After being hailed by thousands as the true solution for the internet’s privacy and advertising plague, Brave browser has now been outed as doing exactly what their mission aimed not to: Make the user the product.
It was revealed by Twitter user “Cryptonator1337” yesterday evening, Saturday June 6th, that when internet users try to visit leading exchange Binance using the simple url “www.binance.us” they are redirected to a referrer’s url: “www.binance.us/en?ref=35089877”. The same redirect happens when users type in “www.binance.com”.
So when you are using the @brave browser and type in “binance[.]us” you end up getting redirected to “binance[.]us/en?ref=35089877” – I see what you did there mates 😂
— Cryptonator1337 (@cryptonator1337) June 6, 2020
— Cryptonator1337 (@cryptonator1337) June 6, 2020
This referral code would reward the referrer with a percentage of the new user’s exchange fees.
While new users would remain anonymous under the referrer’s account, the ability for Brave to generate referrals based on the sheer numbers of crypto enthusiasts using their platform is pernicious to say the least, violating their defining mission: To give internet users control. An autofill mechanism of this nature is done entirely outside of the user’s control, free from consent, and in many cases, likely without knowledge.
The issue was popularised by privacy advocate and Monero developer Riccardo Spagni a few hours later:
Hoooo boy – more scummy behaviour from @brave. For a self-proclaimed privacy-enhancing project it’s especially egregious and gross. https://t.co/4amVLMPSLn
— Riccardo Spagni (@fluffypony) June 6, 2020
Twitter use “Sniko_” then uncovered the autofill mechanism in Brave’s codebase:
Ooo, it is in the codebase, I was looking in the wrong repohttps://t.co/jd0vqHOQTXhttps://t.co/sZpWv0p4AG pic.twitter.com/WnBAEtpeIl
— harrydenley.eth ◊ (@sniko_) June 6, 2020
Brendan Eich, CEO of Brave and co-founder of Mozilla and Firefox, responded to the controversy in the early hours of this morning with a series tweets stating that the team intended to fix their “mistake”:
1/ We made a mistake, we’re correcting: Brave default autocompletes verbatim “https://t.co/hJd0ePInEw” in address bar to add an affiliate code. We are a Binance affiliate, we refer users via the opt-in trading widget on the new tab page, but autocomplete should not add any code.
— BrendanEich (@BrendanEich) June 6, 2020
In his Twitter responses on Sunday morning, Eich explained that affiliate codes of this nature were common practice by browsers as far back as the early 2000’s – citing a Firefox example of commission paid from an Amazon affiliate autocomplete contributing to the salary of a Mozilla engineer.
While it is commendable that Eich was brave enough to venture into Twitter and respond to numerous critiques of the practice, his justifications may not be sufficient to repair the damage done to the browser’s reputation after what could be their most significant mishap to date.
While Brave’s mission is admirable, its BAT Token incentivisation techniques among other methods have long been criticised by privacy advocates. This practice is certainly not what the browser needed in a landscape crowded with impressive alternatives.
Image by Joshua Woroniecki from Pixabay