Suggestions for Brave improvement

Best regards!

I have been using the Brave browser for a long time under Windows, Linux and Android. I am very satisfied with it, the most important thing for me is fingerprint protection.

  1. First, accessing the link https://coveryourtracks.eff.org/

the earliest result on photo 01.jpg is very good!

On the other hand, there are quite a few clues that it would be good if you could eliminate them in further development, because they are very important in the fingerprint protection:

  1. in the HTTP-Accept Headers section, the supported language should not appear, because this reveals a lot about the language of my operating system. This should absolutely be hidden! See picture 02.jpg

  2. In the same link that I wrote, the Timezone is completely clear, based on this the fingerprint and the user can be easily identified, it would be good to either make this random or hide it. See jpg 03

  3. On the same link, System Fonts reveals a lot in the fingerprint, it would be nice to make this random, or hidden, or N/A

See 04.jpg

  1. In the Language section of the same link, unfortunately, the language is clear, so it is a great clue when determining the fingerprint, it could be N/A or disguised in some other way. See 05.jpg

  2. On the same link, the Time Zone Offset reveals a lot about the user’s location. This could also be N/A or random or hidden. See 06.jpg

  3. The Plugins Informations are clearly visible in the ipleak.net leak. These also mean a lot in the fingerprint. It would be nice to have N/A, or hide, or None. See 07.jpg

  4. Here, too, the problem is the same, under HTTP-Request Headers, the operating system and the local language setting are visible again, this should definitely be removed.

So I would write this much for suggestions, I am sure that if the developers of Brave made the improvements I described, then the Brave browser would be the most secure, untraceable and best browser that ever existed at the moment! I think it would be worth it for you too!

I am really looking forward to my suggestions finding a solution, because the described problems do not occur with the Tot browser, for example, They solved it, so there is a solution, only Tor is unfortunately very slow, because of the many security issues.

So I am waiting for your steps! Greetings: TuZo



03

Here are the other 4 pictures:
05
06
07
08

1.) You cannot just put no supported language (NA language) in the http header. A website needs to know in what language to render otherwise it will break websites for 99% users.
Appropriate thing is to put your language to En-US both at browser and OS level. And not to add other language packs (secondary language installed)

2.) Timezone is also important for webpages to render. Eg, whatsapp messages.
Right now, brave (chromium) timezone is picked from the OS instead of internal directory unlike firefox RFP.
So, to change your timezone (either setup as GMT or randomize it) it needs to manually on OS level. On Linux, you can change OS timezone to GMT and then add a widget to show your actual regional timezone.

timedatectl
sudo timedatectl set-timezone UTC

3.) Font and Language fingerprinting is already improved quite lot in brave https://brave.com/privacy-updates/17-language-fingerprinting/

4.) https://github.com/brave/brave-browser/issues/11770
V1 and v2 are already done

Best regards! Thanks for your reply and tips. I read the description of the Brave browser fingerprint on the link, so I am very impressed by the serious work they have done. In today’s world, unfortunately, there are a lot of scams, when a browser is claimed to have good protection, etc., but it’s actually just advertising. In your case, this is a reality!
Let me take your suggestions one by one:

  1. I solved the language problem by turning off the second language in the Brave browser, so everything is fine, thanks for the tip.
  2. Let me start first under Linux, which I run under VIrtualBox: everything is fine there, with one exception: in the Plugins section, which I mentioned last time, you coded it. Unfortunately, this makes the fingerprint even more unique, and no, talking about the word Brave can also be read there, and this is unique again. I checked the Firefox and Tor browsers, which are weaker than yours, and it says “Not information available” for the plugins. Yes, this is an elegant solution. I would expect you to do this as well, there is no explanation why it should not be done. I hope their great professionals will fix this soon!
  3. There are more problems under Windows, which is understandable. Here, I easily solved the Timezone problem with the extension called Change Timezone, I set the time zone I want there, and I don’t influence the time zone of my system.
    It was also possible to randomize the Font section with the Font Fingerprint Defender extension.
    Furthermore, with the Browser Fingerprint Protector extension, it is possible to make the mentioned Plugins invisible, but only under Windows, because here Brave remained random, but if I installed this extension under Linux, it immediately became unique there, which is not good.
    So it looks like the Plugins section remains unresolved, which I hope will be resolved as soon as possible and not explained! Brave browser is worth it, very valuable and safe and fast browser! Keep it up!
    Sincerely, TuZo
    PS: I have a question: the timezone can be randomized manually on Windows too, or only on Linux? How? Thank you.

chh_68 via Brave Community <notifications@brave.discoursemail.com> ezt írta (időpont: 2022. aug. 10., Sze, 12:57):

No idea on other stuff as your running VM and windows.

There is also this extension https://github.com/z0ccc/Vytal but it is only per tab basis.

There is another discussion going on similar topic, check it Privacy guidance please - browser fingerprinting defences

As far as I know, plugins/extensions cannot be made invisible right now. Not on any browser even on official tor browser.

Greetings! Thank you very very much for your letter and your extensions link!
If I was not understanded correctly, excuse-me for bad English, I want to told, that if I run the ipleak.net, at the Plugin informations I can se:

  1. At the Tor MOTHING (see the attached picture named ipleak-tor.jpg)
  2. Az the Firefox I see ALL THE INSTALLED PLUGINS (so bad) (see the attachment)
  3. Az the Brave I see ALL THE PLUGINS? but CODED, but it is included the Brave name too, and this is bad for unique fingerprint.(see the attachment)
    So I asq, if you can solve this, like the Tor!
    Thank you!
    Have a nice day!

chh_68 via Brave Community <notifications@brave.discoursemail.com> ezt írta (időpont: 2022. aug. 11., Cs, 11:07):

Greetings, here are some non unique problems, what I told the Plugins, and others, you can see in the attached files. Can you solve these?
Thank you: TuZo

Tuzson Zoltan <tuzo60@gmail.com> ezt írta (időpont: 2022. aug. 11., Cs, 9:22):

This topic was automatically closed after 30 days. New replies are no longer allowed.