As a software company in the browser space, Brave’s made a name for itself by putting user privacy first and monetization second. But now, some of its users are pointing out that the pledge might be a bit duplicitous. As first pointed out by the folks over at Decrypt, Brave has been quietly redirecting its users from particular cryptocurrency sites, over to affiliate URLs that Brave, in turn, can use to track users and skim off revenue.
The news came to light this past weekend when one Twitter user pointed out that, upon typing the URL for the cryptocurrency exchange Binance into his Brave search bar, the browser automatically reformatted the original URL—”binance.us”—into the affiliate-friendly “binance.us/en?ref=35089877:” a link that directs the end-user to the exact same destination, but the latter ensures that Brave gets a commission for referring that user to that particular site.
According to Binance’s blog post explaining its affiliate program, the commissioner’s cut can be “up to 50%” of each trade a user might make.
There’s actually a name for these sorts of URL-tracking tags: link decoration. It’s a slightly-shady practice that the likes of Facebook and Google, along with countless other companies have dipped into while looking for ways to track users in a cookie-free way. But as Decrypt points out in its piece, Brave never tipped off the roughly 15 million people using its browsers each month that these tags were being added to some of their search terms—let alone that these tags could ostensibly be used to track them across the web.
Not long after news of the Binance tracker came to light—along with similar trackers being added to the URL’s of several other crypto-centric services—Brave CEO Brendan Eich announced on Twitter that adding affiliate links within a user’s search bar was a “mistake” that the company is now “correcting.”
But from his explanation, it seemed like it wasn’t much of a mistake at all. Brave, as Eich explained it, is “trying to build a viable business,” both by getting a cut from the ads that its users opt-into as part of the service, and through affiliate revenue via search—no different than “all major browsers” on the market, he explained.
“When we do this well, it’s a win for all parties,” he added. “Our users want Brave to live.”
As far as gaffes in the digital privacy sphere are concerned, this one is actually fairly minor—Eich pointed out that the affiliate links auto-added onto a user’s search terms were meant to identify the Brave browser itself, rather than the individual user. But it’s a gaffe just the same, and a gaffe from a company that has, until now, prided itself on being just a bit different from the power- and data-hungry browsers currently on the market. And if we can learn anything from these other companies, it’s that Brave will need to find some way to recoup this now-lost revenue—with or without our consent.