In addition to an incognito mode, the Brave browser also includes a Tor mode with which the anonymization service of the same name can be used directly from Brave. Brave advertises this with “real privacy”.
However, an anonymous cybersecurity expert published a study according to which the Brave browser running in Tor mode left traces in the logs on the DNS server. The DNS queries of the websites accessed in this way were not tunneled via the Tor but rather sent to the normal DNS server.
In addition to websites that are to be accessed via Tor, this also affects Onion Services, i.e., websites and services that are offered within the Tor network and thus offer significantly higher anonymity.
For the first time, information about this problem was published on Reddit, and at first, many doubted the correctness of the expert’s conclusions. However, the existence of the bug was soon confirmed by such well-known information security specialists as the chief researcher of PortSwigger Web Security James Kettle and CERT/CC analyst Will Dormann.
According to Brave, the source of the bug turned out to be an ad blocker built into Brave, which used DNS queries to find sites trying to bypass its bans, but the developers forgot to exclude .onion domains from these checks.
A patch for it was included in the Brave Nightly build two weeks ago, after receiving a bug. The fix is promised to be transferred to the stable version during the next browser update.
Tor mode was integrated into Brave back in 2018 and allows users to visit onion sites. This is done by proxying user requests through Tor nodes, which make a request to the onion resource instead of it, and then send back the received HTML.