Brendan Eich: Don’t blame cookies and JavaScript

The JavaScript creator, Mozilla co-founder, and now Brave Software CEO loathes the online advertising ‘surveillance system that loots users’ and he’s doing something about it.

A binary eye sits within the center of a targeted virtual framework.
Polygraphus / Getty Images

Best known as the creator of the JavaScript programming language, Brendan Eich is also the founder and CEO of Brave Software, creator of the Brave browser, and co-creator of the Basic Attention Token. As CTO of Mozilla, he helped pilot web browsers out of the dark ages.

I recently spoke with Eich about the sins of Big Tech, the failure of the web advertising model, and how Brave and Basic Attention Tokens put users first. We also discussed euphoric crypto bubbles, Web3 foolishness, the great promise of blockchains, and why corporate CEOs don’t code.

brendan eich Brave Software

Brendan Eich

Matthew Tyson: I have to begin with a thanks for creating JavaScript, a language that has played a foundational role in the web and fueled so many coding careers. And thanks for driving a stake into the heart of IE6. OK, on to the present day!

You created the Brave browser and the Basic Attention Token to improve the interface between users and digital advertisers—an interface that, as it stands, is rife with inefficiency and privacy failings. 

Brave allows for the conscious and private disposition of users’ advertising money via the Basic Attention Token. Is that an accurate summary? Would you mind elaborating?

Brendan Eich: Online advertising evolved into a surveillance system that loots users of the value from their attention, rips off publishers through high fees and non-transparency when not actively facilitating ad fraud, and enables malware distribution through ad exchanges. This was not an intended outcome of our work in the ‘90s at Netscape with cookies and JavaScript.

Brave provides an answer that puts the user first and removes conflicts of agent vs. principal interest you see most clearly in Chrome, which by default tracks its users across all their tabs and windows when they log into any Google account in one tab. Chrome also fails to block tracking by default, something Brave pioneered and still leads the other browsers in quality against emerging tracking threats. This is not surprising given Google’s business model.

Brave Shields (the lion icon near the right end of the address bar) are on by default and block tracking scripts, isolate third parties to storage and network “partitions” keyed also by first-party domain, interfere with fingerprinting scripts, and fight many other privacy threats. See privacy features and privacy updates on our site for more about this baseline protection, to which users are absolutely entitled.

The Basic Attention Token underpins Brave’s opt-in, private, client-side ad and creator contribution system called Brave Rewards. Users who click on the equilateral triangle BAT logo in the right end of the address bar in Brave can start receiving private ads, which credit them with BAT they can claim with a custodian (Uphold, Gemini, bitFlyer). But by default, BAT are blind signature certificates that settle anonymously to creators that the user tips, or configures monthly contributions toward, or “auto-contributes” via browser-private view and visit-time analytics.

Brave with BAT thus deals the user into the attention economy that still funds most of the web, and puts the user first: 70% of gross revenue from private ads goes to the user. Users are free to keep or give back. We prioritize user choice and agency above publishers and third parties, without apology. Given the rise of paid as well as advertising revenue models for creators on the web, we are confident users will support great creators, and we will continue to innovate in ways users can support creators directly, anonymously, and even pseudonymously in the future.

Tyson: You are a CEO. Do you still code? 

Eich: Only for fun at home. My main work involves code-reading too, but at QA and bug finding assistance and strategic levels (evaluating new cryptography and blockchain systems, for example), and a lot of management.

Tyson: Bjarne Stroustrup, another language creator, said “Corporate practices can be directly hostile to individuals with exceptional skills and initiative in technical matters.” Does that resonate with you? Any thoughts on how to mitigate the corporate creativity problem?

Eich: Yes, for my career from SGI through Netscape, as those companies grew big and corporate, it resonated. With Mozilla and Brave, I’ve had to invent my own job, collaborate on new ways of doing innovative products, and recruit others who share the sentiment Bjarne expressed. It has been terrific, and I have no regrets about avoiding the corporate (now Big Tech) options that I passed over along the way.

Tyson: I’m really curious what the experience of building a real world blockchain was like. What was the level of effort there (compared to creating a browser or a programming language)?

Eich: We didn’t have to build a blockchain, as BAT launched as an ERC-20 token on Ethereum. It is now on multiple chains thanks to bridges such as Wormhole. Building a level up helped us get to market sooner and stand on the shoulders of giants such as Vitalik (Ethereum) and Satoshi (we prototyped Brave Rewards on Bitcoin).

Tyson: There has been a lot of hand-wringing about AI and machine learning replacing human coders entirely. What do you think? A real threat?

Eich: Not to programming as a profession, even though better machine learning will speed up code development, while introducing a nasty new security attack surface. I tweeted about this recently, so I’ll just refer you there (don’t miss a Bender appearance).

Tyson:  What are the frontiers in programming languages and software development in general?

Eich: I came up through grad school in the systems software research heyday, but as Rob Pike wrote over 20 years ago, it’s dead. The frontier now seems to me the “second golden age” of programming languages, with fruits such as Rust (which I executive-sponsored at Mozilla). Also reverse debugging works well now (for example, rr-pro ject.org and commercial offerings built on it). The formal methods folks, and others willing to give up soundness, can verify or find bugs efficiently now in ways we only dreamed of in the ‘80s.

These frontier settlements have developed into new ecosystems supporting new markets. There’s a nexus with blockchains too: Formal methods are mandatory to find smart contract and protocol bugs. Zero Knowledge Proofs entail mechanized verification, as the term’s third word makes explicit. I’d like to see more programming-language leverage and rigor in devops. There are a few startups working on this.

Tyson: More on Zero Knowledge Proof here. You said in a recent interview that the emerging “Web3” scene is like the early “Wild West” days of the dotcom era. There’s a lot of possibility, but also a lot of room for foolishness.

The web has vindicated itself nicely, despite the “dot-bomb” of the late ‘90s. Do you see us going through a euphoric crypto bubble followed by a morose correction followed by a more stable role for crypto-based services?

Eich: Cryptocurrencies expressed in pairs with fiat currencies, mainly the US Dollar, are volatile. Even stablecoins, sad to say, can find unexpected Shelling points or fail due to design flaws. This is likely to continue, due to the increasingly volatile political and global circumstances we’re living through. Boom and bust cycles, when central banks and their allies engineer them, tend to run for a decade or so. Crypto “seasons” can be years to half-years. I expect these to equilibrate over time, whatever regulators may do.

Whatever happens, cryptocurrency and blockchains/DLT are here to stay. Too many wealthy people are betting on the space, mostly as a hedge against fiat currency problems, for it to reverse easily or quickly.

Tyson: What do you see as blockchain’s greatest promise? 

Eich: I am with Moxie in wanting cryptographic protocols even for client/server-based products, to enforce properties such as anonymity (activity that’s unlinkable to any identifier).

Where too many counterparties create too much risk, or especially where peers can meet directly on the network, blockchains are terrific. We paid an auditor of the BAT smart contract directly on Ethereum, no bank nonsense with wire fees and delays required (the gas fee was low then).

To me the promise of blockchain is tied to the user-first agenda of Brave: Network effects breed first- and second-place winners, oligopolies and monopolies. For Web2 (“Web 2.0” in the original formulation), such winners naturally collect user data to optimize (for example, their winning search engine).

This inevitably results in abuse of users as mere sheep to shear of their attention-based data, while creating treasure troves for hackers to attack and ad fraudsters to cheat. Privacy problems, trolls, bullies, psyops, and all the other Big Tech maladies have followed from this centralized data collection flaw.

The Web3 ideal must therefore defend user data at the ultimate edge: your devices, the supercomputers in your pocket and on your lap. These then can connect, both directly and indirectly, via those cryptographic protocols Moxie wrote about, to blockchain nodes and Web3 servers that do not collect data to create abusive market powers. The people keep power at the edge of p2p and cryptographically protected client/server networks.

This vision inverts the crummy value hierarchy of the Web2 Big Tech powers (Google, Meta, etc.), who of course say they care about users, but who must above all serve their shareholders, ad buyers, publishers, third-party ad tech vendors, and other even less respectable actors (nation states and three-letter agencies, for example). So, it’ll be a fight, but we the users outnumber them.

Tyson: Do you have any advice for founders, people with startup dreams in the world today?

Eich: Study history, including old books from before the post-WWII era when the managerial “new class” emerged from Vannevar Bush’s brain trust, and became an unreliable narrator of history, including especially its own rise to power. History rhymes without repeating. The future will be different and may look more like the more distant past than people in power can admit.

Study heterodox economics, because the mainstream kind (the “dismal science”) is full of courtiers and mountebanks. Look at several schools of thought, no cult-like one true way. Study businesses and firms enough to know what to avoid (what Bjarne Stroustrup summarized, in my case).

Do as Steve Jobs did and look for user pain points that market winners who’ve become too big and complacent ignore or neglect. Users often know they have a painful or even just low-level itchy problem, even if they can’t prescribe a solution, or precisely describe the exact problem.

Work with lead users. They invent new categories of products and services. You can’t win without them.

Tyson: You are also an investor. What stands out to you when you look at a company? 

Eich: I’m not much of an investor, but a friend turned me on to Burton Klein. His typology of firms rings true. If you can find a Klein Type 1 firm that’s investable and going places, invest. We all have woulda, coulda, shoulda memories about Type 1 and Type 2 firms we saw launching like rockets, for example, Netscape (where I knew founders so was fortunate to join) and Google. Short the Type 4s when they wear out their political welcome.

Tyson: What is your definition of “success”?

Eich: To have helped others create a better world. “We’re all in it together”—Harry Tuttle.

Copyright © 2022 IDG Communications, Inc.

How to choose a low-code development platform