Malicious websites use all manner of tricks to worm their way into our systems, but in order for them to be most effective at their nastiness, they need to know what they’re facing. That often means scanning our phones and computers, looking for open network ports and identifying the programs running on them. The data that generates can effectively “fingerprint” your device, letting the malicious site identify and track you — even if you use a browser with safeguards like an ad-blocker. So far, your best protection has been to install a third-partybrowser extensionthat blocks local port scanning, but now theBrave browseris tackling this problem head-on, by preventing websites from scanning open ports on your device in the first place.

These new protections to stop unauthorized websites from accessing localhost resourcesare being introduced in version 1.54 of Bravefor desktop and Android, and should prevent this kind of port scanning (viaArs Technica). You may be surprised to find this kind of snooping goes on all the time —research carried out in 2021shows that hundreds of websites regularly run scans on visitors' ports, mostly without seeking permission to do so. Culprits include popular websites like eBay, Gumtree, and Visa.

Brave has now made this process much simpler by blocking all website access to local resources by default. The browser will, however, include a special localhost permission option, which can be manually enabled by expert users. This will allow access to local resources for legitimate purposes, like developers testing new software. Locally hosted pages on your system also won’t be blocked, so you can still run applications likeGoogle Colab. The browser is including an allow list of websites (such as Intel’s) which are known to access localhost resources for valid reasons.

According to Brave, while Safari does block access to local resources in some instances, only Brave does so for both secure and unencrypted public websites. Next steps for the browser include finding better ways to explain what localhost resources are to Brave users. The Brave team claims this will let it authorize users to allow permissions for all websites, and not just those on the allow list. The devs are also exploring new ways to protect users, so websites can’t just switch to other forms of fingerprinting. Brave promises further updates on this in the near future, so watch this space for even more Brave privacy-enhancing features.