A Controversial Topic

So here’s yet another controversial topic on this forum form a long time: Browser Fingerprinting & User Agents.

Let’s just assume we all have seen this :

AND

Thanks to @ddns & @p2pvspyramids on this topic :

A thought stuck my mind and I did a little digging.

See, browser fingerprinting basically implies to the fact that it is a process to identify a particular person or a particular group of people in a crowd of thousands who visited a particular webpage by considering and calculating the similarities in their behaviour and their machine’s behaviour.

Brave doesn’t really succeed in protecting users against browser fingerprinting. I did a basic panopticlick test that uses extremely simple methods to identify a users. I took this test on 6 separate devices of my family members whom I inspired to use Brave.
Turns out, brave does not do what was expected in their so claimed “Browser Fingerprinting Protection”. I’ve seen their info page about the fingerprinting topic and I found that it really misses the core fundamentals to protect users again fingerprinting.

The 6 different iOS & Android devices I used showed different fingerprints, each having different UserAgent including their device built number, device manufacture, device manufacturing batch ID and the system of device brave is being used on. And trust me, as a learning web developer… this is A LOT OF DATA that could be used to target a specific user.

Surprisingly, Firefox by default performs wayy better in fingerprinting protection [60.0] and they are even going to introduce features like blocking ad-trackers and cryptomining scripts by default in their soon coming next release in October.

Exposure of data like browser UserAgent Is not a good thing especially when you claim to have a separate “fingerprint protection” feature.
What I’m trying to say is, if brave is really considering to advertise itself as a privacy focused browser, then throwing out different fingerprints for different users even with the “fingerprint protection” feature enabled, doesn’t put a good impression especially now that Brave is introducing features like Tor integration. Tor itself was made to circumvent censorship & surveillance and providing better anonymity by masking users with same fingerprint so that websites cannot make a database about the users by differentiating them individually.

To be brutally honest, brave’s default fingerprint protection doesn’t standout against today’s tracking & fingerprinting methods users. Don’t get me wrong, I love brave, which is why I’m trying to improve it.

What could really help in this situation?
A specific UserAgent for particular device. Let me make myself more specific. I’m trying to say that if there was a useragent, let’s say depicting Android 7.0 for all users of brave on All android versions, that could do the trick. If brave could set default user of iPhone 7 for all brave users on iOS, that could also do the trick. Similarly Depicting a Windows 7 for all brave users on all versions of Windows can at least minimize the uniqueness of fingerprints.

I would love to hear thoughts of the brave community on this :slight_smile:

Just quick, with Brave Core / version 1.0 this detection may not work anymore.

That aside… for one, a unique user agent would make it trivial to identify the browser (I don’t understand how this could help, IMHO it would give the “detectors” another bit of data to help with identification) and with Brave’s market share being much below Chrome’s market share (and IMHO little chance to turn that around), I’m rather pro “sailing under a false flag” - provided that it can’t be identified by other means.
But that:

That’s IMHO a bug! Of course they should all have the same user agent. It may be important to tell the screen size / resolution but not more. (Btw. I just tried the test with CyberDragon which is really the least trackable browser ever, built-in blocking and very simple cookie control (much like Brave), but here it doesn’t matter much, once you close it, it forgets everything, cookies, history and all there is - and it has a “nearly unique fingerprint”. There’s a bug, too, it spews out all plugins it could possibly use, the disabled ones included. Still better than Brave :frowning: )

But your post contains something else:

(Bold by me) I’d be very interested in how that part is done.

1 Like