I have a second, occasionally-used email account with one of the encryption-friendly webmail providers.
When I logged in to the second account in a Brave TOR window over the weekend I noticed that after entering my login and password for that account and pressing ‘return’, a faint image of my login credentials for the other account were briefly visible on-screen.
I don’t know what that implies, but am mentioning it in case it possibly indicates a security leak in Brave’s TOR windows.
It hasn’t ever happened when I’ve done the same in the TOR browser.
Mac OS 10.14.3 (Mojave)
Version 1.52.102 Chromium: 113.0.5672.126 (Official Build) beta (x86_64)
@mk7z Just so I understand you correctly, you have two separate email accounts at the same provide, say email.com for the sake of argument. So you normally use a@email.com, but you also have b@example.com that you rarely use.
You opened a Tor window in order to log into email.com as b@email.com, and you briefly saw the credentials pop up for a@email.com in the browser? Is that correct?
Do you have a password manager extension installed? Or did you use the built-in Brave password manager to save the credential for a@email.com?
@fmarier Yes, that’s it exactly, except that it happened when I logged out of the second account. Sorry for the error in my original post. What I saw flash on the screen was the login ID for the other account (the one I normally use), immediately after I logged out of the rarely-used account.
The text that flashed on the screen was in a grayed-out font, not the normal black font.
In another login to the second account since my post, it didn’t happen.
The Password Manager section will show you anything that may be saved locally, but also the Addresses and more section could in theory pick up your email address and save it locally, if that feature is enabled.
@fmarier I thought of waiting for it to recur before the original post, and decided to do so primarily to see whether it had been reported by others.
The first thought I had when it happened was wondering whether the email provider was monitoring logins against data that would indicate multiple accounts by the same user. As far as I know, that would not be easy to do with TOR circuits.