PrivacyTests.org comparison: improve brave performance

[pachainti]

Hi,
I found this interesting comparison. Brave already performs quite well, there is room for improvement in the test especially (state partitioning, https, fingerprint)?
Thank you

Edit: https://brave.com/privacy-updates/14-partitioning-network-state/

[pachainti]

Great, now brave fulfils almost all points in all categories.
Still needs to improve in the HTTPS test and Fingerprinting resistance tests sections.
What about providing HTTPS only mode?
With regard to fingerprinting System font detection is supported by several browsers and brave could also do it.

[pachainti]

A very interesting article on fingerprinting Why browser anti-fingerprinting techniques are not effective. It analyses uniformity and randomization approaches. Regarding brave it states that:

Interestingly, however, this wiki page is currently not fully up-to-date as WebRTC has dedicated settings. Instead, the Client Hints JavaScript API’s getHighEntropyValues method returns accurate information, and the Battery Status API returns fixed values in all cases.

More importantly, the algorithms for randomization are prone to several errors:

Websites can detect artificial randomization by calling the affected APIs twice, finding anomalies in the randomized data, or simply assuming that values are randomized by identifying the browser. Websites can afterward either ignore these values or process them in a way that aids fingerprinting.
The original entropy from the raw source data still exists, and implementations adding additional randomness to the underlying data might be reversible in practice.
When other potentially indirect methods exist of learning about the raw source data, the original entropy can still be used without using one of the obvious ways to serialize the original data.

I think Brave should do something to improve the current situation.
Thank you

[pes10k]

Thank you for the report @pachainti , though Im going to close this out as a duplicate. We have shipped several additional fingeprinting protections since your report (for example screen attributes) and have some additional ones in the pipeline. We've also fixed the getHighEntropyValues issue reported. If there are specific items from privacytests.org you think should be fixed, please check for and file bugs against those though, that'd be greatly appreciated.