I observed Firefox sending ECH extension in ClientHello, maybe I just enabled it in the settings, so Firefox supports ECH (on by default since version 119). However, virtually no servers support ECH now. Not Google, not Hackernews, not Cloudflare etc.
This seems to be a not very good comparison, and it looks like it cherry-picks convenient for a certain browser points and ignores others. Look at "fingerprint protection", for example, and see that it does not include features that provide most fingerprinting data:
- preventing reading GPU name via WebGL debugging extension (does Brave block this?)
- preventing reading back canvas data which is used to fingerprint browser and OS code responsible for rendering graphics and text
- enumerating audio devices
And if you read the issues in Brave github [1], then you'll notice that Brave developers refuse to block features providing important fingerprinting information under compatibility" reasons (including GPU vendor and model), although these features could be made blocked only in high security mode.
So regarding fingerprinting, the comparison you refer to is pretty much worthless: it doesn't mention many important fingerprinting APIs.
Fair points. Ill try to educate myself on this more.
FWIW the about section says this:
"Each privacy test examines whether the browser, on default settings, protects against a specific kind of data leak."
The maintainer is a Brave employee and this is a project they were already doing before joining Brave. I'm hoping that they aren't manipulating it in favor of Brave.
I sent those three options as a feature request. Do you think the site is still useful in some capacity?
As for fingerprinting, there are more APIs that leak data allowing fingerprinting, what I mentioned were the most known APIs. Also, I looked at Brave Github and they seem to have counter-measures for some of those APIs to randomize results. So adding more tests could also be benefitial to Brave.
> Do you think the site is still useful in some capacity?
Well, it is better than nothing although it would be better if there were more tests regarding fingerprinting.
This seems to be a not very good comparison, and it looks like it cherry-picks convenient for a certain browser points and ignores others. Look at "fingerprint protection", for example, and see that it does not include features that provide most fingerprinting data:
- preventing reading GPU name via WebGL debugging extension (does Brave block this?)
- preventing reading back canvas data which is used to fingerprint browser and OS code responsible for rendering graphics and text
- enumerating audio devices
And if you read the issues in Brave github [1], then you'll notice that Brave developers refuse to block features providing important fingerprinting information under compatibility" reasons (including GPU vendor and model), although these features could be made blocked only in high security mode.
So regarding fingerprinting, the comparison you refer to is pretty much worthless: it doesn't mention many important fingerprinting APIs.
[1] https://github.com/brave/brave-browser/issues/35646