You Cleared Your Cookies. You're Still Being Tracked.

Privacy-conscious users have long used cookie clearing, private browsing, and ad blockers as their main defenses. But there's a far more insidious tracking technique that bypasses all of these: browser fingerprinting.

Browser fingerprinting doesn't require storing anything on your device. Instead, it harvests a constellation of data points about your browser and device configuration, combining them into a unique identifier — your "fingerprint" — that persists even after you clear cookies, switch browsers, or use incognito mode.

What Data Points Make Up Your Fingerprint?

The power of fingerprinting lies in combining many individually innocuous data points into a statistically unique profile. These include:

  • User Agent String: Browser type, version, and operating system.
  • Screen Resolution & Color Depth: The dimensions and pixel density of your display.
  • Installed Fonts: The list of fonts available on your system — highly unique, especially on custom setups.
  • Canvas Fingerprinting: Your browser is asked to render a hidden graphic; subtle differences in GPU rendering create a unique signature.
  • WebGL Fingerprinting: Similar to canvas, but exploiting 3D rendering differences.
  • Audio Fingerprinting: How your system processes audio signals creates measurable variations.
  • Timezone & Language Settings: Narrows down geography and locale.
  • Installed Plugins & Extensions: The presence or absence of specific plugins creates variation.
  • Battery Status API (deprecated but historically used): Battery charge level and charging status were once used as a fingerprinting vector.

How Unique Is Your Fingerprint?

Research has shown that browser fingerprints can be highly unique — in many cases, identifying a specific browser out of hundreds of thousands of visitors. You can test your own fingerprint at coveryourtracks.eff.org, a tool provided by the Electronic Frontier Foundation.

The more customized or unusual your setup, ironically, the more unique your fingerprint. Installing dozens of browser extensions in the name of privacy can actually make you more identifiable, not less.

Who Uses Browser Fingerprinting?

  • Advertising networks: To track users across sites without relying on cookies, especially post-cookie deprecation.
  • Fraud detection systems: Banks and e-commerce platforms use it to identify suspicious login attempts.
  • Paywall enforcement: Some news sites use fingerprinting to limit free article access.
  • Government surveillance: State-level actors have been documented using fingerprinting techniques to de-anonymize targets.

Defending Against Browser Fingerprinting

Best Approaches

  • Use the Tor Browser: Specifically designed to make all users appear identical by standardizing the fingerprint. It's the most effective defense available.
  • Use Firefox with privacy hardening: Combined with extensions like uBlock Origin and Canvas Blocker, Firefox can significantly reduce fingerprinting surface.
  • Brave Browser: Has built-in fingerprint randomization that adds noise to canvas and WebGL data.
  • Disable JavaScript: Eliminates most fingerprinting techniques but breaks many websites in the process.

What Doesn't Help Much

  • Clearing cookies (fingerprinting doesn't use cookies)
  • Private/incognito mode (uses the same browser configuration)
  • Simply changing your IP address or using a VPN (fingerprint is device/browser-based, not IP-based)

The Bigger Picture

Browser fingerprinting is part of a broader trend: the shift from stateful tracking (storing things on your device) to stateless tracking (observing how your device behaves). As cookie-based tracking is increasingly restricted by regulation and browser changes, fingerprinting fills the gap. The only effective defense is using tools designed specifically to blend you into the crowd — or to be fully aware of what you're sharing and with whom.