Brave, a popular web browser known for its focus on privacy and security, is set to introduce more powerful features to control access to local network resources. The latest version of Brave, 1.54, will include enhanced capabilities to determine which websites can access local host resources and for how long. This move comes as a response to the growing concerns over privacy and security risks posed by malicious requests from websites.
Local host resources are essentially images and web pages hosted by software on a user’s local machine. Traditionally, web browsers like Chrome, Safari, Firefox, and Mozilla have allowed both secure and nonsecure public sites to access these resources. However, this practice has raised concerns about user privacy and security.
The primary reason for allowing websites to access localhost resources is rooted in historical legacy and backward compatibility. Browsers have not strictly enforced distinctions between first-party resources (hosted by the website being visited), third-party resources (hosted on other public websites), and localhost resources. This lack of strict enforcement has made a significant amount of software freely accessible via websites, often without the user’s knowledge.
While many legitimate uses of local host resources exist, such as cryptocurrency wallets and security software, there is also a significant amount of harmful software that exploits access to these resources for illicit purposes. Fingerprinting scripts, for example, attempt to re-identify users by searching for specific patterns in the software running on their devices. Other scripts look for vulnerable software to launch attacks.
In light of these concerns, Brave has taken a different approach compared to other browsers by prioritizing user control and privacy. The browser automatically blocks trackers and unwanted ads while providing anti-phishing and anti-malware protection. Moreover, Brave has implemented multiple protections against malicious access to localhost resources.
Currently, Brave uses filter list rules to block scripts and requests from public sites that attempt to scan or access localhost resources. However, the new version of Brave introduces a more comprehensive system for protecting users. This system consists of several key components:
1. Requests to localhost resources from a localhost context are automatically allowed. Brave does not block locally hosted pages from accessing other locally hosted resources.
2. Filter list rules will still be utilized to block scripts and known malicious sites that abuse localhost resources.
3. Brave will introduce a new permission called the “localhost” permission. Only sites with this permission will be able to make sub-resource requests to localhost resources. By default, no sites have this permission, and most sites do not have a way to prompt users for this permission. However, advanced users can grant this permission to sites using the existing site settings interface.
4. Brave will maintain a list of trusted sites known to access localhost resources for legitimate purposes. The first time a site on this list initiates a sub-request to a localhost resource, it will trigger a permission prompt for the localhost permission.
Furthermore, Brave is enhancing its protections beyond the browser level, ensuring that it can safeguard users against less common methods of localhost requests, including DNS records that refer to localhost.
By implementing these powerful features, Brave aims to give users greater control over their privacy and security when it comes to accessing localhost resources. With growing concerns over fingerprinting and malicious access, these enhancements are a step in the right direction for protecting user data and ensuring a safer browsing experience.
In conclusion, Brave’s latest update brings robust features to control access to local network resources, addressing the privacy and security risks associated with malicious requests from websites. By allowing users to have greater control over which sites can access localhost resources and for how long, Brave strengthens its stance as a privacy-focused browser. With its automatic blocking of trackers and unwanted ads, Brave empowers users to have a safer and more secure browsing experience while protecting their sensitive information from prying eyes.