Brave Browser gets language and font fingerprinting privacy protections
The team behind the Brave web browser added two more fingerprint protections to the browser to improve user privacy on the Internet. The first protects against using the preferred languages feature for fingerprinting, the second the available fonts.
Valiente includes a series of fingerprint defenses that are periodically expanded. Fingerprinting refers to a tracking technique that identifies and tracks users across the Internet based on certain characteristics of their applications and systems. Browsers reveal certain information to sites automatically, and scripts can obtain even more information that sites can use to fingerprint users. The uniqueness of the data set determines the success of tracking.
Brave plans to release anti-fingerprint techniques in Brave 1.39. The current stable version of Brave is 1.37 at the time of writing.
Language-based fingerprint protection
The latest version of Brave’s fingerprint protections protect users against language-based fingerprinting techniques. Browsers reveal the preferred languages of sites so that sites can serve content in the preferred language, if available. The scripts can also extract the information from the browser. The downside of the feature that is designed to improve site accessibility is that it can be included in fingerprint attacks.
The browser reveals all languages and their weight to sites automatically. While most browsers include only one language by default, most allow users to add more languages. Users who speak multiple languages, for example English, French and German, can add all of them to the browser as they can also power features like spell check.
Combinations that are not very popular make the user more unique, since the total pool of users with that combination is small.
Brave in the future informs the preferred language to sites only in the future. Users with multiple languages installed will only see their preferred language on sites.
The strict fingerprint setting changes reports to English in all cases, even if the user has set a different default language in the browser. The reported weight for the unique language Brave reveals is also randomized “within a certain range” according to Brave.
Font Fingerprint Protection
Fonts are also reported to websites, and sites may use the dataset for tracking purposes, especially if unusual fonts are installed. Brave protects browser users on all supported systems except iOS and Linux against fingerprinting techniques that target installed fonts.
Font fingerprint protection is enabled in default and aggressive Shield settings. Brave allows sites to use web fonts and all operating system fonts, and a random set of user-installed fonts.
The random set is determined for each site and each session, which means that a site will have access to all listed sources for the entire browsing session.
Brave notes that the protection feature can be problematic in certain edge cases, for example, when a particular user-installed font is required for a specific site. Brave 1.39 has a new option in Brave://settings/shields that disables the feature in the browser by toggling “Prevent sites from fingerprinting me based on my language preferences.”
Brave plans to monitor the release of the feature to adjust it if compatibility issues are detected on sites.
closing words
Brave continues to expand the privacy features of your web browser. The new preferred language and font fingerprinting protections add two more protections to the browser that make it harder for sites to use fingerprinting for tracking.
Now read: Study on the effectiveness of anti-fingerprinting measures
advertising