Brave's agent is C++ built into the browser, it prevails over extensions (which we will also guard against at the point of installation).
It is a mistake to think of the BAT ecosystem fraud threat (which exists, for sure) as the same as the threat with remote scripts for ad view or click attribution and confirmation as practiced by ad-tech today. Third party scripts run without any integrity guarantees, so get fooled by fraudbots and cheated by other scripts (see "cookie stacking").
The "plane of adequation" defining truth as correspondence between an ad and its observed effect is browser native code, not Nth party scripts loaded into a DOM stew on page, or extensions and their JS scripts, which have privileges above page scripts but below browser native code.
Therefore the fraud threat to the BAT platform is a botted Brave instance including the BAT SDK. This is why we are planning to use secure remote attestation enclave/zone tech to ensure SDK integrity, and sensor M/L to check all the sensors for proof of humanity.
So for fraudbot users to get money out requires a costly simulation (see AML/KYC/etc. point I made in another reply today). Just hiding ad tabs (without faking identity for KYC/etc.) to waste ad spend would require faking the payable ad actions attested by the SDK, including human-like event streams.
Fraud risk never goes to zero with humans in the loop, but with BAT's native agent code, we keep the cost of fraud way above the low cost of fooling today's ad-tech scripts on page.
It is a mistake to think of the BAT ecosystem fraud threat (which exists, for sure) as the same as the threat with remote scripts for ad view or click attribution and confirmation as practiced by ad-tech today. Third party scripts run without any integrity guarantees, so get fooled by fraudbots and cheated by other scripts (see "cookie stacking").
The "plane of adequation" defining truth as correspondence between an ad and its observed effect is browser native code, not Nth party scripts loaded into a DOM stew on page, or extensions and their JS scripts, which have privileges above page scripts but below browser native code.
Therefore the fraud threat to the BAT platform is a botted Brave instance including the BAT SDK. This is why we are planning to use secure remote attestation enclave/zone tech to ensure SDK integrity, and sensor M/L to check all the sensors for proof of humanity.
So for fraudbot users to get money out requires a costly simulation (see AML/KYC/etc. point I made in another reply today). Just hiding ad tabs (without faking identity for KYC/etc.) to waste ad spend would require faking the payable ad actions attested by the SDK, including human-like event streams.
Fraud risk never goes to zero with humans in the loop, but with BAT's native agent code, we keep the cost of fraud way above the low cost of fooling today's ad-tech scripts on page.