Brave Browser 1.62: strict fingerprinting protection and HTTPS Everywhere changes
Brave Software released a new stable version of Brave Browser earlier today. Brave Browser 1.62 is a feature and security update for the Chromium-based web browser.
The update is available already and should be installed on most systems automatically. Brave Browser users on desktop may select Menu > Help > About Brave to check the current version and install the update immediately.
Brave should display the version 1.62.153 after the update on desktop devices.
Brave Browser 1.62
Brave Browser includes several changes that the company announced previously.
Earlier this week, we reported that Brave Software made the decision to remove the strict fingerprinting protection from the browser. The company said the opt-in feature caused web incompatibilities regularly and that it would bind development resources because of that.
Brave Browser continues to protect against fingerprinting, albeit not as aggressively as before.
The official changelog confirms the removal of "aggressive fingerprinting". Brave 1.62 on my test system still had the strict option, however. It is possible that Brave added the removal of the feature prematurely to the changelog and that it will be removed from stable versions of the browser in the near future.
Brave Browser 1.62 ditches HTTPS Everywhere as well. More precisely, it stops using the HTTPS Everywhere list. This list provided information about HTTP to HTTPS upgrades.
The EFF stopped supporting HTTPS Everywhere in early 2023. Brave switched to using a "not-compatible" list in the browser in early 2023. The removal should not have consequences for users of the browser.
About 10% of Brave users receive access to a new version of the News feed. The updated version displays a "News" header at the bottom of the new tab page and a preview of a single news article.
A click on News scrolls down to the news section. Brave lists several changes on GitHub. These include that articles are opened in new tabs by default, that users are taken back to the scroll position in the news feed after opening articles, and publisher and channel management improvements.
Brave users who want this right away may load chrome://flags/#brave-news-feed-update and set the experimental flag to Enabled to get the new News feed and layout right away.
Brave's implementation of Tor has a few improvements. First, a new setting to only resolve .onion addresses in Tor windows. This is enabled by default.
Automatic redirects for .onion URLs are also only done in Tor windows now in Brave Browser.
The bulk of the changes in Brave Browser 1.62 are Web3 and AI changes. Brave Leo, the integrated AI that Brave introduced in version 1.60, received several updates.
Notable, the ability to react to page content changes during conversations, the formatting of code responses, and new context indicators. Claude AI, which is also available in Brave, supports Claude Instant now.
Claude Instant is a free but rate-limited version of Claude. Anthropic, creators of Claude, described it as a "lighter, less expensive, and much faster option". Similarly, Mixtral 8x7B is also available as a new free but rate limited option.
Brave Browser 1.62 was updated to the latest Chromium build. This ensures that all recently reported security issues are also fixed in the new browser version.
Now You: have you tried Brave recently? What is your impression?
If rubbish can has a digital identity, that would be brave.
Last time I uninstalled Brave it left behind 3 VPN services that I had to manually remove. I even reinstalled then used Revo Uninstaller and yep, still 3 VPN services left over. Not letting any browser near my PC that pulls that stunt.
They changed the add bookmark function, now the bookmark is automatically added when clicking the add bookmark icon and you have to click two times in order to edit OR remove to get the “remove” button exposed, all these added “just another time mouse click can’t hurt.. eh”
Earlier last year they removed the function to delete each cookie on the brave://settings/content/all page with just one click, now we have to go through every cookie one by one and confirm the deletion.
Sorry, totally wrong, all these incrementally added tiny actions required by the user adds silently to the pile of micro-stressors and in the end unconsciously overwhelms, fatigues and drains people on their mental energy and capacity… this is not a conspiracy theory, but a fact that the global elitists, NGO’s etc are stressing and burning out people with all the artificially manufactured “problems”, among many things through our daily key IT products such as operating systems, browsers, smartphone… and all the “security and bugs” fear mongering (sure some are legitimate though), just like the mainstream media is using psychological warfare against ordinary citizens every day with all the shock and awe being it manufactured economic crisis, climate hysteria, pandemics, social engineering where they polarize and pit people against each other, and ending with all the celebrity scandals as icing on the cake… so why is Brave adding all these added micro-stress features into the browser? The answer is obvious.
These changes originate in Chromium, and are not Brave-specific. Brave tweaks very little in the UI part of the browser, so not really part of their remit. More significant UI tweaks/improvements can only be found in Vivaldi and Opera.
Boy, if only the firefox devs would spend their time fixing the browser rather than attacking brave on ghacks something might actually improve. Sadly they are * to $ and devoid of all virtue. Far as politics are concerned, merit is all that counts, everything else is bullshit.
@Martin Brinkmann
In other news, seems like Nitter is finally dead:
https://github.com/zedeus/nitter/issues/983#issuecomment-1913362376
Sad but true, thought you might appreciate the info.
Oh my, the fanbois are out in force tonight.
Fine, use your cryptoscam-spyware browser, nobody’s stopping you. In the light of their extremely dodgy past, I think using Brave is silly but your priorities are clearly different from mine – and that’s fine. Heck, you may even like being spyed upon and think that imaginary internet money exist. Great, you do exactly as you please.
To me it’s still just a piece of cryptoscam-spyware. And they’re not even good at hiding their intentions.
I’m sure Chromium could be the basis of something truly brilliant – but Brave ain’t it.
Cheers.
Hey Anonymous…you have a lot to say, but why not post your name, what are you afraid of? Back up what you post with a name….no something as ridiculous as Anonymous…
I guess the point is less in the pseudonym — be it ‘Anonymous’ or any other — than in the pseudonym’s specificity (if possible, get your imagination at work) ) and that this pseudonym be always the same.
Problem with ‘Anonymous’ is that, if it does comply to being always the same, it doesn’t comply to being specific :)
Also, even if a user always posts with the same pseudonym, it is always possible that another user will comment with the same pseudonym … willingly or not. Personally, within over 10 years posting here with always the same pseudonym I encountered only 2 comments using the same pseudonym as mine, of which one only was undoubtedly “usurpation”. Side-note : of course a site’s admin can check if the provided email address is conform to the pseudonym when long-term users always post with the same, which clearly would defeat an intruders attempt to “borrow” a well established pseudonym, yet this remains theoretical given the admin would of course keep the conclusions for himself…
Remains IMO that ‘Anonymous’ is bothering because it may lead to confusion, mainly when replying in the context of several comments all headed ‘Anonymous’. I do understand that occasional visitors don’t bother to deliver a specific pseudonym, yet a little effort to bring a clear identification makes it easier for all, especially on heavily commented articles.
Some users choose a pseudonym accordingly to the article’s content, or accordingly to the idea of their comment (i.e.@John Wayne in this very article!). Though the pseudonym is specific we of course have no way to know who is behind, mainly if the commenter is or not a visitor we know with another pseudonym. Some of us have dared to speculate around this, like “Hey, [new pseudo), I know it’s you [old pseudo)”, perhaps by means of style/rhetoric/mistakes analysis and, unless they be pros in that area, are indeed heavily speculating. Lastly, a pro could intentionally adopt another well-known user’s style/rhetoric/mistakes to intoxicate amateur analysts …
At the end, who know what, who knows who, who knows who is who?
Help, LOL!
@CJP
Yeah, because “CJP” is not anonymous at all, everybody knows exactly who you are. You identified yourself on this site with your passport and your banking credentials, as you do on all sites you visit. Because you hate anonymity.
Idiot.
Friend,
I don’t agree with Anonymous either but their opinion is as valid as yours or mine. Their screen name is not relevant. Privacy is important, never try to make people reveal their identity.
@Tony Blair
Well said. Thank you for all that you did for the UK.
What’s the difference between a user with the nickname anonymous and yours with 3 letters and a name that doesn’t say anything?
If an anonymous user goes by the name DMV for example, then only in this case the text of this person will be taken seriously?
Martin… again, you really need to stop.
What is with people like you who are supposed to provide information and research about it, can’t just go to Brave-Core repository, and find the milestone for the RELEASE versions, that will tell you what PRs were merged to X and Y releases?
Right now there is milestone:”1.62.x – Release #2″ but it doesn’t take more than 1 second to remove the ‘#2’ and check all the PRs that were uplifted to 1.62.x release.
Filter by Aggressive, because if you tried to research, you would know the PR wasn’t named strict, but ‘Hide Aggressive Fingerprinting Protection behind a flag’
And done? you can easily see how the PR was merged to Stable so… it is available, but again, since IT WAS HIDDEN IN A FLAG, which anyone can disable or enable, that means the feature will slowly be set to Disable in the DEFAULT option.
You can easily see that if you clicked around the whole thing that started with this: https://github.com/brave/brave-browser/issues/31229
————————–
Quick note: The following basically ensured that Aggressive Fingerprinting is being removed via BraveAggressiveModeRetirementExperiment.
————————–
Yeah, a variation. Now go to brave://version and search “aggressive” again and you will find BraveAggressiveModeRetirementExperiment either :Disabled or :Enabled.
Again… how hard is that to know?
You can even see how the variations are set by Brave in https://github.com/brave/brave-variations/blob/main/seed/seed.json and you can find the BraveAggressiveModeRetirementExperiment there.
and you will find
————————————-
{
“experiments”: [
{
“feature_association”: {
“disable_feature”: [
“BraveShowStrictFingerprintingMode”
]
},
“name”: “Disabled”,
“probability_weight”: 100
},
{
“name”: “Default”,
“probability_weight”: 0
}
],
“filter”: {
“channel”: [
“NIGHTLY”
],
“min_version”: “120.1.63.110”,
“platform”: [
“WINDOWS”,
“MAC”,
“LINUX”,
“ANDROID”
]
},
“name”: “BraveAggressiveModeRetirementExperiment”
},
———————————————–
So the Variation is still only for Nightly, but doesn’t mean the user can’t just go to chrome://flags/#brave-show-strict-fingerprinting-mode and manually disable it.
In fact, when a feature is being changed by a variation and not set completely as default it will have an asterisk in the flags
for example
————————–
Show Strict Fingerprinting Mode
Show Strict (aggressive) option for Fingerprinting Mode in Brave Shields – Mac, Windows, Linux, ChromeOS, Android, Fuchsia, Lacros
#brave-show-strict-fingerprinting-mode
Default (Disabled*)
————————–
So, there is a difference. The PR hides the feature as a flag, but doesn’t mean the flag’s default is being set to ‘disabled’ as default, it is the variation the reason it is hidden in Nightly, but that means tomorrow they can start hiding the feature by default, and if people want to keep the Strict mode available and break their WebGL content, they can always set the flag to Enabled.
Again… how hard is to know all this? it only took 3 seconds to research this, and then any other feature handled the same, will be the same: flag, variations, or a feature set completely to disabled or enabled without variation.
Why do I have to explain you this? maybe it is time for you to just post just what Brave explained in their blog, or research about it if you want to know “It is still available on my side”.
Also, you haven’t mentioned it is hidden in a flag, you have never mentioned anywhere, which tells me you probably know it but refuse to mention it because “REMOVAL” sounds nicer than “HIDDEN” for clicks.
Brave’s call it removal, because probably the first plan was to remove it, then they changed it to just a flag for now, it doesn’t matter, you should know about it if you want to opinionate about it, it doesn’t matter what Brave wants to do in the future about it.
@Anonymous – it appears that you’ve confused even yourself with your nonsensical rant about the pull requests.
Anyway, without strict (aggressive) fingerprinting, which was Brave’s one killer feature, this browser will be inferior to IceCat in nearly every way. Rather sad to see the one remaining semi-useful chromium fork get killed off like this before Manifest v3 even gets a chance to destroy the very limited and inferior chromium extension ecosystem.
people like you are easily triggered for sure
@anon
agreed, the first anon got so triggered over Martins article, he wrote a whole essay about it.
https://www.spacebar.news/stop-using-brave-browser/
@Frank:
I’m with you. It’s weird the fanbois can’t see it’s a dodgy product by a dodgy company. It feels like a cult.
This is the same kind of thinking that killed the Soviet union and makes Iran such a fun state to live in: ideology over everything else.
Actually I thought that most people learned from the purges in the past (be it McCarthy, the Crusades, the Inquisition, the Salem witch hunt, Stalin’s shenanigans or all the other shameful examples of the past)
If you start rating ideological fit over performance, your society inevitably declines and in the long run all are worse off. Not to mention that it’s against all principles of a free democracy and inevitably leads to an authoritarian ideology-driven dictatorship.
One of the basic principles of a free democracy is free speech, and this requires from everyone being able to stand and handle contradicting opinions (no matter how unpleasent or wrong they might be).
@John Wayne initiated the recall to good sense, others followed and I do as well myself : political, societal preferences have strictly nothing to do with anything unrelated to politics and society and inherently are invalid as an argument about a product’ quality.
I’d even say that a company shouldn’t fire be it an employee, be it an executive in the name of his beliefs, orientations, even when it does because it considers its public image is incompatible with such beliefs. This wouldn’t happen to start with if such companies avoided glorifying themselves with an aura based on anything else than the quality of its products : a company is to never be tied to political and religious orientations which lead to a corresponding reputation which itself leads to dismissing an executive in particular who wouldn’t fit. We’re evoking here three areas which should never overlap : business, products, individual beliefs.
This said, mixing up identities and accomplishments isn’t specific to companies, and in everyday life how often do we not encounter individuals’ lives and works being considered not for what they are but for the political and religious context they are related to. Take everyone for who he is, for what he accomplishes, not and never for generalities that apply to stats, not to humans. Nor to companies to close the loop.
@Tom Hawack, well said! +500
This kind of PC/woke nonsense just makes me want to use the Brave browser more than I already do (it has now become my primary backup browser to Firefox, supplanting Vivaldi). Note that you could make the same kind of case on the other side against Firefox because of their extreme lefty wokeness, but I pick browsers base on my assessment of their quality, not the politics of their leaders.
“I pick browsers base on my assessment of their quality, not the politics of their leaders.”
Well said, Herman Cost
I know why you put that link. I read the article and the author of the article starts by criticizing the founder of Brave because he is against same-sex marriage. This has nothing to do with the browser, which is excellent! The “modern” crowd unites and criticizes the founder of Brave, not because of the quality of the browser, but because the founder of Brave, formerly Mozilla, is conservative. This is ridiculous. Are we going to stick to the qualities of the browser and Brave’s CEO or are we going to shout against him because he is conservative, in fact, a right for any human being to be?
I agree with John Wayne that Brave is excellent, once all the nonsense is disabled.
John Wayne! Lol!
The most insensitive man who ever lived?
https://www.theguardian.com/film/2019/feb/20/john-wayne-racist-homophobic-views-1971-playboy-interview
https://tvovermind.com/maybe-its-time-to-realize-john-wayne-wasnt-that-great-of-a-guy/
Leviticus 20:13
100 % agree with John. Software has nothing to do with politics or views on life in general.
Are you concerned about minorities? Your problem, citizen. The US is a free country and whoever wants to work, progress, produce and not live at the expense of the government and tax payers, wins in life. All the big food brands, sauces and much more that the world consumes and were created in the US started with poor people, but with the desire to succeed, ok? Don’t agree with that? Your problem! Brave is a browser that makes browsing the internet easier. Is the Creator of Brave conservative? Excellent! I am too, but here we discuss computer technology and we don’t discuss whether a developer is blue, pink or red, Ok? Find something useful in life to do. Good luck.
@John Wayne,
> “Is the Creator of Brave conservative? Excellent!”
To be coherent I’d rather state “Is the Creator of Brave conservative? Does not apply!”
Otherwise you are participating to what you explicitly denied in your first comment. We don’t care if you are conservative, in the same way we don’t care if the creator of Brave is, anyway not in the scope of a given product, which is what you meant to say if I’m not mistaking.
It’s not because I am [???] that I write this post, LOL!
@Tom Hawack maybe you should quote all of @John Wayne’s comment, the “I am too, but here we discuss computer technology and we don’t discuss whether a developer is blue, pink or red” instead of cutting it off at the first word, to give it its proper context – he isn’t participating in anything…
@context, I hadn’t quoted all of @John Wayne’s comment because the “I am too” in my view is in contradiction with the “but here we discuss computer technology and we don’t discuss whether a developer is blue, pink or red” : it’s like saying “I am white myself but not racist” or “I am heterosexual but don’t have anything against gays” when such a precision in this context may appear as a whisper behind a loud assertion.
@ Tom Hawack: It’s in contradiction in your mind because you live in Alice’s hole. There is no contradiction between my statement about being a conservative man (if it’s a problem for you, it doesn’t affect me at all) and the other about here being a site to discuss software and information technology. If your mind is having difficulty understanding a text, it’s not my fault, soccer. Good luck.
?
In addition to the things @John Wayne already pointed out, they also write a lot of nonsense about the built in Brave Rewards feature which is a way to deliver ads in a privacy-respecting manner based on a local algorithm, it’s also completely opt in. Then they are talking about Brave having had an FTX widget once, but they forget to mention that FTX was back then a respected crypto exchange as far as I know, Bankman Fried wasn’t exposed until much later. How is that Brave’s fault, I don’t think they knew about internal processes of FTX and relied on the public trust in them.
Mozilla is acting as if they are taking donations for Firefox while the money actually goes to questionable far left political initiatives, you only find that info in some FAQ by the way, it’s not exactly visible when you donate. That is scummy as fuck, nobody cares though.
Then the referral bullshit, which is ridiculous anyway as all browsers are using referrals of the same kind as part of their search deals. I never see FF users complain “Wah wah wah, I am getting a Firefox referral in my Google search URLs!” – Complete hypocrisy is still complete hypocrisy.
@ Iron Heart
“Mozilla is acting as if they are taking donations for Firefox while the money actually goes to questionable far left political initiatives, you only find that info in some FAQ by the way, it’s not exactly visible when you donate. That is scummy as fuck, nobody cares though.”
Nobody cars about Mozilla’s politics except you. Don’t like their politics? Don’t give them money. Too lazy to read the FAQ or research who you are giving money to? That’s on you. I am disappointed you choose victimhood over personal responsibility.
Judge the browser by it’s technical merits, not by how much of it’s politics you agree with.
“Wah wah wah, I am getting a Firefox referral in my Google search URLs!” – Complete hypocrisy is still complete hypocrisy.”
That’s you in every single Firefox article on ghacks, and no FTX was never respected.
When it comes to fingerprinting there were two approaches – disable API or minimize data. Then Brave came and introduced randomization. Now with strict mode gone it is now clear randomization doesn’t have significant advantage. Back to old methods again.
@Yash
This doesn’t even makes sense because you haven’t researched anything…
Do you know there only 3 modes Strict only? after that, the APIs, that were added any noise will not change much?
So how can you say ‘randomization’ doesn’t work when Standard works perfectly, doesn’t break websites and it can be used 24/7?
Only WebGL was the one broken API because of Strict, then Dark mode detection could be disabled through a flag because nobody wants that, it’s is really bad not to have websites not detecting their dark mode because of dumb paranoia. and then the third strict only farbling is done to the navigator.userAgent and that’s it…
Maybe next time you might want to research a little more, Standard works fine, and it never breaks websites, it was WebGL the only relevant strict noise that broke websites, reason why it didn’t make sense to set Strict and why they are removing it, because if sometimes can break the web, then it shouldn’t be allowed in a browser, especially when all this fingerprinting is done because of paranoid egocentric people, who thinks they are so special a website will track them based on their auto-dark mode… if navigator.userAgent farbling can be added to standard, then what is the issue? the other APIs are already randomized, so there is zero issue about them, even if their ‘noise’ is different than they were in Strict mode.
You can probably learn 1 or 2 things by checking Brave github repositories and even their test page to understand how things work without just saying “doEsnT WoRK” when Standard works FINE
https://dev-pages.bravesoftware.com/fingerprinting/farbling.html
Why is so hard to properly research before commenting? If strict mode was mostly about WebGL and WebGL was broken on any website, then Strict mode should be discarded and just keep improving Standard so it adds noise to the APIs but without breaking anything…. Pretty easy to understand, but I guess the word “Brave” makes some people rush to comment and never research, even if Brave is the ONLY big chromium fork that is open source, so it means they can’t do anything without seeing what they are doing, plus, most of the time you will either read about it in a PR or a properly made issue about a removal or addition and see some discussions between devs even if they use Slack to message each other? they still inform you why and if they had a conversation on slack or something.
So there is no excuse for your comment, like if Brave was completely removing the fingerprinting protection, and like if Standard didn’t do anything when it is Strict the only one that barely does anything, but still breaks the API of WebGL the only relevant farbling Strict had compared with Standard.
@Anonymous
Only fingerprint protection Brave ever tried that wasn’t already available in FF was WebGL. They went randomization with that and stopped it at the first sign of hurdle. Mind other protections provided by Brave are trash like Canvas – an incomplete copycat of FF’s RFP. Couldn’t even figure out dark mode. Bright lads in Brave team! All they had to do was take inspiration from FF and couldn’t even provide basic protections in essentially a fork otherwise known as Brave browser.
Thanks for your comment though! You wrote everything I had in mind.
Why doesn’t it have significant advantages? Disabling APIs causes web compat issues if they are frequently used, that is impractical.