Brave, a crypto-powered privacy-focused web browser, has been caught autocompleting URLs on cryptocurrency websites with the company’s own referral link.
The discovery was first made by a popular cryptocurrency commentator, Cryptonator (@cryptonator1337) who noticed that the Brave browser is auto-completing certain domains to add a referral code.
For instance, when he typed “binance.us” into the address bar, it automatically changed to “binance.us/en?ref=35089877”. Basically, the Brave browser is redirecting Binance links to a referral landing page, which Brave profits from.
So when you are using the @brave browser and type in "binance[.]us" you end up getting redirected to "binance[.]us/en?ref=35089877" – I see what you did there mates ?
— Cryptonator1337 (@cryptonator1337) June 6, 2020
Brendan Eich, CEO and co-founder of Brave, said on Twitter that he doesn’t believe there is anything wrong with injecting affiliate codes into web addresses, as they “partner with Binance as an affiliate.”
Earlier this year, Brave and crypto exchange service Binance signed a partnership to allow users to trade cryptocurrencies, view their balance and get deposit addresses through an opt-in widget in the Brave browser.
Binance isn’t the only website Brave is injecting its own referral links into. It is also doing the same thing for websites owned by Ledger, Trezor, and Coinbase.
The discovery was later made by another Twitter user Larry Cermak (@lawmaster) who shared it via the following tweet.
Looks like it’s not a very isolated mistake. Brave also does this for Ledger, Trezor and Coinbase if you look in their Github https://t.co/8PpnlS5jAu https://t.co/JGQ7d23fer pic.twitter.com/keorBZiDJL
— Larry Cermak (@lawmaster) June 6, 2020
However, Eich quickly responded to the above tweet, stating that it was a mistake and the company is working to remove all affiliate-code autocomplete defaults.
“We made a mistake, we’re correcting: Brave default autocompletes verbatim “http://binance.us” in address bar to add an affiliate code. We are a Binance affiliate, we refer users via the opt-in trading widget on the new tab page, but autocomplete should not add any code,” Eich tweeted.
“The autocomplete default was inspired by search query clientid attribution that all browsers do, but unlike keyword queries, a typed-in URL should go to the domain named, without any additions. Sorry for this mistake — we are clearly not perfect, but we correct course quickly.”
Eich added that the issue has since been “fixed” to flip the switch. Also, for those who still want Brave to get affiliate revenue will be able to do so through the opt-in feature.