search

brave / brave-browser

Brave browser for Android, iOS, Linux, macOS, Windows.
https://brave.com
Mozilla Public License 2.0
17.52k stars 2.27k forks source link

Aggressive fingerprinting mode removal #31229

Closed arthuredelstein closed 10 months ago

arthuredelstein commented 1 year ago

We are considering removing aggressive fingerprinting mode, to reduce unneeded complexity in browser code and in the UI. To do this, we would need to work out which protections from aggressive mode to drop, and which ones to fold into default fingerprinting mode. Current protections in aggressive mode include:

davidcollini commented 11 months ago

It would be nice to have Dark Mode protection as an option in the shields settings

davidcollini commented 11 months ago

What's the plan for the other settings? Is there no possibility that we can keep them in default mode, but disable them for sites that break?

Also it doesn't seem like User Agent farbling should break that many sites for a regular user

davidcollini commented 10 months ago

I can't wait for the blog post to see how these are resolved, I'm quite curious

stephendonner commented 10 months ago

Hi @arthuredelstein ! Mind adding a testplan here, when you get a chance? Thanks! Adding QA/Blocked and QA/Test-Plan-Required just until we've got that, and then we'll be fully unblocked 👍

stephendonner commented 9 months ago

Verification PASSED using

Brave | 1.62.73 Chromium: 119.0.6045.163 (Official Build) nightly (x86_64)
-- | --
Revision | 522e9147d931744b1641084046c197caf7b341f0
OS | macOS Version 11.7.10 (Build 20G1427)

New Defaults - PASSED

`brave://settings/Shields` | `Shields'` `Advanced Controls` --------------------------|------------------------------- Screen Shot 2023-11-22 at 11 11 28 AM | Screen Shot 2023-11-22 at 11 12 02 AM

https://dev-pages.bravesoftware.com/fingerprinting/strict-mode.html - PASSED

### Steps: 1. installed both `1.60.118` and `1.62.73` 2. launched Brave (`release`) 3. ran the tests on https://dev-pages.bravesoftware.com/fingerprinting/strict-mode.html and https://dev-pages.brave.software/fingerprinting/strict-mode.html by clicking `Generate Values` 4. noted the results 5. compared `1.60.118` to `1.62.73` ### Confirmed identical results for the farbled values shown (values are the same for each version, not between versions, to be clear) ### `1.60.118` example | example ---------|--------- Screen Shot 2023-11-22 at 11 17 10 AM | Screen Shot 2023-11-22 at 11 17 17 AM ### `1.62.73` example | example ---------|--------- Screen Shot 2023-11-22 at 11 18 51 AM | Screen Shot 2023-11-22 at 11 19 07 AM

Upgrades from 1.60.x - PASSED

### Shared Steps: 1. installed `1.60.118` 7. launched Brave (`release`) 8. opened `brave://settings/shields` 9. ensured `Block fingerprinting` value was set appropriately for each `Standard`, `Disabled`, and `Strict` case 10. shut down Brave 11. installed `1.62.59` 12. renamed `Brave-Browser` user profile --> `Brave-Browser-Nightly` 13. launched Brave (`nightly`) 14. set `brave://flags/#brave-show-strict-fingerprinting-mode` to `Disabled` 15. click `Relaunch` 16. opened `brave://settings/shields` `brave://flags` | `brave://version` ---------------|----------------- Screen Shot 2023-11-22 at 11 07 01 AM | Screen Shot 2023-11-22 at 11 13 11 AM `Block fingerprinting` - `Strict, may break sites` - `PASSED` `1.60.118` | `1.62.73` ---------|--------- Screenshot 2023-11-16 at 2 07 34 PM | Screen Shot 2023-11-22 at 11 11 28 AM `Block fingerprinting` - `Standard` - `PASSED` `1.60.118` | `1.62.73` ---------|--------- Screenshot 2023-11-16 at 1 48 59 PM | Screen Shot 2023-11-22 at 11 11 28 AM `Block fingerprinting` - `Disabled` - `PASSED` `1.60.118` | `1.62.73` ---------|--------- Screen Shot 2023-11-22 at 10 47 57 AM | Screen Shot 2023-11-22 at 11 07 10 AM
MadhaviSeelam commented 9 months ago

Verification PASSED using 

Brave | 1.62.105 Chromium: 120.0.6099.71 (Official Build) beta (64-bit)
-- | --
Revision | f72c783bcd52110d026061575b4bef28ccb547f7
OS | Windows 11 Version 22H2 (Build 22621.2715)
  1. Install 1.62.105
  2. launched Brave
  3. opened brave://flags in a new tab
  4. disabled #brave-show-strict-fingerprinting-mode flag
  5. opened brave://settings/shields
  6. navigated to brave.com site and clicked on Shields

Confirmed Block fingerprinting toggle is enabled as a default

Confirmed Block fingerprinting toggle is enabled as a default in Per site Shields setting

step 4 step 5 step 6
image image image

https://dev-pages.bravesoftware.com/fingerprinting/strict-mode.html - PASSED

### Steps: 1. installed both `1.61.101` and `1.62.105` 2. launched Brave (`release`) 3. ran the tests on https://dev-pages.bravesoftware.com/fingerprinting/strict-mode.html and https://dev-pages.brave.software/fingerprinting/strict-mode.html by clicking `Generate Values` 4. noted the results 5. compared `1.61.101` to `1.62.105` #### Confirmed identical results for the farbled values shown (values are the same for each version, not between versions, to be clear) #### `1.62.105` example | example ---------|--------- image|image #### `1.61.101` example | example ---------|--------- image|image

Upgrades from 1.61.x - PASSED

### Shared Steps: 1. installed `1.61.101` 7. launched Brave (`release`) 8. opened `brave://settings/shields` 9. ensured `Block fingerprinting` value was set appropriately for each `Standard`, `Disabled`, and `Strict` case 10. shut down Brave 11. installed `1.62.105` 12. renamed `Brave-Browser` user profile --> `Brave-Browser-Beta` 13. launched Brave (`Beta`) 14. set `brave://flags/#brave-show-strict-fingerprinting-mode` to `Disabled` 15. click `Relaunch` 16. opened `brave://settings/shields` `brave://flags`(default) | `brave://flags` (disabled) | `brave://version` | brave://settings/shields ---------------|-----------------|--------|------- image|image|image|image `Block fingerprinting` - `Strict, may break sites` - `PASSED` `1.61.101` | `1.62.105 (a)`| `1.62.105 (b)`| `1.62.105 (c)`|`1.62.105 (d)` ---------|---------|---------|-------|------ image|image|image|image|image `Block fingerprinting` - `Standard` - `PASSED` `1.61.101` | `1.62.105 (a)`| `1.62.105 (b)`| `1.62.105 (c)`|`1.62.105 (d)` ---------|---------|---------|-------|------ image|image|image|image|image `Block fingerprinting` - `Disabled` - `PASSED` `1.61.101` | `1.62.105 (a)`| `1.62.105 (b)`| `1.62.105 (c)`|`1.62.105 (d)` ---------|---------|---------|-------|------ image|image|image|image|image
btlechowski commented 8 months ago

Verified with

Brave 1.62.122 Chromium: 120.0.6099.144 (Official Build) beta (64-bit)
Revision cfddebe77d394064c472fda64afcd9fbed34ceb4
OS Linux

New Defaults - PASSED

`brave://settings/Shields` | `Shields'` `Advanced Controls` --------------------------|------------------------------- ![image](https://github.com/brave/brave-browser/assets/34715963/c5cdc3b4-e800-46f6-95c6-862575a80362)|![image](https://github.com/brave/brave-browser/assets/34715963/4ea2deec-6729-44fa-b458-e26e1660911d)

https://dev-pages.bravesoftware.com/fingerprinting/strict-mode.html - PASSED

### Steps: 1. installed both `1.61.x` and `1.62.x` 2. launched Brave (`release`) 3. ran the tests on https://dev-pages.bravesoftware.com/fingerprinting/strict-mode.html and https://dev-pages.brave.software/fingerprinting/strict-mode.html by clicking `Generate Values` 4. noted the results 5. compared `1.61.x` to `1.62.x` ### Confirmed identical results for the farbled values shown (values are the same for each version, not between versions, to be clear) ### `1.61.x` example | example ---------|--------- ![image](https://github.com/brave/brave-browser/assets/34715963/00a765a3-d697-4c09-93b8-4e981c033bf9)|![image](https://github.com/brave/brave-browser/assets/34715963/ac6cdab6-e773-44d1-ae89-0a4cb0c5bb78) ### `1.62.x` example | example ---------|--------- ![image](https://github.com/brave/brave-browser/assets/34715963/e481f60d-6efb-4132-9709-555f27e0bda0)|![image](https://github.com/brave/brave-browser/assets/34715963/47d939ae-f047-4488-8d89-430d8695d048)

Upgrades from 1.61.x - PASSED

### Shared Steps: 1. installed `1.61.x` 7. launched Brave (`release`) 8. opened `brave://settings/shields` 9. ensured `Block fingerprinting` value was set appropriately for each `Standard`, `Disabled`, and `Strict` case 10. shut down Brave 11. installed `1.62.x` 12. renamed `Brave-Browser` user profile --> `Brave-Browser-Beta` 13. launched Brave (`beta`) 14. set `brave://flags/#brave-show-strict-fingerprinting-mode` to `Disabled` 15. click `Relaunch` 16. opened `brave://settings/shields` `Block fingerprinting` - `Strict, may break sites` - `PASSED` `1.61.x` | `1.62.x` ---------|--------- ![image](https://github.com/brave/brave-browser/assets/34715963/7f44e5a7-7307-47ba-8043-0f180a8844c0)|![image](https://github.com/brave/brave-browser/assets/34715963/f1867bad-3562-4717-a48d-5efbd219c44f) `Block fingerprinting` - `Standard` - `PASSED` `1.61.x` | `1.62.x` ---------|--------- ![image](https://github.com/brave/brave-browser/assets/34715963/d1f2e487-c638-44fe-b193-aef8ff3cc8d5)|![image](https://github.com/brave/brave-browser/assets/34715963/116682fb-7c88-44b8-ba2c-8687f215d71b) `Block fingerprinting` - `Disabled` - `PASSED` `1.61.x` | `1.62.x` ---------|--------- ![image](https://github.com/brave/brave-browser/assets/34715963/9d69d76b-4315-4ecf-bbf5-64be6a53487d)|![image](https://github.com/brave/brave-browser/assets/34715963/3401135c-c048-4264-a40b-3a8282079dd5)
GeetaSarvadnya commented 8 months ago

Verification PASSED on Vivo X70 Pro version 12 running Bravemonoarm64.apk_1.62.121

  1. Install 1.62.x
  2. launched Brave
  3. opened brave://flags in a new tab
  4. disabled #brave-show-strict-fingerprinting-mode flag
  5. opened brave://settings/shields
  6. navigated to brave.com site and clicked on Shields

Confirmed Block fingerprinting toggle is enabled as a default

Confirmed Block fingerprinting toggle is enabled as a default in Per site Shields setting

step 4 step 5 step 6
Screenshot_20231228_212920 Screenshot_20231228_210805 Screenshot_20231228_210848

https://dev-pages.bravesoftware.com/fingerprinting/strict-mode.html - PASSED

### Steps: 1. installed both `1.61.x` and `1.62.x` 2. launched Brave (`release`) 3. ran the tests on https://dev-pages.bravesoftware.com/fingerprinting/strict-mode.html and https://dev-pages.brave.software/fingerprinting/strict-mode.html by clicking `Generate Values` 4. noted the results 5. compared `1.61.x` to `1.62.x` #### Confirmed identical results for the farbled values shown (values are the same for each version, not between versions, to be clear) #### `1.62.x` example | example ---------|--------- ![Screenshot_20231228_211812](https://github.com/brave/brave-browser/assets/38657976/05d6177a-6d05-4cf4-8d8a-d65e607313a5) | ![Screenshot_20231228_211907](https://github.com/brave/brave-browser/assets/38657976/0b9e6b14-0a7e-4614-9e31-d2d9162d9c2e) #### `1.61.x` example | example ---------|--------- ![Screenshot_20231228_212005](https://github.com/brave/brave-browser/assets/38657976/cef334d3-5c2f-4146-9041-bdb29af738b1) | ![Screenshot_20231228_212028](https://github.com/brave/brave-browser/assets/38657976/3aa14017-7b5b-4302-b629-fea5d30a625b)

Upgrades from 1.61.x - PASSED

### Shared Steps: 1. installed `1.61.x` 7. launched Brave (`release`) 8. opened `brave://settings/shields` 9. ensured `Block fingerprinting` value was set appropriately for each `Standard`, `Disabled`, and `Strict` case 10. shut down Brave 11. installed `1.62.x` 12. renamed `Brave-Browser` user profile --> `Brave-Browser-Beta` 13. launched Brave (`Beta`) 14. set `brave://flags/#brave-show-strict-fingerprinting-mode` to `Disabled` 15. click `Relaunch` 16. opened `brave://settings/shields` `Block fingerprinting` - `Strict, may break sites` - `PASSED` `1.61.x` | `1.62.x (a)`| `1.62.x (b)`| `1.62.x (c)`|`1.62.x (d)` ---------|---------|---------|-------|------ ![Screenshot_20231228_212716](https://github.com/brave/brave-browser/assets/38657976/6c34d339-1dc8-41a3-9a7e-7aaf06ce68d7) | ![Screenshot_20231228_212848](https://github.com/brave/brave-browser/assets/38657976/83ab9a5f-99a2-4d1c-9f61-2daaceb893ee) | ![Screenshot_20231228_212920](https://github.com/brave/brave-browser/assets/38657976/35cd82d9-eed1-415b-bb0d-9d839f6402e6) | ![Screenshot_20231228_212933](https://github.com/brave/brave-browser/assets/38657976/da81a02a-fd4e-468f-881f-ab3ffdfbd44b) | ![Screenshot_20231228_213008](https://github.com/brave/brave-browser/assets/38657976/c8e15250-df62-4884-99de-813c818192e4) `Block fingerprinting` - `Standard` - `PASSED` `1.61.101` | `1.62.105 (a)`| `1.62.105 (b)`| `1.62.105 (c)`|`1.62.105 (d)` ---------|---------|---------|-------|------ ![Screenshot_20231228_213059](https://github.com/brave/brave-browser/assets/38657976/0a07c545-e124-4a90-bfcf-0d9639fb3f5b) | ![Screenshot_20231228_213133](https://github.com/brave/brave-browser/assets/38657976/e547d4a0-bf3b-46b1-9f69-339a2fe52f4e) | ![Screenshot_20231228_213159](https://github.com/brave/brave-browser/assets/38657976/764cb7e7-c299-49bd-81b6-1a45acb6c1eb) | ![Screenshot_20231228_213218](https://github.com/brave/brave-browser/assets/38657976/35781db4-d32b-401a-94b0-79a217237976) | ![Screenshot_20231228_213233](https://github.com/brave/brave-browser/assets/38657976/0964e2cc-dd27-46e4-b649-487123b16d20) `Block fingerprinting` - `Disabled` - `PASSED` `1.61.101` | `1.62.105 (a)`| `1.62.105 (b)`| `1.62.105 (c)`|`1.62.105 (d)` ---------|---------|---------|-------|------ ![Screenshot_20231228_213321](https://github.com/brave/brave-browser/assets/38657976/4aae30ef-1582-4065-921b-f464f275576f) | ![Screenshot_20231228_213358](https://github.com/brave/brave-browser/assets/38657976/bf6caae8-e5ad-40a2-ba23-446952171d6a) | ![Screenshot_20231228_213421](https://github.com/brave/brave-browser/assets/38657976/f796ead3-6004-442e-968c-4057b3f4aee8) | ![Screenshot_20231228_213508](https://github.com/brave/brave-browser/assets/38657976/f5cbba92-ceb3-4d3e-a669-aae6450cf106) | ![Screenshot_20231228_213526](https://github.com/brave/brave-browser/assets/38657976/2a6b493e-af39-4f13-852f-7b2b7dfe4da4)
Uni-verse commented 7 months ago

Verified on Samsung Galaxy Tab S7 using version: 

Brave   1.62.147 Chromium: 120.0.6099.234 (Official Build) (32-bit) 
Revision    3b25c3743150a54485dea24f0ceb1e69d6db51bc
OS  Android 13; Build/TP1A.220624.014; 33; REL
  1. Install 1.62.x
  2. Launched Brave
  3. Disabled #brave-show-strict-fingerprinting-mode flag in Brave://flags
  4. Open Brave Shields & privacy settings
  5. Navigate to any URL, open Shields panel

Feature Flag

Example Example Example
Screenshot 2024-01-19 at 6 15 39 PM Screenshot 2024-01-19 at 6 16 52 PM Screenshot 2024-01-19 at 6 18 30 PM

Farbling Test

First Test After restart
Screenshot 2024-01-19 at 6 31 45 PM Screenshot 2024-01-19 at 6 32 37 PM
Screenshot 2024-01-19 at 6 31 59 PM Screenshot 2024-01-19 at 6 32 25 PM

Upgraded Profile - Standard Mode

1.61.x Set Flag - 1.62.x Flag set - 1.62.x 1.62.x
Screenshot 2024-01-24 at 4 01 08 PM Screenshot 2024-01-24 at 4 03 11 PM Screenshot 2024-01-24 at 4 03 23 PM Screenshot 2024-01-24 at 4 03 38 PM

Upgraded Profile - Strict Mode

Example Example Example Example
Screenshot 2024-01-24 at 4 08 22 PM Screenshot 2024-01-24 at 4 11 32 PM Screenshot 2024-01-24 at 4 11 46 PM Screenshot 2024-01-24 at 4 12 11 PM

Upgraded Profile - Disabled

Example Example Example Example
Screenshot 2024-01-24 at 4 19 32 PM Screenshot 2024-01-24 at 4 16 28 PM Screenshot 2024-01-24 at 4 16 46 PM Screenshot 2024-01-24 at 4 16 56 PM
BenjaminAster commented 7 months ago

@arthuredelstein Note that without aggressive fingerprinting protection, UNMASKED_RENDERER_WEBGL and UNMASKED_VENDOR_WEBGL from the WebGL WEBGL_debug_renderer_info extension will always return the true GPU info with no option to enable randomization of these values (see #10214). This is a pretty high-entropy source of fingerprintable information—shouldn't the current aggressive behavior (replacing the values with random gibberish) be folded into default fingerprinting mode? The entire canvas farbling is much less effective if websites can read the GPU type anyway.

davidcollini commented 7 months ago

@arthuredelstein Note that without aggressive fingerprinting protection, UNMASKED_RENDERER_WEBGL and UNMASKED_VENDOR_WEBGL from the WebGL WEBGL_debug_renderer_info extension will always return the true GPU info with no option to enable randomization of these values (see #10214). This is a pretty high-entropy source of fingerprintable information—shouldn't the current aggressive behavior (replacing the values with random gibberish) be folded into default fingerprinting mode? The entire canvas farbling is much less effective if websites can read the GPU type anyway.

If it's not put into default protections, this could potentially be a permission prompt that asks users if they want to let the website read their GPU info

arthuredelstein commented 7 months ago

@BenjaminAster @davidcollini Thank you for these comments. We definitely want to have GPU protections in standard mode.

BenjaminAster commented 7 months ago

@arthuredelstein Thanks for the quick response! While I'm at it, I just opened https://github.com/brave/brave-browser/issues/35646 where I have even more suggestions about anti-fingerprinting measures that I think Brave could still take.

arthuredelstein commented 7 months ago

Thank you @BenjaminAster !