Browser fingerprinting and https://noscriptfingerprint.com

Hi Brave Community,

I note the information previously provided:

I believe noscriptfingerprint.com defeats Brave anti-fingerprinting even in consideration of the advise supplied in the above links. Though my testing methodology may have a flawed.

Question: what is it that stops an adversary using more than one fingerprinting technique? They could easily use many - why not?
They could maintain two (or more) sets of data - why not?
Where the primary technique does not produces a signature, a secondary may be more accurate.

Where a browser appears unique or shows indicator of randomization, why can’t an adversary revert to a secondary fingerprinting technique?
Brave browser (by my testing) does not beat the test noscriptfingerprint.com

Question: what browser finger print protection does Brave provide where an adversary uses multiple fingerprinting techniques? How rigorous does Brave believe it’s self to be in this condition?

Where browser based randomization is implemented, how is the hardware detection not problematic without a hypervisor?

Kind regards,

Pililip

cc @pes for this.

Similar thread I think → Brave browser fingerprinting protection is useless - #10 by pes

Detailed response on the topic.

1 Like

Thank you all. As @chh_68 points out, the relevant details and response are in https://github.com/brave/brave-browser/issues/20268#issuecomment-1003189602

Hi Brave Community,

I am a technical learner, I read many of the links supplied though some were technical for me.

Would a simplified answer be that some fingerprinting (FP) test sights use a very limited and relatively persistent set of criteria that it would be usual for a user to produce a repeatable FP; and that also it would produce “false positives” where many unique users were also identified with the same FP?
Is the above (expressed here in this comment) the thrust, of the links that were forwarded to address my enquiry, about Brave being fingerprinted by noscripfingerprint.com?

I tested my devise on https://www.deviceinfo.me./. Brave produced a lot of blocked / randomised results. Could someone recommend a link on how this is done?

Philllip

I think you should revisit the links provided for GitHub issue and go through all comments on it step by step and try to understand them slowly. All answers to your questions are listed there.

It may or may not create “false positives” on a ‘very small’ website filled with trackers. On small/medium/big websites, it will definitely create false positives. Users will not get fingerprinted easily on big websites considering Brave’s current anti-fingerprinting protections both in standard and aggressive mode. Also, work on new data to be randomized has already begun.

Could not understand what you meant by this para.

Again, go through the Brave github privacy section or brave main website privacy blogs. You will get a lot of info from there.
Data is randomized/farbled so that each session/website will have different data. Entropy is also lowered so that they will get less info on a user. ‘On how it is done’:- It’s in the code of brave. It is quite techie thing and will be out of scope from user perspective.