I’m wondering if the new Brave browser’s Tor-based private mode makes a difference.

Many companies have systems circumventing https via additional certificates—effectively a man in the middle attack.