Brave apologises for redirecting users to affiliate links
The privacy-focused platform would revise URLs to add an affiliate code for those accessing cryptocurrency platforms
The CEO of privacy-centric internet browser Brave has publicly apologised for redirecting users visiting a prominent cryptocurrency trading platform to an affiliate link from which it profits.
When users entered the URL for Binance, “binance[dot]is”, the browser directed the user to the cryptocurrency exchange platform but through an auto-completed affiliate link, according to the Twitter user Cryptonator1337.
Should the user then make a transaction on the website, Brave would receive a small profit, as a result of being a registered affiliate.
The user described this discovery as “cringe” considering Brave’s ambitions to “fix the web” by providing its users with a safe and private browsing experience.
“We made a mistake, we're correcting,” said Brave’s co-founder and chief Brendan Eich.
“Brave default autocompletes verbatim "http://binance.us" in address bar to add an affiliate code. We are a Binance affiliate, we refer users via the opt-in trading widget on the new tab page, but autocomplete should not add any code.”
Eich added that the company is trying to build a viable business, which is currently designed around the process of paying out cryptocurrency rewards to users who choose to be served with advertisements. This is supplemented by “skin-in-game” affiliate revenue too.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
Brave partnered with Binance in April, for example, to allow users to trade cryptocurrency through a widget in a ‘new tab’ page. As such, the browser attracted many users that often engage in cryptocurrency trading.
Further examination by the director of research at The Block, Larry Cermak, revealed that Brave engages in the same process for Ledger, Trezor and Coinbase, according to code published on GitHub.
Brave has pledged to remove the feature that revised typed-in domains to add an affiliate link and has promised never to do so again.
There are worries that the incident may undermine Brave’s message and values, with the company having previously conducted research into data protection and privacy standards. For example, in April Brave launched research detailing how GDPR was being undermined by understaffed and under-resourced regulators.
Keumars Afifi-Sabet is a writer and editor that specialises in public sector, cyber security, and cloud computing. He first joined ITPro as a staff writer in April 2018 and eventually became its Features Editor. Although a regular contributor to other tech sites in the past, these days you will find Keumars on LiveScience, where he runs its Technology section.