Cookies have been the primary mechanism for tracking users across the web for decades. But as privacy regulations tightened and browsers implemented cookie blocking (Safari’s Intelligent Tracking Prevention, Firefox’s Enhanced Tracking Protection, Chrome’s planned cookie deprecation), the tracking industry adapted.

The replacement technology is browser fingerprinting: identifying users based on the unique characteristics of their browser and device configuration. No cookies required. No local storage. Just analysing the data your browser voluntarily sends with every page request and JavaScript execution.

And it’s disturbingly effective.

What Browser Fingerprinting Is

A browser fingerprint is a composite profile built from dozens of data points that your browser exposes to websites you visit. Individually, these data points seem harmless. Collectively, they create a signature that’s often unique to your specific browser instance.

Data points used in fingerprinting include:

User agent string: Browser name, version, operating system Screen resolution and colour depth: 1920x1080, 24-bit colour Installed fonts: The list of fonts on your system is surprisingly unique Installed plugins: Flash, PDF readers, etc (less relevant in 2026 as plugins have mostly disappeared) Canvas fingerprinting: JavaScript draws an image using the HTML5 canvas element. Tiny rendering differences between systems create a unique hash. WebGL fingerprinting: Similar to canvas, but using the WebGL graphics API. GPU and driver differences create identifying characteristics. Audio fingerprinting: Analysing audio processing through the Web Audio API reveals hardware and software differences. Timezone and language settings Do Not Track header status HTTP headers: Accept headers, encoding preferences Battery status (on devices that support the Battery API) Installed browser extensions (detectable through side-channel attacks even if not explicitly listed)

Sites like AmIUnique and Panopticlick let you test your browser’s uniqueness. The results are sobering: most browsers are identifiable among millions of others based on fingerprinting alone.

Why Fingerprinting Is Hard to Stop

Cookie blocking is straightforward: don’t accept third-party cookies, and cross-site tracking breaks. Stopping fingerprinting is harder because it relies on information your browser legitimately needs to send.

Websites need to know your screen resolution to serve appropriately sized images. They need font information to render text correctly. WebGL is used for legitimate 3D graphics and games. You can’t just disable all of these features without breaking modern websites.

The privacy community’s response has been to pursue techniques that make fingerprints less unique without breaking functionality:

Standardisation: If all browsers report the same user agent, screen resolution, and font list, fingerprinting becomes much less effective. This is the approach Tor Browser takes—every Tor user presents an identical fingerprint.

Randomisation: Slightly alter reported values so your fingerprint changes between sessions. This prevents persistent tracking but doesn’t make you anonymous in the moment.

Selective blocking: Disable the most invasive fingerprinting techniques (canvas, WebGL, audio) while leaving basic information accessible.

Each approach has trade-offs between privacy and usability.

What Browsers Are Doing

Brave: Blocks most fingerprinting by default, randomises fingerprints for remaining techniques. Provides multiple shield levels (standard, aggressive, disabled). Canvas and WebGL fingerprinting are blocked in aggressive mode.

Firefox: Enhanced Tracking Protection blocks known fingerprinting scripts. Resistfingerprinting mode (enabled in about:config) standardises many values to reduce uniqueness, though it can break some sites.

Safari: Intelligent Tracking Prevention includes some fingerprinting protections, though less aggressive than Brave or Firefox. Apple focuses on reducing cross-site tracking rather than blocking all fingerprinting.

Chrome: As of March 2026, Chrome has limited built-in fingerprinting protection. Google’s business model depends on advertising, and aggressive fingerprinting blocking conflicts with advertiser interests. The upcoming Privacy Sandbox initiative aims to provide privacy-preserving alternatives to third-party cookies, but whether it meaningfully addresses fingerprinting is debated.

Tor Browser: The gold standard for anti-fingerprinting. Every Tor user presents the same fingerprint. This creates true anonymity among the Tor user population, at the cost of some site functionality and slower speeds.

Browser Extensions for Fingerprinting Protection

uBlock Origin: Primarily an ad blocker, but also blocks many fingerprinting scripts. The “Block remote fonts” option reduces font-based fingerprinting. Built-in filter lists target fingerprinting services.

Canvas Blocker: Specifically targets canvas and WebGL fingerprinting. Randomises canvas output so fingerprints change between sessions. Works well with Firefox but can occasionally break sites that use canvas for legitimate purposes.

Privacy Badger (EFF): Learns to block trackers over time, including fingerprinting scripts. Less aggressive than Brave’s shields but effective for common fingerprinting services.

NoScript: Blocks JavaScript by default, which prevents most fingerprinting. But disabling JavaScript breaks the majority of modern websites, so practical usability requires selectively allowing scripts.

Specialists working on custom AI development note that machine learning is increasingly being deployed on both sides of this arms race—fingerprinting services use ML to correlate partial fingerprints and deduce identity, while privacy tools use ML to detect and block new fingerprinting techniques.

Practical Steps to Reduce Fingerprinting

Use a privacy-focused browser. Brave or Firefox with enhanced protections enabled provide the best balance between privacy and usability for most users. Tor Browser for maximum anonymity.

Disable WebGL if you don’t need it. WebGL is one of the most effective fingerprinting vectors. In Firefox, set webgl.disabled to true in about:config. This breaks some games and graphics-heavy sites but eliminates a major tracking technique.

Block third-party fonts. In uBlock Origin, enable “Block remote fonts” under settings. This reduces font-based fingerprinting at the cost of some sites looking less polished (they’ll fall back to default system fonts).

Use standard screen resolution. If possible, use a common screen resolution (1920x1080 is the most common). Unusual resolutions make you more identifiable.

Minimise browser extensions. Extensions make your fingerprint more unique because they modify browser behaviour in detectable ways. Only use essential extensions.

Clear site data regularly. Even with fingerprinting protection, persistent login sessions and local storage can re-identify you. Regularly clearing site data forces fresh sessions.

Accept that perfect anonymity is impractical. Unless you’re using Tor Browser exclusively, your fingerprint will be somewhat unique. The goal is making tracking harder and more expensive, not achieving perfect anonymity.

The Surveillance Trade-Off

Complete protection from fingerprinting means using Tor Browser with JavaScript disabled, never logging into any accounts, and accepting significant functionality loss. That’s appropriate for whistleblowers, journalists in hostile countries, and activists facing state-level adversaries.

For most people, the practical approach is using a privacy-respecting browser with fingerprinting protections enabled, blocking known tracking scripts, and accepting that determined adversaries can still track you with sufficient resources.

The reality is that privacy on the modern web exists on a spectrum. Cookie blocking was a major win that’s now mainstream. Fingerprinting is the next frontier, and browsers are slowly catching up. But advertisers and trackers have enormous financial incentives to develop new techniques.

The arms race continues. Stay informed, update your browser, use privacy tools, and understand that perfect privacy requires trade-offs most people aren’t willing to make in daily browsing.