The Brave web browser is hijacking links, and inserting affiliate codes - Brave has already fixed this, But still WTF

Clones of Alex Jones

Deus Ex Wasn't a Game it Was a Prophecy
kiwifarms.net
Archive
The Brave web browser is hijacking links, and inserting affiliate codes
  • by: David Gerard
  • In: Uncategorised
  • On Jun 06,2020
  • Comments: 0
  • Tags: binance , brave , brendan eich

  • The Brave web browser sells itself on privacy, security and ad-blocking. It also has its own cryptocurrency, the Basic Attention Token.
    As such, it’s a favourite with crypto people — ones who don’t know how to install uBlock Origin, anyway. [uBO Firefox; uBO Chrome]



    What Brave’s done this time
    Brave is very into affiliate marketing. Just in March this year, Brave was caught running eToro affiliate marketing without the legally-required disclaimers — and Brave staff were caught deleting all mention of this from the /r/brave_browser subforum on Reddit. [Github, archive]
    If you’re using Brave and try to go to the Binance crypto exchange, Brave hijacks the Binance link you typed in, and autofills with its own affiliate code. This was spotted by @cryptonator1337 on Twitter earlier today. [Twitter]



    Cryptonator1337 @cryptonator1337


    · 10h
    Replying to @cryptonator1337

    Ok it is not a "redirect", but an autofill. Just with binance you get autofilled a reflink like it seems.


    Sites that Brave attaches a referrer ID to include binance.com, binance.us, coinbase.com, ledger.com and trezor.io. Searches on “bitcoin”, “btc”, “ethereum”, “eth”, “litecoin”, “ltc” or “bnb” that lead to Binance also get a referrer attached. This is all in the file suggested_sites_provider_data.cc . [GitHub, version as of today]
    Brendan Eich, the founder and CEO of Brave, assures us that putting his referrer links into URLs that users typed in, to try to get people to click through accidentally, is all completely upright and above-board. [Twitter]
    This ignores the disclosures required for affiliate links — the disclosures that Brave also ignored for the eToro links in March. In the US, the FTC has required full disclosure of affiliate marketing since 2009 — you have to put it right there on the page. Similar rules apply in the UK and the EU. (See my Amazon disclosure at the bottom-right of this post, for example.) [FTC; CAP]
    However, Eich is very sorry that Brave got caught — again — and something will be changed in some manner to stop this behaviour, or at least obscure it. (Eich doesn’t say precisely what the totally fine thing Brave thought it was doing was, or what’s going to change here.) [Twitter]
    Whatever the change is, it will at least apply for Binance — though Eich conspicuously didn’t mention the other sites, and there’s no update on GitHub as yet to the source code file I linked above. [GitHub, master branch]
    How does this keep happening?!
    I have been told by multiple past subordinates of Eich’s how — in discussion of any matter whatsoever — he will not be swayed from any opinion that he feels he has reached through logic and reason, and will vehemently argue his correctness at length.
    This doesn’t go so well when he’s trying to convince people on Twitter of his bona fides, when they think he’s just scammed them.
    When Brave was caught in December 2018 asking for donations on behalf of other people without telling them, Eich started alluding in Twitter replies to Plato, Hume and Nietzsche. “In short run, without sounding Nietzschean, will matters. Patreon’s is weak or corrupt. Ours is not.” This didn’t convince anyone either. [Twitter archive; Twitter archive; Twitter archive]
    What should Brave do?
    I’d like to assume Eich is acting in good faith here — but this sort of nonsense keeps happening.
    When you see you’ve done something wrong, you should fix it — then explain what you got wrong, that you understand why your users are upset, and how this happened.
    Then you don’t do it again. And you put systems into place so that you don’t do it again.
    What you don’t do is to rack up a chain of other unmarked affiliate advertising, or pull what looks remarkably like donation fraud. Then apologise each time, say you’ve fixed it … and then do it again.
    This is precisely what scammers do — they apologise, swear they’ll fix it, and then they do it again.
    So don’t do that.
    What should I do, as a Brave user?
    There is no good reason to use Brave. Use Chromium — the open-source core of Chrome — with uBlock Origin. [Chromium download, uBO Chrome]
    Or use Firefox with the uBlock Origin adblocker — ‘cos it blocks more ads than the Chromium framework will let it block. [uBO Firefox]
    If you’re on Android, use Firefox with uBlock Origin, or the new Firefox Focus browser. [Mozilla]
    Brave is a browser for suckers who want to keep getting played — so it’s a 100% crypto enterprise. As Eich’s pinned tweet still tells us: “Who gets paid? If not you, then you’re ‘product’.” [Twitter]



    nadroj.py @N4DRO


    · 5h
    Replying to @cryptonator1337 @brave

    Sneaky lol, back to Firefox I go. Good find btw



    See Cryptonator1337's other Tweets

Update: Brendan Eich has responded to this post by claiming “David lies about us all the time.” I have pointed out that this is a prima facie defamatory statement, and asked him to detail these claimed lies. [Twitter, archive]


Update 2: The fix has been committed to the Brave repository on GitHub. The functionality will default to being switched off. [GitHub, GitHub]
 

The Mass Shooter Ron Soye

🖩🍸🔫 :) :) :) 😷
kiwifarms.net
https://twitter.com/BrendanEich/status/1269333191011168256
http://archive.md/MMdIU

1/ We made a mistake, we're correcting: Brave default autocompletes verbatim "http://binance.us" in address bar to add an affiliate code. We are a Binance affiliate, we refer users via the opt-in trading widget on the new tab page, but autocomplete should not add any code.

A serious error in judgment needs explanation. Otherwise it looks like mouthing an apology. We will never revise typed in domains again, I promise.
 

Ben Garrison

Got a life sentence, when I shot a Jew
kiwifarms.net
Last edited:

JoshPlz

🎇Patron Saint of Good Boys🎆
True & Honest Fan
kiwifarms.net
Eich is a lolcow and Brave is useless. Just use Chromium instead.
Brave is pretty neat for mobile though. Mobile Firefox feels sluggish and unoptimized while mobile Chrome doesn't come with any option to block ads.

It also feeds dear leader.
 
Tags
None