Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Bug Chromium Privacy The Almighty Buck

Brave Browser Mistake Adds Its Referrer Code For Cryptocurrency Sites (yahoo.com) 26

The following report appeared on Yahoo! Finance: Privacy-focused browser Brave was found to autocomplete several websites and keywords in its address bar with an affiliate code. Shortly after a user published his findings, Brave CEO and co-founder Brendan Eich addressed the incident and called it "a mistake we're correcting." Eich said that while Brave is a Binance affiliate [a cryptocurrency exchange], the browser's autocompleting feature should not have added any new affiliate codes.

"The autocomplete default was inspired by search query clientid attribution that all browsers do, but unlike keyword queries, a typed-in URL should go to the domain named, without any additions," Eich wrote in the thread. "Sorry for this mistake — we are clearly not perfect, but we correct course quickly," he added.

Android Police reports the mistake occured more than 10 weeks ago — and that referrer codes were also included for other cryptocurrency-related sites: The browser's GitHub repository reveals the functionality was first added on March 25th, and the current list of sites includes Binance, Coinbase, Ledger, and Trezor. Brave Software receives a kickback for purchases/accounts made with those services — for example, Coinbase says that when you refer a new customer to the service, you can earn 50% of their fees for the first three months.

The nature of these affiliate programs also allows the referrer — in this case, Brave Software — to view some amount of data about the customers who sign up with the code. Coinbase's program provides "direct access to your campaign's performance data," while Trezor offers a "detailed overview of purchases."

Brave CEO and co-founder Brendan Eich (who also created the JavaScript programming language) tweeted, "For what it's worth there's a setting to disable the autocomplete defaults that add affiliate codes, in brave://settings first page. Current plan is to flip default to off as shown here. You can disable ahead of our release schedule if you want to.

"Good to hear from supporters who'll enable it."
This discussion has been archived. No new comments can be posted.

Brave Browser Mistake Adds Its Referrer Code For Cryptocurrency Sites

Comments Filter:
  • Mistake (Score:5, Insightful)

    by Anonymous Coward on Sunday June 07, 2020 @06:05PM (#60157564)

    "Mistake". Yeah right. Oops, we got caught. It was just a "mistake".

    It has nothing to do with the fact that Brave Browser is a commercial product designed to promote the use of a cryptocurrency that Brave itself owns.

    • by Anonymous Coward

      Only a blind idiot would use or trust Brave.

    • by Anonymous Coward

      Further, it can't be a mistake if Eich then says

      "Good to hear from supporters who'll enable it."

      If it were a mistake, the code would have been deleted, and there would not be a call for people to "support" anything.

    • Re:Mistake (Score:4, Interesting)

      by AmiMoJo ( 196126 ) on Monday June 08, 2020 @03:51AM (#60158670) Homepage Journal

      I said it was shady and Brave fans rushed to support Eich and his browser, but it looks like I was right. Anything involving crypto currency is probably a scam and Brave is no exception.

      Maybe they started out with good intentions but when that inevitably failed to produce decent revenue they just decided to go all out evil. Or maybe it was the plan from the start, who knows? Who cares, steer clear of crypto currencies kids.

  • by glitch! ( 57276 ) on Sunday June 07, 2020 @06:06PM (#60157568)

    I am disgusted that a URL bar can or will effect a search. It should be ONLY for a valid URL. If I mistype in the URL bar, my browser should return an error, nothing else. When I use the search bar, well, I expect any results.

    • That battle was fought and lost some time ago. It's like someone looked at Apple's mouse design and thought it would be even better if they applied it to web browsers.

      It's been such a while that I'd practically forgotten that it wasn't always that way, but at least once a month the single bar in my browser still screws up and does a search when it shouldn't or tries to interpret a search as if it were a URL.
    • by radarskiy ( 2874255 ) on Sunday June 07, 2020 @07:39PM (#60157744)

      "When I use the search bar, well, I expect any results."
      In particular, when I use the search bar the browser should not go anywhere except the search engine site. If the URL and the search terms go in the same box I cannot search for information about a site.

      In the same vein, if DNS fails for the hostname in the URL no different TLDs be swapped in.

      The next best thing would be absolutely no search on what was typed in the URL box whatsoever.

    • It looks like there's a setting in Firefox for this, but changing it just gives you an extra search field next to your address bar that still functions as a search field. Is there something in about:config that will actually kill that junk?

      • by Cederic ( 9623 )

        Just customise the toolbar and remove the search box again.

        If I type anything in my url bar the browser parses it as a URL (assuming a prepended HTTP if required) and tries to find a domain name which it can look up via DNS

        If that works, it'll try and open a http or https session to that domain. If it doesn't work, it'll tell me 'domain not found'.

        No searching, no search bar, no automatic lookup of what I typed anywhere else, no dns fall-through.

        If I want to do a search I'll tell the browser to connect to a

    • Comment removed based on user account deletion
  • by FudRucker ( 866063 ) on Sunday June 07, 2020 @06:29PM (#60157614)
    a few months back, and it was one of the most annoying browsers i ever used, the hand-holding was ridiculous, i hated it and uninstalled it never to be used again by me
    a good android browser is Lightning, the premium version allows you to select a custom hosts file to use as a spam blocker which i quickly took full advantage of, works great, nice lightweight no-nonsense browser,
    • by Aereus ( 1042228 ) on Sunday June 07, 2020 @07:00PM (#60157664)

      How so? I've used Brave on my phone for about 2-3 years now and granted I do turn off all of the added rewards nonsense etc. It's still a very serviceable Chromium-based browser that includes an ad-blocker. I'm not married to the idea of using it, but at the time there weren't any other Chrome-based solutions that offered an ad-blocker that I could find. I dunno what Google does, but Chrome always renders pages way faster than Firefox or Puffin, and at the time FF mobile crashed constantly as well. It's much better now, but still renders incredibly slowly even on flagship CPUs.

      • by AmiMoJo ( 196126 )

        I find Firefox isn't quite as smooth on Android but it's more than usable, it's really quite a minor loss of speed compared to Chrome. The biggest issue is page rendering which just doesn't work right for a lot of sites in Firefox or Firefox Preview.

        I've submitted reports to Bugzilla but they don't seem to be interested in fixing the primary function of the browser.

        • by Cederic ( 9623 )

          My favourite browser on Android is the Samsung one. Support for multiple ad blockers, easy option to open in new tab (in both foreground and background), renders everything as the site designer intended it, never had any speed issues.

    • > the hand-holding was ridiculous

      The what? It's basically Chrome with tracking protection.

    • Since Lightning is open and free software, it is also available from F-Droid [f-droid.org].

  • by Sebby ( 238625 ) on Sunday June 07, 2020 @06:47PM (#60157652)

    Are you sure about that?

  • by backslashdot ( 95548 ) on Sunday June 07, 2020 @07:00PM (#60157666)

    What did y'all expect? Fools.

  • Comment removed (Score:4, Interesting)

    by account_deleted ( 4530225 ) on Sunday June 07, 2020 @09:32PM (#60157992)
    Comment removed based on user account deletion
  • by sectokia ( 3999401 ) on Monday June 08, 2020 @07:50AM (#60159038)
    If a the browser doesnâ(TM)t send a GET for exactly the URL I enter.... then it can fuck off forever. Unforgivable.
  • Brave has been functionally equivalent to Apple's browser " Safari" with the added benefit of pretty pictures. I enjoyed the aesthetics of its minimalist UI and reliable behavior. Now that Brave's man in charge has been caught red handed with offending code insertion after the fact it was released as a " Privacy 1st" application there exists no reason for it to exist.

    The man in charge humble bragged user fealty to his product bared the soul of a plantation mentality that defies the one thing against which

  • Honest question. Since even the oldest days of HTML, every request contains a referrer string and a user-agent string, so every web site has always known what browser is used and whether the user clicked a link or entered the URL at top-level. The tendency in browsers has been to combine the search and URL bars with lots of auto-complete nonsense and suggestions. If you type in a URL you have to watch what is happening. Brave does not appear to have altered search: if I type "binance.com" unaltered into the

"If Diet Coke did not exist it would have been neccessary to invent it." -- Karl Lehenbauer

Working...