Websites can identify and track you across the internet without storing anything on your device — no cookies, no login required. Here is how it works and what you can do about it.
Every browser broadcasts dozens of technical details when it visits a website — screen resolution, installed fonts, graphics card model, timezone, language, CPU core count, and more. Individually these seem harmless. Combined, they form a fingerprint that is often unique to a single person. Unlike cookies, this fingerprint requires no storage on your device. It can't be cleared. It follows you across every site you visit.
A typical fingerprint is assembled from ten to thirty data points. No single signal identifies you — but the intersection of all of them often does. Research by the EFF found that over 80% of browsers have a fingerprint unique enough to identify the user without any other information.
Imagine walking into a store where the staff can't see your face or ID. But they notice you're exactly 6'1", left-handed, wearing size 13 shoes, have a distinctive accent, and always pay with exact change. No single detail identifies you — but together, they do. Every time. That's browser fingerprinting.
The advertising industry uses fingerprinting to track you across websites even after you clear cookies. Companies like Google, Meta, and thousands of smaller data brokers build profiles of your browsing habits and sell them. Fingerprinting is a core reason "private" browsing is less private than most people think — your incognito window has the same fingerprint as your regular one.
Intelligence agencies in multiple countries have been documented using browser fingerprinting to track dissidents, journalists, and activists across the web. Unlike cookie-based tracking, fingerprint-based surveillance leaves no trace on the target's device. The target has no way to know they are being tracked and no technical means to clear or reset their fingerprint.
Banks and payment processors use fingerprinting legitimately — to detect when a fraudster is using a stolen card from an unusual device. When a transaction comes from a device that doesn't match the account holder's usual browser fingerprint, it can trigger a fraud alert. This is one of the few genuinely protective uses of the technology, where the data stays with the institution rather than being sold.
Many analytics platforms use fingerprinting to count unique visitors without cookies, often without disclosing this in their privacy policies. Your visits across a site are linked even in incognito mode. Some tools market this as "cookieless analytics" — a framing that obscures the fact that you're being tracked through a more persistent and less transparent method than before.
Some signals contribute more entropy than others. These six are the most identifying:
Protection exists on a spectrum. No solution is complete, but meaningful reduction is achievable.
Tor Browser standardizes all fingerprint values so every Tor user looks identical. Canvas fingerprinting returns blank data. Fonts are restricted to a small standard set. Screen size is normalized to a common value regardless of your actual display. Tradeoffs: slow due to the Tor network, breaks some websites, and impractical for everyday use — but unmatched for anonymity when it matters.
Enable privacy.resistFingerprinting in about:config. This makes Firefox spoof many fingerprint values — reporting a standard screen size, blocking canvas reads without permission, and randomizing other signals. Brave Browser has similar built-in fingerprint randomization that works without any configuration, making it the lowest-friction option for most users.
Chrome and Edge offer almost no fingerprint protection and are designed to integrate with Google and Microsoft's advertising and tracking infrastructure. Chrome's Privacy Sandbox proposals replace third-party cookies with alternative tracking mechanisms rather than eliminating tracking. Switching browsers is the single highest-impact change most people can make for their browsing privacy.
Randomizes your canvas fingerprint on every page load so the hash is never consistent across sites. One of the most effective single extensions for fingerprint protection because it directly disrupts the highest-entropy signal. Available for Firefox and Chrome. Some sites may detect the randomization and show a captcha — a minor tradeoff for meaningful protection.
Blocks many fingerprinting scripts before they execute. Most cross-site fingerprinting happens through third-party analytics and advertising scripts — blocking those scripts entirely is more effective than trying to spoof their results. uBlock Origin in medium mode prevents the majority of third-party fingerprinting without significant site breakage.
Learns which trackers follow you across sites and blocks them over time. Less effective against first-party fingerprinting but good at stopping cross-site tracking networks. Works well alongside uBlock Origin as a complementary layer — Privacy Badger catches trackers based on behavior rather than block lists.
Changes the browser and OS string your browser reports, making you appear to use a different browser. Reduces one signal but does not address canvas, WebGL, font, or hardware fingerprinting. Useful as one layer in a broader privacy setup, but not effective on its own. Some sites may detect the mismatch between a reported user agent and actual browser behavior.
Fingerprinting is an arms race. Every protection measure has a countermeasure. Canvas randomization can be detected. Tor's normalized screen size is itself a signal. The most effective approach combines a privacy-focused browser with script-blocking extensions and conscious browsing habits. No solution is perfect, but reducing your fingerprint's uniqueness meaningfully raises the cost of tracking you — which matters.
The goal is not invisibility. The goal is to be unremarkable — to look like thousands of other browsers rather than one uniquely identifiable one. A Chrome user with a 1920×1080 screen, English language, and standard Windows fonts has a common fingerprint. A user with a custom Linux distro, rare fonts, non-standard screen resolution, and an obscure browser version is far easier to track despite feeling more technical and privacy-conscious.
Use the analyzer to see your current fingerprint. Then try a privacy-focused browser and run it again. The difference in the uniqueness score tells you exactly how much protection each configuration actually provides.