Brave Says it Will Generate Random Browser Fingerprints To Preserve User Privacy

The Brave browser is working on a feature that will randomize its "fingerprint" every time a user visits a website in an attempt to preserve the user's privacy. From a report: Brave's decision comes as online advertisers and analytics firms are moving away from tracking users via cookies to using fingerprints. [...] "The unfortunate truth about all these approaches is that, despite being well-intentioned, none of them are very effective in preventing fingerprinting," the Brave team said of other browser makers' approaches. "The enormous diversity of fingerprinting surface in modern browsers makes these 'block', 'lie' or 'permission' approaches somewhere between insufficient and useless, unfortunately," they added. "Brave's new approach aims to make every browser look completely unique, both between websites and between browsing sessions," Brave developers said.

Re:

[mr_shifty]

[Citation needed]

Re:

[Ol Olsoc]

[Citation needed]

And given in the reply above.

Re:

[Ol Olsoc]

Can you provide more details on this? Wouldn't this be apparent in CPU utilization?

Yup. kinda.

Here's a fair description of the Browser. https://www.coindesk.com/brave... [coindesk.com]

Re:

[jdastrup]

Ok, that makes sense. I think that is now called the Brave Rewards program. You do have to opt-in to that and agree to the terms. It's not on by default. I don't use it.

Re:

[overnight_failure]

Important point here though is there is no mining going on in your browser. You are simply paid in cryto for viewing ads. You can opt out of the system and remove the button from the UI if you wish.

Re:

[Tailhook]

Yup. kinda.

Nope, not even close. There is literally nothing in your 4 year old link that claims Brave is mining. We're left with two possibilities; you're a FUD spreading troll or you're a blithering idiot. Which is it?

Here's a fair description of the Browser.

More obvious horseshit. This story is two years before brave even adopted it's current form — a fork of Chrome — back when they were still using Electron/Muon. It is a wildly obsolete reference and not even close to "fair".

Yeah, gonna need some sauce on that

[overnight_failure]

Since I have it running on multiple machines and it does no such thing.

Re:

[Ol Olsoc]

Since I have it running on multiple machines and it does no such thing.

You know, they are completely upfront about what they do. Perhaps if you know for sure that it is definitely not doing this, you should submit a bug report.

Re:

[overnight_failure]

You're confused. You can earn rewards for viewing selected ads, that's the Brave rewards system. That is not crypto mining in your browser.

Re:

[bill_mcgonigle]

You know, they are completely upfront about what they do. Perhaps if you know for sure that it is definitely not doing this, you should submit a bug report.

What does "mining" mean to you? I do not thing that it means the same thing to you that it means to everybody else here.

Re:

[samwichse]

It's just yet another stupid internet rumor based on a game of telephone.

They've just mangled what the Brave Rewards program is.

"When you join Brave Rewards, your browser will automatically start tallying (only on your device’s local storage) the attention you spend on sites you visit. Once a month, Brave Rewards will send the corresponding amount of BAT, divided up based on your attention, from your local browser-based wallet to the sites you’ve visited. You can remove sites you don’t wan

Re:

[sacrilicious]

Brave mines cryptocurrency for the browser's creators

I see cryptocurrency-related features officially in Brave's feature set (like the ability to exchange currency), but no mention of mining cryptocurrency. Can you substantiate your assertion?

Re:

[arglebargle_xiv]

Yup, exactly. Trying to disguise A as B only works if A really is B, anything else and you can be detected. This is why traffic shaping, trying to disguise surreptitious traffic stream A as innocuous traffic stream B doesn't work, you can make it superficially the same but to pass in-depth scrutiny you have to make A = B, and since A is a completely different thing you can't make it work for anything but superficial scrutiny.

Re: Your fingerprint randomization...

[HeX314]

You do not understand cryptography.

Re:

[guruevi]

This isn't cryptography, this is stenography and OP is right. You can't embed a stenographical message, even if said message is encrypted, without making the complete data stream detectable and suspect.

If you randomize the Brave browser sessions, first of all, you'll need darn good randomization to make sure it's unique (different chips have different encryption, networking and timing signatures etc), but you'll be immediately able to detect the Brave users and target them accordingly.

"That's the problem with random numbers..."

[fph il quozientatore]

Is there any advantage in randomizing strings like the browser version rather than setting them to a predetermined fixed value such as "0.0"?

Re:

[Strill]

Google and the rest of Big Brother keeps track of your browser settings and uses them to identify you. This works best for tracking power users with a unique set of extensions and customized settings. Randomized browser fingerprints would hypothetically make this technique less effective.

Re:

[swillden]

Google and the rest of Big Brother keeps track of your browser settings and uses them to identify you.

FWIW, the Google Chrome team is working on killing this, permanently, with a new set of standards that eliminate not only fingerprint-based tracking but other sorts of online tracking as well. https://www.chromium.org/Home/... [chromium.org], https://github.com/michaelkleb... [github.com].

The core idea is that while targeted-ad funding of web sites is a fundamentally good thing (as opposed to, say, paywalls everywhere), the current way this is done (by collecting lots of information about users) is unnecessary and bad. The propose

Re:

[ChatHuant]

targeted-ad funding of web sites is a fundamentally good thing

No, it's a fundamentally bad thing. We have already seen, with Cambridge Analytica, how targeted political ads create echo chambers and exacerbate the division and polarization in society. They also allow discrimination, for example by showing job adds only to some people based on whatever criteria the ad buyer chooses. The information collected is also available to other players, (like governments for example), and we have no guarantees about their benevolence.

as opposed to, say, paywalls everywhere

See, that's exactly the kind of spin I came to

Re:

[swillden]

targeted-ad funding of web sites is a fundamentally good thing

No, it's a fundamentally bad thing. We have already seen, with Cambridge Analytica, how targeted political ads create echo chambers and exacerbate the division and polarization in society. They also allow discrimination, for example by showing job adds only to some people based on whatever criteria the ad buyer chooses.

Perhaps. I will certainly grant that there are downsides. See my response below to your comment about non-targeted ads, though.

The information collected is also available to other players, (like governments for example), and we have no guarantees about their benevolence.

The idea is not to collect any information, so that problem will go away.

as opposed to, say, paywalls everywhere

See, that's exactly the kind of spin I came to expect from Google. The alternative to targeted ads isn't paywalls everywhere - it's non-targeted ads. Ads don't have to be targeted to work - hell, advertising was a major industry before Google introduced "SpiesRUs internet".

You must be too young to remember what Internet advertising was like before ad targeting. Big, flashy banners everywhere, pop-overs, pop-unders, etc. The thing about non-targeted advertising is that it is worth a lot less per square inch of real-estate than targeted advertising. Like, an order of magnitude

Re:

[schwit1]

Yes

"Brave's new approach aims to make every browser look completely unique, both between websites and between browsing sessions," Brave developers said.

Wouldn't making them all look identical make it harder to distinguish between them?

Re:

[account_deleted]

Comment removed based on user account deletion

Not fooling Me

[FuGoogle]

These articles are worthless unless you write something that states the issues. Fingerprinting users is achieved in several ways. The primary fingerprint is the UUID on your computer disk, second is the IP address used to connect to the internet, third is your MAC address, forth using phone is the phone serial number or telephone number. When these fools convince me no App can read any of these fingerprints or identifiers then maybe we will have a little privacy. But the big tech agenda is to work with the

Re:Not fooling Me

[sacrilicious]

The primary fingerprint is the UUID on your computer disk

which Brave (and other privacy-minded software) of course do not send.

third is your MAC address

which isn't transported past your router, because it's too far down in the network stack.

forth using phone is the phone serial number or telephone number

No idea if Brave intends to do a phone client, but this doesn't apply to a non-phone client.

second is the IP address used to connect to the internet

which is why you use a vpn, or some random point of access, or Brave's support for onion routing.

When will the counter culture rebel and do something positive.

The counter culture is educating itself on the issues and doing useful things now. I urge you to join them.

Re:

[raif11152]

The counter culture is educating itself on the issues and doing useful things now. I urge you to join them.

Once counter culture is the culture, its no longer counter culture. Today, people calling themselves counter culture are actually homogeneous and fairly textbook lefties.

Re:

[twocows]

OK? Then I guess the non-counter culture is educating itself on the issues and doing useful things? Does it matter who is educating themselves and doing useful things? I don't really think that was the point of his post.

Why don't they just NOT share any information?

[strikethree]

Why are they allowing such distinct queries in the first place? Websites don't need to know ANYTHING about the browser software that I am using. Sure, there are quirks, but that falls on the manufacturer of the browser. The browser that gives the best experience will win out. It is not proper for the website creator to intrude, even if it does give a "better" experience to the end user.

Dealing with things at the wrong level is the bane of modern civilization. Why propagate these shenanigans?