Brave Software—Brave Tor mode leaked .onion DNS queries outside the Tor network

Feb 19, 2021

In February 2021, security researchers discovered that Brave's private browsing with Tor mode was leaking DNS queries for .onion addresses to the user's regular DNS resolver rather than routing them through Tor. This exposed users' attempts to visit hidden services to their ISP or DNS provider, undermining the core privacy guarantees of Tor browsing. Brave acknowledged the bug and issued a patch.

Scoring Impact

Topic	Direction	Relevance	Contribution
User Privacy	-against	primary	-1.00
Overall incident score =			-0.429

Score = avg(topic contributions) × significance (high ×1.5) × confidence (0.57)× agency (negligent ×0.5)

Evidence (1 signal)

Confirms product_decision Feb 19, 2021 documented

Security researchers reported Brave Tor mode DNS leak to regular resolver

In February 2021, security researchers discovered that Brave's Tor mode was sending DNS queries for .onion domains to the user's normal DNS resolver instead of routing them through the Tor network. This exposed hidden service visits to ISPs. Brave acknowledged and patched the issue.

Tom's Guide

Related: Same Topics

Mustafa Suleyman · Claimed web content is 'freeware' for AI training, contradicting copyright law

Jun 28, 2024

Inrupt · Deployed Solid data pods for 6 million Flanders citizens and partnered with NHS, BBC, NatWest for data sovereignty

Dec 1, 2021

LY Corporation · Suffered major data breach affecting 520,000 users due to shared infrastructure with Korean parent

Oct 9, 2023

Aravind Srinivas · Refused to define plagiarism when asked, claimed facts cannot be owned

Oct 30, 2024

Tim Cook · Delivered keynote speech declaring privacy a fundamental human right and calling for federal privacy legislation

Oct 24, 2018