Up until now, Brave has been best known for its open-source, privacy-friendly web browser.
But Brave has innovated in that space and created a novel way to convince users to view adverts without compromising their online privacy and security. Brave users and developers are paid in BAT (Basic Attention) tokens, a form of cryptocurrency, for viewing and driving traffic to ads.
With that in mind, when Brave announcing it is planning to move into the VPN market, it should come as no surprise to learn that they are planning something a little bit different.
In a research paper published by the people behind Brave, they have announced plans for a decentralised Virtual Private Network (VPN)
What is a decentralised VPN?
To understand why a decentralised VPN is a good idea, you first need to grasp how a regular VPN works.
When you connect to a VPN, your data stops going to the websites you want to visit directly and is instead rerouted down an encrypted tunnel and through an external server. This is how a VPN is able to encrypt your data and keep it private.
But it also means that you are completely in the hands of your VPN provider. All of the VPNs we recommend on VPNCompare.co.uk are reliable and trustworthy. But there are plenty of other VPNs out there which aren’t. This is particularly true with so-called free VPNs.
Many of these VPNs sell customer data or are more than happy to hand information about you over to the police. The truth is there are far more untrustworthy VPNs out there than there are ones you can depend on.
Some commentators even go so far as to suggest that VPNs are not worth the risk for this very reason. And it is for this reason that Brave is proposing a decentralised VPN.
Their technology has been given the moniker VPN⁰. It would be a decentralised VPN network which would allow relay exit nodes (essentially other users) to control which traffic they transmit. In other words, users would form part of the network, but they would get a say on the type of data they hosted.
If that sounds like a privacy nightmare, don’t worry. Brave has a solution for that which is perhaps the most innovative bit of this whole system.
They are proposing using zero-knowledge proofs, a type of cryptographic technique which would allow a user to prove the type of content they were sending without revealing any of the actual content itself.
As Brave’s performance researcher, Dr Matteo Varvello explains, “Our solution allows [the user] to control which traffic a node carries without knowing what it is.”
The problem with VPN⁰
It is a really interesting proposal and has the potential to revolutionise the VPN sector by essentially taking the best bits of VPNs and the Tor Network and splicing them together.
But there are still plenty of issues worth highlighting.
Brave is proposing integrating VPN⁰ into BitTorrent client Mainline and creating a pseudo-search engine for users to find hosts for their traffic. But there is no mention of safeguards in their proposal and without these, the risks of accidentally hosting illicit or illegal content is high.
One analyst, Chris Monteiro, is hugely sceptical about this aspect of the project. He argues that if it was possible to avoid hosting “horrific” traffic then there are plenty of reputable VPNs out there who would already have done so.
It is a fair point. There are enough credible VPNs out there ploughing huge sums into research and development. You would expect at least one of them to have stumbled on a way to ensure they were not hosting illegal content such as drug and gun sales or child porn if it were possible without compromising users privacy.
It could be that the people behind Brave have stumbled upon the answer to this dilemma, but Monteiro for one appears to doubt it. According to him, VPN⁰ is a “good idea” but one “presented naively by technologists rather than privacy advocates.”
As he says, “No one is going to jail to defend your right to privacy on your shitty $5 VPN.”
Is VPN⁰ the future?
It is possible that Brave is at the forefront of the future model for VPNs. There is no doubt that tackling the issue of centralization is a big one and some sort of decentralised solution will come along at some point.
But for now, there are enough doubts about VPN⁰ for us to incline towards scepticism.
Revealing some but not all of your internet data looks awfully like creating a vulnerability to us and, where there is a vulnerability, there is a weakness for hackers and governments to exploit.
If these concerns can be waylaid, we will be the first to sit up and pay attention. But at the time of writing, they haven’t been.
There is no doubt that using a regular VPN means placing your trust in a single provider. But we have spent long enough researching VPNs to know that there are plenty of VPNs out there that are trustworthy and committed to protecting your privacy.
Decentralised VPNs may be the future but for now, a regular VPN is still the best option.