_You did not consent to being fingerprinted. Websites do it anyway._ --- Cookies Died. Fingerprinting Took Over. For a decade, the browser privacy conversation revolved around third-party cookies. Safari blocked them. Firefox blocked them. Chrome deprecated them. Privacy advocates declared victory. That victory was a mirage. Advertisers needed tracking, and the industry pivoted hard to browser fingerprinting—a technique that identifies you without storing anything on your device. Unlike cookies, browser fingerprinting does not ask permission. There is no banner. There is no opt-out. Your browser silently broadcasts dozens of unique signals every time you load a page, and combining them creates a profile so specific it can identify you among millions. A 2020 IEEE survey of fingerprinting techniques catalogued over 30 distinct vectors. In 2026, the number has grown. New APIs, hardware differences, and rendering quirks give trackers more signal than ever. --- How Browser Fingerprinting Works The process is straightforward and invisible: A script executes in your browser—often embedded in an ad, a tracking pixel, or an analytics library. The script queries your browser for specific characteristics: screen resolution, installed fonts, timezone, language preferences, WebGL renderer string, audio processing quirks, canvas drawing output, and more. Each response is normalized and hashed into a fingerprint. That fingerprint is matched against a database. If your fingerprint matches an existing entry, the tracker knows it has seen you before—across sites, across sessions, across cleared cookies. The key insight: none of this requires storing anything on your device. The fingerprint is a function of your browser's configuration. Change nothing, and the fingerprint remains stable for months. --- The Fingerprinting Vectors Canvas Fingerprinting The most widely used vector. A script draws a hidden image using the HTML5 Canvas API and reads back the pixel data. Subtle differences in GPU rendering, anti-aliasing, and sub-pixel positioning produce a unique hash. Two identical browsers on identical hardware will produce near-identical canvas output. But real users run different GPUs, drivers, and operating systems. These differences are enough to distinguish them. WebGL Fingerprinting WebGL exposes your GPU's rendering capabilities, including the exact renderer string (e.g., "ANGLE (NVIDIA GeForce RTX 4070)"), vendor, and supported extensions. This vector is especially powerful because GPU models are distributed unevenly across the population. An RTX 4090 owner is far more identifiable than someone running integrated Intel graphics. Font Detection Your browser reports the list of installed fonts. Most users have hundreds of fonts installed, and the combination—including which fonts came from which applications—is highly individual. Adobe Creative Suite fonts, Microsoft Office fonts, and gaming-related fonts all leave fingerprints. AudioContext Fingerprinting The Web Audio API processes audio data through your system's audio stack. Minute differences in floating-point precision, sample rate conversion, and oscillator behavior produce a unique waveform that can be hashed. Two machines running the same OS version can produce different audio fingerprints due to driver differences. Screen and Window Metrics Resolution, color depth, device pixel ratio, and available screen space (accounting for taskbars and window decorations) all contribute. A user with a 2560x1440 display at 125% scaling on Windows is already in a narrower bracket than they realize. Navigator Properties The object exposes a wealth of identifiers: — browser, version, OS — operating system architecture — preferred language — CPU core count — RAM (in Chrome) — touchscreen presence and — browser vendor strings Individually, these are generic. Combined, they become a fingerprint. Battery API (Deprecated but Exploited) The Battery Status API was removed from most browsers after researchers demonstrated it could be used for tracking. But older browsers and some embedded WebViews still expose it. Client Rects and CSS Fingerprinting How your browser renders specific CSS properties—particularly queries and font metrics—varies between browser engines and configurations. Scripts can measure element dimensions to infer browser version, zoom level, and accessibility settings. --- How Unique Is Your Fingerprint? The EFF's Cover Your Tracks project (formerly Panopticlick) has measured millions of browser fingerprints. Their findings: approximately 80% of browsers have a unique fingerprint. Not 80% of users—80% of _browser instances_. This means if you use Chrome on your desktop and Firefox on your laptop, each browser is separately identifiable. The fingerprint does not track _you_. It tracks your browser configuration. But for most people, that is the same thing. The Fingerprint Analyzer on this site runs a comprehensive scan in your browser and shows your uniqueness score. It does not send results to any server—the entire analysis happens client-side. Run it once and you will see exactly how trackers see you. --- Why It Is Worse Than Cookies Property / Cookies / Fingerprinting Requires consent / Yes (GDPR/ePrivacy) / No (loophole) User-visible / Yes (banner) / No Can be cleared / Yes (browser setting) / No (inherent) Cross-site persistence / Yes / Yes Detects browser change / No / Yes Blocks in incognito / Yes / Often no Requires storage / Yes / No Fingerprinting does everything cookies did, without any of the consent mechanisms baked into cookie regulation. --- Who Is Using Fingerprinting? The short answer: most of the ad-tech industry. Ad networks — Google FLEDGE and Topics API are Google's alternative to third-party cookies, but they still rely on browser-side signal collection to put users in interest cohorts Analytics platforms — Adobe Analytics, Heap, and Amplitude use fingerprinting for session stitching Fraud detection — companies like ThreatMetrix fingerprint browsers to detect botnets and account takeovers. The technique is the same; the intent is different Paywall and subscription sites — many newspapers use fingerprinting to enforce article limits even when you clear cookies Government surveillance — leaked documents from the Snowden archive revealed that the NSA's QUANTUM system used browser fingerprinting as part of its targeting infrastructure --- How to Defend Against Fingerprinting Use a Fingerprinting-Resistant Browser Mullvad Browser (built by the Tor Project in partnership with Mullvad VPN) is the most effective fingerprinting defense available. It configures Firefox to look identical to every other Mullvad Browser user—same window size, same fonts, same WebGL output. You blend into the crowd. Tor Browser does the same, with the addition of onion routing. The Tor network's relay architecture provides anonymity on top of fingerprinting resistance. Standard Firefox with enabled provides partial protection. It spoofs several vectors but does not achieve full uniformity. Avoid the Browsers That Fight You Chrome is built by an advertising company. Fingerprinting is not a bug in Chrome—it is a feature the business model depends on. Chrome's Topics API is designed to replace third-party cookies with browser-based interest profiling. It is fingerprinting by a different name. Edge is built by Microsoft, which runs one of the largest ad networks. The incentives are the same. Safari has the strongest anti-fingerprinting protections among mainstream browsers. Intelligent Tracking Prevention (ITP) limits several vectors. But Safari's market share is small enough that blending into the crowd provides less cover. Disable JavaScript Where Possible Fingerprinting requires JavaScript. Disabling JavaScript breaks most fingerprinting vectors entirely. It also breaks most of the web. The NoScript extension lets you selectively enable JavaScript per domain—a practical compromise. Run the Fingerprint Analyzer Before and after making changes, run the Fingerprint Analyzer to see whether your modifications actually reduced your uniqueness score. Many "privacy" extensions introduce new fingerprinting vectors by altering browser behavior in detectable ways. --- What Does Not Work Private browsing mode — incognito does not prevent fingerprinting. It only isolates storage. Your fingerprint is the same. VPN alone — a VPN hides your IP address. It does nothing to your browser fingerprint. The tracker does not need your IP; it has your canvas hash. Clearing cookies — irrelevant. Fingerprints do not use cookies. "Do Not Track" header — deprecated and ignored by nearly every site Most privacy extensions — AdBlock Plus, uBlock Origin, and similar tools block tracking scripts but do not alter your fingerprint. A tracker that loads successfully will still identify you. --- The Regulatory Gap The GDPR requires consent for storing information on a user's device. Cookies store information on the device. Fingerprinting does not. This loophole means fingerprinting operates in a regulatory gray zone where the same tracking outcome is achieved without triggering the same legal requirements. The ePrivacy Regulation—stalled in the EU for years—was supposed to close this gap. As of early 2026, it remains unpassed. The W3C's Privacy Interest Group has published fingerprinting guidance, but browser vendors implement protections at their own pace and with their own business interests in mind. --- Take Action Browser fingerprinting is not going away. The advertising industry has spent years migrating from cookies to fingerprinting, and there is no regulatory mechanism likely to stop it soon. The defense is technical, not legal. Run the Fingerprint Analyzer and check your uniqueness score. Install Mullvad Browser for sensitive browsing. Enable in Firefox for daily use. Disable JavaScript on sites that do not need it. Re-run the analyzer to verify your changes worked. --- _Your browser tells a story about you every time you load a page. You did not write that story. You did not consent to it being read. But you can change what it says._ --- Related Reading: Top 10 Privacy Tools You Actually Need VPN Reality Check 2026 Social Media Privacy Settings The Invisible Data Economy: How AI Scrapers Build Profiles