Consumer Rights Wiki - User contributions [en]

Brave browser

2025-02-16T19:35:37Z

About Duck: Added product logo

=Brave Browser=
{{InfoboxProductLine
| Title = Brave Browser
| Release Year = 2016
| Product Type = Web Browser
| In Production = yes
| Official Website = https://brave.com/download/
| Logo = Brave-Browser-logo-sans-text.svg
}}
'''Brave''' is a free and open source web browser based on chromium.<ref name=":0">Brave browser source code https://github.com/brave/brave-browser/</ref> Privacy focused by design, it comes equipped with a dedicated ad-blocker<ref>Brave rust based ad blocker source code https://github.com/brave/adblock-rust</ref> that operates independently from the Chromium codebase and is therefore not subject to [https://wiki.rossmanngroup.com/wiki/Chromium#Manifest_V3 Google's WebExtension update].

Launched in 2016 by Brave Software, the company's business model is primarily based on ad revenue generated through its [https://brave.com/fr/brave-rewards/ Brave Rewards Program]. More broadly, it leverages its own cryptocurrency, [https://basicattentiontoken.org/ Basic Attention Token (BAT)]. By opting into the Brave Rewards program, users receive occasional ad notifications on their desktop and have the option to donate BAT tokens to verified publishers, such as website owners and online creators.

==Consumer impact summary==
{{Incomplete section}}
Overview of concerns that arise from the conduct towards users of the product (if applicable):
*User Freedom
*User Privacy
*Business Model
*Market Control

==Incidents==

===Affiliated links in the address bar===
In June 2020, it was discovered that when users typed 'binance.us' into the address bar, they were suggested the url 'binance.us/en?ref=35089877', which included a referral code for Brave Software, Inc.<ref name=":1">Twitter thread from 6 June 2020 by @cryptonator1337 addressing the binance referral code injection https://web.archive.org/web/20200606164737/https://twitter.com/cryptonator1337/status/1269201480105578496</ref>

The issue was later addressed publicly by Brave's founder and CEO, [[wikipedia:Brendan_Eich|Brendan Eich]], who apologized and referred to the incident as a 'mistake'.<ref name=":2">Brendan Eich apologizing for the affiliated links issue on twitter https://web.archive.org/web/20200701040411/https://twitter.com/BrendanEich/status/1269313200127795201</ref>

===Unverified publishers and BAT Tips===
Before 2020, the Brave Rewards panel misled users by not clearly indicating whether the content creator they intended to tip was a verified publisher and, therefore, able to receive the BAT sent to them. This led users to believe that the publishers they tipped had received the funds, even if they had not.<ref name=":2" />

While Brave claims that all BAT purchased by users is held indefinitely until claimed by the publisher, this does not necessarily apply to BAT acquired through other means, such as promotional tokens gifted by Brave.<ref name=":1" />

Following the controversy, an update was implemented to clearly indicate in Brave whether a publisher was unaffiliated with the platform. Initially, tips sent to unverified creators were returned to the user after 90 days if unclaimed. This policy was later changed to completely prevent users from tipping unverified creators.<ref name=":0" />

===Controversial background services===
In October 2023, a user reported that Brave Browser had installed multiple binaries and services running in the background, which were updating themselves without their knowledge.<ref>https://community.brave.com/t/brave-has-become-malware/510414</ref> Upon further investigation, the user discovered that '''six services''' were operating with '''local system privileges''':

*'''Brave Elevation Service (Local System)'''
*'''Brave Update-Service “brave” (Local System)'''
*'''Brave Update-Service “bravem” (Local System)'''
*'''Brave VPN Service (Local System)'''
*'''Brave VPN Wireguard Service (Local System)'''

Additionally, the user found '''two tasks''' in the Windows Task Scheduler configured to run with the highest privileges. These tasks ensured that all six services remained active; if any service was disabled, the tasks would automatically reactivate and restart them.

The user criticized the use of '''local system privileges''' for network services, highlighting that such practices introduce significant security vulnerabilities and are generally unnecessary for a browser.

Even after uninstalling Brave, the user reported that '''update services, tasks, and binaries''' remained on their system, further exacerbating their concerns about Brave's intrusive behavior.

==See also==
{{Incomplete section}}
Link to relevant theme articles or products with similar incidents.

==References==
{{reflist}}

[[Category:{{PAGENAME}}]]

Mozilla

2025-02-16T11:38:24Z

About Duck: Added the Mr Robot incident from December 2017

{{StubNotice}}

{{InfoboxCompany
|Name=Mozilla|Type=Private|Founded=1998|Industry=Open Source Software, Advertising|Official Website=https://www.mozilla.org/|Logo=Mozilla Logo 2024.svg.png}}

[https://en.m.wikipedia.org/wiki/Mozilla '''Mozilla'''] is a [https://en.m.wikipedia.org/wiki/Free_software free software] community which develops, publishes and supports open source software. The community is supported institutionally by the [https://en.m.wikipedia.org/wiki/Nonprofit_organization non-profit] [https://en.m.wikipedia.org/wiki/Mozilla_Foundation Mozilla Foundation] and its tax-paying subsidiary, the [https://en.m.wikipedia.org/wiki/Mozilla_Corporation Mozilla Corporation].

==Mozilla Manifesto==
Mozilla has published the community Manifesto, with 10 key principles:<ref>https://www.mozilla.org/en-US/about/manifesto/details/</ref><blockquote>
#The internet is an integral part of modern life—a key component in education, communication, collaboration, business, entertainment and society as a whole.
#The internet is a global public resource that must remain open and accessible.
#The internet must enrich the lives of individual human beings.
#Individuals’ security and privacy on the internet are fundamental and must not be treated as optional.
#Individuals must have the ability to shape the internet and their own experiences on the internet.
#The effectiveness of the internet as a public resource depends upon interoperability (protocols, data formats, content), innovation and decentralized participation worldwide.
#Free and open source software promotes the development of the internet as a public resource.
#Transparent community-based processes promote participation, accountability and trust.
#Commercial involvement in the development of the internet brings many benefits; a balance between commercial profit and public benefit is critical.
#Magnifying the public benefit aspects of the internet is an important goal, worthy of time, attention and commitment.
</blockquote>

==Controversies==

===Privacy-preserving attribution===
'''Privacy-preserving attribution (PPA)''' is an experimental feature introduced in Firefox version 128, designed to help advertising sites measure the performance of their ads while maintaining user privacy. It is marketed as an alternative method for performing attribution without relying on online tracking of users' browsing activity, which is incompatible with privacy. The functionality is explained on the Mozilla support page as follows:<ref name=":0">https://support.mozilla.org/en-US/kb/privacy-preserving-attribution#w_how-can-i-disable-ppa</ref><blockquote>
#Websites that show you ads can ask Firefox to remember these ads. When this happens, Firefox stores an “impression” which contains a little bit of information about the ad, including a destination website.
#If you visit the destination website and do something that the website considers to be important enough to count (a “conversion”), that website can ask Firefox to generate a report. The destination website specifies what ads it is interested in.
#Firefox creates a report based on what the website asks, but does not give the result to the website. Instead, Firefox encrypts the report and anonymously submits it using the Distributed Aggregation Protocol (DAP) to an “aggregation service”.
#Your results are combined with many similar reports by the aggregation service. The destination website periodically receives a summary of the reports. The summary includes noise that provides differential privacy.
</blockquote>Browsing activity information is not sent to anyone, not even Mozilla. However, users with PPA enable must rely solely on the company to honor principle number 4 in its Manifesto.<ref name=":0" /><blockquote>PPA does not involve sending information about your browsing activities to anyone. This includes Mozilla and our DAP partner (ISRG). Advertisers only receive aggregate information that answers basic questions about the effectiveness of their advertising.</blockquote>This feature does not allow users to make an informed decision and choose whether to opt-in or not, as it is enabled by default and requires opting out.<ref>https://cybernews.com/privacy/firefox-data-collection-feature-sparks-backlash/</ref> This goes against principle number 8 of the Manifesto.

===Anonym acquisition===
Mozilla becomes an advertiser by acquiring [https://blog.mozilla.org/en/mozilla/mozilla-anonym-raising-the-bar-for-privacy-preserving-digital-advertising/ Anonym] going against their mission of being a proponent of privacy.

=== Mr Robot promotional web extension ===
In December 2017 Mozilla, in collaboration with the Mr Robot team, created and included by default a web extension in [https://wiki.rossmanngroup.com/wiki/Firefox firefox] named "looking glass"<ref name=":1">Mozilla addressing the Looking glass incident

[https://blog.mozilla.org/en/products/firefox/retrospective-looking-glass/ https://blog.mozilla.org/en/products/firefox/retrospective-looking-gla]

[https://blog.mozilla.org/en/products/firefox/retrospective-looking-glass/ ss/]</ref>, while being disabled by default many users where confused and worried<ref>Firefox's users worried about the looking glass extension https://www.reddit.com/r/firefox/comments/7jh9rv/what_is_looking_glass/</ref> to discover a unknown extension installed in their browser with a cryptic description "MY REALITY IS JUST DIFFERENT THAN YOURS." which was later expended later to include references to Mozilla's collaboration<ref>Loocking glass extension description changed https://github.com/mozilla/addon-wr/commit/21ff53d2d5baab591d29b4ea5847d74cb6901b2c</ref>

The extension when activated execute code on all websites visited by the user, searching for all words matching a list, every words matched were wrap into HTML span tags<ref>looking glass extension injecting html https://github.com/mozilla/addon-wr/blob/da464ac8f1c3b089405ca96fc68b999d2b624ef4/addon/webextension/content-script.js#L27</ref>, tooltips were injected to be display when the user over these words, CSS code was injected to make the words appears upside down and the tooltips work<ref>Looking glass extension injecting CSS https://github.com/mozilla/addon-wr/blob/da464ac8f1c3b089405ca96fc68b999d2b624ef4/addon/webextension/background.js#L78</ref>. Also three specific website did have their header changed to have a value "x-1057" injected.

While the extension could in rare occasion break some website with the HTML and CSS injection, it did not do anything malicious or dangerous, the extension was not collecting any personal information at all which Mozilla qualified a mistake in their response addressing the issue<ref name=":1" />

<blockquote>'''A SHIELD study must be designed to answer a specific question.'''

We evaluated Looking Glass based on whether or not it upheld user privacy. Since it did not collect any data, we felt that it was safe. In retrospect, not capturing data was a strong indicator that this was not a good SHIELD study candidate, so we’re making sure we’re going to specifically evaluate future studies based on this criteria to ensure that we don’t repeat our mistake.</blockquote>

==References==
<references />

Brave browser

2025-02-07T18:09:20Z

About Duck: Created a wiki entry for the Brave Browser

= Brave browser =
{{InfoboxProductLine
| Title = Brave Browser
| Release Year = 2016
| Product Type = web browser
| In Production = yes
| Official Website = https://brave.com/download/
| Logo = https://brave.com/static-assets/images/brave-logo-sans-text.svg
}}
Brave is a free and open source web browser based on chromium<ref name=":0">Brave browser source code https://github.com/brave/brave-browser/</ref>, privacy focused it is shipped with a dedicated ad-blocker<ref>Brave rust based ad blocker source code https://github.com/brave/adblock-rust</ref> independent from the chromium code base and therefor not subjected to [https://wiki.rossmanngroup.com/wiki/Chromium#Manifest_V3 Google's WebExtension update].

Launched in 2016 by the Brave Software company it's business model is based mostly on ad revenue through their [https://brave.com/fr/brave-rewards/ brave rewards program] but more generally through the use of their own cryptocurrency [https://basicattentiontoken.org/ BAT ( Basic Attention Token )], by opt-in to the brave rewards program the user get occasional ads notification on their desktop and have the possibility to send the BAT they own to verified publisher ( website owners, online creators ... ).

== Controversies ==

=== Affiliated links in the address bar ===
In June 2020 it was discovered that when typing "binance.us" in the address bar users were suggested the url "binance.us/en?ref=35089877" which includes the referral code of Brave Software, inc.<ref name=":1">Twitter thread from 6 June 2020 by @cryptonator1337 addressing the binance referral code injection https://web.archive.org/web/20200606164737/https://twitter.com/cryptonator1337/status/1269201480105578496</ref>

The issue was later addressed publicly by the founder and CEO of Brave [[wikipedia:Brendan_Eich|Brendan Eich]] who apologized and called this issue a "mistake"<ref name=":2">Brendan Eich apologizing for the affiliated links issue on twitter https://web.archive.org/web/20200701040411/https://twitter.com/BrendanEich/status/1269313200127795201</ref>

=== Unverified publishers and BAT Tips ===
Before 2020 the brave rewards panel was misleading users by not letting them know if the content creator they where going to tip was a verified publisher and therefor able to receive the BAT sent to them, misleading users to think the publisher they sent BAT to did received the funds.<ref name=":2" />

While brave claim that all BAT bought by the user sent are held indefinitely until the publisher claim them it is not necessarily the case for BAT acquired through other means like promotional tokens gifted by Brave.<ref name=":1" />

After the controversy an update was done to clearly indicate in brave that the publisher going to be tipped is not affiliated to Brave and all tips given anyway are sent back to the user after 90 days of not being claimed by the publisher, this policy was later changed to simply not be able to tip unverified creators at all.<ref name=":0" />

<references />