In a significant stride towards enhancing user privacy, Brave browser has introduced a new feature called “Request Off the Record” (OTR) starting from version 1.53. This feature, designed to protect the privacy needs of individual users, is particularly beneficial for those who need to conceal their browsing behavior from others who have access to their devices.
The OTR feature allows websites to label their content as “sensitive”. The browser then prompts the user to visit the site in OTR mode, where the site is accessed in a clean, temporary storage area. Notably, sites visited in OTR mode are not saved to the user’s browsing history, and any cookies, permissions, or other site data do not persist to disk. Meanwhile, other sites visited are stored and treated as normal, obscuring any “unusual” behavior to anyone who may access the device later.
Brave’s current private mode already prevents saving data to the browser’s history, encrypts connections, and deletes cookies and temporary website data after closing. However, tech-savvy users point out this offers limited protection against local network observers who could still monitor unencrypted network traffic. Brave’s proposed ‘Off the Record’ mode aims to resolve this issue by preventing any browsing data from being saved at all during the session through a privacy mechanism called ‘ephemeral storage.’
Ephemeral storage is similar to encrypted virtual machines that leave no trace once shut down. Brave would run a separate ephemeral profile in the background that gets destroyed when the mode is exited, leaving no evidence or artifacts behind on the device storage. According to Brave, this goes beyond most browsers’ private or incognito modes and could appeal to users with an acute need for confidentiality when browsing.
Brave’s OTR feature is a part of its suite of features that support the privacy needs of users, providing protection far beyond the “standard” threats typically watched out for by browsers. Brave plans to collaborate with other browser vendors to standardize OTR, ensuring privacy and safety for at-risk browser users across the web, irrespective of the browser they use.
The development of this feature involved input from several civil society and victim advocacy groups. Mallory Knodel, the CTO at the Center for Democracy and Technology, praised Brave’s attention to detail with OTR Mode, stating that it is an important privacy innovation that can protect users in “attacker you know” situations or anyone who wants more control over what their browser remembers and what it doesn’t.
However, it is important to note that while Brave’s Request OTR feature prevents visits to sensitive sites from being recorded in a user’s browser history, it does not protect users from other software on their computer that might record information about what sites they visit. Examples include browser extensions, network spying, malware or spyware installed on the device, information saved by sites before or after you visit the “off the record” site, operating-system level logging, and crash logs.
Brave is set to release Request Off the Record in the upcoming version 1.53 of its desktop browser, with an Android version following in the 1.54 release. The company is also working with experts and researchers at George Washington University and Paderborn University to evaluate how Request-OTR is understood by users and how they can further convey to users exactly what protections the feature does and does not provide. Furthermore, Brave is interested in working with other browsers, organizations, and web companies to potentially standardize Request-OTR, so that users of other websites and browsers can benefit from the protection.