This allows an attacker to fingerprint, or prove beyond reasonable doubt, that a user was using Tor at that very specific moment in time. A local, on-disk attacker could read the Brave Browser’s “Local State” json file and identify the last time a Tor session was used, affecting the confidentiality of a user’s Tor session.įor example, the “Local State” file of a user who has recently used a Tor session would list a key value pair with a timestamp as accurate as “13248493693576042”.
CVE IDĬVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Internal IDĪ vulnerability in the Brave Browser allows an attacker to view the last time a Tor session was used in incognito mode. Please use one of the above methods to obtain more bridge addresses, and try again.Exposure of Sensitive Information to an Unauthorized Actor – Brave Browser Potentially Logs The Last Time A Tor Window Was Used. If the connection fails, the bridges you received may be down. Select the checkbox UseĪ bridge, and from the option Provide a bridge, enter each bridge address on a separate line. Look for Tor connection settings and click on it. Complete the Captcha and click Submit.įrom Brave, click on Main Menu -> Settings and then on PrivacyĪnd security in the sidebar. Toggle the Use a bridge, option "on", then select Request a bridgeįrom, click Request a New Bridge. Tap on Start or write /start or /bridges in the chat.įrom Brave, click on Settings in the hamburger menu (≡) and then on "Privacy and security" in the sidebar.
Email from a Gmail, or Riseup email address.
Getting bridge addressesīecause bridge addresses are not public, you will need to request them yourself. You do not need to obtain bridge addresses in order to use these transports. Other pluggable transports, like meek, use different anti-censorship techniques that do not rely on bridges. Using bridges in combination with pluggable transports helps to conceal the fact that you are using Tor, but may slow down the connection compared to using ordinary Tor relays. Like ordinary Tor relays, bridges are run by volunteers unlike ordinary relays, however, they are not listed publicly, so an adversary cannot identify them easily. Most pluggable transports, such as obfs4, rely on the use of "bridge" relays.
0 kommentar(er)
