Security warning: Private browser feature exposes search history
Many browsers have some form of privacy mode built into it. Chromium-based browsers have incognito, where it allows you to browse (somewhat) anonymously without your data being tracked.
In addition to hiding your exact location, incognito mode doesn’t store your search history or which websites you have visited. When you close the incognito window, all data and cookies associated with the session are deleted. Tap or click here to find out when you should be using incognito mode.
Brave Browser takes that one step further by allowing you to browse the internet through a built-in feature called “Private Window with Tor.” This lets you access .onion websites without having to download the separate Tor browser for online anonymity. But a critical flaw has been discovered, shattering users’ privacy.
Here’s the backstory
Tor, which stands for The Onion Router, is an open-source program that allows you to browse the internet anonymously. It redirects your network traffic through 7,000 nodes across the world, hiding your location and internet usage.
The Tor browser is also used to access sites on the Dark Web that end in the .onion suffix. These websites are highly anonymous and have, over the years, become a hotbed for illegal activity. Tap or click here for a deep dive into the Dark Web.
First alerted to the issue in January, a privacy bug was detected within the “Private Window with Tor” option for Brave Browser. By tapping into the Tor network, the private window gives the same anonymity level as the Tor browser.
Exposing a bug
In theory, all user data and traffic are made untraceable, but the bug exposed all .onion websites that a user visits to public DNS resolvers. In short, it allows your ISP or DNS provider to see which Tor websites you visited. The search queries are also tied to your computer’s IP address.
Thankfully, Brave has rushed out a patch to fix the issue. The update was scheduled for the release of version 1.21.x, but after the bug came to light Brave released it sooner.
That’s why it’s important to make sure your Brave browser is updated to the most recent release. Updating is straightforward. Here is a quick video tutorial on how to do it:
The Brave browser is still one of the most secure options out there, but no system is fool-proof. Security flaws like this can (and will) slip through the cracks at times.
Even though the issue has been fixed, it is still a good reminder that you should be extra vigilant online. For added security online, you should be using a virtual private network or VPN.
We recommend our sponsor, ExpressVPN. Right now, Kim Komando listeners can take advantage of a special limited-time offer. Get 3 extra months free when you sign up for a 12-month plan at ExpressVPN.com/kim.
What Incognito mode doesn’t do
Incognito is a great way to hide searching or browsing data if you share a computer with others, but there are a couple of things that it doesn’t do.
One of the biggest misconceptions is that stealth mode prevents your ISP from seeing your online activity. This is not true, and your ISP monitors all traffic.
- If you sign into a social network or service while in incognito mode, the website will still know that it is you. By signing in, the website or service will be able to track your activity throughout the website.
- Browsing in incognito doesn’t prevent others from seeing your activity — if the network is monitored. Using the internet at a school or workplace, the network administrators can still track your browsing.
- Incognito doesn’t hide your browsing history from your Internet Service Provider. Your ISP can see where you go, what you searched for and how you use the internet.
- Incognito also doesn’t prevent you from seeing ads on websites. If you are browsing online, you will be served with advertising. As soon as you close the window, websites won’t be able to serve you ads based on your history in incognito.
Keep Reading
Security tip: How to set up a VPN on all your devices
Update Google Chrome now to avoid hackers’ favorite security flaw