Image: Brave

The Brave browser is working on a feature that will randomize its "fingerprint" every time a user visits a website in an attempt to preserve the user's privacy.

Brave's decision comes as online advertisers and analytics firms are moving away from tracking users via cookies to using fingerprints.

This shift began last year, in May 2019, after Google announced plans to block third-party tracking cookies.

Throughout 2019, advertisers and analytics providers have begun adapting to this upcoming change, that came with the release of Chrome 80, in February 2020.

Nowadays, most advertising and analytics firms are relying on "user fingerprints" as their primary method of tracking users across the web.

What are user fingerprints?

For non-technical users or readers who are not familiar with the term, user fingerprints are a collection of technical details about a user and their browser. They include a large spectrum of data, such as platform details and Web API measurements.

Platform details include data points such as the operating system details, browser type & version, hardware rig specifications, a list of installed fonts, details about the size & resolution, and more.

Web API measurements include the results of scripts that advertisers or analytics firms secretly run on a user's browser. For example, they can measure how a browser renders various elements via canvas drawing, via WebGL, how quick a browser generates sound via the Audio API, and more.

All of these API operations, while the same, are rendered slightly different for each user, based on the capabilities of their browser and hardware platform.

A user "fingerprint" is the result of combining a user's platform details and Web API measurements. The more data points an advertiser has, the more accurate the fingerprint is, and the better it can track the user as it moves across the web.

Randomizing fingerprinting values is the best approach

Over the past few years, browser makers have realized that there will be a shift in user tracking towards fingerprints.

Firefox was the first major browser to address this rising problem by adding an anti-fingerprinting setting to its browser that lets users block attempts to fingerprint their browser. Apple followed suit a few months later when it deployed a different approach, be making Safari return identical values for some fingerprinting data points, such as fonts.

"The unfortunate truth about all these approaches is that, despite being well-intentioned, none of them are very effective in preventing fingerprinting," the Brave team said in a blog post last week.

"The enormous diversity of fingerprinting surface in modern browsers makes these 'block', 'lie' or 'permission' approaches somewhere between insufficient and useless, unfortunately," they added.

"Brave's new approach aims to make every browser look completely unique, both between websites and between browsing sessions," Brave developers said.

"By making your browser constantly appear different when browsing, websites are unable to link your browsing behavior, and are thus unable to track you on the Web."

Currently in testing

The feature is currently active in Brave Nightly versions and is scheduled for a broader release later this year.

Technical details about how the fingerprint randomization feature will work are available here. A demo site to test how the feature works in Brave Nightly and other browsers is available here.

This is the second major privacy-preserving feature that Brave announced during the past month. The Brave team also announced plans to roll out a system that hides privacy-harming page elements for websites rendered inside Brave. Engineers said this system will help the browser block third-party ads that cannot be blocked at the network layer.

While released a while back, the Brave browser has currently found an identity by positioning itself as one of the most private browsers on the market. A study published last month confirmed the Brave team's efforts when it named Brave as the Browser with the fewest phone-home connections to its backend infrastructure.