Random Fingerprint not working

Deng3h · December 29, 2020, 11:18am

Description of the issue:

Brave unique fingerprinting DOES NOT work

How can this issue be reproduced?

https://browserleaks.com/canvas
Fingerprint value does not change after page refresh
Same behaviour when loading page in a new tab

Expected result:

Unique fingerprint value on every page/site visit

Brave Version( check About Brave):

1.18.75 Chromium: 87.0.4280.101 (Official Build) (32-bit)

Additional Information:

Android

Mattches · December 30, 2020, 7:53pm

@Deng3h,
Presently, you should get a new fingerprint given the following conditions/actions:

Moving from one site to a different site (measured as eTLD+1). So example.org will get a different fingerprint than example.com or other.org, but the same fingerprint as sub1.example.org. Note that this is determined by the top level page (whats in the URL bar), not the immediate frame.
Moving to a different session (ex. Private browsing vs normal browsing, clearing all data).
Restarting the browser.

The reasoning behind this is that being able to link/identify a user via fingerprinting without crossing those boundaries isn’t useful to trackers (they can already easily re-identify you otherwise), so reloading the page without closing the browser, or clearing data wont reset the fingerprint, because there’d be no benefit to doing so.

Deng3h · December 31, 2020, 12:21pm

Thank you for taking the time to explain the workings of FP as it is currently. Quite insightful. I can confirm suggestion 2 to give a different fingerprint. Currently don’t know how to test suggestion 1. 3 I should just assume should work out of the box (opened too many tabs to test this on mobile data )

Though this must have been recent change in the way Brave handles fingerprinting. A refresh would give a different FP in the previous versions. As would 1,2,3.

Am curious to know why this was removed? Wouldn’t be safer to keep it. To my knowledge, the old method did not break any sites. AFAIK Librefox browser has an FP masking method identical similar to the old one.

Am I missing something as to why this was changed? Esp given condition 1 which is not to my *little knowledge testable.

Mattches · January 5, 2021, 7:24pm

@Deng3h,
Sorry for the late response.
There was never a point to my knowledge where the browser would give you a new FP on refresh, unless it was a bug we had at some point. But other than that it was not ever the intentional behavior.

Further, after discussing/confirming with our senior privacy researcher, some reasons you wouldn’t want a new fingerprint on refresh:

If each reload/document gets a new fingerprint, then the site could knowingly get multiple fingerprintings, which opens up the possibility of some statistical attacks to “undo” the randomness.
It allows the site to know you’re deploying counter measures, which sometimes causes the site to “retaliate” / remove content / or otherwise attempt to workaround those measures.
Theres no privacy benefit of doing so, as a site that wants to re-identify you across page refreshes will just use a cookie or localStorage rather than your FP.

Hope this helps!

system · February 4, 2021, 7:24pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Brave Mobile not protecting against fingerprinting? Mobile Support android	7	1020	April 12, 2023
Brave browser fingerprinting protection is useless Browser Feedback privacy	12	4656	January 5, 2022
Random fingerprint doesn't work with webdriver	1	314	September 14, 2022
Brave Nightly doesn't randomize fingerprinting value Nightly Builds windows	9	1451	September 10, 2020
How reliable is fingerprinting protection? Mobile Support android	1	568	July 14, 2021
Finger printing isn't working? Desktop Support macos	6	723	May 9, 2019
Fingerprint Randomization Stopped Working Nightly Builds	4	1446	March 30, 2020
Fingerprinting NOT Working Mobile Support android	2	271	November 26, 2020

Random Fingerprint not working

Related Topics