theory, allow users to get compensated for their attention while maintaining their privacy.

2. Secret Data Collection: The Unexpected Leak

In early 2020, security researchers noticed something unusual: despite Brave's claims that it kept browsing data private, the browser was actually sending private user information to Brave’s servers, including full URLs, and even users' IP addresses. This data, even though claimed to be anonymized, was seen as highly intrusive and potentially capable of de-anonymizing user behavior when cross-referenced with other data points.

The controversy grew when it was revealed that Brave's advertising system was designed to send browsing data to third-party servers before the data was anonymized, allowing Brave to target users with ads based on their browsing activity. In some instances, users' personal information was transmitted without their knowledge or consent. The fact that users were not fully aware that their data was being collected and processed behind the scenes broke the very privacy ethos Brave had originally promised.

3. The "Scandal" Breaks

The Brave team initially tried to downplay the incident, claiming that the data was anonymized and was necessary to make their ad platform work. However, this claim was met with skepticism. The backlash grew, and it wasn’t long before Brave's own community began to question the browser's transparency and commitment to privacy. The company's handling of the issue, including vague responses and dismissing concerns as misunderstandings, led to widespread criticism.

In response to the scandal, Brave issued an apology, admitting that some information was inadvertently collected and transmitted in ways that contradicted their privacy guarantees. However, this did little to assuage the concerns of many users, and the damage to Brave's reputation was significant. Many privacy-conscious users felt betrayed by the very company that had marketed itself as a defender of user data.

How Brave Got Caught Stealing Data

The key event that led to Brave being caught collecting user data was a disclosure by an anonymous researcher in 2020, who found that Brave’s "Private Ads" system was leaking users' information. The researcher found that when a user opted into the system, even though they were promised anonymity, Brave was still transmitting personal browsing data in a way that could easily be linked back to an individual.

The browser’s reliance on centralized data storage and communication with third-party advertisers (especially in the case of BAT ads) was central to the leak. Researchers were able to demonstrate that while Brave claimed to anonymize user data, the system still allowed for substantial metadata to be harvested by Brave itself and potentially by external partners.

The issue was compounded by Brave’s lack of transparency and the refusal to disclose exactly what data was being collected or how it was being used. This undermined their core promises of total privacy, leaving many users feeling misled.

Why Brave Cannot Be Trusted

While Brave has since taken steps to address these privacy concerns, including implementing more transparent practices and improving its ad delivery system, the incident has raised important questions about the reliability of privacy-focused tech companies.

The Brave browser's history of breaching user trust reveals several key concerns:

• Inconsistent Privacy Practices: Despite claiming to be the pinnacle of privacy, Brave failed to uphold its promises when it came to its ad system, which secretly transmitted user data to third-party servers.
• Lack of Transparency: The company was slow to disclose what data was being collected and how it was being used. Even after the scandal broke, many questions went unanswered.
• Reliance on Third-Party Advertisers: Brave’s reliance on third-party companies for ad targeting exposes users to data leaks and potential vulnerabilities in the system.

Given these issues, Brave has shown that even companies that market themselves as privacy advocates may not be fully committed to safeguarding user data. This incident serves as a cautionary tale for users who put their faith in tech companies promising to protect their privacy while still engaging in practices that could compromise it.

Brave’s BigTech Partnerships: Who’s Behind the Scenes?

One reason for concern about Brave's privacy practices is its partnerships with Big Tech companies that may have conflicting interests with user privacy. While Brave markets itself as an alternative to major tech companies like Google, its partnerships and financial backers complicate the narrative.

Here are a few key entities connected to Brave that could potentially affect its privacy practices:

• Google: While Brave positions itself as an alternative to Google Chrome, it has worked with Google in the past. Google’s involvement in web technologies, including advertising, puts it in direct conflict with Brave’s privacy-first stance.
• Twitter: In 2021, Brave entered into a partnership with Twitter to integrate Twitter’s tipping system (via BAT). Twitter, a company that has faced privacy concerns itself, may have access to Brave’s user data through this integration, especially given its own ad-based revenue model.
• Amazon: Brave has partnered with Amazon Web Services (AWS) for hosting and cloud services. Given Amazon's massive data collection infrastructure, this raises questions about whether Brave is outsourcing some of its data storage and analytics to a company with far less commitment to user privacy.
• Various Advertisers: Brave's ad platform relies on third-party advertisers who may have access to anonymized data. These companies often use complex profiling techniques to create detailed user profiles, further undermining Brave's claims of total anonymity.

How Is Brave Funded? 🤔 💰

Brave Software is a for-profit company that generates revenue through multiple streams, primarily tied to its advertising ecosystem and premium services. Its funding model has evolved from early venture capital investments to a self-sustaining business driven by its Advertising platform and subscriptions.

• Venture Capital and Early Funding

  Brave raised significant capital in its early years to develop the browser and its ecosystem:
  

  • 2016: Brave secured at least $7 million in angel investments from venture capital firms, including Peter Thiel’s Founders Fund, Propel Venture Partners, Pantera Capital, Foundation Capital, and Digital Currency Group.
  • 2017: Brave raised $35 million through an Initial Coin Offering (ICO) for BAT, selling 1 billion tokens in under 30 seconds.
  • Additional Rounds: While exact figures for later rounds are less public, PitchBook reports ongoing investments from institutional backers. Brave’s valuation and cap tables remain private, but its investor list includes high-profile names in tech and crypto.
  • Peter Thiel’s involvement has drawn attention due to his controversial political activities and libertarian views, including funding “seasteading” projects. Some critics question whether Brave’s funding aligns with its user-first mission.

• Brave Ads and BAT

  • The core of Brave’s revenue comes from its privacy-preserving advertising platform. Users who opt into Brave Rewards see ads delivered as notification-style pop-ups or on publisher sites. Brave shares 70% of the ad revenue with users in the form of BAT, keeping 30% for itself. Advertisers, including partners like AirSwap, ConsenSys, eToro, and Vice, pay to display ads through Brave’s platform.
  • Brave also earns from “New Tab Takeovers” and Brave Search Ads, where brands pay for prominent placement. The company emphasizes that these ads are privacy-focused, with targeting done locally and no personal data sent to its servers, or so they say...

• Premium Services

  Brave offers several subscription-based products:
  

  • Brave Firewall + VPN: A paid service for enhanced privacy and security.
  • Brave Talk Premium: A private video conferencing tool.
  • Brave Leo Premium: An AI assistant powered by models like Meta’s Llama or Anthropic’s Claude.
  • Brave Search Premium: An ad-free search experience.
  
  These subscriptions generate recurring revenue, diversifying Brave’s income beyond ads.

• Other Revenue Streams

  • Search API Subscriptions: Brave monetizes its Search API, allowing third parties to access search data for applications like AI training. This has been controversial due to allegations of copyright violations.
  • Crypto Transactions: Brave earns a 1% fee on fiat-to-crypto transactions through its Brave Wallet and nominal fees on creator tips via Brave Rewards.
  • Partnerships: Brave has partnered with platforms like Binance and Gemini, integrating crypto trading widgets into the browser. These partnerships generate affiliate revenue.

The Brave Browser’s Fall from Grace

While Brave Browser originally garnered praise as a privacy-first alternative to mainstream browsers, its involvement in data collection scandals has cast a dark shadow over its reputation. Despite its promises of privacy, Brave's mishandling of user data through its Private Ads system exposed the company's willingness to compromise user confidentiality.

The incident demonstrated that even "privacy-centric" platforms can, and often do, collect and mishandle data in ways that violate user expectations. 🕵️‍♂️

Moreover, Brave’s Big Tech partnerships have raised serious questions about whether the company’s business interests are aligned with its supposed privacy values. If a browser that markets itself as a defender of privacy can fail to protect its users in such a blatant way, it’s a reminder that no platform can be fully trusted in the current ecosystem without constant scrutiny.

In the battle for digital privacy, Brave may have once seemed like a knight in shining armor, but its missteps in handling user data have proven that even the most well-meaning privacy tools can fall short. As users, it's important to remain vigilant and hold such companies accountable to their promises.

Trust, once lost, is difficult to regain, and for Brave, this may well be the beginning of a long road to rebuilding its tarnished reputation, unless they are still capturing personal user data from their Brave browser without anyone noticing! 🤔 😲

...Go Online and enjoy complete productivity freedom...