Jump to content

Brave Browser leaks your Tor / Onion service requests through DNS.


Recommended Posts

Brave Browser leaks your Tor / Onion service requests through DNS.

"https://ramble.pw/f/privacy/2387/brave-browser-leaks-your-tor-onion-service-requests-through"

Edit: (Since this is gaining traction elsewhere.) I'm not trying to ***** on Brave. I'm just wanting to help protect end-users who may use Brave for it's Tor feature to do stuff over Tor that should only be done with the actual Tor browser. If you're using Brave you probably use it because you expect a certain level of privacy/anonymity. Piping .onion requests through DNS where your ISP or DNS provider can see that you made a request for an .onion site defeats that purpose.

I'm also no NetSec expert but you don't have to be to replicate this. I'm just a dude with some websites and projects and I'm not certain I would have taken notice of this if it wasn't reported to me by a partner on another project who witnessed this behavior when monitoring his local requests leaving his network. He'll be doing his own write-up and is more equipped to discuss this in length than me.

Meet the MetaHumans

HIGH-FIDELITY DIGITAL HUMANS IN MINUTES

"https://www.unrealengine.com/en-US/digital-humans"

Bringing compelling real-time digital humans to life is incredibly challenging and time-consuming. It can take months of research, costly scanning equipment, and an army of tech artists. What if we could make the process radically simpler, faster, and more scalable—without compromising on quality?

We’re excited to share a sneak peek at MetaHuman Creator, a new tool that will empower anyone to create a bespoke photorealistic digital human, fully rigged and complete with hair and clothing, in a matter of minutes.

Link to post
Share on other sites
3 hours ago, exile360 said:

SRWare, developers of Iron have an extension designed to stop WebRTC leaks:


https://chrome.google.com/webstore/detail/easy-webrtc-block/cmjcmogcdofcljpojplgmfpheblcaehh

 

Well. Brave also has settings to disable Webrtc (as per reddit, in attachment). 

And Enterprises are said to be against Brave due to Tor, so Brave will be well off to do away with Tor.

And Webrtc leaks will be a concern (if I'm right only when uses Webrtc communication, else no one will ever go for VPN if IP leaks are of concern outside of Webrtc browser requests too).

And moreover as per reddit, Brave seems to hv addressed the issue as per 

 

20210220_210002.jpg

20210220_204946.jpg

Link to post
Share on other sites

I've never used TOR so I'm not too familiar with it, but I do use DNSCrypt along with blocking WebRTC leaks.  I may start using Malwarebytes VPN eventually, but there are a few technical details I need to find answers to first, particularly with regards to compatibility with DNSCrypt.

Link to post
Share on other sites
1 hour ago, exile360 said:

I've never used TOR so I'm not too familiar with it, but I do use DNSCrypt along with blocking WebRTC leaks.  I may start using Malwarebytes VPN eventually, but there are a few technical details I need to find answers to first, particularly with regards to compatibility with DNSCrypt.

It's abt IP leaks with TOR under Brave and if Brave has addressed it, good. But in general IP leaks with Webrtc is while communication with it and that's why Mullad VPN too recommends disabling Webrtc with its VPN use (refer attachment as per Mullad blog).

20210220_225706.jpg

Link to post
Share on other sites
42 minutes ago, exile360 said:

There's an option for it in Firefox too.

True. One can go fr Webrtc leak test and disable functionality (if not reqd). 

It's detailed exhaustively in "https://www.privacyend.com/disable-webrtc-in-various-browsers/"

Use of Webrtc is at the cost of privacy even with Tor, VPN or proxy use and has to be disabled to prevent ip leak.20210221_034826.thumb.jpg.e6810265db4b5b06f119ca6a4a4a68cb.jpg

20210221_034901.jpg

Link to post
Share on other sites
1 hour ago, exile360 said:

There's an option for it in Firefox too.

But that just prevents WebRTC leaks. You sadly don't actually get the Tor functionality without the TOR browser itself... Though thankfully, that happens to itself be a Firefox branch!

In my honest opinion, I think that it would be great if TOR became the standard for... Everything. It's just a shame that it's so slow.

Link to post
Share on other sites
3 hours ago, exile360 said:

I wasn't suggesting it did provide ToR functionality, just that Firefox had an option to block WebRTC leaks.

ToR will likely always suffer from being slow given how it works.

This is all abt TOR under Brave leaking IP (defeating its purpose) with or w/o Webrtc in place and if Brave has addressed it, great 

Link to post
Share on other sites
38 minutes ago, exile360 said:

For anyone curious, you can check to see if your browser is leaking DNS requests at the following site:


https://www.dnsleaktest.com/

 

Or one can check it GRC site for reverse DNS requests.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.