Quietly included in the browser’s most recent update, Chrome’s latest affront to user privacy is a new policy that forces users to sign the browser into their account the next time the login to a Google service such as Gmail. This authorizes Chrome to ship your local browsing data to Google, enabling you to “sync” it across all your devices, which previously had required the user’s opt-in consent.
This policy change was identified by cryptographer Matthew Green, also a professor at Johns Hopkins University and a scientist with the Zcash project, who wrote in a blog post that the change was sufficiently anathematic to user security and privacy that he will no longer be using the Chrome browser.
Noting that the policy change could even have “serious” privacy implications even if sync is turned off, he wrote:
“In short, Google has transformed the question of consenting to data upload from something affirmative that I actually had to put effort into — entering my Google credentials and signing into Chrome — into something I can now do with a single accidental click. This is a dark pattern. Whether intentional or not, it has the effect of making it easy for people to activate sync without knowing it, or to think they’re already syncing and thus there’s no additional cost to increasing Google’s access to their data.”
Google’s decision to further erode its data protection policies presents an opportunity for privacy-focused companies like Brave to make further penetrate the crowded browser market.
The Brave browser aims to “reset the web” by blocking advertisements by default and instead giving users the ability to opt-in to unobtrusive ads that are native to the user’s browser, do not track them as they traverse the web, and — according to the company — provide publishers and content creators with a greater revenue share than they currently receive.
Payments are made with Basic Attention Token (BAT), the ERC-20 token issued through the Brave ICO. Recognizing that most publishers do not want to bother with holding and converting cryptocurrency themselves, the service interfaces with trading platform Uphold to automatically convert tokens into publishers’ local fiat currency.
Last week, Brave announced a partnership with blockchain identity startup Civic to allow verified publishers to accept their monthly BAT payments in an external Ethereum wallet rather than the default one provided by the browser. Through the partnership, publishers will use Civic’s secure, private KYC service to authorize the payments to their external wallet.
Far from a niche piece of software though, Brave has rapidly onboarded users since it launched following a $36 million ICO last year. To wit, Brave’s Android app has more than 10 million downloads, and the company says that the browser currently has 4 million monthly active users across all devices, up from 3 million in July.
Moreover, the Brave browser has also been earning platitudes from professional reviewers, including Popular Science, as a viable alternative to Chrome and Safari.
“Developers built this browser on Chromium, an open-source project that also serves as the basis of Chrome, so you might notice some similarities with the look and feel of that app,” the publication wrote in praise of Brave. “In addition to stellar security, it includes all the usual features you would expect from a mobile browser, including incognito browsing, browser bookmarks, and password management.”
However, Brave hasn’t just been building a viable alternative to Chrome, it has also begun to take the privacy fight to Google. As CCN reported, the firm recently filed two formal complaints against Google, arguing that the firm has violated Europe’s General Data Protection Regulation (GDPR). The company also dumped Google as the browser’s default search engine in France and Germany, replacing it with privacy-focused search tool Qwant.
Featured Image from Shutterstock