Brave leaked browsing history data from the anonymous Tor browser and the platform addressed the issue immediately and a patch should go live shortly so let’s read more about it in today’s crypto news.
The bug is not new and most certainly not specific to the Brave browser. The Chromium-based privacy browser that integrates the anonymous Tor web browser has been leaking private data to domain name system providers. What’s tricky about it s that it is impossible to trace the users’ web history making the browser the perfect place for anyone that needs privacy. The bug however addressed in beta and a hotfix which meant that Brave leaked all the private information to DNS providers meaning that the internet companies will be able to snoop on their users’ Tor activity.
Brave integrated Tor in 2018 as a Chromium-based browser which means it uses the same architecture as Firefox and Google Chrome. This problem plagued the Chromium-based browsers for more than ten years and was found on Brave as far as 2019. The bug was raised on January 21 after a Hacker One report revealed the issue. It was resolved and added to the “Nightly” version two weeks ago. this version is the developer version of Brave that updates each day. However, once the bug blew up on Twitter and Reddit today, Brave is now shifting to the official version.
Brave’s VP of IT Ryan Watson said:
“Brave with Tor does not provide the same level of Privacy as the Tor browser, if your life depends on remaining anonymous, use the Tor browser.”
Tor is extremely secure because it scrubs digital “fingerprints” that are used to identify computers and they work by hiding in the crowd of other browsers so by using Tor in Brave, you will have a more unique fingerprint that alone in the Tor browser that makes you less anonymous:
“[Tor’s community] also develop and know about security issues before anyone else, so they get the patches first and they make their way downstream to other apps.”
Brave was in the spotlight for betraying the users’ trust in the past as it redirected some crypto-related search queries to affiliate links, as Brendan Eich, the company’s CEO tweeted at the time:
“It’s not great, and sorry again. I’m sad about it, too.”