in

Privacy browser Brave under fire for violating users’ trust

The Chromium-based browser, Brave has been profiting from redirect links to affiliate crypto companies.

Brave, the crypto-friendly, privacy-first browser has been earning affiliate commissions by redirecting certain search queries to crypto companies via affiliate links.

Unlike the “opt-in” principle by which the company abides—advertisements are optional on the browser and pay out cryptocurrency to anyone who views them—Brave never asked its 15 million monthly users about these redirects.

A firestorm erupted today after twitter user Yannick Eckl, who goes by “CRYPTONATOR1337,” noticed that when Brave’s users searched for Binance, the browser automatically redirected to an affiliate version of the URL, which Brave profits from. 

Brave had recently partnered with the crypto exchange; Binance’s CEO, Changpeng Zhao, had also expressed support for Brave on Twitter.

So when you are using the @brave browser and type in “binance[.]us” you end up getting redirected to “binance[.]us/en?ref=35089877” – I see what you did there mates 😂

— Cryptonator1337 (@cryptonator1337) June 6, 2020

The squall blossomed into a full-on storm after Dimitar Dinev, Managing Director of JRR crypto unearthed yet more redirect links. Digging into Brave’s GitHub page, Dinev found that Brave also redirects its users to the websites of Ledger, Trezor and Coinbase.

Brendan Eich, CEO and co-founder of Brave, immediately apologized when the breach was publicized. “Sorry for this mistake, he tweeted about the issue, which, he added, has since been “fixed.” 

It’s not great, and sorry again. I’m sad about it, too.

— BrendanEich (@BrendanEich) June 6, 2020

“We will never revise typed in domains again, I promise,” he said; “I’m sad about it, too.” 

Eich has not responded to Decrypt’s request for further elaboration. 

In his defense, which Eich tweeted, he said that Brave is “trying to build a viable business.” Currently, it makes money by offering its users privacy-first ads that pay out in cryptocurrency. 

“But we seek skin-in-game affiliate revenue too,” he said. To do this, Brave must bring its users to exchanges through widgets and also look for revenue deals, “as all major browsers do.” 

He said that these redirects never revealed any user data to the affiliates, in keeping with the privacy-first agenda of the browser. Of the Binance redirect, he said: “That code identifies us, it’s a Binance affiliate code, one fixed value for all users. It is not identifying you. Anyway, we’re removing it.” 

Additionally, Eich argued that none of this was hidden: it’s been in the source code for months. 

“sneak” & “covertly” are wrong, given we develop with all browser code open source on github, and users who type binance dot us can see the default autocomplete add the affiliate code. Also, small change in revenue terms if it’s not zero! Mistake was using search client-id model.

— BrendanEich (@BrendanEich) June 6, 2020

Critics of Eich argued that he was apologizing simply because he got caught. 

It’s only a “mistake” if you get called out for it https://t.co/R9hyzjqTDV

— Dimitar Dinev (@DimitarDinev7) June 6, 2020

Others still think that Brave has compromised its integrity. “You made THE mistake. This is probably the biggest reason why everyone chose Brave over others,” tweeted the pseudonymous “crypto.bi”.

Without the affiliate links, Eich indicated that the company would struggle to survive. And “our users want Brave to live,” he said.

What do you think?

Leave a Reply

Your email address will not be published. Required fields are marked *

GIPHY App Key not set. Please check settings

100% OFF | Linux Foundation Certify System Administrator Practice Exam

Filipina on Dubai-Manila flight gives birth in Bangkok