Last updated Nov 5, 2020
IMHO the main problem of Tor in Brave is about fingerprinting: Tor Browser is made to avoid to be unique, that is the real challenge: fingerprinting is one of the best way Police, FBI and other trackers use to identify people. I guess that Tor in Brave is much more identifiable. If you lose this advantage your anonymity can be compromised. Look at this guide and at the top of it look at Brave and compare it to what is said about Tor, then make up your mind. Tor is a hardened version of Firefox. You can find more useful articles/discussions on r/theprivacymachine. In terms of anonymity, Tor Browser is far superior. Tor Browser is really the only browser that’s known to be properly configured to use Tor. Furthermore, a big bonus with Tor Browser is that your fingerprint is the same as all other Tor users, wh. Brave with Tor does not provide the same level of Privacy as the Tor browser, if your life depends on remaining anonymous, use the Tor browser. If you just want to hide your browsing from ISP, work or school, then tor private tabs are for you. We are just making it super convenient for users to swtich between regular browsing and Tor browsing.
Easy entrance onto the Tor network also provides a great introduction for new users and access to the browsing of hidden websites (ending in.onion). This Brave Tor tab should not be considered entirely anonymous. The use of Brave on the Tor network stands out from the majority of the browsers on Tor. Instead, use the official Tor browser.
Nearly every browser has a version of Chrome’s Incognito mode, designed to keep your browsing history hidden from other users on the same computer. But will your favorite extensions work in Incognito mode?
It is important to note that browsing in Incognito mode will not keep your actions hidden from trackers and ads on the Internet; Incognito mode is no private browser. But if you are using Incognito mode and want to keep your extensions at the same time, we’ll show you how in this article.
For truly private browsing, ditch Incognito mode altogether; switch to Brave and the added security of Brave Shields to keep you safe from third-party trackers and unwanted ads.
Incognito and private browsing
Incognito on browsers like Chrome do little more than prevent the browser from storing your search history on that device. It does nothing about the websites you visit or any trackers on the Internet. As far as the websites you visit are concerned, Incognito mode is the same as normal browsing.
Truly private browsing is something different. A private browser keeps your habits hidden from third-party trackers and websites themselves, helping to keep you safely anonymous on the Internet.
When (and when not) to use Incognito mode
Incognito mode keeps things hidden on the user’s side, so browse with Incognito mode when you are trying to hide your history from other users on the same device. Buying a secret birthday gift or planning a surprise holiday? Incognito mode is the way to go. Your browsing history will be deleted when you end the session, and no other users on the same device can see what you did.
If you have genuine concerns about your Internet privacy, don’t rely solely on Incognito mode. Only a few browsers have a private browsing mode that actually keeps you hidden from third parties. Brave’s Private Window with Tor is one example since it uses the Tor network to relay your connection through three different devices and keep you anonymous from prying eyes. Incognito mode on Chrome does nothing of the sort, and the only way to make it more private is to use third-party extensions - the same as in normal browsing on Chrome.
Allowing extensions in Incognito mode
Brave automatically disables extensions in Private browsing mode.
To enable them, you’ll need to find Preferences under the Brave menu.
Then select Extensions > Manage Extensions, and find the extension you want to allow.
Click “More Details” under that extension, and you should see an option to “Allow in Private browsing.”
You will also see a warning, notifying you that any extension you allow will have the ability to see your activity.
In Chrome, your extensions as a general rule do not work in Incognito mode. Because extensions are a third-party addition to your browser, and most are tracking your browsing history for better performance, Incognito mode automatically disables them.
Both Brave and Chrome require users to explicitly enable extensions for private windows.
You will need to adjust the settings in your browser.
Open Chrome > Menu > More Tools > Extensions.
From the Extensions page, you can select the extension you wish to use in Incognito mode and enable it.
Note that not every extension will have that option. If there is not an option to enable the extension in Incognito mode, then the extension may not work.
Firefox, just like Chrome and Brave, does not automatically allow your extensions to work in Private Browsing mode (Firefox’s version of Incognito).
To give permission for your extensions to work, you’ll need to open Firefox.
Select Menu > Add-ons > Extensions > Run in Private Windows > Allow
Microsoft Edge calls Incognito “Private browsing” and requires that you enable extensions to work in private browsing.
To change this feature, you’ll need to open Edge, select Menu > Extensions > Installed Extensions.
To turn on Private Browsing for each extension, you’ll need to select Details under each extension and choose “Allow in Private”.
Turning on an extension to work in private mode does not change the extension itself. If it is insecure, your browsing will be compromised whether you are in Private Browsing mode or not. It is important you know exactly what extensions you have downloaded and given permissions to.
Tor Brave Browser
Brave’s Private Window with Tor and extensions
The Tor browser is one of the most secure browsers out there, but it comes with a learning curve and some drawbacks, such as diminished browsing speed. Brave actually has two private browsing modes - a normal one, and one that adds the protection of the Tor network to your private browsing window.
Brave’s Private Window with Tor routes your connection through three relays in the Tor network. Each step knows only the next step in the chain - the point of origin is kept anonymous, meaning that it is extremely difficult for websites to identify you and track your habits.
With Brave, you get the benefits of Tor plus all the benefits of Brave, along with an extra layer of protection for you in private mode.
Brave Browser is fixing a privacy issue that leaks the Tor onion URL addresses you visit to your locally configured DNS server, exposing the dark web websites you visit.
Brave is Chromium-based browser that has been modified with privacy in mind, including a built-in ad blocker, tight data controls, and a built-in Tor browser mode to browse the web anonymously.
Websites located on Tor use onion URL addresses that users can only access through the Tor network. For example, DuckDuckGo's Tor address is https://3g2upl4pq6kufc4m.onion/ and the New York Time's address is https://www.nytimes3xbfgragh.onion/.
To access Tor onion URLs, Brave added a 'Private Window with Tor' mode that acts as a proxy to the Tor network. When you attempt to connect to an onion URL, your request is proxied through volunteer-run Tor nodes who make the request for you and send back the returned HTML.
Due to this proxy implementation, Brave's Tor mode does not directly provide the same level of privacy as using the Tor Browser.
Brave's leaks Tor DNS requests
When using Brave's Tor mode, it should forward all requests to the Tor proxies and not send any information to any non-Tor Internet devices to increase privacy.
However, a bug in Brave's 'Private window with Tor' mode is causing the onion URL for any Tor address you visit to also be sent as a standard DNS query to your machine's configured DNS server.
This bug was first reported in a Reddit post and later confirmed by James Kettle, the Director of Research at PortSwigger.
BleepingComputer has also verified the claims by using Wireshark to view DNS traffic while using Brave's Tor mode.
As you can see in the video below, when visiting the DuckDuckGo and NY Times' onion URLs in Brave's Tor browser mode, the browser also performed DNS queries to our locally configured DNS server, Google's public servers at IP address 18.104.22.168.
Brave is aware of this bug as it was reported on their GitHub project page eighteen days ago, and developers have already created a fix.
This issue is caused by Brave's CNAME decloaking ad-blocking feature that blocks third-party tracking scripts that use CNAME DNS records to impersonate a first-party script.
Use Tor With Brave
To prevent Tor URLs from being sent to configured DNS servers, Brave has disabled the CNAME adblocking feature when in the Tor browsing mode.
'Per discussion on slack with @bridiver and @iefremov, we came to a conclusion that disabling CNAME adblock for Tor would be best option now. Considering in order to make DoH route through Tor, we need to remove
LOAD_BYPASS_PROXY for dns transaction but it might introduce dns and proxy code looping when we need to resolve proxy name,' the Brave developers explained in the reported issue.
This fix was originally expected to roll out in the Brave Browser Beta 1.21.x but Brave Browser developer Yan Zhu tweeted that a hotfix will be uplifted to the next Stable version.
this was scheduled to land in 1.21.x (currently in beta) but given that it's now public we will uplift to a stable hotfix— yan (@bcrypt) February 19, 2021