Since Brave uses Tor control channel, it is no longer possible for websites or extensions to connect to the Tor socks proxy. This may be a good thing for security, but some extensions may need to connect to the Tor proxy in order to make legit and hidden requests. This would increase privacy when extensions are doing requests in Tor mode.

So I propose two solutions to this

Proposal 1, Exposing Tor proxy address

This is the simplest solution, just expose the Tor socks proxy address through JavaScript, and let the extension make hidden onion requests by connecting to the Tor proxy via fetch or tor-request. For security, this would be accessible with a custom extension permission or prompt, or as an option in the extensions page.

Proposal 2, Route all extension traffic through Tor

This one would be harder to develop. Route all traffic through Tor, transparently, but it would cause some technical issues if the endpoint doesn’t accept Tor. Also, if the extension includes some metadata in its requests this could harm privacy. But maybe we can solve those issues by making the routing opt-in in the extensions page.

Proposal 3, Bring back fixed port for Tor as an option #12424

This one is just reverting to the previous behaviour, but it will cause security issues, right?