(Almost) Every Way Websites Fingerprint You

What is browser fingerprinting?

Every time you visit a website, your browser shares information about your device, system preferences, and browser configuration. Here is an example of your browser fingerprint represented as 8 emojis that is identical across all browsers on the same device:

πŸ”„ πŸ”„ πŸ”„ πŸ”„ πŸ”„ πŸ”„ πŸ”„ πŸ”„

It is generated by using a combination of your device's hardware and system preferences. It is designed to be difficult to spoof (as doing so may lead to breaking website's functionality) and should give you the same result whether you’re using Chrome, Firefox, Safari, or Edge.

Here is the list of data that is used to generate the fingerprint:

As you can see, this technique is not very sophisticated. It can be used by websites to understand what device you are using, but since it can only produce under 10,000 unique fingerprints, it is not precise enough to uniquely identify website visitors.

A more practical example is a fingerprint generated using more system parameters:

πŸ”„ πŸ”„ πŸ”„ πŸ”„ πŸ”„ πŸ”„ πŸ”„ πŸ”„

Besides data points mentioned above, it also includes information on WebGL and audio capabilities, more information about your display, as well as your timezone:

Unless you are actively trying to spoof these parameters, they change very rarely and ensure that the website owner can track you with reasonable accuracy across browser updates and resets.

Websites that receive a lot of traffic and try to track you, however, use over a hundred different parameters to generate a fingerprint. Here is an example:

πŸ”„ πŸ”„ πŸ”„ πŸ”„ πŸ”„ πŸ”„ πŸ”„ πŸ”„

In this case, many more parameters are used. Some of them are:

  • Screen Resolution
  • Device Pixel Ratio
  • Audio Capabilities
  • Mathematical Computations
  • Timezone
  • Language
  • Installed Browser Plugins
  • System Preferences
  • Available Fonts
  • WebGL Rendering
  • Canvas Rendering

At this point you might be asking yourself, but what about my location? Even though it is relatively easy to guess your approximate location based on your IP address (you seem to be located in United States πŸ‡ΊπŸ‡Έ), it is not used as often these days because many users use VPNs and other privacy-focused tools that hide their true location.

Same goes for browser cookies. While some websites still use them for analytics, their popularity is declining rapidly as popular browsers like Firefox and Safari are blocking them by default. Moreover, tracking website activity based on requests is becoming more popular with startups like Simple Analytics, which allow website owners to get general information about website usage without invading your privacy or having to display a cookie popup in the EU and California.

Lastly, something that will soon become an artifact of the past is local port scanning. A few years ago, it was common for websites to check if ports ranging from 80 to 65535 were open on your device, by simply sending a request to localhost:PORT_NUMBER. This can be used to determine what applications you have installed such as Discord (6463–6472), Skype (23399), Viber (4303), Microsoft Teams (3478–3481), etc. Luckily, since June 9 2025, Google Chrome requires users to allow websites to do that via a prompt, with Firefox following suit sometime in the future.

How to protect yourself

If you are concerned about your browser fingerprint, your best option by far is to use TOR Browser, which is designed to be as anonymous as possible. Please note that it is only useful for browsing the web, not for logging into your personal accounts.

Additionally, you can use Donut Browser to create multiple browser profiles with different settings and extensions, which will not protect you from fingerprinting, but will make it harder for websites to track you across different activities.

Where to learn more

If you want to dive deeper into browser fingerprinting, I recommend checking out the Electronic Frontier Foundation's Panopticlick, which tests how unique your browser fingerprint is and explains what makes you trackable.

You can also test your browser's fingerprint uniqueness at AmIUnique and explore the technical details of what information your browser is sharing.

Have questions? Feel free to send me an email at contact at donutbrowser dot com.