This popular browser caught injecting affiliate codes in crypto URLs
Brave is a relatively new browser. Its claim to fame is the set of privacy-focused features and unique programme to reward users. It is one of the few browsers that openly back cryptocurrencies. Months after the launch, Brave browser has been caught injecting its affiliate codes into the web address for top crypto sites. Brave is now getting accused of what is more popularly known as “link hijacking.”
It was first discovered by a Twitter user cryptonator1337 who reported that the "binance[.]us" in the web address on Brave redirects to “binance[.]us/en?ref=35089877.”
According to Androidpolice, Brave was injecting its referral codes for several other top cryptocurrency websites such as Coinbase, Ledger, and Trezor. On further digging, the website discovered that Brave recently added this functionality in the browser.
More From This Section
Later and after a big backlash, Brave backtracked from the position and said it will soon introduce a toggle to disable the functionality.
“…the Show Brave suggested sites in autocomplete suggestions setting will be defaulted to false. Existing users that haven't modified the setting will have it turned off with our next release (planned for Thurs June 11). We're also considering a hotfix that would be released before that. I've started a Nightly build and we'll also have this fix uplifted to Beta soon (with a build following the merge there),” Brian Clifton, VP of Engineering at Brave, wrote in a post on Github.
Androidpolice notes that there’s nothing wrong in adding the referral codes in the URLs as it allowed companies to make more money instead of relying on the traditional ad-based revenue model. This, however, should have been more transparent to users so that they were better informed when using the particular browser.
Eich’s following statement sums up the incident: “We made a mistake, we're correcting: Brave default autocompletes verbatim "http://binance.us " in address bar to add an affiliate code. We are a Binance affiliate, we refer users via the opt-in trading widget on the new tab page, but autocomplete should not add any code.”
I think you used "mistake" where you meant "accident". I never said it was accidental. We were treating it like a search query (which all big browsers do tag with an affiliate id to get paid from by the search provider). But a valid domain name is not a search query. Fixing.— BrendanEich (@BrendanEich) June 7, 2020