Brave is a Chromium-based browser that has been modified with privacy in mind. This includes a built-in ad blocker, strict data controls and a built-in Tor browser mode for anonymous web browsing. Websites on the Tor network use special onion URL addresses of the type (DuckDuckGo), which users can only access through the Tor network.
The Crypto-friendly Brave browser is now available on the Tor onion network, a popular browser used to access the dark web. Users of Tor can now access Brave web pages directly from the dark web itself.
Initially integrated into the Brave browser since 2018, Tor also runs some of the relays.
- Tor Mode On Brave Browser Exposed Onion Addresses In DNS Traffic In addition to an incognito mode, the Brave browser also includes a Tor mode with which the anonymization service of the same name can be used directly from Brave. Brave advertises this with “real privacy”.
- Brave, one of the top-rated browsers for privacy, has fixed a bug in its Private Windows with Tor feature that leaked the.onion URLs for websites visited by users.
Brave announced in its official announcement:
“Our Private Window with Tor helps protect Brave users from ISPs (Internet Service Providers), guest Wi-Fi providers, and visited sites that may be watching their Internet connection or even tracking and collecting IP addresses, a device’s Internet identifier.”
Tor users can now access Brace with a “.onion” extension instead of the “.com” where instead of browsing as brave.com, users can access it as Brave.onion. The onion extension protects a users’ metadata, such as its location.
Brave even published a handy guide explaining how one could set this up.
https://t.co/yo4cVqraYq now has a @torproject .onion service, providing more users with secure access to Brave. See how our devops engineer @bkero created this setup, which you should be able to use to create your own onion service #MoreOnionsPorFavor: https://t.co/DSrmyNh5qO
— Brave Software (@brave) October 5, 2020
Brave-Tor Integration For Optimum Privacy
Known popularly as the hotspot for criminals, procuring illegal items and malicious activities, Bitcoin too gained popularity on the dark web as a preferred payment method due to its anonymous nature.
While mainstream notions towards the dark web are portrayed only as a destination for drug purchases or hiring assassins, the world of Tor and the dark web is also preferable for journalists, researchers, and activists too for their research works, where certain countries might have restrictive internet policies.
An onion network will bounce one’s search requests around a bunch of relays, set up all over the world while protecting the identity of the person.
The decision to make Brave accessible through the dark web is mainly for the privacy aspects associated with the Tor onion network.
Brave, a competitor to Google is known for its privacy-friendly technology. Its crypto-friendly feature rewards people for watching advertisements and even rewards content creators. It’s an opposite take to Google where it sells its users data for its own profit-making.© ZDNet
The Tor mode included with the Brave web browser allows users to access .onion dark web domains inside Brave private browsing windows without having to install Tor as a separate software package.
Added in June 2018, Brave's Tor mode has allowed throughout the years access to increased privacy to Brave users when navigating the web, allowing them to access the .onion versions of legitimate websites like Facebook, Wikipedia, and major news portals.
But in research posted online this week, an anonymous security researcher claimed they found that Brave's Tor mode was sending queries for .onion domains to public internet DNS resolvers rather than Tor nodes.
Brave Browser Onion Link
While the researcher's findings were initially disputed, several prominent security researchers have, in the meantime, reproduced his findings, including James Kettle, Director of Research at PortSwigger Web Security, and Will Dormann, a vulnerability analyst for the CERT/CC team.
Furthermore, the issue was also reproduced and confirmed by a third source, who also tipped off ZDNet earlier today.
The risks from this DNS leak are major, as any leaks will create footprints in DNS server logs for the Tor traffic of Brave browser users.
While this may not be an issue in some western countries with healthy democracies, using Brave to browse Tor sites from inside oppressive regimes might be an issue for some of the browser's other users.
Brave Software, the company behind the Brave browser, has not returned a request for comment sent before this article's publication earlier today.
Over the past three years, the company has worked to build one of the most privacy-focused web browser products on the market today, second only to the Tor Browser itself.
Brave Browser Onion For Mac
Based on its history and dedication to user privacy, the issue discovered this week appears to be a bug, one the company will most likely hurry to address in the coming future.
Update: Minutes after this article went live, the Brave team announced a formal fix on Twitter. The patch was actually already live in The Brave Nightly version following a report more than two weeks ago, but after the public report this week, it will be pushed to the stable version for the next Brave browser update. The source of the bug was identified as Brave's internal ad blocker component, which was using DNS queries to discover sites attempting to bypass its ad-blocking capabilities, but had forgotten to exclude .onion domains from these checks.