Brave Browser is hijacking links, and inserting affiliate codes

[HarborFront]

I guess they don't implement all the security stuff Bromite (and of course Vanadium) does. So it's less secure

FYI, it's already released with extension support as well

wchen342/ungoogled-chromium-android

Android build for ungoogled-chromium. Contribute to wchen342/ungoogled-chromium-android development by creating an account on GitHub.

github.com

The important difference between Bromite and Ungoogled Chromium is the latter will remove as much connections to Google as possible. Bromite doesn't do to that extent. Bromite added some privacy enhancements to its browser but you can use extensions in Ungoogled Chromium for added privacy

Ungoogled Chromium borrowed some features from Bromite (and others) which, in turn, also borrowed some features from Graphene OS, Ungoogled Chromium and others

As far as security is concerned both are Chromium forks.

From Bromite site

Bromite

Bromite is a Chromium fork with ad blocking and enhanced privacy; take back your browser

www.bromite.org

Quote

Bromite is a Chromium fork with ad blocking and enhanced privacy; take back your browser

Unquote

 

[blacksheep]

some really dramatize it.
and really which browser doesn't collect data?
everybody does it, these people have to live and earn something.
so what's the drama for?
every company spending its product has to pay people to pay.

It's not about data collection, they are hijacking links.

 

[blackice]

It's not about data collection, they are hijacking links.

Actually they didn’t touch links. They had an affiliate tag inserted onto the end of some of the autocomplete suggestions, and defaulted to that if you didn’t select a different option. It wasn’t hidden, like a link hijack would be.

 

[HarborFront]

Developers are forking Brave to remove affiliate links

In brief:

• Developers are forking a version of the Brave Browser to remove many of its for-profit features.
• The move was triggered by Brave's use of referral links.
• Brave CEO Brendan Eich warns that stripping out all of Brave's "revenue legs" could leave the new fork without the necessary funding in the future.

Read more here.

Developers are forking Brave to remove affiliate links - Decrypt

Renegade devs want to strip out Brave Browser’s invasive for-profit features, but can "Braver" last without them?

decrypt.co

 

[oldschool]

I started using it on Android, what issues have you experienced that may be considered annoying?

The Binance thingy and sponsored images. They keep reappearing even if "Off".

 

[Ink]

The Binance thingy and sponsored images. They keep reappearing even if "Off".

Sponsored NTP Images can be disabled, and I've yet to see it re-activate by itself on my device [Android 10]. Are you on iOS?

Binance is a minor issue, and only affects you if you visit those sites, where the autocomplete adds the referral.

 

[ForgottenSeer 85179]

FYI, it's already released with extension support as well

The important difference between Bromite and Ungoogled Chromium is the latter will remove as much connections to Google as possible. Bromite doesn't do to that extent. Bromite added some privacy enhancements to its browser but you can use extensions in Ungoogled Chromium for added privacy

Ungoogled Chromium borrowed some features from Bromite (and others) which, in turn, also borrowed some features from Graphene OS, Ungoogled Chromium and others

Extension only increase attack surface and doesn't work as most people thing.

Also, why forks are bad:

And:

Bromite is a rare exception among these Chromium browser forks

 

[oldschool]

Brave Blog post describes their mistake in coding that has everyone in a tither. It reads, in part:

What we did not intend was the wrong default shown here:

The default suggestion should have been the third item, “binance.us”.
Again, we apologize to our users for this error, and we wanted to share more about how we will ensure that this does not happen again.
The good news is that this does not compromise user privacy, nor does it reveal any personal information. The affiliate code identifies Brave to the partner; it does not identify the user or anyone else.[1]
In no case would affiliate codes ever be added to or overwritten in any link in a web page, as some have misreported. The bug affected only URLs typed into the address bar.
We have already fixed the issue in Brave’s open source on GitHub and in the Brave Nightly, Beta, and Developer release channels, as well as in the Stable (1.9.80) release of our desktop browser that just went live, by changing the “Show Brave suggested sites in autocomplete suggestions” setting’s default to “off”: ... "
_________________________

You may read the entire post and decide for yourself. It sounds plausible to me.

Stay Brave, my friends. Not paranoid!

 

[blackice]

Brave Blog post describes their mistake in coding that has everyone in a tither. It reads, in part:

What we did not intend was the wrong default shown here:

The default suggestion should have been the third item, “binance.us”.
Again, we apologize to our users for this error, and we wanted to share more about how we will ensure that this does not happen again.
The good news is that this does not compromise user privacy, nor does it reveal any personal information. The affiliate code identifies Brave to the partner; it does not identify the user or anyone else.[1]
In no case would affiliate codes ever be added to or overwritten in any link in a web page, as some have misreported. The bug affected only URLs typed into the address bar.
We have already fixed the issue in Brave’s open source on GitHub and in the Brave Nightly, Beta, and Developer release channels, as well as in the Stable (1.9.80) release of our desktop browser that just went live, by changing the “Show Brave suggested sites in autocomplete suggestions” setting’s default to “off”: ... "
_________________________

You may read the entire post and decide for yourself. It sounds plausible to me.

Stay Brave, my friends. Not paranoid!

Our very BRAVE evangelist to the rescue!

 

[oldschool]

Our very BRAVE evangelist to the reacue!

That's Father oldschool, but I wear no priestly garb.

 

[Mountainking]

Slightly OT, but I tried installing extensions on chromium on android but could not.... Any clues on how to add them? Thanks