Very strange experience trying to install Brave just now on a fresh Windows 11 Pro pc. It seems Microsoft is doing something that results in a different file being served than expected.
First off, I searched for brave browser in Edge:
I noticed later that the search results is technically an ad. The ad disclaimer text isn’t selectable however, the way the search hits count is.
Notice anything strange?
Download Brave For Free
Download For Free
Strange way to structure a website, unless it was for SEO reasons. I doubt the real Brave site is structured like that.
So, clicking the Download Brave link, doesn’t actually take you to Brave.com, it keeps you within the Microsoft ecosystem apparently. Maybe for CDN caching purposes?
Eventually there is a redirect option, but it still points to a Bing address
Anyway, if you accept the installer that was downloaded via Bing, its a different file than what you get if you navigate to brave.com and click download. Opening them up in virus total shows different compilation times, different file hashes… but the same version of Brave within. Its very strange to me. If it was just Microsoft injecting its own analytics via buying a Bing ad, and then this ad campaign going through a weird tracking route to get to the installer, why would it be a different file? Heck, even the filenames are different (BraveBrowserSetup-BRV001 vs BraveBrowserSetup-JMA500 or sometimes XGB796)
Funny enough, part of the URL if you click through from Bing to Brave.com, in the url query parameters, is mtm_campaign=Competitor
Anyway, its very unsettling. I think this is probably something Microsoft is doing, and not Brave. I’m going to assume its something like, MS gets their own file distribution infrastructure, or downloads from Ads do, and that source just had an outdated file. Maybe it was recompiled later (same Brave version) and that different date caused a different file hash. But also VirusTotal points out one of them “executes-dropped-file” while the other doesnt. Anyway its scary to see something is happening but in the end I just have to trust Microsoft to either protect me from rogue ad buyers, or that MS itself isn’t quietly injecting something under pressure from the NSA. Maybe the newer version patched some vulnerabilities the alphabet boys want to keep open, so they’re directing people to the older version.