Thanks. If we have the mnemonic for private key recovery, then wouldn’t that mean the Brave payments wallet (In early Mercury) isn’t really unidirectional? That is, although there may not be a way to withdraw your funds with a GUI, you could in principle just use the mnemonic to recover the private key (since we know the algorithm), and then use that private key with another non-Brave wallet software (like MyEtherWallet) to transfer BAT out.
Let me know if anything prevents me from doing that. (Perhaps the salt value is unknown to the user?)
Edit from 2 years later: When I originally posted this, I was not yet an employee at Brave Software and was still learning about the platform from the outside. I now am on the Brave team, and better understand how this system works.
In short, the private key inside your browser does in fact sign transactions, and allows you to control your funds in an anonymous way. However, the private key is not part of a private key/public key pair on the blockchain. Instead, it’s part of a private key/public key scheme that works with Uphold’s private infrastructure. Remember: private key/public key schemes may exist outside the blockchain context, just like “forking” does too!