Security warning: Private browser feature exposes search history

February 22, 2021

By Kim Komando

Many browsers have some form of privacy mode built into it. Chromium-based browsers have incognito, where it allows you to browse (somewhat) anonymously without your data being tracked.

In addition to hiding your exact location, incognito mode doesn’t store your search history or which websites you have visited. When you close the incognito window, all data and cookies associated with the session are deleted. Tap or click here to find out when you should be using incognito mode.

Brave Browser takes that one step further by allowing you to browse the internet through a built-in feature called “Private Window with Tor.” This lets you access .onion websites without having to download the separate Tor browser for online anonymity. But a critical flaw has been discovered, shattering users’ privacy.

Here’s the backstory

Tor, which stands for The Onion Router, is an open-source program that allows you to browse the internet anonymously. It redirects your network traffic through 7,000 nodes across the world, hiding your location and internet usage.

The Tor browser is also used to access sites on the Dark Web that end in the .onion suffix. These websites are highly anonymous and have, over the years, become a hotbed for illegal activity. Tap or click here for a deep dive into the Dark Web.

First alerted to the issue in January, a privacy bug was detected within the “Private Window with Tor” option for Brave Browser. By tapping into the Tor network, the private window gives the same anonymity level as the Tor browser.

Exposing a bug

In theory, all user data and traffic are made untraceable, but the bug exposed all .onion websites that a user visits to public DNS resolvers. In short, it allows your ISP or DNS provider to see which Tor websites you visited. The search queries are also tied to your computer’s IP address.

Thankfully, Brave has rushed out a patch to fix the issue. The update was scheduled for the release of version 1.21.x, but after the bug came to light Brave released it sooner.

That’s why it’s important to make sure your Brave browser is updated to the most recent release. Updating is straightforward. Here is a quick video tutorial on how to do it:

The Brave browser is still one of the most secure options out there, but no system is fool-proof. Security flaws like this can (and will) slip through the cracks at times.

Even though the issue has been fixed, it is still a good reminder that you should be extra vigilant online. For added security online, you should be using a virtual private network or VPN.

We recommend our sponsor, ExpressVPN. Right now, Kim Komando listeners can take advantage of a special limited-time offer. Get 3 extra months free when you sign up for a 12-month plan at ExpressVPN.com/kim.

What Incognito mode doesn’t do

Incognito is a great way to hide searching or browsing data if you share a computer with others, but there are a couple of things that it doesn’t do.

One of the biggest misconceptions is that stealth mode prevents your ISP from seeing your online activity. This is not true, and your ISP monitors all traffic.

Keep Reading

Security tip: How to set up a VPN on all your devices

Update Google Chrome now to avoid hackers’ favorite security flaw

https://www.komando.com/tips/browser-exposes-search-history/