Brave has a new privacy feature it calls Unlinkable Bouncing. The company has integrated it into its test and development Brave browser version, Nightly.
The releases are updated nightly and may contain bugs that can result in data loss. Nightly automatically sends Brave crash reports when things go wrong.
Unlinkable Bouncing protects privacy by noting when someone is about to visit a website that could harm their privacy.
Instead, it routes that visitor a different way. This prevents the technology in the site from identifying the user by tying the footprint to previous visits, but allows the site to function as usual, according to Brave.
Each visit appears as a unique, first-time visit, so it anonymizes the user. The temporary storage is deleted when the person leaves the site, preventing it from re-identifying the visitors if and when they return.
The new tool protects against bounce tracking -- which enables trackers to track someone even when browser-level privacy protections are in place.
Browsers that respect privacy attempt to prevent sites from learning about a visitor’s behavior and activities on other sites. it attempts to circumvent these protections by gaming how the browser behaves when someone browses from one site to another.
Brave Software Engineer Aleksey Khoroshilov and Brave Senior Software Engineer Ivan Efremov created the feature.
For example, if someone is on a rabbits.example and clicks on a link to visit turtles.example, a tracker might change the URL someone clicks on at the last moment, so that the person actually ends up on tracker.example, explains Brave Senior Director of Privacy Peter Snyder in a post.
The injected tracking site would then learn that the person is interested in rabbits and turtles, before forwarding them to their intended destination, he wrote. If tracker.example is able to inject the code during the navigation, over time the technology will enable the site to build a detailed and privacy-violating profile of the visitor’s interests.
Unlinkable Bouncing is Brave’s first application of a new capability the company’s engineers are developing for first-party ephemeral storage.
This is a set of techniques that allow sites to remember or identify the site visitor for as long as the person is visiting the site. It’s similar to — although more powerful and user-friendly than — clearing the browser storage every time the person leaves a site.
First-party ephemeral storage builds on Brave’s existing protections against tracking. Currently, the company uses something it calls ephemeral third-party storage, where all third-party storage on a site is cleared when you leave the first-party site embedding those third parties.