Skip to content
Browser Fingerprinting: What It Is & How to Protect Your Privacy

Browser Fingerprinting: What It Is & How to Protect Your Privacy

4 min read

What Is Browser Fingerprinting?

Browser fingerprinting is a tracking technique that identifies you based on the unique characteristics of your browser and device. Unlike cookies, which store a tracking ID on your computer, fingerprinting collects information about your system configuration — screen resolution, installed fonts, browser plugins, time zone, language settings, and more — to create a unique “fingerprint” that identifies you across websites.

The concerning part: browser fingerprinting works even if you clear your cookies, use private browsing mode, or block third-party cookies. Your device configuration is remarkably unique, and that uniqueness makes you trackable.

How Browser Fingerprinting Works

Information Collected

Every time you visit a website, your browser voluntarily shares a significant amount of information. Each piece alone is not identifying, but combined, they create a unique profile:

Browser and OS:

  • User-Agent string (browser name, version, operating system)
  • Platform (Win32, MacIntel, Linux x86_64)
  • Browser language and language preferences
  • Do Not Track setting

Screen and Display:

  • Screen resolution (e.g., 2560x1440)
  • Color depth (24-bit, 32-bit)
  • Device pixel ratio (1x, 2x for Retina)
  • Available screen size (excluding taskbar)

Hardware:

  • Number of CPU cores
  • Available device memory
  • GPU renderer (via WebGL)
  • Touch support
  • Maximum touch points

Fonts:

  • List of installed system fonts (detected through rendering differences)

Audio:

  • AudioContext fingerprint (how your device processes audio signals)

Canvas:

  • Canvas fingerprint (your GPU renders a hidden image; subtle hardware and driver differences produce a unique result)

WebGL:

  • GPU vendor and renderer
  • Supported WebGL extensions
  • Rendering characteristics

Time and Location:

  • Time zone
  • System clock offset
  • Locale settings

The Uniqueness Problem

Research by the Electronic Frontier Foundation (EFF) found that 83.6% of browsers have a unique fingerprint. Among browsers with Flash or Java enabled (less relevant today but illustrative), 94.2% were unique.

Even without those plugins, modern fingerprinting techniques using Canvas, WebGL, and AudioContext can distinguish between most devices. A 2020 study found that canvas fingerprinting alone could identify 98% of desktop browsers.

Types of Fingerprinting

Canvas Fingerprinting

The most common technique. A hidden <canvas> element renders text and shapes. Due to differences in GPU hardware, drivers, font rendering, and anti-aliasing, the rendered image differs slightly between devices. The script converts the canvas to a data URL and hashes it.

// Simplified canvas fingerprint
const canvas = document.createElement('canvas');
const ctx = canvas.getContext('2d');
ctx.fillText('Browser fingerprint test', 10, 50);
const fingerprint = canvas.toDataURL();

WebGL Fingerprinting

Similar to canvas but uses 3D rendering. WebGL exposes detailed GPU information and rendering characteristics that are highly device-specific.

Audio Fingerprinting

The AudioContext API processes audio signals slightly differently on each device due to hardware and software differences. By generating and analyzing a simple audio signal, a script can create a device-specific fingerprint.

Font Fingerprinting

Different operating systems and users have different fonts installed. By measuring the rendered width of text in various fonts, a script can determine which fonts are available — creating another dimension of uniqueness.

TLS Fingerprinting

The TLS handshake between your browser and a server includes information about supported cipher suites, extensions, and protocol versions. This handshake is unique enough to identify browser type and sometimes specific configurations. This happens at the network level, below what browser extensions can control.

Who Uses Browser Fingerprinting?

Advertising and Analytics

Ad networks use fingerprinting to track users across websites for targeted advertising, especially as cookie-based tracking faces increasing restrictions from browser vendors and privacy regulations.

Fraud Detection

Banks and payment processors use fingerprinting to detect suspicious logins. If your account is suddenly accessed from a device with a completely different fingerprint, it may trigger additional verification.

Bot Detection

Websites use fingerprinting to distinguish real users from automated bots. Bots often have inconsistent or artificial fingerprints (e.g., claiming to be Chrome on Windows but running on a headless Linux server).

DRM (Digital Rights Management)

Streaming services use fingerprinting to limit the number of devices accessing a single account.

How to Reduce Your Fingerprint

Complete protection against browser fingerprinting is difficult, but you can significantly reduce your trackability.

Use a Privacy-Focused Browser

Tor Browser is the strongest option. It is designed to make all users look identical by standardizing window size, fonts, and other fingerprinting vectors. However, it is significantly slower than standard browsers.

Firefox with Enhanced Tracking Protection blocks known fingerprinting scripts. In about:config, set privacy.resistFingerprinting to true for additional protection (this spoofs several fingerprinting vectors but may break some websites).

Brave Browser includes built-in fingerprinting protection that randomizes canvas, WebGL, and audio fingerprints on each session.

Browser Extensions

  • uBlock Origin: Blocks known fingerprinting scripts along with ads
  • Canvas Blocker (Firefox): Randomizes canvas fingerprint data
  • Privacy Badger (EFF): Learns and blocks trackers including fingerprinters

Reduce Unique Signals

  • Use common screen resolutions: 1920x1080 is the most common. Unusual resolutions make you more unique.
  • Limit installed fonts: Custom fonts add uniqueness. Stick with system defaults.
  • Use default browser settings: Custom configurations increase uniqueness.
  • Disable JavaScript (extreme): Most fingerprinting requires JavaScript. Disabling it breaks many websites but eliminates most fingerprinting vectors.

What Does NOT Help

  • Private/Incognito mode: Does not change your fingerprint. It only prevents local storage of history and cookies.
  • VPN: Changes your IP address but not your browser fingerprint. Useful for location privacy but not fingerprint protection.
  • Clearing cookies: Fingerprinting does not use cookies. Clearing them has no effect on your fingerprint.
  • Do Not Track header: Most websites ignore it. Ironically, having it enabled adds another data point to your fingerprint.

Testing Your Browser Fingerprint

Several tools let you see how unique your browser is:

EFF’s Cover Your Tracks

The EFF’s tool (formerly Panopticlick) tests your browser against their database and tells you how unique your fingerprint is. It checks for known tracking techniques and rates your protection level.

AmIUnique

An academic research project that collects and analyzes browser fingerprints. It shows you every attribute collected and how common each one is in their database.

CreepJS

A more comprehensive fingerprinting test that uses modern techniques including canvas, WebGL, audio, and font fingerprinting. It demonstrates just how much information your browser exposes.

For testing what data your own tools and sites expose, the EXIF Remover checks another privacy vector — metadata embedded in images you upload online.

The Future of Fingerprinting

Browser vendors are actively fighting fingerprinting:

  • Chrome’s Privacy Sandbox: Aims to reduce fingerprinting surface while preserving some advertising use cases
  • Firefox’s fingerprinting resistance: Continues to add protections with each release
  • Safari’s Intelligent Tracking Prevention: Limits fingerprinting vectors and blocks known fingerprinting domains

However, fingerprinting techniques evolve alongside defenses. As browsers restrict one method, researchers find new vectors. It is an ongoing arms race.

The Privacy Trade-Off

Perfect anti-fingerprinting protection often degrades your browsing experience. Tor Browser’s standardized window size, disabled features, and slower performance are the price of uniformity. For most people, a balance is needed:

  1. Use a browser with built-in fingerprinting protection (Firefox or Brave)
  2. Install uBlock Origin
  3. Accept that some fingerprinting will still occur
  4. Focus your strongest privacy measures on the activities that matter most

Conclusion

Browser fingerprinting is a sophisticated tracking technique that works without cookies, across private browsing sessions, and despite most common privacy measures. While perfect protection is impractical for everyday browsing, using a privacy-focused browser with fingerprinting resistance and script blockers significantly reduces your trackability.

Check what other digital traces you leave behind. Use the EXIF Remover to strip location and device data from photos before uploading them, and the Password Generator to ensure your accounts are protected with strong, unique credentials that cannot be linked across services.