Acquired - The Browser (with Brendan Eich, Chief Architect of Netscape + Mozilla and CEO of Brave)
Episode Date: February 15, 2022We sit down with perhaps the only person besides Marc Andreessen who’s had a major influence on each of the Web 1, 2 and 3 eras: Brave Browser CEO (and former Netscape + Mozilla Chief Archi...tect) Brendan Eich. In true Acquired fashion we cover both a huge amount of both internet history AND internet future in one awesome conversation. Big thank you to Brendan for making this so special — tune in!This episode has video! You can watch it on YouTube.Sponsors:ServiceNow: https://bit.ly/acqsnaiagentsHuntress: https://bit.ly/acqhuntressVanta: https://bit.ly/acquiredvantaMore Acquired!:Get email updates with hints on next episode and follow-ups from recent episodesJoin the SlackSubscribe to ACQ2Merch Store!Links:Brave: https://brave.comCarve Outs:Project Hail Mary: https://www.amazon.com/Project-Hail-Mary-Andy-Weir-ebook/dp/B08FHBV4ZXOpen: https://www.amazon.com/Open-Andre-Agassi-ebook/dp/B003062GEE/San Fransicko: https://www.amazon.com/dp/B08SMFSL5M/Dynamic Economics: ****https://www.amazon.com/Dynamic-Economics-Burton-H-Klein/dp/0674218663 Note: Acquired hosts and guests may hold assets discussed in this episode. This podcast is not investment advice, and is intended for informational and entertainment purposes only. You should do your own research and make your own independent decisions when considering any financial transactions.
Transcript
Discussion (0)
Dude, I cannot believe that in recording this we asked the chief architect of Netscape to
restart his browser to see if that fixed the problem. Welcome to this special episode of Acquired, the podcast about great technology companies
and the stories and playbooks behind them. I'm Ben Gilbert, and I'm the co-founder and
managing director of Seattle-based Pioneer Square Labs and our venture fund, PSL Ventures.
And I'm David Rosenthal, and I am an angel investor based in San Francisco.
And we are your hosts. Today's episode is a mashup between one of the newest things on the internet
and the oldest things on the internet. Our guest today is Brendan Eich, CEO of The Brave Browser,
an application right at the heart of the rapidly emerging Web3 world. It is arguably the single largest
blockchain-based app with over 50 million monthly users. However, Brendan is no new kid on the
block. He holds the credential of inventing JavaScript, a source of much joy and also
much pain for many of you out there. And Brendan was the chief architect of Netscape and eventually became the CEO of Mozilla, the makers of Firefox. So you're saying 50 million MAUs is nice, but
Brendan wants this to go a lot higher. It's crypto nice, but it's not browser nice.
Yet. Yet. Yes. But it is rapidly growing. We had a wide-ranging conversation with Brendan
that you'll hear today that bridged this old world and the new in some really fun ways.
Okay, listeners, now is a great time to tell you about longtime friend of the show, ServiceNow.
Yes, as you know, ServiceNow is the AI platform for business transformation.
And they have some new news to share.
ServiceNow is introducing AI agents. So only the ServiceNow
platform puts AI agents to work across every corner of your business. Yep. And as you know,
from listening to us all year, ServiceNow is pretty remarkable about embracing the latest
AI developments and building them into products for their customers. AI agents are the next phase
of this. So what are AI agents? AI agents can think,
learn, solve problems, and make decisions autonomously. They work on behalf of your teams,
elevating their productivity and potential. And while you get incredible productivity enhancements,
you also get to stay in full control. Yep. With ServiceNow, AI agents proactively solve
challenges from IT to HR, customer service, software development, you name it. These agents collaborate, they learn from each other, and they continuously improve, handling the busy work across your business so that your teams can actually focus on what truly matters. AI is the way to deploy AI across every corner of your enterprise. They boost productivity for
employees, enrich customer experiences, and make work better for everyone. Yep. So learn how you
can put AI agents to work for your people by clicking the link in the show notes or going to
servicenow.com slash AI dash agents. Well, if you want to hang out with us and discuss this episode, you should do that.
We will all be there at acquired.fm slash slack. And if you want to go deeper behind these topics,
especially crypto, you should come check out the LP show. It is deeper, nerdier, and covers a lot
of more up and coming topics. It includes interviews with people like Roniel Runberg,
who have built Audius, Joseph Gordon-Levitt on the startup HitRecord. What else did we do on the LP show recently?
We talked with some of Solana and FTX's earlier investors from Race Capital. That's our newest
LP show episode. You can find that in any podcast player by searching Acquired LP Show. And of
course, become an LP if you want to get super early access two
weeks before everyone else and talk with us on Zoom calls every month or two. All right. As you
know, none of this is investment advice. Do your own research. And now on to our interview with
Brendan Eich. Brendan Eich, welcome to Acquired. Hi, thanks for having me.
Great to have you here. We've been big fans of your work for a long time. Grew up using
Firefox and the Mozilla browser before that and Netscape before that. And God knows I use plenty
of JavaScript every day in all facets of my life. So my life would not be what it is without your
work over the years. And of course, we are talking on Brave right now.
That's great. Your JavaScript use keeps me in t-shirts.
Well, we're going to go back and tell some of the story of what led to Brave,
but I wanted to get it in your words first.
What is the Brave browser?
So Brave is a faster browser because it blocks all the trackers,
many of which Google or its publishers or ad buyers depend on.
And it's based on Chrome, the Chromium open source code. So if you're using Google Chrome,
which kind of swept the market up to 70%, let's say, or more of market share, 2.65 billion users,
they say, you should get off Chrome and you should use Brave. We tried to make something
that's easy to switch to, but that's much more protective of your privacy. And this is
an ongoing commitment on our part because it requires a lot of research and development.
It requires fighting new kinds of tracking and fingerprinting that emerge. It also involves
something we talked about from the beginning and we prototyped in Bitcoin, and that's the basic attention token system for users who choose to participate in private ads
that are anonymous, but that pay them 70% of the revenue and that let them support their
creators directly through the basic attention token. And that was something we wanted to do
because we saw the privacy protection,
which is, I think, every user's right and good and necessary, as nevertheless harmful to the
current system of ad tech that publishers do depend on. So we wanted to get our users an
option that wasn't privacy invading, let them participate in funding creators. And if you don't want the private ads,
you can still fund creators out of your own wallet. We wanted that feature too. So it's kind
of a three-sided system, which is why we use the equilateral triangle for the BAT,
basic attention token logo. We're trying to connect users, advertisers, and creators
flexibly along all three legs of the triangle. Users who don't like ads can turn off the private
ads. Users who want to earn from the private ads can then give it all back. Some users just earn
and keep it. That's their right too. The problem that Brave solves is the tracking ads, the privacy
invasion, because it has all sorts of bad effects I can get into. And users feel it right away. They
feel the clutter. They feel the annoyance, they feel the page load delay.
Sometimes the mobile pages never load. And there's sort of correlates of the page load problem,
which are too much battery use and too much data plan used by all the ad scripts and the waterfall
of programmatic advertising that daisy chains from hidden third party to hidden third party
before an ad can show up. We block all that with Brave. But once you're in Brave, there's a whole programmatic advertising that daisy chains from hidden third party to hidden third party before
an ad can show up. We block all that with Brave. But once you're in Brave, there's a whole new
world of economics that's user-centric. And this is the really big idea of Brave. It's a
user-first platform, and therefore it's built from your browser on your device out. That's
where all your data feeds originate, all of them, not just the ones Google sees through its search engine or its many trackers around the web.
I think it was an important realization that you had when starting Brave that all or virtually
all activity stems from interacting between a user and a browser.
And that is because of the tremendous rise of web apps, in large part, unfortunately,
to the detriment of native apps that run on a
desktop operating system. But that is enabled because of the ecosystem that was built around
JavaScript. On the other side of things, the entire advertising and ad tracking and digital
advertising ecosystem also is built on JavaScript. And so I think there's an unbelievable arc to
everything that you've built over the years in deciding to approach this problem the way that you have now at this point in your career.
I was part of a project at Netscape that made the browser mass market.
It made it commercially safe.
Before Netscape, there wasn't a way to trust your credit card number flying across the
wire.
Netscape did so-called secure sockets layer.
Yeah, SSL.
So Netscape was working on making the web safe for e-commerce and useful for the site you went to.
We didn't think about the third-party problem. And that's where, even before I joined,
there was a way to embed images in the browser. That was actually in Mosaic in 1993.
And then in 1994, Netscape won. There was the in Mosaic in 1993. And then in 1994, in Netscape 1, there was the
cookie, which let people associate a bit of storage in the browser with their site. And that applied
not only to the banker or game site you were visiting, it also applied to every one of those
images. And that created a tracking vector because the image server could be keeping track of you
through a cookie that gets bounced in the browser from
each site the image is embedded in. And that's why you still hear the term pixel used in ad tech for
a tracking element. Even though it can be an invisible script now, it used to be a one-by-one
little transparent image. When did you start to realize that this was a problem?
So I think even in 1996, some of us, Lou Montulli at Netscape did the cookie
and there was a concern that it was being used for third-party tracking or could be used,
but the genie was out of the bottle. And the thing about the web is, Mark Andreessen said this to me,
even when they were doing Mosaic and there were only like 80 servers hosting content they cared
about not breaking, they would just keep backwards compatibility in all the quirks of Eric being his HTML parser and even precursor, progenitor HTML processors,
older browsers, because the content wouldn't work properly. So there's this strong evolutionary
force, this gradient forcing compatibility on the web. This is something a lot of people in
computer science, especially programming languages, just hate because it means you really can't
make incompatible changes except very slowly or through new runtimes that you can download.
But JavaScript was the only bite at the apple for that kind of runtime. Java failed and Flash
eventually failed. But in the 90s, we were too busy making the first party experience good and we couldn't break the web. So even though Lou Montulli wanted to do Twinkies,
and somehow I think they were going to solve several problems he wanted to solve.
That's an evolution of cookies.
Bigger, more storage. I think cookies were only 1,024 bytes or something teeny in the 90s.
And I think he wanted to do them only for first party sites. I don't think this would
have killed cookies for third party tracking. I forget the details because his boss said, no, no more.
No more cookies or Twinkies or Ding Dongs. And we stayed at the cookie. And by late 90s,
you can still find them in the web archive. There were sites diagramming tracking,
the rise of tracking. The company that Google acquired as DoubleClick in
2008 was operating in 99. I think it made the Dart ad server.
Well, I want to go way back to the beginning of your career. Even before Netscape, before
JavaScript, you joined Silicon Graphics, or SGI as it's called, and we've talked on many episodes about the unbelievable, incredible talent nexus that was SGI. Did you know when in the country, out in the middle of Illinois. And
I was not going to do a PhD. At some point, I realized that our research team had been hijacked
by IBM. And this was a great disgrace in my view, but the professors couldn't fight back.
And we became sort of a QA team for IBM's failed attempt to get a little laptop computer,
Motorola 68000-based computer they developed,
repackaged as a workstation, a Unix workstation, because Unix workstations were super hot.
Well, guess who came by UIUC to give a talk? Jim Clark about Silicon Graphics,
doing Unix workstations with VLSI 3D graphics. That was the whole company. And I almost right
away said, I'm going to work for Jim.
I interviewed at Sun. I was interested in programming languages. I interviewed on the
compiler team. I wasn't experienced enough for them to hire. I liked the manager, Steve Muchnick.
I met Eric Schmidt briefly. He was like director of software at the time at Sun.
Then I interviewed at SGI and I signed on the bottom line and it was great. SGI was super hot. It IPO'd after I joined. It, for a long time, had the best graphics, but that eventually got shrunk
from VLSI to GPU and now to system on a chip. And by 92, it had gotten big and divisional.
And I said, I've got to get some more experience doing other things. So I left. I was kind of bored. It was political and divisional.
Was this before or after Jim left?
It was before, I think, because early on, Jim realized he wasn't CEO. So Ed McCracken was
running it and Jim was on the board. But I think at some point, Jim had trouble
as founder keeping control as usual due to dilution. And so by 94, Jim was starting Netscape and paired with Mark
Andreessen. And I knew about that because all my SGI friends. And SGI did the graphics for
Jurassic Park, right? Jurassic Park. I know this. This is a Unix system. And they're not
looking at a command line. They're looking at the SGI file system visualizer. But I got bored and I left.
And SGI got big and kind of boring. I could see why Clark left when I heard he was doing Netscape.
Okay. So how did you find your way to Netscape then?
So a friend from SGI who'd come in from a team at IBM, Jeff Weinstein,
had gone ahead of me to a company called MicroUnity. And MicroUnity,
you probably haven't heard of, but it's got a lot of patents and it successfully litigated them from 20 years ago to
maybe 10 years ago. I forget when they ran out of steam. I think it just made a ton of money off
suing everybody, IBM, Motorola, Qualcomm, Broadcom, everybody, because MicroUnity wanted to create a
software programmable set-top box.
And there's only one thing that I actually knew about MicroUnity coming into this.
Was it the chief architect at MicroUnity, the same person as both MIPS and Next with Steve Jobs?
Craig Hansen might have been at Next. Yeah, now you remind me. Craig definitely was at MIPS. He
did the floating point unit, the MIPS floating point unit. So he was the full architect at MicroUnity. So MicroUnity was like practical
grad school for me because it didn't go anywhere. It was way too ambitious, right? It was doing a
new chip, new semiconductor process, new chip, doing analog and digital on the same chip, I
should say. It was doing basically everything except the radio front end that mixes down the bass band it was doing in software. So all this stuff has come true over
time, but trying to do all at once, you just run into the multiplication principle and your odds
of success go to one in a billion or 10 billion. And they could have used the fab to make SRAMs,
but I think it was too boring. I think Moose was really ambitious. He wanted to change the world.
He wanted to be the new Howard Hughes in some ways. He did make a lot of money off the patents. Okay. So did a big crew of those folks leave to
go to Netscape or was that you on your own? Well, it was Jeff Weinstein and I jumped to
Netscape within the same week. We're still young and naive. We should have made a company and sold
it. We would have gotten four times the options. Just as we arrived, we saw some other teams doing
that and they weren't as good.
But I can't complain. I mean, it was always the case when you're coming into these systems that you don't know exactly what's going on with the company. But I got there in April of 1995,
on April 3rd, I think, and the IPO was sometime in August. So it was a huge rocket. And it was
to me a little bit scandalous because in the 80s, SGI had to have
three profitable quarters before it could IPO, whereas Netscape just went on forward speculation
and forward multiples and it was not profitable. But that was the 90s and that started it all.
But there was real revenue there.
Well, so the browser was charged for in commercial settings. And Netscape used the IPO to buy a bunch of server-side companies and projects.
The LDAP team from University of Michigan, Tim Howes and company, the Kiva app server,
a bunch of Java investments, even started building a Java jitting runtime to rival Hotspot,
which Sun had bought Anamorphic to build.
The Netscape version was called Electrical Fire, and it was being developed by this super brain from MIT, Walter Moore Horwath.
But Netscape couldn't pull it off, and Sun was going to win with Hotspot. So
I rescued Walter Moore to take over JavaScript in late 97, and I went off to found Mozilla.org
after I'd standardized JavaScript. So AOL comes in, they buy Netscape. All those guys you just
mentioned, most of them, they go to LoudCloud. You go in the Mozilla direction.
Yeah. My CV is really short and I tend to stick with things. And the thing was the browser was
not done yet. Microsoft had simply killed Netscape by bundling IE, which it copied and
sort of acquired pieces of through Spyglass. Which bought Mosaic.
And it sort of kept iterating like it does. So the first version was not real, and the second
version was kind of a joke. And the third version was starting to tell you where it could get to,
and the fourth version was quite good on Windows, pretty much only on Windows. And meanwhile,
they were bundling it with Windows, 95 and then 98. And they got convicted in the USU Microsoft
case for this, because it's not illegal to acquire Monopoly
through let's say Merit or a sweetheart deal with IBM
to be the OS for the PC.
I don't know why IBM gave Microsoft that,
it's a little suspect, but whatever.
They had the Windows Monopoly,
but what they did in tying the browser to it
and threatening Compaq
with revocation of the Windows license if Compaq
shipped Netscape as the default browser was illegal and they got convicted for it.
But it was too late to save Netscape.
And yet a few executives, Mark and Eric Hong and others, wanted to save something through
open source.
Commercial open source in the form of Linux was up and Red Hat was up and running.
People were excited about the idea of
doing a commercial open source project out of the remains of Netscape, at least in the browser team.
So Jamie Zawinski kind of led it definitionally and spiritually and as the community manager.
And I did the tech side and we had a bunch of IT people and a couple of tools people who helped us
build things that are now
taken for granted or now standard on GitHub. And we realized there was this amazing synergy doing
something like a dynamic language on the server to generate HTML that has JavaScript automating it.
All that stuff was super slick to do in sort of a full stack way. And this was in like 96 and
prefigured everything that came after in DHTML and AJAX. It was pretty cool
that you guys were doing this in open source, right? Yeah. I mean, initially Netscape was
closed. When we opened it up, we threw this tarball out there, but as we worked on these
tools, it got better. We couldn't drag the mail news team out. They'd been sort of messing up
Netscape for mail news and they didn't like open source, but eventually it all got rewritten and redone.
We even created a portable front end stack using XML, which was all the rage then.
We call it our Zool, X-U-L, after Ghostbusters.
Which became the way that you would write the original browser plugins for Firefox and
presumably the Mozilla browser before that.
Yes.
And the Mozilla suite was pretty much the un-Netscaped, to use un-Googled as an analogy, the un-Netscape version of the code. And this actually started winning users because AOL bought Netscape and started festooning Netscape with ICQ buttons and aim buttons and things like that.
Yeah. It's like when I go in to make a new meeting now and I'm about to add a Zoom invite, but Google's like, wait, wait, wait, don't you mean Google Meet? And you're like, no, that's not why I'm using your tools. No, not what I mean.
Okay, so we're now at this point where you're on your own with Mozilla. You've taken the code
out of Netscape. It's being developed in the open. Firefox at some point became,
gosh, over a quarter of the browser market share. So how did it evolve from, hey,
we're going to take an open source version of the browser that Microsoft illegally killed
and turn into this thing that sort of breathed new life into the browser ecosystem?
We had this idea, and Eric Hahn and Mark had this idea that there would be an escape pod
containing the browser code and it would somehow land on Tatooine
and the message would get through and things would come back later. But no one knew how.
And conventional wisdom from 1998 on in the Valley was, oh, the browser is done. IE is it forever.
Give up. Just like today or a couple of years ago with Chrome, right?
It goes in cycles. But we also had this sort of boat anchor of the Mozilla suite,
because like I said, the 90s had a lot of suites. I think Netscape made a mistake in 96 when they
bought a company to go after Lotus Notes because it didn't work. And they took the Netscape 2 and
3 mail reader and newsreader, which Jamie and Terry Weissman, who I've mentioned, worked on
and did a pretty good job on in a very short time. And they threw it away or kind of
threw most of it away and did a Windows-only groupware sort of version that was late and
delayed all of Netscape 4. And that really hurt. And they were the people who didn't want to do
open source either. But that did not help Netscape. It did not take down Lotus Notes.
And Mozilla had to figure out, are we doing a suite? Do we want this albatross of 90s suiteware? And it took a while,
because like I said, we were underfunded at first. And in fact, as AOL ingested Netscape,
which at first didn't involve any digestive enzymes, it was like arm's length, they started
wondering what they bought and why. And so for the first two years, I think 99 and 2000, the head of Netscape division was
decapitated.
And somebody I liked, a nice guy I mentioned, took their place.
But it didn't go well for Mozilla.
It meant Mozilla was considered the enemy because most of the employees initially were
the contributors.
And it was rare to find outside contributors.
Chris Blizzard at Red Hat was a contributor. We encourage people in open source, especially in Linux, to work on
the code and send patches or get CVS commit rights. We tried to give those away. So a lot of the job
in the early days was trying to build up the mostly volunteer community to countervail the
Netscape employees who were not all top-not notch at that point. And after a year, nothing much changed. And Jamie said, I give up. I consider it a failure.
He wrote an essay you can still find. So he quit, but we kept going. And even though we had to be
the basis for this suite, because we stripped out the ICQ and aim buttons, Mozilla got popular.
We were doing releases, binaries, because we wanted testers. That was
a big change too. A lot of open source projects said, there's the code, build it yourself.
Right. Which of course, like 99% of people who could use the software are immediately out right
away because they're not going to compile on their local machines.
And of course, once you build the software and release it, you're getting people who don't know
which end of the internet is which, but they'd give you good feedback. And there's a whole sort of layers of the onion from your
lead users or your actual hackers who do know software out to, let's say, web savvy,
but less experienced folks out to the average people who don't know the difference between
a search engine and a browser. And so we started growing Mozilla even before Firefox in a way that I think kind of shamed and threatened Netscape. But Netscape was also getting these annual decapitations. And so by 2003, we learned through our IBM friends that there was going to be curtains for the Netscape division. Enormous stroke of luck, Mitch Kapoor, who founded Lotus 1-2-3 and has his own experience
with Microsoft's tricks, was friends with Ted Leonsis, one of the AOL executives.
Ted's a very nice guy, not technical, owns the Capitals, or did.
Right, right.
That's another sports team, I think.
And they ran into each other at the very first D conference, right?
Walt Mossberg, right?
Oh, wow.
And Ted said, hey, Mitch, I've got this thing, Mozilla, I don't know what to do with.
And it turned out Mitch was doing something called the Open Source Application Foundation.
And he had hired Mitchell Baker, who had been fired under cover of a layoff, I'll say it,
in 2000 by Netscape management because they didn't like Mozilla. It was a thorn in their
side. Maybe Mitchell was, Mitchell was expensive. So they had a layoff and suddenly Mitchell was gone. And I was on the phone
saying, did you quit? And she said, no, this was not my choice. And yet the next week on the Mozilla
community call, there was Mitchell doing the governance leadership while I did the tech
leadership. So the Netscape management that tried to get rid of it were grinding their teeth
at this point. They couldn't kill Mozilla. They couldn't decapitate it as the Netscape division
had taken off annually. But when we learned AOL was going to shut down Netscape, Ted, to his credit,
asked Mitch what to do. And Mitch had hired Mitchell Baker, who'd been the Mozilla manager
from about eight months into the founding up till she was laid off. And that was just huge good fortune because Mitch then told Ted what to
do. And in spite of some sniping by a VP at AL nobody liked who really wanted to stick the knife
in and twist it, Ted did the right thing and gave us $2 million over two years to spin out the
Mozilla project.
And I think Mitchell wanted to do it as a nonprofit.
They thought there'd be some good basis for Mitch himself.
I didn't want to do VC funding and didn't want to do a commercial thing.
I just went along to try to keep the code alive.
And we knew what to do in 2003 summer because Firefox had already started in 2001, if you can believe it.
But it became known
as Phoenix by 2002. And Firefox was completely rebuilt from the ground up, right?
Well, it was based on the Zool work that I mentioned that Dave Hyatt and others had done
to make a programmable front-end stack on what looks like the web. It's XML and JavaScript and
CSS. Custom toolbars, even the native menu bar on the macOS at the time,
all of that could be integrated through XML. It was declarative. It was fast enough with enough work. It allowed all these extensions you mentioned. We called them add-ons. That was
the first browser extension ecosystem way ahead of Chrome's. And it was the way Firefox got built,
because once we had the suite unbadged of all the ICQ junk, we still had sort of too many functions.
Like it's a Swiss army knife.
Do you really need to browse the web while you compose an email?
And you had rich text editing and manage your address book.
So we came up with a vision.
Dave Hyatt and I wrote the roadmap update for Mozilla in 2003 that said, let's make
one app do one thing well.
We'll build them all on a common frontend toolkit, give them extensions so that we can simplify the UX, but not drive the advanced users away to Opera,
which always had too many options built in. And that roadmap, you can still find even on Mozilla,
I think it's certainly in the web archive. It was a pretty good roadmap in my opinion,
because it got the project moving toward not only Firefox, but Thunderbird. And even the old suite, the volunteers wanted to call it SeaMonkey and carry it on.
And they did for a good long time.
But Firefox was originally Mozilla slash browser in 2001.
It was just a small pirate ship within Netscape.
It was Blake Ross and Dave Hyatt and a few others.
Joe Hewitt, right?
Joe Hewitt did the autocomplete satchel and eventually did Firebug,
which was awesome. He then got hired by Facebook and built the original Facebook app.
Blake Ross and Joe Hewitt founded Parakey and sold that to Facebook. That's how that happened.
But we lost Blake to Stanford. I had to recruit Ben Goodger out of Netscape to take over for Blake.
And that went from Firefox 0.6 on to 1.0. And Ben did a lot of the important
work on add-ons and search integration and making it really sing on Windows. Because that's the
other thing open source didn't do. Open source at that point was still saying, oh, it works on
Linux. Well, which flavor of Linux? KDE or GNOME or forgotten other ones. But they didn't care
about Windows. It seems to me that the community always needs, and I say the community, it's a very
broad community. It's all people who use browsers and maybe even more general than that, but they
always need some exciting challenger that's fighting the man. And it seemed like Firefox was
right place, right time with the right group of people who were actually passionate about this, whereas everyone
who was stuck inside of Netscape at AOL had sort of lost the fire. AOL at first thought this was
a strategic asset, now realized it wasn't going anywhere. And so you had this sort of moment to
seize if you had the right team where there was no legitimate challenger anymore to IE,
and so you could make a real run at it. Is that sort of how you think about it?
Yes. And the way you described it was almost like fractal structure, because the core team was like
a pirate ship kind of sassing Netscape management for their foolish, bloated suite, and also making
great tools and things that Hewitt worked on, Firebug and the autocomplete stuff. And that led
to early adopters loving it so much more than all
the other browsers. So that when Firefox was at 0.8 in early, I think it was early 2004,
and then 0.9, especially when we could see the rocket ready to launch, the whole lead user
cohort of the web was just charged up. And at that point, I'd made contact with Sergey Brin
through somebody he sent my way named Fritz Schneider, and we'd gotten the search deal going in 0.9, but we'd also gotten Fritz's team,
the gin team at Google, helping Firefox. So they were working on browsers before
Chrome, and the browser to work on was Firefox. Nobody thought it could be done.
The conventional wisdom still was that you're never going to take back market share,
even though Firefox already had a few million users and was growing rapidly.
And this did convince some people who worked with us at the time, like Bart de Krem, to go try a market share, even though Firefox already had a few million users and was growing rapidly.
And this did convince some people who worked with us at the time, like Bart de Krem, to go try a commercial fork of Firefox. That was flock. Didn't work. Raised a bunch of VC, got sold to Zynga,
and then shut down in 2011. There was other forks too. I mean,
I used Camino on the Mac. That was Dave Hyatt's other browser. Dave wrote prolifically. He wrote a lot of code.
So he wrote a macOS-only browser to learn the Coco, I think it was, toolkit.
And Dave works for Apple.
He went there in 2001, I believe.
He kind of made Safari because he knew how to make the KHTML engine web-compatible.
And it was from Linux, and it wasn't battle-tested in the field against mass market users, so
it didn't load
websites properly. Eventually, that led to WebKit being forked from KH2Mail in 2005, but
getting David Apple was quite a coup for Don Melton, the manager at the time of Safari,
who was also XNetscape. But there was just this fractal effect of restarting the market,
sassing your boss, showing up, i.e., showing the world a better tool for
something that people used every day, right? People would discount the browser. There was like,
oh, fat apps are back on the desktop, Windows Longhorn, or when the iPhone launched,
eight months after actually, because the initial app model for the iPhone was web apps.
A sweet solution.
But native apps had to be there because of games being ported. And then native apps got privileges and got app store affordances that the web didn't.
And it's the same thing every 10 years or so. You just get people holding the web back. Usually,
it's a monopoly power or a market power. And then the upstart comes because people still
use the web. The value in the web is so great. And there's embedded web views in all these apps
and there's embedded trackers in all these apps,
by the way, we're blocking those too
with our partnership with Guardian iOS Firewall, the VPN.
It feels kind of similar to me
in terms of narrative and market perception
to silicon and to semiconductors.
Like a couple of years ago, people were like,
ah, semiconductors, that's so boring.
Like all the innovations, way, way, way up the stack from that.
Well, like actually turns out the Semiconductors are pretty freaking important.
And TSMC is like, you know, a very, very, very important company and one of the top 10 most valuable in the world.
The browser feels similar to me.
Like, it's so easy to discount it.
And yet the majority of like people in the world spend the majority of their days on it.
Yeah, it's an immortal app. It's the universal app. The bigger the screen and the better the
input bandwidth, the more you live in the browser and you don't want to install some...
Even Slack, we have a lot of our users of Slack at Brave use the browser to load Slack
as a web app instead of loading this bloated Electron app that Slack has been slowly maintaining.
There's a real trade-off there that I think is part of the browser's immortality,
but the web content is also sticky and accretive, and that's important too.
Yeah. I'll sum it all up in one sentence. Firefox did really, really well and gained a huge
market share. And then when Chrome launched, it's been slowly etched away every year by Chrome now,
and it's down around something like 3%. So I want to fast forward all the way to the moment where
you're starting to think about Brave. And yet, there's been all these attempts to start a new
upstart browser that has a different take on things. I'm thinking of Dolphin. I'm thinking
of Rockmelt that have not worked. Yeah, Rockmelt. So yeah, the flock was doing social or Web 2.0,
it made it the very center of Firefox's growing market. And that's not a good growth strategy
because you have to get people off Firefox and then somehow beat them on the outer rings of
growth. And Firefox was already going faster there and you weren't going to get too many
defectors from the innermost nerdy hacker, technorati, web 2.0 people.
So Flock failed.
Rock Melt was after Chrome came out and was based on the Chrome fork of WebKit,
which wasn't its own thing really then, and tried to add social.
I think it was just, and I haven't talked to Tim Howes about this,
I think it was just aimed at trying to sell it to Zuck.
Well, Zuck doesn't want a browser.
He's got a browser.
He's very happy with the Facebook web app on desktop.
And then he was at that point already aiming at mobile because the iPhone was out and he
wanted full native apps on mobile.
So he was never going to buy Rockmelt.
So Rockmelt failed.
Dolphin did well because I think they had this, I forget her name.
She was a great marketer.
She got all these distribution and growth hack deals going in various Asian
countries. And they did a credible job on making it a good mobile browser as mobile came up through
Android. Android kind of double started at that G1, what was it called? It was the first Android
device. It was- The T-Mobile G1.
It was not good. I talked to Andy Rubin at Google in 2006.
Yeah.
But Android took a while to get anywhere near decent, and I still can't use it,
even though I've got many complaints about Apple.
Am I remembering right that Dolphin at some point, I don't think originally,
but maybe later in its life pivoted to be like, oh, we're privacy focused, right?
So people were starting to think about this.
Everybody's doing that now.
They're putting privacy perfume on without taking a shower in some cases.
Oh, I love it.
But one of the big browsers that succeeded in Asia besides Dolphin was UCWeb.
And UCWeb grew against Chrome in Indonesia and Bangladesh and India.
In some Indian states, it had more share than Chrome.
And one of the things we noticed that UCWeb did was it blocked ads.
So having done Firefox and been in the situation where we didn't even have the best privacy
features, it's kind of embarrassing, but it's true.
Mozilla did not lead on privacy as well as Steve Jobs did at Apple.
The very first Safari had private windows.
It had a third-party cookie blocker.
Neither of these things were in Firefox at the time.
Private windows came in quickly.
We never shipped a third-party cookie blocker in my time there. There was always concern about
rocking the boat. I have to say there was probably some implicit concern about the
Google Search Partnership and what would be the effect on that.
Because of course, the vast majority of Mozilla's revenue comes from the Google
Search deal to use Google as the default and get paid hundreds of millions of dollars from Google.
Yeah, it really was the one big trick for funding Mozilla. And it was,
you know, good while it lasted, but it also foretold Google doing its own browser, right?
We could see this coming too. We didn't want to take so much revenue in the deal that it became
cheaper for them to do Chrome. So we tried to adjust that. But all we did was defer Chrome,
maybe a few months, a year at most.
It wasn't clear we deferred it at all because by 2005, Dave Hyatt and Maciej Stachowiak
and others at Apple had said, let's stop patch bombing KHTML.
Let's make our own little mini Mozilla.
It'll be run by Apple, but it'll be webkit.org and it'll be a proper open source project.
And good for them, they did it.
And that became the basis for not only what they put in Safari, but for Chrome. So there was a gleam in Larry Page's
eyes when last I saw him, 2005, he was saying, yeah, WebKit's so clean. I'm like, Larry,
go do your own browser. It's fine. Don't worry about Firefox. You should do your own browser.
So we knew that in 2006, they were doing it. We knew that they were at that point pulling people off Firefox.
And some of the people I'd worked with at AOL or at Mozilla were working on the prototype.
And it took them a while to get it out.
It's crumpling them out in September 1st, 2008.
And it wasn't really at first clearly about fast JavaScript or all the stuff that people
think of.
It was more about isolating the Flash player so that when it crashes in a tab, it doesn't drag your whole browser down.
Yes. Yes.
And that comic that they shipped was just freaking brilliant as a marketing strategy
for the nerds out there that would really appreciate process-isolated tabs.
Yeah. It had everything. It had Lars Bach about V8. It had Darren Fisher, who I'd worked with at
AOL. But at some point, I don't know when,
I heard this from a friend who was at Google. Larry sat up and said, wait, we're running a
search advertising business and Chrome isn't tracking our users? What are we doing wrong?
And so in 2016, Google's privacy policy changed. This was after I started Brave, but I'll tell
the full story of Brave by starting there. Because at that point, ProPublica noticed, The Guardian republished their piece. They sort of said, Google's crossed
the Rubicon. They've connected all their data into one big ad exchange and data collection system.
With a carve out for Google Analytics, it's not clear how much Google Analytics is private anymore.
And Chrome, if you sign into the browser, which is a separate feature in the upper right corner,
using your Google account, then you're trapped for ad targeting. It's Google's business.
But a lot of people didn't know this, and some people didn't sign into the browser.
Well, in 2018, September, Google said, gosh darn it, people aren't signing into the browser enough.
We're going to just do it whenever you sign in to Gmail or YouTube in a tab.
We'll just sign you in across all the tabs
and we'll track you. Oh, wow.
If you don't like it, you can opt out in the Google account settings.
Yeah, right. But nobody's going to do that.
And I do.
I mean, yeah, you'll do that.
I used to do talks at conferences, ask how many people were using Chrome, how many people knew
this, how many people opted out. And the hands were numerous and then they started falling and
then there were red faces and consternation.
This is not just Google. I pick on them because they became the biggest. And buying DoubleClick
was an earlier sort of Rubicon they crossed. Because I think Sergey told a friend of mine
in 2003, oh, we would never do tracking for ads on publisher pages that tied into our
search ads. We would never track across the web. That would be evil.
Oops. Well would be evil. Oops.
Well, it changed.
Well, the definition of evil shifts
depends on how large the incentives are.
Yeah, and going public also just puts a fiduciary duty
to your shareholders on you that is hard to resist.
And this is kind of the animal,
the blind, voracious beast of capitalism.
So when I was thinking about Brave,
I realized not only
had Mozilla become captured by its search partner and was probably going to die because it couldn't
compete, not just on Chrome intrinsic qualities, but on distribution, which really matters at scale.
You have to pay for it, right? Microsoft had woken up and was doing IE and finally did Edge.
And this was before they switched Edge to be based on Chromium. They were certainly still
distributing it on Windows. They were kind of tying it. And I would say it's gotten worse.
Windows 10 and 11 have gotten even more aggressive, though they backed up on one particular
thing recently, where it's almost like back to the antitrust case. They're saying,
hey, you're not using Edge. We've noticed. Would you like to use Edge? Or, oops, we reset your
default browser to Edge. That happens too. And this is a problem
for Google. So Google has to pay to distribute Chrome. Mozilla doesn't have the resources to
do this. Our growth with Firefox when I was there was completely organic, I think. And it probably
was mostly organic after I left. They might've done a little growth hacking. And they never got
big on mobile. I'd love your explanation. And again, I don't ask this because I don't have thoughts myself,
but I want to hear from you. Why is it bad to be tracked?
Yeah. People, sometimes if they're savvy, they'll remember Richelieu's epigram. I don't know if it
really came from him. Give me six sentences from the most honest man and I'll find a way to hang him,
right? Snowden changed things. People realized, wait a minute, there's violations of federal law here. Google engineers who've been using telco dark fiber without encrypting their backbone traffic
were outraged, I think. And data breaches bother people. And the third party problem I mentioned,
those embedded pixels and all those embedded scripts,
you don't know where your data is going.
It's not just that it's trapping you
to give you a better deal
or to make your ads more personalized on a website.
That data is flying out the window
and it's going into stuff that is available
to not only the dark web,
but just available publicly.
A horrifying story, I won't name names.
We have a vendor, Brave, that has information on people. It shared it with Experian. We didn't
know this was happening. I don't know if there's a privacy law that was breached. We believe their
privacy policy was breached by their own action or their setting of this as a default that we
didn't know we had to opt out of. Experian is just Breach City, right? These are jokes.
It's criminal. I don't know if it's literally criminal, but it feels criminal.
Right. So consciousness of privacy as something where you're unsafe if you're trapped grew.
Initially, it was like, I don't care, trap me. I have no privacy. Just make my experience more
personal. And then it became, wait a minute, there's some third party or seventh party,
seven degrees of Kevin Bacon. There's somebody in Russia who's tracking me.
That's no good.
There's somebody playing games to trap me around physical world using geofencing.
That's possible with ads.
And it's been done probably by malicious actors.
There's spy stuff going on.
People realized that this was a bigger problem than just, oh, something somewhere has some
dossier on me.
Because once you have a dossier
on a server, it's very likely it's going to get copied or leaked, and it's going to be in 100
servers or 1,000 servers. And you won't know where it is or to what bad uses it'll be put.
So meanwhile, privacy law was coming up in Europe that, in its own abstract way,
sometimes without defining its terms, did use sort of common sense notions about how we interact,
which Steve Jobs himself once talked to Mossberg notions about how we interact, which Steve Jobs
himself once talked to Mossberg about in very plain terms, which is privacy means you don't
get my data unless I know I'm giving it to you for a specific purpose that benefits me. And there's
sort of a quid pro quo. And that's what the GDPR tries to do with purpose limitation or purpose
specificity. So when you consent to those cookie dialogues,
which are all misregulated, mismanaged, and nonsense, I'm not defending them. And GDPR,
like all regulations, is full of unintended consequences. What they're trying to do is say,
do you consent to let a tracking cookie be set, let's say, for some essential or inessential
reason? And there are carve-outs for essential reasons. When you go
to a search engine, it's a first party, you're giving it data to get better results. So there's
an essential purpose there that can justify some kind of data being processed. It isn't necessarily
tracking because it's only at that search engine. But when you're dealing with all these sites that
throw these cookie consents, click here to learn more. And there's 300 vendors. And if you want to opt
out, you have to go click on them. And often there's no page there. There's a 404 HTTP response.
There's no phone number. There's no way to opt out. So it's a complete fraud that you can opt
out of this easily. And that's also against the law in many places in the world, not just Europe.
A lot of these privacy laws are coming up around the world. And this was sort of concurrent with
the rise of Brave. But the consciousness about privacy is still growing. And that's helping us
because we were at the forefront and doing this R&D I mentioned, which made us fast and efficient.
And you're seeing others jump in with DuckDuckGo always had a more private sort of search front
end on Bing. It's pretty much Bing still for the keyword search. They had mobile
browsers. Now they're adding desktop browsers and other products. And like I mentioned, Apple
gets fair credit for privacy concerns that I think came directly from Steve Jobs in Safari,
private windows, and third-party cookie blocking. And Apple wraps itself in privacy with some
justice. And now even Google's trying to claim to invent the privacy sandbox to save
its business. I mean, to save the world, sorry, and ram it through standardization and into other
browsers. Let me ask David's question a little bit more specifically. Why is a private computing
experience important to you personally? Yes. So I mentioned this rising consciousness of privacy, how privacy is sort of multi-sided and involves different
degrees and kinds of threats. So those matter to me, no doubt. But I also think the user has to have
privacy for economic advantage. Otherwise, we have no way of collective bargaining with the
network powers. And any network is going to have power centers. It's just because of network effects.
And whether they collect much data or just become a successful business, they will have
economic power, market power, and the users may just be these sort of sheep to be shorn
of their wool.
That is the model for ad tech.
But if users can guard their data, they can demand a higher price.
They can demand better terms.
They can use cryptographic protocols to transact without giving up their privacy while still giving authentic attribution or confirmation of ads viewed or purchases.
So what matters to the marketer is if you get them in their best day is not that they track you individually.
They wouldn't know what to do with these tracking databases. It's usually vendors that hire that do it or Google,
Facebook, and so on. But they want to know what audience they can address. And they want to know
how well that audience or cohorts within it convert. They want to segment that audience and
see if they can do performance and growth marketing with pseudoscience, mostly regression,
logistical regression, mostly very simple statistics to see this campaign's working,
this one's not, I'm going to spend more money on this and less on that. And I'm going to try this
new paid media approach. I'm going to try this new Brave browser private ad system because
there are some users there that are off the reservation. They are not reachable, addressable.
They used uBlock Origin on Chrome, and now they're using Brave.
And I can't get to them through my usual media channels and advertising methods.
So I'm going to put a little money on Brave.
And that's how we built up the private ad business as part of Brave Rewards
uses the basic attention token.
And that matters to me too, because I always thought about economics.
I was interested in it from a young age, but I also, at Mozilla thought, we're going to get killed by Google. I think every executive
thought this at Mozilla. I'm not breaching any NDAs to say this. It was something that
maybe can't be solved without really doing a second browser and marketing it as a companion
to Firefox. And I actually talked at one point with Dave Hyde about doing this, but I couldn't
recruit him away from Apple. And I tried to get Hewitt as well. And it would have been a WebKit-based Mozilla browser, but it was too risky.
I couldn't get the talent I needed. It would undermine Firefox at some point,
and it would have been bad for morale. So maybe Mozilla is trapped, but I didn't want
Braid to be trapped. And I certainly didn't want myself or my children to be trapped because
these monopolies can last a lot longer than they should. And they can really
keep shearing those sheep until the sheep are starving. And that's happened. I think
that's where we're headed with all the censorship and the heavy-handed interference in sort of
search results. Demonetization of YouTubers in 2015 started, and it wasn't just over atrocious
content that should be censored because otherwise you're going to just have people after you and you'll lose viewers. It was over all sorts of things that nobody could
understand and they were just losing money as YouTube creators. These were just creators who
were talking about their hobbies and they found their ad revenue going down.
Oh, totally. Google changes, YouTube algorithms, Facebook changes,
Instagram or Facebook algorithms, and it completely wipes the table of whole sectors of
creators. Yeah. In the UK, there were actual regulatory cases involving this search algorithm,
SEO sort of change. Matt Cutts, when he was at Google, used to blog. And he tried to be
transparent about it, but it was clear Google had a lot of power. And there's sort of a black box
that they're operating inside of. And it's a casino. The house always wins.
So I wanted to use something that we knew about in the old days of computing, where you were the
system administrator of your department's minicomputer or your lab's minicomputer,
or you were your PC's administrator. You had to get the CD-ROM. You had to install it. That was
a total pain. It was a tax, but you could keep your data there. You could make sure that you
knew what was going on. Your system had in many ways more integrity than our modern day connected
devices do, where they can be updated behind your back and things can go wrong or sideways.
And there's all this third party tracking. So I wanted to get back to the user having power
through privacy, through shields, that's what Brave calls them, through the power in your pocket, which is the supercomputer, the micro-unity,
super-scalar architecture from the 90s. And yet it's kind of underutilized. Software is not
10,000 times better, even though the processes are that much faster. Something's gone wrong.
Because even in the early 90s, Silicon Graphics operating system was getting bloated. And we're
talking about going from 8 meg RAM to 16 meg RAM. I mean, just ridiculous small amount of memory.
And yet the software was getting bloated, X windows and motif and all this garbage.
So software has not gotten better. It's in some ways gotten worse. And I wanted Brave to wave
the flag of better software, tighter software, software that defends your privacy because it
gives you economic bargaining power, a chance at changing the topology of the network where, again, there's
always going to be central powers that come and go and accumulate wealth. But if the users can
fight back, they can have, let's say, other options like cryptocurrencies and tokens and
smart contract systems. Well, I was going to say, maybe for the majority of people out there when you were starting Brave,
yeah, like, oh, economic power, I get it. Like Google, Facebook, they've got power. But how
on earth would I ever as an individual have economic power?
Wasn't our pitch. Our pitch was private, fast, low battery use. And we actually,
at Mobile World Congress 2019, this green Spectre company from the UK came by
and said, yeah, we've measured. You're the least power hungry browser on Android. It was awesome
because it confirmed our own research team's results. But you have to sell with what people
feel every day. What they feel is that page load lag. They feel that battery being drained. They
feel the data plan. Even though they may be on an unlimited data plan, there's still
ways they perceive it. But now, I mean, I imagine it feels real to people that like,
yeah, I can make money with my attention on the internet.
Like it feels very real to people.
It's so funny because we have different tiers of ad rate card around the world because it's
easier to get ad buyers in the US and paying the most in the UK and Europe after and so on.
And so we have a lot of fans around the world who are in lower tier regions and they aren't making as much, but it may go a longer way for them. It isn't like we're
trying to make people rich or we're doing a pump and dump. We're trying to make users get 70% of
the revenue of a growing business that if you look at ad online and digital advertising, it's still
300 billion plus a year. That's a huge business. If we just get 1% of that and we share 70% of that with our
users, it's at 2.1 billion, right? So to be super crisp, to make sure
listeners understand it, an ad is displayed to me, and this is an ad that's purchased through
the Brave ad network where the advertiser is willing to say, look, I know that this isn't
going to do a bunch of crazy targeting stuff. This is just going on to the Brave ad network. A user views
that ad and then 70% of the revenue from that ad shows up in the user's wallet in the form of the
basic attention token. Yes. So when you say network,
people think tracking because networks have lots of ways to track. So what we do instead is we put
all the ads into a catalog through a link to the creative for the ad, the image or web page or video
that's in an edge cache somewhere.
We don't consider that an adversary.
The link to the ad and some keywords about the ad go into a catalog, and the catalog
gets updated to a large number of people in each region, and it gets updated several times
a day the same way for everyone.
So you are not identified by downloading that catalog.
It's kind of like getting a safe anti-phishing list or a safe browsing list, anti-malware
site list.
And that's how we solve the problem of ad networks that today in conventional ad tech
will track you on the front side and take all your data even before they've decided
what ad to show you.
We do the decisioning in the browser based on this catalog.
So all the machine learning on the mother of all data feeds I mentioned earlier is in
browser.
It's only on if you opt into the system, by the way.
It's not turned on normally.
And that's what does the ad matching.
I see.
Yeah.
So I'm wondering how, I mean, I was definitely buying some ads on Facebook for startups I
was involved with in 2015, 16, and it was unfreaking real, the level of targeting.
I mean, you could target one person.
Yes.
And as an advertiser, you're like, this is magic. I can acquire exactly the customers that I want.
Of course, that's at the expense of the users. And Facebook has walked back a lot of this and
made it more broad. Is there some measure of an advertiser being able to tell you,
hey, these are the types of customers I want? Or is it like buying a billboard on the highway? Yes. So we're big enough now,
and even when we started, we were big enough that we can do some very core segmentation, which
does not let people be re-identified. Because the problem with the targeting systems you mentioned
is they can, like you said, target one person. I think Latanya Sweeney said in the US, if someone's
birth date, gender, and zip code are known, they can be individually identified,
re-identified. So obviously, we're not going to give out any information to advertisers
ahead of time, but we do have ways of sampling our audience to very coarsely segment it so you
can address those segments. And some of those keywords in the catalog express those segments.
They're basically segment identifiers. And separately, the machine learning in the browser develops an opinion about you from your search queries, your clicking,
what pages you visit, all that stuff about what segments you might fall into, and then the
matching occurs. So we're using support vector machines and Bayesian sort of fairly simple stuff.
It doesn't burn your battery. We don't need TensorFlow or a cloud supercomputer to do this
kind of machine learning. And that does a pretty good job. A lot of ad tech is not as
precise as you think. Facebook said they could target that person and they could often, but
sometimes there were fraud actors, not so much on their native apps, but on publisher pages.
There's a ton of fraud in online digital advertising because JavaScript is used on
these publisher pages. And I designed
JavaScript on purpose. This was very intentional. I think it was the right decision to be a mutable
environment. It's global environment. All the standard objects and the document objects are
mutable. You can overwrite them. You can mock up lookalikes and you can forward load something that
looks like the next year's version of a standard object. So JavaScript's mutability was a huge boon.
It probably wouldn't have survived without it.
But it also means there's no security property called integrity.
It means that when the publisher is loading all these third-party tags from Google and
others, they can fight each other.
They can overwrite each other.
They cookie stack.
They cheat.
And what's worse, you can take the whole publisher content, scrape it into a fake
environment in a bot, and the bot pretends to be a user clicking on the ad. And you get paid the
ad revenue because the ad buyer didn't cross-check the publisher's ID in Google's ad exchange,
which is a fraud operator, against the true New York Times ad ID. It's bad. And that Google still
gets the fee when this advertising money is stolen by
fraudsters makes Google complicit with the fraudsters to some degree. It misaligns the
interests again. It's a conflict of interests. All right, listeners, our next sponsor is a new
friend of the show, Huntress. Huntress is one of the fastest growing and most loved cybersecurity
companies today. It's purpose built for small
to mid-sized businesses and provides enterprise grade security with the technology services and
expertise needed to protect you. They offer a revolutionary approach to manage cybersecurity
that isn't only about tech, it's about real people providing real defense around the clock.
So how does it work? Well, you probably already know this,
but it has become pretty trivial for an entry-level hacker to buy access and data
about compromised businesses. This means cybercriminal activity towards small and
medium businesses is at an all-time high. So Huntress created a full managed security
platform for their customers to guard from these threats. This includes endpoint detection
and response, identity threat detection and response, security awareness training, and a
revolutionary security information and event management product that actually just got
launched. Essentially, it is the full suite of great software that you need to secure your
business, plus 24-7 monitoring by an elite team of human threat
hunters in a security operations center to stop attacks that really software-only solutions could
sometimes miss. Huntress is democratizing security, particularly cybersecurity, by taking security
techniques that were historically only available to large enterprises and bringing them to businesses
with as few as 10, 100,
or 1,000 employees at price points that make sense for them. In fact, it's pretty wild. There are over 125,000 businesses now using Huntress, and they rave about it from the hilltops. They were voted
by customers in the G2 rankings as the industry leader in endpoint detection and response for the eighth consecutive
season and the industry leader in managed detection and response again this summer.
Yep. So if you want cutting-edge cybersecurity solutions backed by a 24-7 team of experts who
monitor, investigate, and respond to threats with unmatched precision, head on over to
huntress.com slash acquired or click the link in the show notes. Our huge thanks
to Huntress. Okay, so there's a variety of value propositions here. There's privacy,
there's speed, which it sounds like speed was the first one. There's make money from your
attention on the internet. You're rolling out a bunch more features in Brave, sort of at a
compounding rate now that it's turning into much more than everything you've
described so far with its own search engine, with its own native wallet capability. You're at this
unbelievable milestone now of having accomplished 50 million monthly active users. What was one or
two of the tipping points along the way where you realized, oh, this particular value prop
really resonates and accelerated the growth? Well, some of the stuff was early mistakes you make when you're a small startup, you
choose to use a shortcut. We use the Electron framework when we switched from a private
version based on Mozilla's Gecko engine to Chromium Blink. And using Electron was a mistake.
It wasn't designed for a browser. It turned off the sandbox. That was horrifying to discover.
And it's kind of bloated and replaced a lot of middleware files in the Chromium code that
Google was breaking through internal API shifts. And we finally got onto a proper,
well-maintained Chromium fork, including the front end. Now, the downside of this is we look
a lot like Chrome. We have the brave lion icon for shields. We have the triangle for bat. We have our own look for the
tabs, but it still looks a lot like Chrome. It's tabs on top. It's got Chrome extensions,
which can be loaded if they don't use the Google account system I mentioned that's for tracking
that we disable. But it's still a little bit too Chromey. And yet I think it's worth it because
that helped us get users off Chrome. Until we really did that rebasing on the front end of
Chrome, we were paying a growing maintenance
cost on all this Electron forkage, and our users were suffering because it wasn't fully
Chrome.
There were extensions needed to be manually supported or ported, and things weren't working
right.
So we switched to a more complete Chrome fork like a lot of browsers use.
I think Vivaldi is an exception.
They have a React native front end, and they've sunk the cost to stabilize the middleware.
Which is so interesting, right? Like if any upstart browser
team and leader were going to build your own stack, it would be you.
It takes a big team.
And you've chosen not to.
I have 10 people in the first seed round of Brave. What am I going to do?
I knew how to do 10 people out of AOL with the Netscape
Mozilla code base because I'd worked on that code base with hundreds of engineers at Netscape AOL.
And those people were still working on it for a while. AOL did lay off a lot of them,
but kept some on. Others went to IBM. And even though we had to shrink the workforce,
but it was bigger than the 10 people
I had at Mozilla in 2003 when we spun out. And until we got the search deal in 2004,
I couldn't really hire more people. We were burning down the $2 million from AOL.
Well, it's a similar sort of situation with founding Brave. I had to take 10 people. I had
to use some existing code base. And we did start with Mozilla Gecko in a multi-process sandboxed
framework called Graphene
that was part of Firefox OS, which I'd worked on. But it just lost on this big spreadsheet we did,
where we just scored it against Chromium Blink, and it just lost on too many rows. It was,
you know, what are we going to do for DRM? Oh, at the time, Firefox has a custom Adobe deal.
We can't partake of that, even if we use the Gecko source. We have to go get Google Widevine,
which Google made free as in beer, even though DRM is a closed source. It was bad, but you have
to have it. People, not just Netflix, Amazon Prime, Hulu, et cetera. So what are we going to
do? Well, Google is giving it out, but they're really only giving it out for Chromium-based
browsers. And so we did that. And there were just a hundred other paper cuts or major
issues like that. Gecko was never big on mobile because Mozilla was never big on mobile. We needed
all the mobile web kit lineage that goes into Chromium Blink that's still used on the mobile
web, stuff that preceded standards. So it was just at the end of 2015, we just said,
got to switch. And that's when we switched to Electron, but that had its own costs. And yet as a small team, we couldn't do the full Chromium fork. As we grew, we did. And so by,
I think it was end of 2018, we came out with BraveCore-based browser, which is our maintainable
version of Chromium Blink and our own front end still close to Google's. And that was very popular
and all the extensions worked and we
started growing faster. We've doubled for five years in a row, or more than doubled some years.
So 50 million users, that seems like the largest self-custodied crypto wallet application in the
world. And that's one way to look at it. The other way to look at it is it's this tiny fraction of
the overall browser market share. I haven't heard anyone talk about the browser wars and market
share in a while. Do you know what that sort of looks like today?
I mentioned Chrome is alleged to have 2.65 billion users. Now, some of these users have
gone away. I uninstalled Chrome. I found that there was a secret installer called Keystone
that was messing my system up. Somebody wrote a blog post about this. Google denies it, but
just phenomenologically,
life got better when I ripped all that out.
It was sort of hiding itself in the OS.
It was kind of creepy.
What matters in browsers, and you mentioned it earlier,
is sort of every 10 years is a change in the guard,
and there's this rapid evolution,
and there's a sort of lead user effect.
Eric von Hippel of MIT described this, right?
The lead users invented the plumbing toolkit.
They were homemade by machinists, plumbers, and they became standardized and big tools companies built
them. Lead users invented fiberglass surfboards, a lot of hot rodding like Tom Wolfe described.
Wind surfing user generated in some ways, Bill Bowerman, Nike. Lead users. These are people
who are not just creating something to go make a buck and seeing a need in the market and making a widget. They're users of their own products. They
love the product and they understand what it's doing or what it needs to do.
And having those lead users favor Firefox in its day or Brave now is super important.
And the lead users that I see that are very generative,
somewhat controversial are working on crypto projects, blockchain projects.
They're working on decentralization. That's not going to be controversial on this podcast.
Yeah. I mean, people are exaggerating how much energy Bitcoin uses and also not aware of how
Bitcoin can use energy that otherwise goes to waste. But we're not Bitcoin-based anyway,
and there are new blockchains that are much more efficient. So the whole thing is, to me,
kind of a needlessly ideological...
Yes.
Not a controversial statement on Acquired that the most interesting founders, technologists,
et cetera, are by and large focusing on Web3 and crypto right now.
Chris Dixon of Interest in Horowitz wrote this essay about Ethereum the other year and
talked about how he saw the developer animal spirits just rallying around it.
And it's true.
And then Ethereum got slow and the fees were too high.
But in some ways, it's like Unix. The Ethereum virtual machine now, the bytecode and
the smart contract system with some transportation cost, if it's not directly portable, is supported
on other chains. Polygon, obviously. Avalanche's C-chain is an EVM compatible. Like the Unix system
call table being copied into different flavors of Unix, the sort of design DNA spreads easier than code DNA because code has hard requirements,
not all of which are known or tested for.
But design can be copied.
And in this case, even with the EVM compatibles, the code can be tested to interoperation,
just like we had different NFS servers that had different code lineages interoperating
and different TCP IP stacks interoperating. So I think Dixon's essay was on point, even though people decry Ethereum's
slowness and high gas fees. And the new chains are just super exciting to the extent that you
can port your code. There are EVM cross-compiler and interpreter solutions on Solana, and there's
the C-chain and other direct EVM compatibles on other chains. It seems like your strategy with embracing not just the blockchain, but becoming an economic
player in the blockchain ecosystem has been, initially there was the basic attention token,
and I don't think that those were actually deposited on-chain into Ethereum wallets.
Is that correct?
In our system, because of regulations, not just in the US, if we send an ad revenue share to some
unknown self-custody wallet, we're going to get in trouble, including big trouble if it's somebody
named Osama bin Laden, right? So there's not just FinCEN, which looks at money laundering
carefully. People grumble about KYC,
know your customer. Why am I identifying myself with a custodian in order to get my basic
attention token? Well, it isn't KYC for its own sake. And it's not just a one and done. They have
to sometimes check again. In fact, there's a problem right now where they're making some
people in Europe fill out a survey to do more diligence. But KYC serves as a means to an end.
The end is anti-money laundering. It's identifying all these flows. And some of the crypto noobs also think, well, I should just go on chain and then I'm anonymous. No, you're going to get reidentified through blockchain forensics, right?
In the same way that it's not hard based on a zip code and a gender and a birth date or whatever to singly identify you, at some point, someone will be able to just run your wallet or wallets,
and it already happens today, through some de-anonymizer and be like, oh, I know who this is.
Right. So for our system with users getting ad revenue share and publishers then getting
creators on YouTube getting tips or recurring donations, just 10 of those or so could
fingerprint you as a user, right? If there are a few bits each, that's enough bits to fingerprint
you. It's a unique identifier
that can count everybody in the world.
And if you have enough observation points around,
and side channels, you can put things together.
So we realized that we couldn't go on-chain,
not just because it was too costly,
but because it would fingerprint the user.
And the answer in the long run is zero-knowledge proof.
So our next generation ad system,
which is aiming at Solana, is called Themis.
It uses a black box accumulator in the browser to build up an authentic, cryptographically
secure ad performance set of numbers that can then be put into a zero-knowledge proof system
directly on-chain, and the ad buyer can verify for themselves from the terms of the proof that
the ad performed. That's the magic of zero knowledge
proofs. By verifying it, you can believe the truth claims. And we're trying to move on chain with
that very soon with Solana, which is exciting, but we're still burdened by the regulations that
require not only the anti-money laundering, but also the Office of Foreign Asset Controls in the
US. Don't send to a self-custody wallet that's owned by somebody on the FBI's top 10 list,
right?
Or you'll do federal time for that.
So people get mad at me like, well, I must die KYC.
And they think I'm some kind of crypto hater.
No, I love on-chain direct.
I've done it.
I've paid one of the auditors for our smart contracts for the basic attention token, got
paid on-chain, and it was great.
Much better than sending a bank wire.
But there are problems if you want privacy right now
and you want to comply with these regulations, which have pernicious penalties. So we're working
toward a more decentralized future and we'll have to see how it goes. The great thing about crypto
is I see a lot of now banks, Jamie Dimon did a heel turn from saying Bitcoin's a ponty to,
oh, my blockchain's great. And family offices and
companies are into crypto. The old big tech guard aren't, though. Facebook tried with Libra, now
Diem, but really got hurt. Politicians didn't like Facebook. And it wasn't really clear
why you'd want it instead of another existing crypto.
So the initial thing you did was introduce the basic attention token, and you could accumulate
that without going through any KYC. But if you were going to then
send it to a creator, they would need to have a KYC wallet.
But you wouldn't. As a user, you could still be anonymous.
But it seems like now you've moved to, you first forked MetaMask to make a Brave wallet. Now you're
building your own native Brave wallet directly into the browser, which is totally a thing that
Safari could do, that Chrome could do. And it doesn't seem like
they're going to do that for a long time. So you're going to be the first browser with a
native, secure, on-chain wallet, hot wallet, directly baked into the browser.
It's a refrain from the early days of Firefox. Opera had it first.
And you can say that again because Opera did have a wallet in 2018.
No way. Opera has a wallet. That's so crazy.
We were worried because they came out with a self-custody wallet and a Dapp store in 2018,
and Bray's been growing. So I had to get more people to do the wallet, or I had to get
my co-founder to go lead the wallet effort. But in 2018, it wasn't going to happen. On the other
hand, crypto winter happened. And I think that took the steam out of Opera a little bit. But
Opera still has crypto, and they're talking about a Polygon deal they pre- winter happened. And I think that took the steam out of Opera a little bit. But Opera still has crypto and they're talking about a polygon deal they pre-announced. And I think
Opera will always be there, kind of like Brave, even though it's now Chinese owned and a little
less trustworthy just in Western eyes. I'm not saying anything personal here. And yet Opera will
be innovative, but Brave's going to go faster and we're going to do things that cut across the self-custody versus custodial usability trade-off space. Because it took 25 years to train people to
use username and password logins. And maybe for real banks and Coinbase and so on, you have to
have a second factor authenticator app or something like that, or a YubiKey. That's almost as hard as
self-custody. It's a little bit
safer in that if you lose your private key, your word list, your backup, your crypto steel with
self-custody, you've lost. Whereas if you forget your password and lose your YubiKey,
lose your authenticator app or the phone it's on, you can probably convince Coinbase,
you're you, and they can reset your password for you. So it's complex enough now though, I think self-custody has a shot.
Getting things to be useful, getting the basic attention token to be useful,
including that virtual kind you earn without KYC-ing because you're going to send it back
to your traders who do have to KYC for these AML and OFAC reasons, that we can work on with the
wallet. So we're going to make the wallet sort of blend with the Brave Rewards system as much as we can.
We're going to make it multi-chain. We don't have any religion about blockchain. We like Solana.
We agreed to make it the default for multi-chain dApps where they don't express a preference for
default and the user doesn't. And that choice of default the browser can make, that's important.
That's how search deals get done. That's why Google only pays for default because they're king of the hill
and they figure they'll get the traffic anyway. That's what they say. Whereas Bing does and DuckDuckGo
and others and Yandex do search deals with browsers. Even if they're not the default,
they'll pay for traffic. But even still, a lot of people are going to get wallets for the first time.
This is pretty awesome.
It is.
It's exciting.
You've seen what happened with MetaMask.
They took off very cleverly at the time Uniswap did its V3, I guess it was, and just started
getting a lot of swap action that made them a lot of money.
And that was from people using MetaMask and self-custody.
I would guess.
I've not got a good figure right now.
Most of those users don't have a hardware private key device like a Ledger or a Trezor. And so they're keeping
that wordless safe in some safe place, I hope. I talked to somebody, an anonymous user of Brave
in Africa who was a Hex fan, and they were wondering why the Hex founder was feuding with
us because he's kind of a nut, but that all blew over. But this user, I said, how do you use it? He said, oh,
I've been buying crypto for five years. I use MetaMask, right? Or four years, I guess it was.
And I said, oh, do you have a ledger or a treasure? No, I'm really afraid I'm going to lose it all,
right? Well, sure, you can recover access to the wallet. But like, that still means you're
piling up wealth in a browser extension, which are known to be hackable, or at least not
as secure as if it was in a browser itself. And on top of all this, it's always connected to the
internet. The extension is just weaker, both in terms of its powers, but also its security model.
If it's doing its own secure store for a private key, it's just in a weaker footing than a native
app by design. Then, you know, we see this all the time. If you tweet and you
mention MetaMask, I joked the mask that is meta because I didn't want to say it, you'll get all
these phishing support accounts pretending to be your buddy impersonating my friend David Walsh
who was at Mozilla and now is at MetaMask. And they'll try to say, DM me or go to this Google
form and we'll help you get your key recovered. And sometimes the topic wasn't even about lost funds. And you go to the Google form and right above the fine print from Google that
says don't enter any personal private data or passwords in this form is a field saying,
give us your 12 words, your 20 words. So these fraudsters just swarm onto this.
There are bad actor companies in the ecosystem right now that are trying to tell you,
hey, for a nice experience to have all of your wallets aggregated here, type in your secret phrase from your local self-custodied wallet into our thing. And it took 20 years, and it took 20 years to train on credit cards. And so we're telling people, hey, this is like
a username that you can type in anywhere. And it's completely defeating the purpose of that
as security. Same thing for QR codes. QR codes have become shorthands for links. I go to my
neighborhood pool, and I can scan a QR code with my iPhone and then sign in on the web form. But
QR codes are also used,
especially in crypto, for spelling a private key. And you should not be putting them on paper
for somebody to scan ever. And you're right. There are, let's say, bad or sketchy actors
who are trying to collect these things or passwords and email. There were services over
the years, there still are, that will say, hey, we'll read your email for you. In fact,
Defnet goes building one, but I think they're keeping it clean, right? It would
blow them up if they cheated. They're just trying to strip trackers from your email and you get a
duck address if you want it. But better if it didn't have the clear text of your email messages
at all. And so in Brave, if you use webmail like Gmail, we block those trackers at the end point
where the secure session, the TLS session terminates. But this whole thing about dual models, something's a public key or a public link,
something's a private key, and they're both getting forced through the same UX metaphors
is a problem.
And training users, maybe getting to a better state of play with hardware wallets where
they aren't just this anxiety-producing dongle that you're worried, did it break?
Did I forget my pin?
Did I forget my pin? Did I send
to the wrong address? You probably want these things to be more like a phone,
something that's more useful to you in your digital life. You don't want to have anxiety
every time you transact. You want to have the sense of security and that you're winning.
And that's the other thing I would say about Brave. We can make your built-in wallet a positive
sum game. It can collect non-pump-and- and dump yield opportunities from DeFi if you want to put some assets in. It can collect that revenue share. That's another positive sum game we already have. So we're trying to make crypto be part of your daily life in a way that doesn't provoke anxiety. Am I being phished? Did I lose my pin or my passphrase. You bring up this just ever-present trade-off
in computing, which is security versus user experience. And I frequently think that when
I'm doing something in crypto versus I'm doing something in the regular bank TradFi ecosystem,
and my bank, for better or for worse, has taken a lot of the headache away. And I have a pretty
good user experience. It's not confusing.
I know what I'm doing when I'm wiring money from one place to the other or making a transfer from
one account to the other. I lose some of my liberties because they have the option to remove
my assets if they determine that I've done something illegal, even though I'm like, well,
hey, I didn't do something illegal. If they determine that I did, they could seize my assets.
They can make a profit on me. They can arbitrage the cost of capital to their returns when they
take my deposits and deploy them elsewhere. I should be getting all that economic upside.
But what I've gotten in exchange for giving up my liberties and my economic opportunity is a pretty
good user experience. And we're at this place in crypto right now where we've taken a hard left
and we've said, I want to own everything. I want to be hyper-secure. I want to have all my privacy.
And what we're left with is... Be unbanked. Yeah.
Yes. Also be a bank. And it is a brutal thing to have to manage all this stuff right now.
Yes. This calendar year is going to be big because not only adding more chains,
I think I agree with Vitalik, we're not going to do complex multi-chain transactional models. So
people are working on those using threshold signatures. I think the main thing is we'll
have the chains people want to use and the yield farmers go where the returns are good and the
users follow. So we'll make that all as automatic and convenient, but you'll still have to turn it
on and we'll have safeties on it.
And that UX will take a lot of work to develop because design is still an art. Absolutely is an art, right? The space is too large to do sort of A-B testing in any credible timeframe. You have
to call some shots, get some users telling you what to do, collaborate with those lead users I
mentioned earlier. And then I think at the end of this year, we'll have a wallet that will be super awesome, not only for using crypto and DeFi and
so on, but also if we do it right, some of our custodial partners can virtualize your plastic
from your wallet. So they can give you, like privacy.com does, like the Apple card does,
they can give you a MasterCard number from a block that they allocate from that isn't your number. So your
security is better. It's like the generated email addresses that Apple and others are doing.
And if we virtualize the credit card, then we can actually put e-commerce in the browser. We can
deconstruct Amazon, every site without having to change its merchant JavaScript, which is not going to
happen easily, can have an option where you can use something like a virtual credit card
that could even be topped up with crypto or draw on crypto.
I've got one question for you as it pertains to this decentralization versus user experience
topic.
Moxie Marlin Spike pointed out in his recent post that, and this is a quote, to make these
technologies usable, the space is consolidating around platforms.
Again, people who will run servers for you and iterate on that functionality that emerges
in Fiora, OpenSea, Coinbase, Etherscan.
And my question for you is, do you think it is the case that the user experience that
users want and the developer experience and sort of ecosystem speed
that programmers want necessitates these centralized choke points no matter what
generation of the web we're on. So it's hard to beat a server when you want to do something like
index Ethereum's history into a database with multiple ways of querying it. So I'm not going
to do that on my machines. I'm going to use Etherscan or something like it. And if Etherscan has trackers or bad ad tech in it,
I'm going to use Brave and block those. But it's hard to beat a server sometimes.
And I agree with Moxie, right? I like Moxie a lot. I met him once at Mozilla in the old days.
He and colleagues did this blind context matching system, contacts, I should say,
like your address book contacts for Signal. Because they had
this problem that your friends are on Signal, Signal uses the phone number as identifier,
but how will they help you find your friends without reading your address book, which is a
privacy problem? And the way they did it used Chown blind signatures and hashing and so on.
And it's clever and it runs in a secure enclave on the server, which is something we're also using at Brave. So I agree with Moxie's essay. There's a larger toolkit from cryptography,
the original crypto, which some of my cryptographer friends are still mad as crypto has been annexed
by cryptocurrency. But there's a larger toolkit and it works on servers, on centralized systems,
as well as in decentralized systems. And decentralized systems, even Solana, there's always a trade-off.
If you really want certain guarantees and certain latency, you're going to want a server
and you're going to want even the network to that server to be provisioned a certain
way.
So there's no free lunch and there's a larger universe in which I think blockchains and
peer-to-peer networks make sense, but also servers will endure.
That's why I get annoyed when people think that Web 2, you know, oh, Brave's 2, Web 2.
Well, Web 3 is not going to replace Web 2.
It's going to extend it in a way that eventually, perhaps, if it's like McLuhan's laws of media,
it's going to mock and torture Web 2.
But that's far in the future.
In the meantime, it's going to be extending it
so that we can get users using it. And there are ways that users will want to use it that are
going to be like Etherscan or a proxy farm like Infura runs or Bison Trails, or there'll be
servers you'll want to go to. But if you have these cryptographic protocols, if you have strong,
muscular clients like Brave, if you have that market power as a
small user through essentially unionizing with other users of that client, then you should be
able to get better privacy, better security properties out of the server. It shouldn't
just be raiding your data. It shouldn't be just betraying you in some way while it's whispering
in your ear. It should be a fairer deal. And that can be done with cryptography broadly construed. So I liked Moxie's essay quite a bit.
We want to thank our longtime friend of the show, Vanta, the leading trust management platform.
Vanta, of course, automates your security reviews and compliance efforts. So frameworks like SOC2,
ISO 27001, GDPR, and HIPAA compliance and monitoring,
Vanta takes care of these otherwise incredibly time and resource draining efforts for your
organization and makes them fast and simple. Yep, Vanta is the perfect example of the quote
that we talk about all the time here on Acquired, Jeff Bezos, his idea that a company should
only focus on what actually makes your beer taste better, i.e. spend your time and resources only on what's actually going to move the needle for your product and your customers
and outsource everything else that doesn't.
Every company needs compliance and trust with their vendors and customers.
It plays a major role in enabling revenue because customers and partners demand it,
but yet it adds zero flavor to your actual product.
Vanta takes care of all of it for you.
No more spreadsheets, no fragmented tools, no manual reviews to cobble together your security and compliance requirements. It is one
single software pane of glass that connects to all of your services via APIs and eliminates
countless hours of work for your organization. There are now AI capabilities to make this even
more powerful, and they even integrate with over 300 external tools. Plus, they let customers build
private integrations with their internal systems. And perhaps most importantly, your security
reviews are now real-time instead of static, so you can monitor and share with your customers
and partners to give them added confidence. So whether you're a startup or a large enterprise
and your company is ready to automate compliance and streamline security reviews like Vanta's 7,000
customers around the globe,
and go back to making your beer taste better, head on over to vanta.com slash acquired and just tell them that Ben and David sent you. And thanks to friend of the show, Christina, Vanta's CEO,
all acquired listeners get $1,000 of free credit. Vanta.com slash acquired.
All right, well, I want to move on to our grading section here. And even though this isn't a sort of traditional acquired episode, or we've necessarily told the whole history and
done our teardown analysis the way we typically do, Brendan, I am curious your take, what does
A-plus look like for Brave, let's just say three years from now? In some ways, it's an epoch away,
in other ways, it'll be here as soon as we know it. What does success look like for the company?
If we keep doubling or better, three years is eight times 50.
So it's 400 million users.
And once you get to that scale, you start to get distribution opportunities like being on
phones.
Pre-installs aren't really happening outside of the apps from the OS superpower like Android,
Google, or iOS, Apple.
But Samsung's out there and there are new phones coming up in the world.
And there's always a lower end of the market that's getting better thanks to the hardware
getting better and sort of trickling down. And so I would like to see us get to that scale because
then I think distribution could go in directions that right now is harder to do organically and
will cost you a lot if you have to pay for it. But that's kind of a mundane business thing.
I think if you get anywhere near 400 million monthly users, you have enormous clout, especially
if they're lead users still, in standards.
And standards matter still because a lot of businesses want to not only compete, but sort
of cooperate, the competition model.
So you get ongoing web standards still in spite of Google's
dominance and somewhat strong arm tactics, you still get standards evolution. Crypto is for each
blockchain, its own set of standards, often run by a core team. But there's, as I said earlier,
greater sort of de facto standardization on things like EVM compatible chains or smart contract
systems or things you can do with compilers and interpreters, even if you don't have an EVM compatible chains or smart contract systems or things you can do with
compilers and interpreters, even if you don't have an EVM work alike in your node, in your network.
So when we get to the scale of toward 400 million or more users, we will have opportunities to do
things, including with the basic attention token that we couldn't have done out of the box earlier and that would
look like having something more competitive with Google that's decentralized. And we're not just
aiming at Google. That's like sort of driving by looking in the rear view mirror. Google's
a hundred year company, so was General Electric, but it ended up a tax dodger and a subprime lender.
This is not a good ending. Thomas Edison was spinning in his barrow. Google may end up that way sooner or later, but we're looking at a world where users
are sovereign. That's the vision I mentioned earlier. You have these machines. Without being
a burdened sysadmin, you should have say over them. You should have benefits from them.
And it's not just economics in some money-grubbing way. Economics really, the Greek word, right, means something about home economics or about the
home or the scale of human life where you live most of your life.
And things have become very fraught and dehumanized at larger scales.
But if we can get people operating better at smaller scales, then I do believe this
will be good for the world.
And I'm not just talking pie in the sky, hobbits in the shire stuff here. I see this with the creator economy. I see this with the YouTubers
and the other creators. I see this with NFTs for all the clowning that goes on with NFTs.
And actually, we'll be looking into NFT as a basis for further tokenomics for our creators
in this new year. We want to see fans and creators directly connect,
and we want to see them do it without being demonetized or interfered with, censored,
all that stuff. And if this can be scaled up, it forms all these little networks that
have these logistic curves that have their exponential phases that everyone loves.
So people should want this for good business reasons, but you can't rate it through ad tech or tracking. You have to have a better platform and better sort of network for it. You have to have crypto in both senses, Moxie's cryptography and cryptocurrency or blockchain. And I think Brave at 400 million, we can actually make this real. We have 1.3 million creators verified. We would have tens of millions of creators.
And that means people who have KYC'd themselves so that they can receive tokens?
Yeah. Or if enough people have self-custody, maybe we'll hang the self-custody wallets on
the creator side and you can just do an on-chain send on a fast chain with low fees. And you don't
have to go through KYC at either end. Now, that was always what people told us to do. You should
only do direct on-chain. And I looked at it.
And even with our Bitcoin prototype, it was too expensive.
I talked to people like Bology of 21.co, which Bitcoin bought.
I talked to the Open Bazaar founder who actually DMed me first.
He said, we're thinking about adding BAT.
And I said, aren't you Bitcoin without a fee?
Why do you need BAT?
And he said, well, nobody wants to send Bitcoin.
They want to hodl it.
Which is very true. And which at the at the time would have been a good strategy. Just sit on it. Don't shave those Bitcoins to send something, send scraps to your favorite YouTuber. And people will
send Bitcoin. People are using Lightning or Jack and so on are all excited about it, whatever.
There's lots of options for this, but getting people to do direct on-chain sends is still
challenging for the UX reasons we mentioned, the usability, the security, the sort of familiarity
on both the sender and the creator who receives it. But with Brave at 400 million, we can hang
self-custody on all sides of our ecosystem, even the advertiser side, the full triangle,
and people can go peer-to-peer. They don't have to go through custodians if they
don't want to. Now, like I said, if you're worried about law enforcement, which you shouldn't be
unless the government's gone bad, then blockchain forensics and exiting on a regulated exchange will
still let the law enforcement do what they need to do. We're not trying to stand in the way of
law enforcement doing what it should do. But this idea of getting to a big system of direct on-chain sends, by starting there and
limiting it to only those cases, or limiting it only to Lightning, which I was told to
use before it was ready, years before it was ready, doesn't make sense.
We've gone the other way.
We're pragmatists.
But as we grow, and as we keep the custodial options going, we'll add the self-custody
options and see what wins.
Makes total sense. I'm sure you've thought more about the success case, but what's the failure case? keep the custodial options going. We'll add the self-custody options and see what wins.
Makes total sense. I'm sure you've thought more about the success case,
but what's the failure case? What are the existential risks at this point?
So there's always risks of some bad macro event or some bad crypto event. Crypto gets banned in the US or something like that. Don't think it's going to happen. One of the reasons is because I
do see too many rich people partaking through their family offices and so on. But I do think there's a risk there,
and I can't quantify it too easily, so we're just trying to carry on. It's hard to hedge anyway.
I think there are risks with big tech. Big tech could still misbehave, and it still has
even political power, though. It's been getting beaten up more and more by both parties as time
goes on, but that's a risk.
Do you think that Facebook or Google or any of the others could ship a wallet in Chrome,
for instance, or actually really embrace this?
I bet there's somebody at Google who's looked at this. I know Google had a wallet or may even have a wallet team that does some outward bound stuff. And they never connected it with Chrome.
They never put it together. PayPal is going to do their own stable coin or whatever. You're going to see more wallets
and maybe you'll see them in big browsers. But I don't know if they're going to get into the
system that we're getting into early, which is the frontier. And that means they may just be
stuck in the old world. It's very much like the age of discovery. We're going to be building the
wild west and then the lights will come in and the streets will get better paved and we'll be
there already. And we'll be selling pickaxes and shovels. The old world is back there,
the ancien regime, kind of corrupt, unwilling to innovate. Maybe they stole the gold, but their
banks then stole it from them through compound interest.
I love it. You're the sans culottes.
Oh, yeah. The Fugger family made out, the Habsburgs did not. So, you know,
Google may have a wallet, but it might just be a me too. And it might be kind of weak when they do.
Can you imagine the default switching from sign in with your Google account to
authenticate with your in-browser wallet? There's just no way.
It really is hard for Google to innovate.
They're just a big company and these big companies have their own problems,
not just the innovator's dilemma, but at least that much. And I just don't think they're going
to be a huge threat, but they could use strong arm tactics to hurt us for sure. All the bigs could.
And then there's our own execution risk and our own sort of competition with the growing new wave of privacy products, where I think we have to just compete.
And it's competition's good.
We learn from each other.
There's a marketing component as you grow across the chasm where you're trying to convince
people who don't know, again, a search engine from a browser that your product is more private,
it is faster, it's more trustworthy, it's got other good properties.
Who do you consider your competitors? So would it be like Square or Block or Metamask?
No. So we're trying to get people off of Chrome. And that's a matter of getting people to see that
it's easy to migrate. You can even co-browse for a while. You don't lose anything. And then you can
cut the cord with Chrome. People switch from Firefox. That happens over time because it's
going down and people can see it. And there are problems there. We can get people off Safari,
but Safari is still privileged in Apple's OSs and kind of tied. So that's hard. Edge is somewhat
privileged in Windows, which is a little hard on us. We're competing, I think, for thought
leadership with other privacy firms. So there's Jumbo Privacy, which isn't really doing a browser,
but it's coming up with stuff. It's another venture funded thing. Deftico has been out there a long time
and they've built up quite a reputation and brand name. You see their signs in airports.
So they've done sort of a marketing first approach and gotten to a reasonable annual
turnover from what I understand. And that's got to be considered a competitor because
they're doing desktop browsers on top of mobile now. But we look at the pie that we're dividing up as very large.
If you're taking users from Chrome, we could both take and not really interfere with each
other.
The worst case to me would be Duck and Brave start blooding each other in some mixed martial
arts match to claim the privacy mantle prematurely.
That seems needlessly destructive.
But it is difficult
marketing across the chasm. You have to say, we are more private, or we are better, or you should
use us because we're faster, we're more complete, we block these threats that the other guy doesn't.
And so some of that will have to happen. It's just going to have to happen for marketing reasons.
All right, lightning round of carve-outs. David, give us your first one. And you know,
I'll go first, and then we'll kick it to Brennan so he can think on his. I'm going to make it easy. My carve-out is a book
I'm about halfway through that I started reading because I saw you tweeting about it while you
were in Hawaii. Project Hail Mary, Andy Weir. So good. Really enjoying it so far.
So good. It makes me think about everything from scientific principles when I look around
in the world. I don't know that book. What's it about?
It's Andy Weir who wrote The Martian. This is his newest novel. Okay. And his story told in such a way that it's really fun to let
it surprise you as you read the book. So I don't want to spoil it. Okay. Yeah. The Martian was good.
Cool. All right, Ben, what'd you get? My quick one is the second book that I read on vacation,
which is Open by Andre Agassi. His co-writer or ghostwriter, I don't know the right term,
but it's the same Pulitzer Prize winning writer who helped fill night with Shoe Dog.
And it is written in that same page turning thriller style. And Andre Agassi had an
unbelievable career ups, downs. Shout out to friends of the show, Jeremy over at Tiny
and David Perrol,
who at Capital Camp recommended the book to me, but it was just awesome. Highly recommend it.
So I've not been reading enough and I owe a friend at Apple a reread of his new book,
which is his first novel. But this is kind of negative, but I think it's important.
Mike Schellenberger's San Francisco is worth reading if you're from the Bay Area a long time like I've been, because it ain't good. I remember much better decades in San
Francisco and I hope come back somehow, but Mike diagnoses it pretty directly.
I also would recommend an old book that a friend who only reads old books recommended to me,
which you can find free copy of online, like LibGen, you can get it. It's called Dynamic Economics by Burton Klein.
You've never heard of Burton Klein. Burton Klein looked at how firms grow and how they start.
Sometimes the Skunk Works projects, he actually looked at Kelly Martin's team. He looked at the
Trader's Aid at Fairchild. He looked at the China Lake Sidewinder, the first practical heat-seeking missile development.
And he made some killer observations about structure, sort of sociology, anthropology, hierarchy, about how firms go from innovation to rent-seeking to outright vampiric badness.
And he had four kinds of firms. So anyway, Burton Klein, Dynamic Economics. It's
an oldie, but underappreciated and still very much relevant. I wonder if I should
give Elon Musk a pointer.
Brendan, thank you so much for the time. We're going to let you run. Where can listeners find
you on the internet and Brave on the internet? So brave.com, five-letter English word domain name. We got it in 2015.
We got it from the nuclear polka combo, Brave Combo. It's a Texas band, the friends of Matt
Groening, the Simpsons creator. He's put them in Simpsons season 17. And they were honest musicians
and we gave them bravecombo.com and paid a reasonable price. So brave.com is it. I'm on Twitter as Brendan Eich. I'm on Reddit as BrendanEichBrave. Easy to find. BrendanEich.com. I haven't updated in a while. That was a historic blog post, but some of them are still relevant to do with Trust But Verify, also WebAssembly, JavaScript stuff. And on Twitter, the Brave handle is called at Brave. It seems to be search banned
for some reason. I'm not sure why that is. We have attention token. That's another Twitter handle.
We have Brave support if you need support. You can always tag me, Brendan Eich.
Awesome. Brendan, thank you so much.
Thanks. It's fun.
David, that was super fun. Brendan is such an internet legend.
Oh my gosh. What a man for all seasons, literally.
Yep.
Well, listeners, thanks for being on the journey with us.
Another fun episode.
As always, if you want to check out more and you're like, I need more Acquired right now
and there's not any new episodes yet and you want to go deeper, go check out the LP Show.
Search Acquired LP Show wherever you get your podcasts.
Come discuss this and hang out in the Slack, acquired.fm slash slack. We got a job board.
You're looking for your next thing. You're part of the great resignation. Maybe you're thinking
about being part of the great resignation and you are thinking about, you know, you want to
float your name for something, but you don't know what that something is yet, we also have that feature on the job board. So go to acquired.fm slash jobs, find your next dream job. And we will see you
next time. We'll see you next time. Who got the truth now?