@Overall6815 you really don’t seem to understand fingerprinting and fingerprint protection.
I have gone into big explanation about fingerprint.com before at Test browser fingerprint - #4 by Saoiray as well as other posts.
Nope, overall it’s not. They do randomize it and it’s not straight up announcing it’s Brave. You’ll notice it just has a generic string. Also if you click to see your fingerprint protections, User Agent is listed.
But overall there’s no reason to hide user agent. They used to do that all the time but it broke websites and all. So now they have the nice balance here to where they aren’t able to track but enough information gets shared so as not to have breakage of websites.
Brave actually has some blog posts and official responses on this, such as:
- https://brave.com/privacy-updates/28-sunsetting-strict-fingerprinting-mode/
- https://github.com/brave/brave-browser/wiki/Fingerprinting-Protections
Uniqueness does not mean recognition. Brave constantly changes lots of little details that gets reported to sites.
Also as long has been said by one of the heads of the privacy team at Brave:
The guts of useful fingerprinting defenses are not to make everyone look the same, or to make everyone looking different; both of those are fundamentally not possible without massive breakage. What makes Brave’s defenses uniquely strong is that for naive fingerprinters, we feed them enough randomization that they can’t reidentify people (everyone looks different). And for sophisticated fingerprinters, the randomization forces those fingerprinters to ignore the random-but-high-entropy inputs, and only consume a much smaller number of inputs, reducing identifiability and putting users into large anonymity sets for sites with non-trival numbers of visitors. All that is to say, fingerprint.js is doing a crummy job on their unpopular site (again, see the false positive); if they tried to do the same from popular, real-world sites like the ones they advertise at the bottom, their success rate would be even worse.
b. additionally, we block requests from sites when they call back to fingerprint.js’s servers to try and use their identification-classifier-as-a-service service. In the absence of being able to talk to fingerprint js’s servers, sites fall back on using the fingerprint.js library, which again Brave provides extremely strong protections against (as the fingerprint.js product conceeds).