Brave’s Privacy Browser Exposed For Auto-Adding Affiliate Links to URLs In A Hidden Way
In a tweet sent out on Saturday, one user made public a “silent scheme” by Brave browser to redirect users to its Binance affiliate links, earning them commissions. The browser added the affiliate link “ref=35089877″ once you type Binance.us website, as an autocomplete feature.
So when you are using the @brave browser and type in "binance[.]us" you end up getting redirected to "binance[.]us/en?ref=35089877" – I see what you did there mates 😂— Cryptonator1337 (@cryptonator1337) June 6, 2020
Once the Binance affiliate link was publicized, the community looked through Brave’s open-source code to find more affected websites including Coinbase, Trezor, and Ledger hardware wallets.
As soon as the post went viral, Brendan came forward apologizing for “the mistake” and said the dev team was working to remove this. Eich tweeted a thread on the fiasco stating,
“We made a mistake, we’re correcting. […]We are a Binance affiliate, we refer users via the opt-in trading widget on the new tab page, but autocomplete should not add any code.”
According to Eich, the autocomplete default feature arose from the “search query client-id attribution” the same way as Google Chrome and other browsers do. But for Brave, they did have additions of the affiliate links, a move that Brendan promises will not occur any more on the privacy-focused browser. He added,
“Sorry for this mistake — we are clearly not perfect, but we correct course quickly.”
In Brave’s defense, Eich said the affiliate redirect link is the browser’s way of making a “viable business” by offering the user a privacy-focused and client ad-paying platform. He explained,
“What we make on a fixed fee schedule, no browser data in the clear on any of our servers, and so on. But we seek skin-in-game affiliate revenue too.”
However, it is important to note that the affiliate links did not expose any user data – the browser’s affiliate link is the only exposed information. While this is only a first for Brave, some sections of the community are condemning the move as a break of trust to its users.
Recently, it was reported that the Brave browser sees a total of 15 million monthly user visits and 5.3 million daily active users on the platform.