Is there anyone from Brave Support or Brave Community who’d be kind enough please to let me know what is the function of [tor-0.3.4.9-win32-brave-0]?
Hello Eljuno,
Thanks so much for replying, I was thinking I’d posted in the wrong place.
I do know it’s a false positive and I have logged it with Kaspersky.
Would you be kind enough to advise please Is [tor-0.3.4.9-win32-brave-0] an executable file?
Hello Eljuno,
Thank you for replying, unfortunately I do not understand “Tor will only run if you using Private window”, Sorry!
As far as I can see My Brave settings are set to highest privacy.
The question Is [tor-0.3.4.9-win32-brave-0] an executable file?, from what I can gather from your answer, is yes; however; now that you’ve said “Tor will only run if you using Private window”, poses the next question, how can I verify this?
I’d be very grateful for clarifications, answers please if you’d be so kind.
Many thanks & cheers.
@SNAFU_MIG,
What he means is that, with respect to Brave, Tor functionality only initiates (that is, you’re only tunneled through the Tor network) when opening a “Private Window with Tor” in Brave.
You can open this window from the main menu:
Hello Mattches,
Thanks!!! As I’m engaged with K on this issue & as K have given conflicting information, these clarifications are gold.
I’ve just tested the (Brave)(Tor) window, so that’s good, proves monkeys can learn , however, it’s generated a Brave certificate issue> “The certificate chain is not complete” this is a Brave issue, not Kaspersky.
Hmm, what Kaspersky has written I don’t believe I should write here, suffice to say they appear to have no intention of re-classifying [tor-0.3.4.9-win32-brave-0].
So, utilizing their software, which is where the detection is reported, I deleted [tor-0.3.4.9-win32-brave-0], and then tested Brave Tor, it works without issue.
So my question to Brave Support is:
List item
What is the function of the [tor-0.3.4.9-win32-brave-0] object?
If the Brave Tor Browser works without [tor-0.3.4.9-win32-brave-0] & if it’s continuing to be detected by 7 engines
Tor is a tool for anonymizing network connections. That means it’s used in tools designed to protect your privacy (like Brave and Tor Browser), and also in malware which wants to hide its command-and-control infrastructure. If these AV vendors are classifying the standard Tor binary as a threat, that’s a false positive, and they should fix it.
Not sure what’s happening when you try to use private windows with Tor after deleting the Tor binary. What happens when you visit https:/check.torproject.org after deleting the Tor binary?
Hello Tom,
Thank you, it’s great to get some feedback.
Kaspersky are adamant - object [tor-0.3.4.9-win32-brave-0] will not be categorized (by Kaspersky) as a false-positive.
What’s confusing is there are multiple BraveForum posts where Brave have advised Brave are actively pursuing the issue with Kaspersky, those posts go back months, no resolution, issue continues to occur.
I deleted the original [tor-0.3.4.9-win32-brave-0] more than a week ago.
(private windows with Tor after deleting the Tor binary) Brave continued to function normally. My question to the Brave experts/community was/is: what’s the point of the object if the Brave works without it? Surely, if it has no critical function, logically, I would think, Brave would be keen to get rid of it, due to the detections, by Kaspersky & the other AV providers.
I’ve just checked C:\Users\xxxxx\AppData\Local\BraveSoftware\Brave-Browser\User Data\cpoalefficncklhjfpglfiplenlpccdb\1.0.4, [tor-0.3.4.9-win32-brave-0] is back.
And, Kaspersky continues to detect.
So deleting [tor-0.3.4.9-win32-brave-0] doesn’t work.
Conclusion:
(imo) Brave Technical Support need to address this issue🤔
Cheers.
If it’s true that Kaspersky have firmly decided that Tor is malware, they are mistaken. That’s not something that they’ve said to us directly yet though — we’re still going through their slow process of submitting a false-positive report. However, if that really is the final answer from them, there’s nothing that we (Brave) can do about it.
The Tor binary in Brave is used when you open a private window with Tor. If you delete the Tor binary, then private windows with Tor won’t work. But everything else will still work — for now. We intend to use Tor to anonymize more of the behind-the-scenes network connections that Tor makes. So in future, more features will rely on the Tor binary.
From: Kaspersky Lab Support [email protected]
Sent: Friday, 4 January 2019 09:31
Subject: Kaspersky Lab Technical Support - ID INC000009990560
The brave file detection cannot be compared to other false positives.
It is a correct detection in which the file is found to contain a powerful and dangerous tool.
The purpose is to highlight that there is a dangerous tool installed.
If it is not installed by the user, then it is recommended to have it removed.
My communications with Kaspersky:
[Brave (new) Private window with Tor], is “installed” automatically by Brave users, as a default: it comes pre-packaged with Brave.
[Brave (new) Private window with Tor], cannot be removed.
Removing [tor-0.3.4.9-win32-brave-0] object does not work, the object “returns”, Kaspersky continues to detect.
Tom,
to confirm I’m on the track; referring to the attached image,
a) is this the ONLY way to access [Brave (new) Private window with Tor]? [marked with green dot]
b) [tor-0.3.4.9-win32-brave-0] object exists (in C:\Users\xxxx\AppData\Local\BraveSoftware\Brave-Browser\User Data\cpoalefficncklhjfpglfiplenlpccdb\1.0.4) without activating [Brave (new) Private window with Tor],
c) [Brave (new) Private window with Tor] works even AFTER [tor-0.3.4.9-win32-brave-0] has been removed.
Re (b & c) if BnPWwT - works even when/after the object has been deleted/removed, what is the function/purpose/point of the object [tor-0.3.4.9-win32-brave-0]?
If this specific object is not critical to the function/use of [Brave (new) Private window with Tor] why have it?
So, just to rehash, when I access [New private window with Tor] from the Brave browser, I have full access.
Performing [https:/check.torproject.org] check, from Brave browser & from Brave [New private window with Tor] browser results in "Sorry. You are not using Tor."