Brave Browser’s Tor Mode Is Leaking the Users’ Real IP Address

  • The Tor mode in Brave is reportedly leaking the real IP address of those visiting onion sites.
  • The ISP knows which sites these users are visiting and could share that data with the authorities.
  • This is definitely a big blunder by Brave, and users who wish to remain anonymous should use the Tor browser.

There’s a discussion in the privacy-minded community about using Brave browser’s Tor mode and whether that would be safe for those who wish to remain anonymous. Apparently, users discovered that all requests made for onion domains to the DNS server and the ISP are tagged with the real IP address of the requester, so essentially, the ID of the subscriber is leaked. This defeats the purpose of accessing an anonymous network like the Tor network, but it is actually not anything that Brave hasn’t already warned its users about.

As clearly mentioned in the relevant support page of Brave, using Tor mode won’t guarantee your privacy, and Brave cannot protect you from IP-discovery systems that may be in place. Of course, this doesn’t sound like “we’re not going to even bother,” but it clearly makes the case about the Tor mode being there just for convenience, not for anonymity.

If you’re looking for the latter, you’d better use the Tor browser directly. Even then, nothing is guaranteed, but you will be using a tool that’s at least more focused on the fulfillment of the crucial ID-masking role.


Of course, if you’re using a VPN, which we would suggest that you do when visiting Tor sites, Brave will leak that IP, so there’s still a way to protect your anonymity while using Brave’s Tor mode. However, if the VPN tool you’re using is leaking your real IP address, tough luck.

The researcher who first discovered and reported this was treated somewhat aggressively by Reddit mods who cited reliability issues, even accusing him of potentially faking the screenshots. Since then, many more people have tested their DNS traffic and confirmed the problem, so there’s no doubt about that.

We have seen no statements from Brave yet, and judging from their responses in the past, we won’t be surprised if they decide to rework their DNS resolver and stop the leakage. Brave is a privacy-conscious project and wouldn’t just let people’s IP addresses become prey to ISPs or the authorities.

It’s just against all that they stand for, and we believe that this is just a bit that slipped their attention. Of course, they should have known and done better, and this is unquestionably disappointing for their otherwise growing userbase.



Researchers Find Multiple Vulnerabilities in WP Fastest Cache Plugin

WP Fastest Cache Plugin has two vulnerabilities recently patched.Authors released version 0.9.5 to fix the vulnerabilities.If still unpatched, hackers can have admin...

Missouri to Prosecute ‘Hacker’ Who Informed State About Data Leak

Missouri Governor threatened to take up legal action against a reporter who found a cybersecurity blunder.The journalist discovered educators' social security numbers...

Man Scams Amazon Textbook Rental Service for $1.5 Million

An US citizen was arrested after borrowing expensive Amazon books and then selling them.The man used gift cards, multiple customer accounts, and...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari