Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Brave Submissions to the Public Suffix List - Q1 2025 #2375

Merged
merged 1 commit into from
Jan 31, 2025
Merged

Brave Submissions to the Public Suffix List - Q1 2025 #2375

merged 1 commit into from
Jan 31, 2025
+3 −0

Conversation

thypon
Copy link
Contributor

@thypon thypon commented Jan 30, 2025
edited
Loading

Previous submission: #1872

Public Suffix List (PSL) Submission

Checklist of required steps

  • Description of Organization

  • Robust Reason for PSL Inclusion

  • DNS verification via dig

  • Each domain listed in the PRIVATE section has and shall maintain at least two years remaining on registration, and we shall keep the _psl TXT record in place in the respective zone(s).

Submitter affirms the following:

  • We are listing any third-party limits that we seek to work around in our rationale such as those between IOS 14.5+ and Facebook (see Issue #1245 as a well-documented example)
  • This request was not submitted with the objective of working around other third-party limits.
  • The submitter acknowledges that it is their responsibility to maintain the domains within their section. This includes removing names which are no longer used, retaining the _psl DNS entry, and responding to e-mails to the supplied address. Failure to maintain entries may result in removal of individual entries or the entire section.
  • The Guidelines were carefully read and understood, and this request conforms to them.
  • The submission follows the guidelines on formatting and sorting.
  • A role-based email address has been used and this inbox is actively monitored with a response time of no more than 30 days.

Abuse Contact:

For PRIVATE section requests that are submitting entries for domains that match their organization website's primary domain, please understand that this can have impacts that may not match the desired outcome and take a long time to rollback, if at all.

To ensure that requested changes are entirely intentional, make sure that you read the affectation and propagation expectations, that you understand them, and confirm this understanding.

PR Rollbacks have lower priority, and the volunteers are unable to control when or if browsers or other parties using the PSL will refresh or update.

(Link: about propagation/expectations)

  • Yes, I understand. I could break my organization's website cookies and cause other issues, and the rollback timing is acceptable. Proceed anyways.

Description of Organization

Organization Website:: https://brave.com
Submitter: Andrea Brancaleoni
Role: Security Engineer at Brave Software

Brave Software is a technology company that focuses on enhancing the privacy and security of web users. Brave's primary product is the Brave browser: https://brave.com. Besides the browser, Brave also includes an independent Search engine available at https://search.brave.com.

I manage security and operations, ensuring our organizational practices align with our core mission of providing enhanced online privacy and security.

Reason for PSL Inclusion

Number of users this request is being made to serve: 10-100 Million of users.

We believe that the inclusion of our domain(s) in the PSL is of utmost importance for several significant reasons:

  1. Cookie Security: Having our domain(s) on the PSL will ensure that each subdomain is treated separately, minimizing potential security risks. We plan, in particular, to store any user-generated content in his eTLD+1 (img-proxies - e.g. img-proxy.search.s.brave.io, s3 proxied buckets- e.g. userimages.creators.s.brave.io)
  2. Third-party Integrations: Our platform frequently integrates with various services, proxying services to preserve users' privacy. Inclusion in the PSL would simplify the process while maintaining a high standard of transparency when hosted on brave domains.

All our private section domain names adhere to a long-term registration policy, with current registration terms extending beyond 2 years. We pledge to maintain a registration term of more than one year at all times to ensure our continued presence on the PSL.

Exception: brave.app is a premium domain and the registrar does not allow to register for more than 12 months. We placed a backorder we can provide the receipt, if required

Since .io domain future is uncertain after https://every.to/p/the-disappearance-of-an-internet-domain we plan to migrate to .app domains, and possibly include some extra use-cases regarding our third-party included apps (e.g. Discourse/blocksurvey/issue panel).

DNS Verification

%  dig +short TXT _psl.brave.io   
"https://github.com/publicsuffix/list/pull/2375"
%  dig +short TXT _psl.brave.app  
"https://github.com/publicsuffix/list/pull/2375"
%  dig +short TXT _psl.s.brave.app
"https://github.com/publicsuffix/list/pull/2375"

@thypon thypon force-pushed the submissions/brave-2025q1 branch from f841fff to ad677b6 Compare January 30, 2025 14:54
@simon-friedberger simon-friedberger merged commit bcf753f into publicsuffix:main Jan 31, 2025
2 checks passed
@thypon thypon deleted the submissions/brave-2025q1 branch January 31, 2025 14:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@thypon @simon-friedberger