Interview with Brave Software Privacy Engineering Lead Shivan Kaul Sahib by Roberto Popolizio

Roberto Popolizio

Updated on: February 13, 2025

Online privacy is more and more under threat, but there are companies like Brave Software, which are working to change the game.

Brave has built a browser that blends user privacy, security, and speed—without the invasive tracking and ads that dominate the modern web (and stress us to death).

In this exclusive interview with SafetyDetectives, Shivan Kaul Sahib, Lead for Privacy Engineering at Brave Software, shares his insights on the challenge of balancing security with usability, and what the future holds for privacy-first technology.

What are you and your company trying to change in the world? How are you doing it exactly?

Brave is on a mission to fix the Web by giving users a safer, faster, and better browsing experience. This is primarily done through blocking 3rd party advertising and tracking, ensuring best-in-class privacy protections for users and offering an alternative to the legacy Web advertising economy in the form of privacy-first Brave Ads.

In everything we do, we center the user, first and foremost.

What made you so passionate about this cause? Can you share the story with us?

I’ve always been interested in privacy as a human right, and once I became an engineer, I realized that privacy has this very interesting technical aspect to it as well. I started volunteering in the tech and human rights space in my spare time and eventually doubled-down on privacy. I started out shipping privacy products around the right to be forgotten and the right to portability of data. It was exciting: these problems are technically challenging especially when you have millions of users, and it felt like for the first time I was writing code that was actually helping people.

As a privacy nerd, I was excited when Brave first launched. I even sent the team some fan mail when I was still in college. I’ve always felt a browser is the most influential place to have privacy protections. Browsers are basically super apps: people use them for all sorts of things, such as banking or social media or for reading sensitive articles. They’re a great place to have privacy interventions.

A few years later, I’d published an article about privacy issues with WebRTC and potential fixes, and Brendan Eich (Brave’s CEO) commented on a tweet about it. I remember thinking “oh, Brave is still around and doing cool Web privacy things” so I dug a bit deeper and it turned out that Brave was actually taking a strong stance against Google Chrome’s handling of certain Web standards without proper privacy considerations. I thought that was important work, so I started helping out with privacy reviews at the W3C, and eventually, I joined the company to focus on privacy full-time.

What makes you most proud so far? Can you share metrics and stories that show the difference you’re making?

I’m generally pretty proud of the features that the privacy team at Brave has shipped over the last few years! Some highlights include:

• Being the first iOS browser to enable HTTPS by default for all sites (far before Safari)
• Having the strongest anti-fingerprinting protections of any major browser (according to several independent cross-browser tests)
• Blocking cookie notices by default
• Helping create Global Privacy Control and enabling it by default which ensures that Brave users are automatically opted-out of their data being sold or shared
• Shipping De-AMP to lessen Google’s control over the Web (resulted in Google eventually dropping AMP entirely)

All of that as well as several other adblock-related improvements make Brave’s adblocker best-in-class and the Web a much nicer place.

Privacy features often clash with user-friendliness. How does Brave manage this, and what were the tradeoffs you had to make, if any?

We generally prioritize privacy features that are also user friendly. As an example, we shipped a feature a few years ago called Forgetful Browsing, where you could delete all information a website has on you once you closed the tab for the site.

Think about those pesky “You have 5 articles left this month” notices, which is basically the website fingerprinting you across site visits.

Forgetful Browsing, while super useful, didn’t have much uptake because it was kind of hard to find for users, so when we were rolling out the feature on iOS, we decided to make it a lot more fun for the user to delete all the data that a website has on them.

A user could instantly trigger a deletion, and we would animate the screen as if it’s a giant paw tearing up their data (our logo is a lion after all!). We found that users loved this a lot more and remembered to use it, and we’re now focusing on shipping that experience to other platforms as well.

Sometimes our ad and tracker blocking as well as our anti-fingerprinting measures end up breaking innocent websites. When this happens, we deploy fixes extremely fast: we’ve built tooling over the last few years to enable granular tweaks to our privacy protections in a way that can be deployed very quickly once a breakage is detected. The goal is always to figure out a way to make our privacy protections work in such a way that the user experience is not impacted, and we spend a lot of energy on this.

A key innovation is our randomization approach, where we slightly change the output of Web APIs which prevents websites from fingerprinting users across sessions while ensuring that websites that don’t track are able to continue to function well.

Despite widespread concern over privacy, the tech giants continue to prioritize data collection over user privacy. Is this just about profits, or are there other issues at play?

There’s a general trend towards collecting more and more data, and I think AI and model training is an important part of that. Rich user data becomes an important moat for Big Tech. Thankfully, we believe there’s space for innovation for smaller players here, where we can ship privacy-first AI experiences without retaining data on the user or profiling them.

What needs to happen for user privacy to become a core value? Could user demand alone drive this change? Is this even possible?

We’ve generally seen growing user demand for privacy products, which is why Brave continues to grow rapidly (over 80 million users now). And you see companies like Apple making privacy a big part of their branding too.

A lot of this comes down to trust: users need to know that you have their back, that you prioritize them over trackers and advertisers. I would say that’s probably the biggest difference between Brave and some other browsers.

Apart from user demand, regulation also has an important role to play. Brave ships Global Privacy Control (GPC) which is an HTTP header that automatically opts users out of the sale and sharing of their data on every website they go to, if they’re a resident of 12 (and growing) US states. This is only possible because regulators and lawmakers increasingly understand the importance of privacy.

Now that users know that there are material consequences to leaking their data, they feel more empowered. They feel less nihilistic about their privacy. And that’s a big win.

What emerging trends and technologies may influence online privacy most significantly (either positively or negatively)? How is Brave going to adapt?

I’m particularly concerned about AI and privacy. People enter sensitive information into AI tools like ChatGPT, Google Bard, Perplexity, and now DeepSeek without thinking through the implications. These products often have privacy policies that are extremely lacking.

At Brave, we make sure all our AI tools (Leo, the integrated AI assistant in the browser, and Answer with AI (our AI-powered answer engine of Brave Search) are built with privacy by default, just like all Brave products.

If there was one key takeaway you wish our readers could bring home from our conversation, what would it be?

Users should go to the privacy settings in every major service or website or app they use and opt out of data sharing for advertising or AI training.

It’s tedious, and companies count on people not bothering to change the default.

Don’t fall for it, exercise your control!

How can our readers support you and follow your work?

Website:  https://brave.com/

LinkedIn:  https://www.linkedin.com/company/brave-software

X:  

• https://x.com/brave
• https://x.com/shivan_kaul