Aggressive fingerprinting mode removal

[arthuredelstein]

We are considering removing aggressive fingerprinting mode, to reduce unneeded complexity in browser code and in the UI. To do this, we would need to work out which protections from aggressive mode to drop, and which ones to fold into default fingerprinting mode. Current protections in aggressive mode include:

• Dark mode detection: Fingerprinting v3: Dark Mode detection #15265
• WebGL: Fingerprinting 2.0: WebGL #9188, Fingerprinting 3.0: WebGL Debugging Followups #15882
• navigator.userAgent farbling: Implement navigator.userAgent farbling brave-core#6055

Tasks

Beta Give feedback

No tasks being tracked yet.

[davidcollini]

It would be nice to have Dark Mode protection as an option in the shields settings

[davidcollini]

What's the plan for the other settings? Is there no possibility that we can keep them in default mode, but disable them for sites that break?

Also it doesn't seem like User Agent farbling should break that many sites for a regular user

[davidcollini]

I can't wait for the blog post to see how these are resolved, I'm quite curious

[stephendonner]

Hi @arthuredelstein ! Mind adding a testplan here, when you get a chance? Thanks! Adding QA/Blocked and QA/Test-Plan-Required just until we've got that, and then we'll be fully unblocked 👍

[stephendonner]

Verification PASSED using

Brave | 1.62.73 Chromium: 119.0.6045.163 (Official Build) nightly (x86_64)
-- | --
Revision | 522e9147d931744b1641084046c197caf7b341f0
OS | macOS Version 11.7.10 (Build 20G1427)

New Defaults - PASSED

brave://settings/Shields	Shields' Advanced Controls

https://dev-pages.bravesoftware.com/fingerprinting/strict-mode.html - PASSED

Steps:

1. installed both 1.60.118 and 1.62.73
2. launched Brave (release)
3. ran the tests on https://dev-pages.bravesoftware.com/fingerprinting/strict-mode.html and https://dev-pages.brave.software/fingerprinting/strict-mode.html by clicking Generate Values
4. noted the results
5. compared 1.60.118 to 1.62.73

Confirmed identical results for the farbled values shown (values are the same for each version, not between versions, to be clear)

1.60.118

example	example

1.62.73

example	example

Upgrades from 1.60.x - PASSED

Shared Steps:

1. installed 1.60.118
2. launched Brave (release)
3. opened brave://settings/shields
4. ensured Block fingerprinting value was set appropriately for each Standard, Disabled, and Strict case
5. shut down Brave
6. installed 1.62.59
7. renamed Brave-Browser user profile --> Brave-Browser-Nightly
8. launched Brave (nightly)
9. set brave://flags/#brave-show-strict-fingerprinting-mode to Disabled
10. click Relaunch
11. opened brave://settings/shields

brave://flags	brave://version

Block fingerprinting - Strict, may break sites - PASSED

1.60.118	1.62.73

Block fingerprinting - Standard - PASSED

1.60.118	1.62.73

Block fingerprinting - Disabled - PASSED

1.60.118	1.62.73

[MadhaviSeelam]

Verification PASSED using

Brave | 1.62.105 Chromium: 120.0.6099.71 (Official Build) beta (64-bit)
-- | --
Revision | f72c783bcd52110d026061575b4bef28ccb547f7
OS | Windows 11 Version 22H2 (Build 22621.2715)

1. Install 1.62.105
2. launched Brave
3. opened brave://flags in a new tab
4. disabled #brave-show-strict-fingerprinting-mode flag
5. opened brave://settings/shields
6. navigated to brave.com site and clicked on Shields

Confirmed Block fingerprinting toggle is enabled as a default

Confirmed Block fingerprinting toggle is enabled as a default in Per site Shields setting

step 4	step 5	step 6

https://dev-pages.bravesoftware.com/fingerprinting/strict-mode.html - PASSED

Steps:

1. installed both 1.61.101 and 1.62.105
2. launched Brave (release)
3. ran the tests on https://dev-pages.bravesoftware.com/fingerprinting/strict-mode.html and https://dev-pages.brave.software/fingerprinting/strict-mode.html by clicking Generate Values
4. noted the results
5. compared 1.61.101 to 1.62.105

Confirmed identical results for the farbled values shown (values are the same for each version, not between versions, to be clear)

1.62.105

example	example

1.61.101

example	example

Upgrades from 1.61.x - PASSED

Shared Steps:

1. installed 1.61.101
2. launched Brave (release)
3. opened brave://settings/shields
4. ensured Block fingerprinting value was set appropriately for each Standard, Disabled, and Strict case
5. shut down Brave
6. installed 1.62.105
7. renamed Brave-Browser user profile --> Brave-Browser-Beta
8. launched Brave (Beta)
9. set brave://flags/#brave-show-strict-fingerprinting-mode to Disabled
10. click Relaunch
11. opened brave://settings/shields

brave://flags(default)	brave://flags (disabled)	brave://version	brave://settings/shields

Block fingerprinting - Strict, may break sites - PASSED

1.61.101	1.62.105 (a)	1.62.105 (b)	1.62.105 (c)	1.62.105 (d)

Block fingerprinting - Standard - PASSED

1.61.101	1.62.105 (a)	1.62.105 (b)	1.62.105 (c)	1.62.105 (d)

Block fingerprinting - Disabled - PASSED

1.61.101	1.62.105 (a)	1.62.105 (b)	1.62.105 (c)	1.62.105 (d)

[btlechowski]

Verified with

Brave	1.62.122 Chromium: 120.0.6099.144 (Official Build) beta (64-bit)
Revision	cfddebe77d394064c472fda64afcd9fbed34ceb4
OS	Linux

New Defaults - PASSED

brave://settings/Shields	Shields' Advanced Controls

https://dev-pages.bravesoftware.com/fingerprinting/strict-mode.html - PASSED

Steps:

1. installed both 1.61.x and 1.62.x
2. launched Brave (release)
3. ran the tests on https://dev-pages.bravesoftware.com/fingerprinting/strict-mode.html and https://dev-pages.brave.software/fingerprinting/strict-mode.html by clicking Generate Values
4. noted the results
5. compared 1.61.x to 1.62.x

Confirmed identical results for the farbled values shown (values are the same for each version, not between versions, to be clear)

1.61.x

example	example

1.62.x

example	example

Upgrades from 1.61.x - PASSED

Shared Steps:

1. installed 1.61.x
2. launched Brave (release)
3. opened brave://settings/shields
4. ensured Block fingerprinting value was set appropriately for each Standard, Disabled, and Strict case
5. shut down Brave
6. installed 1.62.x
7. renamed Brave-Browser user profile --> Brave-Browser-Beta
8. launched Brave (beta)
9. set brave://flags/#brave-show-strict-fingerprinting-mode to Disabled
10. click Relaunch
11. opened brave://settings/shields

Block fingerprinting - Strict, may break sites - PASSED

1.61.x	1.62.x

Block fingerprinting - Standard - PASSED

1.61.x	1.62.x

Block fingerprinting - Disabled - PASSED

1.61.x	1.62.x

[GeetaSarvadnya]

Verification PASSED on Vivo X70 Pro version 12 running Bravemonoarm64.apk_1.62.121

1. Install 1.62.x
2. launched Brave
3. opened brave://flags in a new tab
4. disabled #brave-show-strict-fingerprinting-mode flag
5. opened brave://settings/shields
6. navigated to brave.com site and clicked on Shields

Confirmed Block fingerprinting toggle is enabled as a default

Confirmed Block fingerprinting toggle is enabled as a default in Per site Shields setting

step 4	step 5	step 6

https://dev-pages.bravesoftware.com/fingerprinting/strict-mode.html - PASSED

Steps:

1. installed both 1.61.x and 1.62.x
2. launched Brave (release)
3. ran the tests on https://dev-pages.bravesoftware.com/fingerprinting/strict-mode.html and https://dev-pages.brave.software/fingerprinting/strict-mode.html by clicking Generate Values
4. noted the results
5. compared 1.61.x to 1.62.x

Confirmed identical results for the farbled values shown (values are the same for each version, not between versions, to be clear)

1.62.x

example	example

1.61.x

example	example

Upgrades from 1.61.x - PASSED

Shared Steps:

1. installed 1.61.x
2. launched Brave (release)
3. opened brave://settings/shields
4. ensured Block fingerprinting value was set appropriately for each Standard, Disabled, and Strict case
5. shut down Brave
6. installed 1.62.x
7. renamed Brave-Browser user profile --> Brave-Browser-Beta
8. launched Brave (Beta)
9. set brave://flags/#brave-show-strict-fingerprinting-mode to Disabled
10. click Relaunch
11. opened brave://settings/shields

Block fingerprinting - Strict, may break sites - PASSED

1.61.x	1.62.x (a)	1.62.x (b)	1.62.x (c)	1.62.x (d)

Block fingerprinting - Standard - PASSED

1.61.101	1.62.105 (a)	1.62.105 (b)	1.62.105 (c)	1.62.105 (d)

Block fingerprinting - Disabled - PASSED

1.61.101	1.62.105 (a)	1.62.105 (b)	1.62.105 (c)	1.62.105 (d)

[Uni-verse]

Verified on Samsung Galaxy Tab S7 using version:

Brave	1.62.147 Chromium: 120.0.6099.234 (Official Build) (32-bit) 
Revision	3b25c3743150a54485dea24f0ceb1e69d6db51bc
OS	Android 13; Build/TP1A.220624.014; 33; REL

1. Install 1.62.x
2. Launched Brave
3. Disabled #brave-show-strict-fingerprinting-mode flag in Brave://flags
4. Open Brave Shields & privacy settings
5. Navigate to any URL, open Shields panel

• Ensured that Block Fingerprinting is enabled by default in Shields panel and in global settings.
• Ensured that Block Fingerprinting is enabled for Standard and Strict mode on upgraded profile.
• Ensured that Block Fingerprinting is disabled for Disabled mode on upgraded profile.

Feature Flag

Example	Example	Example

Farbling Test

First Test	After restart

Upgraded Profile - Standard Mode

1.61.x	Set Flag - 1.62.x	Flag set - 1.62.x	1.62.x

Upgraded Profile - Strict Mode

Example	Example	Example	Example

Upgraded Profile - Disabled

Example	Example	Example	Example

[BenjaminAster]

@arthuredelstein Note that without aggressive fingerprinting protection, UNMASKED_RENDERER_WEBGL and UNMASKED_VENDOR_WEBGL from the WebGL WEBGL_debug_renderer_info extension will always return the true GPU info with no option to enable randomization of these values (see #10214). This is a pretty high-entropy source of fingerprintable information—shouldn't the current aggressive behavior (replacing the values with random gibberish) be folded into default fingerprinting mode? The entire canvas farbling is much less effective if websites can read the GPU type anyway.

[davidcollini]

@arthuredelstein Note that without aggressive fingerprinting protection, UNMASKED_RENDERER_WEBGL and UNMASKED_VENDOR_WEBGL from the WebGL WEBGL_debug_renderer_info extension will always return the true GPU info with no option to enable randomization of these values (see #10214). This is a pretty high-entropy source of fingerprintable information—shouldn't the current aggressive behavior (replacing the values with random gibberish) be folded into default fingerprinting mode? The entire canvas farbling is much less effective if websites can read the GPU type anyway.

If it's not put into default protections, this could potentially be a permission prompt that asks users if they want to let the website read their GPU info

[arthuredelstein]

@BenjaminAster @davidcollini Thank you for these comments. We definitely want to have GPU protections in standard mode.

[BenjaminAster]

@arthuredelstein Thanks for the quick response! While I'm at it, I just opened #35646 where I have even more suggestions about anti-fingerprinting measures that I think Brave could still take.

[arthuredelstein]

Thank you @BenjaminAster !