Brave removes strict fingerprinting protection

What do you all think about this?

7 Likes

Fewer than 0.5% of Brave users are using Strict fingerprinting protection mode, based on our privacy-preserving telemetry data.

The telemetry is opt out so most people using strict mode are likely not being counted there.

13 Likes

I use it and I can count with one hand the websites that gave me trouble over the span of several years

5 Likes

Here’s the pull request for more context
https://github.com/brave/brave-browser/issues/31229

2 Likes

This was my thought as well, obviously people who go out of their way to use enhanced privacy settings will also be less likely to leave telemetry enabled.

BUT even if that wasn’t the case. Brave claims over 50 million users, meaning that 0.5% would still be half a quarter million users using strict mode which is still a decent sized crowd to blend in with (quite possibly more than the entire active userbase of Mullvad Browser)

I don’t recall strict mode breaking websites in my experience.

In my opinion this is the reason Brave is discontinuing it, (the other stated reasons seem like just attempts to justify the decision):

Maintaining Strict mode and debugging why some websites are broken on Brave takes our engineers’ time away from focusing on default privacy protections that can benefit all of our users.

2 Likes

I see you’ve been keeping up with that github issue for a few months now, I’m curious what your perspective is on this change?

1 Like

They already warn that it can break websites, perhaps they could simply stop dedicating resources to debug such issues

2 Likes

I’ve used Brave as my main browser with aggressive fingerprinting enabled for around 3 years and have only had issues on google docs and maybe two or three other sites. I’m of the opinion that many features of aggressive fingerprinting mode can be moved into normal fingerprinting mode, or made into their own toggles in shields, due to how few sites I’ve seen break from this feature.

Dark mode detection (makes sites think you’re using light mode) - should be made an option in shield settings since many users are confused by this feature or don’t like that it can’t be toggled on its own.

For navigator.useragent farbling, there may be multiple reasons why Brave doesn’t want to hide the user’s browser by default, but in my use case, I haven’t seen many reasons why this would be the case, so I’m of the opinion that this feature could be slowly implemented into default fingerprinting protection.

For WebGl fingerprinting, I would love to see this implemented by default, but I understand that it may lead to site breakage. Especially for browser games and sites heavily reliant on WebGl, it’s hard to not break sites while maintaining privacy.

Overall, I’m happy with how they handled this, I’m a big fan of Brave’s goal of making users all have a similar fingerprint, so this inches us closer to that goal. Also I was happy with their blog post and their outlook on focusing resources towards a single option and having that as the default. The main result that I see coming from this is more privacy protections enabled by default, and more privacy options that can be toggled by users.

5 Likes

Brave is actually working on automating fixing filter lists that cause site breakage, so that should fix your issue :wink: This is still very early in development and they haven’t revealed anything yet.

Full thread for context:

1 Like

read: most people who configure Brave using the PG recommendations :grin:

2 Likes

It’s around 250 thousands, or 1/4 of a million.

3 Likes

50 million users, meaning that 0.5% would still be half a million users

It’s around 250 thousands, or 1/4 of a million.

Oops that’s embarassing… :smiley: You’re right.

(I’d say ‘math is hard’ but in this case the math was dead simple and I still got it wrong :roll_eyes: )

5 Likes

Hence why they disable a feature first before such “replacement” enter production builds, or is mature enough ?

1 Like

Are you referring to them removing aggressive fingerprinting or their Star++ software? The two are correlated, but not directly linked.

Dare to explain?

@wojciechxtx The whole purpose of their research into their project with the Star++ protocol is to fix site breakage with their filter lists, and a big reason they listed for removing strict fingerprinting was because of site breakage. So a lot of resources go into fixing site breakage, and this research could potentially lead to advancements in fingerprinting protection with easier ways to fix broken sites that result from this better protection.

2 Likes

Which site breakage? I have used strict fingerprinting protection for a long time and almost never had a site break because of it. I can’t believe that this is a big problem in practice, especially since most users using strict protection should be knowledgeable enough to try the other protection levels to fix the problem for a website.

3 Likes

Same here with strict mode. Seldom problems.
But I’m thinking more in direction Google Manifest V3

This seems to be the consensus among everyone who actually uses strict fingerprinting protection, at least here on Privacy Guides, and on the Techlore forum.

Maybe we just have a higher tolerance for what we consider “breakages”, or maybe we are less likely to visit the sort of website that would be broken by strict fingerprinting protection. OR Brave is just exxagerating the point since they made the decision to discontinue it and need to justify that decision to users. My guess is that there is a little bit of truth to each of these reasons.

3 Likes

IMO, I agree with the reason to better maintain and improve the standard fingerprint blocking mode in Brave, which is already stricter than other browsers, and it’s on by default, so an average Joe who downloads and uses the browser as-is would be protected.

For example, on https://coveryourtracks.eff.org/,

  • I tested with Brave 1.61.120 (standard fingerprinting block), my result: you have strong protection against Web tracking. I have a randomized fingerprint.
  • But with Firefox 121.0 (standard fingerprinting block), my result: you have some protection against Web tracking, but it has some gaps. I have a unique fingerprint.

Whether anyone who uses strict fingerprinting protection mode in any of the browsers ever experienced any site breakage on their end, it’s hard to tell whether that’s the case for other users, as our usage differs from one another. And by combining everyone’s problems together, that could lead to a ton of issues.

I have never experienced an issue with fingerprinting blocking yet, but I always use the standard mode (default), so I can’t tell.

Nevertheless, it’s the fact that strict fingerprint blocking in browsers could break some sites, according to both Brave and Firefox, as shown in their settings.