Remove W-9 from display on the page


Please remove the display of publisher’s W-9 tax form from the page,

There is no useful purpose for this display, as it is a read-only display of information that the publisher already provided to Brave.

There is no adequate security of this display, as reported in other issues involving inadequate security of the Brave Publisher’s Payment page.

There is very high risk of serious damage, resulting from identity theft, if this information got in the wrong hands.

Get rid of it, now. Don’t display it.

Then behind the scenes audit the security measures that Brave uses to secure such information. Eventually, after proper security measures are instituted, publish sufficient description of those measures to enable prospective publishers (some of whom may be dealing with large sums of money) to evaluate whether the security is likely to be sufficient for their needs.


It’s under discussion among the team members. It’ll be fixed within days. Please just stay calm, thanks.


Good - cool - thanks.


CC @mrose for explanation of the current status.


A few days after the above was posted, 21 days ago now, I was happy to see that the emailed links to access Publisher’s Accounts was changed to be a transient link that expires in 3 hours. Thanks!

However the point of this present report “Remove W-9 …” was to remove the W-9 display from verified accounts, and to the extent practical, however much that be) from online Brave web servers.

I’m not sure what the “It” was that you expected to be fixed “within days”. Was it the other (transient link) item that was fixed within days, or the point of this present report, which is still an open issue in my view?


It’s now been over five weeks. My publisher pages still show my W-9 form.

Please stop displaying our W-9’s !!


The only display of the W-9 is possible from a one-time use link sent via email.

It only displays the W-9 for your particular domain, which you should have access to


Yes, I realize that the display of my W-9 is only possible using one time links sent to my email.

But there is no reason that I can see to show me my own W-9 that I am (so far anyway) aware of.

I could easily have missed something in that document, but I was unable to find anything in it that stated that I should have access to a completed W-9 after I submitted it to a payer.

What did I miss?


@ThePythonicCow Under heading Electronic Submission of Forms W-9, subheading Electronic System:

The electronic system must:

  • Be able to supply a hard copy of the electronic Form W-9 if the Internal Revenue Service requests it

So we originally did this to fulfill the requirement. Sometimes companies withhold this for extra security. Between the options of self service vs manually providing these forms we weighed the security and load on our team; and we also considered that most publishers would leave the completed W-9 in their inbox (sent by DocuSign after signing). Thus, hiding the form on the website wouldn’t be a big gain in security and we deprioritized it.

However we appreciate our users for supporting Brave and want to make them
happy whenever we can, so I’ve implemented this now on the Publishers website.


That requirement seems to me to be ambiguous. It doesn’t say to whom the IRS requires that you supply the W-9 on IRS request. I would have guessed that the IRS meant that you must be able to supply to the IRS hard copies of electronic W-9’s on their request, not that the IRS meant you must be able to supply Brave publishers with such hard copies, on the request of the IRS. But that’s just a guess.

Dang - good catch.

Docusign did not email to me an electronic copy of my W-9’s, when I verified my sites, several months ago. But they did email to me URLs that still work, even today, after repeated uses, without any further validation on my part, to view my completed W-9’s. They are doing pretty much exactly what I complained about Brave doing.

Thank-you very much for removing my W-9’s from my publisher’s pages.

Now I will figure out whether I want to carry on this campaign of mine to Docusign, to recommend to them that they too not make W-9’s gratuitously available, and that they too not rely on perpetually valid links sent via email to access customer sensitive information. Since I am not myself a customer of Docusign, I am less than optimistic about my ability to influence their practices.

If Brave, as a customer of Docusign, chose to enter into such a discussion with Docusign, that would be quite delightful from my point of view, though I certainly can not ask nor expect Brave to do such.



Correction - I had not scrolled down to the attachment list at the bottom of the email messages that I received from Docusign.

They did attach a pdf copies of my signed W-9’s, in addition to the afore mentioned, still valid months later, links.

closed #12

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.