Like all other browsers, Brave includes a “private browsing” option that leaves no traces of online activity on your computer and makes websites think you’ve never visited before. But the startup is working on adding a new level of protection to its private tabs by incorporating the Tor Project‘s network identity-hiding technology.
Yan Zhu, a Brave programmer whose long history of privacy and security projects includes encrypted email at Yahoo and some work on Tor’s software, is leading Brave’s Tor work.
“This new browsing mode will give the user better protection from local surveillance, such as by their internet service provider or other users on a shared Wi-Fi network,” she said.
ISPs snooping on your online behavior? That sort of privacy erosion just got a lot easier with a measure President Donald Trump signed Monday that frees broadband providers like Comcast and Verizon from a requirement to obtain your permission before tracking your online behavior and selling that information to advertisers.
Given today’s technological and political trends, building Tor into private tabs is “critical,” said Forrester analyst Fatemeh Khatibloo. It delivers some of private tabs’ unfulfilled promise and will pressure other browser makers to follow suit.
“I don’t recommend Tor to many people because it’s difficult to use,” Khatibloo said. But making it easy through built-in tabs could turn private tabs into “a truly private experience.”
Trump said repealing the privacy rules cuts business-slowing regulatory burdens. Verizon, Comcast and AT&T say they won’t sell your data anyway. But the move by Trump and Congress to repeal the privacy protections has privacy advocates up in arms.
“That bill was a disgusting bill, because when we use the web, we are so vulnerable,” Tim-Berners Lee, who just received the computing industry’s top prize for inventing the World Wide Web, said in an interview with the Guardian.
What Tor adds
When you browse the web, all the data packets sent from your phone or PC get where they’re going through an addressing system called the Internet Protocol (IP). IP addresses reveal a lot of information, though. Your ISP can tell what websites you’re visiting, and websites you visit can tell it was you who showed up.
Tor’s “onion router” technology masks this information by bouncing your internet communications through a randomized series of intermediate servers, each with its own IP address.
Building Tor into private tabs makes it hard for ISPs to track you. “They see a bunch of encrypted packets going off to the Netherlands, the Middle East, Asia, whatever. They really lose track of the thread,” said Brave Chief Executive Brendan Eich.
Using a virtual private network (VPN) can help — or just shift the privacy invasion away from your ISP and to the VPN provider. In contrast, Tor makes it hard not only for ISPs to track you but even bigger players like governments, Eich said.
Private tabs on steroids
Private tabs are an option in all browsers, though they sometimes go by other names, like incognito tabs in Chrome and InPrivate tabs in Microsoft Edge. Private tabs help protect privacy by not recording any of your website visits to your browsing history; discarding all text files called “cookies” that websites use to store information about you; and not revealing to websites any cookies that already may have been set in your browser.
That’s why, with private tabs, Amazon can’t tell what you have in your shopping basket and why you’re not automatically logged into Gmail.
Tor will expand on what private tabs can do. Even with private tabs and an encrypted connection, for example, your ISP, whose job it is to examine and deliver your network data, could notice that you just visited the IP address of Google’s search service and, immediately afterward, visited the webpage of a car dealer. That could be a strong signal that you’re in the market for a new car, prime information for advertisers.
Using Tor makes that kind of tracking much harder.
Brave goes farther than ordinary private tabs in other ways, too. For example, it already tries to upgrade insecure HTTP website communication links into encrypted HTTPS links when possible to make it harder for others to snoop your network traffic. The Tor private tabs will be more aggressive, preventing any insecure connection at all, Eich said.
Tor already offers a modified version of Firefox, and both project member Georg Koppen and Brave’s Zhu recommend it for maximum anonymity protection. But Tor is enthusiastic about Brave’s work.
“We have long argued that a Private Browsing Mode should not only be concerned with local attackers but should take adversaries sitting between users and destinations they visit into account,” Koppen said. “Thus, using Tor in Brave’s private browsing mode by default is a big step towards giving users better privacy on the internet.”
CNET Magazine: Check out a sampling of the stories you’ll find in CNET’s newsstand edition.
It’s Complicated: This is dating in the age of apps. Having fun yet? These stories get to the heart of the matter.