This is because of tipping and auto-contributions.
This is where you can see your BAT balance. So when connected, it can show you how much BAT you have available. Otherwise you’d have to go to uphold.com in order to view your balance.
They don’t. All this authorizes is when you choose to tip someone from within Brave, it then can pull it out of your Uphold account. Otherwise you’d be unable to tip unless everyone was sharing their wallet addresses and running just strictly P2P through Uphold. At the same time, this also would mean that everyone would also be paying gas fees and a lot of other little things. Not to mention, would also require everyone publicly share their wallet address, which would kind of take away a bit more on anonymity.
I also have to mention, the only thing Brave has access to is your BAT. While the authorization doesn’t specify, there’s nothing built into the API that allows them to access any other funds.
Brave doesn’t have access to anything that would cause any “catastrophic security implications.” Brave has no access to your personal information, they don’t have your seed phrase, password, or anything of the sort. So what are you expecting to be revealed or to happen through a data leak?
As long as the capability is there, permission has to be given. If you don’t, then it’s not usable. If nothing else, you can also consider like how direct deposits work. If there’s an issue where a duplicate payment or something is sent, they get authorization to pull it back out. So if nothing else, this permission would exist for that type of correction. Otherwise you’d authorize deposits but not withdrawals. It’s just, plain and simple, what is necessary if you want to participate. If you’re wanting to be greedy and never tip, then you really aren’t what Rewards was meant for anyway and would likely be better off just turning off Rewards and enjoying the browser for what it is otherwise.
Feature of Rewards was to put Users in the driving seat for determining which Creators to support. In the traditional scheme, you’d be shown tons of ads on every site you visit and those ads would generate revenue for the site. You, the user, would get absolutely nothing except for the bunch of trackers and all placed on your device.
This is where Brave came in and offered a secure browser that would block most ads. You then could participate in Rewards where you’d see their ad notifications that appear in a non-invasive and privacy preserving way. The BAT you’d earn would put you in the driver’s seat for supporting content creators, therefore making up for the loss in revenue they would experience based on you blocking ads.
It never was intended for everyone to “screw over” content creators and just to think of the browser as a second source of income. What you’d end up seeing if everyone went that way is either the death of a lot of content or the transition to strict subscriber base or something. I mean, people don’t create content for free and out of the goodness of their own hearts. It costs money and time to do stuff.