Brave Web Browser Caught In Affiliate Link Controversy Prompting Fork

The Brave web browser is free software even though the distributed version has many commercial elements. Attentive users of that web browser recently noticed that the corporation behind it, Brave Software Inc, were making money off affiliate links who magically appeared in the address bar as unwelcome additions when a users typed in certain domains. A small group of upset users decided to fork Brave into Bold Browser. Brendan Eich quickly sued the one person in the group who forked Brave who used his real name. He also removed the code adding affiliate links, claiming it was a "mistake".

written by 林慧 (Wai Lin) 2020-07-10 - last edited 2020-07-10. © CC BY

Controversial code found in the brave-core git repository used to build the Brave Web Browser.

Most people do not expect a web browser to automatically add ?ref=35089877 when binance.us is typed into the URL bar. That is exactly what the Chromium-based Brave Web Browser did until commit 3ccacaac997280d4: "Remove URLs from Brave Suggested Sites" was merged into the "brave-core" git repository. Several other domains including coinbase.com, shop.ledger.com and trezor.io were modified in the same fashion.

"Mistake"

Brave Software CEO Brendan Eich had this to say about this "feature":

Someone was quick to point out that this was clearly not a "mistake". Brendan Eich dishonored himself and his company by trying to defend his blatant lie:

A close-up inspection of brave-core commit e8fdde70a3ac2c25: "Add Brave suggested sites" clearly shows that it was no accident of mistake or anything of the sort. The code in question did not spontaneously materialize from thin air and it did not write itself.

It is also interesting to note that Brave Software co-founder and CTO Brian R. Bondy had this to say in the GitHub comments:

We can respect that CTO Brian R. Bondy came out and said it in not so many words: Brave is a for-profit corporation, not a charity. This is simply one of the means they decided to use to make money. CEO Brendan Eich could and should have come out and honestly said "Yes, we write domains typed into the URL bar in order to maximize our corporations profits".

Brave Software Inc removed the code that modified domains typed into the URL with commit 3ccacaac997280d4: "Remove URLs from Brave Suggested Sites".

The Fork

The story does not end there. Several very upset users decided to fork the Brave Web Browser into a new web browser called BraverBrowser.

The BAT cryptocurrency token, closely tied to the Brave Web Browser, did not see any negative price movements as a result of the Brave Web Browser being forked.

Brave CEO Brendan Eich did not take the naming of that fork lightly.

As a Twitter post from the people who made the fork previously known as BraverBrowser said in a Twitter post:

BraverBrowser, which is a name that seems to be very similar to Brave Browser, is now known as the Bold Browser.

It is very hard to see anything wrong with Brave Software taking legal action against a group who were clearly violating their trademark. Brave Software did not take action against everyone involved, their action was directed at the one person who used his real name. It is hard to fault them for taking legal action against the only person involved they could take action against.

The shiny new Bold Browser has a very empty GitHub repository at github.com/BoldBrowser. The only actual evidence that there even is a "Bold" browser is a twitter account claiming that it does exist and is, in fact, a "Privacy-respecting browser without a token or adware. Work in progress!". It is possible that they do not want to make code available to the public until all traces of the Brave trademark have been eradicated from the code-base.

A Lesson For The Free Software Community

The controversial code in question was merged into the brave-core on March 25th, 2020. It did take some time before people got actual releases with this code, but still: That is four months ago. "Open source" does not mean perfect, safe or secure code. And it does not automatically translate into trustworthy malware-free code. Brave Software Inc knew exactly what they were doing when they merged the auto-completion code into the brave-core repository and they knew people could and probably would go look at the code. That raises the obvious question: How much malware and spyware is there within the gigantic code-base Chromium, the browser core Brave Web Browser, Google Chrome and Microsoft Edge are based on? We do not know.

What we do know is that free software has a distinct advantage over proprietary software in this regard: We do have the ability to look at the code. Users of proprietary software do not have that luxury. It took seven years before security-concious developers noticed that Debian had "accidentally" made OpenSSL on that distribution totally insecure, affecting up-stream distributions like Ubuntu and Linux Mint for years and years. The original mistake, supposedly done to get rid of debugger warnings, was eventually noticed and fixed. It may take seven years before a security disaster is noticed but at least it can and likely eventually will be noticed and if the source code is available. That is one of the many things that make free software superior to proprietary software. Another is that, like in the case of the new Bold Browser, people do have the option of forking when a corporation in control of free software does something morally questionable.

0.00

(0 votes)

Sort by date Sort by score

Enable comment auto-refresher

You are ignoring the author of this comment

Show comment | Manage ignore list

Anonymous (18fddd5a)

45 months ago

Score 0

The first paragraph is misleading making understand that Brave sued simply for forking which is a right granted by the license

Permalink | Reply

Add your comment

LinuxReviews welcomes all comments. If you do not want to be anonymous, register or log in. It is free.