We’re living in a brave new world and there are other pressing issues to talk about, but I still wanted to chime in on the Brave controversy.

Last week this browser was caught modifying links to autosuggest affiliate codes for Binance crypto exchange. 

This is not how a browser that positions itself as a beacon of security, privacy, and ad-blocking should behave.

Brave got caught red-handed, and users have already expressed their frustrations. 

The biggest thing to carry out from this occurrence is simple – never advocate hyped up solutions too hard, especially if you can’t influence them from within. 

Even if there’s no direct security risk involved in their practice, this matter is still worth talking about.

Why Should This Ring the Bells for Crypto Enthusiasts?

Is there a reason to get up in the arms about this if the security of users is not impacted directly?

Yes. 

Because this behavior breaches the trust people put in the platform and prioritizes profits over brand integrity. 

People tried to avoid such scenarios by picking Brave, which makes it so much more disappointing.

Users deserved an opportunity to opt-in at least, but Brave thought their autocomplete trick wouldn’t frustrate anyone. Brendan Eich, the CEO of Brave Software, did not see it as being unethical at first.

Comment sir? @BrendanEich

Yes, we partner with Binance as an affiliate. That code identifies us, not you.

So you find this “ethical”?

Yes. Please say why you don’t. It is similar to when you search in Firefox, Opera, or Safari, and a clientid query parameter is added.

Later Mr. Eich came around and admitted the mistake, clarifying that autocomplete should not add any code to the link. We must note that this practice also conditions users to dismiss redirects so prevalent in phishing attacks on Brave users.

What Would Be the “Right” Thing to Do?

The biggest problem here is not Brave looking for some revenue, but their decision to stay silent about it. 

If people knew that would support their favorite browser, they wouldn’t be so adamant. At last, the company admitted that this was not a good decision and promised to never do such a thing again. 

I sympathize with people who can admit they were wrong and answer to dramatic accusations in a composed manner.

But I am not sure how much trust we can put in a browser from this point on. In the past Brave was involved in other dubious character stories, like accepting BAT donations on behalf of other users, or engaging in affiliate marketing for eToro without legal disclaimers.

A classic case of “fool me once, shame on you; fool me twice, shame on me”. 

Decide for yourself whether there’s a need to abandon Brave. 

There are other more established and trustworthy web browsers like Mozilla Firefox, but telling people to put trust in something or somebody is so not 2020.

I would recommend all users to stay cautious and never rest on the laurels of security. Simply because it is such an ephemeral thing and you have to put in a lot of work to maintain it. 

Getting a private browser will not make you private – but your decisions online can.