Brave Blows Up Its Whole Reason for Existing

[ghost]

Brave Blows Up Its Whole Reason for Existing

Graphic: Brave

 

As a software company in the browser space, Brave’s made a name for itself by putting user privacy first and monetization second. But now, some of its users are pointing out that the pledge might be a bit duplicitous. As first pointed out by the folks over at Decrypt, Brave has been quietly redirecting its users from particular cryptocurrency sites, over to affiliate URLs that Brave, in turn, can use to track users and skim off revenue.

 

The news came to light this past weekend when one Twitter user pointed out that, upon typing the URL for the cryptocurrency exchange Binance into his Brave search bar, the browser automatically reformatted the original URL—”binance.us”—into the affiliate-friendly “binance.us/en?ref=35089877:” a link that directs the end-user to the exact same destination, but the latter ensures that Brave gets a commission for referring that user to that particular site.

 

According to Binance’s blog post explaining its affiliate program, the commissioner’s cut can be “up to 50%” of each trade a user might make.

 

So when you are using the @brave browser and type in "binance[.]us"

you end up getting redirected to "binance[.]us/en?ref=35089877" -

I see what you did there mates 😂

— Cryptonator1337 (@cryptonator1337) June 6, 2020

 

There’s actually a name for these sorts of URL-tracking tags: link decoration. It’s a slightly-shady practice that the likes of Facebook and Google, along with countless other companies have dipped into while looking for ways to track users in a cookie-free way. But as Decrypt points out in its piece, Brave never tipped off the roughly 15 million people using its browsers each month that these tags were being added to some of their search terms—let alone that these tags could ostensibly be used to track them across the web.

 

Not long after news of the Binance tracker came to light—along with similar trackers being added to the URL’s of several other crypto-centric services—Brave CEO Brendan Eich announced on Twitter that adding affiliate links within a user’s search bar was a “mistake” that the company is now “correcting.”

 

But from his explanation, it seemed like it wasn’t much of a mistake at all. Brave, as Eich explained it, is “trying to build a viable business,” both by getting a cut from the ads that its users opt-into as part of the service, and through affiliate revenue via search—no different than “all major browsers” on the market, he explained.

 

“When we do this well, it’s a win for all parties,” he added. “Our users want Brave to live.”

 

As far as gaffes in the digital privacy sphere are concerned, this one is actually fairly minor—Eich pointed out that the affiliate links auto-added onto a user’s search terms were meant to identify the Brave browser itself, rather than the individual user. But it’s a gaffe just the same, and a gaffe from a company that has, until now, prided itself on being just a bit different from the power- and data-hungry browsers currently on the market. And if we can learn anything from these other companies, it’s that Brave will need to find some way to recoup this now-lost revenue—with or without our consent.

 

Gizmodo

 

[pintas]

Brave being brave (and silly). Never really liked the browser anyway. Just another reason for not using it.

Instead of focusing in features, performance and security, it's trying to monetize no matter what. I wonder for how long they'll manage to keep their user base, to prevent them from being just another forgotten browser.

Opera was much bigger and lost the game... just sayin'.

[AZwaffelForAWaff]

Brave is basically Ungoogled Chromium with half-assed built-in ad blocker, HTTPS-Everywhere-like feature, NoScript-like feature, Tor, and torrent features, none of which are as efficient as actual extensions (uBlock Origin, HTTPS Everywhere, NoScript) and as privacy-enforcing as actual programs (Tor Browser).

 

It is another All-in-One solution for those not willing to learn about browser privacy, security, and tweak their browsers manually.

 

Brave takes all the advanced fingerprinting features from Ungoogled Chromium, which already includes canvas deception and WebGL disabling.

[mp68terr]

26 minutes ago, AZwaffelForAWaff said:

It is another All-in-One solution for those not willing to learn about browser privacy, security, and tweak their browsers manually.

Then which browser, extensions, settings would you recommend?

[AZwaffelForAWaff]

Oops, broke some forum rules there! Will repost links later!

[ghost]

Brave Browser Caught Redirecting URLs for Cash

 

A browser that has received plaudits for privacy protection has been exposed for redirecting Web searches to make money.

 

Brave, a browser with some 15 million monthly users, has been redirecting searches for cryptocurrency companies to links that produce revenue for the browser's owners through advertising affiliate programs.

 

Twitter user Yannick Eckl, aka "cryptonator 1337," on Saturday revealed that when he searched for Binance, a cryptocurrency exchange, he was redirected to an affiliate version of the URL that profited Brave.

 

The controversy grew when Larry Cermak, director of research at The Block, a research, analysis and news brand in the digital asset space, began digging into Brave's code on GitHub. He uncovered more redirects to another cryptocurrency exchange, Coinbase, and two cryptocurrency wallet sites, Ledger and Trezor.

 

Brave's autocompletion of a URL to include a referrer link may be a bit dodgy.

 

"This is ethically questionable because it's altering the address that the user thought they were typing to one that advantages Brave -- apparently in the hope that the user will just hit 'enter' and go to Brave's version," said David Gerard, UK-based author of Attack of the 50-Foot Blockchain: Bitcoin, Blockchain, Ethereum & Smart Contracts.

 

"This is what's called a 'dark pattern' in interface design -- one that tries to trick the user into doing things purely for the advantage of the vendor," he told TechNewsWorld.

 

Brave's failure to warn users that it was doing affiliate marketing appears to violate FTC rules in the United States and CAP rules in the United Kingdom, Gerard said.

 

"Not fully informing users is deceptive marketing, and so that part is clearly unethical too," he observed.

 

Sorry for the Mistake

 

In a series of tweets, Brendan Eich, CEO of Brave, acknowledged that the company had made a mistake and would correct it.

 

Brave was trying to build a business that puts users first by aligning the company's interests and those of its users with private ads that pay users, he explained.

 

"But we seek skin-in-game affiliate revenue, too. This includes bringing new users to Binance & other exchanges via opt-in trading widgets/other UX that preserves privacy prior to opt-in," he wrote.

 

"It includes search revenue deals, as all major browsers do," Eich continued. "When we do this well, it's a win for all parties. Our users want Brave to live."

 

The autocomplete default was inspired by search query clientid attribution that all browsers do, but unlike keyword queries, a typed-in URL should go to the domain named, without any additions, he explained.

 

"Sorry for this mistake -- we are clearly not perfect, but we correct course quickly," Eich wrote.

 

He denied that Brave was rewriting links clicked on Web pages as well as those typed into the address bar, tweeting "We have never & will not do any such thing."

 

The autocomplete function could be turned off in the browser's settings. Now that setting is turned on by default, but in the future, the default setting will be "off," Eich said.

Tone Deaf Response

 

Reaction of Brave users to the mistake was a mixed bag.

 

"Damage done. I'll stop using #brave," tweeted a user with the handle "BitcornRick."

 

"TBH having this as an option is weird by itself," tweeted Sriram Karra. "Who among your target segment would you think will *want* to turn that ON?"

 

To which Matthew Wallace replied, "Well, users that still like the browser and want them to stay solvent so it doesn't disappear?"

 

"Glad to see you are correcting the mistake. You should be more careful if you want to earn people's trust," admonished Aki Rodic.

 

Toth Zoltan tweeted some encouragment to Eich. "Brendan, you guys have made a rocking browser, I really like it," he wrote. "Your honesty is a plus. No one should be against you making money. Till you stay transparent."

 

Overall, though, Brave's responses on Twitter were "tone deaf," observed Gerard.

 

"I see Brendan Eich and [Senior Developer Relations Specialist ] Jonathan Sampson have been responding to many, many upset users, but they don't seem to understand what the issue is," he said.

 

"And they really don't understand that they've broken users' trust," Gerard continued. "Eich and Sampson seem to think that careful argumentation and using special definitions of words will

explain everything and it'll be fine, but they're not showing any understanding of what they did to break users' trust."

 

No Free Lunch
While many Brave users won't be too upset with the browser's autocomplete-for-cash feature, there is a specific segment who will see the misstep as a betrayal, observed Liz Miller, principal analyst at Constellation Research, a technology research and advisory firm in Cupertino, California.

 

"There's a group of technorati that purposefully and thoughtfully went to Brave, not because the technology was going to be different, but the mindset and the promise of the company were going to be different," she told TechNewsWorld.

 

"That's what's really broken here," Miller continued.

 

Brave's leaders don't understand how they've undermined their users' trust in them, she said.

 

"They're saying their problem was they used this different tag, when the real problem was they didn't see what they were doing was going to be seen as advertising, which users should be compensated for and made aware of," Miller explained.

 

"This is more about transparency than privacy," she added.

 

"I think this came out of the blue and shocked Brave. It had been in a luxurious place of being one of the 'good guys.' You want ad blockers? We've got them. You want something that puts your privacy first? We're going to give it to you," Miller noted.

 

"After being in that rarified air, this is probably the first time they've been called to the mat for something," she pointed out.

 

There can be substantial backlash toward a company that makes a product that says it's providing privacy but is mining information, said Rob Enderle, principal analyst at the Enderle Group, an advisory services firm in Bend, Oregon.

 

"It's disingenuous, and people can lose trust in the product and the brand," he told TechNewsWorld.

 

"One of the big problems with the ad model is that to make money, you have to do things that the people using your product would rather you not do, but that's what's paying for the product," Enderle said. "There's no free lunch."

 

TechNewsWorld

[steven36]

The point of  it is just like anything that make money off Ads they going to collect your data if you opt in , You think they going to reward you with BAT  tokens and not profit off it?  The browser is open source so we can see what it does if you don't  opt in it dont do that. SO you chose to let them show you ads  and collect your data because you want to profit  . It takes money to make money and data is gold.  Google or Microsoft browsers don't have a opt out . I never opt into nothing and opt out of every thing I can . Firefox  if you don't  opt out they collect data too maybe not for profit  but still the point is they  still do it. I have Brave installed  and i remember them asking  me very plainly did i want to allow them too collect  data and i told it  no. The Privacy nuts never liked Brave no way they said was they a ad company and Firefox was better.  it was the mainstream media  that promoted  what Brave  try to sell  . But the Privacy nuts never bought into the hype.

 

Every software that try to promote privacy here lately , something  not good about it  is found out are  they  sell out to a ad company . VPNs , Browsers , Antivirus  you name it. If you buy into everything bad said  you will just  join the masses and crank up Google , Facebook and M$ apps  were there is no opt out.

 

People who already sold  there soul  to Tech Giants (Big Data) get there jollies off when something  is found out  about a app that promote privacy because the apps  they use  don't even give them a choice to begin with. It gives them a little relif for not caring to begin with . I'm going pick the app with the choices and overlook  the bad PR .People who already sell  there data opinions don't matter no way when it comes to privacy unless they to want to do something about it. 

 

I don't  take advice from every person who claim to be a privacy guru .Most privacy nuts i find to be too parniod , I'm going tell you this if  your going make money on the internet .Your data is  going to be exposed  if not sold  . it even happen people  on the darknet  when they got  popped  by the IRS and things  that track them for not paying taxes and they turned the info over to the FBI.

 

Lol I've had Brave installed  for a good while i really don't know why i don't hardly use it and i opted out of everything and i use a 3rd party adblocker in it.  I use chromium  more. i just have it not for privacy reasons at all  it just gives me another  browser besides  Firefox that works with Googles DRM for sites that use drm  just for a backup if  Firefox want play it  so I don't have to install google chrome to play drm videos. for years on Linux it use to be the only way . You take Brave away it would be just one less option  . The problem  with virgin chromium and ungoogled chromium  they don't support drm  like Firefox and Brave do.the ungoogled version dont have Google store support and you have to use a work around to even install adblockers and things. But whats the point in using a adblocker if your going opt into ads   to get rewards ? When I 1st tried   Brave you couldn't even install  3rd party extensions so i didnt keep it after  they got that i kept it installed even though i hardly use it.

[steven36]

Here's a article on this by one of the Privacy enthusiast I'm talking about.  @gimtayida take on this

 

  Thoughts on Brave

 

 

Brave is in the news after being caught adding referral codes for their partner Binance, a platform for buying and selling cryptocurrency. Coinbase, Trezor, and Ledger are also seen in Brave's code next to Binance for the addition of affiliate codes.

 

This was done by auto completing the URL with referral code attached and done without the consent or knowledge of the user.  There weren't disclosures of any kind, which may be illegal in the US and UK.  This isn't even the first time Brave has done this specific thing either.

Brendan Eich, CEO of Brave software, initially responded that he believes this is entirely ethical before shortly following it up with a lengthy set of tweets claiming "they made a mistake" by implementing this and attempts to quell the masses by explaining the logic behind it after backlash.

UPDATE: Brave says they have "fixed" the issue by disabling the URL autocomplete option by default.  But, they didn't remove the hard coded affiliate/referral codes being injected into the URLs, they just turned the autocomplete feature off for new users.  What Brave is saying with this type of fix is that they believe automatically adding undisclosed affiliate and referral codes is perfectly fine.

I've spoken against Brave, as a browser and company, for quite a while for a multitude of reason.  Many, if not all, of the main complaints are still valid and more have been tacked on as time passed.

 

Here are my thoughts on Brave.

 

---

Brave is a for profit ad company

Brave created their browser to help push their contextual advertising model and BAT cryptocurrency.  They entice users to download and use Brave with the potential to earn this cryptocurrency by simply viewing ads.

 

The core goal of Brave is to gain as many people to use their browser as possible so more people can look at their ads which in turn allows Brave to gather more ad partners (which must pay a minimum $2500 per campaign).  This is, naturally, at the expense of Google and Facebook, which Brave often attacks as unethical due to their data collection and unbreakable monopoly on the ad market.

Brave has trialed advertising with data collection

The very concept Brave rallies against with Google and Facebook has been tested in their own platform.  In 2018, Brave had an opt in trial of advertising that involved collecting data of its users.

In June, we’ll be doing opt-in tests with a select group of users to collect insight about the user experience. This test will serve to analyze user interactions with a new way to deliver ads. Around 250 pre-packaged ads will be rotated during this trial and users will be given a special version of the Brave browser loaded with those ads. This special Brave version is part of the test program only. It sends a detailed log of the browsing activity to Brave, which is used as algorithmic test data to check our on-device machine learning. Brave will not share this information, and users can leave this test at any time by switching off this feature or using a regular version of Brave (which never logs user browsing data to any server).

The mere fact that this has been trialed should be telling.  If they're willing to trail this, and if the feedback was positive, why would they not institute this in some capacity at a later date?  If contextual ads are so effective, why test data driven advertisements? The answer is because it's more lucrative.

Brave was caught collecting BAT from users for content creators who didn't have any association with Brave's advertising platform

In an attempt to encourage users to donate to their favorite content creators back in 2018, Brave was placing banners that used the creators name and photo with an attached message stating "support this site".  Here's a small excerpt of the full story:

This caused some slight problems just before Christmas — when the browser was caught presenting “support this site” banners for creators who weren’t signed up for BAT at all. Amy Castor wrote up the story for The Block.

British YouTuber Tom Scott was asked if he was getting his BAT donations — and Tom was not pleased in the slightest — “it’s about ‘passing off’, claiming you represent someone when you don’t.”

This is not only dishonest to its users but impersonating someone who has no relation to you and collecting the donated cryptocurrency "to hold in case they register" is fraud.

Brave was caught with undisclosed affiliate links to eToro

In March, Brave approved, and promoted, a sponsored image (ad) from eToro that contained an undisclosed affiliate link.  For the uninitiated, eToro is an investments and trading platform where 76% of their users lose money.

 

Reading through Brave's sponsored images announcements and information, nowhere does it say links may contain referral or affiliate codes.  However, it's not hard to see why Brave would want an affiliate link planted there.  People who sign up through their link allows them pocket up to $200 plus 25% revenue share for each registered user. Not only are they collecting the minimum $2500/mo required by advertisers to run an ad campaign but they are attempting to double dip by tacking on their referral link, undisclosed.

Brave enforces mandatory auto updates to their browser

Brave only allows its browser to be automatically updated in the the name of security.

 

Disabling this has been a requested feature for the last four years but Brave has been steadfast in their stance to not allow this to be turned off.  Last August they said they would create a flag that would disable it but it was placed as a low priority feature and, in essence, a mere platitude to calm those who have been relentlessly asking.  As of today, this feature is still unable to be disabled.

 

Why is this a problem? From the lens of privacy, having software that automatically updates with no easy way to stop it allows for companies to include new "features" that may be undesirable.  No other browser forces automatic updates, allowing you to use older versions that either work better or don't include the new, undesired features.  

 

If we were to look at the actions Brave has taken over the last few years and the mentality of their CEO, is it really unreasonable to be concerned that unwanted or privacy unfriendly features could be added?

 

---

Brave has proudly run its campaign on the pillars of privacy, transparency, and ethical advertisement.  These are excellent anchors to strap yourself to but it seems that Brave either doesn't understand what these pillars mean (unlikely) or they are more focused on what they can do to ensure they make the most amount of money possible (likely).  

 

2018 had Brave impersonating content creators and collecting BAT from users who tipped said creators.

 

Early 2020 saw Brave sneaking referral links in their ads, completely undisclosed.  In conjunction with inserting their affiliate code, the ad, which they have to approve, was for an investment and trading service where 3 out of every 4 users lost money. By approving this ad, Brave is supporting and promoting services that are statistically bad for its users.

 

Take us to mid 2020 and we see Brave, once again, attaching affiliate codes automatically to certain URLs, also undisclosed. The CEO of Brave stated he believes this is ethical behavior but almost immediately issued an apology after user backlash.

 

There was no transparency during any of this and the back-pedalling started as soon as each of these issues were brought into the spotlight.

 

There's a reason why the best browsers for privacy aren't made by for profit companies.  Microsoft Edge?  Nope.  Google Chrome? Not a chance.  Apple's Safari?  Better, but still not good enough.  Opera?  Oh no.

 

Firefox is widely considered the best browser for privacy thanks to its ability to fine tune the details, lead by a non profit organization, and actively maintained with new features that push privacy forward. Waterfox, Iridium, and Ungoogled Chromium are well known and recommended for actively removing invasive features, lack of data collection, and independently managed.

 

Brave is undoubtedly a fantastic browser. But for privacy, I believe their actions speak for themselves.  You are certainly better using Brave than Chrome but we shouldn't have to be spending time wondering if our browser is going to hijack a link to insert their own affiliate codes to make a few extra dollars at the expense of our trust.

 

Source