So here’s yet another controversial topic on this forum form a long time: Browser Fingerprinting & User Agents.
Let’s just assume we all have seen this :
A thought stuck my mind and I did a little digging.
See, browser fingerprinting basically implies to the fact that it is a process to identify a particular person or a particular group of people in a crowd of thousands who visited a particular webpage by considering and calculating the similarities in their behaviour and their machine’s behaviour.
Brave doesn’t really succeed in protecting users against browser fingerprinting. I did a basic panopticlick test that uses extremely simple methods to identify a users. I took this test on 6 separate devices of my family members whom I inspired to use Brave.
Turns out, brave does not do what was expected in their so claimed “Browser Fingerprinting Protection”. I’ve seen their info page about the fingerprinting topic and I found that it really misses the core fundamentals to protect users again fingerprinting.
The 6 different iOS & Android devices I used showed different fingerprints, each having different UserAgent including their device built number, device manufacture, device manufacturing batch ID and the system of device brave is being used on. And trust me, as a learning web developer… this is A LOT OF DATA that could be used to target a specific user.
Surprisingly, Firefox by default performs wayy better in fingerprinting protection [60.0] and they are even going to introduce features like blocking ad-trackers and cryptomining scripts by default in their soon coming next release in October.
Exposure of data like browser UserAgent Is not a good thing especially when you claim to have a separate “fingerprint protection” feature.
What I’m trying to say is, if brave is really considering to advertise itself as a privacy focused browser, then throwing out different fingerprints for different users even with the “fingerprint protection” feature enabled, doesn’t put a good impression especially now that Brave is introducing features like Tor integration. Tor itself was made to circumvent censorship & surveillance and providing better anonymity by masking users with same fingerprint so that websites cannot make a database about the users by differentiating them individually.
To be brutally honest, brave’s default fingerprint protection doesn’t standout against today’s tracking & fingerprinting methods users. Don’t get me wrong, I love brave, which is why I’m trying to improve it.
What could really help in this situation?
A specific UserAgent for particular device. Let me make myself more specific. I’m trying to say that if there was a useragent, let’s say depicting Android 7.0 for all users of brave on All android versions, that could do the trick. If brave could set default user of iPhone 7 for all brave users on iOS, that could also do the trick. Similarly Depicting a Windows 7 for all brave users on all versions of Windows can at least minimize the uniqueness of fingerprints.
I would love to hear thoughts of the brave community on this