Yesterday I've talked about a strange behavior in Brave Browser, which adds referral codes in URLs when users try to open a "partnered" site.



Few hours later the tweet [1] by Yannick Eckl , we have the answer from Brendan Eich, Brave's CEO, who defining the issue as a "mistake" [3]:

Over the weekend, one of our users noticed that typing “binance.us” into Brave’s address bar added an affiliate code to the end of the address (commonly called a URL) that was typed in.

The bad news is that we made a mistake when adding affiliate codes and logic using them to suggest alternative completions shown in the drop-down under the address bar. The error was adding the affiliate code to the default completion (where you go if you hit the <enter> or <return> key) for a small set of URLs, instead of only to the suggested alternative completions that users must pick manually.

We apologize to our users for this error.

However, further research on Brave's GitHub repository revealed it was also redirecting the URLs of Ledger, Trezor and Coinbase to URLs with refferral codes [2]:

https://twitter.com/lawmaster/status/1269321803815673856

The mystery deepens!

References

  1. https://twitter.com/cryptonator1337/status/1269201480105578496
  2. https://github.com/brave/brave-core/blob/1cac2377c9a2d5e35873d4d3d74130336b86d062/components/omnibox/browser/suggested_sites_provider_data.cc
  3. On Partner Referral Codes in Brave Suggested Sites