Brave Brave browser's hamburger menu serves Tor onion routing
Private tabs squeezed through anonymizing network taste like actual privacy
Brave Software has updated its web browser so that its private mode actually supports privacy, or nearly – a few lingering technical issues still need to get ironed out.
The Tor network masks users' true public IP addresses, by routing connections through nodes scattered over the world, in an attempt to conceal their whereabouts and identity. Instead of connecting folks directly to websites and servers, it passes requests through a series of relays over encrypted connections, obfuscating the origin of the requests. Bear in mind the final relay to the public internet – your exit node – can snoop on your connection, so you should always use HTTPS to shroud your traffic from Tor relay administrators, just in case.
You can also use Tor to access sites within the anonymizing network, known as hidden services.
Popular browsers such as Chrome, Edge, Firefox (the basis for the official Tor browser) and Safari claim they support privacy, but they only get users halfway there. Their respective privacy modes prevent browsing data from being retained within the browser, however, they don't conceal the user's public IP address.
So if you were surfing the internet at home using Chrome's Incognito mode, your browsing history and web cookies associated with that session would not be stored by Chrome. However, websites you visit, or surveillance boxes along your internet route, will log your public IP address, which can be used to track you down, via your ISP, to your home address, or identify you as you browse around the internet.
Most people won't and don't care about that. But maybe you do.
Dark web doesn't exist, says Tor's Dingledine. And folks use network for privacy, not crimeREAD MORE
"We provide a browser that works out of the box rather than asking users to configure network services themselves," a company spokesperson explained in an email to The Register.
"Brave's Private Tabs with Tor are accessible from the File menu by clicking New Private Tab with Tor (or from the hamburger menu at the top right of the screen). This makes enhanced privacy protection conveniently accessible within the browser. A Brave user can also have one or more regular tabs, session tabs, private tabs, and Private Tabs with Tor open."
The Brave browser also helps against browser fingerprinting.
"Most trackers aren't able to attempt fingerprinting attacks against Brave at all because we block them before they even load," the company's spokesperson said.
Brave defaults to DuckDuckGo for search in Private Tabs with Tor, because Google treats anonymous users differently than those it can identify.
"If you're using Tor then Google will show a lot of challenges asking you to prove that you're a human, and that makes the site much less pleasant to use," Brave explained on its website.
Other site may treat those using Private Tabs with Tor differently, too. Some may not work properly or may limit interaction – Wikipedia, for example, restricts anonymous edits over Tor.
There's another potential downside: performance.
"Browsing via Tor is typically somewhat slower than using an unprotected connection," Brave's spokesperson said.
Like encryption program PGP, Tor amounts to pretty good privacy but it's not perfect. In addition to the unavoidable risk of software vulnerabilities, the Brave team noted that the current integration of Tor remains a work in progress. In other words, it may leak your public IP address.
"Brave requires leak-proofing, which we intend to address in future versions (today is the beta release), as well as a New Identity button functionality, for instance," Brave's spokesperson said.
The browser biz advises downloading and using the full-blown Firefox-based Tor browser if you really need to protect your identity and hide your public IP address. Basically, if you like the cut of Brave's jib, try out its Tor mode. If you're particularly worried about privacy, go for the official Tor browser for now.
Those with serious, life-threatening privacy concerns, such as activists in authoritarian countries, should do their best to avoid technology altogether because digital security is so difficult to get right. ®
- Advanced persistent threat
- Black Hat
- Bug Bounty
- Common Vulnerability Scoring System
- Cybersecurity and Infrastructure Security Agency
- Cybersecurity Information Sharing Act
- Data Breach
- Data Protection
- Data Theft
- Digital certificate
- Identity Theft
- Kenna Security
- Palo Alto Networks
- Privacy Sandbox
- Quantum key distribution
- Remote Access Trojan
- RSA Conference
- Trusted Platform Module
- Zero trust