-
Notifications
You must be signed in to change notification settings - Fork 2.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Website can track between normal and private tab #2532
Comments
This is the more serious case; normal to private is expected since some state last I checked (like HSTS) is inherited in private tabs from normal tabs. As OP notes this is also an issue in Chrome but maybe we should fix independently. |
I don't think this is state sharing; it seems to be fingerprinting. In dev version 59.5 on MacOS with first-party fingerprinting protection turned on, I can't repro. |
Description
A normal tab shares data with private tab that is accessible by websites (and thus tracking)
Steps to Reproduce
This also works the other way around, going from private to normal.
Actual result:
Website can identify/track between normal and private tab.
Expected result:
Not to share data between normal and private tab that is accessible by websites.
Reproduces how often:
Easily reproduced
Brave version (brave://version info)
Reproducible on current release:
Not tested.
Website problems only:
Additional Information
It seems that they generate a fingerprint and store it.
The fingerprint on a normal tab is the same as in the private tab.
The text was updated successfully, but these errors were encountered: