'Brave Browser had a privacy issue that leaked the Tor onion URL
addresses you visited to your locally configured DNS server, "exposing
the dark web websites you visit...", writes Bleeping Computer.
Long-time Slashdot reader AmiMoJo quotes their report:
To access Tor onion URLs, Brave added a "Private Window with Tor" mode
that acts as a proxy to the Tor network. When you attempt to connect
to an onion URL, your request is proxied through volunteer-run Tor
nodes who make the request for you and send back the returned HTML.
Due to this proxy implementation, Brave's Tor mode does not directly
provide the same level of privacy as using the Tor Browser.
When using Brave's Tor mode, it should forward all requests to the Tor
proxies and not send any information to any non-Tor Internet devices
to increase privacy. However, a bug in Brave's "Private window with
Tor" mode is causing the onion URL for any Tor address you visit to
also be sent as a standard DNS query to your machine's configured DNS
server. This bug was first reported in a Reddit post and later
confirmed by James Kettle, the Director of Research at PortSwigger.
BleepingComputer has also verified the claims by using Wireshark to
view DNS traffic while using Brave's Tor mode.
Brave has since released an update which fixes the bug.'
-- source: https://yro.slashdot.org/story/21/02/27/221208
Dept. of Computer Science
University of Waikato, NZ
+64 (7) 577-5304