Browser Fingerprinting Explained: Why Cookies Aren't the Whole Story

The Idea

Browser fingerprinting is a technique websites use to identify and track you without using cookies. Your browser, while loading a page, exposes a long list of seemingly-innocuous details: your screen resolution, installed fonts, GPU model, time zone, language preferences, browser version, operating system version, hardware concurrency. Each detail on its own is shared by many users. Combined, they form a fingerprint that's unique to your specific device in about 95% of cases.

What Goes Into a Fingerprint

• User-Agent string — browser + OS + version
• Screen resolution and color depth
• Available fonts (queried by drawing text in each font and measuring)
• Installed browser plugins
• Time zone and language preferences
• Audio fingerprint (how your sound stack processes a test signal)
• Canvas fingerprint (how your GPU renders a small hidden image — differs subtly between devices)
• WebGL fingerprint (GPU model + driver behaviour)
• WebRTC IP leak (reveals your local network IP behind NAT)
• Battery API (level + charging status; abandoned in Firefox but still in Chrome)
• Touch support, pointer types (mouse, finger, pen)

How Tracking Companies Use It

An ad network includes its tracking script on thousands of websites. Each time the script loads on a page, it computes your fingerprint and sends it home. Across multiple page loads on different websites, the same fingerprint = the same person. The tracker now has a profile of you (which sites you visit, what time, what topics) without ever using a single cookie.

Clearing cookies doesn't help. Switching to incognito doesn't help (incognito clears cookies at session end but your fingerprint is identical).

How to Test Your Own Fingerprint

• Cover Your Tracks (EFF) — tests your fingerprint and reports how identifiable you are
• AmIUnique — similar tool with detailed breakdowns of each fingerprint component
• FingerprintJS demo — shows the fingerprint a commercial tracker would compute for you

How to Reduce Your Fingerprint

• Use Tor Browser. Tor specifically normalises the fingerprint across all users so you look identical to every other Tor user. Strongest defence.
• Use Firefox with Resist Fingerprinting enabled (about:config → privacy.resistFingerprinting = true). Makes you look like a generic Firefox user.
• Use Brave with Strict Fingerprinting Protection. Randomises certain fingerprint values per-session.
• Disable JavaScript for sites you don't trust (most fingerprinting requires JS).
• Block third-party scripts with uBlock Origin's advanced mode.

Why You Can't Have It All

Strong fingerprint resistance breaks things. Tor Browser is slow. Resist Fingerprinting in Firefox sometimes breaks site layouts. Disabling JS breaks most modern web apps. The trade-off is real: privacy vs convenience. Pick the level you can live with.

For most users, the practical middle ground is Firefox or Brave as your daily browser, uBlock Origin enabled, and use Tor Browser when you need stronger guarantees.

What Disposable Email Does and Doesn't Help With

Disposable email hides your real address from the recipient site. It does NOT hide your fingerprint from any site whose JavaScript runs in your browser. The two privacy concerns are separate — both should be addressed, but with different tools.

Related Guides

See also: why your IP reveals identity, what incognito mode actually does, and how cookie tracking works.