Rebranding FLoC Without Addressing Key Privacy Issues
brave.comI would use Brave if they didn't use chrome as a backend. We need more diversity in rendering engines otherwise things like FLoC happen.
If you want to ship a browser without writing a browser engine, there are three realistic options. Chromium is the best of these options.
> [...]there are three realistic options.
Is the Librewolf option included in those three? Because that (a patch on top of newest Firefox) is something I have been wanting for a long time and I just recently realized someone had done it.
> Chromium is the best of these options.
Easiest is maybe the word you are looking for here?
Because best depends on your goals. If your goal is to reduce dependency on Google (as it is for many here) it could be close to directly counterproductive.
FLoC has nothing to do with rendering and can easily be removed from the codebase. People make this argument a lot but I don't think it makes logical sense. We all use libicu too, what does that ultimately matter?
Rendering engine diversity is a different problem. In order to actually have a web standard, then we need at least two frequently-used implementations. If there is only one implementation, or one dominant implementation, then people stop coding to the spec and start coding to whatever works in browser.[0]
Right now, if Mozilla goes bust, then the last hope for web standards is the fact that Apple's mobile OS rules preclude shipping Blink on iOS. If everything is Chrome, then we're right back to the days of Adobe Flash Player, where bugs in one implementation effectively become part of the spec.
If we didn't have or didn't care about this problem, then yes - we could just clip FLoC out of the browser and run that. However, that also assumes Google won't mandate FLoC or ban alternative browsers. Their recent attempts to cut down on credential stuffing through headless CEF browsers[1] have already made it harder to actually ship an alternative browser that can log into Google. So hypothetical future Evil Google could totally say "no FLoC, no service" and we would be screwed.
[0] This is the same reason why WebSQL died on the vine. SQL is a standard with a lot of wiggle room, enough that most applications either only work on one particular flavor of DB, or ship separate drivers for each DB they need to work with. In practice everyone shipped SQLite, so WebSQL was just "here's a sandboxed SQLite instance".
[1] Which, BTW, is not a bad thing in and of itself.
> where bugs in one implementation effectively become part of the spec.
Isn't this basically how HTML5's parsing rules came out, except instead of bugs in one implementation it is based on bugs on all implementations? :-P
Whats wrong with websql being sqlite?
Well that is great news.
It ultimately matters because if we didn't all use Chrome, Google would have to compete more on good things, instead of building bad things that we have to remove. Basically, it's the position of the privacy whack-a-mole oveton window.
Diversity of code bases limits the impact of bugs and implementation quirks.
For example I used to be part of a team that ran an important DNS service. We purpously used several different server softwares on different nodes to increase resiliency.
I believe Brave was initially (supposed to be?) based on Firefox but needed support for a feature that only Chromium supported and had go with that.
feature was DRM
IMHO it was a big mistake of Firefox fighting the DRM for so long. It pushed many users and projects towards Chromium.
I wish they'd kept it up myself. It's not as if folks can't have more than one browser for different things. Now that even the W3C has sold us all out we're pretty much doomed to get screwed over by DRM at some point in our lives online.
This is Google extending an invite to the EU and other regulators to bring their war hammers and forever ban browser makers from pushing targeted ads and enabling profiling of people. Maybe break Google up and make the Google Chrome team a separate company with restrictions on how much it can work hand-in-hand with Google? Anyone in the EU who can file complaints about these abuses of market power?
Tell the people you know to switch from Google Chrome to another browser as their primary one. Google will still pester them on Google’s online properties to install Chrome, and may resort to other tricks on Android. But we are at a time when this can gather momentum and result in some good for all in the future (not mainly for Google, as it seems to be now).
This is the answer - forever ban targeted ads.
Ads should be a display only HTML tag that just allows limited read only display WITH NO JAVASCRIPT. This would remove tracking and malware and force ads to be targeted on the content page not on the user.
How can the EU break up a US company?
https://about.google/intl/ALL_us/locations/?region=europe
If you don't want to follow the rules (against anti-competitive practices) of a certain set of countries, perhaps you shouldn't have offices in that set of countries? Just an idea...
Okay, so they spin off a bunch of shell companies holding all these offices and stop displaying them on the Google website in order to address the EU requests. But the mothership still gets to remain a single company.
Maybe a better way to think about it is that the EU can effectively demonitize them. At the worst, the EU regulators could (theoretically) block them from doing business with EU citizens. They can offer their browser for download here alright, but they can't sell any ads or any other products here.
Yes, this is how it works on the kindergarten floor.
In the real world, they have to bribe their way to the same effect.
GP here. I didn’t mean that EU should break it up. I had said “EU and other regulators” to mean the ones in the U.S. too. Other replies here have provided more substantive options that the EU could exercise to force Google to break up. I’m not saying it will be easy or quick, but it’s possible to make Google’s business more painful.
It's not a US company. Google is Irish.
Sure, it's a technicality, but Irish law still applies
Floc was not enabled in Europe, and was probably never going to be enabled because of its high incompatibility with GDPR.
Ditto. EU already solved the problem -- legally, not technically. A few fines later, Google is actually really privacy-minded to EU citizen. I get a yearly reminder to do a privacy checkup and can disable Google tracking if I want to -- which I do.
California and Virginia also enacted similar laws. More lawmakers need to understand tech.
And third party cookies get further embedded. FLOC exists so that killing third party cookies doesn't destroy the ad market.
I hate tracking as much as the next guy, but this article is so disingenuous that it's painful to read.
If you literally look up the most upvoted HN article about FLoC [1], it specifies two main issues with FLoC in BOLD: Fingerprinting and Cross-context exposure. Which if I understand correctly the Topics API fixes. But the article implies that these are minor problems that we never really cared that much about.
Whether it is this or constant aggressive writing, it seems that the goal of this blog post is to simply inspire anger and hate, while not furthering the discussion on the topic. Which makes this article unhelpful (if not damaging) to the goal of personal data privacy.
[1] https://news.ycombinator.com/item?id=26344013 [2] https://www.eff.org/deeplinks/2021/03/googles-floc-terrible-...
In some sense you are right - the article hasn't much useful criticism of Topics in comparison to FLoC (and the Brave plug at the end makes it read like an advertisement).
However I think the article is right in the sense that we shouldn't miss the forest for the trees. Image you were robbed and the robber suddenly asked if your issue with him could be solved if he only took half of what's in your wallet. Surely that would be an improvement but it doesn't solve the root issue of him robbing you in the first place.
In the same sense, I think pulling attention back to the fact that Google is building third-party tracking right into the browser - and also aggressively protecting the whole concept of tracking as some sort of fundamental necessity of the web - is justified.
> Image you were robbed and the robber suddenly asked if your issue with him could be solved if he only took half of what's in your wallet.
The pejorative robbed is doing a lot of heavy lifting here. Advertising is how users pay for free services. Making the form of payment more agreeable is a worthwhile goal.
As full disclosure I earn a living in the advertising ecosystem. Any feature that means stakeholders stop asking me to invent backdoor fingerprinting and correlate against data obtained from shady brokers is a welcome step in my opinion.
> pay for free services
If you pay for it, it's not a free service, so which is it? The whole model hinges on the fact that no kind of payment is advertised, not ads and especially not tracking. (If the GDPR prompts are good for anything then at least for making this bit more obvious)
If you treat this as payment, wouldn't you require an actual business relationship with those users?
Also by that logic, Google just unilaterally altered the contract without even so much as notifying its users about it (thanks to hidden, seamless auto-updates of Chrome)
In which other segment would you tolerate stuff like this as a customer?
Don’t pretend like you don’t know what ad-supported means.
I’ll explain it with a hypothetical example. Imagine a website called “Hacker News” where it is free to post and read and in exchange you see a few ads. Don’t now say that this HN website actually costs you something to use.
> Don’t now say that this HN website actually costs you something to use.
It costs my attention. I would be happy to support the platform itself without any middlemen.
Saying that as someone who also worked in ad tech.
Nonsense, as an individual that values my privacy I don't want to be distracted by Googles PR - Google is clearly a stalker, and users want it to stop!
The blog post makes sensible points identifying Google's PR based response. Thus your ad hominem attack on the blog instead of the content makes me wonder if you have conflicts of interest regarding this topic?
> Whether it is this or constant aggressive writing, it seems that the goal of this blog post is to simply inspire anger and hate, while not furthering the discussion on the topic.
There isn't much to discuss, I would think. This is an extremely user-hostile feature to be implemented in the clients (browsers) which comes with a lot of downsides, and absolutely no benefit to the user. I don't know how detached people at Google must be to consider this okay, or to think that any of the privacy-focused browsers would join in on this.
The people implementing this know it's not okay, their plan is to use monopoly power to force it down the world's throat.
FLOC stands for Federated Learning of Cohort.
i hope we find each other in our versions of the internet
If Google succeeds in making the whole web Amp, they won't need FLoC anyway.
This comes from the people distributing an ad-fuelled cryptocurrency called "Basic Attention Token". I'll take their word with two grains of salt and a tall glass of water, please.
They aren't forcing it on you. It's opt-in. Google's trying to force things on all their users: manifest V3, this, et cetera.
The brave-hate meme is self perpetuating at this point. Brave is privacy-oriented out of the box. You have to opt in for the ads and crypto. Isn't that what everyone has been asking for? opt-in instead of opt-out? I'm convinced that Google is behind a smear campaign against Brave. If Brave got real traction it could be a serious threat to their business.
Google is often dismissively called an ad company.
Why is that? Because most of their revenue is from ads.
How does Brave make money? With ads.
Privacy-centric positioning makes sense to capture a part of the market. But the mis-aligned incentives are there for Brave just as much as they are for Google.
Are they better right now than Google? Probably. Is it smart to trust a company that only makes money with ads with control over your browsing experience in the medium term? Not so much.
It's quite amusing to me how well their marketing works.
What we need is a browser that can exist as a viable business without being chained to ad revenue.
But the mis-aligned incentives are there for Brave just as much as they are for Google.
No they are not.
Brave exists as a privacy-centric alternative. If they start violating user privacy, it would remove all incentive to use their product. There would be no reason for Brave to exist. It would be marketplace suicide.
Google exists as a privacy destroying organization. They can't hide this fact and they have never really tried to. And they can't stop now because their reason to exist would likewise be gone.
Same exact thing applies to duck duck go.
I would use Google if they didn't consistently behave poorly and provide a poor privacy. I did use them for a long time. I'm not opposed to ads. I'm opposed to their behavior. Once Brave starts behaving poorly I'll stop using it.
Check out Neeva. Ad free search. We have an iOS browser at the moment and desktop browser extensions. Both apply tracking protections.
Disclaimer: I work for Neeva :)
I wish you all the luck in the world with your search engine. But I can't help but think you may have missed the mark with your business model.
What people (myself included) seem to really object to most are privacy invading personalized ads. These don't just provide benign info, they are actively taking something that belongs to you --- your privacy.
The more benign alternative is context sensitive ads --- ads based on the topic at hand. If I search for "pet supplies", I can tolerate and maybe even appreciate a few ads for dog food and flea collars. This might be distracting for cat owners but this is something I think most would be willing to accept in exchange for the "free" service.
DuckDuckGo seems to be growing very nicely with context sensitive ads.
So what is your business model?
Senator, they take a subscription fee.
> But the mis-aligned incentives are there for Brave just as much as they are for Google.
Machine learning is local; can't be evil. They are committed to not going public. I suggest doing some more research before making assumptions.
I was about say, before the trolls responded, that I'm about 50/50 on it being that and it being that Eich hasn't stayed cancelled, that he's done well for himself despite that, which just infuriates a certain crowd here. But then they came and made that point for me. The pleasant surprise is how they are a minority even here. And in my recent years in the tech world, I discovered that half of my coworkers used Brave. They don't care what the vocal minority thinks, and neither do I. The Brave community grows anyway.
A substantial number of those critical of Brave haven't put in the time to understand how Brave works. Example: David Gerard doesn't know the difference between a link and an address bar.
Brave hate is a meme because any time anyone wants to talk about anything internet, 100 accounts come out of the woodwork to tell us some Chromium wrapper is the second coming of Christ. The rest of us are sick of all the promotion and get chippy in response.
If you’ve been around long enough, you know they’re at least paying YouTubers to use and promote the browser without any disclosure. Who knows how far past that they are going.
> you know they’re at least paying YouTubers to use and promote the browser without any disclosure
How do you know that? You sound jealous.
Because not everyone took the money and some talked about it in their twitch streams.
I'm not aware of anything recent though, last fiasco I'm aware of was something around 2020 I think, though I doubt they changed
Are you referring to 1) sponsorships or 2) creators verifying to receive donated BAT? Either way, donations and marketing are hardly evil.
Ad hominems and smear tactic, seems the usual form of the 50c army or zealots that pops up to attack brave.
Sources please?
I'm still skeptical how that could reasonably work on an opt-in basis.
Being annoyed daily by ads in exchange for some obscure crypto currency which might be worth something in the far future doesn't seem like a proposal to me that could convince a lot of people.
So I wonder, how many Brave users actually do opt-in? More than five?
Plenty of users in /r/BATProject fighting to get their $2/month earnings into their bank accounts. Average person thinks passive income, $5 or $10, is pretty cool. It buys a coffee or tea.
I think it's 8M+ users that have opted into ads. I could be wrong though.
Over 17%, right now. It's been as high as 20%.
I politely disagree. When I use Brave, I always see these "Tip" buttons on GitHub, Reddit and Twitter despite going out of my way to disable Brave's Rewards scheme. It really grinds my gears when a product forces these sort of schemes onto me (hence why I mainly use Linux instead of Windows), so I uninstalled Brave.
At least you get paid for having your privacy treated as a commodity. If these people are selling indentured labor, then google is straight up promoting slavery. Brave is obviously the lesser evil.
"Lesser evil" implies Chrome and Brave are the only 2 reasonable options. You could install Firefox or ungoogled-chromium and an ad/tracker blocker.
Or, you know, do not go out of your way to enable BAT after you install Brave.
How is it evil at all if it's opt-in?
It represents a clear conflict of interest with the way I intend to use the internet. There are no half-measures with advertising, there will be no crypto in or around my browser. If they wanted to make a case for using their browser over Ungoogled Chromium, they shouldn't have started by shilling their own shitcoin.
Also, their creator compensation program is quite terrible, which Tom Scott has documented quite thoroughly. It's all designed to feed back into Brave's cut, slowly siphoning your ad money to line their own pockets.
So what's your alternative? Firefox? What about their huge conflict of interest in getting nearly all their funding from Google? Seems worse if you ask me. At least Brave maintains independence.
Brave doesn't even do that. They're still beholden to Google's rendering engine, still forced to complain about the same changes and get dragged around on the same lede. Using Brave is no worse than just installing Chrome and forgetting about it.
The alternative is Firefox (the browser they didn't let Brendan Eich ruin), or stock Chromium with uBlock. Ungoogled Chromium works great too, and hell I'd probably consider using a webkit browser before I'd reach for Brave. Or Vivaldi, for that matter. At least they don't have a goddamn crypto scam being engineered in the same offices where they build the browser.
> What about their huge conflict of interest in getting nearly all their funding from Google?
It's better than getting all of their funding from a 30% cut of your ad revenue. At least Google is funding Mozilla out of pity.
> At least Google is funding Mozilla out of pity.
This is absolutely not why they are funding Mozilla.
> Also, their creator compensation program is quite terrible, which Tom Scott has documented quite thoroughly. It's all designed to feed back into Brave's cut, slowly siphoning your ad money to line their own pockets.
Creators get whatever Brave users donate to them. Perhaps creators should remind their users to donate?
Perhaps Brave shouldn't use other creator's likenesses without their express consent, and shouldn't treat their second-rate crypto as a legitimate or desirable currency to be compensated with. Why would I want to be paid in a centralized shitcoin where King Homophobe takes 30% and the revenue is generated by skipping the ads that would have otherwise just supported me directly?
Creators don't get whatever Brave users donate to them. Brave doesn't pay them, they dangle a bunch of meaningless tokens in front of their face (again, using their own likeness without consent), and tell them to make an account if they want a fraction of the revenue that they would have received otherwise.
> King Homophobe
Uhhh… Your HN profile says: “serious discussions only”
Alongside the words "thought-thinker" and "media luminary". Pardon me for expecting everyone to understand that it is, in fact, a joke.
Ah, so you're an abrasive jerk. Noted.
Here is one way to disable "FLoC"
chrome://settings/privacySandbox
Evolution from FLoC
FLoC ended its experiment in July of 2021. We've received valuable feedback from the community^1 and integrated it into the Topics API design. A highlight of the changes, and why they were made, are listed below:
FLoC didn't actually use Federated learning, so why was it named Federated Learning of Cohorts?
This is true. The intent had been to integrate federated learning into FLOC but we found that on-device computation offered enough utility and better privacy.
FLoC added too much fingerprinting data to the ecosystem
The Topics API significantly reduces the amount of cross-site identifiable information. The coarseness of the topics makes each topic a very weak signal; different sites receiving different topics further dilutes its utility for fingerprinting.
Stakeholders wanted the API to provide more user transparency
The Topics API uses a human-readable taxonomy which allows users to recognize which topics are being sent (e.g., in UX).
Stakeholders wanted the API to provide more user controls
With a topic taxonomy, browsers can offer a way (though browser UX may vary) for users to control which topics they want to include
The Topics API will have a user opt-out mechanism
FLoC cohorts might be sensitive
FLoC cohorts had unknown meaning. The Topics API, unlike FLoC, exposes a curated list of topics that are chosen to avoid sensitive topics. It may be possible that topics, or groups of topics, are statistically correlatable with sensitive categories. This is not ideal, but it's a statistical inference and considerably less than what can be learned from cookies (e.g., cross-site user identifier and full-context of the visited sites which includes the full url and the contents of the pages).
FLoC shouldn't automatically include browsing activity from sites with ads on them (as FLoC did in its initial experiment)
To be eligible for generating users' topics, sites wil have to use the API.
https://github.com/jkarlin/topics
It is remarkable to me that Google can freely experiment on whomever they wish. If the experiments demonstrate negative effects, e.g., generation of execssive amounts of fingerprinting, it's unfortunate for those who were swept up in these "experiments".
Why not ask users if they want to volunteer to particpate in a trial/experiment.
Imagine if drug companies did not obtain permission to test their compounds on new patients. Instead they just substituted the new drug into what they sold on the market. Same label. Chrome is Chrome, right. Nevermind all the undisclosed variations and experiments. For example, "field trials" identified by only a number. This is hardly informed disclosure and consent.
1. This is amusing. What users were solicited for feedback. Perhaps they are referring to some surveillance they conducted, looking for mentions of FLoC.
Here is another way to disable "FLoC":
Another one :
The sarcasm is strong in this one.
I think they meant we are supposed to migrate to a European Union member.
"Don't be Evil" wasn't a motto --- it was a warning.
A peak into their mindset that foretold what they were thinking and where they were headed.
They sell you and your privacy to their "associates" --- aka, anyone willing to pay in some way. Their concern for your interests only extends to the level required to invade your privacy.
The thing I find most disappointing is the fact that it took so many so long to realize this.
>The thing I find most disappointing is the fact that it took so many so long to realize this.
The lure of "free" useful things is greater than most's concern/understanding of the capabilities of tech. Gmail is useful. GDocs is useful. Search is useful. Googs has been very smart on exactly the tools they've brought to market so that the lure is maximized.
Totally, or maybe a canary clause.
As I recall the phrase was originally a comment from a new employee who had previously worked in the hardware industry.
Still baffled by the ambiguous name given to this secretive, exploitive set of companies, "tech". What the heck is it. Its everything and nothing, IMO. A cover.
The company is an intermediary, what many in other industries refer to as a "middleman". HN commenters have tried to attack this term in the past, but I just saw it a few months ago being used in a marketing slogan on the side of a company van. People outside of HN know what it means. Perhaps those who argue it is ambiguous on HN are "tech" workers who are aware of its accepted connotation in the real world. Otherwise why be concerned with the term.
Paul B worked at Intel before Google. He never worked in telecoms. Incidentally he was moderately active here in the FriendFeed days.
Tech means technology. Nothing ambiguous about it.
Thanks for the correction.
Use a different browser that’s not chrome.
Problem solved.
Disclaimer: I don’t use Brave because I don’t want to see more ads. In the 90s, there were little banner ads that ran on your pc in the same app that helped you connect to the internet. That’s essentially what Brave is, except I don’t NEED to see more ads, as I needed to pay for internet in the early days. Just us a browser that blocks cookies.
Wont work, the moment this lands in Chrome websites will check for it and if your non chrome browser doesn't implement it they will redirect you to an upgrade your browser page. Browsers that fake it will get the same treatment, do not track has already shown that advertisers will not respect any attempt to prevent tracking by the user.
Controversial opinion:
Why is that wrong?
If you want to consume content that costs money to produce that is being paid for via advertisement, and your user agent blocks said advertisement, why should you be entitled to that content?
Controversial counterpoint: If you want any minimum wage job your boss should have the implicit right to install cameras in your bathroom and sell videos of you showering on the internet.
Comparing user configurable topics of interest (in full control of the user and the browser the user decides to use) to involuntary camera recording in your home is some next level disingenuous bullcrap.
Do better here please.
I never said that you couldn't tape over any camera you found. Just that your boss can implicitly install cameras and since the topics are subject to change he can install new ones without telling you any time he likes.
Brave is far from being my primary browser, but this is far from an accurate take.
I wanted to play with Brave Rewards, and it's actually surprisingly involved to enable it and get it to start showing ads... By default, Brave is pretty much "just another Chrome clone", albeit with default privacy settings that everyone but Chrome has accepted should be standard.
FWIW, NetZero was pretty cool if you couldn't afford the phone bill for using AOL. :P
> In the 90s, there were little banner ads that ran on your pc in the same app that helped you connect to the internet.
NetZero & Juno, the good ol’ days of free dialup!
NetZero was the best. When you created an account with their custom dialer it generated a username and password pair (that the user didn't know) for the local dial-up POP in your town. The credentials were stored in a text file using a substiution cipher, so you could extract them and create your own Windows Dialer profile to get free internet without having to use their dialer that showed ads on your screen.
I use 100% of my earnings to donate creators (mostly YouTube and Github). I'm very generous and very cool.
How are you seeing ads in Brave? I don't see anything. I believe you have to turn them on, no?
> How are you seeing ads in Brave
I don’t, I’ve never used Brave.
From https://brave.com/brave-rewards/
But I can already block ads with uMatrix and other ad blockers. So why do I need another browser that does essentially the same, but adds more complexity to the mix, potentially more browser bloat? So instead of funneling ad spend to google, it’s funneled to Brave - but that doesn’t really make a difference to me as a consumer. I can donate or buy products of creators I want to support w/o dealing in BAT.Brave Ads do not replace current web page ads. By default, Brave blocks privacy-invading web ads and trackers that are embedded in page content. Joining Brave Rewards and viewing Brave Ads does not affect your current blocking settings for each website you visit. The ads you see as part of Brave Rewards are shown separately from your browsing experience and are not the same as the invasive, performance-sapping ads embedded in websites.> I don’t, I’ve never used Brave.
In this case your entire comment is pure FUD and a cheap shot at Brave.
I’ve been using Brave for 2 years, never saw a single ad.
> never saw a single ad
That cannot be true; brave cannot block first party ads.
I’m saying something very simple:
1. Brave is a browser like any other, in fact, built on top of chromium.
2. The ad blocking can be achieved with ad blockers using normal browsers. There’s ways to block cookies too.
3. Brave has presets for 1&2. Additionally, Brave adds on top more opt-in ads using BAT as an incentive.
Hence, use a normal browser with ad blocking, not chromium based, and FLOC is a non issue. Don’t use chrome, don’t use brave, no need to bother with this article about floc or whatever google api.
> That cannot be true; brave cannot block first party ads.
Do all sites on the internet employ first party ads? No? Then it can be true.
It cannot be true that you never saw a single ad because brave cannot block first party ads and the probability that you never ever visited a site that uses 1st party ads is basically zero.
“Basically zero” is not the same thing as zero. “Probably untrue” is not the same thing as “not true”.
This very site uses 1st party ads, so we know for certain that the probability I was talking about is actually zero and not merely basically zero.
>> That cannot be true; brave cannot block first party ads.
> Do all sites on the internet employ first party ads? No? Then it can be true.
Except we know you go to at least one website with first party ads - HN.
> That cannot be true; brave cannot block first party ads.
Not true. Brave blocks YouTube ads.
They meant Brave ads.
Brave does have a feature that displays ads in exchange for BAT, so it's not a cheap shot. https://brave.com/brave-rewards/
It is a cheap shot because you have to explicitly go out of your way to enable it.
There’s no conceivable way a Brave user sees ads without very explicitly digging through the settings and enabling them.
Which leads me to wonder, have you yourself ever used Brave?
I use Brave. I have the rewards enabled.
When you open a new tab, does it not show an ad for you as the wallpaper of the new tab? I thought that space would show an ad regardless of rewards are on or off.
The ads that I get that I know are because of rewards is the desktop notifications that it pushes, that you can click on. Only ever clicked on a couple of them at most I think, but still have them enabled because I think the idea of Brave rewards and BAT is interesting.
Also, I no longer remember but, when you install Brave it does ask whether you want to enable Brave rewards or not, didn’t it? In which case I think at least some people might be clicking yes without meaning to/understanding. But in my case it was intentional anyways.
I use Brave. I don't use Rewards. When I open a new tab I see a wallpaper, a randomly chosen picture, often a landscape scene, never an ad.
Negative, Ghost Rider. Disingenuous at best.
Key word: joining Brave Rewards