Brave Browser Cracks Down On “Port Scanning” Websites That Attempt To Fingerprint Visitors Without Cookies

Brave Browser, a lesser-known but privacy-focused web browser, will soon clamp down on websites that indulge in shady tactics to try and identify visitors and their patterns. A recent update to the browser adds a feature that will automatically block website port scanning.

With version 1.54 and onwards, the Brave Browser will automatically act against websites that scan ports on any PC, laptop, or smartphone. This unethical practice is surprisingly common and websites employ this method to even access other network resources that can potentially expose personal information.

Is Port Scanning Unethical And A Privacy Risk To Internet Users?

Port scanning is a backend technique that attempts to identify unblocked communication channels. Nearly every website wants to predict user behavior. This allows better ad placement and delivery. User data is additionally valuable.

Some sites use similar tactics to try and "fingerprint" visitors, In other words, websites want to identify users each time they return. Concerningly, this is possible even if users delete browser cookies.

By running commonly available scripts that access local resources on users' devices, the sites can detect unique patterns from the browser that allows these methods. Some of the websites may try to detect insecurities or allow developers to test their websites. However, there could be more abusive or malicious intentions in the wrong hands.

According to a user-generated report, many popular and high-traffic websites scanned visitors' ports. It is concerning to note that most or all scanned for open ports without throwing any notification or seeking permission in advance.

The report, compiled in 2021, indicated websites such as eBay, Chick-fil-A, Best Buy, Kroger, and Macy's were among the offending websites. As the report isn't comprehensive, it is safe to assume that thousands of websites must be indulging in such unethical practices to gather user information.

Brave Browser To Automatically Block Port Scanning And LocalHost Resources

The new version of Brave will curb the practice of port scanning by default. Basically, no website will be able to access local resources.

More advanced users who want a particular site to have such access can add the website to an "Allow" list. Users will be greeted with a prompt that looks like this:

"Brave has chosen to implement the localhost permission in this multistep way for several reasons. Most importantly, we expect that abuse of localhost resources is far more common than user-benefiting cases, and we want to avoid presenting users with permission dialogs for requests we expect will only cause harm."

Port scanning is executed by JavaScript hosted on a website and runs inside a visitor's browser. The Brave Browser will stop all such scripts using the "Same Origin Policy" and other methods.

Incidentally, there are extensions for other popular web browsers such as Mozilla Firefox, Google Chrome, and more. Apple's Safari browser has blocked some forms of localhost access, it doesn't block all of them, the Brave Browser development team claimed.

"As far as we can tell, Brave is the only browser that will block requests to localhost resources from both secure and insecure public sites, while still maintaining a compatibility path for sites that users trust (in the form of the discussed localhost permission)", the team boasted.