Jessica Haworth19 February 2021 at 14:27 UTC Updated: 19 February 2021 at 21:33 UTC <\/p>\n
Developers are issuing hotfix<\/p>\n<\/p>\n
UPDATED Brave, the privacy-focused web browser, is exposing users activity on Tors hidden servers aka the dark web to their internet service providers, it has been confirmed.<\/p>\n
Brave is shipped with a built-in feature that integrates the Tor anonymity network into the browser, providing both security and privacy features that can help obscure a users activity on the web.<\/p>\n
Tor is also used to access .onion websites, which are hosted on the dark net.<\/p>\n
Earlier today (February 19), a blog post from Rambler claimed that Brave was leaking DNS requests made in the Brave browser to a users ISP.<\/p>\n
Read more of the latest privacy news<\/p>\n
DNS requests are unencrypted, meaning that any requests to access .onion sites using the Tor feature in Brave can be tracked a direct contradiction to its purpose in the first place.<\/p>\n
The blog post reads: Your ISP or DNS provider will know that a request made to a specific Tor site was made by your IP. With Brave, your ISP would know that you accessed somesketchyonionsite.onion.<\/p>\n
Following the disclosure, well-known security researchers including PortSwigger Web Securitys James Kettle independently verified the issue using the Wireshark packet analysis tool.<\/p>\n
I just confirmed that yes, Brave browsers Tor mode appear to leak all the .onion addresses you visit to your DNS provider, Kettle tweeted, providing a screenshot for evidence.<\/p>\n
Security researcher James Kettle independently verified the Brave browser privacy issue<\/p>\n
Considering that the Tor Browser was specifically built to hide a users internet browsing from their ISP, the news has provoked a vociferous response online.<\/p>\n
Privacy my ass, wrote Twitter user @s_y_m_f_m, while other called the findings appalling.<\/p>\n
The issue has been present in the stable release since November 2020, and was reported in mid January, a Brave developer told The Daily Swig.<\/p>\n
INSIGHT Tor security: Everything you need to know about the anonymity network<\/p>\n
Since the time of publication, a Brave developer has confirmed that the browser will be releasing a hotfix for the issue.<\/p>\n
The issue is already fixed in nightly, the development build of the browser. The developer, @bcrypt on Twitter, wrote: Since its now public were uplifting the fix to a stable hotfix.<\/p>\n
Root cause is regression from cname-based adblocking which used a separate DNS query.<\/p>\n
The Daily Swig has reached out to Brave for comment, and will update this article accordingly.<\/p>\n
This article has been updated to include the information that a hotfix is being issued. An earlier version stated that the issue has been present since 2019, this has been corrected to 2020.<\/p>\n
YOU MAY ALSO LIKE BIND implements DNS-over-HTTPS to offer enhanced privacy<\/p>\n
<\/p>\n
Link: Jessica Haworth19 February 2021 at 14:27 UTC Updated: 19 February 2021 at 21:33 UTC Developers are issuing hotfix UPDATED Brave, the privacy-focused web browser, is exposing users activity on Tors hidden servers aka the dark web to their internet service providers, it has been confirmed. Brave is shipped with a built-in feature that integrates the Tor anonymity network into the browser, providing both security and privacy features that can help obscure a users activity on the web. Tor is also used to access .onion websites, which are hosted on the dark net Continue reading
\nBrave browsers Tor feature found to leak .onion queries to ISPs - The Daily Swig<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"