diff --git a/docs/desktop-browsers.md b/docs/desktop-browsers.md index c70d4fd9..b059aad1 100644 --- a/docs/desktop-browsers.md +++ b/docs/desktop-browsers.md @@ -264,9 +264,7 @@ Brave adds a "[referral code](https://github.com/brave/brave-browser/wiki/Brave% These options can be found in :material-menu: → **Settings**. -#### Settings - -##### Shields +#### Shields Brave includes some anti-fingerprinting measures in its [Shields](https://support.brave.com/hc/articles/360022973471-What-is-Shields) feature. We suggest configuring these options [globally](https://support.brave.com/hc/articles/360023646212-How-do-I-configure-global-and-site-specific-Shields-settings) across all pages that you visit. @@ -274,7 +272,6 @@ Shields' options can be downgraded on a per-site basis as needed, but by default
-- [x] Select **Prevent sites from fingerprinting me based on my language preferences** - [x] Select **Aggressive** under *Trackers & ads blocking*
@@ -287,6 +284,7 @@ Brave allows you to select additional content filters within the internal `brave - [x] Select **Strict** under *Upgrade connections to HTTPS* - [x] (Optional) Select **Block Scripts** (1) - [x] Check **Block fingerprinting** +- [x] Select **Block third-party cookies** - [x] Check **Forget me when I close this site** (2) - [ ] Uncheck all social media components @@ -295,42 +293,54 @@ Brave allows you to select additional content filters within the internal `brave 1. This option provides functionality similar to uBlock Origin's advanced [blocking modes](https://github.com/gorhill/uBlock/wiki/Blocking-mode). 2. If you wish to stay logged in to a particular site you visit often, you can set exceptions on a per-site basis by clicking on the Shield icon in the address bar. -##### Privacy and security +#### Privacy and security
+- [x] Select **Don't allow sites to use the V8 optimizer** under *Security* → *Manage V8 security* (1) +- [x] Select **Automatically remove permissions from unused sites** under *Sites and Shields Settings* - [x] Select **Disable non-proxied UDP** under [WebRTC IP Handling Policy](https://support.brave.com/hc/articles/360017989132-How-do-I-change-my-Privacy-Settings#webrtc) - [ ] Uncheck **Use Google services for push messaging** -- [ ] Uncheck **Allow privacy-preserving product analytics (P3A)** -- [ ] Uncheck **Automatically send daily usage ping to Brave** -- [ ] Uncheck **Automatically send diagnostic reports** -- [ ] Uncheck **Private window with Tor** (1) +- [x] Select **Auto-redirect AMP pages** +- [x] Select **Auto-redirect tracking URLs** +- [x] Select **Prevent sites from fingerprinting me based on my language preferences**
-1. Brave is **not** as resistant to fingerprinting as the Tor Browser and far fewer people use Brave with Tor, so you will stand out. Where [strong anonymity is required](https://support.brave.com/hc/articles/360018121491-What-is-a-Private-Window-with-Tor-Connectivity) use the [Tor Browser](tor.md#tor-browser). +1. Disabling the V8 optimizer reduces your attack surface by disabling [*some*](https://grapheneos.social/@GrapheneOS/112708049232710156) parts of JavaScript Just-In-Time (JIT) compilation.

Sanitizing on close

-- [x] In the *Sites and Shields Settings* menu, under Content, after clicking on the *On-device site data* menu, select **Delete data sites have saved to your device when you close all windows**. +- [x] Select **Delete data sites have saved to your device when you close all windows** under *Sites and Shields Settings* → *Content* → *Additional content settings* → *On-device site data*. If you wish to stay logged in to a particular site you visit often, you can set exceptions on a per-site basis under the *Customized behaviors* section.
-##### Extensions +##### Tor windows -- [ ] Uncheck all built-in extensions you do not use +[**Private Window with Tor**](https://support.brave.com/hc/articles/360018121491-What-is-a-Private-Window-with-Tor-Connectivity) allows you to route your traffic through the Tor network in Private Windows and access .onion services, which may be useful in some cases. However, Brave is **not** as resistant to fingerprinting as the Tor Browser and far fewer people use Brave with Tor, so you will stand out. If your threat model requires strong anonymity, use the [Tor Browser](tor.md#tor-browser). -##### Web3 +##### Data Collection -Brave's Web3 features can potentially add to your browser fingerprint and attack surface. Unless you use any of features, they should be disabled. +- [ ] Uncheck **Allow privacy-preserving product analytics (P3A)** +- [ ] Uncheck **Automatically send daily usage ping to Brave** +- [ ] Uncheck **Automatically send diagnostic reports** -- Select **Extensions (no fallback)** under *Default Ethereum wallet* and *Default Solana wallet* +#### Web3 + +Brave's Web3 features can potentially add to your browser fingerprint and attack surface. Unless you use any of these features, they should be disabled. + +- Select **Extensions (no fallback)** under *Default Ethereum wallet* +- Select **Extensions (no fallback)** under *Default Solana wallet* - Set *Method to resolve IPFS resources* to **Disabled** -##### System +#### Extensions + +- [ ] Uncheck all built-in extensions you don't use + +#### System