Hacker News new | past | comments | ask | show | jobs | submit login

The way Brave is doing it currently though makes it look worse than snake oil. Why would they advertise a fingerprinting if it actually makes your fingerprint more unique? Why would they advertise Tor although using it inside Brave makes you instantly unique???

If this wasn't the case I'd not have a problem with it. This way it just seems like a huge scam (which considering you can just use Firefox with some add-ons it probably is Mr. Brendan Eich)




I think you wholly misunderstand that the fingerprint is randomized on every restart of the browser.

That is so much noise that it renders fingerprinting as a strategy utterly useless.


You are aware being based on Chromium means you cannot fake many vectors? Even Tor browser isn't able to spoof e everything Chromium hardly can spoof 1% of what Tor/Firefox can.

You will maybe have a randomized fingerprint but it doesn't matter if 99% of other fingerprinting vectors are Stoll left open.

Just look at their github. They have fingerprinting bugs that are beyond uniquely identifying (fonts best example) which are open since years. It isn't solvable through Chromium which all of Brave knows yet they market this.


Chromium is just C++ and it can be hacked. The claim that something "isn't solvable through Chromium" shows magical thinking.

If a vector can be randomized or otherwise arms-raced vs. the remote adversary via C++, then "Chromium" is not an obstacle for Brave. Consider the case of extensions, where your point would have been valid if you'd written "Chromium extensions".

Fingerprinting can be done many ways, but most are not economic: they cost too much for the too few bits they get from the target browser. The common methods, notably fingerprint2.js, use APIs that we at Brave, along with Apple and others in the W3C Privacy CG, are taking on.

ICYMI, https://brave.com/whats-brave-done-for-my-privacy-lately-epi....


Again. If it's so easy to modify Chromium code to hide for example fonts and window decoration and css leakers why didn't you do it yet? The bugs are open since at least 3 years.

I mean benefit of doubt is one thing but you claim it can be done while it's hard to read it out with JS (which it isn't it's a ten line script to identify all of those vectors). But the cpp code that requires thousands of lines of edits is easy?


Please can you then explain why the font fingerprinting bug and window decoration/css leak hasn't been addressed since the last 3/4 years since it has been recognized by your devs as a issue?

That Chinese girl (sorry don't know your name) explicitly said it's too hard years ago but 4 years later you sat it's possible yet the bug is still left open?


Brave is a really tough sell on mobile. It doesn't have mobile extension support like Kiwi and Firefox on Android, or a horizontal tab switcher like Bromite. On top of that, the adblocker is worse than uBO and there's this shady cryptocurrency stuff.


Most people don't restart their browsers as often as you might think (the modern trend is very much away from desktops). Especially on mobile, where things stick around in the background without your knowledge.


You can very easily hook into open/close events on any mobile OS – the concept of actually "restarting" the browser doesn't need to come into it.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: