.png)
How To Check Your Own Browser Fingerprint Live: A Guide To Stateless Tracking
Cookies used to be the main way websites recognised you. Now they’re only one small piece.
Modern tracking can still recognise you even if you block or delete cookies entirely, using what’s called stateless tracking—mainly fingerprinting and network inference.
Here’s how it works in practice.
Browser fingerprinting (the main replacement for cookies)
Instead of storing a file on your device (cookie), websites identify your browser itself.
Your browser quietly reveals a combination of traits like:
• operating system (Windows, macOS, Linux)
• browser type and version
• screen size and colour depth
• installed fonts
• language and time zone
• GPU + rendering behaviour (Canvas/WebGL)
• audio processing quirks
Individually, these are harmless. Together, they form a near-unique signature.
So even if you:
• block cookies
• use private browsing
• clear history
…your “digital fingerprint” can still look the same next time.
Canvas + WebGL tracking (subtle but powerful)
These are especially important.
Canvas fingerprinting
A hidden image is drawn using your system’s rendering engine. Slight differences in:
• fonts
• anti-aliasing
• graphics drivers
..produce a unique result.
WebGL fingerprinting
This uses your GPU to render 3D shapes. It exposes:
• graphics card model
• driver behaviour
• rendering pipeline quirks
This tends to be very stable, which makes it useful for long-term tracking.
“Stateless” recognition (no stored identifier needed)
Instead of remembering “User 123”, systems do:
“This browser looks like the same one we saw yesterday.”
They compare your current fingerprint to a database of past fingerprints.
So identity becomes probabilistic:
95% match → likely same user
60% match → uncertain
10% match → new user
This is called probabilistic identity resolution.
IP address + behaviour tracking
Even without cookies or fingerprints, your network still leaks clues:
• IP geolocation (Gives rough location city/region level).
• Behaviour patterns (login times, browsing habits, click paths, device consistency
If you always:
visit the same sites
at the same time
from a similar IP range
you become recognisable over time.
First-party tracking (hard to avoid)
Even if third-party cookies are blocked:
If you log into a service (Google, social media, shopping sites), they can track you using: account login, session tokens, server-side logs.
This is more reliable than cookies because it lives on the server, not your device.
“Supercookies” and storage alternatives
Some tracking methods avoid traditional cookies entirely:
• localStorage (browser storage)
• IndexedDB (structured storage)
• ETags (HTTP caching trick)
• TLS session resumption identifiers
These are harder to notice because they don’t look like cookies.
Cross-site tracking without cookies
Companies can link you across sites using:
• Shared scripts
Same analytics or ad script embedded in many websites.
• IP + fingerprint matching
If the same “unique browser profile” appears across sites, it gets linked.
• Login ecosystems
If you use the same account (e.g. Google login), identity becomes unified.
Why blocking cookies is no longer enough
Old model: cookie = identity
New model: fingerprint + behaviour + network = identity
So modern tracking is:
• less explicit
• harder to erase
• more statistical than deterministic
The important reality check
You’re usually not tracked as a named individual everywhere.
Instead, systems build:
• probabilistic profiles
• device-level identities
• behavioural clusters
So the real goal isn’t “they know exactly who you are,” but:
“they can recognise the same device again with high confidence”
You can see your browser fingerprint live using a few well-known tools that show exactly what websites can infer about your device.
BrowserLeaks (most detailed)
This is one of the most comprehensive sets of tests. It shows:
• Canvas fingerprint (image rendering signature)
• WebGL fingerprint (GPU-based identity)
• Audio fingerprint
• Font list detection
• IP + DNS + WebRTC leaks
• TLS / HTTPS fingerprinting
• Screen + hardware details
It essentially breaks your browser into dozens of “identifying traits.”
AmIUnique (fingerprint uniqueness score)
This one is more about how unique you are compared to others.
It shows:
• A “uniqueness percentage”
• How many users share your fingerprint traits
• Breakdown of identifying features (browser, OS, fonts, etc.)
Good for understanding how easily you stand out online.
EFF Cover Your Tracks (privacy score)
Run by the Electronic Frontier Foundation, this test checks:
• Tracking protection strength
• Fingerprint uniqueness (“in the crowd” vs “unique”)
• Whether trackers can recognise your browser
It’s more privacy-focused and less technical than BrowserLeaks.
What you’ll likely discover
Most people are surprised by this:
• Even without cookies, your browser is often fairly unique
• Common setups (Chrome + Windows + standard resolution) can still stand out
• Small changes (fonts, extensions, GPU, zoom level) affect fingerprint uniqueness
How to interpret results
“Highly unique fingerprint” → easier to track across sites
“Similar to many users” → better privacy
WebRTC leak detected → your real IP may be exposed even with VPN
Canvas/WebGL mismatch → potential tracking signal
If you want to reduce fingerprinting
You can make yourself less unique by:
• Using privacy-focused browsers (e.g. Tor Browser)
• Limiting extensions
• Disabling WebGL (reduces fingerprint detail)
• Using standard screen sizes/resolutions
• Blocking third-party scripts
If you’re looking at your results, here’s how to interpret them
1) The most important result: “Uniqueness”
On sites like Am I Unique or Electronic Frontier Foundation’s Cover Your Tracks, you’ll usually see something like:
“Your browser has a unique fingerprint”
or “1 in X browsers share this fingerprint”
What it means
Highly unique (bad for privacy): your browser stands out; easy to recognise again
Not unique (better): you blend into a larger group
This is the headline metric trackers care about.
2) Canvas & WebGL (high-signal tracking traits)
From tests like BrowserLeaks:
Canvas fingerprint
• Your device draws a hidden image
• Tiny differences = unique signature
WebGL fingerprint
• Based on your GPU + drivers
• Very stable over time
• Often more unique than cookies
👉 If these are “unique” or “partially unique”, that’s normal—but it means you’re trackable without cookies.
3) WebRTC / IP leaks (privacy red flag)
Look for:
• “WebRTC leak detected”
• Multiple IP addresses shown
What matters
If your real ISP IP appears anywhere while using a VPN, that’s a real leak.
If only VPN IP shows → good
This is one of the few actionable issues.
4) Fonts, screen size, and system details
These are “mid-strength” identifiers:
• Installed fonts
• Screen resolution (e.g. 1920×1080)
• OS version
• Language/time zone
Individually weak, but combined they become a strong identifier.
5) “Trust score” tools (like EFF’s)
On Electronic Frontier Foundation’s Cover Your Tracks:
You’ll usually get:
“We think you have strong protection against tracking ads” OR not
“Your browser has a unique fingerprint”
Important nuance
Even “strong protection” ≠ untrackable
It mainly means you block common trackers, not fingerprinting itself.
What actually matters vs what doesn’t
Matters a lot:
• WebRTC leaks
• Canvas/WebGL uniqueness
• Consistency of fingerprint over time
Matters moderately:
• Fonts
• Screen resolution
• Browser version
Mostly noise:
• Small timing variations
• Minor plugin differences
• Random “entropy scores”
In practice, most tracking systems don’t get “defeated” so much as they get blinded, flattened, or made too expensive to trust. The tools that work do it by removing uniqueness or breaking linkage signals—not by hiding everything perfectly.
Here’s what actually disrupts modern cross-site tracking.
1) Tor Browser (the strongest mainstream defence)
Tor Browser is the closest thing to a “reset button” for fingerprinting.
Why it works
Instead of letting each browser be unique, it does the opposite:
Makes all users look very similar
Standardises:
screen size behaviour
fonts
WebGL/Canvas output (or heavily sanitises it)
browser features
Blocks or isolates many tracking APIs
Routes traffic through the Tor network (hides IP)
What this breaks
• Cross-site fingerprint matching (mostly)
• IP-based identity linking
• Many behavioural tracking models
What still works against it (partially)
• Login-based tracking (if you sign into accounts)
• Behaviour inside a single site session
• Advanced heuristic anomaly detection (rare, high effort)
Key idea
Instead of “being invisible,” Tor makes you:
“indistinguishable from thousands of other Tor users”
That’s extremely powerful against fingerprinting.
2) Anti-fingerprinting browsers (moderate–strong)
Browsers like Brave Browser and hardened configurations of Firefox aim to reduce uniqueness.
What they do well
• Block third-party cookies by default
• Randomise or standardise some fingerprint signals
• Isolate sites into separate storage partitions (reduces cross-site linking)
• Block many tracking scripts automatically
What they don’t fully solve
• You can still be fingerprinted if your setup is unique enough
• Some APIs still leak subtle hardware traits
• Logged-in identity still ties everything together
Key limitation
They reduce tracking accuracy, but don’t fully “collapse identity space” like Tor does.
3) Strict anti-fingerprinting settings (Firefox hardening)
A hardened browser setup (especially in Firefox) can significantly reduce tracking:
Typical changes:
• Disable WebGL
• Limit or spoof canvas data
• Reduce available fonts
• Block third-party requests entirely
• Strict cookie partitioning
What this achieves
• Makes fingerprint less stable or less detailed
• Reduces cross-site consistency signals
Tradeoff
• Some websites break or behave oddly
• You may still be somewhat unique depending on configuration
4) Network-level disruption (VPNs, but limited)
Proton VPN and similar tools help, but only partially.
What VPNs actually break
• IP-based linking across sites
• Geolocation inference
• ISP-level profiling
What they do NOT break
• Fingerprinting
• login-based identity
• cross-site behavioural matching (if scripts exist)
Key point
VPNs change your “return address,” not your “digital fingerprint.”
5) Cookie and storage isolation (modern browsers)
Modern browsers like Firefox, Safari, and Brave increasingly use:
• Total cookie isolation per site
• Partitioned storage (localStorage, cache, etc.)
What this breaks
• Cross-site cookie tracking
• Some forms of “supercookie” persistence
• Simple ad network identity sharing
What still remains
• Fingerprinting still works
• Server-side identity linking still works
6) Behavioural noise (surprisingly effective in some cases)
This is less technical and more about reducing consistency:
• Changing browser profiles
• Mixing devices
• Varying browsing patterns
• Avoiding repeated logins across contexts
What it breaks
• Long-term behavioural clustering
• “Same user across time” confidence scoring
Limitation
It increases uncertainty, but doesn’t guarantee anonymity.
7) What actually fully breaks tracking (rare in real life)
To meaningfully defeat modern ad-tech identity merging, you need:
• Strong anti-fingerprinting (Tor-level standardisation)
• No persistent logins across contexts
• No shared identifiers (cookies, device IDs, etc.)
• Minimal behavioural consistency
• No network-level linking (Tor or similar routing)
Even then:
You’re not “invisible,” you’re just very hard to reliably link over time.
8) The key reality
Modern tracking systems don’t need certainty—they work on probability:
95% confidence = “same user”
70% confidence = “likely same user”
30% confidence = “maybe same household/device cluster”
Most privacy tools work by pushing those probabilities down:
• from “high confidence identity match”
• to “uncertain or noisy signal”
Bottom line
Tor Browser → breaks most cross-site identity linking by standardising everyone
Hardened browsers (Brave/Firefox tweaks) → reduce fingerprint strength, but not eliminate it
VPNs → hide network location, not identity
Cookie controls → necessary but no longer sufficient
Comments
Post a Comment