An update on Mozilla’s PPA experiment and how it protects user privacy while testing cutting edge technologies to improve the open web.

  • ngwoo@lemmy.world
    link
    fedilink
    English
    arrow-up
    2
    ·
    2 months ago

    Brave randomizes the output of fingerprinting techniques like canvas rendering, system fonts, installed devices, etc in a way that makes you look like a real, consistent user providing real data that still allows the site to work, while still changing the output from one session to the next enough that sites can’t tell you’re the same person.

    Firefox claims to block all this but if you check their site they explain how it actually works:

    Firefox protects users against fingerprinting by blocking all third-party requests to companies that are known to participate in fingerprinting

    We’ve partnered with Disconnect to provide this protection. Disconnect maintains a list of companies that participate in cross-site tracking, as well a list as those that fingerprint users.

    This does nothing to actually disguise you. It’s the equivalent of putting a paper bag over your head when you think there’s a security camera. You stand out because of the bag and you don’t know where all the cameras are so you’re still being tracked when you don’t know it.

    I hate the idea of Brave because Chromium’s dominance will ruin the web but Firefox does not protect us.

    • Vincent@feddit.nlOP
      link
      fedilink
      arrow-up
      1
      ·
      2 months ago

      That is a bit confusing, but the feature called “Fingerprint Protection” (i.e. blocking known fingerprinters) isn’t the only protection built in. I’m not motivated enough to find a full list right now, but it also includes e.g. limiting the information in the User Agent header. I did at least find a list of things that were worked on at some point by searching for “Tor uplift”, which is a good starting point if you’d like to find more: https://wiki.mozilla.org/Security/Fingerprinting

      I’d also add that actually blocking requests to known fingerprinters does help. It’s more like camera’s getting disabled when you’re around: sure, from the point of view of the camera, it’s suspicious that it stopped working, but it can’t see you, so it doesn’t know who is standing out.