Brave touts itself as a privacy-friendly browser that is able to block cookie-less fingerprinting.
To test that, this site tries to detect whether your browser is Brave. Surely if your browser is Brave, that is an obscure enough data point to almost uniquely identify you.
Are you using Brave? The answer is ...
Brave tries to be privacy-preserving by removing Chrome's new Client Hints header from outbound HTTP requests, but as a result it just ends up telling on itself.
There are multiple different ways to fingerprint Brave using client hints and the fact that they patched Chromium to get rid of them, this is just one approach.
Brave does not consider those sort of vulnerabilities in-scope for their bug-bounty, because it's impossible to defend against. Why have it on your marketing pages then?
