A new browser released 1.0 last fall and has been rapidly gaining adoption. Brave (brave.com) is a browser based on Chromium (the basis for Chrome) and boasts of superior privacy controls. It’s even been recently recommended by the Apple App Store.
While you may have heard of Brave due to the creator program, or perhaps you are aware of the merits of their crypto-based currancy payout model – we’ll be focusing on what the browser means for analytics and analysis.
Why should you care?
There are so many browsers, and you’ve never seen Brave in your browser reports, so why am I writing about this one specifically?
It’s a ghost lurking in your traffic. It’s part of that unseen delta between your analytics and the back end transaction system. It actively seeks to avoid detection, and lies / misrepresents itself when caught in the open. One should be aware of it, because it’s gaining usage.
Let’s look at how based on their reported numbers:
- In October they reported 8 Million monthly active users.
- In November, the browser went to 1.0 Stable release.
- In December, they reported 10 Million Monthly active users at the end of November, and cited 3.3 million Daily Active users.
So from November 2018 where they had just about a million active users, they’ve managed to triple their daily user count in roughly 12 months, while at the same time deploying to Windows, MacOS, iOS, Android and in 52 different languages. It is very likely going to continue to grow in the future as the privacy discussions heat up around the world.
Let’s look at their privacy protections…
All Shields are Full!
By default, Brave ships with their Anti-tracking tech enabled, which they refer to as ‘Shields’.
Out of the box this means a few things for analysis:
- Content is upgraded to secure (HTTPS) by default.
- Cross-Site trackers are blocked, at the network level. This means that while you’ll see a line in the Network Panel for the resource, 0 bytes will be transferred and the resource will be flagged as ‘stalled’ under the resource timings. The Anti-tracking tech is very aggressive, and follows a similar algorithm to uBlock Origin and Cliqz. It will cross reference multiple tracking lists, and apply string based parsing to determine what to block. The flowchart on the above link is very good at showing how far they go to block trackers. You could also read their writeup of how it classifies trackers. I have seen it prevent A/B testing platforms from loading and seen it block various tag managers.
- Because the resources are blocked at the network level, JavaScript on the page can fail or error if it interacts with the 3rd party code being prevented from loading. This can affect analytics software, A/B testing platforms, and related features.
- It will block malicious code such as Cryptominers.
- It seeks to combat device fingerprinting methods (read how).
- Client Side cookies have a max duration of 7 days.
- Server Side cookies have a max duration of 6 months.
- 3rd Party Cookies are blocked entirely.
- It’ll remove known tracking parameters from query strings, affecting attribution methods. For Example, it’ll strip ‘UTM’ name/value pairs from links.
- It will spoof (lie) about cross-origin referrers. For example, clicking a link in Google’s results causes a null referrer value via `document.referrer`. This may lead to attribution methods misclassifying the traffic.
- It will spoof (lie) about it’s User Agent string – it will identify as Chrome by default.
- If using Private mode, the user can enable Tor routing – which will disguise their IP Address resulting in incorrect geo-location from a reverse IP Address lookup.
So you won’t be seeing Brave traffic in your browser reports, but rest assured it’s likely lurking there behind the scenes. Brave users could be getting a very different (and they claim 3x-6x faster) user experience over other browsers, and will be part of that delta between the back end transaction system and what you may see on front end or 3rd party reporting. It’s effectively ‘ghost’ traffic from a targeted marketing standpoint. Users of Brave may buy things, but unless you have a server side eco-system they’ll get a divergent experience and that can affect the analysis that often powers budgets. Even with a server side tagging system, you’ll still take a beating for attribution as Brave strips the identifying URL parameters from the URLs, resulting in a need for work arounds, or incurring a loss of channel attribution.
A special note about A/B Testing
I can’t say for sure that Brave will reach popularity on terms of the major players in the browser space – but should it, or should the other browsers adopt it’s methods the impact to A/B testing efforts could be sizable.
Browsers such as Safari already can impact the segmentation that occurs for client side testing tools. Brave goes further and blocks the JavaScript from even executing. So Brave users will likely always be getting the ‘Default’ experience. Since the testing platform is never called, it won’t affect the analysis as you’ll see get a expected split from the browsers that do call the testing service.
What could be an issue however, is the different between total traffic a site gets (which includes Brave) and the traffic used to determine the testing outcome. It’s just a theory – but I suspect it could have the following impacts.
- Differences in traffic amounts mean that the calculations for determining runway required statistical significance may be off. You could end up needing more time, because not all site traffic is being generated into the test campaign.
- At high enough populations of Brave usage (or the like), it could result in whatever the outcome of the test being the reverse of the desired action you would want to take. Basically, Test challenger comes out the Winner without Brave traffic, add in Brave traffic and it was a loss. So it could result in deploying ‘winners’ which actually degrade site performance / KPI impact.
These are just theories which may never come to pass. It’s hard to identify what percentage of your traffic mix may be Brave, but a growing delta between front end analytics and back transactions could point to it. However, should the other browsers adopt more strict stances in regard to privacy this could result in shifts that need to occur to maintain a viable testing program – such as a shift to server side testing which the experiment can’t be blocked by the browser.
In Closing
You can’t trust the browser for meaningful data in all cases, and Brave as a browser highlights that. It may not be a large amount of your traffic today, but that doesn’t mean it won’t be tomorrow. It would be worth working with your development team and conducting an impact analysis so there are no surprises down the road should Brave’s popularity continue to surge. I feel it’s important to understand just how different this browser is compared to what else is out there because should it gain wide adoption, the analytics and advertising industries will need to scramble for how to deal with the effect it’ll have on marketing and analysis.