Brave removes strict fingerprinting protection

Apollyon · January 18, 2024, 5:46pm

What do you all think about this?

clockwork · January 18, 2024, 6:07pm

Fewer than 0.5% of Brave users are using Strict fingerprinting protection mode, based on our privacy-preserving telemetry data.

The telemetry is opt out so most people using strict mode are likely not being counted there.

Reset0609 · January 18, 2024, 6:42pm

I use it and I can count with one hand the websites that gave me trouble over the span of several years

davidcollini · January 18, 2024, 9:47pm

Here’s the pull request for more context
https://github.com/brave/brave-browser/issues/31229

xe3 · January 18, 2024, 9:55pm

This was my thought as well, obviously people who go out of their way to use enhanced privacy settings will also be less likely to leave telemetry enabled.

BUT even if that wasn’t the case. Brave claims over 50 million users, meaning that 0.5% would still be ~~half~~ a quarter million users using strict mode which is still a decent sized crowd to blend in with (quite possibly more than the entire active userbase of Mullvad Browser)

I don’t recall strict mode breaking websites in my experience.

In my opinion this is the reason Brave is discontinuing it, (the other stated reasons seem like just attempts to justify the decision):

Maintaining Strict mode and debugging why some websites are broken on Brave takes our engineers’ time away from focusing on default privacy protections that can benefit all of our users.

xe3 · January 18, 2024, 9:59pm

I see you’ve been keeping up with that github issue for a few months now, I’m curious what your perspective is on this change?

Reset0609 · January 18, 2024, 10:01pm

They already warn that it can break websites, perhaps they could simply stop dedicating resources to debug such issues

davidcollini · January 18, 2024, 10:35pm

I’ve used Brave as my main browser with aggressive fingerprinting enabled for around 3 years and have only had issues on google docs and maybe two or three other sites. I’m of the opinion that many features of aggressive fingerprinting mode can be moved into normal fingerprinting mode, or made into their own toggles in shields, due to how few sites I’ve seen break from this feature.

Dark mode detection (makes sites think you’re using light mode) - should be made an option in shield settings since many users are confused by this feature or don’t like that it can’t be toggled on its own.

For navigator.useragent farbling, there may be multiple reasons why Brave doesn’t want to hide the user’s browser by default, but in my use case, I haven’t seen many reasons why this would be the case, so I’m of the opinion that this feature could be slowly implemented into default fingerprinting protection.

For WebGl fingerprinting, I would love to see this implemented by default, but I understand that it may lead to site breakage. Especially for browser games and sites heavily reliant on WebGl, it’s hard to not break sites while maintaining privacy.

Overall, I’m happy with how they handled this, I’m a big fan of Brave’s goal of making users all have a similar fingerprint, so this inches us closer to that goal. Also I was happy with their blog post and their outlook on focusing resources towards a single option and having that as the default. The main result that I see coming from this is more privacy protections enabled by default, and more privacy options that can be toggled by users.

davidcollini · January 18, 2024, 10:41pm

Brave is actually working on automating fixing filter lists that cause site breakage, so that should fix your issue This is still very early in development and they haven’t revealed anything yet.

Full thread for context:
https://nitter.1d4.us/BrendanEich/status/1747457098697556140#m

redoomed1 · January 18, 2024, 11:21pm

read: most people who configure Brave using the PG recommendations

archerallstars · January 18, 2024, 11:42pm

It’s around 250 thousands, or 1/4 of a million.

xe3 · January 18, 2024, 11:51pm

50 million users, meaning that 0.5% would still be half a million users

It’s around 250 thousands, or 1/4 of a million.

Oops that’s embarassing… You’re right.

(I’d say ‘math is hard’ but in this case the math was dead simple and I still got it wrong )

PoorPocketsMcNewHold · January 19, 2024, 2:25pm

Hence why they disable a feature first before such “replacement” enter production builds, or is mature enough ?

davidcollini · January 19, 2024, 3:35pm

Are you referring to them removing aggressive fingerprinting or their Star++ software? The two are correlated, but not directly linked.

wojciechxtx · January 19, 2024, 5:55pm

Dare to explain?

davidcollini · January 19, 2024, 6:12pm

@wojciechxtx The whole purpose of their research into their project with the Star++ protocol is to fix site breakage with their filter lists, and a big reason they listed for removing strict fingerprinting was because of site breakage. So a lot of resources go into fixing site breakage, and this research could potentially lead to advancements in fingerprinting protection with easier ways to fix broken sites that result from this better protection.

sha123 · January 19, 2024, 9:18pm

Which site breakage? I have used strict fingerprinting protection for a long time and almost never had a site break because of it. I can’t believe that this is a big problem in practice, especially since most users using strict protection should be knowledgeable enough to try the other protection levels to fix the problem for a website.

FlipSid · January 19, 2024, 10:05pm

Same here with strict mode. Seldom problems.
But I’m thinking more in direction Google Manifest V3

xe3 · January 20, 2024, 12:23am

This seems to be the consensus among everyone who actually uses strict fingerprinting protection, at least here on Privacy Guides, and on the Techlore forum.

Maybe we just have a higher tolerance for what we consider “breakages”, or maybe we are less likely to visit the sort of website that would be broken by strict fingerprinting protection. OR Brave is just exxagerating the point since they made the decision to discontinue it and need to justify that decision to users. My guess is that there is a little bit of truth to each of these reasons.

archerallstars · January 20, 2024, 2:11am

IMO, I agree with the reason to better maintain and improve the standard fingerprint blocking mode in Brave, which is already stricter than other browsers, and it’s on by default, so an average Joe who downloads and uses the browser as-is would be protected.

For example, on https://coveryourtracks.eff.org/,

I tested with Brave 1.61.120 (standard fingerprinting block), my result: you have strong protection against Web tracking. I have a randomized fingerprint.
But with Firefox 121.0 (standard fingerprinting block), my result: you have some protection against Web tracking, but it has some gaps. I have a unique fingerprint.

Whether anyone who uses strict fingerprinting protection mode in any of the browsers ever experienced any site breakage on their end, it’s hard to tell whether that’s the case for other users, as our usage differs from one another. And by combining everyone’s problems together, that could lead to a ton of issues.

I have never experienced an issue with fingerprinting blocking yet, but I always use the standard mode (default), so I can’t tell.

Nevertheless, it’s the fact that strict fingerprint blocking in browsers could break some sites, according to both Brave and Firefox, as shown in their settings.

Topic		Replies	Views
What does Privacy Guides think about criticism of Brave Browser? Questions browsers	39	3610	July 6, 2024
Is Brave better for fingerprinting because you blend in with Chrome users? Questions browsers	3	1338	April 16, 2023
Is it Possible that Brave has Stronger Fingerprinting Protection than Firefox? Questions browsers	23	2480	March 12, 2024
Brave fingerprinting measures Questions browsers	2	448	April 11, 2024
How Mozilla lost the Internet (& what's next) Privacy browsers	18	783	November 11, 2024

Brave removes strict fingerprinting protection

Related Topics