Brave Browser Caught Forcing It’s Own Affiliate Links

TL;DR

  • Brave was caught redirecting typed info about crypto companies to it’s own affiliate links.
  • Binance, Coinbase, Ledger, Trezor and others were discovered as hardcoded redirects in Brave’s GitHub account.
  • After being caught, Brave’s CEO said “We made a mistake, we’re correcting” and committed to stop the behavior.

Brave, a privacy-oriented fork of Google‘s mega-popular open source browser codebase, Chromium, was caught earning affiliate commissions by redirecting direct typed-in addresses for crypto companies like Binance and Ledger to it’s own affiliate links.

To it’s credit, many of Brave’s more radical features, such as paying users to watch ads, require an “opt-in” rather than just running by default.

It was first discovered by Yannick Eckl, “CRYPTONATOR1337 on Twitter” who noticed that when Brave was used to search for Binance, the browser brought him to an affiliate version of the site, one with Brave’s affiliate ID

This comes on the heels of a recent partnership between Binance and Brave, in which each new browser tab promotes a prominent “Buy on Binance” widget, for users to begin their journey toward Bitcoin ownership.

Brave’s CEO, Brendan Eich, was quick to call this behavior a “mistake” on Twitter.

Not content to read other’s opinions on the matter, Dimitar Dinev decided to dig into Brave’s code repository, only to discover that the underlying issue was even worse:

Brave isn’t just redirecting search results.

It is altering directly typed-in addresses.

After hearing the whistle blow, Bitcoin/Crypto Twitter heavyweights came in to turn up the volume on Dinev’s finding:

In a perhaps back-handed serving of accountability, developer John Carvalho rewteeted Eich’s own words:

What do you think? Will you be using Brave browser after this?