You might think that enabling private browsing mode, clearing cookies, and using ad blockers are enough to protect your online privacy. However, the reality is that even if you do all of this, websites can still identify you precisely using browser fingerprinting – much like fingerprints are used to identify criminals.
Recently, Mozilla announced it would be incorporating browser fingerprint protection in Firefox 72, sending a clear signal: browser fingerprinting has become a serious privacy threat.
Simply put, browser fingerprinting is the process of collecting various characteristic information from your device and browser to generate a unique ID for identifying and tracking you.
Unlike traditional cookies, browser fingerprinting doesn't need to store anything on your device. It only requires running a snippet of JavaScript code to silently gather your information. The scariest part is that you have no idea this process is even happening.
Among the three core web technologies – HTML (page structure), CSS (style design), and JavaScript (interactive logic) – JavaScript is the key tool for browser fingerprinting. Today, almost all websites rely on JavaScript. From Facebook to Google Docs, these services wouldn't function without it.
And it's precisely this technology that makes the internet powerful that also becomes a tool for tracking you.
JavaScript can easily access various pieces of information about your device, including but not limited to:
• Screen resolution and orientation (portrait or landscape)
• Operating system type (Windows, macOS, Linux, Android, iOS, etc.)
• Browser type and version (Chrome, Firefox, Safari, etc.)
• Device type (phone, tablet, laptop, or desktop)
• Default language and time zone
• Installed browser plugins (e.g., Adobe PDF Reader, VLC Media Player)
• Whether Microsoft Office and specific applications are installed
• Whether the browser window is minimized
• Whether the mouse cursor is active in the current tab
In addition to this basic information, there are three more "hardcore" tracking methods:
Font Rendering Test: This technique uses JavaScript to draw hidden text off-screen and identifies you by detecting subtle differences in how different devices render fonts. Each device's processor, graphics card, and drivers are different, leading to variations in how even the letter "A" is rendered at the pixel level.
WebGL Fingerprint: WebGL is a powerful graphics rendering technology used for drawing 2D and 3D graphics on web pages. Differences in graphics cards and drivers across devices cause minor variations in rendering results, which can be used to identify you.
Canvas Fingerprint: Canvas is an HTML5 element used for dynamically drawing graphics. By detecting how the browser draws Canvas content, a unique device fingerprint can also be generated.
A single piece of information might not be enough to identify you – for example, around 60% of people use Chrome, and many users have a resolution of 1920×1080. However, when these seemingly ordinary pieces of information are combined, they can form a highly unique identity marker.
According to tests by the Panopticlick tool developed by the Electronic Frontier Foundation (EFF), most users' browser fingerprints can generate an entropy value of 18 bits or more, meaning you can be identified from over 260,000 people.
In actual tests, by comprehensively using the technologies mentioned above, browser fingerprints can even reach an entropy of 33 bits – enough to precisely identify one person out of the global population of 8.5 billion.
Even more frighteningly, even if you:
• Use private browsing mode
• Clear all cookies
• Enable the "Do Not Track" feature
• Turn on Firefox's Enhanced Tracking Protection
Browser fingerprinting can still identify you. This is because these measures primarily target cookies and traditional tracking technologies, rendering them almost ineffective against JavaScript-based fingerprinting.
Unfortunately, there is no perfect solution currently. However, the following methods can reduce the risk to some extent:
The browser fingerprint protection announced by Mozilla for Firefox 72 is a good start, but even Mozilla admits this feature is "helpful but not perfect." As mainstream browsers gradually incorporate anti-fingerprinting technologies, the situation will improve.
The EFF recommends using the Tor Browser, which is specifically designed for privacy protection. However, even with Tor, you still need to disable JavaScript to truly prevent fingerprinting – this will render 95% of websites unusable.
• Use common browsers (like Chrome or Firefox), and avoid niche browsers like Vivaldi or Opera.
• Don't install too many obscure browser plugins.
• Keep your browser and operating system settings in common configurations.
The problem with this approach is that it's hard to know what "most people" are using, and sacrificing personalization for privacy isn't very practical.
The most important thing is to make more people aware of the existence of browser fingerprinting. When the public realizes the problem, regulators and tech companies will be forced to take action.
In various privacy hearings, when Facebook and Google claim "we don't track users," we need to ask: What about browser fingerprints?
Cookies are small files stored on your device that can be deleted or blocked. Browser fingerprinting, on the other hand, doesn't store anything on your device; it identifies you by reading device information via JavaScript, making it harder to defend against.
No. Private browsing mode primarily prevents cookies and browsing history from being saved, but your device configuration, screen resolution, font rendering method, and other characteristics remain unchanged, so browser fingerprinting is still effective.
While some companies have claimed to stop using browser fingerprints, the development of anti-fingerprinting protection by Mozilla and continuous warnings from the EFF indicate that browser fingerprinting is still widely used. Given the online advertising industry's reliance on user tracking, this technology has almost certainly not disappeared.
Theoretically, yes, but the cost is that the internet will become almost unusable. Modern websites rely heavily on JavaScript; disabling it will cause most websites to break severely or become completely inaccessible. You can use plugins like NoScript to selectively enable JavaScript, but this will make the browsing experience very cumbersome.
If you care about online privacy, then yes. Browser fingerprints can track your online behavior across websites and sessions, even if you have taken conventional privacy protection measures. This means your seemingly anonymous browsing activities might actually be constantly monitored and recorded.
Outline
