On Partner Referral Codes in Brave Suggested Sites
Over the weekend, one of our users noticed that typing “binance.us” into Brave’s address bar added an affiliate code to the end of the address (commonly called a URL) that was typed in.
The bad news is that we made a mistake when adding affiliate codes and logic using them to suggest alternative completions shown in the drop-down under the address bar. The error was adding the affiliate code to the default completion (where you go if you hit the <enter> or <return> key) for a small set of URLs, instead of only to the suggested alternative completions that users must pick manually.
We apologize to our users for this error.
What we intended is shown by this example with a keyword prefix, “ledger,” typed into Brave:
The default completion, selected immediately if you hit the <enter> or <return> key, is the first item in the dropdown, a clearly-labeled Google search. (Note that we are not a paid search partner of Google.) The alternative completion is an affiliate-coded URL for a specific Ledger product, which the user is free to select or ignore.
What we did not intend was the wrong default shown here:
The default suggestion should have been the third item, “binance.us”.
Again, we apologize to our users for this error, and we wanted to share more about how we will ensure that this does not happen again.
The good news is that this does not compromise user privacy, nor does it reveal any personal information. The affiliate code identifies Brave to the partner; it does not identify the user or anyone else.
In no case would affiliate codes ever be added to or overwritten in any link in a web page, as some have misreported. The bug affected only URLs typed into the address bar.
We have already fixed the issue in Brave’s open source on GitHub and in the Brave Nightly, Beta, and Developer release channels, as well as in the Stable (1.9.80) release of our desktop browser that just went live, by changing the “Show Brave suggested sites in autocomplete suggestions” setting’s default to “off”:
Unfortunately, our review process failed to check carefully all combinations of default versus alternative completions for URLs as well as built-in keywords. The default completion for a URL should never add any such code or alter the URL other than to upgrade from http: to https: if possible (this is the HTTPS Everywhere function built into Brave), and per web standards for normalizing URL syntax.
We promise never to add anything to the default completion for URLs typed into the address bar. We also will check for all ways that affiliate codes can appear in Brave’s user interface, and clearly delineate to our users the differences between affiliate-coded suggestions; completions based on history, bookmarks, and open tabs; and search queries.
Finally, we have checked with Binance to confirm that we will make no revenue from the unintended default URL auto-completions that added affiliate codes to the address typed in.
We should note that all browsers with major search engine partnerships add affiliate codes to search queries (this is industry-standard since Safari’s Google deal in 2003). We believe the browser can provide suggestions (without default completions) as a “pre-search engine” for keywords typed into the address bar, reducing the amount of information people currently send to search engines. But for URL completions, we will never modify URLs, and we will present affiliate-based suggestions clearly labeled as such.
Delivering a better Web means protecting people’s privacy while building new, sustainable revenue models for creators and for Brave itself. We are trying new economic models that do not depend on user tracking or privacy violations, such as sharing opt-in private ad revenue with users. We will explore more ways to make revenue that rewards creators and users alike. We won’t get everything right at all times. But we listen to our users, who come first with us and upon whom we depend entirely for ongoing success. And we fix issues as quickly as we can.
 In most browsers, the browser identity is already automatically available to the partner via the user-agent header. However, for privacy reasons, Brave does not normally identify itself in the user-agent. Also, affiliate-code-free links in pages clicked on by Brave users should not be taken as our referrals just because Brave is the user agent requesting the linked resource at Binance. Only specific URLs containing explicit affiliate codes should get credit.
Continue reading for news on ad blocking, features, performance, privacy and Basic Attention Token related announcements.
This post discusses a recent technique trackers use, CNAME cloaking, and a new feature in Brave that keeps Brave users protected.
Brave and Splinterlands both share a similar mission of rewarding users for their time and attention as well as increasing user privacy and freedom, and are looking forward to working together to spread those goals.
We launched the Referral Program in early 2018 with the intention of distributing $1 million in BAT to content creators who referred new users to Brave. Towards the end of 2018 we decided to extend the program another year. By the end of 2019 more than $2.2 million in BAT had been distributed to content creators.
Global Privacy Control, a new Privacy Standard Proposal, now Available in Brave’s Desktop and Android Testing Versions
As part of our privacy-in-Web-Standards work, we’re proud to have been involved in the design for the “Global Privacy Control” (GPC) proposal. The GPC proposal allows Web users to signal that they do not want to be tracked online, and where relevant, assert legal privacy rights, as described in legislation like the EU’s GDPR and California’s CCPA.
To continue our support for Tor, we wanted to make our website and browser download accessible to Tor users by creating Tor onion services for Brave websites. These services are a way to protect users’ metadata, such as their real location, and enhance the security of our already-encrypted traffic.
This post is a follow-up to our announcement, Brave Launches New Swag Store Powered by Origin, from April 2020. Earlier this year, Brave unveiled its fully revamped Brave Swag Store, the official source for Brave and Basic Attention Token-branded merchandise such as...