[HN Gopher] Brave Browser leaks your Tor / Onion service request...
___________________________________________________________________
Brave Browser leaks your Tor / Onion service requests through DNS
Author : todsacerdoti
Score : 247 points
Date : 2021-02-19 16:27 UTC (6 hours ago)
(HTM) web link (ramble.pw)
(TXT) w3m dump (ramble.pw)
| c7DJTLrn wrote:
| I respect Brave's efforts to make Tor accessible to the masses,
| but it also puts people at risk. There's lot of people with not a
| great deal of technical knowledge who are aware of Tor and might
| see it as a means to bulletproof privacy, unaware that using it
| through Brave on an OS like Windows 10 could easily expose them.
|
| Brave does present some kind of warning to users when opening an
| incognito tab. It just doesn't make the risks clear enough and
| will mostly be ignored.
|
| I'm not sure what solutions there are for this. Perhaps shipping
| Tor as part of a regular browser isn't a good idea. In fact, I'd
| say Tor should've never been tunnelling generic protocols and
| instead had its own protocol for sharing information. That's
| another conversation though.
| drummer wrote:
| You need a good amount of specific knowledge to integrate
| something like TOR without putting people at risk through
| mistakes. Leaking dns is so basic that it's clear the expertise
| for doing the integration safely does not exist at Brave.
| breck wrote:
| I respect your comment but you can ignore the left half of any
| but comment.
| c7DJTLrn wrote:
| Sorry, I have a poor style of writing. I'll try to clean it
| up.
| breck wrote:
| No worries. I agreed with your comment. That rhetorical
| style I find myself doing a lot, until someone pointed it
| out to me. They showed me there's a better way to be
| constructive. Just jump to the point. Compliments are fine
| at the end.
| SippinLean wrote:
| I never understood this cliche. Half a sentence is
| invalidated by a conjunction? We can't have two contrasting
| clauses in a single sentence?
| chipotle_coyote wrote:
| While I think breck's phrasing is a bit overstated, and
| sometimes you really do want to have two contrasting
| clauses in a single sentence, their statement was (I
| presume intentionally!) self-illustrating:
|
| > I respect your comment but you can ignore the left half
| of any but comment.
|
| "I respect your comment, but..." isn't doing any meaningful
| work in this sentence; it's not contrasting anything, it's
| just introducing the actual point: "You can ignore the left
| half of any 'but' comment." You don't really lose anything
| by taking out the left half.
| chungus_khan wrote:
| The cautious configuration and total separation of the Tor
| browser is the whole reason it was created in the first place.
| There are an uncountable number of reasons why having it in a
| normal everyday browser is probably a bad idea.
|
| It sort of aligns with my views on a lot of other Brave
| projects: neat, and with good intentions, but not necessarily
| such a good idea when examined in detail.
| c7DJTLrn wrote:
| And even with all that caution, holes have been found in Tor
| Browser in the past.
|
| The fact is that software with such a huge attack surface
| shouldn't be the mode of interaction for Tor services.
| glsdfgkjsklfj wrote:
| couldn't agree more. Brave browser is applying startup "break
| things faster" to user privacy.
|
| All fine and dandy when it is some curious silicon valley
| engineer playing with new tech at home, but 'selling' that to
| people at danger that depends on that tech for safety is huge
| red flag.
|
| Avoid brave browser like the plage. Specially do not
| contribute your opensource-time to them, but to the projects
| they use (not chromium though)
| loceng wrote:
| Is there an ideal circumstance or organizational structure
| or development process that could allow this to work - and
| perhaps that is simply necessitating a very large amount
| engineering and security/QA resources?
| huzur8472 wrote:
| The issue around Tor is not a reason to avoid Brave. It has
| a lot of other good attributes for the common people. And I
| like it's attempt to let you support websites while
| blocking intrusive ads.
| _jal wrote:
| The issue with Tor, and the issue with ad substitution,
| and other things are reasons to doubt the judgement of
| the developers.
|
| Brave is interesting, and I do play with it. I utterly
| distrust it, though, and do nothing important with it.
| selestify wrote:
| Which browsers do you trust?
| glsdfgkjsklfj wrote:
| Contribute to uBlock and bring no-ads to everyone
| instead.
|
| having brave control which ads you see, will lead to the
| same awful situation when adBlockPlus was stolen for
| profit: any company could pay to be whitelisted.
| blendergeek wrote:
| > Contribute to uBlock and bring no-ads to everyone
| instead.
|
| Contribute to uBlock Origin [0]. uBlock was also stolen
| for profit [1] and takes money to whitelist ads.
|
| [0] https://ublockorigin.com/
|
| [1] http://tuxdiary.com/2015/06/14/ublock-origin/
| eredengrin wrote:
| > but 'selling' that to people at danger that depends on
| that tech for safety is huge red flag
|
| The vast majority of users do not need tor for personal
| safety, therefore avoiding brave because of this issue is a
| non-sequitur for most people. Ublock origin is great, but
| brave is one of the only solutions that is giving a
| legitimate attempt at solving the root issues in a
| pragmatic manner. Everything else (including ublock origin,
| as good as it is) is just cat and mouse.
| [deleted]
| hundchenkatze wrote:
| The comments in that thread... is ramble the new parler?
| mrzimmerman wrote:
| I think it's another alt-right hangout that popped up after a
| ban wave at Reddit. Seems like Voat or one of the .win sites
| that are Reddit clones made by banned redditors and they seem
| to always turn into /pol in short order.
| dkdk8283 wrote:
| There are still plenty of people who believe in free speech
| irrespective if it's right or wrong. What's right or wrong
| changes over time.
| x86_64Ubuntu wrote:
| This has nothing to do with free speech at all. And it does
| appear that ramble could be seen as Parler-esque. It's got
| comments citing dailystormer and whitedate.net as "Free
| Speech" paragons. We all can be pretty sure that any left
| wing posts on such cites, as with Parler, would be moderated
| out of existence.
| fleshdaddy wrote:
| Maybe off topic but I'd never heard of whitedate.net. Is
| that considered something bad? I mean it's a little weird
| and creepy from the look of it but plenty of exclusionary
| dating sites exist. I can even think of a few others that
| exclude based on race.
| wizzwizz4 wrote:
| The kinds of people you'd meet on a site called
| "whitedate.net" are _probably_ not worth meeting.
| fleshdaddy wrote:
| Oh yeah absolutely I wouldn't even be allowed to join.
| The commenter just mentioned it in the same breath as the
| daily stormer so I'm wondering whether they find it
| racist in the same way dailystormer is because it
| wouldn't seem that way to me.
| matthewmacleod wrote:
| Well, it's an overtly, explicitly white-supremacist
| dating site. It exhorts people to "have white babies"
| because "only white people create white societies"; it
| links out to several lists of "pro-white" media including
| the aforementioned Daily Stormer, various "white
| genocide" blogs, and Stormfront; and it had forums full
| of posts on topics like "intentional miscegenation in
| advertising".
|
| It would honestly be pretty hard for me to think of a
| _more_ obviously racist website.
|
| The thing is with this stuff... it kind of makes sense
| that you would find dating sites that revolve around a
| particular cultural or minority background. You'll find
| sites primarily for gay men, lesbians, Muslims, people
| with disabilities and so on. That's because the default
| culture of a "mainstream" dating site is going to be
| "generally mainstream able-bodied heterosexual white-
| ish", and people who have a cultural context that doesn't
| align with that can have a bit of a tough time with
| those.
|
| A site focusing on "white dating"--at least in the
| Anglosphere--doesn't really have the same reason for
| existing. I mean on the surface level, something like
| "white dating" is the same kind of thing "muslim dating",
| and I could certainly see some circumstances in which it
| might not be deliberately bad. But the former is
| immediately super suspicious, and inevitably a peek
| behind the curtain shows it up for what it is.
| AnthonyMouse wrote:
| The tell for this is that the term "white people" is used
| almost exclusively in discussions of race rather than
| culture, because "white people" are an internally diverse
| group without a unified culture.
|
| You can find the individual subcultures all over the
| place in Irish pubs and Polish clubs and so on, where you
| can go and find people immersed in that subculture and
| not really expect to find a lot of Actual Nazis.
|
| But if you go to a place that calls itself "white people"
| when that term only really gets used for race, what do
| you expect to find?
|
| It's kind of a stupid idea for anti-racists to even keep
| using the term, given that the group has no identity
| outside of defunct 20th century pseudoscience notions of
| race and preserving and promoting the idea of it as any
| kind of coherent group is only fortifying tribalist lines
| we should instead be trying to dissolve.
| arthur_pryor wrote:
| > It's kind of a stupid idea for anti-racists to even
| keep using the term, given that the group has no identity
| outside of defunct 20th century pseudoscience notions of
| race and preserving and promoting the idea of it as any
| kind of coherent group is only fortifying tribalist lines
| we should instead be trying to dissolve.
|
| yeah, this is kind of a tough one, though... because
| people need to be able to talk about the hegemony of the
| group that identifies itself as white at the expense of
| the groups that are excluded from that identification.
| and always saying something like "the cartel that calls
| itself white, where some members aren't even consciously
| colluding" is kind of a clunker. esp for people who don't
| think/read about this stuff on their own, and who just
| think of "white" as a simple and natural ethnic
| delineation, to the degree that any ethnic delineation
| can be thought of as simple or natural =)
|
| race, including "whiteness" is a scientific and
| biological fiction invented and accepted to maintain (and
| hide) a caste system. but through the assiduous
| maintenance of that lie, it has become a different sort
| of social reality. not using the term "white" makes it
| incredibly hard to talk with most people about the issue.
| but using the term "white" as most people (superficially)
| think of it also helps cement its pernicious effects.
|
| pretty difficult jam our society has gotten into there.
|
| "the people who call themselves white" is the best
| terminology approach i've seen to dealing with this, but
| even that is still quite clunky, and may still make the
| speaker sound like a hand-wringing liberal to anyone
| who's not already on board with the viewpoint that race
| is a pernicious and unscientific lie.
| wizzwizz4 wrote:
| The general idea... _might_ be okay? But this
| implementation is clearly by white supremacists, for
| white supremacists:
|
| * Among their social medias, they list Gab
|
| * "Trad life", "RedPill" and "Without White Children We
| Will Perish" are on their about page
|
| * > By the way, this is the list of companies supporting
| BLM. Just in case you were wondering whom to boycott.
| [deleted]
| [deleted]
| oqkf wrote:
| Free speech would mean you support (private companies like)
| reddit's choice to ban the white supremacy subreddits.
|
| What does it have to do with that website being full of
| bigots? Their speech is not limited by the government.
| [deleted]
| Kaze404 wrote:
| I had a similar reaction, specifically the person commenting
| about the wrong use of "its" degrading the quality of the
| article and the dude writing alarmist titles in bold letters.
| What a weird place.
| karmicthreat wrote:
| Is Tor even secure against state actors anymore? I always assumed
| that the 5 eyes countries at a minimum have enough nodes to track
| you down.
| Spivak wrote:
| I'm curious how people feel about wanting the Tor browsers to
| override system DNS for privacy but Firefox doing it for privacy
| is totally unacceptable and should defer to DHCP.
| elagost wrote:
| In Tor browser I want every request bundled and bounced through
| Tor. It is a special exception. Non-special-case software
| should respect my OS and network's DNS settings. Simple as
| that. I shouldn't have to fiddle with network settings in each
| application to get it to behave the way I want. Seems fine that
| it's there, if people want to turn it on, but it should not be
| on by default.
| gruez wrote:
| With tor it's required because otherwise any privacy benefits
| (literally the point of using tor browser) will be negated by
| dns leaks. On the other hand with firefox it's not required,
| and the privacy benefits is debatable since the queries just
| get funneled from one corporation (your ISP) to another
| (cloudflare).
| easterncalculus wrote:
| Trust. The same reason you'd trust someone with a driver's
| license to operate a car over a toddler. Tor is privacy and
| anonymity protecting software. Firefox is a web browser.
| CodesInChaos wrote:
| I can understand Brave not putting as much effort into privacy as
| Tor Browser (especially fingerprinting mitigations).
| Fingerprinting is difficult to prevent, even using Tor Browser I
| apparently have a unique fingerprint.
|
| But directly leaking the IP address (e.g. via DNS or WebRTP) is
| totally unacceptable.
| selestify wrote:
| > even using Tor Browser I apparently have a unique fingerprint
|
| How do you tell?
| 2-tpg wrote:
| https://coveryourtracks.eff.org/
| CodesInChaos wrote:
| Interesting, this time it's 1 in 1100. I wonder if Tor
| Browser improved since I last ran such a test, if I used a
| better fingerprinter (unlikely), or if I just was unlucky
| last time.
| jerheinze wrote:
| This is why you should always stick to the Tor Browser. See for
| instance the Tor Browser Design Doc (a bit outdated but still has
| a lot of info) for how much work they put to make sure that it
| stays as private as possible
| https://2019.www.torproject.org/projects/torbrowser/design
| smaryjerry wrote:
| Yes, if privacy is the main concern. As far as I'm aware you
| don't even have access to onion pages at all without brave and
| so with brave at least you can view and read parts of the
| internet that were previously hidden.
| [deleted]
| deadalus wrote:
| Brave Help Article https://support.brave.com/hc/en-
| us/articles/360018121491-Wha...
|
| In which they, themselves, say (and always have been saying): "
| If your personal safety depends on remaining anonymous, we highly
| recommend using Tor Browser instead of Brave Tor windows. "
|
| Also this is a known issue, see https://github.com/brave/brave-
| core/pull/7909
| hertzrat wrote:
| Looks like that issue was created Jan 10th and the fix was
| merged 6 hours ago. Apparently, it was a regression:
|
| > UPDATE: cause was cname adblocking, so this is a regression,
| not an earlier issue.
| ddbb33 wrote:
| I then wonder what is the point of then including Tor.
| DanBC wrote:
| People in places like the UK just need a quick and easy way
| to evade website blocks.
|
| > Access to this website has been blocked under an Order of
| the Higher Court.
|
| > Any TalkTalk customer affected by the Court Order has a
| right under the Court Order to apply to vary or discharge it.
| Any such application must:
|
| > (i) clearly indicate the identity and status of the
| applicant;
|
| > (ii) be supported by evidence setting out and justifying
| the grounds of the application; and
|
| > (iii) be made on 10 days notice to all of the parties to
| the Court Order.
|
| > For further details click here.
| https://community.talktalk.co.uk/t5/Articles/Blocked-
| website...
| SahAssar wrote:
| TOR is a very inefficient way around that if you don't care
| about privacy.
| emayljames wrote:
| There are gonna be 0 chances of getting a waiver. You would
| probably have to be law enforcement/lawyer's with a
| talktalk connection and involvement in the case.
| tialaramex wrote:
| Switch to an ISP that doesn't do censorship and so isn't
| subject to these orders. Andrews & Arnold. The big ISPs
| all wanted to be "family friendly" by doing DNS blocking,
| but A&A isn't interested in "friendly" so it has no
| capability to do that. When courts issued these rulings
| they all say obviously if you don't have blocking you
| can't and needn't block this thing either.
|
| They are not a budget offering, and they don't believe in
| "unlimited" bandwidth, but their prices are fair and the
| service is excellent.
|
| It's the difference between hiding a joint in your safe
| so there's less chance the cops find it and marching to
| just make weed legal.
| hertzrat wrote:
| Iirc, I think most people do not have a choice of isp
| where they live
| tialaramex wrote:
| In the UK, which is what we're talking about, the
| situation goes like this:
|
| For most people there is FTTC or FTTP owned by
| "Openreach" the successor to the national telephone
| monopoly which thus owns most of the "last mile" of
| copper cable either under pavements in urban areas or
| hanging from telegraph poles elsewhere.
|
| Openreach doesn't offer service to end users, its
| products are wholesale only, ISPs buy the wholesale
| product, at prices fixed by regulation, and sell Internet
| service (they also of course need to buy backhaul,
| routers, set up a call centre and so on, Openreach just
| makes the "last mile" work)
|
| Thus, must big UK ISPs are using Openreach and you could
| switch to any of the others (including A&A), in principle
| literally overnight, since all the physical
| infrastructure is unchanged, just somebody has to plug
| different values into a database so they're billing a
| different ISP and your traffic goes to that ISP not the
| previous one.
|
| [ Under the hood it's _slightly_ more complicated because
| you can buy some backhaul from Openreach or from
| competitors who own long distance fibres. In a major city
| it may be cheaper to use some startup to get 10Gbps of
| data from your customers in that city to your data centre
| in another city, after Openreach gathers it all up
| somewhere, rather than paying Openreach, who also own
| fibre, to move that data to your data centre. ]
|
| The main exception is if you have cable TV in your area
| (most larger cities, some suburban regions) you can
| choose to buy the DOCSIS service from the only company
| that owns all large cable TV service in the UK, Virgin
| Cable. In this case Virgin is your only possible ISP. For
| maybe 10% of UK residents this is the most practical way
| to get "good" Internet access, a larger percentage could
| buy this, but they could also switch to an ISP using
| Openreach and still get acceptable Internet access.
|
| A relatively small number of users live somewhere with no
| decent Internet via Openreach, no cable TV, but enough
| local enthusiasm plus money to bury fibre and build their
| own network. In these cases again the only ISP is the one
| that buried the cable, but they're usually community
| owned, so I guess if they do censorship (and I don't know
| if they do) you'd be better placed to argue that policy
| should change than I am.
| hertzrat wrote:
| That's not a terrible system from the sounds of it.
| Speaking of fibre, how is the rollout going? It seems
| like, if private companies own the last mile for fibre,
| the system described will eventually not really exist in
| 20ish years as people gradually upgrade?
| danShumway wrote:
| Two potential reasons spring to mind:
|
| A) In order to drive Tor adoption and increase the
| feasibility of normal people hosting sites on Tor, it is
| necessary that normal people be able to connect to hidden
| services, even if they themselves are not necessarily reaping
| the privacy benefits.
|
| If Firefox and Chrome both supported the Tor protocol out of
| the box then I would be more likely to host content on Tor,
| because I wouldn't need to tell my family and friends to
| install a new browser just to access that content.
|
| B) Even though Brave's Tor features are inferior to the Tor
| browser, they still probably offer some privacy benefit over
| normal browsing (assuming users are not assuming that the
| mode is perfectly private).
|
| That being said:
|
| A) It would still be better for Brave to fix issues like this
| over time, and the leak is worth taking seriously instead of
| brushing off as a known issue.
|
| B) A warning on a FAQ is not sufficient to handle point B.
| Brave should be looking into UX methods to make it clear to
| users that visiting a Tor site does not make them anonymous.
| Most of the people installing Brave are never going to see
| that warning.
| permo-w wrote:
| I'd say more likely than either of those things, it's just
| convenient, and it gives them a(nother) selling point over
| other browsers.
|
| Besides, assuming you live in the West, as long as you
| aren't you're planning a terrorist attack, watching child
| porn, selling drugs, weapons, assassinations, bomb making
| materials, etc, then brave will probably do
|
| I would still use TOR for pretty much any dark web
| activities, but in practicality, as long as you aren't
| doing anything that you can imagine a policeman actively
| hating you for, it's probably pretty safe
| drak0n1c wrote:
| Is it true that everyone who browses Tor needs 100% privacy
| to maintain safety? I'm not very aware, but I've heard that a
| good part of Tor consists of regular boring pages and blogs
| that don't involve transactions and aren't necessarily
| illegal or shady.
| [deleted]
| syrrim wrote:
| For one, it enables access to hidden services.
| ignoramous wrote:
| I know BAT's controversial but there's a lot to like about
| Brave's solution to the surveillance problem, miles better than
| Google's _Privacy Sandbox_ , and whatever it is that Mozilla is
| trying to do.
|
| The thing I don't get is, why do such a poor job at
| implementing a feature?
|
| Tor is synonymous with anonymity. Adding a "Tor tab" without
| the guarantees just reeks of a "me-too" feature and lacks that
| serious security and privacy posture Brave is known for (or
| wants to be known for).
|
| I mean, Brave comes down pretty hard on others [0]; I wish they
| held themselves to higher standards [1]. Forget about striving
| for anonymity by resisting all sorts of sophisticated
| fingerprinting attacks; leaking DNS is plain embarrassing.
|
| [0] https://news.ycombinator.com/item?id=17970567
|
| [1] https://news.ycombinator.com/item?id=23442027
| Forbo wrote:
| "whatever it is Mozilla is trying to do" is called Tor
| Uplift. They're trying to implement as much privacy
| protection as possible from Tor Browser into mainline
| Firefox. https://wiki.mozilla.org/Security/Tor_Uplift
| ignoramous wrote:
| What I meant (for Mozilla, and not Firefox):
| https://news.ycombinator.com/item?id=25443152
| axismundi wrote:
| What if you run Brave through VPN with proper kill switch like
| ProtonVPN?
| miedpo wrote:
| Just so you guys know, they've had a patch for this in beta for a
| few days and they are pushing it to main currently (at least
| according to their Twitter)
| cbracketdash wrote:
| Brave is fixing it:
| https://www.bleepingcomputer.com/news/security/brave-privacy...
___________________________________________________________________
(page generated 2021-02-19 23:01 UTC)