Privacy-oriented web browser Brave has been leaking users’ web data for months unknowingly through a bug in its code. The bug named Support CNAME, which was incorporated into its Tor mode offering had been sending user data to local network providers without the company knowing.
Leaked DNS Requests
Tor mode on Brave Browser allows users to access hidden services better known as .onion dark web domains while using Brave’s private browsing windows. The feature, which was added in 2018, was created to ensure increased privacy for Brave users while surfing the web.
But in recent research revealed on Friday for the Brave stable build, a Reddit user said Brave’s Tor mode was re-routing web queries for .onion domains to public internet domain name system (DNS) resolvers rather than designated Tor nodes.
Although the claims were initially refuted, other security experts confirmed the issue and asked the privacy browser to do something about it.
A DNS leak occurs when a request that should be sent through a private network arrives at a DNS server unprotected. The DNS server is likely your local network provider who will likely collect, evaluate and possibly sell the data. A DNS leak also leaves a trail that can be traced by government officials, hackers, or anyone with top-level security clearance.
To address this sort of issue, the Tor network was created in 2002. This network directs your web traffic through myriads of nodes, hiding the location you are searching from and protecting against network surveillance and traffic analysis.
Brave Browser has subsequently addressed the issue and released a formal fix for the erring bug the same day the data leak was discovered. The company said it first found the CNAME bug in its Brave Nightly build which developers mainly use. The issue was fixed on Feb. 4, and it proceeded to look into the stable build. It delayed the fix because it looked for other likely bugs that may result from the data leak.
The company has advised users genuinely concerned about their privacy to use the Tor network instead.
Brave’s User Community Grows By 130%
But despite what might seem like a bad deal for the ads blocking browser, Brave browser has enjoyed some measure of success in 2021. In a published report, the privacy portal said it has seen its user community increase from 11.6 million to 25.4 million as of Feb. 2 reflecting a 130% increase.
The Brave browser is sometimes compared to the famous Tor network due to its privacy-centric business model. Its Tor mode deployment in 2018 has seen it become a household name in a few short years.
The Chromium-based browser also rewards its users a basic attention token (BAT) for accepting to view ads. These digital tokens can then be exchanged for other crypto-assets or given to content creators through its in-built wallet.
With the idea of privacy becoming a much-discussed topic in the last decade, Brave may continue to find itself in business for a long time to come.