Hi, I’ve recently discovered a site (https://fingerprint.com/) that claims to be able to identify user clients with 99.5% accuracy to allow “engineers to prevent fraud, improve user experiences, and better understand their traffic”.
There could be legitimate use cases for this technology - as is with fingerprinting in general; but the obvious downside would be advanced tracking of users and a less private experience for users on the web.
I’ve noticed that Brave has the option to “aggressively block fingerprinting” in the desktop browser. A “block fingerprinting” setting is also available on the mobile iOS version. However, with these enabled, the fingerprinting protection doesn’t seem to do anything to protect against this form specifically.
I used the website (https://fingerprint.com/) and clicked “View Live Demo” to understand what it was capable of. On my phone, I opened the site in Brave, Brave Private, DuckDuckGo, and all of these options with a VPN as well. It was able to identify my device with the same, unique identifier in all scenarios. It also was able to understand that my PC accessing the same site on the same IP was still me and gave me the same ID for both devices. I encourage users to try this for themselves.
My question is, what is Brave actively doing to prevent this technology from being used to track users across the web? The “block fingerprinting” setting didn’t seem to change anything. I also wonder if there is a way for Brave to prevent against this type of tracking in the future as more companies/sites will invest in this advanced fingerprinting technology. A less accurate (“base”) version of the same tool is open source, and available on their GitHub page (https://github.com/fingerprintjs/fingerprintjs/).
Thanks for reading.