There seem to be two separate but related issues here, and I don't see how the headline could be true.
AFAICT, Brave is striving to mediate access to websites that attempt to connect to network services running on 127.0.0.1. I would've hoped that they take this further to prevent connections across the user's LAN to RFC1918 addresses (or to whatever addresses are being used on the LAN).
I do not see a feasible way that a mere web browser running on a client machine could prevent port scans against anything. Not the host computer nor the edge router. That's simply beyond the scope of a web browser. I don't know why Ars Technica chose such a misleading headline. However, I'm glad that they brought to light this reprehensible practice of public web sites, including bestbuy.com, where I recently made a major purchase, yet I was completely unable to create a user account there. Now I want nothing to do with them.
can't the browser download the webpage that contains code to scan 127.0.0.1 then forward the data back to the server? this would also bypass vpn protection.
Are you suggesting that as a bypass for Brave's protection or something? And you do understand that this is how browsers work in general, by downloading code, running, and forwarding data back to servers?
I believe Cyder was explaining his (and my) understanding of what this new Brave feature is trying to prevent. That is the kind of behavior that this feature is putting a stop to, localhost connections.
AFAICT, Brave is striving to mediate access to websites that attempt to connect to network services running on 127.0.0.1. I would've hoped that they take this further to prevent connections across the user's LAN to RFC1918 addresses (or to whatever addresses are being used on the LAN).
I do not see a feasible way that a mere web browser running on a client machine could prevent port scans against anything. Not the host computer nor the edge router. That's simply beyond the scope of a web browser. I don't know why Ars Technica chose such a misleading headline. However, I'm glad that they brought to light this reprehensible practice of public web sites, including bestbuy.com, where I recently made a major purchase, yet I was completely unable to create a user account there. Now I want nothing to do with them.