Brave, by default, connects to third-party domains with the Top Sites feature to fetch favicons, even if Top Sites is disabled

johnt · July 10, 2024, 3:01pm

While inspecting DNS logs, I found that Brave on Android (not tested on other platforms) always makes short connections to various popular websites such as ESPN and Ebay, and they seem to fetch the favicons when opening a new tab. I have disabled the Top Sites feature, but the problem still persists. One way to fix this is to go to Brave Settings>Display>New Tab>Widgets>Show Top Sites and enable the Top Sites feature and then remove the Top Sites by long pressing on the favicons one by one and then disable the Top Sites feature in Brave Settings.

This could be a hidden privacy threat for some people, as it could expose your IP address, user agent, and other http headers, as well as the time you opened a new tab, to popular websites. This issue has been reported to Brave by other people, but there has yet been no response.

Links for more information:

exaCORE · July 10, 2024, 3:06pm

I’m no Brave fan, but this kinda sounds like a bug or oversight. Maybe filing a bug report is in order?

Lukas · July 10, 2024, 4:48pm

I noticed this years ago when I used Brave and NextDNS. It’s pretty funny that they didn’t fix it yet.

Showplace8087 · July 10, 2024, 5:53pm

Yeah its been an issue for a looooong time. Manually removing the preloaded top sites like you mentioned is the only way to get rid of those connections, kinda stupid that disabling them doesn’t do it.

Sharply · July 11, 2024, 5:38pm

Yes, glad you posted this, I previously noticed this myself (Ex. I saw Brave connecting to a Facebook domain…), was super confused but completely forgot about it. Has anyone filed an issue on this yet?

8pen-s8urce · July 11, 2024, 7:46pm

This is a known issue to the Brave team since at least October 2020.

Github issue: Add option to disable topsites tracking in Settings · Issue #12263 · brave/brave-browser · GitHub

People complaining about this issue in the Brave forum:
• Disable "top sites" tracking on New Tab Page - Mobile Support - Brave Community
• Why is the brave android browser pinging the following 3rd Party TLD's when the browser is launched each time? - Mobile Support - Brave Community
• Weird Brave Android requests - Misc - Brave Community

Topic		Replies	Views
Check if your Brave connect to 'Top Sites' on Android Privacy	1	415	March 5, 2024
Why is Brave connecting to ad domains? Questions browsers	6	422	July 26, 2024
Brave Browser on iOS contact advertising domains even when Brave Ads not on. What do you think? Privacy browsers	3	423	May 21, 2024
Why is Brave storing cookies? Questions	2	384	June 18, 2024
Brave iOS now uses HTTPS by Default Privacy browsers	0	140	August 25, 2024

Brave, by default, connects to third-party domains with the Top Sites feature to fetch favicons, even if Top Sites is disabled

Related Topics