edit: my interest, and focus is primarily desktop browsers, my comment was mostly written in that context. most concepts probably apply to mobile browsers also, but some won’t
You wrote a nice distillation/overview of a complicated subject. You and I interpreted a few things differently, which I’ll touch on, but overall I think we largely have a similar takeaway with a few key differences.
Summarizing my takeaway (which I believe are mostly in agreement with yours):
- If preventing fingerprinting is important to you. There are only two strong options, (both based on Firefox + RFP): Mullvad Browser w/ VPN, or Tor Browser. And the choice between these two will come down to whether you need anonymity (Tor) or just privacy (Mullvad w/ VPN)
- Anything else falls short and will at best be able to defeat naive scripts. In that context, Brave may have a slight edge in the context of randomization and naive scripts. While Firefox’s RFP is technically more capable and covers more metrics (which is crucial for advanced fingerprinting) Brave’s approach which protects less but relies a bit more heavily on randomization may trick more naive scripts (which is good, because at this level naive scripts are all you should expect to defeat with Brave or FF at this point).
- So, if anti-fingerprinting is a priority for you, use a browser purpose built for that, and put up with the usability tradeoffs inherent in that. If not, protection will be at best limited. And because the effectiveness of either Brave or Firefox is at best mediocre and probably pretty similar, it probably shouldn’t be the deciding factor, other privacy concerns should be given more weight as well as overall personal preference.
Or reduced to a single sentence: If fingerprinting protection is a priority, Tor or Mullvad, if it is less of a priority, Brave or Firefox + RFP can offer some llimited protection (limitation are Firefox + RFP doesn’t have enough users for large crowds, and Brave doesn’t cover enough metrics for there to be crowds).
Now addressing some of the places we didn’t come away with the same understanding:
Thorin seem to suggest that TOR is the only browser which can defeat advanced fingerprinting scripts, just that it is the only browser which can confidently do so.
Mullvad Browser would also be included in this category. It had not been released at the time of the comment you quoted. I think Firefox + RFP is also theoretically as capable in technical terms, but not in practice, the issue with FF+RFP is not enough users opt-in to form crowds, and too much variation in configuration/extensions/etc among Firefox users.
Sidenote: I did get Arkenfox + uBO to defeat a fingerprinting script that both MB and TBB also passed. Brave could pass in strict mode but failed in standard mode, and unfortunately strict mode is about to be discontinued).
I know you just read it but I want to reiterate this snippet from the Arkenfox wiki:
The best any browser can confidently do, excluding Tor Browser and Mullvad Browser, is fool naive scripts. In Firefox the best tool for that is RFP - it is performant, does not leak real values, and has timing mitigations against side channel attacks
Moving on to:
[Firefox + RFP] has the metrics, Brave has the crowd, and if your threat model isn’t high enough to warrant TOR, then either of them will suit your needs
*Or Mullvad Browser. But if your threat model is not high enough to warrant Tor Browser or Mullvad, I don’t believe you should be spending a lot of time and effort thinking about fingerprinting because you are choosing between different degrees of mediocre. Or as Thorin put it (in the context of naive scripts):
If your threat model is that high … [use Tor Browser or Mullvad] … otherwise, get on with your life
There is nothing wrong or better about either of them [Brave or Firefox]
When you say:
Brave has the crowd
I think this may be a partial misunderstanding, or at least it differs from my understanding, going back to some of the “rules”:
- If you do nothing on desktop, you are already uniquely identifiable (there is no “crowd” to blend in with)
- The best any browser can confidently do, excluding Tor Browser and Mullvad Browser, is fool naive scripts
- Fooling naive scripts does not require a crowd
- Defeating advanced scripts requires a crowd, the larger the better
Brave’s userbase does not constitute a crowd (nor does Firefox’s) and Brave doesn’t cover enough metrics to create effective crowds (Firefox’s RFP can, but its user base is tiny so the crowds are probably too small), But crowd size is less relevant for the naive scripts Brave is capable of protecting against, and only matters within a context for which Brave is not recommended.
I believe, the comment about crowds was brought up specifically in the context of:
And Brave has a default shield, and one day will maybe add enough metrics
Basically Brave’s policy of enabling shields by default becomes an advantage IF they get serious about addressing advanced fingerprinting in the future, and cover some of the metrics they have been unwilling or unable to cover so far. But then covering those metrics would put them in the same position as Firefox is in with RFP, they can’t really enable it by default because the usability penalty for this level of protection would likely alienate many users.
So it is sort of a catch-22 (Brave’s shields being on by default could be beneficial IF they covered more metrics, but the only reason they are able to have it on by default without upsetting or confusing users is because it is moderate and doesn’t cover all the metrics needed to be effective against advanced fingerprinting)
As to whether enough metrics are covered now, I think the answer is still no. If it did, you would likely notice, because there will be more obvious points of friction and irritation (as with Mullvad Browser, and Tor Browser) the most obvious of which would be letterboxing (or if you use dark mode losing dark mode would be quite obvious). You could also try a few tests yourself (take success with a grain of salt, but I believe failure does = failure)
Not to complicate things further but there are two (and a half) other factors to consider:
- Both Brave and Firefox block known fingerprinting scripts using traditional methods, so the fooling of naive scripts would be a second layer of defense if the script is not blocked outright.
- Firefox has actually been working on a second anti-fingerprinting feature called FPP, its more mild than RFP, and it will likely be enabled by default initially in private browsing mode, and possibly for everyone in time. My guess is that FPP will eventually become Firefox’s answer to Brave’s approach of a middle of the road solution that offers mediocre protection, but breaks less of the user experience. It will not replace RFP, it will complement it, and users will have the choice. Because it’ll be on by default, at least in PB mode, and possibly for users that enable ETP strict mode, it might enable effective creation of crowds in Firefox (but like Brave that would depend on whether enough metrics are covered) at least it should combat naive scripts. I believe the idea is that protections present in RFP will gradually make their way into FPP when the are deemed acceptable for a more general userbase, and RFP will continue to exist for Tor, Mullvad, and Firefox users who choose to enable it. Here is a link where FPP is discussed (also a note for Arkenfox users, FPP will be replacing RFP as the default in the near future).
- Brave is losing its strict fingerprinting protection mode
