1/ We made a mistake, we're correcting: Brave default autocompletes verbatim "https://t.co/hJd0ePInEw" in address bar to add an affiliate code. We are a Binance affiliate, we refer users via the opt-in trading widget on the new tab page, but autocomplete should not add any code.— BrendanEich (@BrendanEich) June 6, 2020
EDIT: Brave now admits it was more than just Binance and this issue now effects 4 other crypto services as well Click this link to github commit page
I am sure many of us here are also users of the crypto backed Brave browser which promises transparency and privacy online. It was revealed today that Brave was automatically changing url’s that users were visiting with copies of the url that also included Brave referral links to other sites without the user being aware of such a transaction.
I have no problem with them encouraging their users to use an affiliate link to help support the platform. I am against a company that pretends that privacy and honesty are important while inserting affiliate links WITHOUT the user consent or notification.
Brave has addressed the situation (albeit poorly) and I have included a Reddit link that has a response directly from Brave. It is an interesting topic and I wanted to bring it to every ones attention so that we can make sure to avoid this type of behavior in our ecosystem.
I could see Stake pool websites potentially using url redirects or other “less than acceptable” behaviors and could prey on the Cardano community or act as a launchpad for malware or worse. As we approach Shelly and beyond, we must take security and education seriously and 3rd party stake pools and websites seem like our weakest front.
Personal responsibility 100% but what else can we do to make Cardano even more secure today and 10 years from now?
Being open source is only part of the solution when 95% of users cant even understand the source code to know when something is going wrong.
Edits made to include new information