• OhVenus_Baby@lemmy.ml
      link
      fedilink
      arrow-up
      1
      ·
      edit-2
      1 year ago

      What is unprivate about brave software? Assuming all telemetry is turned off and the browser is configured for strictest of settings no crypto, no ads, no telemetry, no java, session cookie delete, ect ect. Do we have RCP happening phoning home? I have never set brave up behind traffic analysis to see what outbound traffic gets sent that was not from the user. This can be directed towards desktop and mobile.

      Besides the above the only off putting thing I’m aware they have done is installed their VPN software without permission on dekstop which I found myself before I seen the news about it. Edit wording.

    • Lemongrab@lemmy.one
      link
      fedilink
      arrow-up
      2
      arrow-down
      1
      ·
      edit-2
      1 year ago

      Maybe Cromite (the main bromite fork) would be better. Vivaldi isn’t great, but it also isn’t brave. It allows for blocklist importing and user scripts, and is on desktop Windows as well.

  • WhatAmLemmy@lemmy.world
    link
    fedilink
    arrow-up
    50
    arrow-down
    4
    ·
    1 year ago

    You don’t want a randomised fingerprint, as that is relatively unique among a sea of fingerprints [1]. What you want is a fingerprint that’s as similar to everyone else (generic) as possible; that’s what Firefox’s resist fingerprinting setting aims to do, and what the Tor browser does.

    [1] There are many values you can’t change, so the randomisation of the ones you can change could end up making you more unique … think of it like having your language set to french but are based in the USA — that language setting can’t uniquely identify the French in france, but will stick out like a sore thumb if set in shitsville Idaho. It’s likely the same if you use firefox but have your user agent set to chrome; that’s more rare and unique than not changing the user agent at all.

    • Rez@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      23
      arrow-down
      1
      ·
      1 year ago

      But isn’t randomization supposed to give you a different unique fingerprint each time? So yes, you would be unique and easily tracked but only until your fingerprint changes

        • random65837@lemmy.world
          link
          fedilink
          arrow-up
          5
          arrow-down
          2
          ·
          1 year ago

          That was addressed above, you ever see “identical” twins? They look exactly the same if you see then once, twice, 3 times, but if you see both of them constantly, you’ll start seeing the small difference in them and then be able to identify who’s who. Same exact thing.

        • virtualbriefcase@lemm.ee
          link
          fedilink
          arrow-up
          3
          arrow-down
          1
          ·
          edit-2
          1 year ago

          I don’t think there is any proven results, but I think the reason the EFF prefers Braves decision is the philosophy that there are so many data points that it could be possible to link you to it using the ones not standardized by anti fingerprinting.

          Like ways to incorrectly describe someone. One describes a guy correctly but generically. One describes a guy with a lot of detail but the wrong race and two feet too short.

        • stifle867
          link
          fedilink
          arrow-up
          1
          ·
          1 year ago

          The benefit is that it’s much easier to maintain and also increases privacy over the “blending in” approach. With trying to make your fingerprint similar to others, there are always going to be things that you miss that do actually make you uniquely identifiable. Certain things also aren’t practical to “blend”.

          Think about a real life analogy. If you try and blend in with a crowd, even if you do it really well, a sufficiently sophisticated observer will still be able to spot you.

          With a randomisation strategy you acknowledge that you will never be able to perfectly blend in and thus allow yourself to stand out. Trackers can build up a profile using that fingerprint. But as soon as your fingerprint changes you are completely unique again.

          If you are in a crowd an observer can track you, but next time you appear you appear as someone completely different and thus lose the tail.

        • WhatAmLemmy@lemmy.world
          link
          fedilink
          arrow-up
          11
          ·
          edit-2
          1 year ago

          Where do the EFF recommend randomisation? From the EFF’s surveillance self defence course.

          This can be an effective method for breaking persistence, but it is important to note that a tracker may be able to determine that a randomization tool is being used, which can itself be a fingerprinting characteristic. Careful thought has to go into how randomizing fingerprinting characteristics will or will not be effective in combating trackers.

          They don’t directly recommend either… But then on https://coveryourtracks.eff.org/learn

          In practice, the most realistic protection currently available is the Tor Browser, which has put a lot of effort into reducing browser fingerprintability. For day-to-day use, the best options are to run tools like Privacy Badger or Disconnect that will block some (but unfortunately not all) of the domains that try to perform fingerprinting, and/or to use a tool like NoScript( for Firefox), which greatly reduces the amount of data available to fingerprinters.

          So the EFF seem to recommend generic over randomisation…

          Maybe ask yourself why the Tor project decided against randomisation?

    • linearchaos@lemmy.world
      link
      fedilink
      English
      arrow-up
      15
      arrow-down
      6
      ·
      1 year ago

      No, that’s absolutely incorrect. You want a new fake fingerprint every single time someone asks your browser for your information. You want it to lie about your plugins, user agent, your fonts and your screen size. Bonus if you use common values, but not necessary.

      The randomized data they’re providing isn’t static and it isn’t the same from session to session.

      100% White noise is a far better obfuscation than a 40% non-unique tracking ID. Yes, your data is lumped in with 47 million other users, but used in conjunction with static pieces of your data you become uncomfortably identifiable.

        • WhatAmLemmy@lemmy.world
          link
          fedilink
          arrow-up
          10
          arrow-down
          2
          ·
          1 year ago

          Yeah… I don’t know why a bunch of privacy bros think they know better than the CS and cryptography PhD’s of the Tor project; the most advanced and complex privacy and anonymity preserving project in computing history.

  • halfempty@kbin.social
    link
    fedilink
    arrow-up
    39
    ·
    1 year ago

    I believe that Firefox has a mechanism where millions of users all have the same fingerprint, which makes the whole concept of browser fingerprinting useless.

  • virtualbriefcase@lemm.ee
    link
    fedilink
    arrow-up
    17
    arrow-down
    3
    ·
    1 year ago

    Yes. Brave focuses on providing random data points each time it’s asked (e.g. screen size). A hardened Firefox will try to provide a generic fingerprint.

    Apples to oranges more or less, I’m unaware of any proof that one or the other is considerably better across the board. Though my gut does tell me that randomization is a lot better in the specific situation of regularly signing in and out of accounts.

  • privacybro@lemmy.ninja
    link
    fedilink
    English
    arrow-up
    10
    arrow-down
    1
    ·
    1 year ago

    mullvad browser which is a TOR browser fork, seems to defeat fingerprint.com per-session.

    brave strict fingerprint protection on its own actually does not even do this afaik

  • MigratingtoLemmy@lemmy.world
    link
    fedilink
    arrow-up
    9
    arrow-down
    1
    ·
    1 year ago

    I can’t even get that page to load without a lot of JS allowed. I guess I’m not going to get my score anytime soon.

      • MigratingtoLemmy@lemmy.world
        link
        fedilink
        arrow-up
        3
        ·
        1 year ago

        It just keeps reloading and after 5 tries it gives up. I could probably go through each domain manually but I’d like it if they could let me keep the 3rd party domains disabled.

  • stifle867
    link
    fedilink
    arrow-up
    1
    ·
    1 year ago

    It’s far better to use this site: fingerprint.com/demo

    they are one of the largest actual/commercial vendors of fingerprinting software. their business is to track you.

    please try it with brave and post your results. i could be wrong but last time i checked brave failed this test. arkenfox doesn’t even allow the tracking to load which I consider a pass although you could argue that just because the results don’t load doesn’t mean they aren’t able to track you in some way

  • linearchaos@lemmy.world
    link
    fedilink
    English
    arrow-up
    8
    arrow-down
    23
    ·
    1 year ago

    So far, as far as I can tell, for desktop, yes.

    Brave plus privacy badger seems to be the strongest anti-fingerprint that you can lay your hands on at the moment.

    I have waded waist deep through about 15 anti-Brave posts where people have told me to try different combinations of plugins and browsers. Somebody claimed duckduckgo would do it, but once I installed it and found out it didn’t support plugins, I walked away immediately.

    Everybody seems to direct most of their hate toward the CEO and the crypto. As far as I’m concerned those two things don’t bother me anywhere near as much as their thirst for funding. I’m pretty sure they wouldn’t have any qualms about selling 100% of my data off to anyone willing to pay to stay afloat. But in the end that’s probably not all that different from Microsoft or Google.

    Brave is keeping up with the Joneses for YouTube ad blocking. It’s reasonably quick and supports all of my Chrome plugins.

    I absolutely cannot get Firefox to pass the fingerprint test. If I could convince Firefox to pass that test I would strongly consider backing off my usage of brave.

    • Onii-Chan@kbin.social
      link
      fedilink
      arrow-up
      11
      arrow-down
      12
      ·
      edit-2
      1 year ago

      It’s very telling when the only criticism you really see leveled against Brave is that same article everybody posts as some kind of trap card, despite the fact it can be boiled down to “don’t use Brave because the CEO is a bigot or something, and you have to opt out of their crypto stuff.” Cool. I don’t care about those things, I care about the browser’s ability to do what I need it to, and Brave does. Are you putting your trust in a company that could be selling your data? Sure, that’s always a risk, but until it’s been confirmed, I’m happy to stick with it. I mean shit, it even beats out GrapheneOS’s Vanadium in the fingerprinting test, and that’s the browser I use on my phone.

      imo, the hate against Brave is unfounded and seems to be coming from the anti-Chromium crowd. There are valid arguments to be made against it, but I honestly couldn’t give less of a fuck what their CEO believes as long as the product works as advertised, and Brave consistently scores highly in privacy and security tests.

      • OhVenus_Baby@lemmy.ml
        link
        fedilink
        arrow-up
        2
        ·
        edit-2
        1 year ago

        Brave has been thoroughly tested from many privacy advocate organizations EFF and more known names using default settings and ranks as the highest overall rated fingerprint resistant and anti tracking protected browser, again at default settings I have ran many tests once configured and get even better results even against librewolf with and without extensions and vanilla Firefox with privacy badger and ublock ect as well as without. (I use librewolf on desktop for those who are gonna down vote this) Gecko based browsers are advised against on Graphene and is spoken in length about on reddit from one of their Devs. Chromium and google is a bad combo sure reliance on Google and all to begin with, but so is supporting Google to degoogle with a pixel device. Could brave be a honeypot? Sure and many other services. So could VPN providers and any service for that matter. The biggest advantage I see using Firefox is promoting a non google alternative and balancing the scale against googles monopoly. In some cases Tor adds risk due to it being a giant vacuum for govt or other malicious entities looking to snoop. Its like taping a sign to your traffic. I think it serves a purpose but that varies from each persons use case.

        Edit typo.

        • Onii-Chan@kbin.social
          link
          fedilink
          arrow-up
          1
          ·
          1 year ago

          Yeah, TOR in particular seems to give a lot of people a false sense of security. I live out in a very remote area, I’m certainly not going to be using TOR, for obvious reasons.

      • random65837@lemmy.world
        link
        fedilink
        arrow-up
        5
        arrow-down
        9
        ·
        1 year ago

        Exactly, it’s childish cancel culture for completed unrelated nonsense. It’s one thing to be anti Chrome, but being anti Chromium is stupid, let alone that brave did a good job about it.

        I’d like to see what peoples personal opinions are on every single Firefox dev, as well as the complete Mozilla corporate hierarchy… Oh ya, they don’t know, so it’s cool. Then of course the completely history and belief system of the devs of every browser addon they use as well. That type of stupidity has no end.