Internet Security Blog - Hackology
    Internet Security Blog - Hackology
    Brave Browser Crypto Affiliate Links
    CryptocurrencySoftware

    Brave Browser Injecting Affiliate Links

    Dr-Hack
    June 7, 2020
    Add comment
    4 min read

    Brave browser advocates itself as a browser with concern of our privacy, security and ad-blocking capabilities. That sounds all good but Brave browser has been found injecting their own referral links when you open various cryptocurrency websites. That is something unprofessional, unethical, illegal and BAD. I always vouched for Brave even have a banner on my blog, I might just remove that now or may be redirect it to this post.

    Brave Browser Injecting Affiliate Links

    If you open Brave browser and type to open Binance cryptocurrency exchange website, You will notice that Brave will hijack the Binance link you typed in and auto fills it with their own affiliate code. This was highlighted by Cryptnator 1337 in his tweet.

    The first tweet by Cryptonator where he exposed the referral crap Brave browser was pulling off.

    To explain it further, when you open certain cryptocurrency websites Brave browser will give you a suggestion with their ‘affiliate code’. If I were to open Binance website and I type binance.us , the suggested link will become binance.us/?&ref=35089877. The “&ref=35089877” part is the referral code of Brave. It’s hard to believe a browser talking about being open and not showing us ads is actively deceiving people.

    suggested_sites_provider_data.cc on Github shows who various websites and search terms suggest affiliate links

    Various searches will redirect you to Brave suggestion which will have referral links, as you can see in the code hosted on Github, they may push an update so the preserved code can be viewed on internet archive or on this paste. List of websites / searches which will offer you a Brave affiliate code :

    • binance.com
    • binance.us
    • coinbase.com
    • ledger.com
    • trezor.io
    • Searches of “bitcoin”
    • Searches of “btc”
    • Searches of “ethereum”
    • Searches of “eth”
    • Searches of “litecoin”
    • Searches of “ltc”
    • Searches of “bnb”
    Opening binance.us opens up binance with Brave affiliate link

    Brave Team Response on Affiliate Injection

    You may all think that Brave team would apologize and fix the mistake as it is something unethical to do so. But you are wrong, Brendan Eich, the founder and CEO of Brave, assures us that putting their referrer links into URLs as suggestions is completely normal and ethical

    Yes, we partner with Binance as an affiliate. That code identifies us, not you.

    Brendan Eich thinks shoving affiliate link is normal and calls it a “code” as if we do not know they are making money by using their referrals, which is unethical and straight wrong.

    But thanks to the initial tweet of Cryptonator1337 the news spread like wildfire and Brave CEO had to come up with something legit.

    We made a mistake, we’re correcting: Brave default autocompletes verbatim “http://binance.us” in address bar to add an affiliate code. We are a Binance affiliate, we refer users via the opt-in trading widget on the new tab page, but autocomplete should not add any code.

    He knows he is wrong but trying to make it look good, but Twitter shows no mercy. Its a fun thread to read

    Lets Trust Brave

    So Brave thought to add their referrals without informing anyone, I would request that binance closes their account, same goes for coinbase and others. Affiliate links without consent are illegal if not just highly unethical. My Reason of not using Brave has been the lack of proper sync, I tried moving to Firefox but that miserably failed. I do not see any good reason why one would use Brave when such unethical actions surface. The Brave browser is considered a relatively good tool for everyday use, but it doesn’t help with browser fingerprinting. Compare the similar Brave browser GoLogin, which changes your fingerprinting.

    But Brave Browser is Open Source

    Brave Browser is open source but just assuming that the code is open source wouldn’t mean that something like this won’t surface. It is important to note here that no one auditing the code noticed this behaviour rather Yannick noticed this after experiencing it first hand. Use of open source software is preferred but it doesn’t mean every open source application is the right choice the same way every closed source is not necessarily a no go place. Brave has committed a fix where first they turned off auto suggestions followed by removing their affiliate links (eventually).

    Let me have you a last laugh before you leave, see what CEO of Brave had to say once he was told that there are various websites with affiliate links being forced upon its users

    I didn’t know about Ledger. We don’t make anything off of that as far as I know. Anyway, we’ll remove all affiliate codes from autocomplete defaults.

    Eich tweets in a reply that he is not aware of all the affiliate codes being pushed to users. Reminds me of Facebook CEO

    Stay Safe and Use a Good Browser

    Add comment

    This site uses Akismet to reduce spam. Learn how your comment data is processed.

    You may also like

    Get Wise

    Subscribe to my newsletter to get latest InfoSec / Hacking News (1 Email/week)
    Utopia p2p Ecosystem