Brave Browser: Anonymity problems with Tor

[Poisonjuoice]

Brave is a Chromium-based browser that advertises as a privacy-oriented browser with built-in features to block advertising, disable JavaScript, block cookies, and similar tasks. One of the most recent additions to the browser is a feature called "Private Window with Tor" which allows you to access the Tor network.

A bug in this navigation mode could reveal onion sites visited by users. The bug, in fact, would allow DNS providers to have access to Onion addresses visited by users. The bug seems to be caused by the ad-blocking feature of the browser.

The Brave bug was reported in light on January 21 following a Hacker One survey. It was now solved and the FIX was added to the "nightly" version of Brave two weeks ago. However, since the bug is back to the fore the Reddit and Twitter, Brave is bringing the solution to the official version quickly.

Brave never promised to be private and safe as Tor. "Brave with Tor does not provide the same level of Tor Browser's privacy, if your life depends on remaining anonymous, use Tor Browser," said Ryan Watson, Brave VP IT, two years ago on Reddit.

 

[Ninjaboy981]

will stick with tor and firefox.

 

[cuuk]

stick to the default.

blend or get touch!!

 

[CUK77]

Brave fixes DNS leak issue through Tor onion resources​

The Brave browser developers have released a new stable version of Brave 1.20.110. The update fixes a serious privacy issue in the browser, fixes a crash on Linux systems and comes with a new version of the Chromium codebase

The Brave browser has a native function for accessing .onion sites on the Tor network. This feature was introduced in June 2018 and has been optional since then. Designed to enhance privacy by routing connections through a chain of nodes, the Tor network improves anonymity and protects against wiretapping.
To activate Tor mode in Brave, you need to press Alt + Shift + N or go to Menu > New Private Window in Tor.

Brave's implementation of Tor network support is not intended to completely replace the Tor Browser . On the support page, the developers emphasize this:

Brave's Tor mode does not implement much of the privacy protections available in the Tor Browser. We recommend using Tor Browser instead of Tor private windows in Brave for absolute anonymity.

One browser user last week discovered that Brave in Tor mode exposes the visited sites and the requesting party's IP address. Brave tried to process .onion domains using traditional DNS lookups, which the user thinks shouldn't happen.

The new version of Brave has fixed this problem. DNS leaks no longer occur when using Tor mode in a browser.
To check your current version of Brave, open the internal brave: // settings / help page or go to Menu> About Brave. The check for available updates will start automatically. When a new version is found, it will also be downloaded and installed automatically.
Also in Brave 1.20.110 we fix a crash that occurred on Linux systems when opening .onion links under certain conditions. Finally, the Chromium codebase has been updated to version 88.0.4324.192.

 

[CarderPlanet]

Brave browser integrated with Tor​

While Firefox is only planning on integrating with Tor, Brave has already done so at the Private Tabs level. The feature is implemented in the latest version of Brave 0.23.

Integration with Tor is still in beta status. As stated in the description, it allows you to maintain privacy not only at the level of an individual device, but at the network level. Private tabs with Tor protect the user from eavesdropping on the part of their ISP, third-party provider on guest Wi-Fi hotspots, as well as from the visited sites themselves, which can set tracking cookies, run analytics scripts and register visitors' IP addresses.

Private tabs can be easily launched from the File menu, where the New Private Tab item is located... At any given time, a user can have one or more tabs of different types running: a regular tab, a private tab without Tor, and a private tab with Tor. They all work at the same time.

Thus, users now get the convenience of the Brave browser along with the standard security features on the Tor network.

The Brave browser has had advanced privacy features in the past. It blocks ads, tracking trackers, cryptominers and other threats on the Internet by default. Standard private tabs do not save browsing history or cookies. But if you activate Tor mode, then the protection is even stronger. As mentioned above, this method makes it difficult for someone along the route between your browser and the final site to penetrate the communication channel or find out which site the request is going to. And the site itself also does not see from which address the visitor came.

The default search engine for private tabs with Tor is DuckDuckGo, but you can easily switch to any of the 19 other search engines. DuckDuckGo encourages anonymous use of the search engine and does not collect any information about visitors.

In addition to the regular Tor client, the Brave browser also contributes to the functionality of the Tor network by supporting Tor relays. All Brave relays for Tor are listed on this page.

The browser integration with Tor is commendable, but keep in mind that it is still in beta status. Developers warn about some open bugs and known leaks, which we intend to eliminate in future versions. Help from all developers in troubleshooting these issues is greatly appreciated: the code is available on GitHub. The next version with some bug fixes is planned for the next few weeks.

The developers also plan to implement the function of choosing a geolocation for the Tor exit node, so that you can impersonate a user of a particular country.

But if you need guaranteed privacy protection, then it is better to install Tor Browser with proven protection.

In parallel with Brave, the Tor developers are running the FUSION projecton the integration of Tor Browser functions into the Firefox browser. There is no clear plan yet as to what specific Tor Browser features will be implemented in Firefox. As you know, Tor Browser is built on top of Firefox ESR with a bunch of Tor-specific patches. Anonymous browser developers are not comfortable with wasting time rebasing these patches from one repository to another. Therefore, a few years ago, together with Mozilla, the Uplift project was organized, which provided for the automatic inclusion of Tor Browser patches in the Firefox codebase. Over the past year and a half, new security features have been simultaneously implemented in Tor Browser and Firefox. This is element isolation (First-Party Isolation, privacy.firstparty.isolate setting in Firefox 52+, it is also part of the key systemCross-Origin Identifier Unlinkable, which ensures anonymity in the Tor Browser), anti-fingerprinting system including installed fonts fingerprinting, anti- fingerprinting on HTML5 canvas, new privacy.resistFingerprinting setting in Firefox 59+, etc.

Ultimately perfect it would be a complete merger of the Firefox and Tor Browser codebases. But it starts small. As with Brave, Tor will only be integrated into Firefox's private tabs in the first phase.