Brave Browser Takes Back Controversial Affiliate Code Injection

• Brave was redirecting users who tried to access cryptocurrency exchange platforms to their affiliate program.
• The browser company was making money by the referrals, but its users' privacy was potentially compromised.
• Brave has now disabled the setting by default and calls the users to enable it and show their support.

Brave browser, one of the most privacy-focused and secure web browsers out there, has made a mistake which generated a notable backlash from the community, leading to a retraction. More specifically, Brave was automatically injecting affiliate code on cryptocurrency exchange platforms like Binance, Coinbase, Ledger, and Trezor. As Brendan Eich, the CEO and co-founder of Brave Software admitted, this was a mistake, and they have changed this setting from being "on" by default to being an opt-in choice for the user. The “mistake” lasted for about ten weeks, from March 25 to the past weekend.

So when you are using the @brave browser and type in "binance[.]us" you end up getting redirected to "binance[.]us/en?ref=35089877" - I see what you did there mates 😂

— CR1337 (@cryptonator1337) June 6, 2020

1/ We made a mistake, we're correcting: Brave default autocompletes verbatim "https://t.co/hJd0ePInEw" in address bar to add an affiliate code. We are a Binance affiliate, we refer users via the opt-in trading widget on the new tab page, but autocomplete should not add any code.

— BrendanEich (@BrendanEich) June 6, 2020

Brave is rising in popularity very quickly, and it has recently reached 15 million monthly active users and 5 million daily users. Besides the privacy and security features that are offered through Brave, this particular browser is unique in the field of cryptocurrency - it is serving advertising campaigns to the users who want it, in exchange for crypto (Brave Rewards). Moreover, it features a crypto wallet that enables users to connect their Uphold account and make transactions right from within the browser. All that said, there are quite a few cryptocurrency holders who like to use Brave.

The injection of affiliate links caused controversy in Brave’s community not because the company tried to make money out of its users, but because it risked their privacy in the process. By injecting affiliate code, Brave gets a cut from the cryptocurrency exchange platforms, as it looks like they have referred these users. However, the referrer is allowed to view some parts of the data that concern the user who signs up with the service's code, as the affiliate program systems generally provide this. Coinbase, for example, provides direct access to the campaign’s performance data, while Trezor is giving away a detailed overview of the purchases done by the referred users.

For a privacy-focused browser like Brave, this auto-completing should never have been activated by default. If any of the users want to support their favorite browser, they may enable it manually. Obviously, not everyone will go through the trouble of doing it, but this should be the setting from the start. To check what your settings are in relation to this feature, open Brave’s Settings menu, go to “Privacy and Security,” and check the position of the “Autocomplete searchers and URLs” switch.