Brave stops worries, not tracking - my experience testing brave privacy promises

Hi!

I have to begin by saying that feedback presents an opportunity for improvement, hopefully this won’t be taken as an insult.

I been testing brave for a few hours and it seems the “enhanced privacy” promises hold almost no water whatsoever.

I used the most hardened security and privacy settings, including disabling 3rd party and cross-site cookies, the strictest ad blocking and tracking prevention, even webrtc over UDP etc.

Now there are several tiers of browsers when it comes to privacy. Hardened Firefox browsers (librewolf on desktops, mull on Android) are the top tier but they require huge sacrifices when it comes to convenience. Most websites are optimized for chromium and some don’t behave well in a Firefox based browser, Firefox is significantly slower and performs worse than chromium based browsers especially on Android (Firefox Android is very poorly made), and Firefox doesn’t even support 120hz on Android.

Then you have somewhat private browsers like Vivaldi. You get the performance and speed advantages of chromium with solid ad blocking and tracking prevention and basic fingerprinting resistance. Vivaldi is also extremely good when it comes to security, with synced data being end to end encrypted with a password that you set yourself.

Brave performed worse than any of the above in my testing.

The browser failed even the most basic privacy tests. If you go to privacy.net/analyzer and then click on user accounts, you’ll see that brave leaks the types of accounts you’re logged in to (Google, yahoo, Facebook, etc). This is something that Vivaldi passed. Also, if you click on fingerprint analysis in the same page, you’ll see that brave doesn’t hide anything about the platform or browser you’re using. Hardened Firefox lets you completely spoof this information by modifying settings in about:config and using an add-on like chameleon. Vivaldi isn’t nearly as flexible here, but even Vivaldi spoofed chromium engine iteration in my testing. Brave didn’t.

Next, I went to fingerprint.com (they have the strongest fingerprinting implemention in my experience) and scrolled down to their live demo to check their generated fingerprint. This fingerprint is linked to you and changes if the website fails to accurately id and fingerprint your browser. In hardened Firefox, clearing cookies or using incognito mode tricks the website into thinking it’s someone else using a different browser and generating a new fingerprint string. Vivaldi fails this test even in incognito mode. Brave is the same as Vivaldi.

I could keep going on but I don’t wanna make this thread too long. The summary is, when it comes to privacy, Brave didn’t do better than Vivaldi in any of my tests, actually it did worse in several key areas. Hardened Firefox handily beats brave in every privacy category.

Now, I’m not saying everyone needs the level of privacy provided by librewolf or mull, and I will admit that brave does admirably when it comes to speed and performance (beats Vivaldi by a small margin) but I think most people use Brave because it promises enhanced privacy, and on this front it doesn’t seem that brave delivers at all. I mean it’s not terrible, it’s just no better than anything that’s not edge, chrome, or opera. In my experience, the only thing that Brave provides (as of the time of this post) is the illusion of privacy.

Sorry if this was too long, and I’m 100% open to being corrected if I missed anything. I would love to use Brave (being a true FOSS project) if these issues are addressed and if enhanced privacy becomes a reality instead of a promise.

2 Likes

@saoiray would you share the info shared by developers. I guess I had read a post by you about a similar case. If not you, maybe just tag the appropriate team member for this. Thanks so much!

Brave android did allow a lot of trackers according to my test, and using DuckDuckGO tracking blocker app. The only android browser that did block all trackers is Firefox!

Brave was better than Firefox in ad blocking, and the best ad blocker built in for a browser was Brave (among the others: chrome, edge, Firefox, vivaldi).

I don’t have this issue (windows 11)

Not an issue. Unsure if it was back then and been fixed, or what?

And what’s interesting is the information from that is completely wrong. Such as how it says I have Windows 10 when I have Windows 11. It’s not like Brave hides that info as well. So that website is trash.

This website is smoke and mirrors. They primarily look at your IP address, location, cookies, and browser type. Then they assume that it’s the same person. But let me show you here.

Normal Window:

image

Incognito

Let me give you a close up there:
image

Just to clarify, Brave does a lot of things that some of these sites don’t test on. For example, they might assume a cookie means they are tracking. But Brave has Ephemeral Storage. This means it “allows” the cookie but it’s self contained and Brave erases it when you close out of it all. You may wish to read more at https://brave.com/privacy-updates/7-ephemeral-storage/

Brave randomizes a lot of little details about us, which are the things most sites generally use to fingerprint and track users. These are details like which screen size we’re using, fonts available, languages (if using more than 1), etc.

To be clear, things that Brave does not randomize and will always be shown will be:

  • Web browser
  • OS
  • Time Zone
  • Primary Language
  • Graphics card type (such as if NVIDIA and all)

There might be more, but those are primary that are top of my head because I used to get concerned. Brave used to randomize or hide all of that information but then people had tons of compatibility issues. That info in itself doesn’t specifically fingerprint anyone and so Brave decided to ease up on it.

Last thing to mention: Brave’s security and privacy team has said they aren’t worried about 1st party site being able to identify us when we return to their site. The big focus is on cross-site tracking.

It may actually help you to read the Github at https://github.com/brave/brave-browser/issues/14031#issuecomment-818968276 where they are specifically talking about fingerprint.com.

I went to both of those sites and it had NONE of my information except that I was using Brave 120.0 and that’s not a deal breaker for me. Brave has performed really well considering I’ve been using it all day, every day researching for a couple of years.

Although, I have noticed that Brave Search has gotten a censory. It was really great bringing up a variety of sources but it’s not doing that anymore. Not a big deal because there’s others to choose from.

Decided to reply after I saw you write that “Vivaldi is somewhat private browser”.

Vivaldi is one of the worst. Please check https://privacytests.org/.

Also, I’d suggest you check out the Techlore (https://techlore.tech/resources). They have transparent, evidence based methodology in regards to software and services and topics of security, privacy and anonymity.

This website http://privacy.net/ seems doesn’t seem to be credible - it lists NordVPN as the best privacy choice when they don’t have an open source client, they don’t post transparency reports and they their marketing isn’t honest. At they same time it doesn’t mention VPNs that do have these advantages such as iVPN, Mullvad, Proton VPN.

As for http://fingerprint.com/, there’s a post about it here https://github.com/brave/brave-browser/issues/20268#issuecomment-1003189602