Brave Software, maker of the Brave Web browser, is introducing a news reader that’s designed to protect user privacy by preventing parties—both internal and third party—from tracking the sites, articles, and story topics people view.
Brave Today, as the service is called, is using technology that the company says sets it apart from news services offered by Google and Facebook. It’s designed to deliver personalized news feeds in a way that leaves no trail for Brave, ISPs, and third parties to track. The new service is part of Brave’s strategy of differentiating its browser as more privacy-friendly than its competitors’.
Key to Brave Today is a new content delivery network the company is unveiling. Typically, news services use a single CDN to cache content and then serve it to users. This allows the CDN or the service using it to see both the IP address and news feed of each user, and over time, that data can help services build detailed profiles of a person’s interests.
The Brave Today CDN takes a different approach. It’s designed in a way that separates a user’s IP address from the content they request. One entity offers a load-balancing service that receives TLS-encrypted traffic from the user. The load balancer then passes the traffic on to the CDN that processes the request.
The load balancer knows the user’s IP address, but because the request is encrypted, it has no visibility into the content the user is seeking. The CDN, meanwhile, sees only the request but has no way of knowing the IP address that’s making it. Responses are delivered in reverse order. To prevent the data from being combined, Brave says that it will use one provider for load balancing and a different one for content delivery.
Here’s an illustration of the way it works:
To prevent the load-balancing provider from using the size of the requests and responses to infer the contents of the encrypted data, the service will also use a technique called padding, which adds characters to the plaintext before it’s encrypted.
The CDN uses several other techniques to preserve the anonymity of users. Among them: stripping out various headers that could be used to identify the person making the request.
Brave says it’s also taking steps to shield user information from its own employees. Among other things, the company has configured its account with the load-balancing provider to restrict access to its logging resources. The load-balancing provider also doesn’t provide the ability for customers to use the proxy protocol to inject the requester’s IP address into outgoing requests. In case that changes, however, Brave has also entered into a contract with the load balancer that restricts access to logs or use of the protocol, even if Brave asks.
The news service will personalize content by using data that never leaves the browser. Initially, this will work by looking for matches between domains in a set of RSS feeds based on the most popular sites as ranked by Alexa, Feedly, and Comscore. Eventually, the service will use Brave’s user ads system, which also works using only locally stored data.
Brave Today has 15 news categories from 300 sources. The news reader will be integrated directly into all versions of the browser except for Android. To access the reader, update the Brave for desktops to version 1.18.70 or later or Brave for iOS to 1.22 or later. Then open a new tab and scroll down. The Brave browser has more than 22 million active monthly users.