Brave browser worried that Client Hints can be misused for tracking

The people at the privacy-oriented browser Brave have criticized an industry proposal that says it would make it easier for websites to identify a browser using a passive, cookie-less fingerprint technique.

This is HTTP client hints, the proposal offers a standard way for a web server to ask a browser for information about itself. It comes from the Internet Engineering Task Force (IETF). This organization works with industry members to make voluntary standards for internet protocols and has a lot of power. It standardized TCP and HTTP, two of the basic protocols of the internet.

HTTP already offers a technique called proactive negotiation, with which a server can ask a browser for itself. This technique ensures that the browser describes its capabilities every time it sends a request. That costs too much bandwidth, says the IETF.

Customer tips make things easier. It defines a new response header that servers can send whenever they want, and asks the browser for information about issues such as the width and height of the display in pixels, the amount of memory it has and the color depth.

The IETF says that Client Hints would make it easier for servers to deliver the right content for a browser. For example, you wouldn't want a huge photo if you were looking at a mobile device.

So Client Hints does not seem to ask the browser for information that a server could not find in other ways. And in fact, in its security guidelines for those implementing the proposed standard, IEET urges them not to request information from the server that is not otherwise available (such as HTML, CSS, or JavaScript).

However, this does not make the Brave team uncomfortable. Client Hints considers it another tracking method that offers browsers a way to post information about users. It says:

Brave works to prevent websites from learning many of these values ​​with the help of JavaScript, while at the same time not breaking websites; Adding Client Hints to the browser platform would provide an additional tracking method to block usage and private internet and possibly make it more difficult.