Brave tries to clarify the “referral code” issue

Yesterday I’ve talked about a strange behavior in Brave Browser, which adds referral codes in URLs when users try to open a “partnered” site.

Few hours later the tweet [1] by Yannick Eckl , we have the answer from Brendan Eich, Brave’s CEO, who defining the issue as a “mistake” [3]:

Over the weekend, one of our users noticed that typing “binance.us” into Brave’s address bar added an affiliate code to the end of the address (commonly called a URL) that was typed in.

The bad news is that we made a mistake when adding affiliate codes and logic using them to suggest alternative completions shown in the drop-down under the address bar. The error was adding the affiliate code to the default completion (where you go if you hit the <enter> or <return> key) for a small set of URLs, instead of only to the suggested alternative completions that users must pick manually.

We apologize to our users for this error.

However, further research on Brave’s GitHub repository revealed it was also redirecting the URLs of Ledger, Trezor and Coinbase to URLs with refferral codes [2]:

The mystery deepens!


References

  1. https://twitter.com/cryptonator1337/status/1269201480105578496
  2. https://github.com/brave/brave-core/blob/1cac2377c9a2d5e35873d4d3d74130336b86d062/components/omnibox/browser/suggested_sites_provider_data.cc
  3. On Partner Referral Codes in Brave Suggested Sites

Related posts

  1. Anomaly Six LLC: collecting and selling mobile phone location data using an SDK
  2. Why Huawei USB stick setup on linux adds a strange “Huawei Autorun” script in system start?
  3. How secure and privacy-oriented is iOS?
  4. Sara Morrison: how SDKs, hidden trackers in your phone, work
  5. Weekly Cybersecurity Roundup #13