September 27, 2020

Brave browser hijacks user access to add affiliate codes mainly for various cryptocurrency exchanges

2 min read

Brave is a free and open-source web browser developed by Brave Software, Inc. based on the Chromium web browser. It blocks ads and website trackers and provides a way for users to send cryptocurrency contributions in the form of Basic Attention Tokens to websites and content creators.

This browser is mainly advertised as privacy security, its built-in security strategy will automatically intercept all kinds of cross-site script tracking and various forms of online advertising.

Users do not even need to install ad-blocking plug-ins if using this browser, but the browser has been found to hijack the user’s access a few days ago.

The hijacked actions are mainly various cryptocurrency exchanges and cryptocurrency-related search terms, and the browser automatically redirects them to the rebate website when the user visits.

According to David Gerard reports, when users use the Brave browser to access exchanges such as Binance and Coinbase, the opened address will automatically add a rebate identifier.

If users access and register these cryptocurrency exchanges through the Brave browser, the Brave browser will receive promotion rebates paid by major exchanges.

In addition, after testing, the user also found that when searching for cryptocurrencies such as Bitcoin and Litecoin, the Brave browser will also guide users to these exchanges.

Of course, there is no problem with the original promotion such as website navigation or bookmark bar, but the browser hijacking has obvious deception.

After being reported by the media, the Binance crypto exchange acknowledged that it has a cooperative relationship with the browser. As for whether Binance knows that the browser is promoted through hijacking, it is temporarily unknown.

Brave acknowledged this issue on Twitter and said that adding identifiers does not affect user safety, because Binance can only identify the promotion identification field.

But Brave didn’t explain this way of promotion through hijacking. This kind of deceptive bad behavior should never have happened.

It is not new for browser developers to hijack and add rebate links. It is a shame for the Brave browser that advertises privacy and security to be found to be hijacked, but Brave’s attitude is even more helpless.