Submitted via IRC for soylent_fuschia
Vendor wants Congress to mandate something that only they can provide. Interesting business model.
Brave Urges Congress to Require Ad Blocking Browsers for Govt Employees
In a letter to the U.S. Congress, Brave urged Homeland Security Committee members to make it mandatory for all federal employees to use a browser that blocks advertising by default.
Brave states that without a browser that blocks ads by default, federal employees would be vulnerable to malvertising, which could allow foreign and domestic threat actors to gain access to government devices or a foothold in sensitive networks.
"I represent Brave, a rapidly growing Internet browser based in San Francisco. Brave’s CEO, Brendan Eich, is the inventor of JavaScript, and co-founded Mozilla/Firefox. Brave is headquartered in San Francisco. I write to urge action to protect federal agency and employee computers and devices from cyberattacks by foreign state actors and criminals through “malvertising”."
Brave's letter also includes letters from U.S. Senator Ron Wyden, who since 2017 has been urging the federal government to take a stronger stance regarding the blocking of malicious advertisements.
One year ago, on November 16, 2017, I wrote to then-White House Cybersecurity Coordinator, Rob Joyce, regarding the threat posed by foreign government hackers using online advertisements to deliver malware to the computers of federal workers. In that letter, I urged the administration to direct DHS to require federal agencies to block delivery of all internet ads containing executable computer code to employees computers. In its response on April 20, 2018, DHS stated that it was continuing to investigate these risks and working with representatives from the online advertising industry to address this threat.
In June 2018, the National Security Agency (NSA) issued public guidance related to the threat posed by malicious advertisements. In the attached document, which NSA published on its website, the agency observed that advertising has been a known malware distribution vector for over a decade and as such, the agency recommends that organizations address this risk by blocking potentially malicious, internet-based advertisements.
As Brave sent this letter on the same day they officially released Brave Browser 1.0, this can be seen as a clever marketing ploy by the browser developers.
(Score: 4, Funny) by maxwell demon on Saturday November 16 2019, @07:55AM (4 children)
How can it be a brave browser if it just avoids any contact with malvertising? That's a cowardly browser! A brave browser surely would meet it face-to-face, fight it and beat it! :-)
The Tao of math: The numbers you can count are not the real numbers.
(Score: 0) by Anonymous Coward on Saturday November 16 2019, @10:21AM
Well, it replaces site's ads with their own, while brainwashing people into liking it. A brave world.
(Score: 2) by linkdude64 on Saturday November 16 2019, @11:30AM (2 children)
It needs to be one or the other, because we don't negotiate with cyber-terrorists, so if having no-ads is out, all ads must be in - full stop.
(Score: 1, Informative) by Anonymous Coward on Saturday November 16 2019, @02:56PM
Nope. It's not. I never see ads [wikipedia.org].
(Score: 3, Interesting) by c0lo on Saturday November 16 2019, @10:18PM
And Brave will help you with that [wikipedia.org].
No more tracking, get you everyday ads from Brave.
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 0) by Anonymous Coward on Saturday November 16 2019, @08:22AM (1 child)
So please hype so I can cash out at $0.50 each.
(Score: 2) by c0lo on Saturday November 16 2019, @10:20PM
The more people supply their attention, the lower the price for it.
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 4, Informative) by Runaway1956 on Saturday November 16 2019, @09:36AM (1 child)
Even before the idea gets any serious consideration, advertising shills will beat a path to every congress critter's office and residence, bearing gifts tailored to that congress critter's proclivities. Cocaine by the truck load, hookers by the dozen, child porn actors by the van, money by the satchel - if a congress critter likes it, it will be made available. The major advertisers have money to blow, by the planeload!
(Score: 0) by Anonymous Coward on Saturday November 16 2019, @10:26PM
Right, ads coming through Brave (the company) [wikipedia.org] is so much better.
And the Silly Valley as the bearer of gift is a major advantage.
Suck it in, sucker
(Score: 4, Insightful) by shortscreen on Saturday November 16 2019, @09:49AM (2 children)
Tell them that the ads have to be blocked because they could be coming from ¡Russia!
They could be used to communicate hidden data to the sleeper cells from ¡Putin!
They could contain subliminal messages that make people want to buy an ¡S-400!
(Score: 2) by VLM on Saturday November 16 2019, @02:08PM (1 child)
Yes, although there's space to fine tune.
We're just on the cusp of it being feasible to "spear fish" social engineer via targeted advertising. So rather than some moron picking up a flash drive with a "special" payload in the parking lot, I could pay to advertise to FBI or Democratic Party employees (as if there's any difference) that I have cheap flash drives for sale. Cheap because I want FBI/D-party people to buy them and their "special" payload that I loaded on just for them.
Note that being on the cusp of it being feasible PROBABLY means its happening today just not being reported. It would be SO easy to do targeted advertising hits like that.
The real way to work it is economic warfare; Not done for front page news individual break in incidents, but if I wanted to F with the local FBI office, I could extreme target advertise to sell them backup hard drives that were dropped down the stairs a couple times yet still kinda just barely temporarily worked. This is a "funny" economic hit for something harmless like hard drives but a serious security concern for online ammunition buyers or online gas mask filter buyers...
If your life might depend on a gas mask filter or night vision goggle battery, for gods sake don't buy it from a (targeted) banner ad....
(Score: 0) by Anonymous Coward on Saturday November 16 2019, @07:31PM
We're not on the cusp, we're past it and deep in the valley.
Advertising meets brainwashing [thetyee.ca].
(Score: 4, Interesting) by SomeGuy on Saturday November 16 2019, @12:20PM (2 children)
Ad blocking should be standard in browsers, making it outright impossible to have over-the-top advertising.
The other day I had to use someone's work computer where they had pulled up a public web site to test me on something. The "test" turned in to a test on how fast I could close annoying full motion auto-playing video advertisements with loud sound. The site was infested with scummy advertising out the ying-yang.
But the really epically sad thing? They genuinely thought I was just being a pussy for not putting up with it!
(Score: 3, Interesting) by sgleysti on Saturday November 16 2019, @04:23PM
I completely agree with your sentiments. A few months into a new job I finally had enough time to read a news article over lunch. It was the first time I went to a website with advertising on my work computer, and I was blown away to realize that the internet is essentially unusable without an ad blocker. It's insane.
(Score: 3, Informative) by c0lo on Saturday November 16 2019, @10:31PM
Then Brave is not it. The business model is "Fuck off, Google, we're replacing your ads with our ads, because people using our browser will see what we decide they'll see". Just check the Wikipedia entry forBrave [wikipedia.org].
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 3, Informative) by bzipitidoo on Saturday November 16 2019, @01:47PM (7 children)
There's already a ton of bullcrap requirements of government employees. Government has a lot of moving parts, and, even apart from the corruption, every agency has their own hobby horse.
One of the crazier ones is that without special permission, you can't use encryption. Why? Paranoia, that's why. Same reason they made such a stink over Pretty Good Privacy and forced Netscape to offer a version with encryption key sizes of just 40 bits all those years ago. And why they want to examine everyone's smartphones at border crossings. Good encryption might make it too hard for law enforcement to examine a traitorous employee's files. In short, never mind citizens, government doesn't even much trust their own employees and bureaucrats.
Another crazy one is forcing the use of very obsolete systems. It may not be quite as bad as obliging them to use IE6 on Windows 2000, but I wouldn't be the least surprised to learn they're all stuck with Windows 7, or even Windows Vista. And, why MS stuff, at all? Because that's what they know, and they don't want to venture into the wild, scawy world of Linux.
One fun rationalization is that Windows is more trustworthy because it is produced by an American corporation. No foreigners were involved in the making of Windows. (They don't inquire too closely about the citizenship of MS's coders, the company is based in America, good enough.) So, based in San Francisco satisfies that talking point.
(Score: 3, Interesting) by VLM on Saturday November 16 2019, @02:15PM (1 child)
When I was in the military, they were disturbed by the idea that giant encrypted GPG file could be some whistleblower stuff, could be stolen files being sold to Russia, or it could be harmless pix of naked college cheerleaders but they have no idea how to determine what it is so they'd kind HAVE to freak out. And why would you encrypt perfectly legal pix of nude college chix so obviously anything encrypted is James Bond villain spy stuff...
I think you're confusing safer with easier to raid and prosecute an office in SF than in India or China. Big enough target, you can assume you're gonna get hit, its all about ease of retribution at that point. MS can be squeezed, some randos in New Delhi not so much
(Score: 2) by bzipitidoo on Saturday November 16 2019, @07:06PM
I think you're probably right about raiding and prosecuting. They want people they can hold accountable. The military is very big on personal responsibility and accountability, finding someone to blame no matter the circumstances. Like, if a navy ship runs aground or collides for any reason whatsoever, the captain takes the fall. Doesn't matter if there's all kinds of evidence it wasn't the captain's fault. And that's actually an improvement from the days of the expectation that the captain goes down with the ship.
Shit rolls downhill.
(Score: 0) by Anonymous Coward on Saturday November 16 2019, @04:43PM (1 child)
When I retired 5 years ago we were using Windows 7 and Redhat. Windows for the paper pushers and Redhat for the servers and data processing. It was about evenly divided between MS and Redhat. Clearly you don't understand the difficulties of version changes for large organizations. As for encryption, do you really believe having various, possilby unsecure, unapproved encryption is a good thing.. I spent four years in the encryption field and 32 years as a sysadmin.
(Score: 2) by bzipitidoo on Saturday November 16 2019, @06:30PM
> Clearly you don't understand the difficulties of version changes for large organizations.
Don't I? Well, MS understands entirely too well, and abuses their knowledge to keep large organizations on the upgrade treadmill.
Upgrading need not be so difficult, not even for large organizations, provided they stay with open stuff, and don't get locked into proprietary, undocumented, and secret formats. Also, staying organized and keeping regular backups helps greatly with upgrades, and is something that should be done even if upgrades are never made.
For all the government's freaking out over encrypted files, they are strangely willing to accept deliberately obfuscated file formats and the sloppy handling of data that such obfuscation can hide. Sensitive data has leaked out that way.
(Score: 2) by captain normal on Saturday November 16 2019, @06:26PM (2 children)
Your last sentence is kinda weird.
1) M$ is based in Redmond, Washington near Seattle.
2) M$ is a big player in hiring H-1B workers.
https://en.wikipedia.org/wiki/Microsoft [wikipedia.org]
https://money.cnn.com/2018/04/19/technology/h-1b-visas-tech-hiring/index.html [cnn.com]
Everyone is entitled to his own opinion, but not to his own facts"- --Daniel Patrick Moynihan--
(Score: 2) by bzipitidoo on Saturday November 16 2019, @07:00PM (1 child)
Yes indeed. They want Windows. It's what they know, and are most comfortable with. The "American company" stuff is just the lame rationalization they use to justify it. Sure, they know MS hires lots of foreigners, but they are choosing to overlook that.
(Score: 2) by Joe Desertrat on Saturday November 16 2019, @10:41PM
Not to mention that M$ lobbies strongly against the adoption of open source by government agencies. Money talks too.
(Score: 2) by captain normal on Saturday November 16 2019, @06:39PM (3 children)
With Chrome browser I can block J/S (which Eich help create), block third party cookies, delete browser history and all the stuff Brave claims to do. So what does Brave do that any user can not do, much less any system manager can not do in in their company?
Everyone is entitled to his own opinion, but not to his own facts"- --Daniel Patrick Moynihan--
(Score: 2) by c0lo on Saturday November 16 2019, @10:34PM (2 children)
Can bypass the need of Javascript to monetize your attention [wikipedia.org].
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 2) by captain normal on Sunday November 17 2019, @03:08AM (1 child)
Not if JavaScript is blocked.
Everyone is entitled to his own opinion, but not to his own facts"- --Daniel Patrick Moynihan--
(Score: 2) by c0lo on Sunday November 17 2019, @11:15PM
FTFY.
the way I see irlt, unless Brave wants to cannibalize Firefox - funding included - and take over the browser development completely, they will need money. If they don't force ads onto you, the consumer, there's no business model.
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 1) by paul_engr on Sunday November 17 2019, @09:17PM
Am I the only one who finds it uber ironic that Brave touts its ad blocking browser so heavily with ads?
I don't trust anything that advertises so hard - how do they support such aggressive ad buys?