Funding the Web

I’m Nadia Eghbal…

And I’m Mikeal Rogers.

On today’s show, Mikeal and I talk with Brendan Eich, who founded Brave, an open source web browser based on Chromium. He’s also the creator of JavaScript and co-founder of Mozilla.

We talked with Brendan about how the web has been founded, including a look back on the early browser wars and emerging monetization models.

We also talked about why big problems are hard to solve for the internet, and the tradeoffs between centralization and distribution.

Brendan, you’ve been in the browser game since they invented browsers, so why don’t you give us just a quick background on the browsers that you’ve worked on and how the browser landscape has changed over the last 20 years?

Sure. Actually, Tim Berners-Lee keeps moving the date when he started browsers back, so I don’t know if it was ’89 or ’90. I became aware of them in ’93 and started using Mosaic around then. I think I then used Netscape when it came out in the fall of ‘94. That was super hot and took over the browser market. I joined Netscape in early April 1995. That’s when I did JavaScript, notoriously in ten days in May, and I worked the rest of the summer getting it embedded and having a sort of primitive DOM so we could interact with the page elements, and shipping in Netscape 2.0.

Those were the days, right? Browsers were big, we were doing secure socket layer, so-called HTTPS, now TLS (Transport Layer Security) so you could have your credit card number flying around to various sites without worrying about snoopers stealing it.

JavaScript was kind of a toy then, but it was also in the browsers, right there on the page; you could write it, integrate it with your HTML… You could do very sweet, single-page application tricks even in 1995; without bugs and without XHR, you could do a lot.

So the promise was there… Java was supposed to be the big thing, but eventually it was just a plugin, I think. It always was inside this rectangle, it always was a complex language for people to learn if you weren’t a professional programmer, so the whole Java, JavaScript, Netscape+Java takes down Windows - they didn’t really happen.

[02:58] I got Microsoft’s attention and they did IE. Bill Gates did his famous Internet Tidal Wave speech, because he had a bunch of people he had to whip into shape who thought they were just gonna take down AOL or Compuserve or something, and they were building a proprietary dial-up content system, and I’m sure it would have sucked. Instead, they pivoted and bought Spyglass, built up IE, embraced Netscape-pioneered standards like JavaScript and extended them. We worked together, standardized JavaScript, and eventually Netscape got extinguished - that’s the 30 after embracing Extend.

I founded Mozilla, because I was done standardizing JavaScript; it was 1997 toward the end of the year… I remember going to the Paris sales office of Netscape and I realized, well, [Jim] Barksdale has been telling us Microsoft is taking the price of the browser to zero, because at that time Netscape actually sold the browser for money to enterprises. It was free for students and family, for home use, but it was still making money. Microsoft not only made Internet Explorer free, they bundled it with Windows 98, which was a monopoly operating system. So they did stuff that just was guaranteed to kill Netscape’s business.

Netscape had also gone public in ’95, well before being profitable, but it was a super hot startup. The stock zoomed up on the first day, and that kicked off the dotcom era of crazy startups. And it gave Netscape a war chest to buy companies, which hardly ever works. Mergers and acquisitions rarely work. In this case, they bought a bunch of startups which were all not really taking over the world as Netscape had, and they tried to bet the farm on them or build up a server-side business that never really took… They bought a sort of groupware Windows client company called Collabra, and because the original Netscape browser team was kind of fried and because of this ambition to take on Lotus Notes, they gave that company the sort of keys to the browser kingdom, and that just made things worse. Netscape 4 was late, and initially only on Windows, and buggy as all get out.

Jamie Zawinski’s got some old articles about this, if you wanna read about that era. It was not fun to go through that, but the only things that I remember being positive were getting JavaScript standardized, and then founding Mozilla. Mozilla was meant to be an escape pod, right? In Star Wars episode 4, A New Hope, this escape pod gets out from the rebel ship that’s been tractor-beamed and docked by the Star Destroyer crew. And the Star Destroyer crew, slackers that they are, don’t just blow it up for target practice, they let it land, and of course the droids are in it. [laughter] Microsoft must have been like those sloppy imperial gunners, because they didn’t think anything was gonna happen… Who knew?!

[05:59] It took four years to actually get the code in decent shape, which was many more years than some of my friends, the principle engineers who were working on it told their management at Netscape, so Netscape kept missing the mark with things like Netscape 6, which was a terrible release… Black-and-blue colored user interface with circular buttons; it was very buggy. Mitchell Baker and I told Netscape management, “Don’t do it…”, everybody in the rank and file engineering staff said “Don’t do it”, but the executives who sold themselves to AOL as able to turn Netscape around in some sense said, “No, we’ve gotta do it for morale.” [laughs] So they forced it out - that was in 2001 or 2002, I can’t remember. It was terrible, and it bombed, and I think some of those executives got their heads handed to them and replaces.

By 2002, Mozilla code was actually getting good. We were doing builds initially… Jamie Zawinski said, “Don’t do builds… You have to be a developer, you have to have a compiler, you have to know what C is. Do your own builds!” and it limited testing and limited reach, so we started doing QA builds of Mozilla, which were like Netscape without all the AOL, ICQ, AIM buttons that people didn’t want anyway. Those things were like AOL Instant Messenger, and ICQ was another instant messenger.

So Mozilla builds were cleaner, and they actually got fairly popular. I think at some point they were actually more popular than Netscape. But after we did Mozilla 1.0 in 2002, we said “Now the code’s good enough we can build something.” We already had a pirate ship called initially Mozilla/browser, then Phoenix, then Firebird, and ultimately Firefox going. That was a small group of people inside Netscape initially, lead by Dave Hyatt who was senior and Blake Ross who was junior - he’d been a high-school student intern at Netscape. They’d created this lightweight – just a browser off of the Mozilla code, where Mozilla was still doing a suite, because you did suites in the ’90s; you were trying to take on Lotus Notes, or you wanted to have Outlook-like mail, so you did a suite.

Oh, yeah!

As Blake joked about this, “Yes, I want to use my suite so I can look in my address book for my friend and open a new email Compose window, tell them about the George Foreman grill that I saw while browsing the web, and then send them an AIM link so they can AIM or ICQ back to me.” Nobody did that, right? It was this bloated mess. So by doing just Phoenix - I’ll call it that, for the 2002 era - we started getting traction. Even though it was a pirate ship, it was a small open source project, people got excited about what could a browser be.

So in 2003, Dave Hyatt who had already quit Netscape and gone on to Apple to help Safari actually reach the big time… Dave was a huge win for Apple, because when he left, he had lots of expertise on web compatibility and CSS rendering and everything. I think the WebKit team, as strong as they were, lacked that skillset.

[08:59] So Hyatt was a huge recruit to Apple. But even at Apple, he kept working on Phoenix. Got in a little trouble sometimes for blogging about it a little too openly; he would blog about what he’d learned about implementing tabbed browsing multiple times in Phoenix and Chimera (which then became Camino) and other practice tab implementations he’d done. He’d studied OmniWeb and iCab and other browsers, NetCaptor that had some kind of tabs, upper-head windows like MDI tabs.

Anyway, Hyatt was a huge force for Mozilla code, and even after he went to Apple he was helping Phoenix, Firebird and Firefox. In 2003 Hyatt and I wrote a Roadmap update. Roadmap was the Mozilla document that I wrote and updated every year, trying to get people all moving in the same direction without having to tell them what to do, just align everybody for the same goals and common architecture, and important requirements and anti-requirements. Like, it’s important to say what you’re not doing, as well as what you are doing, to make exclusions and forswear things, because you can’t be all things to all people.

What Hyatt and I did double down on that by saying, “Let’s do just a browser. Let’s get rid of this suite (the Mozilla suite).” It became Seamonkey, volunteers tended it. “Let’s do a browser. Firebird.” I think it was probably in 2003. “Let’s do just a mail app. Thunderbird. Let’s do extensions for them. Let’s take out a lot of the complexity that the Netscape-AOL designers and others had festooned the preferences with, and let’s put a lot of that complexity into extensions that can be downloaded.” We called them add-ons. They were written in the same sort of XML, JavaScript, CSS language that Firebird and Thunderbird were written in.

They were lightweight enough that you could have people build them without having to become experts on the code. They had fairly stable APIs for integrating, and they could integrate with a lot of the user interface. They could change the toolbars, they could inject content or context menu items, things like that.

So that was a big Roadmap update in 2003 that Hyatt and I did. I don’t think Apple got mad at him for putting his name on it. That really just aimed the rocket that became Firefox toward release in November 2004.

In a way I think that up ’till that point – now you have essentially tab browsing, now you have kind of the beginnings of Safari, and then that leads into Chrome, eventually. But by this point, the cost of all browsers has gone to zero, right? The last browser that people paid for was probably Netscape 6, right?

No, even that was, I believe, free. Netscape went free in the ‘90s because of Microsoft taking the price – I would say the price went to zero; the cost all-in was still like a billion dollars over multiple years. Estimates from the U.S. v. Microsoft antitrust case and things you hear about the cost of Chrome - even though they used WebKit - or the cost to Apple of Safari and WebKit come in around a billion, but sometimes it’s puffed up with marketing spend…

[12:04] It’s still an awful lot of non-recurring engineering. And the good thing is Mozilla taught everybody the benefits of open source, so you have now three open source engines in full Chromium/Blink WebKit and Mozilla originally. And WebKit reabsorbed KHTML from which it sprang. Hyatt had to make it web-compatible and the KHTML people didn’t think that was necessary, but eventually they lost. And now you even have ChakraCore, that Microsoft Edge and IE JavaScript engine open sourced on GitHub.

So the good news is that these huge sunk costs and ongoing costs are being developed in the open, so in some ways you could say the cost is zero to – like, my company Brave… [laughter] Nothing’s ever free, but thanks to all this open source and open standards - and they go together - we have significant web engines, all in the open.

There’s still a cost though that you’re incurring to develop on top of it.

Absolutely.

But before we get into Brave’s model, how are these other browsers funding their browsers? Especially with some of them taking on billion-dollar costs and then later maybe a little bit less, like Chrome… What are the incentive structures there and how do they actually end up making money?

I think it’s easy. Let’s start in historical order - IE was to avoid “Netscape + Java kills Windows.” I think Gates did think that was scary. Andreas was going around waving his arms, saying “Too much!” and a bunch of us were like “Shut up! Can you all get their attention?” and I heard that a board member of Microsoft sent him an email at the end of ‘95 saying, “Well, you’ve waved the cape in the bull’s face. Now you’re gonna get the horns.”

So Microsoft did IE, and they did a good job eventually with IE 4 on Windows. It was better than Netscape, which had been sort of trashed by that groupware company, and the founders kind of being burned down, mostly not working on it. But IE was actually pretty good, and Microsoft needed it, I think, to keep up with the Joneses - not just Netscape, but at that point Apple was coming back, heading toward… I think it went through that near-death experience with the Wired cover that says “Pray”; then Jobs came back and started doing “i” - iMacs (“i” was for internet). This is in that movie that they made recently; in the third act of that movie.

So the internet mattered, and even though Microsoft hadn’t given up on Windows lock-in, and still had hopes going into the noughties that they would bring back Windows Vista, or make the web kind of fade away again. The web was their estate, so Microsoft needed a browser, and he needed to own the category.

Safari - same thing. Jobs was doing the hot new Macs in 2001-2002, he launched the iPod around then (2002, I think) - he needed a browser. And it was a secret at first; Safari became public I think in 2003, and it was important to have something that kept up with the Joneses and was shiny in that Steve Jobs sense. It was one of the brushed metal apps originally, it looked special…

[15:10] But unfortunately - and this is what lead to WebKit - it got kind of checklisted as “Done” and then Jobs didn’t really invest in it. He put it in the same sort of organisation chart where you have ten people working on AppKit, ten people working on WebKit, ten people working on Cocoa - whatever. And it wasn’t funded well enough because it’s hard to do a browser, and Apple didn’t have an advertising business or a search business subsidize it. They had a search deal with Google that was quite lucrative. That was one of the things we knew about before we did our search deal with Google in 2004, and we knew it was possible to get good money out of search if you had browser users and they were high-value users.

The same story sort of repeats. As companies like Microsoft and Apple check off the browser box in their list of to-do’s, they kind of neglect it, because it’s not their main business. Opera did have for a long time the browser as their main business, and while they certainly (under Jon von Tetzchner, who’s doing Vivaldi now) went towards advanced users and added a lot of extra features, some of which we were factoring into add-ons on Firefox. They cared about the browser, and Mozilla cared about the browser, and you could tell you could get some users; your quality is just a little better… You’re in it for the browser, you’re not in it for operating system monopoly or shiny device growth, or search, or whatever ad revenue. You’re doing the browser for its own good. That always matters, and people can tell on the market. Your league users tend to gravitate.

Safari was not going to take back a whole lot of market share just from the MacBooks - or whatever they were; the iBooks of the time, the iMacs. It really took Firefox, which got up to 27% share at its peak - it just kept growing, because IE still wasn’t good, Microsoft still hadn’t quite put their A-team on it. Eventually, we did that search deal with Google in 2004. We had Google engineers helping in late 2004, through 2005, into 2006, and then they all disappeared, and we knew from private communications - we didn’t talk about it because of NDAs - they were doing Chrome.

I think Jobs knew, too. Jobs hated this. He was like, “You can’t use WebKit. That’s my open source.” [laughter] He threw a chair against the wall because of Android, which he viewed as stealing his design. But with WebKit it was more like, “That’s my source!” But WebKit itself was a fork of KHTML, this very sort of elite European project, part of the KDE Linux desktop that started late in ’98, around the time that Mozilla started to rewrite the codebase (my first Roadmap in October ‘98). So KHTML was high quality, but it wasn’t web-compatible. It was very, sort of by-the-book standards. It didn’t do what’s called “residual style” error correction on CSS. When you have a bold and an italic open tag, and then you close the bold first and then the italic, it’s not a tree-structure DOM and it didn’t do the right thing.

[18:08] And there were lots of other crazy things you could in HTML which Hixie [Ian Hickson] and others wrote up as HTML5 in the WHATWG and now we know that is a living standard. But KHTML didn’t do that, and Dave Hyatt at Apple, having jumped from Netscape, had to do that. He’s like, “I’ve gotta do it.” So he was patch bombing KHTML every six months with these giant change sets. Generally good changes, but the elite Euro hackers - I think a lot of them at that point might have been at Trolltech (I’m not sure if it existed then, but they ended up joining the Qt Company - Trolltech in Oslo). They said, “No, we don’t need this. In Europe we balance our tags properly. You Americans… Go work on your HTML markup balance, and stop polluting our perfect code with your ugly error corrections.” So it became a fight.

Hyatt, meanwhile - I’ve told this story in a few places - was being recruited around early 2005 by us, by Google, and another company I’m forgetting. He was kind of on the market because he was fed up because Steve at Apple had indeed checklisted the browser; it wasn’t getting enough funding. It was just another ex-kit team - WebKit, AppKit… And by the way, the AppKit team wasn’t that sharp compared to the WebKit team. There were really good hackers on WebKit, but they needed more help, and they weren’t getting it.

So Hyatt gets fed up; Flock was being spun up by Bart Decrem alone, from Mozilla, because he wanted to do a dotcom for Firefox in late 2004. It was already non-profit; the answer from the board was no, so Bart said “Okay, I’m gonna do Flock”, and what he called it when he first went to get VC funding was “Round Two.” It’s like, “Thanks, Bart. We were round one, you’re round two.” I guess we didn’t have to fight to go the distance.

Eventually, Flock failed, but while he was getting funding and recruiting for it, he started recruiting his old buddy, Maciej Stachowiak, whom he knew from Nautilus, where Andry Hertzfeld also had been, which is sort of a more app-ly Linux desktop file manager thing. And Maciej was a force at WebKit, one of the founders, along with Darin Adler, and he got Hyatt’s number somehow, and Hyatt said “Yeah, this Bart guy keeps calling me. I had to bust out Mean Dave on him”, [laughs] because Hyatt’s usually nice and soft spoken, very thoughtful, but Bart kept bugging him, saying “Come to Flock. I’ll give you lots of options, we’ll take down Firefox. It will be much better than your Apple job.” But Hyatt was upset because Apple wasn’t investing enough, so he was looking around.

I don’t think there’s any way he would have come to Mozilla, but he did interview at Google, which he hated; they gave him puzzles. I think his name probably redacted in the discovery materials for the so-called Techtopus case. Do you guys know about that? It’s a straight up Sherman Clayton antitrust violation. Google, Apple, Adobe, Intel were collaborating to not poach each other’s – or even hire each other’s top talent.

[21:05] Oh, right, right.

…which was suppressing salaries…

Yeah, yeah.

The worst – really nauseating to me was Eric Schmidt sort of cravenly apologizing to Steve Jobs for even daring to talk to some engineers in France who might have been from Next and may have had some Apple relationship; they weren’t even necessarily being hired by Apple, but Steve was outraged that they might be recruited by Google and he made Eric sort of balance scrape.

I was having dinner with Sergey and Larry, and Mitchell Baker in early 2005. Sergey comes in late and he says, “Sorry, I just got off the phone with Steve Jobs. He was just screaming, cussing at me. He said ‘Don’t touch Hyatt’!” So there was this definite restraint of employing a tech talent trade going on there.

Hyatt didn’t go anywhere, he stayed at Apple. One of the prices for Maciej and Hyatt to stay at Apple - I’m not sure how seriously they were ever gonna leave, because Apple’s pretty good to its engineers; they’re birds in gilded cages. They work very hard, they’re very smart, they work on shiny devices and they get well comped, but they seem to be loose enough that they had some leverage and they said - this is what I heard - , “If we stay, let’s do honest open source. Let’s not patch bomb KHTML every six months. Let’s make webkit.org. Let’s learn from Mozilla. We’ll make our own mini Mozilla and we’ll do proper open source there.” And they did. That was in 2005.

I think that was a good thing, and it helped give that gift of WebKit to Google, which they secretly started using for Chrome in 2006.

[laughs] That’s great. So it sounds like for the most part all the costs are deferred to create these things by some massive company that has a bunch of other interests.

That’s right.

And eventually they get bored with it, because they don’t have direct sustainability. Mozilla does have direct sustainability kind of baked in, right? it does generate revenue from the browser to fund the browser, correct?

Well, you could say that about Google too, because it’s all search revenue and for Google, Chrome is just a lower traffic acquisition cost device. Right now I think to get search fields in other browsers from Google is very hard. Bing is still competitive in the U.S., it has 20-something percent, depending on who you ask. Vivaldi has Bing as their default search partner and they get a revenue share.

Google was sharing revenue with Firefox in the original deal we did at such a clip that we got alarmed and we thought, “Oh no, we’re gonna have trouble taking this as a non-profit; we’re gonna have too much money. We’re gonna look like a giant billion-dollar hole in Eric Schmidt’s balance sheet by January 2006.” So we actually - I think this was a mistake - took a much lower revenue share above a certain absolute amount. The blended cost of Firefox traffic was very low; we were the best traffic acquisition deal Google ever had, and it still didn’t prevent Chrome. It just kicked the can a few years down the road. But as you say, they have a big business - search, ads… They need to make sure that people are searching…

[24:01] Google got very worried in the mid-2000s about Microsoft coming back with IE. They’d done IE 7 in response to Firefox. It still wasn’t that great, but they started distributing it again; it was still the default browser. They’d gotten in trouble in Europe with the European Commission, so they had to make a browser choice panel, which allowed people to pick Firefox as their default, but they still had a lot of Internet Explorer traction.

Google had started selling Google Desktop and Google Toolbar, and getting some Windows presence through that. Sundar Pichai did a lot of that work, which I think in the view of Schmidt and Sergey and Larry saved the day. If Microsoft in 2008 or so, with Bing being a new thing, has suddenly said “Hey, we’re setting search back to Bing on all the browsers - especially all the Internet Explorer browsers that we control - through Windows update, bye-bye Google!” Google would have been in trouble. So they had this Google Desktop Search, they had Google Toolbar footprint, they had OEM deals to distribute those, and thanks to Sandor they had some ability to fight back and make sure that the search default didn’t get set away from Google. Because Google was obviously still the best. Bing was even worse then; it’s gotten better. It’s hard to tell… I’ve heard people say if you label the Bing results with Google’s brand, people say “Hey, that’s the best!” In the long tail of four or five keyword searches, Google’s still the best, in my opinion.

This was just to show, like you said, that you need a big company with another business that can bear the cost, and actually find the cost preferable to paying for outside sources of search traffic for instance, or to - in Microsoft’s case - have a browser and fend off Netscape or compete with Apple; or, in Apple’s case, have a browser to compete with Microsoft. And that competition still goes on. Safari is denying Chrome 95% market share that Windows IE reached in 2003-2004. If you look in Wikipedia, I think just before Firefox took it back, IE topped around 95%. Chrome will not get to 95%, and I’m talking across mobile and desktop… And it’s because iOS’s Safari. To a lesser extent it’s because of Safari on Mac; it’s because of Firefox, which is losing share, still. Chrome is the only browser growing, according to some of my friends at very big companies who would know (very big, web-facing companies). It’s growing slowly, but it will not get to 95%.

This dynamic keeps things still somewhat balanced in the standards bodies, so everyone worries - if Google gets too powerful, will they start overreaching and waste time on stuff? And they already did, right? They did native client, they did Dart - that stuff wasted a lot of time. But they also invested in the web, and here we are…

The sunk cost problem is not just a one-time thing, it’s an ongoing thing. Browsers cost. And you mentioned Mozilla… I can’t really comment on their economics because Verizon bought Yahoo! and I have no insight, and even the Yahoo! deal was after I left. But just from the outside, looking at the balance sheets and the marked-to-market of Yahoo!, if you subtract Alibaba and the SoftBank [unintelligible 00:27:02.21] even in 2014, it doesn’t look good.

[27:07] It’s tricky doing a browser, especially if you don’t have a lot of users, or if you have a declining user base, and Chrome is starting to become the – I wouldn’t say the monopoly, but the senior duopoly partner. It’s tricky making a case for another browser being funded only by search revenue, for instance.

Given all that, I find it interesting that what you decided to do was build another browser. We’ve gotta take a quick break before we dive right into that, so we’ll be back in just a few moments with Brendan Eich.

In our last segment we were talking a little bit about sustainability models for browsers. Could you talk about how Brave makes money?

We’re a startup, we’re burning right now, so…

How Brave plans to make money - let’s put it that way.

Venture capital! [laughter]

You know, you can still get, as I say, search revenue. We actually have search partners already. DuckDuckGo is a search partner, and we’re making lunch money from them… Which is good. And we help build that up, because people who skew toward Brave do like DuckDuckGO. That’s an up-and-coming search engine that emphasizes privacy, so it’s in many ways aligned with us. It’s just not our default search engine because Google’s still the people’s choice, as far as we can tell. And as they say, on the long tail of multiple keyword queries, it’s still the best.

[30:02] If we didn’t make Google the default, we suspect a lot of our users would reset from our default DuckDuckGo to Google, and then we would be stuck, because ethically and in the market we wouldn’t wanna override their choice. We could never get them back on a default that might be a better search engine down the road.

This actually happened to Firefox - it’s public information, people studied this identity-solving search engine log. If you look at what happened with the Yahoo! search deal, in December 2014 they made Yahoo! the default search for Firefox, and we’d had Google since Phoenix, since forever. We had a good commercial deal since 2004. That Yahoo! default didn’t stick. A lot of users rest to Google over time. Yahoo! was probably paying - I don’t know, but I’m guessing they were paying a lot, possibly even a guarantee payment, for a declining traffic.

We don’t wanna do that in Brave, but we will make some search revenue from people who choose DuckDuckGo. And as the game theories would suggest, all the non-Google search engines generally are willing to pay for non-default traffic; that is for those users who choose to switch to DuckDuckGo or Bing. They’ll pay better if you make them the default, and Bing is still trying to grow, so they’ll do deals like I mentioned, Vivaldi, as far as I know they’re still using Bing as the default, but… We can get some money out of search, it’s just not gonna be huge and we don’t wanna count on it exclusively.

Another idea we have is the microdonations we’re already supporting with the Brave payments beta. If you use Brave right now, since 0.12 one or two, you can actually get money into your user wallet and have it sort of deterministically anonymously and with low transaction costs distributed among your top sites. You can turn off the sites you don’t wanna support. You have 30 days of ongoing personal chartbeat in your own browser - this is on-device only, no tracking. And at the end of that 30-day period, which is a personal period, there’s reconciliation. Anything you excluded or decided at the last minute you didn’t wanna fund gets left out. The other sites get what are essentially votes in sort of a zero knowledge proof voting system based on some cool academic work called Anonize and that gets sent through a VPN connection to our infrastructure, so we don’t even see your IP address. Then we mix it all together and we count the votes and we count the funds - a lot of people are putting $5/month in this system - and we distribute it to publishers; we’re starting to do that now, just this week. I think our publishers pays will be up very soon.

[32:47] That means we get some small fee-based revenue off of that, but we have to cover our infrastructure costs. I’m not sure that will make us a lot of money either, but that’s another way we’ll make some money. I think if everybody who used Brave donated $5/month, they’d be essentially replacing their average cost or median cost in terms of lost ad revenue. That would be cool. I don’t think everyone’s gonna do it. Also, we need to get a million users, ten million users, a hundred million users. But if all those ifs came true, everybody did $5/month, and we have a hundred million users, we’d be making $3/user/year - that’s $300 million. That’s enough to run a browser like Firefox. That’s what Firefox often ran on in the old days.

I think it would be nice for that to happen, but I don’t think that will happen. I think the donor cohort will decline as a fraction of our user base. NPR gets like 30% listeners donating, but they do pledge drives, they’re a nonprofit. We are getting early adopters skewing toward donating. We have like 11,000 wallets and we’re only in beta; the average balance in the wallet is over $5, so people are doing this, but it’s voluntary, so we can’t count on it either. But we’d like to build it up and see how big it can get.

We think it’s a good deal for publishers too, because they don’t have to worry about the lost ad revenue if they’re getting these donations trickled back to them through the Brave payments.

I mentioned Brave payments as an auto micro-donation system, but there’s general ecommerce we could do with Brave payments. If it’s just on the Bitcoin blockchain, it could not involve us, there’s no need for an intermediary (that’s one of the beauties of Bitcoin) and we wouldn’t make anything. But we’d like to enable that. We think that there’s upside there.

Generally, there’s too much friction buying things on the web, still. Obviously, if you have an iTunes or Amazon credit card relationship, it’s one click and away you go. But you don’t wanna do that with every ecommerce site you might wanna buy something from. It’s kind of scary to give over your credit card to another site, with all the breaches. People sometimes use Paypal, but Paypal has its issues and it’s not universal.

We’d like to make frictionless small payments a thing, a web standard, if you will. And there’s nothing proprietary about it, we’d like to have Brave just be a pioneer, just like pop-up blocking or tab browsing was known before Firefox or Phoenix, but we popularized it. We’d like to make future payments that are frictionless - no intermediary, no interchange charge… We’d like to make that a thing.

Sort of baked into the model there is that by default you’re blocking a lot of ads, and tracking stuff like that. You have a view of the user and the privacy that I don’t think a lot of other browsers go on quite as far. Could you detail a little bit the degree to which you bring that stuff out of the user experience, and what you replace it with?

[35:47] Yeah, so that’s the really radical idea, and it’s not fully implemented. Brave, with the right opt-in - we wouldn’t wanna surprise users with this, but Brave should be your personal Google; it should be your personal data set and machine learning, which adds value to the data.

You know how people say “Facebook sells your data”? They don’t, because if they did, it would all get quickly arbitraged to a low price, and it’s seasonal enough, there’s enough repeated behavior among users that it wouldn’t be necessary for them to keep selling it. It would be extracted and in bulk. Facebook doesn’t sell all your data. What they do is they say “Come onto our platform and do ads”, or “Come onto our platform and transact in a very limited way with the data.” That’s what Google does with the web. Google is a really brilliant, once-in-a-generation business. They started with search ads - very clean, because when you’re searching, you have strong intent, you’re looking for something, you’re willing to see a promotion, especially if it’s algorithmically well-placed. It could be better than the organic results that Altavista would have found in ‘98. That’s why Google started rising fast then, and they did search ads even then; they were making enough money they got the famous angel investment from Andreas Bechtolsheim. He asked them, “How do you make money?” and Sergey said “Placed results, search ads.” Andreas said, “I’m using Altavista, but they get tricked by pages that put a little dictionary in the HTML comment, and suddenly that page is authoritative for every word in that dictionary, and they get undue search rank in Altavista. What do you do about that?” Larry Page said, “Oh, we take care of that because we count incoming links to do reputation, pagerank.” Then Andreas said, “How much are you making?” This was like ’98, when Sergey and Larry were still I think on Stanford campus. They said, “A hundred thousand a month and growing”, and Andreas said, “Let me go to my car and get my checkbook”, and he wrote a famous angel investment check which paid off very well.

That search ad business is still strong for Google, but search is kind of flattening out. The smartphone is less of a searchy device, it’s more of a social and bespoke search, or custom app experience. Voice is rising, AI is changing things… Search is flattening. It’s gonna be a challenge for Google to keep satisfying Wall-Street’s needs as a public company.

Google also did something clever - in 2008 they bought DoubleClick, because they saw if you didn’t convert all those search ads on the search engine result page, those quality texty result up top that were clearly identified at ads, but sometimes could be better than the organic results – if you didn’t click on those, you went off into the organic results, and you visited publisher sites and ecommerce sites… You kind of got distracted and surfed a bit for fun, celebrity-stalked somebody a bit… Then you came back to your major purchase, but maybe you did it through an ecommerce site and Google had no piece of that action. So they bought DoubleClick, because DoubleClick had a display ad business. They were all over publisher sites, they were on a lot of ecommerce sites. And they had cookies, they could be audience profiles by tracking people across sites.

[38:59] That gave Google a more complete model of the user, from search, through browsing to various sites that DoubleClick had cookies on or other footprint on, and Google’s been integrating things ever since - YouTube’s gotten big… In some way they’re the web, eating their own ecosystem, but they’re also getting a more complete user model.

I think you may have seen, even Chrome will now be mixing your history into the advertising model if you don’t opt out, I believe. Powerful business, but it’s got some downsides. Increasingly, Google and Facebook own 90 cents of every marginal ad dollar spent. Every extra ad dollar being spent this year above last year, 90 cents out of it goes to Google and Facebook. And that’s not a stable setting, even if you don’t mind those two being the new duopoly on search and ads, or social and ads, because Facebook’s coming after Google, and Google’s search business is flat. So there’s a problem there.

Also, there’s a huge privacy problem. People just don’t like being tracked that way. They get retargeted by bad ads, they get creepy ads, ads that make your eyes bleed, parasite pictures, belly fat reducers, wrinkle reducers… And they get malware now. Malware is actually being placed, and has been for a few years. This is kind of an under-reported story, because a lot of it works by being ransomware - it holds your PC hostage, encrypts the disk and says, “Here’s how buy Bitcoin and send Bitcoin”, and it charges not too much. So grandma paid $600 or $1,200 to get her pictures back of her grandchildren, and she’s too embarrassed to admit it.

There was a hospital in Southern California where all the systems in the hospital were thrown by ransomware. That gets you more on the FBI and Interpol radar, but these are criminal gangs hiding in nation-states that don’t necessarily prosecute them. They’re using very sophisticated exploit kits; that’s the payload that downloads and tries a bunch of vulnerabilities.

The ones we know about from the last year and a half, Angler in particular, used Flash and Silverlight and Java plugin vulnerabilities. Brave turns off plugins by default. The plugins should die, Steve Jobs was right. Thoughts on music - he was right about DRM; thoughts on Flash - he was right about Flash. God bless Steve Jobs. [laughter]

I’m not gonna endorse everything he ever did, but he did two solid things there for the web and for security. These exploit kits now are trying browser vulnerabilities. I’m pretty sure Neutrino is the one that superseded Angler and it’s trying browser vulnerabilities, because every sophisticated endpoint software is endlessly vulnerable, and you have to keep patching it. That’s what Chrome does, that’s what Firefox does, that’s what Microsoft does now… It was one of the lessons of the last 15 years in browsers, that you have to release all the time to keep ahead of the exploits. You have to fuzz-test your codebase with travesty JavaScript-generated JavaScript that finds all the safety bugs.

[42:01] These exploit kits are out there, and they’re coming in through ad exchanges. How do they do it? They actually create fake ad agencies. These are fake businesses, with fake CEOs and CMOs, fake people pictures, bios, and they go and buy ads… They put custom creative ads into ad exchanges. They pay the fees to get into the exchange, and then in real-time bidding processes automated ad exchanges place these ads on publisher pages, sometimes even gateway to other exchanges. They get onto a Chrome ad exchange at a low price, but they can claim to guarantee some conversion or some performance to the publisher who wants to sell the ad space for the ad. And the publishers fall for this every time, because they wanna fill out every space they can with ads, even at the bottom of the page, where the parasite pictures are. And they generally don’t directly sell that to brands or agencies; it’s not good space, so they say “Oh sure, programmatic ad partner. Come on in and own my space and put whatever you want in there.” Programmatic means automated, if it means anything. So he goes and says “Okay, let’s use this ad exchange…” It’s AOL, or OpenEx or Yahoo!…

Pretty soon, you don’t know where those ads are coming from. They’re coming from Russia, but they look like legitimate ads. And here’s the crazy thing - sometimes if you scan their JavaScript, they all come with JavaScript, for tracking pixels to confirm that the ad was viewed, things like that. You don’t see anything overtly bad; you might see some funny little image, a processing loop that maybe is commented innocuously look like it’s doing something to do gamma correction on the image. What it’s actually is taking a graphic decoding of an exploit kit loader from image pixel perturbations. In other words, it’s taken out of the hiding, some kind of signal, a covert message in an image or a picture is being done to hide the guilty code that’s gonna load the Angler exploit kit.

This leads to the New York Times, BBC, AOL and other top sites in late March having ransomware malvertising on their properties. If you think about it, this is actually an outrage, right? Why should world-class online publishers tolerate this? Why should they not control the quality of the ads. Why shouldn’t they have only direct, trusted relationships? Well, as I say, the bottom of the fold, and even the middle of the fold (middle of the page) ad spaces just aren’t as valuable as the top, and even big publishers that have direct sales forces and their own tech teams and do beautiful, custom sponsorship ads…

[44:48] My favorite example, Louis Vuitton handbags on Elle.com. That takes up the bottom half of the frontpage, it looks nice, it’s a trustworthy ad as far as I know - there’s very little third party about it; there’s some tracking… It’s a custom video ad from Questra or somebody, but it’s pretty legit. That’s not the problem. It’s the stuff below that that all the publishers want to fill their space and make a little bit of money. Otherwise, if they leave the space dead, they’re just leaving money on the table. And that leads to malware coming on the pages.

To get back to Brave, we saw this coming. We said ad blocking - even in 2015 when we started - was rising. We started May 2015. We didn’t know that iOS, thanks to Tim Cook, would start making ad blocking easy to use with Safari. They make it an app install model, instead of a browser extension model. They make it content blocking, and it rose quickly to the top of the app store last fall and it became very popular until it saturated short-term demand, and it changed the whole conversation. It made people across the ecosystem - from the marketers who spend on advertising, to the publishers who rely on whatever of that spend is left after all the middle players and the parasites have taken their skim - it made everybody say “Oh no, ad blocking is not going away. It’s not just AdBlock Plus or uBlock Origin. Now it’s iOS. It’s Apple. And Apple had walked away from advertising as a business I think twice. But it wasn’t just because ads are annoying or unaesthetic; that’s a very shallow way to characterize it. Ads are actually dangerous, because they’re over delegated through these ad exchanges, and there’s no contractual relationship.

Doug Crockford knew this. If you remember Doug’s work at Yahoo! with AdSafe, which was a static verifier for JavaScript and was kind of like before Google Caja, which became Secure EcmaScript, AdSafe was Doug’s very picky way of trying to get Yahoo! ads not to contain malware. This has been a longstanding problem, and as I said, it’s under-reported because ransomware - the price the criminals extract is low enough people are embarrassed and they can pay it, get their system back… It’s very hard to track these criminals down. But even ignoring the ransomware threat, just the privacy problem that your data profile is constantly being sucked out of your machine and you’re not benefitting from it, you’re actually suffering from increasingly worse ads, even ignoring the malware; just annoying ads. Retargeting, which is when you get hammered by an ad you’ve already seen… Because it sometimes nags you into buying something you wouldn’t, or in the best case reminds you of something you forgot you do wanna buy. It has a little bit of lift, like a fraction of a percent, and that means that it’s gonna get done; it’s not gonna be left on the table. That money is not gonna be left on the table.

So advertising has become this toxic parasite system, in my opinion. It’s over delegated, there’s too much principal versus agent conflict of interest, there are layers of that, and along with that, there are layers of confirmation bias in the data that’s extracted in the model.

[47:54] They say they have great data, all these ad tech companies; they wanna go public or they wanna get bought by Oracle, and they say they have magnificent data which will increase yield. But if you look year to year, the actual performance of advertising, the so-called yield, doesn’t really go up. Money just goes from one pocket to a different pocket. Publishers are still suffering, and there are long-term negative externalities, like secular trends that are bad for everybody, like the rise of ad blocking and the rise of malvertising.

Brave is trying to address this, but not just - I’m being very negative here - we’re not just gonna cure something that’s bad; we wanna make things actively better. We wanna make this anti-Google, personal Google. We want you to be in charge of your data, and that means not only should you not have bad ads or annoying ads or dangerous ads, you should have a piece of the action. You should get revenue, you should be able to control the terms of the economics. And if you don’t want ads, you can donate, and then you can block guilt-free.

There’s a lot of nuance in here… You talked a little bit about misperception - the problem with advertising is more than it’s just a visual distraction, but it’s actually harmful. Do you think that nuance transfers to potential users of Brave? Because in some ways you are becoming that publishing platform, right? Or the publisher. Do you think that users will understand that your version of advertising is different from the type of advertising that they’re currently exposed to?

We don’t know. That’s a great question. I think among the early adopters, lead users, yes they get it. A lot of them are outraged by the malvertising stories that broke this spring. And it was really great for us, because we had the late March malware on the front page of New York Times, then we had on 7th April… I woke up and there’s a letter from The Newspaper Association of America, counsels us to cease and desist, but we haven’t anything yet to actually cease and desist; those words don’t occur in the body, but it’s full of threats and crazy legal theories, including that these Newspaper Association of America members own the copyright on those ads that we would be blocking. How could they own that, because it’s malware from Russia, or whatever? They don’t own the copyright; those ads are injected by JavaScript in your browser, running on your page, communicating with third party sites with ad exchanges. Nothing to do with New York Times. There’s no creative work, ensemble work that has the ads.

I think the lawyers - it’s generally the associate GCs that join these trade groups, like Newspaper Association of America, now called The News Media Association… Newspapers have been in decades long of decline, but they view the ads as ink on paper. It’s like we’re sneaking up to grandma’s porch and we’re facing the ads that they printed on the Sunday New York Times and we’re pasting up our own ads to trick grandma into transacting with our advertisers and us getting a piece of that action.

First of all, we didn’t do any such thing. We only talked about how it can be better if we did something like that. Second of all, there’s no ink on page ad the New York Times owns. The ads are third party, they’re placed with JavaScript. Another one of my guilty legacies with JavaScript is how it’s used for third party ads.

[51:02] There’s really a deep topic here. Will people appreciate it? I think mainly people appreciate speed in browsers, they appreciate safety, and we’re leading with those. Safety is a broad term, but I include privacy. People say, “Oh, you can’t market privacy”, but you can. Snapchat built up a good cohort doing disappearing messages. People care about things like secure communications. WhatsApp’s doing end-to-end encryption.

People care after a crisis. Snowden changed things for a lot of people. I think as things evolve, we’ll have more concern about privacy. It’s often driven by crises and revelations. People just didn’t know they had a problem until they had one. So we don’t need to get too detailed on the economics, but I wanted to paint a picture because there is a lot of money exchanging hands here, a lot of middle players taking big cuts, very little for the publisher.

Brave cares about users first, and we think user attention is not fairly priced. We care about publishers, too. If you can’t keep a website a going concern, the web’s in trouble, so we’d like to see publishers get paid better. That’s where we think, if we get the right experiments done with user opt-in and publisher opt-in, we could build a better (I almost wanna call it) promotion system. The idea with advertising online now – Joe Marchese, founder of TrueX (I think Fox owns it now) said this: “You’re shotgunning people’s attention across ten thousand pages.” That means you’re wasting a lot of money, because first of all a lot of people guessed wrong, they didn’t go to that site. Then you’re retargeting them, which bugs them. You cross the line and they get an ad blocker. They’re lost to you. What if you could just get the right information at the right time, in the right place, to the person who’s likely to actually benefit from it and be happy with that marketing information? That’s the ideal model for advertising.

It solves what’s called “Wanamaker’s dilemma.” There’s this guy Jude Wanamaker who had a chain of department stores in Philly a hundred years ago, and he is alleged to have said - at least if I can get the quote right; it’s not clear if he actually said this - “My problem with advertising is half my advertising budget is wasted, I just don’t know which half.” Even then, he was shotgunning newspapers or catalog ads, and some of them missed the target.

Theoretically, with a very private system like Brave where your data is kept on device - we don’t see it on our servers, we use zero-knowledge proofs to transact things like payments for donations or ad impression counts in aggregate; theoretically, you could keep that data secure; you could keep your own Facebook, your own Google, you could do your own ad business. It would be a very personal ad business; it would be a “right information at the right time” business. It would not be replacing one-for-one all those indirect ads that we block. It might even be using a different channel, like a full-screen video channel or a set-aside personal mall; some people might prefer to get an email once a week with promotions. These would be really well targeted, they wouldn’t annoy you, they would give you a deep discount, because the marketing side wouldn’t have to spend for those 10,000 ads, half of which or more (maybe 90% or more) miss the target.

[54:03] That’s the big idea with Brave. It goes to search too, because when you search with Google and Google does that great result - they’re better than Bing, as I said; they’ll probably always be better. They have the oldest data set, they have the oldest machine learning that’s co-evolved with it. But what about your keywords that you type in? That’s your data. Again, Brave’s point of view is you own your own data. Not just your browsing history, what’s visible, how you open the tab from another, where you are scrolling, but also your keyword queries to search engines. And that’s a very hot data set that you should benefit from and we should protect on your device. So we’re looking at the whole picture. And when I say anti-Google, I don’t mean that in a hostile way, I mean somebody needs to build this. In a coming world where AI is everywhere, do you really need the cloud superpowers owning all your data? From your house, your cat, your own body monitors… I think there are scale advantages to the cloud and to clustering AI calculations there, but a lot of it is personal, a lot of it could be done in your home server, or even on your phone. So there should be tiers of AI and machine learning and tiers of data, where some of that data doesn’t even leave your device. Maybe only abstracted summaries or anonymised summaries leave your device. That’s the really big vision here, and I think people will build this. I see more signs startups are doing this. Instead of building some surveillance device based on cookies or search or everything in the cloud, they’re doing local computation and doing things that can be defensively secured in your pocket or in your house. That’s where Brave gets in.

That’s a really good point to stop for our next break. When we come back, we’ll dig in a bit deeper into how we can fund the web.

One of the things I found really interesting about sustainability issues around developing and using browsers is that a lot of these challenges are really similar to funding and sustaining open source, and a lot of your work also dovetails with figuring out ways to support content creators and publishers. There’s these trends across all these different kinds of really big, important institutions on the web, or really important ideas, but they’re all clearly valued by society, but they’re also really hard to finish and sustain. Why do you think it’s so hard for us to find good answers to these problems.

The story of my life. I was a Unix kernel hacker at Silicon Graphics before I ended up at Netscape, and I always worked on platform code… I think you see - it’s pretty explicit now - open fintech through the Symphony Foundation and other things… You see a lot of companies realize that open source is better for quality assurance, recruiting, lots of things that traditionally they would have to pay for themselves, so they can share the cost of platform code, or what Georgios Kontaxis calls evolutionary kernel code. This is the sort of stable code that’s conserved like the best DNA in a population. It’s like the TCP/IP or JavaScript - once you stabilize it, everybody can build huge systems above, and sometimes even below it. You can have multiple link layers and go from Ethernet being 10 Mbps on copper, all the way up to fiber (metropolitan Ethernet or whatever ATM cells) and still have this TCP/IP in the middle, and sure, IPv6, but it’s not really taking over, and it’s all evolutionary. JavaScript ES6, here we go again!

The platform code, the evolutionary kernel code that’s sort of “the commons” in the best sense of the word, is a cost center. When I was at Silicon Graphics, as I developed hot, killer graphics, workstations and then high-end multi-processors and low-end desktop graphics workstation machines, eventually to be killed by the PC and the GPU in the ’90s, the kernel group that I worked in and the network software group got kicked around. It was a cost center, it was an albatross, or else it was a source of talent for building out something important for the multiprocessor business. So they got kicked from the “hot product” group to the “not hot product” group and back. I think it even got divisionalized a little bit, not fully forked. HP did the same thing.

I see a pattern here, where open source is serving the commons, it’s not serving the differentiated, risky or for-profit innovation, that for better or worse some of that stuff stays proprietary. But anything that starts to become a platform, starts to become a cost center and needs to have its costs shared if it’s of interest to many other players. And how do you fund that? I wouldn’t say it’s exactly like publishers, because publishers often are for-profit. But not always - Dow Jones was a long-time family-owned and subsidized… In some ways we need Carlos Slim and Jeff Bezos to prop up the nation’s number one and two papers of record, right?

[01:00:22.27] Newspapers have been in a decades-long decline, and they always relied on advertising and subscriptions, and subscriptions never paid for the whole thing; they were always a minority of the revenue needed to run a newspaper business, even back in the heyday, the golden age of newspapers. Because people would subscribe, and there was some revenue you made there, but advertising paid the bulk of it, and that’s still true.

The way I look at this is not to say “We must have advertising. Advertising is always good.” There was a TV executive I heard about in the ‘50s who said, “It’s inconceivable that television will ever be other than free and advertising-supported”, and of course we have Netflix now, so never say never. Maybe the Brave donation model, in some future frictionless micro-donation, micro-payment, micro-royalty world will suffice. We still have free television with ads for sure, even with Netflix. But if you look at how costs are covered, you have to look at what’s happening today. If 70 billion is spent on ads in the U.S. (I think this year, or maybe it was last year), and Facebook and Google are taking a lot of it (they’re taking 80%) and the increment in spending from last year - maybe it went from 60 to 70 - of that 10 billion increment they’re 90%, that’s not leaving a lot for the publishers. And if you look at how the publishers do their ad businesses, they have to pay if they sell direct ad space. If they do indirect, they’re at the mercy of malware, like I said, but they’re also getting far less, because there’s so many people in the middle, cutting out from the pie; by the time the pie gets from the marketing side to the publisher, there’s very little left - 35-40% or less.

Still, that’s a lot of money. That’s billions of dollars a year, and these companies need to get it, so how would you go about replacing that? Assume for a moment things need to be replaced as is, that we won’t get a better model, we won’t find fusion energy, like Sam Altman thinks would make electricity free - I kind of doubt that - but ceteris paribus (all else equal), how would you replace that 70 billion? I think about that a lot. First of all, I think a lot of it is wasted on ads that never are viewed. This is the big scandal that’s been breaking for the last year or so, thanks to my friends at White Ops Security; there was another group whose acronym I’m forgetting - ANA I think, that did a study that showed there was a lot of fraud and kickback nonsense going on…

[01:02:56.04] A lot of ads aren’t being viewed. Facebook recently announced that its video ad metrics were off, way high from what they actually were. And they were charging accordingly, so people are kind of mad about this. But we have computers, we have smartphones; we could theoretically do a very private platform that measures what you’re interested in without giving away your data profile or your privacy, and matches valuable opportunities to you and give you a cut. That makes me think there’s a way to fund the web even if it’s not a commons. But certainly, for things like a publisher site that is more of a commons - obviously, Wikipedia is an example, but there are others - or all the open source software that everybody wants to share the cost of, because it is a cost centre, it is even an evolutionary kernel in some sense, and it has to be sustained by everybody who’s chipping in. I think there are ways to fund it, it’s just we haven’t found the ways to do it. That’s why Brave’s doing Bitcoin under the hood. It’s not because we love Bitcoin; we don’t want everyone to learn about Bitcoin. We do not intend people to have to become Bitcoin gurus. We haven’t announced yet, we’re doing a deal where you can easily just trust us with your credit card to do a recurring small charge to get Bitcoins; you don’t have to think about it at all. Currently, the way you fund your Brave wallet while we’re doing this Brave payments, beta is with Coinbase (we’ve partnered with Coinbase), but you still have to think a little bit about Bitcoin. And the publisher side, they’re getting Bitcoin out; we’re gonna make that easy to get fiat [currency] out.

We’d like to use something like Bitcoin though because we think there’s a future where you have a frictionless system - no interchange charge, none of the hidden charges that are associated with the credit cards where fraud sticks the merchant with the overhead or the cost of having funds clawed back to the bank. The interchange charge is like 2,15% or something (it varies), but the hidden cost of fraud is high, and a lot of merchants have to eat it. It’s not a good deal for them, especially the small businesses.

[01:04:57.10] So I think there’s something coming to the web in terms of frictionless payments, whether it’s Bitcoin, or Ethereum classic, or son of daughter of redhead’s stepchild of both… There’s something coming there, and the important properties are the permissionless property, no intermediary, frictionless property… Ideally, it would be anonymous and capable of doing micro transactions with Bitcoin as not currently. But that’s why Brave has this Brave payment solution - we solve that ahead of some next-generation solution that is coming to Bitcoin. And we want to, again, make it just work with your native fiat currency. If that happens, then I think it will be easier to micro-tip, micro-donate, have micro royalties.

Think about the Ted Nelson’s project Xanadu vision, and now think about VR if it ever takes off, or AR, because it really should be in our sunglasses. In ten years it probably will be, then all the great stuff creative people build for the augmented or virtual world - you can’t really DRM it. It’s a shared world, there’s too many eyeballs to ray trace and path trace to. You can’t say, “These are encrypted pixels and you cannot touch them, or we’ll put you in jail under the DMCA.”

All your models and your texture art - they’re gonna be out there, just like they were in Second Life. How do you protect that stuff? Well, you can watermark it; that’s a traditional method, it goes back to real-world paintings and documents. That is more of an identification system for prosecuting gross copyright violations after the fact. What if you could just have automatic micro royalties, like

Ted Nelson envisioned? People are looking at or using, or borrowing, or creative-commons-ing, meshing up some bit of art - there’s a micro royalty associated to the artist. That can be automated too, and that’s another thing that I think you can do with cryptocurrencies if you do them right. That should be part of the web standard, future AR web. I’ll pause there because I’ve said a lot, but you can see that there’s a big vision here, and I hope it’s exciting to everybody because it goes way beyond just browsers.

Totally.

I like that the way that you’re talking about it too is that Brave is just a pioneer in this space, and not necessarily the only place that’s going to do this. It’s actually similar to how we got a lot of things in other browsers; there was always one browser that kind of lead the way, for some reason, and then everybody else followed suit.

Yes, absolutely. And it took Firefox to restart that, because IE was on skeleton crew and Microsoft was tired of the web and wanted to go back to Windows lock-in. Yes, absolutely, it takes some innovation.

I think it’s bold that you are experimenting with a couple of different revenue models with Brave, where you have something that’s a little bit more experimental, like the micropayments, and you acknowledge it’s experimental. Then you’re also looking at what is working right now, where does money come from now, and can we just kind of like work with that in the advertising world?

[01:07:51.24] I feel like we see that tension a lot in open source, where some really useful tools in open source - that shall not be named - are not necessarily open source themselves, because they’ve recognized the need to have centralized, big solutions, but then sometimes it’s really okay to democratize stuff or to try smaller, experimental things.

Definitely. We have to experiment, but as a business we also have to figure something out, because we can’t just keep raising venture capital, as Mikeal was joking earlier. And I think it should be possible to have a going concern… You mentioned where the money goes today, and it goes to ads, and ads are kind of compromised by this indirection through third parties you can’t trust, and that’s a problem. So anything we did that was replacing that means of getting funds to publishers would have to be less delegated, more secure by design, and that’s what we’re working on. It’s still kind of a two-edged sword, because people hear ads and they just think “Yuck!” or “Doesn’t that put you in conflict with your users?”

That’s why we say the user should get the same revenue share we get - 50/50 between us and the user as far as the amount. It’s not like we’re trying to say “Only to us.” We could even give it all to the user at first. At some point we have to sustain ourselves, so I’m not sure what the balance would be. We’re starting with 50/50 because we wanna align the user’s interest with ours. And if we do a good job defending the data, then I think many things are possible. But ads are the thin edge of the wedge. So much is misspent on them today that it’s attractive to try to bend the system or form it a bit, and that’s why anything we do would be privately matched – I haven’t talked about this, but we wouldn’t do any cookies or signals for Brave users. It would be all based on device matching. It’s like you get a catalog of available ad URL with two or three keywords associated with each. Then, based on your local machine learning, you evolve a set of two or three keywords that might be good to promote, and you’d match those against the catalog. That can be done with no signals out; you just download the same catalog everyone downloads once a week, or whenever the campaigns roll out.

That’s just one idea. We have the zero knowledge proof protocol, Anonize-based protocol for confirming the ads were viewed. Because at the end of the day, all that the marketers care about is that there were millions of authentic impressions; they don’t wanna identify each of those people by name. Some people do - the middle players who build data profiles do. They’re the ones we want to actually go away. I’m sorry, but somebody’s gotta lose. Couldn’t happen to a nicer bunch. I’m friends with some of them… But there’s too many of them, they’re taking too much money out of the system, they’re running away with your data and privacy, and they’re letting malware in. When I tell a story, I like to not make it sound like everybody wins. Not everybody wins.

One thing that I’d like to get to before we close out - you’ve made the decision to do this all open source; there’s probably a lot of market reasons to continue to do all this open source. But a lot of the work that you’re doing funnels into open standards and open source work. it ends up becoming this diffused benefit over time to a bunch of other competitors to your business. So what is the justification and what is the internal logic that you have as a business, and how do you put this to your investors where “It is this clear benefit for us to do it this way”?

[01:11:15.03] It’s pretty easy. First of all, we’re an ad-blocking browser, and browsers see all your browsing data in history. People wouldn’t trust us if we were closed source. They’d think, “If you’re talking about anything, even if it’s opt-in at first (like ads), you could be spyware, you could be this class of scummy toolbars that does ad injection.” Very dirty business, we don’t wanna go near it.

Being open source lets us be auditable, both in terms of the code being all readable and auditable, and we can have audits… We’re having least authority audit our payments system right now. We hope to have the Tor folks audit us, we also can have verified builds, at least on Debian. It’s hard to get verified builds… They might come to Windows and Mac through the toolchains from the OS vendors. Verified builds means you know the bits don’t contain a backdoor, because you can prove that they came from a certain vintage of all open source.

Open source is pretty darn important just for optics and trust, and I think it should be. I think people should audit us, and we welcome it. We just launched our HackerOne security Bug Bounty Program too, and open source makes that just a lot easier and better, even though you can… You can do black box bug bounties, but it’s just a pain.

Proprietary code doesn’t really work for us. What I think matters beyond trust and, as you say, eventual standardization, is our brand is really tied to our users. It’s not like we’re gonna have a partner who keeps us going. It’s really our users growing to tens of millions and maybe beyond, and that brand value is sticky. I think if they trust us and our code is auditable and we do a good job in our ultimate suite of micro-donations and ad-blocking, tracking protection, anti-fingerprinting, maybe even optional ads that share revenue with you that are matched privately and confirmed anonymously - all that stuff happens. We’ll have a huge, good kind of lock-in just from the user trust. Other browsers could implement what we’ve done. It could become web standards - I don’t care, they’ll be late to the party and they’ll be competing with us on a footing that users will benefit from, which is “Are they trustworthy? Did I get a good revenue share? Am I getting my micro-donations through to my publishers with a low fee?”, things like that.

That’s great. It’s a great way to close it. Thanks for coming on, Brendan. This was fantastic.

Yeah, thanks Brendan.

No problem. It was fun to talk about the old days, too. [laughs]

Yeah, always.

Alright, thanks. See ya!