News Brave browser leaves traces of onion addresses in DNS traffic


Tasken

Advanced
Joined
22.09.20
Messages
127
Reaction score
1,061
Points
63
In Tor mode, the Brave browser sends domain requests .onion is not directed to Tor nodes, but to public DNS resolvers.
image


The Tor mode in the Brave browser allows users to access sites .onion in a private window without having to install Tor separately. However, as it turned out, onion addresses leave their traces in the DNS traffic of the browser.

The problem was first discovered by an anonymous researcher who reported this week that in Tor mode, the Brave browser sends domain requests .onion is not directed to Tor nodes, but to public DNS resolvers. At first, the statement of an unknown researcher was questioned, but soon recognized experts managed to reproduce the problem.

"I just confirmed that yes, in the Tor browser mode, all the onion addresses you visit are visible to your DNS provider," said James Kettle, director of research at PortSwigger Web Security.

"I can confirm that. All addresses, standard and .onion, are sent to the DNS server used by the OS. I tested it on Windows, " said Will Dormann, an analyst at the CERT Coordination Center.

DNS leaks pose a big privacy threat because they leave traces in the DNS server logs for the Tor traffic of Brave users. Although this may not be a problem for Western countries, in countries with a totalitarian regime, using Tor mode in Brave can be expensive for users.

The Brave team fixed the issue on February 19, 2021. The fix was already implemented in the "night" version of the browser, released two weeks ago, but after the problem became known to everyone, it will be sent out along with updates for the stable version of Brave.

The browser's built-in ad blocker turned out to be problematic. The component used DNS queries to detect sites trying to bypass its blocking, but forgot to exclude domains from these checks .onion.
 
Top Bottom