Fingerprint protection built into Brave browser’s nightly build in part relies on randomized API values that are imperceivable to humans, but distinguishing to computers / fingerprinters.
I am wondering whether this strategy for fingerprint protection could be defeated by a process that works something long the lines shown in the image below:
Since randomization of API parameters is limited to ranges beyond human perception, could a fingerprinter map values within ranges to just one value within the range, the same value regardless of browser, session etc?
I guess this strategy could be described as making the random values look the same, by, in effect, rounding the api values.
It is sort of as if 10.472095739571 is randomized by picking random numbers between
10.465000000000 and
10.474999999999
In this scenario, Brave fingerprint protection relies on the fingerprinter calculating 50,000,000 different fingerprints depending on which value comes in from the browser between 10.465000000000 and 10.474999999999. For sake of discussion, imagine humans can perceive differences in this parameter only to two decimal places. That would imply the random value sent by Brave to the fingerprinter will be a random number between 9.465000000000 and 10.474999999999 inclusive. If the webserver knows that parameter is perceptible to two decimal places, could the web server translate all values received from within that range to one value of the web server’s choosing. Randomness gone?