Brave opens onion URLs in new window when visiting certain surface-net sites

[ItchyBugReporter]

Description

When visiting a select few web sites on the surface web, Brave will open a new browser window with a dark interface and paste in the onion URL of the same web site, entirely without me asking it to do so. It doesn't do this for all web sites that have a onion URL -- for example, it does this repeatedly with ProtonMail, but not with DuckDuckGo. With ProtonMail specifically, I have to repeatedly have to close the new window -- I go to Proton.me, close the new window, click Sign In, close the new window, log in to my account, close the new window, go to my account settings, close the new window, etc. For clarity, the original window I was working with does load the surface-web page I was asking for. It seems to me that simultaneously opening the same site in both Tor and the surface web on the same computer connected to the same Internet router is a good way to de-anonymize someone who wants to use Tor for privacy. Also, I did not know ProtonMail had an onion URL until Brave randomly started opening it for me.

Steps to Reproduce

1. Open a "regular" (i.e. non-Tor/non-private) Brave window.
2. Go to a web site this issue occurs with, e.g. https://proton.me/
3. Watch as a Brave Tor windows pops up with the onion version of the web site, while the surface web version continues to load behind it.

Actual result:

Brave loads the same web site twice -- once through the surface web in the original window I was using, and again in a new window with a dark interface using an onion URL.

Expected result:

The new windows does not open, the onion URL is not visited. When I type a surface-web URL into a non-Tor window, just stick to the same window and load the URL I asked for.

Reproduces how often:

Intermittent issue -- loads only with select web sites.

Brave version (brave://version info)

Brave Software Inc

Copyright © 2023 The Brave Authors. All rights reserved.

Brave	1.52.117 Chromium: 114.0.5735.90 (Official Build) (64-bit)
Revision	386bc09e8f4f2e025eddae123f36f6263096ae49-refs/branch-heads/5735@{#1052}
OS	Linux
JavaScript	V8 11.4.183.17
User Agent	Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36
Command Line	/opt/brave.com/brave/brave --disable-domain-reliability --enable-dom-distiller --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --sync-url=https://sync-v2.brave.com/v2 --lso-url=https://no-thanks.invalid --variations-server-url=https://variations.brave.com/seed --variations-insecure-server-url=https://variations.brave.com/seed --flag-switches-begin --flag-switches-end --component-updater=url-source=https://go-updater.brave.com/extensions --desktop-startup-id=desktop;1685891415;701610;12562_TIME35157563
Executable Path	/opt/brave.com/brave/brave
Profile Path	/home/user/.config/BraveSoftware/Brave-Browser/Default
Active Variations	AdRewardsStudy:NextPaymentDayAdvertiserSplitTestStudy:GroupAAllowCertainClientHintsStudy:EnabledBraveAdblockCookieListOptInReleaseStudy:EnabledBraveAdblockMobileNotificationsListDefault:EnabledBraveAds.AdServingStudy:DefaultAdNotificationsPerHour=10/MaximumAdNotificationsPerDay=100/MaximumInlineContentAdsPerHour=6/MaximumInlineContentAdsPerDay=20/AdServingVersion=2BraveAds.FrequencyCappingStudy:ExcludeAdIfWithinTimeWindow=0hBraveAutoTranslateStudy:AutoTranslateDisabledBraveDebounceStudy:EnabledBraveGoogleSignInPermissionStudy:DisabledBraveHttpsByDefaultRolloutStudy:EnabledBraveRewardsWebUiPanelStudy:EnabledBraveScreenFingerprintingBlockerStudy:EnabledConversionsStudy:NewDefaultPatternDefault1pBlockingStudy:DisabledDisableReduceLanguage:EnabledEphemeralStorageStudy:EnabledFirstPartyEphemeralDomainBlockStudy:EnabledForceDisableBlinkFeatures:EnabledPartitionBlinkMemoryCacheStudy:EnabledPartitionConnectionsByNetworkIsolationKeyStudy:EnabledPermissionLifetimeReleaseStudy:EnabledSpeedreaderReleaseStudy:EnabledUserActivityStudy:TriggersWhatsNewStudy:Enabled

Version/Channel Information:

• Can you reproduce this issue with the current release?
• Yes
• Can you reproduce this issue with the beta channel?
• Have not tried
• Can you reproduce this issue with the nightly channel?
• Have not tried

Other Additional Information:

• Does the issue resolve itself when disabling Brave Shields?
• No. Enabling or disabling Shields does not change whether or not this issue happens.
• Does the issue resolve itself when disabling Brave Rewards?
• No. I do not use Brave Rewards, so I do not have Rewards enabled.
• Is the issue reproducible on the latest version of Chrome?
• No. This does not occur in Chrome or Chromium. However, it is worth mentioning that Google does not provide support for Tor in it's browsers.

Miscellaneous Information:

[diracdeltas]

do you have the 'automatically redirect .onion sites' setting enabled in brave://settings/?search=onion ?

[ItchyBugReporter]

I think it would be more accurate to say "is it on it's default enabled setting" as it was enabled, but I did not enable it. Also, as this setting is labelled, I would it assume that when I attempt to load any site with a onion URL, it would automatically redirect to the onion URL; however, I see the onion URL load only with a few select sites (this does not happen with DuckDuckGo, for example, which does have an onion URL), and it loads simultaneously with the surface net URL rather than as a redirect. As previously mentioned in my report, this seems like a good way to help deanonymize someone on Tor ("look, this person is loading this site at the same exact moment I see a request for this site on that exit node, let's see if we can confirm it's them!").