Brave browser simplifies its fingerprinting protections(brave.com)
brave.com
Brave browser simplifies its fingerprinting protections
https://brave.com/privacy-updates/28-sunsetting-strict-fingerprinting-mode/
86 comments
It's so obviously hilarious that I'm surprised they don't call it out, or if they don't want to draw attention to it, moved it into multiple sentences.
"0.5% of our tinfoil hat purchasers wear it, according to our wearing-telemetry."
"0.5% of our tinfoil hat purchasers wear it, according to our wearing-telemetry."
The good old airplane damage diagram came to mind immediately!
You're referring to the visualization in this article? https://en.wikipedia.org/wiki/Survivorship_bias
Can that telemetry be disabled at all? "Privacy-preserving telemetry" could mean that they consider it OK to make it mandatory.
Yes, brave has 2 checkboxes in its settings page. One for crash reports and the other for privacy-preserving product analytics (P3A) which is what they are talking about here. Disabling those stops Brave from sending anything to brave endpoints, aside from auto update checks of course.
LibreWolf[1] is a Firefox-based alternative to Brave, and appears to pass more privacy tests[2].
1. https://librewolf.net/
2. https://privacytests.org/
1. https://librewolf.net/
2. https://privacytests.org/
Browser engine diversity will arguably become more important than browser diversity if Google tightens the right screws at the Chromium level.
No, https://privacytests.org/ is misleading, it shows only the results of the default browser settings - which absolutely nobody uses.
Worst part is, they don’t even mention this…
Worst part is, they don’t even mention this…
i think that's important because most users will only use the default settings. Firefox would be the clear winner if they didn't use default settings because they give you so much more control and customization than other browsers. Even without add-ons, about:config lets you really lock firefox down.
Why is it an "alternative to brave" rather than just another browser?
Because Brave is the topic of this thread.
Tor Browser does letterboxing for anti-fingerprinting of usable window size, which can be kinda painful, with sometimes large margins of lost display space.
Any current thoughts on this, and on Brave's approach?
I see a request for letterboxing in Brave, and a PR that does randomizing of some values instead:
* https://community.brave.com/t/feature-request-letterboxing-i...
* Bug 23170: anti-fingerprinting: hide screen size and window position #13737 https://github.com/brave/brave-core/pull/13737
(Incidentally, that PR number is not quite elite. :)
Any current thoughts on this, and on Brave's approach?
I see a request for letterboxing in Brave, and a PR that does randomizing of some values instead:
* https://community.brave.com/t/feature-request-letterboxing-i...
* Bug 23170: anti-fingerprinting: hide screen size and window position #13737 https://github.com/brave/brave-core/pull/13737
(Incidentally, that PR number is not quite elite. :)
> I see a request for letterboxing in Brave, and a PR that does randomizing of some values instead:
randomizing is the better way to go.
Tor's approach to fingerprinting seems misguided to me. Their idea is to make every single user appear to be identical so that you can always tell when someone is using Tor Browser, but you can't track which Tor Browser user a visitor is.
The problem is that new fingerprinting techniques are found all the time, and as soon as even one is discovered that Tor Browser doesn't know about or hasn't updated to address you become 100% trackable.
Instead of trying to always make sure that every browser will produce an identical "Tor Browser" fingerprint and just hoping you account for everything that might go wrong, it seems like the smarter thing to do would be to make sure that every browser (and even every session) used a totally randomized fingerprint. That makes it impossible to track anyone across sites/visits and impossible to even tell the difference between someone using Tor Browser or any other browser that has a unique fingerprint (or randomizes to create one). Most people's browsers are already creating a unique fingerprint, the trick is just to make one person's browser differently unique every time. Every website will see your browser visit them once, but then never again.
randomizing is the better way to go.
Tor's approach to fingerprinting seems misguided to me. Their idea is to make every single user appear to be identical so that you can always tell when someone is using Tor Browser, but you can't track which Tor Browser user a visitor is.
The problem is that new fingerprinting techniques are found all the time, and as soon as even one is discovered that Tor Browser doesn't know about or hasn't updated to address you become 100% trackable.
Instead of trying to always make sure that every browser will produce an identical "Tor Browser" fingerprint and just hoping you account for everything that might go wrong, it seems like the smarter thing to do would be to make sure that every browser (and even every session) used a totally randomized fingerprint. That makes it impossible to track anyone across sites/visits and impossible to even tell the difference between someone using Tor Browser or any other browser that has a unique fingerprint (or randomizes to create one). Most people's browsers are already creating a unique fingerprint, the trick is just to make one person's browser differently unique every time. Every website will see your browser visit them once, but then never again.
I don't know about Brave's implementation, but Firefox is lack luster as you can actually see the letter box 99% of the time. I feel like if real resources were poured into it then you could have sites almost look no different. In Firefox it really looks like the developers just made a smaller view port and called it good enough.
Can you explain letterboxing to a non front-end dev?
Normally, a browser window has a rectangular area of the display that is "visible" and used for the Web page, with browser controls and scrollbars and window decorations around it.
To a company that wants to identify who the person is (such as to build a profile of the person and sell that information) one way is to "fingerprint" the browser and how it's used. The dimensions of that visible display rectangle help with this, since individuals will often tend to end up with a window size that's more particular to them than of all possible users.
One browser anti-fingerprinting privacy feature targets that telltale rectangle size, with "letterboxing" (different from movie letterboxing). Which means that range of different visible rectangle dimensions of what could be many users get reduced to the same smaller rectangle dimensions. Which (like movie letterboxing) results in large unused margins for all users.
So, say that you have a 1920x1080 native window size, including all the decorations and controls. That's a pretty common size, and doesn't fingerprint you very well at all. But your particular preferences for things like window decorations and font sizes and such narrow that down quite a bit. And if you don't have a common display size, nor a maximized window, but you tend to have the window the same size, that can fingerprint you even more.
With letterboxing, your 1920x1080 native window might give you, say, a 1600x800 display rectangle for the browser page. And a bunch of other people's native windows, of various sizes in the vicinity, and of various desktop settings, will also get the same 1600x800 display rectangle.
With letterboxing, everyone is wasting precious screen space, but they're supposedly harder for adversaries to identify.
I'm not thrilled with the tradeoff here. Though it's easier to stomach when so many Web sites make poor use of the display anyway, I've been desensitized.
(Sorry, I'd make this explanation shorter, if I had more time.)
To a company that wants to identify who the person is (such as to build a profile of the person and sell that information) one way is to "fingerprint" the browser and how it's used. The dimensions of that visible display rectangle help with this, since individuals will often tend to end up with a window size that's more particular to them than of all possible users.
One browser anti-fingerprinting privacy feature targets that telltale rectangle size, with "letterboxing" (different from movie letterboxing). Which means that range of different visible rectangle dimensions of what could be many users get reduced to the same smaller rectangle dimensions. Which (like movie letterboxing) results in large unused margins for all users.
So, say that you have a 1920x1080 native window size, including all the decorations and controls. That's a pretty common size, and doesn't fingerprint you very well at all. But your particular preferences for things like window decorations and font sizes and such narrow that down quite a bit. And if you don't have a common display size, nor a maximized window, but you tend to have the window the same size, that can fingerprint you even more.
With letterboxing, your 1920x1080 native window might give you, say, a 1600x800 display rectangle for the browser page. And a bunch of other people's native windows, of various sizes in the vicinity, and of various desktop settings, will also get the same 1600x800 display rectangle.
With letterboxing, everyone is wasting precious screen space, but they're supposedly harder for adversaries to identify.
I'm not thrilled with the tradeoff here. Though it's easier to stomach when so many Web sites make poor use of the display anyway, I've been desensitized.
(Sorry, I'd make this explanation shorter, if I had more time.)
Thanks much for this!
I mean, this is a press release way of saying they're removing Strict fingerprinting protection, not that it's being simplified.
That said, I get it. I have all the fingerprint protection stuff turned on in Firefox, and it breaks a lot of sites. In fact, it hurts the UX of most of the sites I use a lot, and completely breaks a lot of them. There are some critical websites where I just have to load up Chrome if I'm going to use them at all.
And their point about it being self-defeating if so few people use fingerprinting protection that you can more easily identify them uniquely by the fact that they use it. I've wondered about that myself.
So I think it's cool to get rid of it in their browser, and I like their explanation of the reasoning, I just don't like the weasel-word "simplify" to describe it.
That said, I get it. I have all the fingerprint protection stuff turned on in Firefox, and it breaks a lot of sites. In fact, it hurts the UX of most of the sites I use a lot, and completely breaks a lot of them. There are some critical websites where I just have to load up Chrome if I'm going to use them at all.
And their point about it being self-defeating if so few people use fingerprinting protection that you can more easily identify them uniquely by the fact that they use it. I've wondered about that myself.
So I think it's cool to get rid of it in their browser, and I like their explanation of the reasoning, I just don't like the weasel-word "simplify" to describe it.
I've seen Brave's fingerprinting strict mode on a users' computer, and they say they've had very few problems with it in 1-2 years of use.
This is also my experience, I don't know why the linked post makes it look like a big problem, I very much disagree with them retiring strict mode.
Yeah, the only times I've had problems with it, it was because of WebGL. So I use Standard mode in like 2-3 sites, and Strict everywhere else. This is a bad move IMO
It caused problems with dark mode for me. All sites displayed in light mode so I had to disable it.
So there's no light at the end of the tunnel.
We remove the privacy settings because otherwise webs won't work.
We remove the privacy settings because otherwise webs won't work.
Avoid the websites. Call companies, go to the library, or just abstain altogether.
This is the approach I've been taking. Outside of a handful of websites, the situation has become so intolerable that it's not really worth trying to find a way to safely use the wider web anymore.
I recently had to purchase some audio plug-ins for music production.
I was trying to decide between two bundles by two competing companies. They were pretty even, in my mind, in terms of pros and cons.
Then I discovered that one of the two companies had a website that's broken by basic privacy settings, such as preventing autoplay for videos.
I gave my money to the other company.
Then I discovered that one of the two companies had a website that's broken by basic privacy settings, such as preventing autoplay for videos.
I gave my money to the other company.
Or write custom clients for any website you care about. Essentially scrapers for every site which will extract and present information without the website's code running.
Avoid legitimate websites that Brave willfully and carelessly breaks?
Avoid websites which require a specific browser, and specific browser settings to function. In the vast majority of cases there's no reason why a site needs to scan my computer, use webgl, use webrtc, and a million other things which are used to track me. They're built poorly in this way because they're only testing against chrome, and are apathetic about privacy.
I’ve lost hope. My amiunique.org fingerprint is always unique.
I’d like my web browser to peach less on me. Websites don’t need to know my primary browsing language is en-gb, I’m rather proficient in other written dialects.
They don’t need to fingerprint my audio setup.
It seems like browsers were conceived at a time when surveillance capitalism didn’t exist and they still behave like thar
I’d like my web browser to peach less on me. Websites don’t need to know my primary browsing language is en-gb, I’m rather proficient in other written dialects.
They don’t need to fingerprint my audio setup.
It seems like browsers were conceived at a time when surveillance capitalism didn’t exist and they still behave like thar
I've never understood why websites need to be able to get a list of installed fonts.
Brave actually has font protection I believe :)
> I've never understood why websites need to be able to get a list of installed fonts.
I assumed it was a left over from the early days of the web before fonts were a thing.
I assumed it was a left over from the early days of the web before fonts were a thing.
Try implementing Photoshop as a web app without it.
I've never understood why someone would want to implement Photoshop as a web app.
Photopea.com is actually pretty great. It works on any device under the sun and it's free (ad supported, with a subscription if you don't want ads).
It's good enough that I stopped pirating a copy of Photoshop ages ago. Not perfect, but pretty close to it.
It's good enough that I stopped pirating a copy of Photoshop ages ago. Not perfect, but pretty close to it.
To some the browser is the platform, more than the operating system.
You may dislike the move. For me it has made the linux desktop more feasible.
I can order photos through a print shop online, without having to install a windows-only program (just as an example).
You may dislike the move. For me it has made the linux desktop more feasible.
I can order photos through a print shop online, without having to install a windows-only program (just as an example).
Given that the original Photoshop is a nightmare subscription service, I hope developers implement a version of it on all existing platforms.
You can ask for permission, like browsers already do for a ton of things.
Instead of that capability, couldn't there have been, e.g., <input type="font"> instead? Let the website ask the browser to show the user a list of installed fonts, and to pick a single one to tell the website about.
What I don't understand is, why can't we just have a browser that doesn't give any of those details that is used to determine unique a browser. It doesn't make sense to allow a website to have access to that info.
There are such projects. The problem is that so few people use such browsers that just having that browser is often enough to fingerprint you.
You mean like the tor-browser? It's not that they don't exist it's more that they're pointless if they're not used by lots of people.
Personally I'm more in favour of randomizing some of the properties. That way you don't need to rely on being unique. In the end it's all about how much information you're transmitting about your identity, and while picking a common value is one way of increasing entropy picking a random value is much more effective.
Personally I'm more in favour of randomizing some of the properties. That way you don't need to rely on being unique. In the end it's all about how much information you're transmitting about your identity, and while picking a common value is one way of increasing entropy picking a random value is much more effective.
The most popular browsers are all funded by advertising, which has entirely consumed the web.
You don't actually want that. Not giving up those details is information unto itself. You want a browser that gives up the same bits as everyone else's browsers so they can't tell it apart from the others.
I think we can? I mean, technically it's possible. Maybe it even already exists.
Unfortunately that particular test telling everyone their fingerprint is unique isn't very useful.
Try something like fingerprint.com, close your browser session, go back, and compare IDs.
On Tor Browser or Mullvad Browser, it should generally register each session as your first session, with unique IDs. If not, the useful life of the tracking should be short.
Relevant discussion: https://old.reddit.com/r/TOR/comments/qxt7di/tor_is_still_fi...
Try something like fingerprint.com, close your browser session, go back, and compare IDs.
On Tor Browser or Mullvad Browser, it should generally register each session as your first session, with unique IDs. If not, the useful life of the tracking should be short.
Relevant discussion: https://old.reddit.com/r/TOR/comments/qxt7di/tor_is_still_fi...
Thanks for the explanation
> My amiunique.org fingerprint is always unique.
Disable JavaScript. That helps a little bit. Keep js off by default on all websites, and enable it by individual bases.
https://addons.mozilla.org/en-US/firefox/addon/disable-javas...
https://apps.apple.com/us/app/stopthescript/id1588394487
Disable JavaScript. That helps a little bit. Keep js off by default on all websites, and enable it by individual bases.
https://addons.mozilla.org/en-US/firefox/addon/disable-javas...
https://apps.apple.com/us/app/stopthescript/id1588394487
>amiunique.org fingerprint is always unique.
Do we really have reason to believe this matters? Just because amiunique.org identifies users based on all possible metrics available from a website doesn't necessarily mean much:
- We don't know whether other websites actually use this same technique to attempt to identify unique users. In other words, there's no indication that normal commercial websites are taking every possible measure of the browser, assigning a UUID to that configuration, and then attempting to build a fingerprint based on that, rather than just using cookies, and perhaps other, more basic fingerprinting.
- A browser might give different metrics in private browsing mode, due to some plugins operating differently.
- A normal website (eg: google.com) observes a much, much wider list of potential browser configurations than amiunique.org. There's no reason to think that you'd be just as unique when compared to a much wider selection of possible configurations.
- Corporate solutions, such as fingerprint.com _can_ be tricked.
Do we really have reason to believe this matters? Just because amiunique.org identifies users based on all possible metrics available from a website doesn't necessarily mean much:
- We don't know whether other websites actually use this same technique to attempt to identify unique users. In other words, there's no indication that normal commercial websites are taking every possible measure of the browser, assigning a UUID to that configuration, and then attempting to build a fingerprint based on that, rather than just using cookies, and perhaps other, more basic fingerprinting.
- A browser might give different metrics in private browsing mode, due to some plugins operating differently.
- A normal website (eg: google.com) observes a much, much wider list of potential browser configurations than amiunique.org. There's no reason to think that you'd be just as unique when compared to a much wider selection of possible configurations.
- Corporate solutions, such as fingerprint.com _can_ be tricked.
> My amiunique.org fingerprint is always unique.
A bit of an aside, but I love that their data set consists of 26% Linux users and 41% Firefox users.
A bit of an aside, but I love that their data set consists of 26% Linux users and 41% Firefox users.
It’s the year of Linux on the desktop!
>primary browsing language is en-gb
Related to this, being multi-lingual on the web can be annoying. If I set my language to da-DK (my native), some non-danish websites will serve a poorly translated or machine translated version. But if I set it to en-GB a lot of danish web sites will serve an english translation, which I also don't want. I have to fiddle with this setting a lot. I wish I could set da-DK only for .dk TLDs.
Related to this, being multi-lingual on the web can be annoying. If I set my language to da-DK (my native), some non-danish websites will serve a poorly translated or machine translated version. But if I set it to en-GB a lot of danish web sites will serve an english translation, which I also don't want. I have to fiddle with this setting a lot. I wish I could set da-DK only for .dk TLDs.
[deleted]
> It seems like browsers were conceived at a time when surveillance capitalism didn’t exist and they still behave like thar
It's worse than that - the world's most popular browser was created by a company which gets most of its competitive advantage and, arguably, revenue from surveillance capitalism. The incentive to make fingerprinting hard is not just 0, it's negative.
It's worse than that - the world's most popular browser was created by a company which gets most of its competitive advantage and, arguably, revenue from surveillance capitalism. The incentive to make fingerprinting hard is not just 0, it's negative.
False. https://support.google.com/analytics/answer/9682282?hl=en
Google doesn't like fingerprinting. That may be because they already have all your identities and don't want competition, but they still don't like fingerprinting.
Google doesn't like fingerprinting. That may be because they already have all your identities and don't want competition, but they still don't like fingerprinting.
> Google doesn't like fingerprinting. That may be because they already have all your identities and don't want competition
Google sells ads. Of course they don't want you rolling your own fingerprinting. That's their job. I'd need to see a statement signed under oath to believe Google, itself, doesn't fingerprint.
Google sells ads. Of course they don't want you rolling your own fingerprinting. That's their job. I'd need to see a statement signed under oath to believe Google, itself, doesn't fingerprint.
If anything we need more settings, and more warning popups to go along with them that list or link to information on some of the breakage users can expect. Inform the user and let them decide.
Good. Brave's fiddling with WebGL causes >50% of my bug reports from 1% of users.
[1] https://github.com/mapbox/mapbox-gl-js/issues/10518
[2] https://github.com/mapbox/mapbox-gl-js/issues/8377
[1] https://github.com/mapbox/mapbox-gl-js/issues/10518
[2] https://github.com/mapbox/mapbox-gl-js/issues/8377
Is there a way to randomize a few inconsequential ones of these on each page load? i.e. subtle canvas rendering changes, report adding or removing a few installed fonts.
Could fingerprinting without consent be considered illegal data collection under gdpr? Why not? I thought device identifiers were included.
If it's not then it sure as hell should be. I'll go even further and say it should be considered an illegal search and a violation of personal integrity, both of which justify violence in self-defense.
Hey brave, get ride of crypto stuff and you’ll get users back
You guy are actually building a good browser
You guy are actually building a good browser
I don't understand why this complaint survives, it seems a myth at this point.
Open a fresh install of Brave. No crypto things are happening. There's one button inviting you to enable it, which you can dismiss with 2 clicks. It will never ask again.
Open a fresh install of Brave. No crypto things are happening. There's one button inviting you to enable it, which you can dismiss with 2 clicks. It will never ask again.
Every time I disable a Brave Rewards setting, a new one seems to pop up. It's in the address bar, it's on the startup page, it's in the sidebar quick menu, it's in another section of the startup page, it's in the tab bar when I open the browser settings, the crypto stuff is everywhere.
I wish they'd auto hide all that crap for you after you click "not interested in cryptocurrency stuff".
I wish they'd auto hide all that crap for you after you click "not interested in cryptocurrency stuff".
[deleted]
It’s pretty simple to turn all that off. It’s bloat, for sure, but can be made invisible.
If they could just fix the back-button on Brave iOS so it doesn’t occasionally pick a completely different tab, I’ll be happy.
If they could just fix the back-button on Brave iOS so it doesn’t occasionally pick a completely different tab, I’ll be happy.
> simple to turn all that off
Technically, in the browser, yes. Culturally, at the organization level, no.
Technically, in the browser, yes. Culturally, at the organization level, no.
[deleted]
sjwhevvvvvsj(3)
Just use Cromite. Brave already proved they can't be trusted.
May I ask why you think so?
I uninstalled brave as the story about injection affiliate links broke:
https://www.theverge.com/2020/6/8/21283769/brave-browser-aff...
Sorry I don't really understand your comment (English isn't my native language).
So there was / is a legitimate data structure which stores these affiliate links and someone accidentally used it as a source for the url auto completion?
I assume the legitimate reason to store affiliate links, are things like the widgets on the "new tab" page?
If that really was an honest mistake I'm sorry for spreading stories like this, without checking them first in more detail.
So there was / is a legitimate data structure which stores these affiliate links and someone accidentally used it as a source for the url auto completion?
I assume the legitimate reason to store affiliate links, are things like the widgets on the "new tab" page?
If that really was an honest mistake I'm sorry for spreading stories like this, without checking them first in more detail.
Brave published a blog post regarding this feature/news; you can read more (as well as see images of the feature in action) at https://brave.com/referral-codes-in-suggested-sites/. I hope this helps!
oh now i get it, thanks :)
I think this is likely because people who go on their way to switch to using strict mode are more likely to disable the telemetry as well.