OS: macOS 10.14.6
I run Little Snitch and suddenly noticed that Brave was requesting IPs rather than domain names. This suggested that Secure-DNS was now operational.
As I did not want Secure-DNS, I looked at ways to disable it and found that I was unable to alter the setting as my browser was now being “managed”.
Under brave://settings/help I see the message in the title. When clicking on that message I am taken to a blank page at brave://management.
There is no reason why the browser on my personal machine should be managed by any organisation.
Could someone please provide steps to take back control of my browser?
What do you see at brave://policy/ ?
Hmm, that is weird. Prior to your responsed, I had followed the steps at
When I looked at brave://policy it said that the value for IPFSEnabled needs to be boolean so changed that.
defaults write com.brave.Browser IPFSEnabled -bool false
Then, as the only policies shown as set were those mention in the article, I deleted them
defaults delete com.brave.Browser [BrowserGuestModeEnabled | IPFSEnabled | IncognitoModeAvailability]
Now brave://policy shows “no policies set” AND the browser no longer says that it is “managed”.
Having solved the “managed” issue, I was able to disable DoH but that doesn’t appear to have fixed my problem - that the browser is resolving domain names and only requesting IPs stopping Little Snitch from working effectively.
Is there a way to stop the browser from resolving names internally? This seems to be a Chromium thing as it is common behaviour between Brave, Chrome and Opera browsers.
Hey JimBob. Glad you got that fixed! Admittedly I’m not sure if I follow what you mean with the IPs vs. names resolution thing. What exactly is Little Snitch reporting on that it considers problematic? Do you mean it’s caching the results of name lookups instead of talking to DNS resolvers for each lookup? Or something else?
Little Snitch intercepts all outgoing connections and reports what they are so that a user can decide whether to allow those connections to be made. One use case for this is blocking all requests to facebook.com from a browser to limit the amount of tracking FB can do - by analysing the opening of links to facebook.com assets on any website you visit.
Little Snitch identifies traffic at the name level so, if a browser is resolving the IP and only sending a requet to the IP, then it is unable to correctly identify the traffic as allowed or not.
It seems that DoH was in action, even after I turned it off and restarted the browser. The requests for IPs seems to have stopped now.
I have to admit I do not see what problem DoH is supposed to solve. Yes, it stops the ISPs from keeping track of its least tech savvy customoers DNS requests but it doesn’t stop said ISPs from doing reverse lookups on IPs and it doesn’t stop CloudFront et al from collecting all this information for whatever purpose it deems useful. Maybe browsers should stick to rendering web pages and leave the other stuff to other applications that users can choose to use or not?
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.