Brave update slams the door on devious 'bounce tracking' technique

Brave Software has rolled out an update for its privacy-centric web browser to combat an invasive tracking technique capable of bypassing existing protections.

As explained in the company’s latest blog post, bounce tracking is a method of circumventing protections by pulling users through intermediate domains as they navigate between web pages, without their knowledge. Over time, this practice could supposedly allow a third-party to build up a detailed profile of someone’s interests.

Although Brave already features a number of mechanisms designed to repel bounce tracking attempts, the company is now bolstering its arsenal with a new feature: Unlinkable Bouncing. Under this system, bounce tracking sites are still able to collect information about the user’s interests, but cannot connect that information with data collected on previous occasions.

The new Unlinkable Bouncing feature is currently available in early-access, but will roll out to all users with Brave version 1.37.

The fight against trackers

Although the objective of services like Brave is to shield against all predatory tracking techniques, doing so is effectively impossible as a result of the ever-changing nature of the landscape.

The relationship between Brave and stakeholders in the web tracking market can be compared to that between threat actors and cybersecurity specialists; advances on one side necessitate innovation on the other.

In a recent conversation with TechRadar Pro, CEO Brendan Eich explained that his team is monitoring constantly for chinks in the armor created by “sneaky” new tracking techniques.

“We’ve got an aggressive ongoing agenda, because privacy has an adversary: the trackers, data brokers and ad tech vendors. And they keep evolving; they are always trying new and sneaky ways to get around what Brave does,” he told us.

The latest Brave update is an example of this process playing out; the company has identified a method of tracking capable of weaselling through its existing protection and deployed an additional mitigation.

Specifically, Unlinkable Bouncing utilizes a capability called “first-party ephemeral storage”, which prevents websites from re-identifying users that visit on multiple occasions. The feature is said to be comparable to clearing browser storage each time someone exits a site, but more effective.

“Unlikable Bouncing is just the first application of our first-party ephemeral storage plans, and we’re excited to share more features with Brave users soon,” the company explained.

• Also check out our list of the best privacy apps for Android