What is Fingerprinting Protection?
Fingerprinting Protection is a privacy feature that makes it harder for sites to track you while you browse.
Warning: enabling Fingerprinting Protection might cause some sites to display incorrectly.
Brave includes best-effort defense against browser fingerprinting. Broadly speaking, browser fingerprinting is the detection of browser and operating system features that differ between users for the purpose of covertly identifying users and tracking them across the web. Although fingerprinting attacks will always be possible, it is worthwhile for us to make these attacks as slow / costly / difficult as possible.
Brave includes two types of fingerprinting protections, (i) blocking, removing or modifying APIs, to make Brave instances look as similar as possible, and (ii) randomizing values from APIs, to prevent cross session and site linking (e.g. making Brave instances look different to websites each time).
In cases where we block, remove or modify API behavior, we attempt to return empty, or non-identifying values, that have the "shape" of expected values, to minimize web compatibility issues.
In cases where we randomize API values, we attempt to make modifications that are imperceivable to humans, but distinguishing to computers / fingerprinters. These randomization values are derived from a seed that changes per session, and per eTLD+1. Third party frames and script share the seed value of the top level, eTLD+1 domain. This approach is especially useful in fingerprinters that hash together a large number of semi-identifiers into a single identifier, since randomizing just one value "poisons" the entire fingerprint.
Fingerprinting methods blocked in Fingerprinting Protection Mode
- WebRTC IP leakage
SVG fingerprinting (specifically, the
- HSTS fingerprinting
- Client Hints
- Media Streams: Enumerate Devices
Fingerprinting methods randomized with Fingerprinting Protection Mode
Privacy protection enabled regardless of whether Fingerprinting Protection Mode is on
This list is not complete. See https://github.com/brave/brave-browser/wiki/Deviations-from-Chromium-(features-we-disable-or-remove) for other things which are disabled in Brave but not in Chrome.
- 3rd party cookies and referers blocked by default due to the third party tracking risk
- User-Agent is set to Chrome except on a few sites that need it for major functionality to work to prevent sites from using Brave's UA as a tracking mechanism.
navigator.mimeTypesis empty unless you've enabled Flash to trigger HTML5 fallback for Flash whenever possible.
- Connections to known tracking domains are blocked via the Ad block Rust library in a list similar to Disconnect.
- Battery Status API is disabled because the battery level can be used as a tracking signal.
navigator.credentialsis disabled on desktop prior to C73; we are re-enabling it to support webauthn.
- Web Bluetooth is disabled on desktop due to us not seeing much benefit to enabling it right now
- We are also planning on disabling client-hints, see https://github.com/brave/brave-browser/issues/3539#issuecomment-483826927 for rationale
How to check that it's working
Why does panopticlick.eff.org or some other site say that I am fingerprintable?
Although useful for raising awareness of fingerprinting techniques, sites like Panopticlick are not a perfect indicator of how fingerprintable your browser is. Some known limitations are:
- Panopticlick only reports your uniqueness relative to the population of users visiting Panopticlick, which is almost certainly skewed relative to the entire population of users on the web. For instance, imagine that a very large number of Tor Browser users visit Panopticlick because they're trying to test their Tor Browser privacy settings. If you then visit Panopticlick in Chrome with default settings, you will then appear as more identifiable than Tor Browser users despite the fact that Chrome with default settings is more popular than Tor Browser overall. Similarly, because many Panopticlick users care about privacy and turn on Do Not Track, Panopticlick reports that users are less unique when they have DNT turned on than off, even though probably less than 12% of web users have DNT enabled.
- Panopticlick does not account for the fact that randomized fingerprint values are an effective way to prevent real-world fingerprinting. For instance, if Brave browser randomized canvas fingerprints on every page request, then it would be impossible for a site to track a specific Brave user across requests using canvas fingerprinting. However, because the randomized values would be unique, Panopticlick would report Brave as being highly canvas-fingerprintable.
[EDIT (12/11/18): This may no longer work.] One way to "trick" Panopticlick is to open the site in various Brave session tabs and re-run the fingerprinting test. Panopticlick will then report that your Brave configuration is less identifiable because there have been other "users" visiting the site with the same configuration.
Brave makes a small number of exceptions for sites that require functionality that could be used for fingerprinting, but which is used for benign and user-serving purposes. These exceptions are built into Brave, and can be found in Brave's source code.
- Decrease JS timer resolution
- Limit fonts fingerprinting: https://github.com/brave/brave-browser/issues/816
- Limit fingerprinting via viewport/screen size: https://github.com/brave/brave-browser/issues/720
- Lots more at https://github.com/brave/brave-browser/labels/feature%2Fshields%2Ffingerprint and https://github.com/brave/brave-browser/labels/privacy%2Ftracking