Brave Browser is undeniably a commercial product first, and a privacy-centric web browser second. While the browser does have quite a few improvements to privacy compared to stock Chrome, it's designed to promote the use of a cryptocurrency (BAT) that Brave itself owns, and it has a referral program that pays browser users by how many people they can get to download Brave. Now the browser has been caught injecting its own affiliate codes into web addresses for popular cryptocurrency trading websites.
The issue came to widespread attention yesterday, when Twitter user @Cryptonator1337 pointed out that Brave Browser auto-filled a referral code to the end of the web address when "binance.us" is typed into the address bar. Binance is a cryptocurrency trading website, and with that referral code, Brave Software could earn 20% from trading fees for every account created using the link.
So when you are using the @brave browser and type in "binance[.]us" you end up getting redirected to "binance[.]us/en?ref=35089877" - I see what you did there mates 😂
— Cryptonator1337 (@cryptonator1337) June 6, 2020
As it turns out, Binance isn't the only website Brave is injecting its own referral links into. The browser's GitHub repository reveals the functionality was first added on March 25th, and the current list of sites includes Binance, Coinbase, Ledger, and Trezor. Brave Software receives a kickback for purchases/accounts made with those services — for example, Coinbase says that when you refer a new customer to the service, you can earn 50% of their fees for the first three months.
The nature of these affiliate programs also allows the referrer — in this case, Brave Software — to view some amount of data about the customers who sign up with the code. Coinbase's program provides "direct access to your campaign’s performance data," while Trezor offers a "detailed overview of purchases."
Yes, we partner with Binance as an affiliate. That code identifies us, not you.
— BrendanEich (@BrendanEich) June 6, 2020
Brave Software's co-founder and CEO, Brendan Eich, said on Twitter that he didn't believe there was anything wrong with injecting affiliate codes into web addresses. However, it seems the backlash worked, as Brave's developers are introducing a toggle for the suggestions, and the functionality will be disabled by default starting with the next stable release.
There's nothing inherently wrong with affiliate programs for businesses, as they can provide publishers and content creators a way to earn revenue without relying strictly on ads by driving traffic to a product/service. Brave isn't sending any people to these sites itself — it's simply hijacking organic traffic by embedding its own affiliate code. If you want a browser that is actually private and secure, use Firefox or Chromium with your choice of privacy extensions (preferably while throwing a few bucks to your favorite sites/creators, to make up for blocking ads).
- David Gerard