Block all cookies. Use private browsing. Install three different ad blockers. Switch to Brave. None of that stops the tracking. Open a fresh browser tab, visit a single website, and within milliseconds that site can identify you with surprising accuracy. Across devices, across sessions, and across the supposedly anonymous boundaries you thought you were hiding behind.
This is browser fingerprinting. It's been the biggest privacy story of the past three years that almost nobody talks about. Cookies got the headlines and the GDPR popups. Fingerprinting just kept getting better in the background.
What actually gets fingerprinted
A fingerprint isn't one piece of data. It's dozens of small ones that, put together, point to exactly one browser on exactly one device. Any single signal on its own is boring. Your screen is 1920x1080. You're in the America/Chicago timezone. You have Chrome 142 on Linux. Your audio context renders a specific waveform. Your GPU draws a particular WebGL test pattern in 14 milliseconds. Your installed fonts include "Cantarell" and "Nimbus Sans".
None of that is sensitive on its own. Combine 15 to 30 of those signals, and the EFF's Cover Your Tracks project consistently finds that 80-90% of browsers are uniquely identifiable. The team at FingerprintJS (a commercial fingerprinting service that openly sells this capability to fraud-prevention teams) claims 99.5% accuracy and roughly six-month persistence. Meaning you can clear cookies, reinstall your browser, switch IPs via VPN, and the fingerprint still matches.
The really sneaky stuff
The indirect signals are where it gets weird. Canvas fingerprinting asks your browser to draw an invisible image, then hashes the result. Because slight differences in your GPU, drivers, font rendering, and OS produce slight differences in the rendered image, the hash is essentially unique to your machine. AudioContext fingerprinting does the same trick with the Web Audio API: generate a tone, measure how the browser processed it, hash the result.
Then there's the genuinely weird stuff. Battery level. Device motion sensors on phones. The order in which your browser reports installed extensions (yes, by name, in some cases). Even how long it takes your CPU to perform certain math operations. Researchers have been finding new fingerprinting vectors faster than browsers can patch the existing ones for over a decade now.
Why most "privacy" tools don't help
Cookie blockers were built to fight cookies. Ad blockers block known ad domains. Neither stops a site you actually want to use from running fingerprinting JavaScript inside its own page. uBlock Origin can block known third-party fingerprinting libraries, which catches maybe half the obvious cases and zero of the homemade ones.
VPNs are even less helpful here. A VPN changes your IP. It does not change your fonts, your timezone, your screen resolution, or your audio waveform. A site that fingerprints you over a VPN gets the same fingerprint as one that fingerprints you on your real connection. They just see a different IP next to the same person.
Even private/incognito mode is mostly cosmetic against fingerprinting. It clears cookies and history when you close the window. The fingerprint? Same as it was. Visit a site in incognito and a site you visited regularly last week recognizes you instantly.
What actually works
The only browser doing real fingerprint defense in 2026 is Tor Browser, and it does it by making every Tor user's fingerprint identical. Same fonts, same screen size (they letterbox the window), same canvas output. The trade-off is everything looks slightly broken and pages run slower. For day-to-day browsing, that's a lot to give up.
For a more livable middle ground, Brave's "Strict Fingerprinting Protection" mode randomizes a handful of the most-fingerprinted APIs (canvas, audio, WebGL) on each session, which doesn't make you anonymous but does make the fingerprint shift constantly. Firefox added a similar feature in 2024 called privacy.resistFingerprinting that you have to enable manually in about:config. It works pretty well and you barely notice it most of the time.
Mullvad Browser (a Tor-based fork without the Tor network) is probably the best option if you want Tor's fingerprint protections without the slow circuit. It's been my default for sensitive browsing for about eight months.
The honest answer
You can't fully escape fingerprinting on the modern web. The tools to do it exist, and the people who deploy them are doing so because the fingerprint is more reliable than any cookie they could set. Saying "use a different browser" feels like dodging the question. It's also the best advice anyone can give you. If your threat model includes ad networks and data brokers, a fingerprint-resistant browser cuts your trackability dramatically. If it includes a determined adversary, nothing in this article is going to be enough.
It's frustrating. The web didn't have to be this way. But here we are, and pretending fingerprinting doesn't exist isn't going to make it stop.
