Hi, so I’m trying to understand and reduce fingerprinting to the maximum. After testing on several website I realized that there was lot of fingerprint vulnerabilities left by Brave, which are:
User agent (0.08%): Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/141.0.0.0 Safari/537.36
Which are all erroneous informations but I’m trying to understand if it’s brave spoofing those, in which case why is not using a more common user agent similarity?
Content Language (0.5%): en-US,en;q=0.6
I do not understand how US english setting can have a very low similarity ratio amongst internet user esp using fingerprinting website which I’m pretty sure are mostly located in the US.
Canvas (0%)
So Brave is supposed to protect about Canvas fingerprinting but obviously this is not working
Web GL Data (0%), WebGL Vendor (2.8%), WebGL Renderer (0.1%) and WebGL Extension (1.5%)
I’m not even sure WebGL is that useful and I almost never use 3D in the browser?
Battery (0.3%)
Brave block access to the battery API by default, but I’m pretty sure there’s more than 0.3% of ppl using brave and/or browser that block it’s access. Obviously this is not working to prevent fingerprinting so it’d be great if Brave was spoofing those infos instead.
So honestly I also don’t have a lot of understanding of Fingerprinting either… I would love to have someone sit down with me and go through it (I was just pointing out that this forum isn’t exactly for a full on educational experience), are there are some that have helped me personally, but anyway some other things that I’ve recently used to also help myself as well, are some things outside of Brave, such as:
&
EDIT: Derp, that’s where you got yours stats isn’t it? …sorry at time of posting this I’m a little dazed / didn’t sleep well…
After the tests there is some explanations, seeing the Results on EFF CYT and hovering over the [i] on AIU? & also…
@Ugle there is a lot to be said on fingerprinting. Let me try to clear up one thing that you seem to be misunderstanding, which is something I also struggled to comprehend at one point.
Random fingerprinting tests that claim to show how unique you are do not provide a reliable measure of real fingerprint protection. Brave changes certain values each session, so details like reported screen size or available fonts shift over time. A test may flag you as unique, but that does not mean the information is stable enough to track or effectively fingerprint you.
It also matters what the test is comparing you against. Based on the results you posted, it looks like you were using https://amiunique.org/fingerprint. That site compares you only to people who have used their tool, not to the full population of browser users. Their database includes outdated browsers, uncommon setups, and other edge cases. Because of that, some of the similarity scores can appear unusually small, for example the user agent match you noticed.
Their content language section is simply showing the exact language preferences your browser reports. In your case, that corresponds to English (United States) as the primary option and General English as a lower priority option. Other users may have English GB, English IN, Spanish, or any number of combinations. These differences end up looking like unique traits in the test, even though they offer very little value for actual tracking.
-NOTE-
WebGL reflects your graphics capabilities, and this is one area that does not get randomized. If graphics acceleration is enabled, WebGL will disclose the specific graphics card you are using. This is necessary for proper compatibility with many sites and applications. If you disable graphics acceleration, the browser will report a much more generic result instead.
@Ugle and @User.1.000.000.000 I’d like to make a suggestion to you both, as it’s what I had to do before some of these things began to make sense. Use fingerprint tests like https://browserleaks.com/ and save results by “printing” as a PDF or copying results.
Do this like once a day or even once a week. Then compare them side by side. You’ll see some information stayed the same, but others changed in different ways. In cases of information that stays the same, it’s in part due to research that has shown that producing an odd or inconsistent fingerprint may itself stand out. So they opt into some things “blending in” rather than you being the “oddball” and standing out.
This is what it does as we go from website to websites, or visit in different days. It’s enough differences where they can’t say for sure it is us and have a harder time tracking. Whereas people without the protection will maintain the same exact setup everywhere they go and are easily identifiable.
Important Detail:
Fingerprint protection is not meant to prevent a website from knowing we are returning to them. So when anything tries to say “we recognize you, you’ve been here before!” that’s not a big deal. There’s no privacy violation or anything on that. If you think it through, why would anyone need to appear to be someone different every time you visit the same website?
Fingerprint protection is more about tracking activity everywhere on the internet. So ABC doesn’t know you went to XYZ.
And just so you know, the ones who do try to talk about recognizing you when you return often are just because they are relying on your IP address, browser used, time zone, and cookies that were stored in your prior visits. Of those it’s the cookies and IP address that are the big things that explicitly reveal who you are and that you have returned.
“If you disable graphics acceleration, the browser will report a much more generic result instead.”
Based on how some websites (that require WebGL) react (esp. where / when I have tried to sign on), I have found:
a) Graphics Acceleration ON, also means that WebGL is ON
b) Graphics Acceleration OFF, also means that WebGL is OFF
But now, based upon what you wrote, and switch setting (b), possibly websites are led to “think” or websites conclude that WebGL is OFF . . . when WebGL is actually ON ← but websites cannot see that?
@289wk yeah, I phrased is as I did due to brain fog. But to show examples.
Graphics Acceleration off:
Shows the browser default where it’s rendered with the software renderer. Same as it would on Chrome and all, so it’s kind of more “generic.” It’s run with Swiftshader
This is the Web Graphics Library. When we have Graphics Acceleration (what used to be Hardware Acceleration) disabled, it default to software rendering. This often is a “rasterizer” like Swiftshader, which relies on the CPU. It often is slower and not as good.
When it’s enabled, it will use the GPU for better performance.
Many websites simply check whether they can create a WebGL rendering context. When hardware acceleration is off, the browser may still offer WebGL through software rendering, but in many cases websites cannot tell the difference.
Overall the browser decides whether to show WebGL as available. To my knowledge, Brave generally will always show it, but between Swiftshader or our GPU based on the settings.
Hope @Ugle isn’t missing this, thanks for the further information friends
(Please don’t lock it anyone if they don’t respond, this is a helpful ongoing discussion… not sure how much longer it will go on for, but anyway this is good stuff haha)
Yeah, I am stuck with mostly old gear; only exception is a 2020 Intel MacBook Pro that is not my current, primary workhorse.
From your screenshots above, I thought you were using ‘https://browserleaks.com/webgl’ but I have not been seeing “close enough” to what your screenshots reveal . . . until, again (amazement/revelation/duh): I disabled site specific Fingerprint Protection. (Graphics Acceleration is ON.)
@289wk remember how they shifted away from strict fingerprinting? Does yours still have it? Or did you happen to enable it via brave://flags?
Actually, that might not matter. Especially looking at yours again. But you see how your Unmasked Renderer shows Swiftshader and ANGLE? As I’m seeing all of that, I would say you have your Graphics Acceleration (Hardware Acceleration) disabled. Is that the case?
In regard to my questioning about strict fingerprinting, there’s still a flag for it. If I enable it, then it does stop more.
But they removed that by default. So without Strict Fingerprinting enabled via flags, it’s like I showed earlier. If Graphics Acceleration is off then it’s something like you showed in your last screenshot. And if it’s on, then it reveals my GPU
@289wk I find this interesting but would need someone more knowledgeable to verify. The text below is courtesy of ChatGPT 5.1:
macOS: WebGL is tied directly to Metal through ANGLE
On macOS, Chrome and Brave do not use Vulkan or OpenGL directly. They route WebGL through ANGLE, which then talks to Metal. macOS aggressively sandboxes and abstracts the GPU.
When Brave fingerprint protection is enabled on macOS, the browser often switches to a software renderer or blocks certain GPU queries entirely. Because Metal does not expose low level identifiers in the same way as Windows DirectX, the safest fallback is to disable GPU WebGL.
So Brave on macOS often produces this result:
WEBGL_debug_renderer_info is removed completely
WebGL initialization may fall back to SwiftShader
Some sites think WebGL is unavailable
This is Brave choosing the strictest privacy behavior because the OS gives it fewer safe ways to mask the GPU.
the Community Ninja King of this Forum!
few minutes difference