Understanding Browser Fingerprinting

Browser fingerprinting is a tracking technique that identifies users by collecting and combining dozens of attributes exposed by your browser and operating system. Unlike cookies, fingerprints require no local storage, leave no file on your device, and cannot be "cleared" with a button click. The combination of your screen resolution, installed fonts, GPU renderer string, timezone, language, platform, and dozens of other signals creates a signature that is unique to you in the vast majority of cases.

What Gets Fingerprinted

Modern fingerprinting scripts collect a wide range of signals. Some are obvious, others are surprisingly obscure. Here are the major categories:

• Canvas fingerprinting — draws invisible graphics on an HTML5 canvas and reads back the pixel data. Subtle differences in font rendering, anti-aliasing, and GPU processing produce unique hashes.
• WebGL fingerprinting — queries the GPU renderer and vendor strings, supported extensions, and rendering output to identify hardware.
• AudioContext fingerprinting — processes an audio signal and measures subtle differences in the audio stack output across devices.
• Font enumeration — detects which fonts are installed by measuring the rendered dimensions of text in various typefaces.
• Navigator properties — User-Agent string, platform, language, number of CPU cores (hardwareConcurrency), device memory, Do Not Track header.
• Screen properties — resolution, color depth, pixel ratio, available screen area (which reveals taskbar size and position).
• Timezone and locale — your UTC offset, Intl.DateTimeFormat resolved options, and locale-specific number/date formatting.
• Installed plugins and extensions — while plugin enumeration is largely dead in modern browsers, some extensions can still be detected via DOM modifications or timing side channels.

How Unique Is Your Fingerprint?

Research by the EFF (through their Panopticlick / Cover Your Tracks project) found that 83.6% of browsers had a unique fingerprint, and that number rose to 94.2% for browsers with Flash or Java enabled. Even without plugins, modern fingerprinting combining canvas, WebGL, and AudioContext can uniquely identify the vast majority of browsers. A fingerprint with just 33 bits of entropy can distinguish every person on Earth.

Defenses Against Fingerprinting

Defending against fingerprinting is harder than blocking cookies because the data is collected passively through normal browser APIs. There are two broad strategies: blending in with the crowd, and randomizing your attributes.

Blending In (Uniformity)

The Tor Browser takes this approach — it makes every user look identical by shipping a fixed window size, a common User-Agent, a standard set of fonts, and uniform canvas/WebGL output. The larger the pool of identical-looking browsers, the less useful fingerprinting becomes. Firefox's resistFingerprinting setting applies many of the same defenses.

Randomization

Extensions like CanvasBlocker inject random noise into canvas and WebGL readouts on every page load, making your fingerprint inconsistent over time. This prevents stable tracking but may make you stand out as "someone using anti-fingerprinting tools," which could be a signal in itself.

Testing Your Fingerprint

• Cover Your Tracks (coveryourtracks.eff.org) — tests fingerprint uniqueness and tracking protection.
• BrowserLeaks (browserleaks.com) — detailed breakdowns of canvas, WebGL, font, and other fingerprinting vectors.
• CreepJS (abrahamjuliot.github.io/creepjs/) — a cutting-edge fingerprinting demonstration that tests advanced techniques.
• AmIUnique (amiunique.org) — compares your fingerprint against a large database of collected fingerprints.