Partially correct. There are tons of little details that get randomized. Right now you’re looking only at canvas. Typically canvas stays the same in other browsers, even in a private window or after browsing data is cleared. Brave randomizes canvas but requires browsing data to be cleared before it generates a new one.
Canvas fingerprinting in Brave requires you to clear browsing data to trigger a new randomized fingerprint because Brave stores a per-site seed for canvas spoofing. This design choice balances privacy and site compatibility, and avoids making your browser stand out due to constantly changing fingerprints.
Let me see if perhaps ChatGPT might help me explain things a bit more clearly. I’ll quote its reply below:
Why canvas fingerprinting behaves differently:
- Canvas fingerprinting uses persistent seeds:
Brave assigns a random “seed” per site to generate fake canvas fingerprint data. This seed is persisted (stored) so that canvas-related behavior appears consistent during a browsing session or across multiple visits — unless you explicitly clear browsing data.- Consistency vs. detectability:
If Brave randomized your canvas fingerprint every time you visited a site, that inconsistency would ironically make you more unique. A site could detect the frequent changes and conclude you’re using a browser with anti-fingerprinting, which defeats the point.- Randomization on data clear = reset of fingerprinting profile:
When you clear browsing data in Brave (cookies, cache, etc.), it resets the per-site fingerprinting seeds — which includes canvas. That makes Brave re-randomize them on your next visit to each site.- Other fingerprint surfaces may randomize differently:
Some fingerprinting protections (like User-Agent, screen resolution spoofing, or WebGL noise) may apply transient or session-based randomization rather than site-bound seeds. This gives the impression that “everything else” changes upon relaunch, but those surfaces are inherently different in how they operate.
To reiterate what I said earlier, the protections aren’t to prevent websites from recognizing that you have returned to them. It’s about preventing them from knowing what websites you visit after you leave their website.
There are certain types of data that also remain the same each time. For example, your WebGL will reveal your graphics card if you have graphics acceleration enabled. Brave has randomized some of these things before but then websites kept breaking. They have made adjustments to find the delicate balance between usability and privacy.
I’m not sure if you have seen https://github.com/brave/brave-browser/wiki/Fingerprinting-Protections yet but if now, would suggest you check it out as well.
In addition, I’ll quote someone from Brave on other aspects:
Also: