Brave soz about coding snafu that sent search queries to affiliate links, insists practice is 'industry standard'

Sustainable revenue is hard for privacy-focused browser

6 Reg comments Got Tips?

Updated Privacy-focused browser maker Brave has responded to complaints about affiliate links by apologising for a coding error but also stating that adding affiliate links to search queries is standard practice.

Users noticed an issue last week. "So when you are using the Brave browser, and type in 'binance.us' you end up getting redirected to 'binance.uk/en?ref=35089877'," observed a crypto-coin fan on Twitter, adding: "I am the last one who has something against ref links, but this seems a bit cringe when you think about Brave's mission."

Is Brave attempting to monetise every search? The issue is nuanced. The behaviour was not really a redirect, but a "suggested site" popup in the Brave address bar, which because of a bug became the default result when the user pressed enter.

The bug - now fixed - which inserted an affliate link by default when the user pressed enter

The bug – now fixed – inserted an affiliate link by default when the user pressed enter

Brave has now explained the issue in detail, saying the affiliate link is as designed, but it should not have been the default. "We apologize to our users for this error," the browser maker said. In addition, the setting: "Show Brave suggested sites in autocomplete suggestions" was defaulting to on, where it should default to off, which is a bug now fixed, the company added.

'No threat to privacy'

The browser was never guilty of the more serious accusation of injecting affiliate links into the HTML rendered for a page, said Brave. "In no case would affiliate codes ever be added to or overwritten in any link in a web page, as some have misreported. The bug affected only URLs typed into the address bar."

Affiliate links remain part of Brave's business model. "We will check for all ways that affiliate codes can appear in Brave's user interface, and clearly delineate to our users the differences between affiliate-coded suggestions; completions based on history, bookmarks, and open tabs; and search queries," the company said, wording that will not reassure individuals who want to steer clear of affiliate marketing. Why is a privacy-focused outfit having anything to do with it?

Brave claimed affiliate marketing is no threat to privacy. "This does not compromise user privacy, nor does it reveal any personal information. The affiliate code identifies Brave to the partner; it does not identify the user or anyone else." Brave further claimed: "All browsers with major search engine partnerships add affiliate codes to search queries (this is industry-standard since Safari's Google deal in 2003)."

Brave said it is not a Google search partner because of privacy concerns, but it does have an agreement with DuckDuckGo that is likely less lucrative.

The issue is that there has to be a viable business model for Brave, otherwise the company cannot survive. Mozilla gets a chunk of money from Google for setting it as the default search engine, a fact head of EU public policy Raegan MacDonald told us was "not the ideal situation, but we are doing our best to figure out how to be an independent browser and thrive." We have asked Mozilla to comment on the matter of affiliate links and whether Brave's claim is correct.

Similarly, Brave said it is "trying new economic models that do not depend on user tracking or privacy violations, such as sharing opt-in private ad revenue with users."

The choices made by web browser vendors to drive features like search and auto-complete are powerful since they affect which sites a user visits as well as giving data to the provider of the service. This means they can be monetised, but doing so without compromising privacy or user experience is tricky.

One way to resolve this is to use an unbranded web browser – but that too has its downsides. ®

Updated at 0852 BST on 10 June to add

A Mozilla spokesperson got back to us to say: “While the specific terms of our business agreements are confidential, Mozilla does include attribution codes with search requests performed through our search access points. However, we do not include any attribution or affiliate codes when a user types an address into the address bar.”


Biting the hand that feeds IT © 1998–2020