Private Browser Brave Called out for Binance Affiliate Links in Autocomplete, Community Trust Compromised
Brave, a popular privacy-focused browser, has faced a backlash from the community after users noticed affiliate links popping up in the autocomplete form in the browser’s address bar. In a discussion on Twitter, Brave CEO Brendan Eich called the links in autocomplete a mistake and promised not to let such a thing happen again.
The recent autocomplete issue was highlighted in a post by a cryptocurrency podcast host Yannick Eckl (@cryptonator1337) on June 6th. When he tried to type in the URL binance.us, the autocomplete in the browser suggested an affiliate link with Brave’s identifier added.
— Cryptonator1337 (@cryptonator1337) June 6, 2020
Brave CEO Brendan Eich responded by calling the incident a mistake and assured that all links on the pages and URLs typed in are served as is, no hijacking.
1/ We made a mistake, we're correcting: Brave default autocompletes verbatim "https://t.co/hJd0ePInEw" in address bar to add an affiliate code. We are a Binance affiliate, we refer users via the opt-in trading widget on the new tab page, but autocomplete should not add any code.
— BrendanEich (@BrendanEich) June 6, 2020
Brave is known to be Binance’s partner. The browser offers a Binance widget integrating simple trading features into the user experience. The affiliate links included in the autocomplete suggestions haven’t been clearly presented or discussed with the community, which is why some felt like the developers tried to sneak the addition in.
Since Brave is heralded as being focused on privacy and putting users in control of ads they see, the community started questioning the credibility of the developers.
This was not just a “mistake”. This was a major blunder that is antithetical to the fundamental mission of Brave. Compromises trust.
— Julius Crypto (@JuliusCrypto) June 6, 2020
Importantly, Brave’s open-source code on GitHub included affiliate links to other websites as well. The Block’s researcher Larry Chermak tweeted about the same thing going out with Ledger, Trezor, and Coinbase. He mentioned that the links were originally discovered by Dimitar Dinev of JRR Group.
Looks like it’s not a very isolated mistake. Brave also does this for Ledger, Trezor and Coinbase if you look in their Github https://t.co/8PpnlS5jAu https://t.co/JGQ7d23fer pic.twitter.com/keorBZiDJL
— Larry Cermak (@lawmaster) June 6, 2020
Aside from adding an affiliate tag to binance.com, binance.us, coinbase.com, ledger.com, and trezor.io, the browser tagged search queries for bitcoin, btc, ethereum, eth, litecoin, ltc or bnb.
“This ignores the legally required disclosures for affiliate links—the disclosures that Brave also ignored for the eToro links in March. In the US, the FTC has required full disclosure of affiliate marketing since 2009—you have to put it right there on the page. Similar rules apply in the UK and the EU,” author and cryptocurrency critic David Gerard wrote.
Brave’s Brendan Eich said that there’s a way to toggle the affiliate links in autocomplete in the browser settings and announced that the feature will be turned off by default in the following releases.
Notably, despite the generally negative response from the community, some users expressed their support to the project, emphasizing that Brave is still a privacy-focused browser that has advantages over products of Google and Facebook.
Remember Google and Facebook tracks us across services.
Instead few people get paranoid when nothing bad has happened. It is just an ad in autocomplete when we are about to go that url.
— Agnel Vishal ? (@agnelvishal) June 7, 2020
As of the press time, the latest version of the Brave browser available for download still came with affiliate links in autocomplete turned on.
Subscribe to our Newsletter<
- Data Brokers: How Law Enforcement Rely on Inaccurate Data to Supplement Investigations
- Messenger App Steals User Data and Hacks Their Devices, ESET Research
- Hacker Group Targeting Fintech Companies and Personal Data Has Been Under Radar For Years, NOD32 Developer Finds
- Former Yahoo! Engineer Who Hacked 6,000 Email Accounts Looking for Sexually Explicit Media Avoids Jail
- Secure Identity Expert Explains How Cryptography Gives Us Power Over Personal Data
- Telegram User Data From Earlier Leaks Found on Dark Web, Contact Import Feature Is to Blame
- How to Defend Yourself Against Scammers, Corporations, and Government: Hacker’s Perspective
- Zoom to Introduce New Censorship Features After Doing China’s Bidding