Jessica Haworth19 February 2021 at 14:27 UTC Updated: 19 February 2021 at 21:33 UTC
Developers are issuing hotfix
UPDATED Brave, the privacy-focused web browser, is exposing users activity on Tors hidden servers aka the dark web to their internet service providers, it has been confirmed.
Brave is shipped with a built-in feature that integrates the Tor anonymity network into the browser, providing both security and privacy features that can help obscure a users activity on the web.
Tor is also used to access .onion websites, which are hosted on the dark net.
Earlier today (February 19), a blog post from Rambler claimed that Brave was leaking DNS requests made in the Brave browser to a users ISP.
Read more of the latest privacy news
DNS requests are unencrypted, meaning that any requests to access .onion sites using the Tor feature in Brave can be tracked a direct contradiction to its purpose in the first place.
The blog post reads: Your ISP or DNS provider will know that a request made to a specific Tor site was made by your IP. With Brave, your ISP would know that you accessed somesketchyonionsite.onion.
Following the disclosure, well-known security researchers including PortSwigger Web Securitys James Kettle independently verified the issue using the Wireshark packet analysis tool.
I just confirmed that yes, Brave browsers Tor mode appear to leak all the .onion addresses you visit to your DNS provider, Kettle tweeted, providing a screenshot for evidence.
Security researcher James Kettle independently verified the Brave browser privacy issue
Considering that the Tor Browser was specifically built to hide a users internet browsing from their ISP, the news has provoked a vociferous response online.
Privacy my ass, wrote Twitter user @s_y_m_f_m, while other called the findings appalling.
The issue has been present in the stable release since November 2020, and was reported in mid January, a Brave developer told The Daily Swig.
INSIGHT Tor security: Everything you need to know about the anonymity network
Since the time of publication, a Brave developer has confirmed that the browser will be releasing a hotfix for the issue.
The issue is already fixed in nightly, the development build of the browser. The developer, @bcrypt on Twitter, wrote: Since its now public were uplifting the fix to a stable hotfix.
Root cause is regression from cname-based adblocking which used a separate DNS query.
The Daily Swig has reached out to Brave for comment, and will update this article accordingly.
This article has been updated to include the information that a hotfix is being issued. An earlier version stated that the issue has been present since 2019, this has been corrected to 2020.
YOU MAY ALSO LIKE BIND implements DNS-over-HTTPS to offer enhanced privacy
Link:
Brave browsers Tor feature found to leak .onion queries to ISPs - The Daily Swig
- Tor Browser Has a New WebTunnel Feature to Avoid Censorship - How-To Geek - March 14th, 2024 [March 14th, 2024]
- The CIA Is Now Trying to Recruit Russian Spies On Telegram - TIME - May 18th, 2023 [May 18th, 2023]
- Dark Web Alerts: Identifying Criminal Data Exposure on the Dark Web - Security Boulevard - May 18th, 2023 [May 18th, 2023]
- Mullvad aces security audit with this new privacy tool - TechRadar - May 18th, 2023 [May 18th, 2023]
- Billions of Google Chrome users warned to avoid browser over red alert privacy concerns check your sett... - The US Sun - May 18th, 2023 [May 18th, 2023]
- How the decision on Space Command's home will be made - POLITICO - May 18th, 2023 [May 18th, 2023]
- Bitcoin Mixers: Clearnet vs. Darknet Which Offers Greater Anonymity? - Crypto Mode - April 27th, 2023 [April 27th, 2023]
- Matt Taibbi: Report on the Censorship-Industrial Complex - Scheerpost.com - April 27th, 2023 [April 27th, 2023]
- The Ultimate 2023 Guide to The Tor Browser Explained - Pixel Privacy - January 31st, 2023 [January 31st, 2023]
- What is Tor & How Do You Use It? Microsoft 365 - January 17th, 2023 [January 17th, 2023]
- Improving privacy when browsing web: Alternative browsers and chrome extensions - HackRead - October 19th, 2022 [October 19th, 2022]
- Tor Browser Bundle - Free download and software reviews - CNET Download - October 11th, 2022 [October 11th, 2022]
- Hacktivists seek to aid Iran protests with cyberattacks and tips on how to bypass internet censorship - CNBC - October 11th, 2022 [October 11th, 2022]
- This security firm claims to have the right tool for your privacy, and it's not a VPN - TechRadar - September 15th, 2022 [September 15th, 2022]
- A VPN Isn't the Only Way to Change Your IP Address - CNET - September 11th, 2022 [September 11th, 2022]
- Hi, I'll be your ransomware negotiator today but don't tell the crooks that - The Register - August 6th, 2022 [August 6th, 2022]
- Rewards for Justice Reward Offer for Information on Russian Interference in U.S. Elections - United States Department of State - Department of State - July 29th, 2022 [July 29th, 2022]
- How Tor Is Fightingand BeatingRussian Censorship - WIRED - July 29th, 2022 [July 29th, 2022]
- What Is Incognito Mode And Should You Be Using It? - Forbes - July 29th, 2022 [July 29th, 2022]
- TOR Browser - Onion VPN on the App Store - July 17th, 2022 [July 17th, 2022]
- Tor Browser now bypasses internet censorship automatically - BleepingComputer - July 17th, 2022 [July 17th, 2022]
- The dangers of the dark web: being safe online - Open Access Government - July 13th, 2022 [July 13th, 2022]
- Tor vs VPN: Which One Should You Use? - Dignited - June 30th, 2022 [June 30th, 2022]
- Rewards for Justice Offers Up to $10 Million for Information on Foreign Interference in US Elections - HS Today - HSToday - June 30th, 2022 [June 30th, 2022]
- Kremlin tightens control over Russians' online lives threatening domestic freedoms and the global internet - Jacksonville Journal-Courier - June 30th, 2022 [June 30th, 2022]
- Defence in Amanda Todd 'sextortion' trial zeroes in on missing data - The Tri-City News - June 30th, 2022 [June 30th, 2022]
- Now that 'Roe' has been overturned, it's up to the tech industry to protect our data - Fast Company - June 30th, 2022 [June 30th, 2022]
- QAnon Is Celebrating the Return of Its Leader After 18 Months of Silence - VICE - June 30th, 2022 [June 30th, 2022]
- 3 ways to find out if your passwords are being sold on the Dark Web - Komando - June 22nd, 2022 [June 22nd, 2022]
- EXPLAINER: EFCC 'Linked Naira Marley to the Dark Web'. Here's What You Need to Know About the Internet's Most Hidden Part - FIJ NG - June 11th, 2022 [June 11th, 2022]
- What is the Dark Web? - AOL - May 28th, 2022 [May 28th, 2022]
- Cookie Banners Can Be AnnoyingHere's How To Block Them - WRAL News - May 28th, 2022 [May 28th, 2022]
- DuckDuckGo tries to explain why its browsers won't block some Microsoft web trackers - The Register - May 28th, 2022 [May 28th, 2022]
- Proton VPN Secure Core: what it is and when you should use it - TechRadar - May 28th, 2022 [May 28th, 2022]
- How to Download & Install Tor Browser in Windows 10 - May 7th, 2022 [May 7th, 2022]
- How to Unblock a Webpage from Behind a Firewall - Beebom - May 7th, 2022 [May 7th, 2022]
- Download Tor Browser For Windows & MAC (Offline Installer) - May 1st, 2022 [May 1st, 2022]
- Tor Browser - Dark Web Portal Exposed | Dark Web Wiki - May 1st, 2022 [May 1st, 2022]
- Top 10 dark web links & Tor websites for 2022 - Surfshark - May 1st, 2022 [May 1st, 2022]
- How to Install the Tor Browser on a Chromebook - May 1st, 2022 [May 1st, 2022]
- How to Anonymous access to the dark web with Tor - BollyInside - May 1st, 2022 [May 1st, 2022]
- How to Change the Tor Browser Language - How-To Geek - April 29th, 2022 [April 29th, 2022]
- Bites of Life: Shining Light on the Dark Web - Macalester College The Mac Weekly - April 29th, 2022 [April 29th, 2022]
- How to protect against the weakest link in cybersecurity THE USERS - Security Boulevard - April 29th, 2022 [April 29th, 2022]
- What Is Dark Social and Why It Matters - Legal Talk Network - April 29th, 2022 [April 29th, 2022]
- IP bans - why they happen and how to prevent them - Oneindia - April 29th, 2022 [April 29th, 2022]
- Deep Web Tor Browser - Tor Links - Onion Links (2022) - April 20th, 2022 [April 20th, 2022]
- How to Install and Use the Tor Browser on Linux - April 20th, 2022 [April 20th, 2022]
- The Best VPN for Binance 2022 [How to Use Binance With a VPN] - Cloudwards - April 20th, 2022 [April 20th, 2022]
- Three tactics for security providers in the age of Dark Web collaboration - SecurityInfoWatch - April 20th, 2022 [April 20th, 2022]
- Simple way to Install Tor Browser in Rocky Linux 8 - Linux Shout - March 17th, 2022 [March 17th, 2022]
- Laptop in Veltman apartment had what appeared to be 'hate-related material': docs - Lethbridge News Now - March 17th, 2022 [March 17th, 2022]
- How to Access Blocked Websites anywhere and for Free - BollyInside - March 17th, 2022 [March 17th, 2022]
- Download Tor Browser for Mac - Free - 10.0 - Digital Trends - March 11th, 2022 [March 11th, 2022]
- Open in Tor Browser Get this Extension for Firefox (en-US) - March 11th, 2022 [March 11th, 2022]
- Use Brave Private Browsing with Tor to Hide IP Address - OSXDaily - February 21st, 2022 [February 21st, 2022]
- Are Crypto Transactions More Transparent Than Wire Transfers? - InvestingCube - February 21st, 2022 [February 21st, 2022]
- The Truth about Dark Web Is It Really Dangerous? - Crypto Mode - February 21st, 2022 [February 21st, 2022]
- Tech-Savvy Professionals Among 22 Arrested In Dark Web Narcotics Operation - NDTV - February 15th, 2022 [February 15th, 2022]
- Download Tor Browser for Windows - Free - 11.0.3 - February 1st, 2022 [February 1st, 2022]
- Tor Project heads to Russian court to appeal against censorship - The Daily Swig - February 1st, 2022 [February 1st, 2022]
- Firefox Monitor may remove personal information now from the Internet - Ghacks Technology News - December 9th, 2021 [December 9th, 2021]
- The Real Russia. Today. Reining in an unruly Communist Party Meduza - Meduza - December 9th, 2021 [December 9th, 2021]
- See the stunning mansion Josh Duggar is calling home during his child pornography trial ahead of possible... - The US Sun - December 9th, 2021 [December 9th, 2021]
- Whats the Difference Between the Deep Web and the Dark Web? - How-To Geek - December 9th, 2021 [December 9th, 2021]
- How to Access the Dark Web Complete Guide? - The Bulletin Time - December 7th, 2021 [December 7th, 2021]
- Theres More to Threat Intelligence Than Dark Web Monitoring - Security Boulevard - November 25th, 2021 [November 25th, 2021]
- You have to work on this through the routeras options diet plan, as some items immediately restore previous setup after a forced reboot - ADOTAS - November 25th, 2021 [November 25th, 2021]
- What is Tor (Browser) & How does it work? | CyberNews - November 23rd, 2021 [November 23rd, 2021]
- Privacy-Protective Internet Browser Tor Is Running Low on Servers - Gizmodo - November 23rd, 2021 [November 23rd, 2021]
- Yes, the Internet has become safer but a VPN is still needed - TechGenix - November 19th, 2021 [November 19th, 2021]
- Scots businessman caught with the 'most serious' category of child abuse images jailed - Scottish Daily Record - November 19th, 2021 [November 19th, 2021]
- Anna and Josh Duggar welcomed daughter Madyson Lily on October 23, their 7th child * starcasm.net - Starcasm - November 17th, 2021 [November 17th, 2021]
- Tor Browser (Alpha) 11.0.9 Download | TechSpot - November 5th, 2021 [November 5th, 2021]
- US government offers $10 million bounty for information on Colonial Pipeline hackers - The Verge - November 5th, 2021 [November 5th, 2021]
- The Tor Browser: What is it and why would you use it ... - October 24th, 2021 [October 24th, 2021]
- Tor Explained: What is Tor? How Does It Work? Is It Illegal? - October 21st, 2021 [October 21st, 2021]
- Alternatives to Using a VPN That Provided Excellent Anonymity While Online - TechBullion - October 21st, 2021 [October 21st, 2021]
- Slicing open The Onion Router (Tor) with no tears - ComputerWeekly.com - October 19th, 2021 [October 19th, 2021]
- What is the dark web? - fox4kc.com - October 19th, 2021 [October 19th, 2021]
