Brave browser privacy bug reveals user’s dark web browsing history

 

 

style=”display:block” data-ad-client=”ca-pub-6620833063853657″ data-ad-slot=”8337846400″ data-ad-format=”auto” data-full-width-responsive=”true”>

 

This is achieved by relaying user requests for onion URLs over a volunteer-run network of Tor nodes. At the same time, keep in mind that this feature uses Tor as a proxy and does not implement most of the privacy protection provided by Tor Browser.

However, according to a report first published in Ramble, a bug that disrupted the privacy of Tor mode in the browser could leak all .onion addresses accessed by users to the public DNS resolver.

 

 

“The ISP or DNS provider knows that the request made to a particular Tor site was made by IP,” he posted. read..

DNS requests are unencrypted by design. This means that you can track requests to access Brave’s .onion site, defeating the very purpose of the privacy feature.

 

See Also: Offensive Security Tool: ScareCrow

 

 

style=”display:block” data-ad-client=”ca-pub-6620833063853657″ data-ad-slot=”8337846400″ data-ad-format=”auto” data-full-width-responsive=”true”>

 

This problem is in the browser CNAME An ad blocking feature that blocks third-party tracking scripts that use CNAME DNS records, otherwise spoofing first-party scripts to avoid detection by content blockers. That way, your website can cloak third-party scripts using subdomains of your main domain, which will automatically redirect you to your tracking domain.

Brave already had as part of it Prior knowledge After being reported on the bug bounty platform HackerOne on January 13, the Nightly release 15 days ago resolved the security issue.

The patch is Initial plan It will be rolled out in Brave Browser 1.21.x, but as a result of its release, the company has announced that it will push to a stable version of the browser released yesterday.