Browser making unsolicited connections to Google

Description of the issue:

If the Secure DNS feature is enabled on Brave, Brave connects to and A connection is then made to on every launch of the browser, and at other times as well.

Steps to Reproduce:

  1. Enable Secure DNS.
  2. Select “Choose another provider” and configure the provider of your choice. (I used NextDNS)
  3. Brave connects to and

Actual Result:

Brave connects to Google.

Expected result:

Brave should not make unsolicited connections to Google in this way.

Reproduces how often:

Every time the browser launches, a connection is made, and it occurs every time Secure DNS is enabled with the steps described above.

Operating System and Brave Version:

Tested and was able to replicate the issue on v1.65.126 (latest release) on Windows, macOS, Android (GrapheneOS), and Linux (Fedora 40). Behavior also persists in nightly and beta builds.

Additional Information:

Just hope to see this get fixed!

Bumping this as it concerns me…

I also keep getting google cookies maintained in my site data and permissions even though I have forget me for everything other than certain sites…

brave is just chrome in disguise imo

@Commend6197 I wanted to present some information just in case it might be helpful. Though mainly am responding just to keep it open and tag in @Mattches and/or @fanboynz to possibly respond with more accurate info,

Short summary from AI to my prompt is nextdns related to gstatic is:

Yes, NextDNS and gstatic are related in that Android sends a query to to get the IP of the DoT server when using NextDNS. However, this request doesn’t use a VPN to connect, so Google only knows that NextDNS is being used.

But then looking through the internet, you see such things as where you can see one of the responses as below:

But I’m really not sure what you have running on each device. For example, Android regularly will call out to see if it’s connected to wifi.

Gstatic also plays a part in websites we visit in terms of it loading maps, images, fonts, and other content.

The other thing I’m assuming might be happening is Safe Browsing, assuming you have it enabled. You can read more on that at but I’m mainly keying in on their mention of:

The Brave Browser makes use of Google Safe Browsing in order to protect users from malicious sites. It’s enabled by default on all platforms, but can be turned off at any time from the browser settings menu.

I probably should’ve included more info in my original post, but I’m fairly certain I know what the issue is and what’s causing it:

It appears that whenever Secure DNS is enabled on Chromium browsers, regardless of platform, it connects to the and domains as a way to test connectivity. Other browsers, like GrapheneOS’ Vanadium, change the servers from Google’s to theirs, related patch here, which is the approach I think Brave should probably take with this. As far as I’m aware, the DNS provider itself doesn’t matter, I was just using NextDNS since it’s easy to test and see what connections are being made. Same behavior could probably be replicated on ControlD, AdGuard, etc. I also don’t have Safe Browsing enabled, and don’t think it’s related to that either.

I’m fairly certain that this was just an oversight on Brave’s part, so hopefully this will be fixed. There’s a GitHub issue as well here, which appears to have some activity.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.