- Brave: How They Work. The most significant difference between TOR and Brave is how they connect to sites on the web. TOR Connection Basics. As you may know, TOR stands for The Onion Router. With TOR, your internet data is encrypted and then travels through a network of relays operated by volunteers worldwide.
- Today, Brave welcomes you to the new Internet. One where your time is valued, your personal data is kept private, and you actually get rewarded for your attention. With your old browser, you paid to browse the web by viewing ads with your valuable attention.
- May 22, 2020 The privacy-focused Brave browser also has an option to route traffic through Tor when inside a private window. Are there any downsides to using Tor? Because Tor is a volunteer-run network, speed.
- UI and Experience. Brave browser follows the tried and tested formula with an address bar.
The Tor Browser uses port 9150. The Brave Browser Stable Release uses port 9250; The Brave Browser Beta Release uses port 9260; The Brave Browser Nightly Builds uses port 9270; The Brave Browser Development builds use ports 9280 or 9290. So the Tor Browser and Brave Browser connections do not interfere. I hope this answers your questions.
Brave Browser is fixing a privacy issue that leaks the Tor onion URL addresses you visit to your locally configured DNS server, exposing the dark web websites you visit.
Brave is Chromium-based browser that has been modified with privacy in mind, including a built-in ad blocker, tight data controls, and a built-in Tor browser mode to browse the web anonymously.
Websites located on Tor use onion URL addresses that users can only access through the Tor network. For example, DuckDuckGo's Tor address is https://3g2upl4pq6kufc4m.onion/ and the New York Time's address is https://www.nytimes3xbfgragh.onion/.
To access Tor onion URLs, Brave added a 'Private Window with Tor' mode that acts as a proxy to the Tor network. When you attempt to connect to an onion URL, your request is proxied through volunteer-run Tor nodes who make the request for you and send back the returned HTML.
Due to this proxy implementation, Brave's Tor mode does not directly provide the same level of privacy as using the Tor Browser.
Brave's leaks Tor DNS requests
When using Brave's Tor mode, it should forward all requests to the Tor proxies and not send any information to any non-Tor Internet devices to increase privacy.
However, a bug in Brave's 'Private window with Tor' mode is causing the onion URL for any Tor address you visit to also be sent as a standard DNS query to your machine's configured DNS server.
Tor And Brave Cast
This bug was first reported in a Reddit post and later confirmed by James Kettle, the Director of Research at PortSwigger.
BleepingComputer has also verified the claims by using Wireshark to view DNS traffic while using Brave's Tor mode.
As you can see in the video below, when visiting the DuckDuckGo and NY Times' onion URLs in Brave's Tor browser mode, the browser also performed DNS queries to our locally configured DNS server, Google's public servers at IP address 22.214.171.124.
Brave is aware of this bug as it was reported on their GitHub project page eighteen days ago, and developers have already created a fix.
This issue is caused by Brave's CNAME decloaking ad-blocking feature that blocks third-party tracking scripts that use CNAME DNS records to impersonate a first-party script.
Brave For Iphone
To prevent Tor URLs from being sent to configured DNS servers, Brave has disabled the CNAME adblocking feature when in the Tor browsing mode.
'Per discussion on slack with @bridiver and @iefremov, we came to a conclusion that disabling CNAME adblock for Tor would be best option now. Considering in order to make DoH route through Tor, we need to remove
LOAD_BYPASS_PROXY for dns transaction but it might introduce dns and proxy code looping when we need to resolve proxy name,' the Brave developers explained in the reported issue.
This fix was originally expected to roll out in the Brave Browser Beta 1.21.x but Brave Browser developer Yan Zhu tweeted that a hotfix will be uplifted to the next Stable version.
this was scheduled to land in 1.21.x (currently in beta) but given that it's now public we will uplift to a stable hotfix— yan (@bcrypt) February 19, 2021