Does the Brave Browser Really Beat Fingerprinting? Let's Test!

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
lots of people are talking about the great privacy features of brave browser i last tested brave over a year and a half ago and back then it would definitely have been vulnerable to browser fingerprinting now brave has had many new changes and i'd like to find out if it lives up to the hype we're going to analyze precisely what brave is doing so that there's no mystery about what it does to avoid tracking through means like browser fingerprinting to do this i wrote a test program that fingerprints a browser and that allows us to check real results browser figure printing is a dangerous tool against internet privacy since it will allow you to be tracked all over the internet so it would be great to know if a real solution exists stay tuned and let's start testing i post my videos in advance on library lbry it's censorship free and i have a link in the description so you can follow me there in order to actually understand what brave is doing i'm going to compare its behavior to chrome and firefox also i will turn some settings on and off on brave so you can track what occurs at each step then we will look at the actual browser fingerprint details and see what brave is actually doing to avoid tracking at the end of the test i will give you a conclusion to see if brave will do the job for us or not don't skip that since i will talk about some other tricks that can be used by a tracker and will analyze this in a bigger picture the program that i wrote to demonstrate a browser fingerprint is this brax dot me slash geo i have an older video that used this same link but this is now updated and has some other changes for this test i'll start with chrome and note the fingerprint the fingerprint is a hash of the results of the unique features of my particular computer if i click on show details you will see the different categories here that are tracked for uniqueness let me just point out some general categories the user agent is a general description of the device and the browser being used so here we know we are on chrome there are some other values here for screen resolution time zone language plugins fonts and you will also see if it detects that you are purposely lying on some settings like language browser os and your screen resolution just in general research has already proven that with these characteristics it is possible to identify a particular computer among millions and even with just a few of these characteristics it will be possible to identify a computer among hundreds for this test i'm using all of these characteristics however i can tell you now that if you know which particular characteristic is being blocked then you can exclude that from the fingerprint i've figured out what is being blocked by brave so i actually wrote a counter to it though i'll just discuss it at the end of the video another thing to think about is that these characteristics do not consider two other tracking devices and those are ip addresses and location they can be used in combination with a browser fingerprint so understand that there are other data points at play here we'll discuss it all in the big picture at the end now for the purposes of this video i will not go into location tracking so we will ignore the other features of this test program we will stick only to the fingerprinting problem just so we can easily remember i will refer to the fingerprint using the last four digits so in this chrome browser the fingerprint is 20 db now watch this i will close and reopen chrome three times and you will see that the fingerprint is identical in this first test i also have not saved a cookie for the fingerprint so it is computing the same value each time clearly marking this browser with a fingerprint i will also now open some tabs and run the same program and you will see that the fingerprint is the same and here that is 20 db i will now save the fingerprint as a cookie and you can see that each time you restart it can compare the cookie with the current fingerprint to do a passing of the baton so to speak in case you change some setting on your computer this fingerprint will be stored at the server of the tracker by the way which is typically google facebook and ad companies i just want to make this clear though for this demo i'm also storing the fingerprint locally with that little save button there now i'll show you the same test quickly on firefox and you will see that the fingerprint is 7d33 it's different from the one on chrome but other than that the behavior is pretty much the same do [Music] now we will shift to using brave to demonstrate these features on an equal footing i'll make sure to set the brave settings to something comparable to chrome in firefox specifically i will leave the tracking blocking to standard and the fingerprint blocking to standard cookies are not blocked these settings are important because these will not cause websites to fail so normally these would be your preferred options for general use now let's compare brave and there's the fingerprint we'll do the same restart test now you will notice a difference already each time brave restarts the signature is changing that is in fact a main difference with the other browsers [Music] however you will also notice that the signature does not change with multiple tabs [Music] now let's save the fingerprint in a cookie and if you restart you will see that the cookie will now have the last fingerprint so it can pass the baton to the tracker to now connect the old and the new fingerprint together and this is how you have to think because this is a battle between two forces one tries to evade and the other will try to counter the evasion so it's not so simple as you will see later now let's look at the actual fingerprint detail and see what it actually says one thing you will notice is that brave has the exact same user agent as chrome in fact on the top it says windows 10 chrome brave is based on the open source chromium like chrome so it can get away with this so clearly a website can no longer tell directly that the browser is brave however there are many little tricks that can be done since brave does behave differently as i play with brave during the testing and using the standard settings for tracker blocking in fingerprint blocking i noticed exactly what brave was changing at each load and i kept those changing items at the bottom of the fingerprint detail brave modifies these so they are not accurate audio level device memory hardware concurrency or they mean cores canvas webgl vendor web gl signature brave changes this at every restart so that will guarantee a different signature mostly the main ones being modified frequently are the audio level in the canvas the rest are modified less often if a cookie is being stored and the tracker can note that the changes occur mostly to these values then this behavior will be spotted to be because of brave and if i were the tracker i would just ignore the main fingerprint and use a partial print combined with some other values like geolocation and ip address this is effective at breaking a tracker that has not been updated however trackers can be rewritten and surely must have been done by now to respond to any change made by a browser now let's test a private window or what other browsers call incognito mode let's see what this is all about are you really incognito with a privacy window now if you save a cookie you will notice that the old fingerprint can be connected to the new fingerprint so another passing of the baton is possible however if you close the privacy window and start a new one you will notice that it will never store the cookie past a browser session this folks is the actual value of a privacy window in all browsers cookies are not retained cookies still work during the session so websites won't break but the cookies will not be visible for the next round this is important when you're borrowing a computer if the computer is not yours always use a privacy window or incognito mode now let's up the ante and start to increase the blocking done by brave unlike a browser let's say like chrome brave can be more aggressive with the blocking so we'll find out what actually happens this time i will go to strict blocking of the fingerprint let's see what happens you will see now that it actually generates an error in the javascript and i'll show you in the fingerprint details over here that they've actually just blocked the javascript call to webgl this actually just stops it from working now as you can see here i can recognize this and actually consider this a fingerprint in itself of brave let's now try the tracker blocking now this operates a little bit differently it actually blocks a javascript from executing from a known tracker site so this is being identified as being a tracker site when my little program is blocked from execution i just create a random fingerprint which in this case starts with the name brax so we can recognize it now let's save the cookie and now you will see that the random number fingerprint will be retained even after i restart the browser and then that can also be used by the tracker to do a past the baton approach now this approach would be harder to associate with brave since many plugins like privacy badger and other ad blockers would do the same thing but there may be a way to guess based on what plugins are in use it should be clear here that brave does in fact do a good job with blocking rudimentary browser fingerprinting it's certainly better than most it has a more aggressive setting that can potentially block even more trackers some of you will drop off from this video now because the conclusion seems obvious from the test but it really isn't the problem is that since we all know what brave is blocking and how it is blocking it a tracking programmer can devise a way to evade it so i'm constantly giving examples of how i might get around the block i gave you one example and that is by a fingerprint cookie that passes the baton to the new fingerprint so a continuous chain can be derived connecting one fingerprint to the next and if you completely block the fingerprinting then a randomly generated number that i made up can be used to pass a baton to the next randomly generated fingerprint and i will also know that whoever is doing this kind of blocking can be identified as being privacy minded or having something to hide this can then red flag the user and thus other tracking can be done like by ip address and location even if you're on a vpn a partial fingerprint can be derived i was able to get around the tracker blocking done by brave the main thing they block is the webgl anything that probes webgl in their mind is a tracker but if i exclude webgl from my tracking then a partial fingerprint is still derivable and at the same time i recognize that this is brave by itself i know that i should sell this particular type of user a vpn or some such product you can of course do complete restriction by blocking javascript and cookies completely the problem is that this makes websites unusable so it is to be used only in more extreme situations otherwise it becomes really disruptive in normal use so i don't want someone arguing with me about how i could have increased the blocks this way or that way i've used the settings that are good for normal usability i'm proud of bray for giving this a good attempt and i'm certain that some trackers will be eliminated but not all someone as aggressive as facebook will likely not get fooled there's an option by the way on brave to block embedded facebook sites which will definitely be great at blocking tracking from facebook if you use facebook that i'm sure it's a setting you want to always leave on block facebook embedded pages i've had another technique that i've been using over the years for evading fingerprinting and i call it browser isolation since the browser fingerprint signature can never cross a browser and cookies cannot cross browser this limits any trackers to the current browser most trackers come from google and facebook so my trick was to isolate google in its own browser chrome and i've been doing all my other work on firefox and maybe now i'll shift to brave if i had facebook i'd isolate it in its own browser and i recommend brave for that so how does this method of browser fingerprint avoidance compare to just using brave with all the blocking features i think brave does appear to be the best of all the browsers in my test based on this ability to the collection of a fingerprint but it can be beaten i mentioned the passing of the baton strategy and just the fact that its own unique behavior identifies it as being brave the browser isolation strategy is more low-key you do not appear to be hiding anything and especially if you're not using a unique plug-in like privacy badger and so on i try to keep my browsers completely free of plugins since that is a part of the fingerprint the browser isolation approach will likely be an unbeaten approach for a while some ad trackers are trying to beat this by doing device fingerprinting device fingerprinting rather than browser fingerprinting but if you have a google phone this will have less success still based on this test i would consider brave to be the safest browser though not perfect and i would likely bias myself to using it more than the other browsers however i caution you if you think that this is all you have to do and you will be safe you will get sucked you can be tracked by facebook logins and google logins ip addresses geolocation device fingerprint mac addresses wi-fi probes bluetooth probes and behavior it never ends just good news to see that at least someone is working on our behalf thank you brave and good work keep at it it's that time in the video when i remind you how important it is that you subscribe it is so appreciated i also appreciate my patrons and those who buy my products thank you for your support see you next time [Music]
Info
Channel: Rob Braxman Tech
Views: 214,884
Rating: undefined out of 5
Keywords: internet privacy, tech privacy, internet privacy guy, brave browser, better chrome browser, browser fingerprinting, evading browser fingerprinting, device fingerprinting, browser trackers, brave vs firefox, brave vs chrome, what is brave browser, brave browser privacy review, brave browser review, brave antifingerprinting techniques, best browser 2020, device fingerprinting websites, best privacy browser
Id: dsu9b5FqK_0
Channel Id: undefined
Length: 19min 42sec (1182 seconds)
Published: Thu Oct 01 2020
Related Videos
Why VPNs are a WASTE of Your Money (usually…)
Cyberspatial
1.4M
Why Use Virtual Machines for Privacy and Security? Not Obvious! Top 6 List!
Rob Braxman Tech
85K
I DON'T like my web browsing options in 2024...
InfinitelyGalactic
70K
Vivaldi is the Best Web Browser -- For Some.
The Linux Cast
14K
Best Browser Privacy? Edge vs Chrome vs Firefox vs Brave in Wireshark
The PC Security Channel
399K
We tested 7 private browsers. Which one is the best?
Sumsub
154K
The MOST private browser
Naomi Brockwell TV
840K
The AI Cybersecurity future is here
David Bombal
152K
The Best FireFox Browser
Chris Titus Tech
233K
Why Browser Wars Are Silly: Here's What Matters!
Techlore
81K
Why Everyone Is OBSESSED With Arc Browser
Enrico Tartarotti
253K
Incredible Dangers in Browsers (Affects all of them)
Rob Braxman Tech
285K
You Can Do WHAT With Your Email Client!?
Mozilla Thunderbird
24K
Using Phones Without SIM cards? Check out the Privacy Benefits.
Rob Braxman Tech
73K
Become Anonymous: The Ultimate Guide To Privacy, Security, & Anonymity
Techlore
590K
Hack like Mr Robot // WiFi, Bluetooth and Scada hacking
David Bombal
2.1M
Browser/Device Fingerprinting In a Nutshell
CHM Tech
33K
How to Make Your Own VPN (And Why You Would Want to)
Wolfgang's Channel
2.2M
Which Devices Will Survive a Putin Tactical EMP Strike?
Rob Braxman Tech
119K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.