Browser fingerprinting

Browser fingerprinting is the technique of identifying a specific browser instance from the combination of attributes it exposes: user-agent string, screen resolution, time zone, installed fonts, hardware concurrency, WebGL renderer, audio context, language headers, plus dozens of other JavaScript-accessible properties. The cumulative entropy of those attributes uniquely identifies a browser without needing cookies. Used by advertising networks, fraud-detection services, and tracking products to follow users across cookie clears and across sites.

What it means in practice

Cookie deletion does not defeat fingerprinting. The user clears cookies; the next page load builds the same fingerprint from the same attribute set; the tracker recognizes the user. The defense is to make the fingerprint either generic (all users look the same: the Tor Browser approach, where the design goal is for every Tor user’s browser to be cryptographically indistinguishable) or randomized (the fingerprint changes per session: the Brave approach with their farbling layer). Firefox with Resist Fingerprinting enabled gets partial Tor-style genericness. Chrome’s Privacy Sandbox proposals theoretically address this; the operational implementation has not delivered the protection at the level Apple’s Safari Intelligent Tracking Prevention or Mullvad Browser already provide.

Where it shows up

Standard infrastructure on: most major commercial websites (advertising networks fingerprint to defeat cookie clearing), banking and financial-services fraud detection (legitimate use case: the fingerprint helps detect account takeover), travel and ticket-purchase sites (anti-bot purposes), and increasingly any service where the operator wants persistent identification across sessions without requiring login. Tested by: amiunique.org and coveryourtracks.eff.org both run fingerprinting tests in your browser and report the entropy and uniqueness of the resulting fingerprint. Most users discover their fingerprint is unique among the millions tested, which is the operational reality the defenses must address.

What you can change today

Three layers. Layer 1 (everyone): use Firefox with uBlock Origin and EasyPrivacy filter list, which blocks the most aggressive fingerprinting scripts at the network level before they execute. Layer 2 (privacy-conscious): switch to Mullvad Browser (mullvad.net/download/browser) for general browsing, which ships with Tor-Browser-style anti-fingerprinting baked in but without the Tor-network latency. Layer 3 (high-target): use Tor Browser for any session that must not be cross-correlated with prior sessions, accept the latency cost. Firefox’s Resist Fingerprinting (about:config, privacy.resistFingerprinting, true) provides intermediate protection at the cost of breaking some sites.

Related articles