Brave, a privacy-focussed, crypto-friendly and Chromium-based web browser, has come under fire for earning affiliate commissions by redirecting certain search queries through affiliate links.
Twitter user Yannick Eckl (@cryptonator1337) spotted the issue first, noting that typing ‘binance.us’ into the Brave address bar redirected to ‘binance.us/en?ref=35089877.’ Dimitar Dinev, the managing director of JRR Crypto, uncovered other redirect links by digging into Brave’s open-source code, including redirects to Ledger, Trezor and Coinbase. Over the weekend, the issue blew up on Twitter.
So when you are using the @brave browser and type in "binance[.]us" you end up getting redirected to "binance[.]us/en?ref=35089877" – I see what you did there mates 😂
— xCR1337 (@cryptonator1337) June 6, 2020
Although users still end up on the above websites, Brave redirects them through the affiliate links, which the browser then profits from. While many publications use affiliate links — including MobileSyrup — many websites also do so with transparency and notify users when they use affiliate links.
Not only did Brave not warn users, but it went against its own “opt-in” principles. One of Brave’s biggest claims is that it lets users opt-in to things like advertisements. Those who do opt-in get cryptocurrency payouts for viewing ads. However, Brave didn’t warn users about the affiliate links or allow them to opt-out of the practice.
Brave’s CEO called the links a ‘mistake’
Brendan Eich, CEO and co-founder of Brave, took to Twitter to issue an apology for the “mistake” and said it has been fixed. Eich also promised Brave will “never revise typed in domains again.”
However, Eich also tweeted a defence of the browser, noting that Brave was “trying to build a viable business.” Brave currently makes money by offering users privacy-focussed ads. Along with that, Eich said that Brave seeks affiliate revenue, such as bringing users to cryptocurrency exchanges through widgets.
1/ We made a mistake, we're correcting: Brave default autocompletes verbatim "https://t.co/hJd0ePInEw" in address bar to add an affiliate code. We are a Binance affiliate, we refer users via the opt-in trading widget on the new tab page, but autocomplete should not add any code.
— BrendanEich (@BrendanEich) June 6, 2020
Eich goes on to say that the redirects didn’t reveal any user data to affiliates. As for the Binance link, Eich said the code identifies Brave, not users. Regardless, Brave will remove the redirect. Finally, Eich argued that none of this was hidden from users and has been viewable in the browser’s source code for months.
Despite the apology and defence, critics argued Eich apologized only because he got caught. Further, others believe that Brave had compromised its integrity with the affiliate links.
Eich told Decrypt that Brave’s survival doesn’t depend on any affiliate revenue share.