Browser Fingerprinting: How Websites Track You

What Is Browser Fingerprinting?

Browser fingerprinting is a tracking technique that identifies you based on your browser and device configuration rather than storing data on your computer. Unlike cookies, which you can delete, a fingerprint is assembled from information your browser willingly shares with every website you visit.

When combined, these seemingly harmless details create a unique identifier that can track you across websites without your knowledge or consent. Research shows that over 90% of browsers have a unique fingerprint, making this one of the most effective tracking methods in use today.

💡

Cookies vs. Fingerprinting

Cookies store a tracking ID on your device (you can delete them). Fingerprinting reads your device's unique characteristics (you can't "delete" your screen resolution or installed fonts). This is why fingerprinting is often called "cookieless tracking."

What Data Makes Up a Fingerprint?

Websites collect dozens of data points from your browser. Each one alone is not unique, but together they form a highly distinctive profile:

User-Agent string — Your browser name, version, and operating system
Screen resolution — Display dimensions and color depth
Installed fonts — The list of fonts available on your system
Timezone — Your local time offset from UTC
Language settings — Browser language and preferred languages list
Installed plugins — Active browser plugins and their versions
Canvas rendering — How your GPU draws a hidden image (varies by hardware)
WebGL data — Graphics card model, driver, and rendering capabilities
AudioContext — How your device processes audio signals
Hardware concurrency — Number of CPU cores
Device memory — Amount of RAM reported by the browser
Touch support — Whether your device has a touchscreen
Do Not Track setting — Ironically, enabling DNT makes you more unique

Canvas Fingerprinting

Canvas fingerprinting is one of the most powerful techniques. A website draws an invisible image using the HTML5 Canvas API and reads the pixel data back. Because different GPUs, drivers, and operating systems render the image slightly differently, the result is a nearly unique hash.

This works because graphics rendering is affected by:

GPU manufacturer and model
Graphics driver version
Operating system font rendering engine
Sub-pixel rendering and anti-aliasing settings

⚠️

Hard to block completely

Blocking canvas access entirely can break legitimate websites. The best approach is to add noise to the canvas output rather than blocking it outright.

WebGL and AudioContext Fingerprinting

WebGL fingerprinting queries your graphics card's renderer and vendor strings, plus supported extensions. A website can render a complex 3D scene and hash the output, similar to canvas fingerprinting but using the WebGL API.

AudioContext fingerprinting exploits differences in how devices process audio. A website generates a sound wave using the Web Audio API and measures the output. Variations in audio hardware and drivers produce different results across devices.

Testing Your Browser Fingerprint

Before making changes, check how unique your current fingerprint is:

Cover Your Tracks (EFF)

Visit coveryourtracks.eff.org — the Electronic Frontier Foundation's tool tests your browser against real-world fingerprinting techniques and shows exactly which attributes make you unique.

CreepJS

Visit abrahamjuliot.github.io/creepjs — a more advanced fingerprinting test that checks canvas, WebGL, audio, fonts, and many other vectors. It also detects anti-fingerprinting tools.

Compare results

Run these tests before and after applying protections to measure the actual improvement. The goal is not to be invisible but to blend in with a large group.

Reducing Your Fingerprint

Complete anonymity through fingerprint resistance is extremely difficult. The practical goal is to make your fingerprint less unique by blending in with as many other users as possible.

Firefox: Enhanced Fingerprinting Protection

Firefox has built-in fingerprinting resistance. Open about:config and set:

privacy.resistFingerprinting = true

This single setting enables a wide range of protections:

Reports a generic user-agent and platform
Rounds screen resolution to standard sizes
Spoofs timezone to UTC
Limits font enumeration to a standard set
Adds noise to canvas and WebGL readouts
Returns fixed values for hardware concurrency and device memory

💡

Trade-offs

privacy.resistFingerprinting may break some websites. Dark mode is forced off, timezone shows as UTC (affecting calendar apps), and some canvas-dependent features may not work correctly. Disable it temporarily on sites that break.

For additional protection in Firefox, also consider:

webgl.disabled = true                    // Blocks WebGL fingerprinting (breaks some sites)
media.peerconnection.enabled = false     // Blocks WebRTC IP leaks
privacy.trackingprotection.enabled = true // Enables Enhanced Tracking Protection

Anti-Fingerprinting Browser Extensions

Several extensions can help reduce fingerprinting:

CanvasBlocker — Adds random noise to canvas, WebGL, and AudioContext readouts instead of blocking them. This is better than outright blocking because it doesn't break websites while still defeating fingerprinting.
uBlock Origin — Blocks known fingerprinting scripts from loading in the first place. Enable the "EasyPrivacy" and "Peter Lowe's Ad and tracking server list" filter lists.
Privacy Badger — Learns and blocks invisible trackers, including some fingerprinting scripts, based on their behavior across multiple sites.

⚠️

Avoid too many extensions

Each extension you install can paradoxically increase your fingerprint uniqueness. The combination of extensions itself becomes a data point. Stick to 2-3 well-chosen extensions.

Tor Browser: The Gold Standard

The Tor Browser is designed from the ground up to resist fingerprinting. All Tor Browser users share the same fingerprint because:

Same user-agent string for all users
Same window size (rounded to multiples of 200x100)
Same timezone (UTC)
Same font list (bundled fonts only)
Canvas and WebGL return uniform results
JavaScript timing precision is reduced

If fingerprinting resistance is your top priority, Tor Browser is the most effective solution. See our Complete Tor Browser Guide for setup instructions.

Brave Browser Approach

Brave takes a different approach to fingerprinting than Firefox. Instead of trying to make all users look identical, Brave randomizes fingerprint values on every session:

Canvas and WebGL outputs are randomized per-session and per-domain
Hardware concurrency and device memory are spoofed
Language preferences are limited
Randomization happens automatically with no configuration needed

This means every time you visit a site, your fingerprint looks different, making it impossible to track you across sessions. The advantage over Tor's approach is that fewer websites break.

What Fingerprinting Cannot Track

Understanding the limitations of fingerprinting helps you make informed privacy decisions:

Different browsers on the same device — Firefox and Chrome produce completely different fingerprints
After a major OS update — New drivers, new fonts, or browser updates change the fingerprint
Virtual machines — VMs have generic hardware profiles that blend in
Private/Incognito mode — Does NOT protect against fingerprinting (a common misconception)

⚠️

Incognito mode does NOT prevent fingerprinting

Private browsing only prevents local data storage (history, cookies). Your browser still exposes the same fingerprinting data points to websites. You need the techniques described above for actual fingerprint protection.

Practical Protection Strategy

Here is a layered approach, from least effort to maximum protection:

Basic (everyone should do this)

Use Firefox with Enhanced Tracking Protection set to "Strict". Install uBlock Origin. This blocks known fingerprinting scripts without changing your browsing experience.

Moderate (privacy-conscious users)

Enable privacy.resistFingerprinting in Firefox. Add CanvasBlocker extension. Accept minor website breakage for significantly reduced trackability.

Maximum (when anonymity matters)

Use Tor Browser for sensitive browsing. Keep a separate Firefox profile for everyday use. Never log into personal accounts from Tor (it defeats the purpose).

Summary

Browser fingerprinting is a powerful tracking technique that works without cookies, making it harder to detect and block. While perfect anonymity is nearly impossible, you can significantly reduce your trackability:

Test your fingerprint to understand your starting point
Use Firefox with privacy.resistFingerprinting for daily browsing
Install CanvasBlocker and uBlock Origin (no more)
Use Tor Browser when anonymity is critical
Remember: the goal is to blend in, not to be invisible

🎉

Key Takeaway

Deleting cookies is not enough. Browser fingerprinting tracks you based on who your browser is, not what it stores. Combine fingerprint resistance with good extension hygiene for meaningful privacy improvements.