A Warning: Brave Web Browser hardcoding Binance.us, Coinbase, Ledger & Trezor URL

Click here to learn about: Brave hardcoding Binance.us URL to their referral link

1/ We made a mistake, we're correcting: Brave default autocompletes verbatim "https://t.co/hJd0ePInEw" in address bar to add an affiliate code. We are a Binance affiliate, we refer users via the opt-in trading widget on the new tab page, but autocomplete should not add any code.

— BrendanEich (@BrendanEich) June 6, 2020

EDIT: Brave now admits it was more than just Binance and this issue now effects 4 other crypto services as well Click this link to github commit page

I am sure many of us here are also users of the crypto backed Brave browser which promises transparency and privacy online. It was revealed today that Brave was automatically changing url’s that users were visiting with copies of the url that also included Brave referral links to other sites without the user being aware of such a transaction.

I have no problem with them encouraging their users to use an affiliate link to help support the platform. I am against a company that pretends that privacy and honesty are important while inserting affiliate links WITHOUT the user consent or notification.

Brave has addressed the situation (albeit poorly) and I have included a Reddit link that has a response directly from Brave. It is an interesting topic and I wanted to bring it to every ones attention so that we can make sure to avoid this type of behavior in our ecosystem.

I could see Stake pool websites potentially using url redirects or other “less than acceptable” behaviors and could prey on the Cardano community or act as a launchpad for malware or worse. As we approach Shelly and beyond, we must take security and education seriously and 3rd party stake pools and websites seem like our weakest front.

Personal responsibility 100% but what else can we do to make Cardano even more secure today and 10 years from now?

Being open source is only part of the solution when 95% of users cant even understand the source code to know when something is going wrong.

Edits made to include new information

-Richard

Brave has been giving me that “if it’s too good to be true” vibe for a while now…

An auto-contribute feature that keeps handing out BAT even when it’s turned off, an obtuse depositing system, now this…

I had already decided to bow out of the whole rewards system – it’s interesting in theory, but the way the Brave developers have put it into practice (and are relentlessly milking it) raises more red flags than the annual parade of the People’s Liberation Army in Beijing…

I’ll probably keep using Brave with the rewards system switched off for now. The adblocker is really good, and I never use it for anything sensitive anyway (that’s good old Tor’s job).

As you say: open source doesn’t solve everything, not everyone can check code for themselves.

But one thing Cardano already has that Brave doesn’t is an actively involved, and on the whole somewhat more tech-savvy, community.

Compare the average post on the Brave and BAT community forums with this one, and you’ll see what I mean – we also get our share of “when moon” and “dude where’s my wallet” type posts here (hey, many of us started out that way, admit it ), but it’s less pervasive.

Important perspective thanks for sharing

Send to Charles

Despite Brave trying to generate some revenue, this doesn’t distract from their privacy first approach. An affiliate link by itself is no big deal.

They should have notified the user, but this got way too much press in my opinion.