I recently switched to Brave at work (Windows) and so this post is related to that version. I use Brave on my phone (Android) and at home (Linux), but I don’t use private browsing there so I’m not sure if the same problem exists in those versions.
I’m a developer and for testing purposes of the web applications I’m working on, I need to log into the sites as different users. I’ve been using Firefox private windows for this and the behavior is what I expect, but in Brave it doesn’t work correctly.
If I open a tab and log into my web application as a particular user (user-x) and then open a new private tab and browse to the application in order to log in as a different user (user-y), it shares the authentication token between the “public” and “private” tabs and automatically logs me in as user-x.
Any sharing of data between the “public” and “private” tabs seems like a major security issue to me.