HomesecurityBrave: Onion addresses leaked to DNS traffic

Brave: Onion addresses leaked to DNS traffic

The Tor function included in the Brave web browser, allows users to have access into a .onion dark web domains in private browsers, without having to install Tor as a separate software package.


Η mode, added in June 2018, allowed browser users to access increased privacy when browsing the Internet, allowing them to access the .onion versions of legitimate sites such as Facebook, Wikipedia and major news sites.

However, in a research published on the internet this week, an anonymous security researcher claimed to have found that Brave's Tor function sends requests for .onion domains to public internet DNS parsers and not to Tor nodes.

While the researcher's findings were initially challenged, several prominent security researchers began to replicate his findings, such as James Kettle, director of research at PortSwigger Web Security and Will dormann, analyst vulnerability for the team CERT / CC.

In addition, the issue was reproduced and confirmed by a third source.


The risks from this DNS leak are significant as well leaks will create traces in the DNS server logs for Tor traffic of Brave browser users.

While this may not be a problem in some western countries, using Brave to browse Tor sites in more strictly regulated areas may be important to some browser users.

Brave Software, the company behind the Brave browser, has not yet made a statement on the matter.

Over the past three years, the company has been working to build a web browsing product that focuses more on privacy in today's marketplace. Based on her background and commitment to user privacy, the issue discovered this week seems to be one error, which the company will probably face immediately in the near future.

Absent Mia
Absent Mia
Being your self, in a world that constantly tries to change you, is your greatest achievement