You do understand it's based on regulation, right? That there is no way to do what they are doing legally without KYC for withdrawals? What exactly does your implying use of the word "hostage" mean? That you don't like the laws of the countries Brave is operating in?
I understand that's what they're claiming. If they were serious about their principles, like Lavabit, they would have simply discontinued the "custodial wallet service" that they claim is subject to anti-privacy regulation. Nobody is claiming that the Brave browser software itself is subject to any anti-privacy regulations. They wouldn't have to sacrifice their entire business on the altar of principles like Lavabit did -- they'd only have to sacrifice one feature.
But they don't have nearly the same level of integrity that Lavabit did.
And, of course, if they're exaggerating the "but but muh regulations" aspect, then none of the above applies.
I don't understand your criticism, it doesn't seem to make much sense.
They have done exactly what you are proposing, in that they don't require users to provide KYC to use the browser. KYC is only required to use an additional, optioal feature inside the browser. It works well without any private information, and it even allows some wallet features like redistributing your tokens to content creators you like.
