To be clear, it is technically not hijacking in the most literal sense and it doesn’t happen on all links, either. The incident that has been reported and ruffling some feathers involve links that users type to go to the Binance crypto exchange site of which Brave is an affiliate. With no warning whatsoever, users find themselves suddenly on a referral page.
Brave doesn’t exactly inject or add that affiliate code to what a user type. Instead, it used a well-known autosuggest feature that tries to complete a URL for you. If you’re not paying attention, it indeed autocompletes that URL while attaching Brave’s referral code. Few users might be that eagle-eyed to notice and simply hit Enter and end up on those pages.
This web browser “feature” has been controversial, to say the least. Some fans of the browser have no issues doing any small thing to help the company. While there are those that are OK with that, they criticize Brave for doing so behind their backs without any warning or option to turn it off from the start.
Eich later admitted that it was a mistake to have the feature enabled by default, not that the feature itself was wrong. Brave has been updated to flip the switch and those who still want to help the company financially will be able to opt into it. Critics of the company point out that this isn’t the first time it has been caught using questionable methods that, at least in the US, would legally require proper and explicit disclosure.