In brief Brave has patched up its privacy-focused web browser after it was spotted leaking its Tor users' dark-web habits.
The browser has a built-in Tor mode, allowing folks to easily and anonymously surf the dark-web network. However, this code started spilling over the open internet the .onion domains visited by the browser to whatever DNS servers the software was configured to use for non-Tor websites, allowing whoever operates those DNS servers – or anyone who can snoop on the queries in transit – to figure out the kinds of hidden services frequented by an individual user.
The problem was clocked in mid-January by the bug hunter xiaoyinl, reported to Brave's HackerOne-run bounty program. A fix was soon sorted out and released to end the ad-blocking-related leak.
"The root cause was a new ..
Support the originator by clicking the read the rest link below.