Posted on: February 22, 2021 Posted by: admin Comments: 0

The Brave browser, which emphasizes privacy and security, has been leaking data for months, according to security researchers. 

On Friday, Reddit user “py4YQFdYkKhBK690mZqlposted on a forum that Brave’s Tor mode, introduced in 2018,  was sending requests for .onion domains to DNS resolvers, rather than private Tor nodes.  A DNS resolver is a server that converts domain names into IP addresses. This means that the .onion sites people searched for, with the understanding those searches would be private, were not. In fact, they could be observed by centralized internet service providers (ISPs). 

Various privacy and security subreddit moderators refused to accept the post initially, as they wanted more vetting of the claims. 

“It was discovered by my partner on my startup, as we’re working on an ad and ‘BS’ blocking VPN service (as well as other things, as shown on the site),” said py4YQFdYkKhBK690mZql in a direct message to CoinDesk. “He mentioned noting it while observing his outbound DNS traffic on his local network.”

The findings were quickly confirmed by security researchers on Twitter. Following this, Brave confirmed that they were aware of the issue, and pushed a security patch to the browser Friday evening. 

The leaks had been ongoing for months before Brave became aware of them, said