If you use Brave Search while logged in to a Premium account, there is a risk of Brave correlating search queries with your account.
Premium services in Brave (including Search Premium) are explicitly designed to not associate user activity with payment. We use Privacy Pass to accomplish this. See our doc on this here. The doc also has pointers to the open-source code.
(I also mentioned this on the original PR that added this line.)
@shivan-brave Since it seems like you are part of the Brave team based on your Github you may want to let @staff know so you can be properly identified.
When was PrivacyPass implemented? More recently than the May2024 commit?
At a surface level, this does seem to mitigate the concern, but I am admittedly unfamiliar with PrivacyPass & have not done a forensic audit
It looks like @redoomed1 made the edit, with @jonah specifically requesting the language:
Jonah: I’m okay with changing it, if we note that using Brave Search Premium with an account may make it easier for Brave to correlate queries with specific users
As the originators of this warning, I’d personally value their input on whether their concerns are mitigated. If so, I see no reason not to make this change
Please don’t start asking random questions just because an employee from Brave started this thread.
If you must start another topic and ask it there but I’m personally not the biggest fan of that since it usually snowballs into everyone and their grandma asking questions that have been solved and answered many times.
So even if payment data or payment identification data is perfectly protected, the risk of association to the account itself remains, yes?
Secondly, Privacy Pass is not listed as a PG recommendation. The only payment method recommendation I know of by Privacy Guides is use of Monero.
Encouraging PG team to evaluate Privacy Pass as a recommendation before removing this warning. I’ve always appreciated this challenge was considered when making search engine recommendations.