I respect Brave's efforts to make Tor accessible to the masses, but it also puts people at risk. There's lot of people with not a great deal of technical knowledge who are aware of Tor and might see it as a means to bulletproof privacy, unaware that using it through Brave on an OS like Windows 10 could easily expose them.
Brave does present some kind of warning to users when opening an incognito tab. It just doesn't make the risks clear enough and will mostly be ignored.
I'm not sure what solutions there are for this. Perhaps shipping Tor as part of a regular browser isn't a good idea. In fact, I'd say Tor should've never been tunnelling generic protocols and instead had its own protocol for sharing information. That's another conversation though.
The cautious configuration and total separation of the Tor browser is the whole reason it was created in the first place. There are an uncountable number of reasons why having it in a normal everyday browser is probably a bad idea.
It sort of aligns with my views on a lot of other Brave projects: neat, and with good intentions, but not necessarily such a good idea when examined in detail.
couldn't agree more. Brave browser is applying startup "break things faster" to user privacy.
All fine and dandy when it is some curious silicon valley engineer playing with new tech at home, but 'selling' that to people at danger that depends on that tech for safety is huge red flag.
Avoid brave browser like the plage. Specially do not contribute your opensource-time to them, but to the projects they use (not chromium though)
Is there an ideal circumstance or organizational structure or development process that could allow this to work - and perhaps that is simply necessitating a very large amount engineering and security/QA resources?
The issue around Tor is not a reason to avoid Brave. It has a lot of other good attributes for the common people. And I like it’s attempt to let you support websites while blocking intrusive ads.
Contribute to uBlock and bring no-ads to everyone instead.
having brave control which ads you see, will lead to the same awful situation when adBlockPlus was stolen for profit: any company could pay to be whitelisted.
It does make you question their sincerity though. It should be in bold, in red at the top of their "tor mode" that it doesn't work as well as the regular tor browser.
> but 'selling' that to people at danger that depends on that tech for safety is huge red flag
The vast majority of users do not need tor for personal safety, therefore avoiding brave because of this issue is a non-sequitur for most people. Ublock origin is great, but brave is one of the only solutions that is giving a legitimate attempt at solving the root issues in a pragmatic manner. Everything else (including ublock origin, as good as it is) is just cat and mouse.
You need a good amount of specific knowledge to integrate something like TOR without putting people at risk through mistakes. Leaking dns is so basic that it's clear the expertise for doing the integration safely does not exist at Brave.
No worries. I agreed with your comment. That rhetorical style I find myself doing a lot, until someone pointed it out to me. They showed me there’s a better way to be constructive. Just jump to the point. Compliments are fine at the end.
While I think breck's phrasing is a bit overstated, and sometimes you really do want to have two contrasting clauses in a single sentence, their statement was (I presume intentionally!) self-illustrating:
> I respect your comment but you can ignore the left half of any but comment.
"I respect your comment, but..." isn't doing any meaningful work in this sentence; it's not contrasting anything, it's just introducing the actual point: "You can ignore the left half of any 'but' comment." You don't really lose anything by taking out the left half.
This has nothing to do with free speech at all. And it does appear that ramble could be seen as Parler-esque. It's got comments citing dailystormer and whitedate.net as "Free Speech" paragons. We all can be pretty sure that any left wing posts on such cites, as with Parler, would be moderated out of existence.
Maybe off topic but I’d never heard of whitedate.net. Is that considered something bad? I mean it’s a little weird and creepy from the look of it but plenty of exclusionary dating sites exist. I can even think of a few others that exclude based on race.
Oh yeah absolutely I wouldn’t even be allowed to join. The commenter just mentioned it in the same breath as the daily stormer so I’m wondering whether they find it racist in the same way dailystormer is because it wouldn’t seem that way to me.
Well, it's an overtly, explicitly white-supremacist dating site. It exhorts people to "have white babies" because "only white people create white societies"; it links out to several lists of "pro-white" media including the aforementioned Daily Stormer, various "white genocide" blogs, and Stormfront; and it had forums full of posts on topics like "intentional miscegenation in advertising".
It would honestly be pretty hard for me to think of a more obviously racist website.
The thing is with this stuff… it kind of makes sense that you would find dating sites that revolve around a particular cultural or minority background. You'll find sites primarily for gay men, lesbians, Muslims, people with disabilities and so on. That's because the default culture of a "mainstream" dating site is going to be "generally mainstream able-bodied heterosexual white-ish", and people who have a cultural context that doesn't align with that can have a bit of a tough time with those.
A site focusing on "white dating"—at least in the Anglosphere—doesn't really have the same reason for existing. I mean on the surface level, something like "white dating" is the same kind of thing "muslim dating", and I could certainly see some circumstances in which it might not be deliberately bad. But the former is immediately super suspicious, and inevitably a peek behind the curtain shows it up for what it is.
The tell for this is that the term "white people" is used almost exclusively in discussions of race rather than culture, because "white people" are an internally diverse group without a unified culture.
You can find the individual subcultures all over the place in Irish pubs and Polish clubs and so on, where you can go and find people immersed in that subculture and not really expect to find a lot of Actual Nazis.
But if you go to a place that calls itself "white people" when that term only really gets used for race, what do you expect to find?
It's kind of a stupid idea for anti-racists to even keep using the term, given that the group has no identity outside of defunct 20th century pseudoscience notions of race and preserving and promoting the idea of it as any kind of coherent group is only fortifying tribalist lines we should instead be trying to dissolve.
> It's kind of a stupid idea for anti-racists to even keep using the term, given that the group has no identity outside of defunct 20th century pseudoscience notions of race and preserving and promoting the idea of it as any kind of coherent group is only fortifying tribalist lines we should instead be trying to dissolve.
yeah, this is kind of a tough one, though... because people need to be able to talk about the hegemony of the group that identifies itself as white at the expense of the groups that are excluded from that identification. and always saying something like "the cartel that calls itself white, where some members aren't even consciously colluding" is kind of a clunker. esp for people who don't think/read about this stuff on their own, and who just think of "white" as a simple and natural ethnic delineation, to the degree that any ethnic delineation can be thought of as simple or natural =)
race, including "whiteness" is a scientific and biological fiction invented and accepted to maintain (and hide) a caste system. but through the assiduous maintenance of that lie, it has become a different sort of social reality. not using the term "white" makes it incredibly hard to talk with most people about the issue. but using the term "white" as most people (superficially) think of it also helps cement its pernicious effects.
pretty difficult jam our society has gotten into there.
"the people who call themselves white" is the best terminology approach i've seen to dealing with this, but even that is still quite clunky, and may still make the speaker sound like a hand-wringing liberal to anyone who's not already on board with the viewpoint that race is a pernicious and unscientific lie.
> because people need to be able to talk about the hegemony of the group that identifies itself as white at the expense of the groups that are excluded from that identification.
The answer to this is to use it only when dealing with people who go around "identifying" themselves as white. You find a "white dating" site, you know they're the jerks, and then we have to have this discussion about why that's stupid and those people suck.
But there is also a modern tendency to use it in entirely other contexts. For example, it's more the rule than the exception that the good school district in an area is gated by high real estate costs. If you can't afford the more expensive house, your kid can't go to the better school.
It's easy to cast this and similar situations in racial rather than economic terms because the people who can't afford the more expensive real estate are disproportionately black. Then you get fake anti-racists talking about "white people" (implying the upper middle class) and "black people" (implying the poor), and for a specific reason.
Because that city will have 30,000 upper middle class "white people" and 25,000 poor "white people" and 25,000 poor "black people" and if the affluent can make it about race rather than economics then they get 55,000 votes to 25,000 in their favor instead of 50,000 to 30,000 against. It's an attempt -- often successful -- to preserve racism to serve as a wedge between poor black people and poor white people who would otherwise see that they have common interests.
Notice how many of the people who do this are college educated "white people" who for inexplicable reasons speak against the self-interest of their supposed ingroup, until you notice that the reason is actually quite explicable.
Exactly, Free Speech includes the right to do what you want on your platform. Otherwise you have to meet on neutral ground. Reddit has zero obligation to give a megaphone to anyone that they choose not to. Redditors can pursue other avenues if they're not happy with the policy. Those people can move to Gag and Parler
I had a similar reaction, specifically the person commenting about the wrong use of "its" degrading the quality of the article and the dude writing alarmist titles in bold letters. What a weird place.
I think it's another alt-right hangout that popped up after a ban wave at Reddit. Seems like Voat or one of the .win sites that are Reddit clones made by banned redditors and they seem to always turn into /pol in short order.
This is why you should always stick to the Tor Browser. See for instance the Tor Browser Design Doc (a bit outdated but still has a lot of info) for how much work they put to make sure that it stays as private as possible https://2019.www.torproject.org/projects/torbrowser/design
Yes, if privacy is the main concern. As far as I’m aware you don’t even have access to onion pages at all without brave and so with brave at least you can view and read parts of the internet that were previously hidden.
I’m curious how people feel about wanting the Tor browsers to override system DNS for privacy but Firefox doing it for privacy is totally unacceptable and should defer to DHCP.
With tor it's required because otherwise any privacy benefits (literally the point of using tor browser) will be negated by dns leaks. On the other hand with firefox it's not required, and the privacy benefits is debatable since the queries just get funneled from one corporation (your ISP) to another (cloudflare).
Trust. The same reason you'd trust someone with a driver's license to operate a car over a toddler. Tor is privacy and anonymity protecting software. Firefox is a web browser.
In Tor browser I want every request bundled and bounced through Tor. It is a special exception. Non-special-case software should respect my OS and network's DNS settings. Simple as that. I shouldn't have to fiddle with network settings in each application to get it to behave the way I want. Seems fine that it's there, if people want to turn it on, but it should not be on by default.
In which they, themselves, say (and always have been saying): " If your personal safety depends on remaining anonymous, we highly recommend using Tor Browser instead of Brave Tor windows. "
There are gonna be 0 chances of getting a waiver. You would probably have to be law enforcement/lawyer's with a talktalk connection and involvement in the case.
Switch to an ISP that doesn't do censorship and so isn't subject to these orders. Andrews & Arnold. The big ISPs all wanted to be "family friendly" by doing DNS blocking, but A&A isn't interested in "friendly" so it has no capability to do that. When courts issued these rulings they all say obviously if you don't have blocking you can't and needn't block this thing either.
They are not a budget offering, and they don't believe in "unlimited" bandwidth, but their prices are fair and the service is excellent.
It's the difference between hiding a joint in your safe so there's less chance the cops find it and marching to just make weed legal.
In the UK, which is what we're talking about, the situation goes like this:
For most people there is FTTC or FTTP owned by "Openreach" the successor to the national telephone monopoly which thus owns most of the "last mile" of copper cable either under pavements in urban areas or hanging from telegraph poles elsewhere.
Openreach doesn't offer service to end users, its products are wholesale only, ISPs buy the wholesale product, at prices fixed by regulation, and sell Internet service (they also of course need to buy backhaul, routers, set up a call centre and so on, Openreach just makes the "last mile" work)
Thus, most big UK ISPs are using Openreach and you could switch to any of the others (including A&A), in principle literally overnight, since all the physical infrastructure is unchanged, just somebody has to plug different values into a database so they're billing a different ISP and your traffic goes to that ISP not the previous one.
[ Under the hood it's slightly more complicated because you can buy some backhaul from Openreach or from competitors who own long distance fibres. In a major city it may be cheaper to use some startup to get 10Gbps of data from your customers in that city to your data centre in another city, after Openreach gathers it all up somewhere, rather than paying Openreach, who also own fibre, to move that data to your data centre. ]
The main exception is if you have cable TV in your area (most larger cities, some suburban regions) you can choose to buy the DOCSIS service from the only company that owns all large cable TV service in the UK, Virgin Cable. In this case Virgin is your only possible ISP. For maybe 10% of UK residents this is the most practical way to get "good" Internet access, a larger percentage could buy this, but they could also switch to an ISP using Openreach and still get acceptable Internet access.
A relatively small number of users live somewhere with no decent Internet via Openreach, no cable TV, but enough local enthusiasm plus money to bury fibre and build their own network. In these cases again the only ISP is the one that buried the cable, but they're usually community owned, so I guess if they do censorship (and I don't know if they do) you'd be better placed to argue that policy should change than I am.
That’s not a terrible system from the sounds of it. Speaking of fibre, how is the rollout going? It seems like, if private companies own the last mile for fibre, the system described will eventually not really exist in 20ish years as people gradually upgrade?
Openreach runs fibre to new build properties (it's literally free if you say "I'm a house builder, here's my plan for where these dozen new houses go" they'll turn up and run fibre just the way they'd have run copper cable to make telephones work forty years ago) or, where necessary or when paid to replace copper to old sites, and that would become available as the wholesale product. Last mile service is a natural monopoly, so outside of city centres you'd always expect there to be one provider, Openreach, which is regulated to provide wholesale service.
In a city yeah, it'll make sense for some startup to run a few miles of fibre to deliver Internet just to properties likely to want to pay extra for fast service, and they would own that fibre, but they'll have competitors so there's less threat of problems.
For Openreach there's a web site (and an API) to basically plug in an identifier for a telephone line and get out what wholesale products are available for that location. ISPs could in principle find that you have 300Mbps fibre available, and even though you purchased their cheap 1990s-style ADSL service they decide to pay Openreach to enable fibre, but then they just clamp the data flow to 10Mbps so you're not getting a better service. I don't think that would make any commercial sense, but they could do that if it makes sense to them.
A friend lives not very far from me on a weird little road near the university that just sort of runs down a hill to nowhere. That road isn't "adopted" (it is notionally owned by some of the people who live on it, and local government won't pay to fix it) and it turns out this meant they didn't get FTTC. So they just did a fundraiser to pay Openreach to run FTTP into their road. I was shocked somewhere like that doesn't have modern Internet so I donated a little money.
When the work finishes the residents don't magically get (better) Internet service, but they will have fibre, that'll appear in the API and so then they can buy fast services which they'd previously not be eligible for because the ISP does an API call and sees there's no fibre option.
If you're wealthy you could sidestep all this and pay Openreach to run FTTP specifically to your home, but I'd guess that as well as being expensive (not new Ferrari expensive, but a lot more than a new MacBook) this would put you in some huge queue of weird vanity projects for which Openreach has finite workers available. So maybe they don't dig a trench until 2022.
In my experience fibre is a great benefit for 'normal' use. Streaming, browsing, email are all fine on 20mbs services. Unless you have lots of teenagers watching Netflix it's not obvious to me you'd want to pax 2x as much for fibre
A) In order to drive Tor adoption and increase the feasibility of normal people hosting sites on Tor, it is necessary that normal people be able to connect to hidden services, even if they themselves are not necessarily reaping the privacy benefits.
If Firefox and Chrome both supported the Tor protocol out of the box then I would be more likely to host content on Tor, because I wouldn't need to tell my family and friends to install a new browser just to access that content.
B) Even though Brave's Tor features are inferior to the Tor browser, they still probably offer some privacy benefit over normal browsing (assuming users are not assuming that the mode is perfectly private).
That being said:
A) It would still be better for Brave to fix issues like this over time, and the leak is worth taking seriously instead of brushing off as a known issue.
B) A warning on a FAQ is not sufficient to handle point B. Brave should be looking into UX methods to make it clear to users that visiting a Tor site does not make them anonymous. Most of the people installing Brave are never going to see that warning.
I’d say more likely than either of those things, it’s just convenient, and it gives them a(nother) selling point over other browsers.
Besides, assuming you live in the West, as long as you aren’t you’re planning a terrorist attack, watching child porn, selling drugs, weapons, assassinations, bomb making materials, etc, then brave will probably do
I would still use TOR for pretty much any dark web activities, but in practicality, as long as you aren’t doing anything that you can imagine a policeman actively hating you for, it’s probably pretty safe
Is it true that everyone who browses Tor needs 100% privacy to maintain safety? I'm not very aware, but I've heard that a good part of Tor consists of regular boring pages and blogs that don't involve transactions and aren't necessarily illegal or shady.
My first thought is that frequent and disparate traffic makes Tor more secure against certain attacks. Including Tor in Brave makes Tor better.
Also, I can imagine some instances where you want to obfuscate your IP location to the visited site/service, but don't much care if your DNS requests leak because you're more concerned about the accessed site/service generating a patchwork of locations associated with a specific user and less concerned about your ISP or DNS provider knowing generally that you connect to the site/service.
I know BAT's controversial but there's a lot to like about Brave's solution to the surveillance problem, miles better than Google's Privacy Sandbox, and whatever it is that Mozilla is trying to do.
The thing I don't get is, why do such a poor job at implementing a feature?
Tor is synonymous with anonymity. Adding a "Tor tab" without the guarantees just reeks of a "me-too" feature and lacks that serious security and privacy posture Brave is known for (or wants to be known for).
I mean, Brave comes down pretty hard on others [0]; I wish they held themselves to higher standards [1]. Forget about striving for anonymity by resisting all sorts of sophisticated fingerprinting attacks; leaking DNS is plain embarrassing.
"whatever it is Mozilla is trying to do" is called Tor Uplift. They're trying to implement as much privacy protection as possible from Tor Browser into mainline Firefox. https://wiki.mozilla.org/Security/Tor_Uplift
I personally just use tails. Takes a few minutes to boot into and I love it. Then again I don't really use TOR all that much these days but anyone who needs maximum security (journalists and the such) is likely using something like tails.
Just so you guys know, they've had a patch for this in beta for a few days and they are pushing it to main currently (at least according to their Twitter)
I can understand Brave not putting as much effort into privacy as Tor Browser (especially fingerprinting mitigations). Fingerprinting is difficult to prevent, even using Tor Browser I apparently have a unique fingerprint.
But directly leaking the IP address (e.g. via DNS or WebRTP) is totally unacceptable.
Interesting, this time it's 1 in 1100. I wonder if Tor Browser improved since I last ran such a test, if I used a better fingerprinter (unlikely), or if I just was unlucky last time.
I’m not familiar with tor, but isn’t it possible to run it on a pi and route traffic through it? This way nothing would leak. Are there any disadvantages of that?
Sure, and you can configure it as a wireless router with a different SSID from your main network. Connect to it when you want to use Tor, then go back to your main network when you want better throughput/latency/jitter and you don't want half of the internet to treat you like a bot.
Apart from using Tor, you can route your DNS to avoid your ISP, which makes sense in a world where ISPs have your name/address/bank# and use what they know about you to make money.
You'd probably be sending out a lot of information that can be used to identify you (telemetry, logins, other fingerprintable info about your system). Just using Tails seems like a better option.
Am i the only one noticing all the Adolf Hitlers and the very nazi and obvious racist/misogynist content on ramble.pw? I'm glad they found a vuln & all, but why publish there of all places?
If you can call that irony, that message board was to my knowledge developed by/for anarchists (the exact opposite of ramble).
93 comments
[ 3.0 ms ] story [ 165 ms ] threadBrave does present some kind of warning to users when opening an incognito tab. It just doesn't make the risks clear enough and will mostly be ignored.
I'm not sure what solutions there are for this. Perhaps shipping Tor as part of a regular browser isn't a good idea. In fact, I'd say Tor should've never been tunnelling generic protocols and instead had its own protocol for sharing information. That's another conversation though.
It sort of aligns with my views on a lot of other Brave projects: neat, and with good intentions, but not necessarily such a good idea when examined in detail.
The fact is that software with such a huge attack surface shouldn't be the mode of interaction for Tor services.
All fine and dandy when it is some curious silicon valley engineer playing with new tech at home, but 'selling' that to people at danger that depends on that tech for safety is huge red flag.
Avoid brave browser like the plage. Specially do not contribute your opensource-time to them, but to the projects they use (not chromium though)
Brave is interesting, and I do play with it. I utterly distrust it, though, and do nothing important with it.
having brave control which ads you see, will lead to the same awful situation when adBlockPlus was stolen for profit: any company could pay to be whitelisted.
Contribute to uBlock Origin [0]. uBlock was also stolen for profit [1] and takes money to whitelist ads.
[0] https://ublockorigin.com/
[1] http://tuxdiary.com/2015/06/14/ublock-origin/
The vast majority of users do not need tor for personal safety, therefore avoiding brave because of this issue is a non-sequitur for most people. Ublock origin is great, but brave is one of the only solutions that is giving a legitimate attempt at solving the root issues in a pragmatic manner. Everything else (including ublock origin, as good as it is) is just cat and mouse.
> I respect your comment but you can ignore the left half of any but comment.
"I respect your comment, but..." isn't doing any meaningful work in this sentence; it's not contrasting anything, it's just introducing the actual point: "You can ignore the left half of any 'but' comment." You don't really lose anything by taking out the left half.
• Among their social medias, they list Gab
• "Trad life", "RedPill" and "Without White Children We Will Perish" are on their about page
• > By the way, this is the list of companies supporting BLM. Just in case you were wondering whom to boycott.
It would honestly be pretty hard for me to think of a more obviously racist website.
The thing is with this stuff… it kind of makes sense that you would find dating sites that revolve around a particular cultural or minority background. You'll find sites primarily for gay men, lesbians, Muslims, people with disabilities and so on. That's because the default culture of a "mainstream" dating site is going to be "generally mainstream able-bodied heterosexual white-ish", and people who have a cultural context that doesn't align with that can have a bit of a tough time with those.
A site focusing on "white dating"—at least in the Anglosphere—doesn't really have the same reason for existing. I mean on the surface level, something like "white dating" is the same kind of thing "muslim dating", and I could certainly see some circumstances in which it might not be deliberately bad. But the former is immediately super suspicious, and inevitably a peek behind the curtain shows it up for what it is.
You can find the individual subcultures all over the place in Irish pubs and Polish clubs and so on, where you can go and find people immersed in that subculture and not really expect to find a lot of Actual Nazis.
But if you go to a place that calls itself "white people" when that term only really gets used for race, what do you expect to find?
It's kind of a stupid idea for anti-racists to even keep using the term, given that the group has no identity outside of defunct 20th century pseudoscience notions of race and preserving and promoting the idea of it as any kind of coherent group is only fortifying tribalist lines we should instead be trying to dissolve.
yeah, this is kind of a tough one, though... because people need to be able to talk about the hegemony of the group that identifies itself as white at the expense of the groups that are excluded from that identification. and always saying something like "the cartel that calls itself white, where some members aren't even consciously colluding" is kind of a clunker. esp for people who don't think/read about this stuff on their own, and who just think of "white" as a simple and natural ethnic delineation, to the degree that any ethnic delineation can be thought of as simple or natural =)
race, including "whiteness" is a scientific and biological fiction invented and accepted to maintain (and hide) a caste system. but through the assiduous maintenance of that lie, it has become a different sort of social reality. not using the term "white" makes it incredibly hard to talk with most people about the issue. but using the term "white" as most people (superficially) think of it also helps cement its pernicious effects.
pretty difficult jam our society has gotten into there.
"the people who call themselves white" is the best terminology approach i've seen to dealing with this, but even that is still quite clunky, and may still make the speaker sound like a hand-wringing liberal to anyone who's not already on board with the viewpoint that race is a pernicious and unscientific lie.
The answer to this is to use it only when dealing with people who go around "identifying" themselves as white. You find a "white dating" site, you know they're the jerks, and then we have to have this discussion about why that's stupid and those people suck.
But there is also a modern tendency to use it in entirely other contexts. For example, it's more the rule than the exception that the good school district in an area is gated by high real estate costs. If you can't afford the more expensive house, your kid can't go to the better school.
It's easy to cast this and similar situations in racial rather than economic terms because the people who can't afford the more expensive real estate are disproportionately black. Then you get fake anti-racists talking about "white people" (implying the upper middle class) and "black people" (implying the poor), and for a specific reason.
Because that city will have 30,000 upper middle class "white people" and 25,000 poor "white people" and 25,000 poor "black people" and if the affluent can make it about race rather than economics then they get 55,000 votes to 25,000 in their favor instead of 50,000 to 30,000 against. It's an attempt -- often successful -- to preserve racism to serve as a wedge between poor black people and poor white people who would otherwise see that they have common interests.
Notice how many of the people who do this are college educated "white people" who for inexplicable reasons speak against the self-interest of their supposed ingroup, until you notice that the reason is actually quite explicable.
What does it have to do with that website being full of bigots? Their speech is not limited by the government.
In which they, themselves, say (and always have been saying): " If your personal safety depends on remaining anonymous, we highly recommend using Tor Browser instead of Brave Tor windows. "
Also this is a known issue, see https://github.com/brave/brave-core/pull/7909
> Access to this website has been blocked under an Order of the Higher Court.
> Any TalkTalk customer affected by the Court Order has a right under the Court Order to apply to vary or discharge it. Any such application must:
> (i) clearly indicate the identity and status of the applicant;
> (ii) be supported by evidence setting out and justifying the grounds of the application; and
> (iii) be made on 10 days notice to all of the parties to the Court Order.
> For further details click here. https://community.talktalk.co.uk/t5/Articles/Blocked-website...
They are not a budget offering, and they don't believe in "unlimited" bandwidth, but their prices are fair and the service is excellent.
It's the difference between hiding a joint in your safe so there's less chance the cops find it and marching to just make weed legal.
For most people there is FTTC or FTTP owned by "Openreach" the successor to the national telephone monopoly which thus owns most of the "last mile" of copper cable either under pavements in urban areas or hanging from telegraph poles elsewhere.
Openreach doesn't offer service to end users, its products are wholesale only, ISPs buy the wholesale product, at prices fixed by regulation, and sell Internet service (they also of course need to buy backhaul, routers, set up a call centre and so on, Openreach just makes the "last mile" work)
Thus, most big UK ISPs are using Openreach and you could switch to any of the others (including A&A), in principle literally overnight, since all the physical infrastructure is unchanged, just somebody has to plug different values into a database so they're billing a different ISP and your traffic goes to that ISP not the previous one.
[ Under the hood it's slightly more complicated because you can buy some backhaul from Openreach or from competitors who own long distance fibres. In a major city it may be cheaper to use some startup to get 10Gbps of data from your customers in that city to your data centre in another city, after Openreach gathers it all up somewhere, rather than paying Openreach, who also own fibre, to move that data to your data centre. ]
The main exception is if you have cable TV in your area (most larger cities, some suburban regions) you can choose to buy the DOCSIS service from the only company that owns all large cable TV service in the UK, Virgin Cable. In this case Virgin is your only possible ISP. For maybe 10% of UK residents this is the most practical way to get "good" Internet access, a larger percentage could buy this, but they could also switch to an ISP using Openreach and still get acceptable Internet access.
A relatively small number of users live somewhere with no decent Internet via Openreach, no cable TV, but enough local enthusiasm plus money to bury fibre and build their own network. In these cases again the only ISP is the one that buried the cable, but they're usually community owned, so I guess if they do censorship (and I don't know if they do) you'd be better placed to argue that policy should change than I am.
In a city yeah, it'll make sense for some startup to run a few miles of fibre to deliver Internet just to properties likely to want to pay extra for fast service, and they would own that fibre, but they'll have competitors so there's less threat of problems.
For Openreach there's a web site (and an API) to basically plug in an identifier for a telephone line and get out what wholesale products are available for that location. ISPs could in principle find that you have 300Mbps fibre available, and even though you purchased their cheap 1990s-style ADSL service they decide to pay Openreach to enable fibre, but then they just clamp the data flow to 10Mbps so you're not getting a better service. I don't think that would make any commercial sense, but they could do that if it makes sense to them.
A friend lives not very far from me on a weird little road near the university that just sort of runs down a hill to nowhere. That road isn't "adopted" (it is notionally owned by some of the people who live on it, and local government won't pay to fix it) and it turns out this meant they didn't get FTTC. So they just did a fundraiser to pay Openreach to run FTTP into their road. I was shocked somewhere like that doesn't have modern Internet so I donated a little money.
When the work finishes the residents don't magically get (better) Internet service, but they will have fibre, that'll appear in the API and so then they can buy fast services which they'd previously not be eligible for because the ISP does an API call and sees there's no fibre option.
If you're wealthy you could sidestep all this and pay Openreach to run FTTP specifically to your home, but I'd guess that as well as being expensive (not new Ferrari expensive, but a lot more than a new MacBook) this would put you in some huge queue of weird vanity projects for which Openreach has finite workers available. So maybe they don't dig a trench until 2022.
A) In order to drive Tor adoption and increase the feasibility of normal people hosting sites on Tor, it is necessary that normal people be able to connect to hidden services, even if they themselves are not necessarily reaping the privacy benefits.
If Firefox and Chrome both supported the Tor protocol out of the box then I would be more likely to host content on Tor, because I wouldn't need to tell my family and friends to install a new browser just to access that content.
B) Even though Brave's Tor features are inferior to the Tor browser, they still probably offer some privacy benefit over normal browsing (assuming users are not assuming that the mode is perfectly private).
That being said:
A) It would still be better for Brave to fix issues like this over time, and the leak is worth taking seriously instead of brushing off as a known issue.
B) A warning on a FAQ is not sufficient to handle point B. Brave should be looking into UX methods to make it clear to users that visiting a Tor site does not make them anonymous. Most of the people installing Brave are never going to see that warning.
Besides, assuming you live in the West, as long as you aren’t you’re planning a terrorist attack, watching child porn, selling drugs, weapons, assassinations, bomb making materials, etc, then brave will probably do
I would still use TOR for pretty much any dark web activities, but in practicality, as long as you aren’t doing anything that you can imagine a policeman actively hating you for, it’s probably pretty safe
Also, I can imagine some instances where you want to obfuscate your IP location to the visited site/service, but don't much care if your DNS requests leak because you're more concerned about the accessed site/service generating a patchwork of locations associated with a specific user and less concerned about your ISP or DNS provider knowing generally that you connect to the site/service.
The thing I don't get is, why do such a poor job at implementing a feature?
Tor is synonymous with anonymity. Adding a "Tor tab" without the guarantees just reeks of a "me-too" feature and lacks that serious security and privacy posture Brave is known for (or wants to be known for).
I mean, Brave comes down pretty hard on others [0]; I wish they held themselves to higher standards [1]. Forget about striving for anonymity by resisting all sorts of sophisticated fingerprinting attacks; leaking DNS is plain embarrassing.
[0] https://news.ycombinator.com/item?id=17970567
[1] https://news.ycombinator.com/item?id=23442027
> UPDATE: cause was cname adblocking, so this is a regression, not an earlier issue.
But directly leaking the IP address (e.g. via DNS or WebRTP) is totally unacceptable.
How do you tell?
Apart from using Tor, you can route your DNS to avoid your ISP, which makes sense in a world where ISPs have your name/address/bank# and use what they know about you to make money.
If you can call that irony, that message board was to my knowledge developed by/for anarchists (the exact opposite of ramble).