We go to extreme lengths to ensure we keep only the absolute minimum of user data on our servers, and we share no data except when required to fulfill express user intent.
“Extreme”??? Seems like to transfer payouts from the Rewards program only one permission with Uphold should be needed:
Add funds from your available funding methods into your Uphold wallet.
Please re-visit the link between Uphold and Brave to uphold privacy (and if not - please explain why each permission is needed, and where it is used).
(Note: I understand for the “Tips” service, you may need some additional permissions - but they should be added as a second permissions request when setting up the Tips option - in order to fulfil the “minimizing data flows” core principle).
We always try to use the minimum scopes available from the custodian (in this case, Uphold). What’s important to understand is this:
Uphold (or any exchange for that matter) offers an API with certain endpoints. Sometimes, these endpoints return more information than we specifically need for our purposes, and there is no narrower version of these endpoints available. For example: Your Rewards wallet needs to query your BAT balance from the exchange. However, the exchange API only offers an endpoint that returns all your balances. So, when it comes to the text description of the scopes/permissions requested by the Brave Browser app (as you screenshotted), the text can sound scary, because it makes it look like we want to see all your balances. We don’t. (The browser couldn’t care less what your DOGE balance was, for example!) The Rewards wallet is only interested in your BAT balance, but that’s just the way the API is designed by the exchange. So, the text description of the scope might sound spookier than it needs to be.
In any case, your OAuth access token is stored by you, not by us. Unlike a web application, the OAuth access token is stored locally within your own browser. We do not have access to it, so we cannot make calls with your access token to access any additional/superfluous information that is available from these endpoints.
All of Brave Browser’s code is open source. Therefore, we cannot add requests inside the browser that use your OAuth access token (see #2) to fetch the additional/superfluous information from these endpoints, and then send the information to us. People would see this, and it would be quickly exposed in the source code: https://github.com/brave/brave-browser and /brave-core.
Hope that helps provide context. We really have zero interest in collecting your personal data. If it is made known to us that we can achieve the same functionality with a proper subset of the permissions/scopes the browser is currently requesting, then we will immediately move to reduce the scopes, as we want to maintain the narrowest set of permissions possible.
The initial scare still exists, but in this case it appears that Uphold would need to make some changes (maybe to restrict all requests to a currency [in this case BAT]) which will alleviate some concerns.
Thanks again Chris for pointing me in the right direction.
