Brave’s browser has been autocompleting websites with referral codes


Privacy-focused browser Brave was found to autocomplete several websites and keywords in its address bar with an affiliate code.

Shortly after a user published his findings, Brave CEO and co-founder Brendan Eich addressed the incident and called it “a mistake we’re correcting.” Eich said that while Brave is a Binance affiliate, the browser's autocompleting feature should not have added any new affiliate codes.

“The autocomplete default was inspired by search query clientid attribution that all browsers do, but unlike keyword queries, a typed-in URL should go to the domain named, without any additions,” Eich wrote in the thread. “Sorry for this mistake — we are clearly not perfect, but we correct course quickly,” he added.

Brave's Github repositories show the browser also does the same thing for websites owned by Ledger, Trezor and Coinbase. Eich responded to this by saying Brave would remove all affiliate-code autocomplete defaults.

Eich did not specify when an update would be released, and Brave didn’t immediately respond for comment.

The open-source web browser was launched in 2016 with the aim of protecting users' privacy by blocking ads and website trackers. In June, the firm announced that it has over 15 million monthly active users, adding 1.5 million in April and May 2020.

In March, Brave partnered with crypto exchange Binance to enable users to trade cryptocurrencies on its new tab page. The partnership gave users the ability to trade cryptocurrencies, view their balance and get deposit addresses.