Thanks for sketching out some of your concerns in a bit more detail. Need to ponder.
So is weak attestation bad, or all attestation b/c it ultimately leads to lack of user agency?
Is the bigger criticism simply that ad-funded model is totally unworkable as a model?
Conversation
If the last, then good bye Internet. It own't be user funded, not at $320B/year globally growing to $1T/year. If you have a better way, lay it on us. In the meanwhile, we level the antifraud playing field vs. G and FB native stacks (low adfraud incidence) vs. programmatic (high).
1
The painful reality seems there is no 'best' way.
Appreciate fear that normalising strong attestation for ad-views may lead to mandatory rather than optional ad-view by industry even if not Brave.
Also appreciate that without attestation fraud wins, content loses.
2
No Best Way = Worse is Better.
I object to double standards. Apps (including big ones) use safetynet and are not pilloried for "DRM" or accused of "enforced viewing".
Use the same yardstick on us.
1
I do call that DRM consistently. I'm using the same standards. I was very put off when I saw that Brave was doing this. Regardless, I suggested a stronger way of doing it without a hard dependency on a Google service to try to be helpful and was basically told to fuck off.
2
github.com/brave/browser- is one of the places that this started and github.com/brave/browser- is another. Notice how in both cases I was trying to help and was told to fuck off in response. I even put in work to resolve an issue for other browsers, but you aren't welcome to use it.
1
2
1
I talked about it on Twitter a while ago, which was followed with you folks spreading misinformation about Chromium and Android without Play Services. I took a deeper look into what Brave has been doing in particular with using SafetyNet attestation as a form of advertising DRM.
2
1
You can whine all you want in my mentions about a couple tweets that I posted retracting my endorsement of Brave while saying I still considered it a better choice than Firefox. You did the opposite of changing my mind about not supporting it. I will actively fight you scumbags.
2
2
2
Hmm - publicly calling out a project as nefarious absent any evidence / rationale, getting a strong response from project team, then dismissing it as 'whining' and doubling-down on 'scumbags' language all seems very bad faith tbh.
3
1
1
Happily trying to follow what valid criticisms you have, get the philosophy of aspects of it but does seem a bit incoherent (weak or all attestation bad?) or inconsistent (all players use same attestation yet upstart is bad one?), and now degenerating into something else.
1
It's hard to do that when someone keeps responding to my tweets repeating the same utter nonsense, lies and corporate spin while refusing to let me elaborate on my thoughts by making a thread of tweets talking about this. You're doing a milder version of the same dishonest game.
You aren't welcome in my communities if you support what has been doing here. If you support that, you shouldn't be following me. If I recall correctly it's you that started this with some borderline concern trolling too which I decided to interpret as in good faith.
1
Huh? How have I been 'mildly dishonest'?! I'm just a technical end-user of Brave and supporter, saw your criticisms as a sec professional, and wanted to know more.
Strong opinions weakly held - happy to understand why I shouldn't support the Brave model but still not clear to me