Skip to content

Fingerprinting Protections

Sampson edited this page Sep 29, 2021 · 29 revisions

What is Fingerprinting Protection?

Fingerprinting Protection is a privacy feature that makes it harder for sites to track you while you browse.

Technical details

Brave includes best-effort defense against browser fingerprinting. Broadly speaking, browser fingerprinting is the detection of browser and operating system features that differ between users for the purpose of covertly identifying users and tracking them across the web. Although fingerprinting attacks will always be possible, it is worthwhile for us to make these attacks as slow / costly / difficult as possible.

Brave includes two types of fingerprinting protections, (i) blocking, removing or modifying APIs, to make Brave instances look as similar as possible, and (ii) randomizing values from APIs, to prevent cross session and site linking (e.g. making Brave instances look different to websites each time).

In cases where we block, remove or modify API behavior, we attempt to return empty, or non-identifying values, that have the "shape" of expected values, to minimize web compatibility issues.

In cases where we randomize API values, we attempt to make modifications that are imperceivable to humans, but distinguishing to computers / fingerprinters. These randomization values are derived from a seed that changes per session, and per eTLD+1. Third party frames and script share the seed value of the top level, eTLD+1 domain. This approach is especially useful in fingerprinters that hash together a large number of semi-identifiers into a single identifier, since randomizing just one value "poisons" the entire fingerprint.

Why does panopticlick.eff.org or some other site say that I am fingerprintable?

These sites wrongly detect Brave as identifiable because they are designed to measure a different form of fingerprinting protection than Brave uses. Most tools try to make as many browsers look identical as possible, and sites like panopticlick.eff.org look to see if your browser matches any they've seen previously. If not, then they determine that you're fingerprintable.

Brave's system for protecting users against fingerprinting works differently. Instead of trying to make Brave users look identical (a goal that is not achievable for many users in many cases, without breaking websites or turning off useful browser functionality), Brave tries to make you look as different as possible, for each website, for each session. This prevents browsers from identifying you when you visit other sites, or when you return to the same site in the future.

Brave uses this anonymity-through-randomization approach for several reasons including i) it better protects users with browser / computer / language / etc configurations, and ii) its more web compatible, since it doesn't require disabling browser features.

More information about Brave's "privacy through randomization" systems can be found in the following blog posts:

How to check that it's working

See https://community.brave.com/t/fingerprinting-how-do-we-know-its-actually-working/134536

Differences between "standard" and "strict" protections

Brave has two levels of fingerprinting protections. In the default, "standard" configuration, Brave adds subtle noise to APIs commonly used for fingerprinting. This small amount of noise is enough to make you look different to fingerprinting scripts, without breaking websites, and will provide good protections against web-scale online trackers.

Brave also includes a "strict" option. When set to "strict" mode, Brave only returns random values from APIs commonly used by fingerprinters. This provides a higher level of protection against highly determined attackers, who may attempt statistical and / or targeted attacks to identify users. This mode will also break websites who depend on these features to work correctly.

Fingerprinting methods randomized

Progress on the randomization for additional fingerprint-able sources can be found here: https://github.com/brave/brave-browser/issues/8787

Fingerprinting methods blocked

TODO

Further reading

Clone this wiki locally