EFF Panopticlick and Brave


#1

The Electronic Frontier Foundation has a web site at https://www.privacytools.io/ about Privacy on the Internet.

Brave is a recommended browser. As are Firefox and Tor. Good.

Below the browser recommendations is a way to test the browser fingerprint. When I run that test in Brave for OS X, version 0.12.14, I get the following results even though Fingerprint Protection is enabled in Shield Settings.

I thought the team might find it useful as a small tweak (which I would have no idea how to make) might allow Brave to pass this test.

Thanks for a great browser and this forum.

Clark Venable


#2

I just tried this and my fingerprint turned out slightly smaller than yours, Clark…15.96 bits
You’d have to do some math to try to sort out which of the things listed in the test add up to your fingerprint…and this is a super good example of “a bit here, a bit there” adding up, I think…but those bits mean a LOT to the 5/9/14 eyes watching us…and like they can’t have my real fingerprints or DNA, I’d rather they didnt have anything digital of mine either.
So yes, I’m throwing my +1 behind finding tweaks to enable passing EFF’s test


#3

Thanks so much for pointing this out! I filed a ticket against our browser repo so we can investigate! https://github.com/brave/browser-laptop/issues/6244


#4

Hi, that’s been discussed/answered here:

…but I’d say that a definite problem arises, since users are naturally going to think that Brave fails on canvas fingerprint protection.

What happens is that everybody using Brave ends up with the same spoofed hash ( 891f3debe00dbd3d1f0457a70d2f5213). But there’s no way for users to know that except by asking on a site such as this one.

I’d think that it’s better to have a hash with some randomization. Brave won’t be identifiable as Brave because of the constant hash. Brave currently uses the Chrome useragent, but this hash nevertheless identifies Brave. On sites like my local newspaper, that’d very likely make me uniquely identifiable.


#5

You would like to take a look at this:

Also you could check related issues here: https://github.com/brave/browser-laptop/issues?q=is%3Aopen+is%3Aissue+label%3Amisc%2Fpanopticlick


#6

P.S. I wouldn’t automatically trust Firefox to protect users from privacy invasions by any megacorporation. They took $3Billion and then some more from google, after all. They then had that mysterious “bug” wherein the google cookie was built in to the browser and couldn’t be deleted - fancy that. They could easily use Piwik (as does eff.org and brave.com) but instead use google analytics on mozilla.org. They have that new “Glass Room” site to illustrate how people get spied on yet include google spying on that very site. On and on.


#7

Also, AFAIK “Do Not Track” is deliberately off by default. But you can turn it on. It’s generally considered a joke as any site can violate that at will and nobody cares. It’s kind of like saying “pretty please don’t track me”.


#8