SECURITY: Hidden Brave extension snoops on all users

There seems to be an hidden Brave extension active, even in private window:

  1. Open a private window;
  2. Go e.g. to notex.ch;
  3. Hit F12 (developer tools);
  4. Go to lighthouse panel;
  5. Hit “Generate report”
  6. Go to passed audits / remove unused CSS
  7. Notice that there is an “div” or “a” element which has been hidden;

The “a.href” attribute (for “a” element) points always to different domains, e.g. outbrain.com or oboom.com all of which have been registered behind privacy preserving registrars!

This looks somebody is trying to collect the IP addresses of all Brave users, to determine their actual location: I suspect some agency wants to know where all the built-in IPFS nodes are running. :frowning:

$ pacman -Qi brave
Name : brave
Version : 1.23.71-1
Description : Web browser that blocks ads and trackers by default (latest
binary release).
Architecture : x86_64
URL : https://brave.com/download
Licenses : MPL2 BSD custom:chromium
Groups : None
Provides : brave brave-browser
Depends On : gtk3 nss alsa-lib libxss ttf-font
Optional Deps : cups: Printer support [installed]
pepper-flash: Adobe Flash support
libgnome-keyring: Enable GNOME keyring support [installed]
Required By : None
Optional For : None
Conflicts With : brave
Replaces : None
Installed Size : 257.74 MiB
Packager : Philip Mueller philm@manjaro.org
Build Date : Thu 15 Apr 2021 12:31:56 PM +03
Install Date : Tue 04 May 2021 03:32:45 AM +03
Install Reason : Explicitly installed
Install Script : No
Validated By : Signature