Did some testing with TAP VPN services and other browsers.
Brave while claiming to be a secure browser is very insecure. It does not permit a user to disable web-rtc, and it is completely vulnerable to web-rtc.
When connected through a TAP VPN brave browser leaks:
Both local IP addresses
Both External ipv4 && ipv6 addresses
The local DNS server
When connected through a hardware VPN (only “out” for the whole network)
Brave still leaks both local Ip addresses (VPN & NAT’d)
As for its main claim of protecting user privacy the above fault completely FAILS that claim as this browser EXPOSES the user.
Furthermore a vanilla installation fullscreened on a 1080p monitor does not perform any better than chrome or firefox when eff’s panopticlick fingerprinting test is run on it. The browser does not protect from unique fingerprinting even though absolutely no configurations have changed.
This browser, right now, does not a leg to stand on, if you value privacy use a more mainstream browser with HTTPS Everywhere, Ublock Origin installed and WEBRTC disabled. If you care about anonymity use tor’s browser.
As a security researcher i’d actually consider this browser to be malware if i located it in a secure environment because in addition to the above it comes pre-loaded with 3rd-party password manager’s which are insecure by definition and the inbuilt password manager is a literal joke as it doesnt even allow you to password protect (secure) the saved passwords and stores them plaintext.
edit: To clarify, the same VPN services brave leaks data with do NOT leak AT ALL in firefox or internet explorer.