See the entire conversation

Hi, I created JavaScript. You should block JS used for 3rd party trackers, fingerprinting, ads. You should definitely block the new cryptocurrency mining scripts. @brave is one solution; we aim for always-on, tested ease of use. Other solutions exist, require more work of users.
103 replies and sub-replies as of Feb 14 2018

Can i use brave with Firefox as the UI?
I suggested AES support in web browsers for Monero mining.
That being said, botnets are already destroying profitability in Monero mining anyway.
Also needed beside AES-NI BTW is 64-bit to 128-bit multiply support.
Nope, but bigints coming.
Because of the cost or what?
Because bigint + asm.js cast to int/uintN is enough.
And what about AES-NI?
If you are asking about w3c webcrypto, I am wrong person.
Nope, Monero mining don't use the standard AES algorithm.
See past “nopes” :-|.
I am asking why though
Why what? JS is not sprouting ad hoc low-level operations used by almost no one. Every addition costs, directly + opportunity + interaction/complexity with rest of language.
AES-NI is a basic building block that is used in a variety of AES-based cryptographic algorithms, not only Monero mining. Without it one is forced to either implement each individual algorithm as a special case or live with poor performance.
The same reason it exists in general purpose CPUs (not only Intel but ARM has its own equivalent) is why it is useful in a general purpose low level language such as asm.js
This is a better argument for inclusion in WebAssembly than in JS. Note miners already use wasm (and get blocked ;-).
And the point is to fix the problems with the current miners, so they are actually efficient.
Cryptocurrency mining can be useful if it's used to monetize the page, with some regulation of percent CPU use, and giving a previous and visible alert that the page is running a miner with your CPU. But it's normal block it if the miners are being injected by hackers.
"I created JavaScript." that's a great tagline.
Those are going to get to parity over the next several months.
Is it okay if my cryptocurrency mining scripts are opt-in and has fully controllable settings by the user?
Is it really worth it? The econophysics do not make sense for the user. I joked (h/t/ TMBG Dial-a-Song service) "free if you call from work" but c'mon. You are taking advantage of naive users.
What if it's replacing the advertising on your site? That seems like a completely valid way of using a mining script. Opt-in plus directly benefiting the user.
They are not paying the user. The electricity + heat are at user’s expense.
Right, which are very, very small expenses on a per-user basis. You're paying the user by turning ads off.
maybe optional splitting of profits?
What profits?
According to this thread… it would create way less revenue than ads even without factoring in electricity costs.
Monero Miner in JavaScript | Coinhive • r/Monero
47 points and 50 comments so far on reddit
rip nvm then ill just throw it in as a secret feature people can find called "a bird that tried to flied but then proceeded to fall 15 stories and crash terribly."
what if I make it an active challenge to set it beyond the lowest settings? Also, are cryptocurrency captchas fine?
Brave user and it's terrific!
browser is my new default. Keep up the great work, it’s a sweet product!
Read, "I created Javascript", called BS in my head, then Wikipedia you and sure as ... props
You still homophobic?
what's it to you?
How would be $BAT useful for that? When will be the product out for use?
Go to Payments panel in settings/preferences on laptop, get started now. BAT grants & referral awards coming again/soon. Mobile payments also pretty soon😋.
Thank you. One more question to you sir. Why did you have “java” in “javascript” instead of naming it something unique? 🤔
Ask Netscape - the name was not my choice. Search for “jsjabber eich” for history.
This one question never gets old.. Does it? :P :D
Brave is built on Chrome, who uses that dated browser anymore? It's slow and resource hungry, Firefox is king now
Kinda funny because Brendan created Mozilla and Firefox too, haha. What a legend.
Ironic is the correct term.
If I remember correctly FF was created by a kid... Blake Ross, Brendan came in as CEO and was forced to resign after funding bigotry. Perhaps I'm wrong and Brendan was there from the start?
Lynx still kinda works
You also tried to block same sex marriage by funding campaigns for Prop 8. Caring about online privacy is great. Caring about equal rights would also be nice as well.
nice to meet mr. @brave himself. your browser and that bat solution, i heard in a youtubeshow first from. but did not know yet you're the javascript dude. keep up good work.
Folks, this is as close to a burning bush as you're gonna hear on Twitter today.
Have you seen promising efforts to ensure long-term mitigation of JS usage to exploit Spectre/Meltdown? @IntelSupport puts it off to the vendors.
It's a topic among big browser vendors. Spectre is a class of bugs so the road is probably long. See thread ending here:
Great! I'm sure will be interested in whatever you find and happy to answer any questions you have.
It's unfortunate this great technology is mostly used for those annoying ads & spam #javascripters
Are you familiar with the @OysterProtocol allowing visitors to a site to perform Proof of Work for IOTA transactions in exchange for an ad-free experience? CPU usage is minimal compared to mining. Seems better for average user than having to use a completely different browser.
No disrespect, but if the choice is between trackers/mining scripts and creating an online advertising monopoly for Brave and the three other dudes that own BAT tokens, I'll take the trackers and mining scripts, please.
Brave is tiny, you are abusing the word “monopoly”. Etherscan shows more than 55,000 BAT accounts, so “no disrespect”, you are 0 for 2 on accuracy.
They said "creating". Not sure if you realize, but naturally, Brave will be forked so that all advertising dollars go to the browser/user. Users will go to what pays them more and advertisers will go to the users. Content creators will have to rely on crowdfunding.
Well written tweet, Brendan.
I wish browsers provided more granular control over JavaScript. Being able to blacklist individual functions and groups of behaviors would be nice.
Love @brave & what an amazing team behind the project! Keep updating that awesome site🙌🏻🙌🏻🙌🏻🙌🏻 can’t wait to see where you take advertising considering @facebook is calling it quits
I'm going to give it a whirl.
It's my primary browser for 6 weeks now. I am pretty satisfied.
dark theme and more control on scripts/ads block please
Dark theme on plan. Try about:adblock for advanced control.
Is NoScript adequate?
If you use it everywhere you can, but some sites break if you turn off JS. BTW Brave includes no-script functionality ("Block Scripts" in lion/Shields panel).
My settings disallow all scripts by default, and I turn them on one by one on a page by page basis. I click off a lot of pages before I'll let their scripts run. I miss out on the page content, but I don't care. A comprehensive list of the most malicious scripts would help.
Nice and succinct 😎
Done, done, go Brave❤️
I’ll be switching back as soon as u2f support is complete.
Glad to see your into crypto
JS should be blocked by default on all sites unless it can be selectively blocked on browsers.
How would that work? Perhaps re-word as proposal.
The browser can't be trusted when JS is enabled: onclick() can track users via on-the-fly href alteration (Google, Facebook); right-click hooking can prevent copy/pasting. click() calls fake my browser interaction. I should choose what aspects of JS to block.
Alternatively, if my browser could fully block JS and recognize <link rel="web-application"> if a Web site offers apps that require interactivity, I could "approve" the application before running it. The browser could "install" it on my desktop and I could run it with JS enabled.
Most people cannot invest the time to figure out how sneaky JS works. Btw Brave will block first party clicktracking on search result pages, and we already block third party tracking.
Interesting! How does this work?
Please see… -- Even though I wrote it in Spanish, the pictures are in English and can give a rough overview. I can translate it if you need.
What's wrong with mining scripts as a replacement for ads? To me it makes sense when a site mines if a user has an ad blocker on so it can still make revenue. Is it because the user didn't explicitly agree to it?
Thank you sir for all you have done with Brave.
>> Hi, I created JavaScript. Do you feel like 1) You have created a lot of jobs or 2) Destroyed a lot of hopes an dreams ? :)
Wasn't JavaScript a back door for hackers?
No, front door - same as Java the big brother language for which JS was sidekick. Robin became Batman.
Do you block by URI, or do you detect code and then block? Or both?
Duckduckgo yes or no?
a lot of irony here
Irony in spinach makes Popeye strong. Lots of '90s tools had unexpected utility: IMG, cookies, JS, XHR. Similar to other evo-kernels in protocol stacks, and in Unix.
How do I learn Java Script? What other languages should I learn besides it to get a good job?
What about useful things like RUM performance tracking?
How is the tooling? Is this a browser I use to read email/twitter or can I do real dev in it?
Hi, how do you determine what is 3rd party trackers, fingerprinting, ads or cryptocurrency scripts? And how do you deal with encrypted code?
Fingerprinting has legitimate anti fraud use cases. I agree on the rest.
You are a great American.
Umm, well that would break the Web unless you use @brave.
Would you go on to say browsers should block all 3rd party js by default? :-)