Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Browsers
Brave
Brave Browser 0.70.123
Message
<blockquote data-quote="oldschool" data-source="post: 843821" data-attributes="member: 71262"><p>This is nice post with details about recent and upcoming developments <a href="https://brave.com/brave-fingerprinting-and-privacy-budgets/" target="_blank">Brave, Fingerprinting, and Privacy Budgets</a></p><p></p><p>Here is an excerpt:</p><p></p><p><span style="font-size: 22px"><strong>Fingerprinting Protections in Brave (Present, Planned, and Under Consideration)</strong></span></p><p>The previous sections described why Brave is skeptical of budget-based approaches to fingerprinting protections. This section presents Brave’s approach, a mixture of removing differences between browsers we don’t expect to be useful for users, adding noise to fingerprinting vectors, and improving our ability to determine which script should have access to fingerprinting functionality, and which scripts to block.</p><p><span style="font-size: 18px"><strong>Current Fingerprinting Protections in Brave</strong></span></p><p>Currently Brave protects against fingerprinting by preventing third party sites from accessing functionality frequently used to fingerprint users. This includes highly identifying parts of the Canvas, Web Audio and WebGL APIs, among others. These default settings can be changed through Brave’s Shields interface, where users can disable these protections if needed, or also extend them to the first party.</p><p>Brave prevents known fingerprinting scripts from being loaded, through the browser’s <a href="https://support.brave.com/hc/en-us/articles/360022973471-What-is-Shields-" target="_blank">Shields protections</a>. Brave both uses, and <a href="https://brave.com/supporting-the-web-privacy-community/" target="_blank">contributes to the development of</a>, privacy-protecting filter lists like <a href="https://easylist.to/" target="_blank">EasyList and EasyPrivacy</a>.</p><p>More information about current <a href="https://github.com/brave/brave-browser/wiki/Fingerprinting-Protection-Mode" target="_blank">Brave fingerprinting and privacy protections </a>are available<a href="https://github.com/brave/brave-browser/wiki/Deviations-from-Chromium-(features-we-disable-or-remove)" target="_blank"> on our Wiki</a>.</p><p><span style="font-size: 18px"><strong>Upcoming Fingerprinting Protections</strong></span></p><p>While Brave’s fingerprinting protections are strong and do a good job of protecting user privacy (especially when combined with Brave’s blocking of cross-site tracking scripts and frames), we have plans to do even better, to keep ahead of even the most determined adversaries. We plan to implement protections against <a href="https://browserleaks.com/fonts" target="_blank">font–based fingerprinting</a>, and identifying users based on hardware capabilities (e.g. hardware concurrency, device memory, etc.). Additionally, we will soon begin adding noise to values used in fingerprinting, such as varying OS version numbers in the user agent string.</p><p>Brave is also working with Web standards bodies to pursue privacy protections at a cross-browser level. Currently browser vendors need to <em>deviate</em> from standards to protect user privacy, a situation which is both a condemnation of the state of privacy on the Web, and puts privacy-focused browsers at a constant disadvantage. Through our work in the W3C, including co-chairing <a href="https://www.w3.org/Privacy/" target="_blank">PING</a> (the W3C’s primary privacy body) and reviewing specs for privacy issues, Brave is working to improve fingerprinting protections for all Web users.</p><p><span style="font-size: 18px"><strong>Ongoing Research on Fingerprinting Protections</strong></span></p><p>Brave is also exploring longer term approaches to fingerprinting protections. We have projects to better <a href="https://arxiv.org/abs/1805.09155" target="_blank">identify (and block) additional fingerprinting scripts</a>, especially as used by adversaries <a href="http://arxiv.org/abs/1910.07303" target="_blank">targeting people who speak languages underserved by existing filter lists</a>. We are also building a unique system of V8 JavaScript engine and Blink rendering engine instrumentation called <a href="https://github.com/brave/brave-browser/wiki/PageGraph" target="_blank">PageGraph</a>, currently being used to detect when trackers evade detection by renaming resources, bundling tracking script with benign script, or other common evasion tactics. We’ll be sharing more about the progress of these, and other, privacy protections in the upcoming months.</p><p><span style="font-size: 22px"><strong>Conclusion</strong></span></p><p>Browser fingerprinting is a difficult threat for the privacy community to defend against, and one that’s likely to get ever more challenging as browsers deploy protections against traditional, cookie-based tracking systems. Because there is so much privacy-harming technical debt in the Web platform, successful defenses will require addressing the problem at every level: resource blocking, fingerprint randomization, restricting which sites have access to risky functionality, and improving privacy in Web standards.</p><p>Approaches that attempt to maintain an “acceptable” amount of identification and tracking online, however well-meaning, are antithetical to the goal of a truly privacy-respecting Web. We expect that “budget”-based approaches to Web privacy will not be effective privacy protections, and that the steps described above will be far more effective at protecting user privacy. We’re excited to work with others in the privacy community to continue to improve privacy on the Web.</p></blockquote><p></p>
[QUOTE="oldschool, post: 843821, member: 71262"] This is nice post with details about recent and upcoming developments [URL="https://brave.com/brave-fingerprinting-and-privacy-budgets/"]Brave, Fingerprinting, and Privacy Budgets[/URL] Here is an excerpt: [SIZE=6][B]Fingerprinting Protections in Brave (Present, Planned, and Under Consideration)[/B][/SIZE] The previous sections described why Brave is skeptical of budget-based approaches to fingerprinting protections. This section presents Brave’s approach, a mixture of removing differences between browsers we don’t expect to be useful for users, adding noise to fingerprinting vectors, and improving our ability to determine which script should have access to fingerprinting functionality, and which scripts to block. [SIZE=5][B]Current Fingerprinting Protections in Brave[/B][/SIZE] Currently Brave protects against fingerprinting by preventing third party sites from accessing functionality frequently used to fingerprint users. This includes highly identifying parts of the Canvas, Web Audio and WebGL APIs, among others. These default settings can be changed through Brave’s Shields interface, where users can disable these protections if needed, or also extend them to the first party. Brave prevents known fingerprinting scripts from being loaded, through the browser’s [URL='https://support.brave.com/hc/en-us/articles/360022973471-What-is-Shields-']Shields protections[/URL]. Brave both uses, and [URL='https://brave.com/supporting-the-web-privacy-community/']contributes to the development of[/URL], privacy-protecting filter lists like [URL='https://easylist.to/']EasyList and EasyPrivacy[/URL]. More information about current [URL='https://github.com/brave/brave-browser/wiki/Fingerprinting-Protection-Mode']Brave fingerprinting and privacy protections [/URL]are available[URL='https://github.com/brave/brave-browser/wiki/Deviations-from-Chromium-(features-we-disable-or-remove)'] on our Wiki[/URL]. [SIZE=5][B]Upcoming Fingerprinting Protections[/B][/SIZE] While Brave’s fingerprinting protections are strong and do a good job of protecting user privacy (especially when combined with Brave’s blocking of cross-site tracking scripts and frames), we have plans to do even better, to keep ahead of even the most determined adversaries. We plan to implement protections against [URL='https://browserleaks.com/fonts']font–based fingerprinting[/URL], and identifying users based on hardware capabilities (e.g. hardware concurrency, device memory, etc.). Additionally, we will soon begin adding noise to values used in fingerprinting, such as varying OS version numbers in the user agent string. Brave is also working with Web standards bodies to pursue privacy protections at a cross-browser level. Currently browser vendors need to [I]deviate[/I] from standards to protect user privacy, a situation which is both a condemnation of the state of privacy on the Web, and puts privacy-focused browsers at a constant disadvantage. Through our work in the W3C, including co-chairing [URL='https://www.w3.org/Privacy/']PING[/URL] (the W3C’s primary privacy body) and reviewing specs for privacy issues, Brave is working to improve fingerprinting protections for all Web users. [SIZE=5][B]Ongoing Research on Fingerprinting Protections[/B][/SIZE] Brave is also exploring longer term approaches to fingerprinting protections. We have projects to better [URL='https://arxiv.org/abs/1805.09155']identify (and block) additional fingerprinting scripts[/URL], especially as used by adversaries [URL='http://arxiv.org/abs/1910.07303']targeting people who speak languages underserved by existing filter lists[/URL]. We are also building a unique system of V8 JavaScript engine and Blink rendering engine instrumentation called [URL='https://github.com/brave/brave-browser/wiki/PageGraph']PageGraph[/URL], currently being used to detect when trackers evade detection by renaming resources, bundling tracking script with benign script, or other common evasion tactics. We’ll be sharing more about the progress of these, and other, privacy protections in the upcoming months. [SIZE=6][B]Conclusion[/B][/SIZE] Browser fingerprinting is a difficult threat for the privacy community to defend against, and one that’s likely to get ever more challenging as browsers deploy protections against traditional, cookie-based tracking systems. Because there is so much privacy-harming technical debt in the Web platform, successful defenses will require addressing the problem at every level: resource blocking, fingerprint randomization, restricting which sites have access to risky functionality, and improving privacy in Web standards. Approaches that attempt to maintain an “acceptable” amount of identification and tracking online, however well-meaning, are antithetical to the goal of a truly privacy-respecting Web. We expect that “budget”-based approaches to Web privacy will not be effective privacy protections, and that the steps described above will be far more effective at protecting user privacy. We’re excited to work with others in the privacy community to continue to improve privacy on the Web. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
