The team that is behind the Brave web browser added two more fingerprinting protections to the browser to improve user privacy on the Internet. The first protects against using the preferred languages feature for fingerprinting, the second the available fonts.
Brave includes an array of fingerprinting defenses that are expanded regularly. Fingerprinting refers to a tracking technique that identifies and tracks users across the Internet based on certain characteristics of their applications and systems. Browsers do reveal certain information to sites automatically, and scripts may pull even more information that sites may then use to fingerprint users. The uniqueness of the data set determines the tracking success.
Brave plans to launch the anti-fingerprinting techniques in Brave 1.39. The current stable version of Brave is 1.37 at the time of writing.
Language-based fingerprinting protection
The latest iteration of Brave's fingerprinting protections protect users against language-based fingerprinting techniques. Browsers reveal preferred languages to sites so that sites may serve content in the preferred language, if available. Scripts may also pull the information from the browser. Downside to the feature that is designed to improve the accessibility of sites is that it may be included in fingerprinting attacks.
The browser reveals all languages and their weight to sites automatically. While most browsers include just one language by default, most allow users to add more languages. Users who speak multiple languages, say English, French and German, may add all of these to the browser, as these may also power features such as spell checking.
Combinations that are not very popular make the user more unique as the entire pool of users with that combination is small.
Brave going forward reports the most preferred language to sites only going forward. Users who have multiple languages installed will only have the preferred language reported to sites.
The strict fingerprinting setting changes the reporting to English in all cases, even if the user has set a different default language in the browser. The reported weight for the single language that Brave reveals is also randomized "within a certain range" according to Brave.
Font Fingerprinting protection
Fonts are also reported to websites and sites may use the data set for tracking purposes, especially if uncommon fonts are installed. Brave protects users of the browser on all supported systems except for iOS and Linux against fingerprinting techniques that target installed fonts.
Font fingerprinting protection is enabled in default and aggressive Shield configurations. Brave allows sites to use web fonts and all operating system fonts, and a random set of user installed fonts.
The random set is determined for each site and each session, which means that a site will have access to all listed fonts during the entire browsing session.
Brave notes that the protective feature may prove problematic in certain edge cases, for instance, when a particular user-installed font is required for a specific site. Brave 1.39 has a new option under brave://settings/shields that turns off the feature in the browser by toggling "Prevent sites from fingerprinting me based on my language preferences".
Brave plans to monitor the rollout of the feature to adjust it if compatibility issues are noticed on sites.
Brave continues to extend the privacy features of its web browser. The new preferred language and font fingerprinting protections add two more protections to the browser that make it more difficult for sites to use fingerprinting for tracking.