Brave Browser Mistake Adds Its Referrer Code For Cryptocurrency Sites (yahoo.com) 26
The following report appeared on Yahoo! Finance:
Privacy-focused browser Brave was found to autocomplete several websites and keywords in its address bar with an affiliate code. Shortly after a user published his findings, Brave CEO and co-founder Brendan Eich addressed the incident and called it "a mistake we're correcting." Eich said that while Brave is a Binance affiliate [a cryptocurrency exchange], the browser's autocompleting feature should not have added any new affiliate codes.
"The autocomplete default was inspired by search query clientid attribution that all browsers do, but unlike keyword queries, a typed-in URL should go to the domain named, without any additions," Eich wrote in the thread. "Sorry for this mistake — we are clearly not perfect, but we correct course quickly," he added.
Android Police reports the mistake occured more than 10 weeks ago — and that referrer codes were also included for other cryptocurrency-related sites: The browser's GitHub repository reveals the functionality was first added on March 25th, and the current list of sites includes Binance, Coinbase, Ledger, and Trezor. Brave Software receives a kickback for purchases/accounts made with those services — for example, Coinbase says that when you refer a new customer to the service, you can earn 50% of their fees for the first three months.
The nature of these affiliate programs also allows the referrer — in this case, Brave Software — to view some amount of data about the customers who sign up with the code. Coinbase's program provides "direct access to your campaign's performance data," while Trezor offers a "detailed overview of purchases."
Brave CEO and co-founder Brendan Eich (who also created the JavaScript programming language) tweeted, "For what it's worth there's a setting to disable the autocomplete defaults that add affiliate codes, in brave://settings first page. Current plan is to flip default to off as shown here. You can disable ahead of our release schedule if you want to.
"Good to hear from supporters who'll enable it."
"The autocomplete default was inspired by search query clientid attribution that all browsers do, but unlike keyword queries, a typed-in URL should go to the domain named, without any additions," Eich wrote in the thread. "Sorry for this mistake — we are clearly not perfect, but we correct course quickly," he added.
Android Police reports the mistake occured more than 10 weeks ago — and that referrer codes were also included for other cryptocurrency-related sites: The browser's GitHub repository reveals the functionality was first added on March 25th, and the current list of sites includes Binance, Coinbase, Ledger, and Trezor. Brave Software receives a kickback for purchases/accounts made with those services — for example, Coinbase says that when you refer a new customer to the service, you can earn 50% of their fees for the first three months.
The nature of these affiliate programs also allows the referrer — in this case, Brave Software — to view some amount of data about the customers who sign up with the code. Coinbase's program provides "direct access to your campaign's performance data," while Trezor offers a "detailed overview of purchases."
Brave CEO and co-founder Brendan Eich (who also created the JavaScript programming language) tweeted, "For what it's worth there's a setting to disable the autocomplete defaults that add affiliate codes, in brave://settings first page. Current plan is to flip default to off as shown here. You can disable ahead of our release schedule if you want to.
"Good to hear from supporters who'll enable it."
Mistake (Score:5, Insightful)
"Mistake". Yeah right. Oops, we got caught. It was just a "mistake".
It has nothing to do with the fact that Brave Browser is a commercial product designed to promote the use of a cryptocurrency that Brave itself owns.
Re: (Score:1)
Only a blind idiot would use or trust Brave.
Re: (Score:2)
Further, it can't be a mistake if Eich then says
If it were a mistake, the code would have been deleted, and there would not be a call for people to "support" anything.
Re:Mistake (Score:4, Interesting)
I said it was shady and Brave fans rushed to support Eich and his browser, but it looks like I was right. Anything involving crypto currency is probably a scam and Brave is no exception.
Maybe they started out with good intentions but when that inevitably failed to produce decent revenue they just decided to go all out evil. Or maybe it was the plan from the start, who knows? Who cares, steer clear of crypto currencies kids.
TWO BARS! One for URL, one for search. (Score:5, Insightful)
I am disgusted that a URL bar can or will effect a search. It should be ONLY for a valid URL. If I mistype in the URL bar, my browser should return an error, nothing else. When I use the search bar, well, I expect any results.
Re: (Score:3)
It's been such a while that I'd practically forgotten that it wasn't always that way, but at least once a month the single bar in my browser still screws up and does a search when it shouldn't or tries to interpret a search as if it were a URL.
Re:TWO BARS! One for URL, one for search. (Score:4, Insightful)
"When I use the search bar, well, I expect any results."
In particular, when I use the search bar the browser should not go anywhere except the search engine site. If the URL and the search terms go in the same box I cannot search for information about a site.
In the same vein, if DNS fails for the hostname in the URL no different TLDs be swapped in.
The next best thing would be absolutely no search on what was typed in the URL box whatsoever.
Re: (Score:3)
It looks like there's a setting in Firefox for this, but changing it just gives you an extra search field next to your address bar that still functions as a search field. Is there something in about:config that will actually kill that junk?
Re: (Score:2)
Just customise the toolbar and remove the search box again.
If I type anything in my url bar the browser parses it as a URL (assuming a prepended HTTP if required) and tries to find a domain name which it can look up via DNS
If that works, it'll try and open a http or https session to that domain. If it doesn't work, it'll tell me 'domain not found'.
No searching, no search bar, no automatic lookup of what I typed anywhere else, no dns fall-through.
If I want to do a search I'll tell the browser to connect to a
Re: (Score:2)
i tried that browser for a very short time (Score:3)
a good android browser is Lightning, the premium version allows you to select a custom hosts file to use as a spam blocker which i quickly took full advantage of, works great, nice lightweight no-nonsense browser,
Re:i tried that browser for a very short time (Score:5, Interesting)
How so? I've used Brave on my phone for about 2-3 years now and granted I do turn off all of the added rewards nonsense etc. It's still a very serviceable Chromium-based browser that includes an ad-blocker. I'm not married to the idea of using it, but at the time there weren't any other Chrome-based solutions that offered an ad-blocker that I could find. I dunno what Google does, but Chrome always renders pages way faster than Firefox or Puffin, and at the time FF mobile crashed constantly as well. It's much better now, but still renders incredibly slowly even on flagship CPUs.
Re: (Score:3)
I find Firefox isn't quite as smooth on Android but it's more than usable, it's really quite a minor loss of speed compared to Chrome. The biggest issue is page rendering which just doesn't work right for a lot of sites in Firefox or Firefox Preview.
I've submitted reports to Bugzilla but they don't seem to be interested in fixing the primary function of the browser.
Re: (Score:2)
My favourite browser on Android is the Samsung one. Support for multiple ad blockers, easy option to open in new tab (in both foreground and background), renders everything as the site designer intended it, never had any speed issues.
Re: (Score:2)
> the hand-holding was ridiculous
The what? It's basically Chrome with tracking protection.
Re: (Score:2)
Since Lightning is open and free software, it is also available from F-Droid [f-droid.org].
“Mistake”? (Score:3)
Are you sure about that?
Re:“Mistake”? (Score:4, Interesting)
Yea, they mistakenly did it in such a way that they'd get caught.
Just like they 'mistakenly' set up accounts for everyone and their dog, whether you wanted it or not, with the attention coin thing.
I can't speak to how well the browser works (I imaging it's not bad, being a chromium fork), but I'm sure not going near it.
Re:“Mistake”? (Score:4, Informative)
Yea, they mistakenly did it in such a way that they'd get caught.
Exactly. And it seems like these sort of "mistakes" are happening repeatedly [davidgerard.co.uk], with the all too familiar Facebook-getting-caught-then-apologizes apologies.
Hahahaha (Score:3)
What did y'all expect? Fools.
Comment removed (Score:4, Interesting)
Just no (Score:3)
Reason d'etre == ZED (Score:2)
Brave has been functionally equivalent to Apple's browser " Safari" with the added benefit of pretty pictures. I enjoyed the aesthetics of its minimalist UI and reliable behavior. Now that Brave's man in charge has been caught red handed with offending code insertion after the fact it was released as a " Privacy 1st" application there exists no reason for it to exist.
The man in charge humble bragged user fealty to his product bared the soul of a plantation mentality that defies the one thing against which
What was the crime? (Score:1)