Browser Fingerprinting Explained: How Websites Track You Without Cookies

← Voltar ao blog

You can clear your cookies, browse in private mode, and switch on a VPN — and a website can still recognise you on your next visit. The technique that makes this possible is called browser fingerprinting, and it's one of the most underappreciated tracking methods on the modern web. This article explains how it works, why it's so effective, and what genuinely reduces it (and what doesn't).

What a browser fingerprint is

Every time your browser loads a page, it shares a surprising amount of technical detail so the site can display correctly. Individually these details seem harmless. Combined, they form a signature that's often unique to your specific device.

The signals typically include:

  • User-agent string — your browser name, version, and operating system.
  • Screen resolution and colour depth.
  • Timezone and language settings.
  • Installed fonts — the exact set you have can be very revealing.
  • Graphics rendering — how your device draws a hidden image using your GPU and drivers (called canvas and WebGL fingerprinting).
  • Hardware hints — number of CPU cores, available memory, touch support.
  • Audio processing — subtle differences in how your device handles sound.

No single value identifies you. But stack a dozen of them together and the combination is frequently one-in-thousands or rarer. That's enough to recognise you across visits without storing anything on your device at all.

You can see many of these values for yourself on the Check My Setup homepage — it reads exactly the data any site can silently collect and lays it out so you can see your own fingerprint.

Why it's so powerful

Cookies have an obvious weakness from a tracker's point of view: you can delete them. Fingerprinting sidesteps that entirely. There's nothing to delete, because the "identifier" is computed fresh from your device's characteristics every time.

It also survives measures people assume protect them:

  • Private/incognito mode changes almost none of these values, so your fingerprint is nearly identical.
  • A VPN hides your IP address but leaves the rest of the fingerprint untouched.
  • Clearing cookies does nothing, because no cookie is involved.

This is why two privacy tools you trust can both be active while a tracker still follows you across sites.

The paradox of "more privacy tools"

Here's the counterintuitive part. Some attempts to be more private actually make you more identifiable, because they make you more unusual. A browser loaded with rare extensions, an exotic font set, or unusual settings stands out from the crowd. Fingerprinting works on uniqueness — and being unique is exactly what you don't want.

The most fingerprint-resistant approach is to look as much like everyone else as possible: a common browser, on a common operating system, with default settings. Blending in beats standing out.

What actually reduces fingerprinting

No method is perfect, but these genuinely help, roughly in order of effectiveness:

  1. Use a browser with built-in anti-fingerprinting. Some browsers deliberately standardise or block the most revealing signals — for example, by reporting a generic set of values for canvas, fonts, and screen size so that many users look identical. This is the single biggest lever.

  2. Use a mainstream browser with default settings. The more your configuration matches millions of others, the weaker your fingerprint. Resist the urge to pile on niche extensions.

  3. Disable or limit JavaScript-heavy APIs where you can tolerate it. Much fingerprinting relies on JavaScript reading canvas, WebGL, and audio. Blocking scripts on untrusted sites removes a lot of surface — at the cost of some sites breaking.

  4. Keep your browser updated. Vendors steadily close fingerprinting vectors, so the current version is usually the most resistant.

What doesn't meaningfully help: incognito mode, clearing cookies, or a VPN alone. They're useful for other things, but not for fingerprinting.

How to check your own exposure

The first step to managing something is seeing it. Open the homepage and look at how much your browser exposes by default — user-agent, screen size, timezone, language, and more. Then try the same in a different browser, or with an anti-fingerprinting browser, and watch how the picture changes. It's a quick, concrete way to understand which of your tools actually move the needle.

The honest bottom line

Browser fingerprinting is real, widely used, and resistant to most of the privacy habits people rely on. You can't eliminate it, but you can reduce it dramatically by blending in rather than standing out — a mainstream browser with fingerprint protection and default settings beats a heavily customised one every time. And crucially, fingerprinting is a separate problem from IP exposure: hiding one does nothing for the other, which is why a complete privacy setup addresses both. For the IP side, see what someone can do with your IP address.

See what your browser is giving away right now on the Check My Setup homepage — it's an eye-opener.