Brave: (discreet) affiliation goes wrong

Brave: (discreet) affiliation goes wrong Cybersecurity

Brendan Eich, the founder of the Brave browser, publicly apologized on Twitter on Saturday June 6 following the discovery by users of automatic redirects in his browser. On twitter, a user noticed on Saturday June 6 that the autocompletion function of the URL in the browser bar did not work exactly as expected: when trying to type the URL of the Binance cryptocurrency site (, the autocompletion of the browser automatically transformed the link to redirect users to an affiliate page (binance[.]us / en? ref = 35089877) instead of the site URL.

Other Brave netizens and users have realized that this behavior is reproduced identically on certain sites linked to the cryptocurrency sector: among them, there are links leading to Coinbase, Ledger or Trezor. For each of these sites, Brave’s autocompletion preferred to supplement the suggestion with an affiliate link rather than the link to the site’s simple domain name.

Self-affiliation and damage control

The addition of this functionality dates from March 25, as revealed in the Github repository of the Brave project. The browser announced a short time before entering into a series of partnerships with the companies concerned by this new autocompletion function to affiliate links. This feature is a way for Brave to generate income by estimating the share of browser users sent to these different sites.

Brave’s understated integration of this feature prompted chief executive Brendan Eich to apologize for what he called “a mistake.” Some users believed that adding this functionality, without notifying users or asking their consent, could cause security risks by accustoming users to wild redirects on the client side. Brendan Eich explains that the feature is based on the affiliate links highlighted for keyword searches in the URL bar, but concedes that this type of behavior should not occur when the user types a name. field. Without further ado, the functionality was removed and Brendan Eich indicates a setting to turn off the browser’s autocompletion functionality.

Brave pays here the price of its positioning in favor of the protection of the privacy of the users: the browser is distinguished in particular by leaving the choice to its users to completely block the advertisements displayed on the web, or to replace them by injected advertisements directly by Brave. With such a user base, it is therefore difficult to hope to be able to smuggle affiliate links without causing a psychodrama of which social networks have the secret today. Rather than face an outcry, the browser therefore preferred to reverse.


Rate article
Add comment