Fingerprinting Protection Mode

Warning: enabling browser fingerprinting defense might break some sites.

Intro

Brave includes best-effort defense against browser fingerprinting. Broadly speaking, browser fingerprinting is the detection of browser and operating system features that differ between users for the purpose of invisibly (and non-consensually) identifying users and tracking them across the web. Although fingerprinting attacks will always be possible, it is worthwhile for us to make these attacks as slow / costly / difficult as possible.

Because most browser fingerprinting defense requires disabling web features that are required for many sites to work properly, it is implemented as off-by-default for now (can be turned on in about:preferences globally, or on a per-site basis in the Bravery panel). We will consider turning it on-by-default when we have fingerprinting detection heuristics with a sufficiently-low false positive rate.

Fingerprinting methods blocked in Fingerprinting Protection Mode

• Canvas fingerprinting: it should report a fixed value on tests like panopticlick
• WebGL fingerprinting: it should report as undefined on tests like panopticlick
• AudioContext fingerprinting
• WebRTC IP leakage
• Battery Status fingerprinting (disabled in general, not just when FP mode is turned on)

How to check that it's working

See https://github.com/brave/browser-laptop/wiki/End-User-FAQ#how-do-i-turn-on-browser-fingerprinting-protection-and-make-sure-that-its-working.

TODO

• Double-key HSTS/HPKP (and cookies/localstorage)?
• Decrease JS timer resolution
• Differentiate between 3rd party and 1st party fingerprinting vectors. (We can be less strict about blocking 1st party fingerprinting for people who have 1st party cookies enabled anyway.)

Further reading

• W3C note in progress on browser fingerprinting
• Chromium security page on client-identification mechanisms
• Recent study on fingerprinting methods observed in the wild