simmerskool

Level 9
Verified
Malware Tester
snafu for discussion: running 1.9.76 which appears to be the latest stable (non-nightly) version. Just experienced something potentially very concerning. When I logged into MT tonight, I copied my username from keepass 2.45 and my password also immediately autofilled and took me to the 2fa login page. but STOP, HOW was the pw loaded? I have no (ie zero) saved pw in Brave all that is disabled in settings. It just occurred to me, could this be a keepass snafu?? Been using keepass for long time, never failed me, very manual. I have to do something to copy and paste a username or password. (my security universe is crumbling down around me... o_O)

EDIT update: I logged in to MT this afternoon with keepass, and all normal, ie, no autofill of pw. maybe I had a fat finger on keyboard using keepass last night...
not worried. :whistle:
 
Last edited:
Hey @oldschool (and fellow peers). I ran into some Reddit threads saying Brave randomly connects to crypto websites even with Crypto Wallets and Brave Rewards turned OFF. I don't use either of those features and just need a relatively secure browser that won't implement Google's Manifest 3 (the update that will kill ad-blockers). However, I am concerned to see threads like these (extremely recent posts) saying Brave connects to these servers out of the blue.

- URL: https://www.reddit.com/r/brave_browser/comments/f3e27q - URL: https://www.reddit.com/r/privacytoolsIO/comments/gr8nue - URL: https://www.reddit.com/r/brave_browser/comments/gfw234 - URL: Brave browser connects to min-api.cryptocompare.com

Do you have any idea how to stop this behavior? One of Brave's mods/devs said in one of the Reddit threads this behavior shouldn't be happening (even though it obviously is) when Crypto Wallets and Brave Rewards are turned off. He then recommended also turning off the setting "Load Crypto Wallets on startup" in the Extensions portion of Brave's settings.

What has your experience been with this? Do you know how to stop this kind of behavior from occurring? I really enjoy using Brave but this is definitely bugging me to say the least. Thank you in advance!
 
@oldschool I'm not into conspiracy theories either, nor do I mistrust Brave. I just don't want Brave to make connections to features that I'm not using that may be a potential security risk in the future. Not on Brave's end but on CryptoCompare's end.

For example, PageFair is a service used by many websites to block ad-blockers. But PageFair itself was hacked and served malware to users of websites that are clients of PageFair. That was unfortunate because those website didn't have anything to do with it. They just enabled PageFair to save some ad revenue and it cost them their own reputation as their visitors were re-directed to malicious content.

I just don't want to be in a situation where CryptoCompare is hacked and downloads something malicious without Brave's dev team knowing about it. Especially because I don't even use their Crypto Wallets feature anyway.
 

simmerskool

Level 9
Verified
Malware Tester
@PotentialUser you can use this to check connections:
sidenote question: you find novirusthanks tool better than sysinternals tcpview?
 
Top