Yan Zhu - CISO, Brave


Written by

Browsers are a window to the web. They’ve been the focal point of competition for decades ever since Netscape and Internet Explorer. But after 10 years, Google Chrome has captured 60 percent of market share and somehow that number keeps rising. Maybe we’ll just settle into a permanently Google-dominated web? Or maybe not: Rival browsers are pushing substantially different ideas.

One of the most interesting arguments comes from Brave, a Chromium-based browser aimed at promoting privacy, paying content creators and speeding up the whole process by shedding extraneous weight. The project was headed by creator of JavaScript and co-founder of Mozilla Brendan Eich. As Brave’s CISO, Yan Zhu is responsible for securing the tech. Her resume includes work at the Electronic Frontier Foundation, contributions to Tor, HTTPS Everywhere, Lets Encrypt, SecureDrop and Privacy Badger as well as a stint as a security engineer at Yahoo, where she worked on email encryption and TLS. She’s a driving force behind one of the most interesting alternatives being offered on the internet today.

CyberScoop2013 was a big year in your life. You’ve said the Snowden leaks completely changed your view on surveillance and privacy so that’s when you started working for the EFF. You also talked about Aaron Swartz, what an inspiration he was and how he had an impact on your work. How did you life change around that time?

Yan Zhu: 2013 was a pivotal year in many ways. I had moved to California in 2012 to start a Ph.D. at Stanford in physics, which is completely unrelated. 2013 is when I completely unrelated from an academic path and started thinking about how security impacts people.

CS: How did you come to work at Brave?

Yan Zhu: I was working at EFF starting in 2013. Brendan Eich has pretty close connections with EFF through Mozilla, and I became internet acquaintances with him around that time. I was working at Privacy Badger, which did tracker blocking where this browser extension would infer trackers and block. Brendan was interested in that and the possibility of including in Firefox. As far as Brave, I was initially a bit skeptical because of the amount of work it takes to maintain a browser. I’d volunteered with Tor and saw the sheer amount of work they had to do just for every new Firefox release. Due to that I was overwhelmed by the thought of how much work it would take to have a wholly separate browser with a startup-sized team. But I was sold on the vision Brendan has for Brave and thought if anyone could do it, it’s them.

CS: Brave integrates a number of privacy and security features. How successful have you been getting folks to use the software?

Yan Zhu: Brendan has done a lot for user adoption. The main thing driving growth is the ad blocking, although security is a selling point for us. And in terms of security, the best approach is to design security in a way that’s not obtrusive to people. A bad example is PGP, which has a lot of manual actions a user has to take; it’d be much better if encryption happened under the hood and the user didn’t have to understand algorithm being used. Brave tries to do something analogous with privacy on the web where we have this abstraction of shield — where the user can just think of it as the thing that protects them from tracking. We can skip the details about how it upgrades to HTTPS blocks third-party cookies.