Wednesday, February 01, 2023
 Brave.com Is Now Available as an Onion Service

Brave, the Chromium-based browser that sells itself on privacy and adblocking features, launched a version of its website for Tor users.

In a recent blog post, a Devops Engineer at Brave announced the creation of a Brave.com onion service (brave5t5rjjg3s6k.onion). Brave is fairly straightforward about the purpose of the onion service. Unlike many high-profile companies with onion services, Brave’s recent creation appears to exist for more than just optics.

“…we wanted to make our website and browser download accessible to Tor users by creating Tor onion services for Brave websites.”

brave gif min“These services are a way to protect users’ metadata, such as their real location, and enhance the security of our already-encrypted traffic. This was desired for a few reasons, foremost of which was to be able to reach users who could be in a situation where learning about and retrieving Brave browser is problematic.”

For a company that specializes in blocking and serving advertisements, Brave included unusually helpful information in their blog post. Specifically about using Alec Muffett’s Enterprise Onion Toolkit (EOTK) and obtaining their current EV certificate. The overwhelming majority of onion services have no use for SSL certificates. As a result, we rarely see the process of obtaining such a certificate documented (in this context).

“One snag was that the process of proving you own the address requires a few different steps of validation. One is the traditional EV due diligence of contacting a representative of the organization that is on-file with DigiCert. Another is a practical demonstration, either of a DNS TXT record or a HTTP request to a well-known URL path. Since the onion addresses don’t have the concept of DNS, TXT validation will be impossible. That leaves the only remaining option as the HTTP practical demonstration. The demonstration involves requesting a challenge from DigiCert, at which point they will send you a short string and a path that they need to see the string served at.”

brave ssl“You then start a web server listening on that address on port 80 (non-SSL). They will send a GET request for that path. If they are able to successfully fetch the string, they know that you are in control of the address. Sadly, when I performed this song and dance with DigiCert the request did not work for 2 reasons. One was that EOTK was redirecting all of the non-SSL traffic to the SSL listener. The request failed since we were still running an EOTK-generated self-signed certificate.”

DigiCert’s automated validator for SSL certificates is unable to route Tor traffic, according to Brave. It appears as if Brave had to open a chat session with a DigiCert employee to finally get things working.


Brave.com is available over Tor at the following address: brave5t5rjjg3s6k.onion.

On a related note, Security Boulevard has an interesting article on identifying the public I.P. address of an onion service using its SSL certificate. That is available

 

Top Dark Web Links

Dark Web Search Engines & Hidden Wiki's

Dark Web Links

Dark Web Search Engines & Hidden Wiki's

How Do I Access Hidden Services? In order to access .onion websites you need to download and install the Tor browser. You can download it for any operating system using...

By Administrator - Oct.11

Dark Net Links 2022

Dark Web Links

Dark Net Links 2023

TOP DARK NET MARKETS 2023   DeepMarket - is a secure and anonymous marketplace with Multisig Escrow System. Here you can find trusted sellers and buy the most popular products in DeepWeb...

By Administrator - Oct.11

Blogs,Forums,Chats

Dark Web Links

Blogs,Forums,Chats

Forums. This list contains forums, imageboards, and other platforms for discussion on the darkweb including Underdir, Blackhat Chat, 8chan, and Germany in the Deepweb. The forums listed here focus on...

By Administrator - Oct.11

Safe Darknet Email Provider

Dark Web Links

Safe Darknet Email Provider

Best Anonymous Email Services in 2021 .In this anonymous email piece, I’ll mention some of the best onion (and their clearnet domain versions, when available) email services which prioritize privacy...

By Administrator - Oct.11

 Top DarkNet Markets 2022

Dark Web Links

Top DarkNet Markets 2023

DeepMarket - is a secure and anonymous marketplace with Multisig Escrow System. Here you can find trusted sellers and buy the most popular products in DeepWeb (Recommended) TorBuy Money transfers Paypal, Western...

By Administrator - Oct.11

Open Source Software

Dark Web Links

Open Source Software

Open Source Software 1. OnionShare OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. Link: http://lldan5gahapx5k7iafb3s4ikijc4ni7gx5iywdflkba5y2ezyg6sjgyd.onion/ 2. Whonix Whonix ™...

By Administrator - Oct.11

Privacy Service

Dark Web Links

Privacy Service

Privacy Service 1. Snopyta Snopyta runs online services based on freedom, privacy and decentralization. Link: http://cct5wy6mzgmft24xzw6zeaf55aaqmo6324gjlsghdhbiw5gdaaf4pkad.onion/ 2. RiseUp Riseup provides online communication tools for people and groups working on liberatory social change. We are a...

By Administrator - Oct.11