Bug in Brave Browser Expose Users’ Dark Web History


Brave, the web browser that insists on privacy, exposes users' activities to its Internet Service Providers on Tor's secret servers, or "dark web." In its browser, Brave has solved a data protection problem that sends queries for .onion domains to a DNS solution, instead of a Tor node path, so that access to the dark website is shown to users. In a hotfix release, the bug was addressed.

Brave is an open-source web browser built on a Chromium web browser created by Brave Software, Inc. It restricts advertisements and website trackers and supplies users with a way to submit cryptocurrency donations to websites and developers of content in the form of simple tokens. 

Introduced in June 2018, Brave's Tor mode has enabled Brave users to gain anonymity when browsing the internet, encouraging them to have access to the .onion versions of legal websites such as Facebook, Wikipedia, and key news portals over the years. However, an unnamed security researcher reported in the research article, that Brave's Tor mode had sent queries to DNS resolvers rather than Tor nodes on the open Network. DNS requests are non-encrypted so that attempts to access .onion sites in Brave can be monitored using the Tor functionality, which is directly contradictory to the goal of this platform at first. 

The aforementioned DNS leak poses great dangers when all leaks build footprints on the Tor traffic of Brave users in DNS server logs. The risk is important. While in some Western states with stable democracy it might not be troublesome, it may be a concern for certain browser users to browse Brave's Tor websites from the authoritarian regimes. 

This problem seems to be the product of the browser's CNAME ad-block feature, which blocks third-party monitoring scripts using CNAME DNS for first-party scripts and prevents traffic blocker detection. This allows a website to cloak third-party scripts using primary domain's- sub-domains that are then immediately routed into a monitoring domain. 

Over the last three years, the organization has worked to develop today, second only to Tor Browser, one of the most privacy-driven Web browser solutions available. 

A Brave developer has stated after the release that the browser provided a hotfix on the problem. The problem is already solved on the night of the development of the browser. 

“Since it’s now public we’re uplifting the fix to a stable hotfix. Root cause is regression from CNAME- based adblocking which used a separate DNS query.” He further added.