Brave exposes activity logs in Tor; private browsing data is leaked

A recent report mentions that, due to a security error, Brave browser is exposing some records of its users’ activity on Tor’s hidden servers, also known as “dark web”. It was further reported that the browser, which has a special focus on the privacy of its users, left these records exposed to the reach of multiple Internet service providers.

Brave has an integrated feature for integration into the Tor network, providing users with advanced security and privacy features to best hide their online activity, as well as access websites with .onion domain, hosted on dark web.

Earlier this Friday, a blog user at Ramble reported that Brave was leaking DNS requests made in the browser, information that was shared with their Internet service provider. It is important to mention that DNS requests are not encrypted, so it is possible to track these records to reach websites visited by users, even if they are hosted on Tor and accessed through Brave.

“Internet service providers know which pages we are visiting on the Tor network,” the user says in their post. This report quickly went viral among Brave enthusiasts, to the extent that well-known researchers such as James Kettle conducted rapid scrutiny of the browser employed analysis tools such as Wireshark.

In his report, Kettle confirmed what Ramble’s user mentioned: “I can confirm that it’s true; Brave browser Tor mode is filtering out the .onion addresses that users are visiting.”

As you may remember, this tool was specifically developed as an anonymous browsing tool, so this is not a minor incident. The incident has already impacted Brave’s image, which has spent the latest hours dealing with its users’ complaints through social media. To make matters worse, it appears that Brave has received a similar behavior report since April 2019 through his Github repository.

Soon after, a Brave representative confirmed this situation, adding that its developers will begin an investigation and release a fix to the issue, which they claim is not present in nighty, the developer version of Brave.

“We’re elevating the fix to a stable review,” one of Brave’s developers mentioned through his Twitter account. This person reports that the cause of this issue is related to cnme-based ad blocking regression, which uses a separate DNS query. To learn more about information security risks, malware, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) website.