[HN Gopher] Brave Browser leaks your Tor / Onion service request... ___________________________________________________________________ Brave Browser leaks your Tor / Onion service requests through DNS Author : todsacerdoti Score : 247 points Date : 2021-02-19 16:27 UTC (6 hours ago) (HTM) web link (ramble.pw) (TXT) w3m dump (ramble.pw) | c7DJTLrn wrote: | I respect Brave's efforts to make Tor accessible to the masses, | but it also puts people at risk. There's lot of people with not a | great deal of technical knowledge who are aware of Tor and might | see it as a means to bulletproof privacy, unaware that using it | through Brave on an OS like Windows 10 could easily expose them. | | Brave does present some kind of warning to users when opening an | incognito tab. It just doesn't make the risks clear enough and | will mostly be ignored. | | I'm not sure what solutions there are for this. Perhaps shipping | Tor as part of a regular browser isn't a good idea. In fact, I'd | say Tor should've never been tunnelling generic protocols and | instead had its own protocol for sharing information. That's | another conversation though. | drummer wrote: | You need a good amount of specific knowledge to integrate | something like TOR without putting people at risk through | mistakes. Leaking dns is so basic that it's clear the expertise | for doing the integration safely does not exist at Brave. | breck wrote: | I respect your comment but you can ignore the left half of any | but comment. | c7DJTLrn wrote: | Sorry, I have a poor style of writing. I'll try to clean it | up. | breck wrote: | No worries. I agreed with your comment. That rhetorical | style I find myself doing a lot, until someone pointed it | out to me. They showed me there's a better way to be | constructive. Just jump to the point. Compliments are fine | at the end. | SippinLean wrote: | I never understood this cliche. Half a sentence is | invalidated by a conjunction? We can't have two contrasting | clauses in a single sentence? | chipotle_coyote wrote: | While I think breck's phrasing is a bit overstated, and | sometimes you really do want to have two contrasting | clauses in a single sentence, their statement was (I | presume intentionally!) self-illustrating: | | > I respect your comment but you can ignore the left half | of any but comment. | | "I respect your comment, but..." isn't doing any meaningful | work in this sentence; it's not contrasting anything, it's | just introducing the actual point: "You can ignore the left | half of any 'but' comment." You don't really lose anything | by taking out the left half. | chungus_khan wrote: | The cautious configuration and total separation of the Tor | browser is the whole reason it was created in the first place. | There are an uncountable number of reasons why having it in a | normal everyday browser is probably a bad idea. | | It sort of aligns with my views on a lot of other Brave | projects: neat, and with good intentions, but not necessarily | such a good idea when examined in detail. | c7DJTLrn wrote: | And even with all that caution, holes have been found in Tor | Browser in the past. | | The fact is that software with such a huge attack surface | shouldn't be the mode of interaction for Tor services. | glsdfgkjsklfj wrote: | couldn't agree more. Brave browser is applying startup "break | things faster" to user privacy. | | All fine and dandy when it is some curious silicon valley | engineer playing with new tech at home, but 'selling' that to | people at danger that depends on that tech for safety is huge | red flag. | | Avoid brave browser like the plage. Specially do not | contribute your opensource-time to them, but to the projects | they use (not chromium though) | loceng wrote: | Is there an ideal circumstance or organizational structure | or development process that could allow this to work - and | perhaps that is simply necessitating a very large amount | engineering and security/QA resources? | huzur8472 wrote: | The issue around Tor is not a reason to avoid Brave. It has | a lot of other good attributes for the common people. And I | like it's attempt to let you support websites while | blocking intrusive ads. | _jal wrote: | The issue with Tor, and the issue with ad substitution, | and other things are reasons to doubt the judgement of | the developers. | | Brave is interesting, and I do play with it. I utterly | distrust it, though, and do nothing important with it. | selestify wrote: | Which browsers do you trust? | glsdfgkjsklfj wrote: | Contribute to uBlock and bring no-ads to everyone | instead. | | having brave control which ads you see, will lead to the | same awful situation when adBlockPlus was stolen for | profit: any company could pay to be whitelisted. | blendergeek wrote: | > Contribute to uBlock and bring no-ads to everyone | instead. | | Contribute to uBlock Origin [0]. uBlock was also stolen | for profit [1] and takes money to whitelist ads. | | [0] https://ublockorigin.com/ | | [1] http://tuxdiary.com/2015/06/14/ublock-origin/ | eredengrin wrote: | > but 'selling' that to people at danger that depends on | that tech for safety is huge red flag | | The vast majority of users do not need tor for personal | safety, therefore avoiding brave because of this issue is a | non-sequitur for most people. Ublock origin is great, but | brave is one of the only solutions that is giving a | legitimate attempt at solving the root issues in a | pragmatic manner. Everything else (including ublock origin, | as good as it is) is just cat and mouse. | [deleted] | hundchenkatze wrote: | The comments in that thread... is ramble the new parler? | mrzimmerman wrote: | I think it's another alt-right hangout that popped up after a | ban wave at Reddit. Seems like Voat or one of the .win sites | that are Reddit clones made by banned redditors and they seem | to always turn into /pol in short order. | dkdk8283 wrote: | There are still plenty of people who believe in free speech | irrespective if it's right or wrong. What's right or wrong | changes over time. | x86_64Ubuntu wrote: | This has nothing to do with free speech at all. And it does | appear that ramble could be seen as Parler-esque. It's got | comments citing dailystormer and whitedate.net as "Free | Speech" paragons. We all can be pretty sure that any left | wing posts on such cites, as with Parler, would be moderated | out of existence. | fleshdaddy wrote: | Maybe off topic but I'd never heard of whitedate.net. Is | that considered something bad? I mean it's a little weird | and creepy from the look of it but plenty of exclusionary | dating sites exist. I can even think of a few others that | exclude based on race. | wizzwizz4 wrote: | The kinds of people you'd meet on a site called | "whitedate.net" are _probably_ not worth meeting. | fleshdaddy wrote: | Oh yeah absolutely I wouldn't even be allowed to join. | The commenter just mentioned it in the same breath as the | daily stormer so I'm wondering whether they find it | racist in the same way dailystormer is because it | wouldn't seem that way to me. | matthewmacleod wrote: | Well, it's an overtly, explicitly white-supremacist | dating site. It exhorts people to "have white babies" | because "only white people create white societies"; it | links out to several lists of "pro-white" media including | the aforementioned Daily Stormer, various "white | genocide" blogs, and Stormfront; and it had forums full | of posts on topics like "intentional miscegenation in | advertising". | | It would honestly be pretty hard for me to think of a | _more_ obviously racist website. | | The thing is with this stuff... it kind of makes sense | that you would find dating sites that revolve around a | particular cultural or minority background. You'll find | sites primarily for gay men, lesbians, Muslims, people | with disabilities and so on. That's because the default | culture of a "mainstream" dating site is going to be | "generally mainstream able-bodied heterosexual white- | ish", and people who have a cultural context that doesn't | align with that can have a bit of a tough time with | those. | | A site focusing on "white dating"--at least in the | Anglosphere--doesn't really have the same reason for | existing. I mean on the surface level, something like | "white dating" is the same kind of thing "muslim dating", | and I could certainly see some circumstances in which it | might not be deliberately bad. But the former is | immediately super suspicious, and inevitably a peek | behind the curtain shows it up for what it is. | AnthonyMouse wrote: | The tell for this is that the term "white people" is used | almost exclusively in discussions of race rather than | culture, because "white people" are an internally diverse | group without a unified culture. | | You can find the individual subcultures all over the | place in Irish pubs and Polish clubs and so on, where you | can go and find people immersed in that subculture and | not really expect to find a lot of Actual Nazis. | | But if you go to a place that calls itself "white people" | when that term only really gets used for race, what do | you expect to find? | | It's kind of a stupid idea for anti-racists to even keep | using the term, given that the group has no identity | outside of defunct 20th century pseudoscience notions of | race and preserving and promoting the idea of it as any | kind of coherent group is only fortifying tribalist lines | we should instead be trying to dissolve. | arthur_pryor wrote: | > It's kind of a stupid idea for anti-racists to even | keep using the term, given that the group has no identity | outside of defunct 20th century pseudoscience notions of | race and preserving and promoting the idea of it as any | kind of coherent group is only fortifying tribalist lines | we should instead be trying to dissolve. | | yeah, this is kind of a tough one, though... because | people need to be able to talk about the hegemony of the | group that identifies itself as white at the expense of | the groups that are excluded from that identification. | and always saying something like "the cartel that calls | itself white, where some members aren't even consciously | colluding" is kind of a clunker. esp for people who don't | think/read about this stuff on their own, and who just | think of "white" as a simple and natural ethnic | delineation, to the degree that any ethnic delineation | can be thought of as simple or natural =) | | race, including "whiteness" is a scientific and | biological fiction invented and accepted to maintain (and | hide) a caste system. but through the assiduous | maintenance of that lie, it has become a different sort | of social reality. not using the term "white" makes it | incredibly hard to talk with most people about the issue. | but using the term "white" as most people (superficially) | think of it also helps cement its pernicious effects. | | pretty difficult jam our society has gotten into there. | | "the people who call themselves white" is the best | terminology approach i've seen to dealing with this, but | even that is still quite clunky, and may still make the | speaker sound like a hand-wringing liberal to anyone | who's not already on board with the viewpoint that race | is a pernicious and unscientific lie. | wizzwizz4 wrote: | The general idea... _might_ be okay? But this | implementation is clearly by white supremacists, for | white supremacists: | | * Among their social medias, they list Gab | | * "Trad life", "RedPill" and "Without White Children We | Will Perish" are on their about page | | * > By the way, this is the list of companies supporting | BLM. Just in case you were wondering whom to boycott. | [deleted] | [deleted] | oqkf wrote: | Free speech would mean you support (private companies like) | reddit's choice to ban the white supremacy subreddits. | | What does it have to do with that website being full of | bigots? Their speech is not limited by the government. | [deleted] | Kaze404 wrote: | I had a similar reaction, specifically the person commenting | about the wrong use of "its" degrading the quality of the | article and the dude writing alarmist titles in bold letters. | What a weird place. | karmicthreat wrote: | Is Tor even secure against state actors anymore? I always assumed | that the 5 eyes countries at a minimum have enough nodes to track | you down. | Spivak wrote: | I'm curious how people feel about wanting the Tor browsers to | override system DNS for privacy but Firefox doing it for privacy | is totally unacceptable and should defer to DHCP. | elagost wrote: | In Tor browser I want every request bundled and bounced through | Tor. It is a special exception. Non-special-case software | should respect my OS and network's DNS settings. Simple as | that. I shouldn't have to fiddle with network settings in each | application to get it to behave the way I want. Seems fine that | it's there, if people want to turn it on, but it should not be | on by default. | gruez wrote: | With tor it's required because otherwise any privacy benefits | (literally the point of using tor browser) will be negated by | dns leaks. On the other hand with firefox it's not required, | and the privacy benefits is debatable since the queries just | get funneled from one corporation (your ISP) to another | (cloudflare). | easterncalculus wrote: | Trust. The same reason you'd trust someone with a driver's | license to operate a car over a toddler. Tor is privacy and | anonymity protecting software. Firefox is a web browser. | CodesInChaos wrote: | I can understand Brave not putting as much effort into privacy as | Tor Browser (especially fingerprinting mitigations). | Fingerprinting is difficult to prevent, even using Tor Browser I | apparently have a unique fingerprint. | | But directly leaking the IP address (e.g. via DNS or WebRTP) is | totally unacceptable. | selestify wrote: | > even using Tor Browser I apparently have a unique fingerprint | | How do you tell? | 2-tpg wrote: | https://coveryourtracks.eff.org/ | CodesInChaos wrote: | Interesting, this time it's 1 in 1100. I wonder if Tor | Browser improved since I last ran such a test, if I used a | better fingerprinter (unlikely), or if I just was unlucky | last time. | jerheinze wrote: | This is why you should always stick to the Tor Browser. See for | instance the Tor Browser Design Doc (a bit outdated but still has | a lot of info) for how much work they put to make sure that it | stays as private as possible | https://2019.www.torproject.org/projects/torbrowser/design | smaryjerry wrote: | Yes, if privacy is the main concern. As far as I'm aware you | don't even have access to onion pages at all without brave and | so with brave at least you can view and read parts of the | internet that were previously hidden. | [deleted] | deadalus wrote: | Brave Help Article https://support.brave.com/hc/en- | us/articles/360018121491-Wha... | | In which they, themselves, say (and always have been saying): " | If your personal safety depends on remaining anonymous, we highly | recommend using Tor Browser instead of Brave Tor windows. " | | Also this is a known issue, see https://github.com/brave/brave- | core/pull/7909 | hertzrat wrote: | Looks like that issue was created Jan 10th and the fix was | merged 6 hours ago. Apparently, it was a regression: | | > UPDATE: cause was cname adblocking, so this is a regression, | not an earlier issue. | ddbb33 wrote: | I then wonder what is the point of then including Tor. | DanBC wrote: | People in places like the UK just need a quick and easy way | to evade website blocks. | | > Access to this website has been blocked under an Order of | the Higher Court. | | > Any TalkTalk customer affected by the Court Order has a | right under the Court Order to apply to vary or discharge it. | Any such application must: | | > (i) clearly indicate the identity and status of the | applicant; | | > (ii) be supported by evidence setting out and justifying | the grounds of the application; and | | > (iii) be made on 10 days notice to all of the parties to | the Court Order. | | > For further details click here. | https://community.talktalk.co.uk/t5/Articles/Blocked- | website... | SahAssar wrote: | TOR is a very inefficient way around that if you don't care | about privacy. | emayljames wrote: | There are gonna be 0 chances of getting a waiver. You would | probably have to be law enforcement/lawyer's with a | talktalk connection and involvement in the case. | tialaramex wrote: | Switch to an ISP that doesn't do censorship and so isn't | subject to these orders. Andrews & Arnold. The big ISPs | all wanted to be "family friendly" by doing DNS blocking, | but A&A isn't interested in "friendly" so it has no | capability to do that. When courts issued these rulings | they all say obviously if you don't have blocking you | can't and needn't block this thing either. | | They are not a budget offering, and they don't believe in | "unlimited" bandwidth, but their prices are fair and the | service is excellent. | | It's the difference between hiding a joint in your safe | so there's less chance the cops find it and marching to | just make weed legal. | hertzrat wrote: | Iirc, I think most people do not have a choice of isp | where they live | tialaramex wrote: | In the UK, which is what we're talking about, the | situation goes like this: | | For most people there is FTTC or FTTP owned by | "Openreach" the successor to the national telephone | monopoly which thus owns most of the "last mile" of | copper cable either under pavements in urban areas or | hanging from telegraph poles elsewhere. | | Openreach doesn't offer service to end users, its | products are wholesale only, ISPs buy the wholesale | product, at prices fixed by regulation, and sell Internet | service (they also of course need to buy backhaul, | routers, set up a call centre and so on, Openreach just | makes the "last mile" work) | | Thus, must big UK ISPs are using Openreach and you could | switch to any of the others (including A&A), in principle | literally overnight, since all the physical | infrastructure is unchanged, just somebody has to plug | different values into a database so they're billing a | different ISP and your traffic goes to that ISP not the | previous one. | | [ Under the hood it's _slightly_ more complicated because | you can buy some backhaul from Openreach or from | competitors who own long distance fibres. In a major city | it may be cheaper to use some startup to get 10Gbps of | data from your customers in that city to your data centre | in another city, after Openreach gathers it all up | somewhere, rather than paying Openreach, who also own | fibre, to move that data to your data centre. ] | | The main exception is if you have cable TV in your area | (most larger cities, some suburban regions) you can | choose to buy the DOCSIS service from the only company | that owns all large cable TV service in the UK, Virgin | Cable. In this case Virgin is your only possible ISP. For | maybe 10% of UK residents this is the most practical way | to get "good" Internet access, a larger percentage could | buy this, but they could also switch to an ISP using | Openreach and still get acceptable Internet access. | | A relatively small number of users live somewhere with no | decent Internet via Openreach, no cable TV, but enough | local enthusiasm plus money to bury fibre and build their | own network. In these cases again the only ISP is the one | that buried the cable, but they're usually community | owned, so I guess if they do censorship (and I don't know | if they do) you'd be better placed to argue that policy | should change than I am. | hertzrat wrote: | That's not a terrible system from the sounds of it. | Speaking of fibre, how is the rollout going? It seems | like, if private companies own the last mile for fibre, | the system described will eventually not really exist in | 20ish years as people gradually upgrade? | danShumway wrote: | Two potential reasons spring to mind: | | A) In order to drive Tor adoption and increase the | feasibility of normal people hosting sites on Tor, it is | necessary that normal people be able to connect to hidden | services, even if they themselves are not necessarily reaping | the privacy benefits. | | If Firefox and Chrome both supported the Tor protocol out of | the box then I would be more likely to host content on Tor, | because I wouldn't need to tell my family and friends to | install a new browser just to access that content. | | B) Even though Brave's Tor features are inferior to the Tor | browser, they still probably offer some privacy benefit over | normal browsing (assuming users are not assuming that the | mode is perfectly private). | | That being said: | | A) It would still be better for Brave to fix issues like this | over time, and the leak is worth taking seriously instead of | brushing off as a known issue. | | B) A warning on a FAQ is not sufficient to handle point B. | Brave should be looking into UX methods to make it clear to | users that visiting a Tor site does not make them anonymous. | Most of the people installing Brave are never going to see | that warning. | permo-w wrote: | I'd say more likely than either of those things, it's just | convenient, and it gives them a(nother) selling point over | other browsers. | | Besides, assuming you live in the West, as long as you | aren't you're planning a terrorist attack, watching child | porn, selling drugs, weapons, assassinations, bomb making | materials, etc, then brave will probably do | | I would still use TOR for pretty much any dark web | activities, but in practicality, as long as you aren't | doing anything that you can imagine a policeman actively | hating you for, it's probably pretty safe | drak0n1c wrote: | Is it true that everyone who browses Tor needs 100% privacy | to maintain safety? I'm not very aware, but I've heard that a | good part of Tor consists of regular boring pages and blogs | that don't involve transactions and aren't necessarily | illegal or shady. | [deleted] | syrrim wrote: | For one, it enables access to hidden services. | ignoramous wrote: | I know BAT's controversial but there's a lot to like about | Brave's solution to the surveillance problem, miles better than | Google's _Privacy Sandbox_ , and whatever it is that Mozilla is | trying to do. | | The thing I don't get is, why do such a poor job at | implementing a feature? | | Tor is synonymous with anonymity. Adding a "Tor tab" without | the guarantees just reeks of a "me-too" feature and lacks that | serious security and privacy posture Brave is known for (or | wants to be known for). | | I mean, Brave comes down pretty hard on others [0]; I wish they | held themselves to higher standards [1]. Forget about striving | for anonymity by resisting all sorts of sophisticated | fingerprinting attacks; leaking DNS is plain embarrassing. | | [0] https://news.ycombinator.com/item?id=17970567 | | [1] https://news.ycombinator.com/item?id=23442027 | Forbo wrote: | "whatever it is Mozilla is trying to do" is called Tor | Uplift. They're trying to implement as much privacy | protection as possible from Tor Browser into mainline | Firefox. https://wiki.mozilla.org/Security/Tor_Uplift | ignoramous wrote: | What I meant (for Mozilla, and not Firefox): | https://news.ycombinator.com/item?id=25443152 | axismundi wrote: | What if you run Brave through VPN with proper kill switch like | ProtonVPN? | miedpo wrote: | Just so you guys know, they've had a patch for this in beta for a | few days and they are pushing it to main currently (at least | according to their Twitter) | cbracketdash wrote: | Brave is fixing it: | https://www.bleepingcomputer.com/news/security/brave-privacy... ___________________________________________________________________ (page generated 2021-02-19 23:01 UTC)