Privacy-focused browser Brave has been caught automatically filling in links when users search for companies that Brave is affiliated with, thereby earning the company more money by changing the users' searches.
Twitter user Yannick Eckl noticed the changes Brave was making when searching for Binance – a cryptocurrency exchange. They found that the browser automatically redirects their search to a version of the URL with an affiliate link attached.
An affiliate link is a specific URL with a specific username or identifier. Companies may be paid for how much traffic they can redirect to another website that contains the affiliate's ID or username. In affiliate programs, advertisers use affiliate links to record the traffic that is sent to the advertiser's website.
Brave had partnered with Binance last month in order to let users trade cryptocurrency assets through Binance via a widget in the new tab page of the browser.
It was also found that Brave added redirect links to other cryptocurrency websites, including Ledger, Trezor, and Coinbase, none of which it had consulted its over 10 million monthly users about.
Brave, which made its reputation through ad-blocking and a prioritisation of customer security, never asked permission from its users whether searches would use affiliate links, even if the search results in the correct page.
While affiliate links do not breach customer security, users were vocal about their discomfort with the company changing customer searches without their knowledge or consent. Affiliate links are also a means for companies to track users.
CEO and co-founder of Brave Brendan Eich, in a series of tweets, said that the company was "trying to build a viable business" and this "includes bringing new users to Binance & other exchanges". Currently, Brave makes money by offering its users cryptocurrency in exchange for watching adverts.
Eich also tweeted that the company will "never revise typed in domains again, I promise."
However, Eich took issue with people criticising Brave for "sneak[ing]" the links in. "We develop with all browser code open source on github, and users who type binance dot us can see the default autocomplete add the affiliate code. Also, small change in revenue terms if it's not zero! Mistake was using search client-id model" Eich tweeted.
The Independent has reached out to Brave for more information about the steps behind the company's decision, and how much the company made adding in affiliate links without the consent of its users.