Brave Browser Leaves Traces of Onion Addresses in DNS Traffic

Brave's Tor mode allows users to access .onion sites in a private window without having to separately install Tor. However, as it turns out, onion addresses leave their mark in the browser's DNS traffic.

The problem was first discovered by an anonymous researcher who reported this week that in Tor mode, the Brave browser sends requests for .onion domains not to Tor nodes, but to public DNS resolvers. At first, the statement of the unknown researcher was questioned, but soon recognized specialists managed to reproduce the problem.

"Just confirmed that yes, in Tor browser mode, all onion addresses you visit are visible to your DNS provider," said James Kettle, research director at PortSwigger Web Security.

“I can confirm. All addresses, standard and .onion, are sent to the DNS server used by the OS. Tested on Windows, ” confirmed Will Dormann, analyst at CERT Coordination Center.

DNS leaks pose a big privacy threat as they leave traces in the DNS server logs for Brave users' Tor traffic. While this may not be a problem in Western countries, in countries with totalitarian regimes, using Tor in Brave can be costly for users.

The Brave team fixed the issue on February 19, 2021. The fix has already been implemented in the "night" version of the browser, released two weeks ago, but after the problem became known to everyone, it will be sent out along with updates for the stable version of Brave.

The problem was the ad blocker built into the browser. The component used DNS lookups to find sites trying to bypass its blocking, but forgot to exclude .onion domains from these checks.

Previous Post Next Post