Brave privacy browser added affiliate links to user searches without their consent

Brave CEO Brendan Eich said the company would "never revise typed in domains again, I promise"

Adam Smith
Wednesday 10 June 2020 09:41 EDT
Comments
(Credit: Brave)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

Privacy-focused browser Brave has been caught automatically filling in links when users search for companies that Brave is affiliated with, thereby earning the company more money by changing the users’ searches.

Twitter user Yannick Eckl noticed the changes Brave was making when searching for Binance – a cryptocurrency exchange. They found that the browser automatically redirects their search to a version of the URL with an affiliate link attached.

An affiliate link is a specific URL with a specific username or identifier. Companies may be paid for how much traffic they can redirect to another website that contains the affiliate's ID or username. In affiliate programs, advertisers use affiliate links to record the traffic that is sent to the advertiser's website.

Brave had partnered with Binance last month in order to let users trade cryptocurrency assets through Binance via a widget in the new tab page of the browser.

It was also found that Brave added redirect links to other cryptocurrency websites, including Ledger, Trezor, and Coinbase, none of which it had consulted its over 10 million monthly users about.

Brave, which made its reputation through ad-blocking and a prioritisation of customer security, never asked permission from its users whether searches would use affiliate links, even if the search results in the correct page.

While affiliate links do not breach customer security, users were vocal about their discomfort with the company changing customer searches without their knowledge or consent. Affiliate links are also a means for companies to track users.

CEO and co-founder of Brave Brendan Eich, in a series of tweets, said that the company was “trying to build a viable business” and this “includes bringing new users to Binance & other exchanges”. Currently, Brave makes money by offering its users cryptocurrency in exchange for watching adverts.

Eich also tweeted that the company will “never revise typed in domains again, I promise.”

However, Eich took issue with people criticising Brave for “sneak[ing]” the links in. “We develop with all browser code open source on github, and users who type binance dot us can see the default autocomplete add the affiliate code. Also, small change in revenue terms if it's not zero! Mistake was using search client-id model” Eich tweeted.

Speaking to The Independent, Eich said that Brave had been adding affiliate links for "just over a month" but that the company "will not be paid any share of Binance trading commissions for any autocomplete referrals."

"For revenue from our new tab page trading widget, which is opt-in, we are working to give users a share from our affiliate cut of trading commissions."

"As the affiliate code identifies only Brave and not any user or other entity, it has no privacy impact. The fix to disable Brave suggested sites by default that we just made is here. I regret that we missed the wrong default issue, which is corrected here. We are improving our review process to examine detailed default actions more thoroughly. Operating transparently, with all of our code open sourced on GitHub so that anybody can review it, is one of Brave’s strengths. When we make mistakes, people tell us. And when our users speak, we listen and make corrections quickly," Eich continued.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in