IP Leak on brave browser

[IUseNixOSBTW]

Likely affects all chromium browsers. Steps to recreate:

1. Make sure extension is set to auto connect
2. Open a website such as browserleaks.com/ip as soon as the browser starts, you may need to set it as a bookmark or set it as the startup page if you are not fast enough
3. See your real ip leak

After about a second when the extension loads the ip no longer leaks. This is the fault of your extension because windscribe extension does not leak under the same test.

[kylekatarnls]

Hello,

Windscribe addon is using manifest v2, which mean at some point it will no longer be possible to use it as you can see on their chrome store page.

Sadly, manifest v3 the new norm (enforced for extension landing on the store nowadays including ours) has significantly changed the way extension can control proxy settings of the browser.

So this bug is due to a known limitation of the browser proxy API. For severe threat model, I'd recommend to have also the desktop app on, or to ensure no sensible tabs are open before the extension icon shows the plain green "protected" state.

We try to find alternative ways to bypass this limitation but it's not possible to use the mechanisms that can be found in windscribe or other manifest v2 for that.

[IUseNixOSBTW]

Thank you for sharing this information, it is very helpful. I would like to ask about one more thing. I noticed the same bug happens on firefox with both proton and windscribe extensions and obviously firefox still has mv2. Is this a limitation in the firefox proxy api or is it fixable?

[IUseNixOSBTW]

I did some more testing and the hide.me proxy extension for firefox does not leak in the test I described so it appears to be possible to fix for the firefox proton extension. I hope you can take a look and fix this for firefox atleast.