This feature has been available on Brave for quite a while now. Pretty neat feature tbh. Firefox’s fingerprint resist (+arkenfox user.js) works but it still shows nearly-unique fingerprint.
Does it protect against CSS fingerprinting?
I didn’t think there was any non-destructive way to fully prevent fingerprinting, which they probably don’t want to include in the mainline version. Tor Browser project has the same philosophy, they don’t include mitigation that breaks the rendering of websites.
I see. But enabling it doesn’t break any website on brave though.
I think it is ultimately a difference in philosophy. Implementing fingerprint randomization in Firefox would go against their chosen defense strategy of hardening. However, both Brave and Firefox aren’t really meant to stop fingerprinting completely. If that’s within your threat model, then you should be using Tor anyway. Nate and Henry briefly touched on this in the latest Surveillance Report.
But does it really do anything, or is it just snake oil?
I could be wrong on this, but I think for it to give any meaning full protection against fingerprinting you would need to use NoScript, like the Tor browser. But even if you disable JS, there is no protection against CCS fingerprinting, not unless you are willing to completely break rendering on most modern websites.
If anyone is interested, the discussion starts at 1:06:45
I thought the point of this feature was to give you a nearly-unique, but different, fingerprint every time you start up. Since it changes every time it doesn’t matter how unique it is.
Did I misunderstand how this functions?
Fingerprinting websites are unreliable for testing fingerprint of a specific browser.