A bug in brave browser that exposes users information on its Tor window

[Charles-Tim]

I think people that are still using brave browser for bitcoin and other crypto reasons need to read this, a DNS vulnerability that creates a trail in server logs that can be followed by law enforcement, hackers or really anyone that has high-level network access. Those using the Tor mode service in the Brave browser expect their traffic to be protected against exactly the sort of DNS server logs that occurred as a result of this leak, which could reveal what websites they are accessing.

“Fundamentally, your ISP would know if you had visited .onion websites and if they track a log of all the websites you visited, they might report you as ‘suspicious,’” said pseudonymous security researcher SerHack in a direct message.

The data leak for nightly brave build which is used by developers before incorporating updates on brave stable build takes 113 days while the brave stable build data leak takes 91 days.

“Brave warns users that Tor windows and tabs in its browser do not provide the same level of privacy as Tor Browser, which is developed directly by the Tor Project,” said O’Brien. “However, this DNS leak was properly described as ‘egregious’ by Brave’s CSO.”

Using the right Tor is better than risky your information to be leaked. I am also thinking if this is truly a bug or an intentional vulnerability from brave that are trying towards exposing people using Tor windows and tabs through their browser?

https://www.coindesk.com/brave-browser-leak-exposed-user-domain-info-months

[1714764089]

1714764089

[1714764089]

1714764089

[1714764089]

1714764089

[Yogee]

.... I am also thinking if this is truly a bug or an intentional vulnerability from brave that are trying towards exposing people using Tor windows and tabs through their browser?

What was their reason again when they were caught inserting their referral links on Brave's home page? They said something about needing a source of income right? Who knows if they also planned to monetize information they gather from Tor users?

[Charles-Tim]

I wonder what relation has this (or any other) browser to bitcoin?  In my view  people use the dedicated clients like Bitcoin Core , Electrum etc to work with it. Browsing the Web with any browser will not harm them unless they explicitly reveal sensitive  info (like SEED, private keys etc.) relevant to crypto they posses. Or I'm wrong with that? Anyway, the bug will be fixed in the nearest release.

Yes, you are right, but let us look at this a bit further. Normally, noncustodial wallets are recommended because it generate users private keys which makes the owner of the wallet to have full control and ownership. But, some traders still make use of exchanges, while some access the exchanges through web broswers to trade before sending back the coins into noncustodial wallet. There are a lot of things people still make use of broswers to do related to bitcoin and cryptocurrencies in general. If a broswer is vulnerable, do not be surprised if a hack attack on someone's crypto is through a browser. The information is just relevant to bitcoin users that are privacy concerned.

[sunsilk]

I've used their TOR feature and I don't find it convenient. If that's what they say then will just use the typical TOR browser that's very common rather than using them with TOR.

I still like the browser though because it's ads free when I browse other things on the web, related to crypto and not.

[stomachgrowls]

I've used their TOR feature and I don't find it convenient. If that's what they say then will just use the typical TOR browser that's very common rather than using them with TOR.

I still like the browser though because it's ads free when I browse other things on the web, related to crypto and not.

When i do able to discover that Private window + Tor in Brave then i do already have the doubts on using it since from the start and that hunch was actually indeed true.

Im rather sticking out with the original rather than on accessing it on other medium or browser which you can actually click it right away if you do already installed/download it.

and now we are seeing another issues from Brave? Remembering those auto affilliate links when accessing exchanges?
https://www.theverge.com/2020/6/8/21283769/brave-browser-affiliate-links-crypto-privacy-ceo-apology

and now this one? I already uninstalled this shit since on that first issue.

[target]

I don't see a reason why there is the need to use for Brave browser unless you really wanted to earn the BAT tokens if not then forget about it. Earning BAT meant submitting your data as well to the Brave team which is also the hacker team. Not against the team but there will be rotten apple among them and could possibly hack the crypto on your wallet.

[tippytoes]

I don't see a reason why there is the need to use for Brave browser unless you really wanted to earn the BAT tokens if not then forget about it. Earning BAT meant submitting your data as well to the Brave team which is also the hacker team. Not against the team but there will be rotten apple among them and could possibly hack the crypto on your wallet.

Actually, this is my issue with Brave Browser if you are earning BAT, before you can withdraw, you need to submit your KYC. So are you confident to send your vital info to these people just because you are earning few bucks from the BAT you accumulated for months and months of using it? But if you are happy with their service, just by using their brave browser, and not after for the BAT earned. Then I guess, that's fine. Or just use the regular google chrome for searching if you want to.

[sunsilk]

I've used their TOR feature and I don't find it convenient. If that's what they say then will just use the typical TOR browser that's very common rather than using them with TOR.

I still like the browser though because it's ads free when I browse other things on the web, related to crypto and not.

When i do able to discover that Private window + Tor in Brave then i do already have the doubts on using it since from the start and that hunch was actually indeed true.

Im rather sticking out with the original rather than on accessing it on other medium or browser which you can actually click it right away if you do already installed/download it.

and now we are seeing another issues from Brave? Remembering those auto affilliate links when accessing exchanges?
https://www.theverge.com/2020/6/8/21283769/brave-browser-affiliate-links-crypto-privacy-ceo-apology

and now this one? I already uninstalled this shit since on that first issue.

I've missed that affiliate links.

But they seem to be stable in having bugs. Despite with all of those reported bugs, they are still gaining a lot of users worldwide.

Most users don't seem to worry about the issues that they're pulling off as long as the browser saves a lot of ram unlike the common browser, chrome.

[Shohanur]

Brave browser is so fast and user friendly. Personally I use it and I am satisfied. If there has any bug, the support team of brave browser should take necessary steps to prevent it. Personal information is more important than a preferred browser.

[stomachgrowls]

I've used their TOR feature and I don't find it convenient. If that's what they say then will just use the typical TOR browser that's very common rather than using them with TOR.

I still like the browser though because it's ads free when I browse other things on the web, related to crypto and not.

When i do able to discover that Private window + Tor in Brave then i do already have the doubts on using it since from the start and that hunch was actually indeed true.

Im rather sticking out with the original rather than on accessing it on other medium or browser which you can actually click it right away if you do already installed/download it.

and now we are seeing another issues from Brave? Remembering those auto affilliate links when accessing exchanges?
https://www.theverge.com/2020/6/8/21283769/brave-browser-affiliate-links-crypto-privacy-ceo-apology

and now this one? I already uninstalled this shit since on that first issue.

I've missed that affiliate links.

But they seem to be stable in having bugs. Despite with all of those reported bugs, they are still gaining a lot of users worldwide.

Most users don't seem to worry about the issues that they're pulling off as long as the browser saves a lot of ram unlike the common browser, chrome.

Well i cant really deny that thing though because this is just my own personal views and opinions basing off on experience.I just really dont like on getting being deceived.

Recently, they had made out some update about on passing 25 Million monthly active users which is really a big number to consider. https://brave.com/25m-mau/

When it comes to browsing experience and other features specially on that getting rid of pesky adds then this one is ideal but still
i wont really be touching this one again. 

[rodskee]

is this really a Bug or intended ? Brave Browser has many issue in regards to the security of their browser and they have not complying in related to right matter so I have a doubt if this is really being bugged or planted.

Anyway i had stopped using Brave since 2019 and have no plan in using this again after
some controversial issues and even their reward system is for me another questionable thing as you need to forward a KYC just to receive their Peanut rewards lol.

[sunsilk]

Well i cant really deny that thing though because this is just my own personal views and opinions basing off on experience.I just really dont like on getting being deceived.

Recently, they had made out some update about on passing 25 Million monthly active users which is really a big number to consider. https://brave.com/25m-mau/

When it comes to browsing experience and other features specially on that getting rid of pesky adds then this one is ideal but still
i wont really be touching this one again. 

That's a milestone reached and achievement for them. Within just few years, they've gained a lot of users and the most contribution goes to their rewarding feature of earning BATs before. And after disabling it, they still are getting a lot of users.

And you're right, that's because of getting rid of ads and as well as low ram consumption. But hopefully that those bugs that are being caught on them should be fixed as soon as possible and they can get rid with any possible bug that will show up in the future.