from the be-brave-and-strong dept.
Brave has further strengthened its fingerprinting protections by preventing users from being identified based on preferred browser language. Starting with version 1.39, Brave randomizes how your browser informs sites of what language(s) you've set as default, and what fonts you have installed on your system. This expands Brave's existing fingerprinting protections, already the strongest of any popular browser.
When you visit a website, your browser needs to tell that site your default language(s). This helps the site present content in a language you can understand. Browsers do this both explicitly (for example, with the Accept-Language header, and the navigator.language and navigator.languages Web APIs) and implicitly (for example with the fonts you have installed on your system).
However, as with so much online, features meant to improve your experience often just expose you to more risk. In this case, trackers can use your language preferences (both implicit and explicit) to fingerprint you, identifying you across sites and browsing sessions.
Brave's unique "farbling" features already provide the best fingerprinting protections of any popular browser. These add small amounts of randomization into identifying browser features—enough to confuse and defeat trackers, but not so much that they break sites. With this latest release, Brave has expanded "farbling" protections to language preferences, too.
[...] With these new protections against browser-language fingerprinting, Brave now reduces and randomizes the information available in these APIs. And we've incorporated these as default protections, via Brave Shields.
By default, Brave will only report your most preferred language. So, if your language preferences are "English (United States)" first, and Korean second, the browser will only report "en-US,en."1 Brave will also randomize the reported weight (i.e., "q") within a certain range.
Currently Brave applies font fingerprinting protections on Android, macOS, and Windows versions. Brave does not apply these protections to iOS versions for two reasons: platform restrictions prevent us from doing so; and WKWebView already includes similar, although not quite as strong, protections3. Brave does not apply these protections on Linux because of difficulties in determining which fonts are "OS fonts" for each distro.
Total Cookie Protection
Starting today, Firefox is rolling out Total Cookie Protection by default to all Firefox users worldwide [...]. Total Cookie Protection is Firefox's strongest privacy protection to date, confining cookies to the site where they were created, thus preventing tracking companies from using these cookies to track your browsing from site to site.
[...] Total Cookie Protection works by creating a separate "cookie jar" for each website you visit. Instead of allowing trackers to link up your behavior on multiple sites, they just get to see behavior on individual sites. Any time a website, or third-party content embedded in a website, deposits a cookie in your browser, that cookie is confined to the cookie jar assigned to only that website. No other websites can reach into the cookie jars that don't belong to them and find out what the other websites' cookies know about you [...].
I wonder if "farbling" and "Total Cookie Protection" will also become identifying features...?