Brave Browser Affiliate Referral Scheme
| Brave Browser Affiliate Referral Scheme | |
|---|---|
| Short Title | Brave Privacy Browser Automatically Adding Affiliate Links to Cryptocurrency URLs |
| Location | Global |
| Date | June 2020 |
| Solove Harm | Surveillance, Breach of Confidentiality |
| Information | Behavioral, Computer Device |
| Threat Actors | Brave browser, Coinbase, Binance, Ledger, Trezor |
| Individuals | |
| Affected | Brave users |
| High Risk Groups | |
| Tangible Harms | |
Brave browser was found to automatically add a referral code to URLs leading to cryptocurrency sites.
Description
Brave is one of the biggest names in the world of privacy browsers, with a user base of about 15 million.
The browser was found auto-completing URLs to certain cryptocurrency sites with an affiliate link, without notifying the users about it. This is a user tracking technique and can be seen as Surveillance.
It works in a way, that a special URL is provided to an affiliate to promote partner’s services. When someone signs up via that distinct URL, the affiliate gets some sort of payment for it. Brave’s founder later implied that the revenue was necessary for Brave to support itself.
When a user entered the name or URL of certain cryptocurrency sites into the Brave browser, it would automatically redirect them to that site with Brave’s referral code appended to the URL. Users didn’t know about this tracking, especially given Brave’s reputation of being privacy oriented product. This processing of behavioural information of users can be seen as Breach of Confidentiality.
Among Brave’s affiliates are such cryptocurrency sites as Binance, Coinbase, Ledger and Trezor.
Brave’s founder apologized for the scheme once it was discovered by users, stated that it had been fixed, and vowed that the company would not do it again.