Brave browser is abandoning its Strict fingerprinting protection mode

Alfonso Maruccia

Posts: 1,014   +301
Why it matters: Fingerprinting algorithms can provide a website with unique IDs on its visitors. It's a powerful tracking technology that requires equally powerful countermeasures, but sometimes anti-fingerprint technology can stray too far from its original purpose.

Brave, the Chromium-based browser that strives to provide faster performance than Chrome and better privacy protection than Firefox, is abandoning one of its harder stances on fingerprinting protection against web ID trackers. The software will soon sunset its Strict fingerprinting protection mode while focusing on improving traditional privacy measures.

As the Brave Privacy Team explained, Brave is currently offering two separate levels of fingerprinting protections: Standard and Strict mode. The latter should make tracking companies' job much harder, shielding privacy-conscious netizens from unique identification as they browse the web.

However, the Brave team observed some "significant" issues with the Strict anti-fingerprinting mode. In order to effectively block "fingerprintable" APIs, the developers said, Strict mode causes frequent compatibility issues with certain websites. If a website doesn't work at all, Brave said, Strict mode ultimately has limited utility for most web users.

Strict mode is set by fewer than 0.5% of Brave users, and this particular set of netizens is paradoxically easier to identify. Strict mode could stand out and be more vulnerable to fingerprinting algorithms, Brave said, even though there have been no signs that this has turned into a practical issue yet.

Maintaining and debugging Strict mode code after website breakage also tends to take Brave engineers' focus away from default privacy protections, the company stated. For these reasons, Brave has ultimately decided to completely remove the Strict anti-fingerprinting mode from the open source browser.

Brave's Standard fingerprinting protection, which is used by the overwhelming majority of users, already provides a "very extensive" shield against user tracking and identification, the company said. Brave seemingly provides the strongest fingerprinting protection of any major browser, and the developers will continue to strengthen the Standard anti-fingerprint algorithms for all users.

The Strict protection mode has already been removed from the latest 'Nightly' (alpha) build of Brave, while the stable releases of the browser will follow through in a couple months on desktop and Android (1.64). Brave's "industry-leading" anti-fingerprinting capabilities will remain intact, while compatibility issues should decrease significantly.

Permalink to story.

I think that's a good change: drop something that isn't working.
I went through my Facebook data lately, and I was able to find definitive proof that Brave successfully blocks Facebook trackers on other sites and doesn't sell your search data to them. The only history I had was from using Edge at work. Very nice.
They've never been privacy-focused, quite the opposite, actually. If you think they are, you're delusional.

In December 2018, British YouTube content creator Tom Scott said that he had not received any donations collected on his behalf by Brave. Two days after the complaint, Brave issued an update to "clearly indicate which publishers and creators have not yet joined Brave Rewards so users can better control how they donate and tip" and in January 2020 another update to change the behavior of unclaimed tips. They are now held in the browser and transferred if the creator signs up within 90 days; otherwise, they are returned to the user.

And also

On 6 June 2020, a Twitter user pointed out that Brave inserts affiliate referral codes when users navigate to Binance. Further research revealed that Brave also redirected the URLs of other cryptocurrency exchange websites. In response to the backlash from the users, Brave's CEO apologized and called it a "mistake" and said "we're correcting".

I like Brave. I use it most of the time. Sometimes it doesn't work but mostly it does. Brave search is bad