Fingerprinting Protections
Fingerprinting Protection is a privacy feature that makes it harder for sites to track you while you browse.
Brave includes best-effort defense against browser fingerprinting. Broadly speaking, browser fingerprinting is the detection of browser and operating system features that differ between users for the purpose of covertly identifying users and tracking them across the web. Although fingerprinting attacks will always be possible, it is worthwhile for us to make these attacks as slow / costly / difficult as possible.
Brave includes two types of fingerprinting protections, (i) blocking, removing or modifying APIs, to make Brave instances look as similar as possible, and (ii) randomizing values from APIs, to prevent cross session and site linking (e.g. making Brave instances look different to websites each time).
In cases where we block, remove or modify API behavior, we attempt to return empty, or non-identifying values, that have the "shape" of expected values, to minimize web compatibility issues.
In cases where we randomize API values, we attempt to make modifications that are imperceivable to humans, but distinguishing to computers / fingerprinters. These randomization values are derived from a seed that changes per session, per site (eTLD+1) and per storage area. Third party frames and script share the seed value of the top level, eTLD+1 domain. This approach is especially useful in fingerprinters that hash together a large number of semi-identifiers into a single identifier, since randomizing just one value "poisons" the entire fingerprint.
More information about Brave's "privacy through randomization" systems can be found in the following blog posts:
- What’s Brave Done For My Privacy Lately? Episode #3: Fingerprint Randomization
- What’s Brave Done For My Privacy Lately? Episode #4: Fingerprinting Defenses 2.0
Why does fingerprint.com or some other site say that I am fingerprintable?
Though their methods are not open source, the fingerprint.com product demo website appears to compare new browsing data to previously stored patterns. It gives extra weight to factors like how long it’s been since the demo site was last visited. This approach creates an impressive-looking demo but is less effective for real-world scenarios where users visit sites over multiple days.
We also suspect that the demo prioritizes generating "consistent" fingerprints over accuracy. This means many users could be assigned the same fingerprint, leading to a high false-positive rate. While this is acceptable for Fingerprint.com's use cases, like anti-bot and anti-abuse tools, where a CAPTCHA or login request can handle errors in recognition, it makes their system unreliable for tracking individual users across sites and over time. These issues are amplified on larger platforms and websites.
Having said that, we are actively working on figuring out ways to plug known leaks, and will have more to say soon.
Note that Brave actively blocks requests to fingerprint.com and other known fingerprinting services as part of our broader anti-tracking features. This is in addition to the best-in-class fingerprinting protections described on this page. For an unbiased evaluation of fingerprinting resistance, we recommend tools like the Electronic Frontier Foundation’s Cover Your Tracks. Unlike product demos that aim to sell a service, tools like Cover Your Tracks are built to inform and empower users. We also recommend checking out privacytests.org for a broader evaluation of browsers for privacy.
Visit a site like https://browserleaks.com/canvas, note the fingerprint, and then visit the same site in:
- Private Window
- Private Window with Tor
- After restarting the browser
- In a different profile
- (In Brave Nightly) After clearing storage for the site
You should get a different fingerprint each time.
You can see a complete list of completed anti-fingerprinting work here. For a comprehensive test suite for all the APIs we protect, see our test website.
You can select Shields > Advanced > Press the > arrow next to Block fingerprinting
