Privacy Tools Guide

Browser fingerprinting tracks you without cookies. It builds a unique profile from your browser’s characteristics — screen resolution, fonts, canvas rendering, WebGL output, timezone, language, and dozens of other signals — that persists even after you clear cookies or use a VPN.

This guide covers the specific fingerprinting vectors, what each one exposes, and the techniques that actually reduce them.

How Fingerprinting Works

Fingerprinting combines many data points to create a unique identifier:

// A simplified example of what fingerprinting scripts collect
const fingerprint = {
  userAgent: navigator.userAgent,
  screen: `${screen.width}x${screen.height}x${screen.colorDepth}`,
  timezone: Intl.DateTimeFormat().resolvedOptions().timeZone,
  language: navigator.language,
  platform: navigator.platform,
  hardwareConcurrency: navigator.hardwareConcurrency,
  deviceMemory: navigator.deviceMemory,
  canvas: getCanvasFingerprint(),
  webgl: getWebGLRenderer(),
  fonts: getInstalledFonts(),
  audioContext: getAudioFingerprint()
};

No single property is unique. The combination is. A 2023 study found that combining just 8-12 properties identified 99%+ of browsers uniquely.

Test Your Current Fingerprint

Before making changes, establish a baseline:

Note your uniqueness score, then test again after each change to see improvement.

Vector 1: Canvas Fingerprinting

Canvas fingerprinting asks your browser to draw text/shapes on an invisible canvas. Subtle differences in font rendering, anti-aliasing, and GPU compositing produce a value unique to your browser+OS+hardware combination.

What It Looks Like in Practice

function getCanvasFingerprint() {
  const canvas = document.createElement('canvas');
  const ctx = canvas.getContext('2d');
  ctx.textBaseline = 'top';
  ctx.font = '14px Arial';
  ctx.fillText('Browser fingerprint: 🌍', 2, 2);
  return canvas.toDataURL();
}

Protections

Tor Browser: Randomizes canvas output per session — returns noise instead of true rendering.

Firefox with privacy.resistFingerprinting:

Open about:config and set:

privacy.resistFingerprinting = true

This enables Firefox’s fingerprinting resistance mode, which includes canvas randomization.

Canvas Blocker extension (Firefox/Chrome): Blocks or randomizes canvas API responses.

Brave Browser: Reports a randomized canvas fingerprint per site per session.

Vector 2: WebGL Fingerprinting

WebGL exposes your GPU model and renderer string — a specific combination that narrows down hardware considerably.

const gl = document.createElement('canvas').getContext('webgl');
const renderer = gl.getParameter(gl.RENDERER);
// Returns something like: "ANGLE (NVIDIA, NVIDIA GeForce RTX 3080, OpenGL 4.5.0)"

Protections

In Firefox about:config:

webgl.disabled = true           # Disables WebGL entirely (breaks some sites)
webgl.enable-webgl2 = false     # Disables WebGL 2 specifically

Vector 3: Font Enumeration

Your browser can be asked to measure text rendered in various fonts. If a font is installed, the text dimensions differ from the fallback font. This reveals which fonts you have installed — a stable, OS-dependent fingerprint.

// Font detection via canvas measurement
function isFontAvailable(font) {
  const canvas = document.createElement('canvas');
  const ctx = canvas.getContext('2d');
  const baseline = ctx.measureText('mmmmmmmmmmlli').width;
  ctx.font = `72px ${font}, monospace`;
  return ctx.measureText('mmmmmmmmmmlli').width !== baseline;
}

Protections

There is no good way to install many custom fonts while preventing fingerprinting. If privacy matters, use a browser with built-in resistance rather than trying to manage fonts manually.

Vector 4: Audio Context Fingerprinting

The Web Audio API processes audio through your hardware. Tiny differences in floating-point operations produce a unique value per device.

function getAudioFingerprint() {
  const audioCtx = new AudioContext();
  const oscillator = audioCtx.createOscillator();
  const analyser = audioCtx.createAnalyser();
  oscillator.connect(analyser);
  analyser.connect(audioCtx.destination);
  oscillator.start(0);
  const data = new Float32Array(analyser.frequencyBinCount);
  analyser.getFloatFrequencyData(data);
  return data.slice(0, 10).join(',');
}

Protections

Disable Audio API entirely (breaks audio on some sites):

In Firefox about:config:

media.webaudio.enabled = false

Vector 5: Timezone and Language

Your system timezone and browser language are stable identifiers that correlate with your location.

Intl.DateTimeFormat().resolvedOptions().timeZone  // "America/New_York"
navigator.language                                  // "en-US"
navigator.languages                                 // ["en-US", "en"]

Protections

In Firefox with privacy.resistFingerprinting:

For manual control without privacy.resistFingerprinting:

javascript.options.wasm = false    # Doesn't help with timezone

Better approach: use a browser profile with privacy.resistFingerprinting enabled, or use Tor Browser for sensitive browsing.

Vector 6: Hardware and Browser Properties

navigator.hardwareConcurrency   // Number of CPU cores
navigator.deviceMemory          // RAM in GB
screen.width, screen.height     // Screen resolution
screen.colorDepth               // Color depth

These are stable across sessions. Many users have 4-16 CPU cores, 8-32GB RAM, and standard screen resolutions — but the combination narrows things.

Protections

Which Browser Provides the Best Protection?

Tor Browser

Best fingerprinting resistance available. Uses fingerprinting resistance by design — everyone who runs Tor Browser looks the same (the “crowd” approach). Limitations: slow, not for everyday use.

Firefox with Hardening

With privacy.resistFingerprinting = true plus the following about:config settings:

privacy.resistFingerprinting = true
privacy.resistFingerprinting.block_mozAddonManager = true
privacy.trackingprotection.fingerprinting.enabled = true
privacy.trackingprotection.enabled = true
geo.enabled = false
media.navigator.enabled = false
webgl.disabled = false    # Keep enabled — disabling it is itself a fingerprint
dom.battery.enabled = false
dom.vibrator.enabled = false

This provides strong protection without being as restrictive as Tor Browser.

Brave Browser

Brave’s “Shields” fingerprinting protection is on by default. It randomizes fingerprint vectors per site per session rather than trying to match a crowd. Effective, but the randomization approach means your fingerprint is inconsistent, not invisible.

Go to brave://settings/shields to configure:

Chrome and Edge

No meaningful fingerprinting protection. Do not use these for privacy-sensitive browsing.

Test After Hardening

After applying protections, re-run the fingerprint tests:

# Use curl to check what basic browser info you expose without JavaScript
curl -s -A "Mozilla/5.0" https://browserleaks.com/user-agent | grep -i "unique"

# Or run a headless browser test
npx playwright chromium --screenshot https://coveryourtracks.eff.org screenshot.png

Visit https://coveryourtracks.eff.org and look for:

Realistic Expectations

No browser is completely un-fingerprintable on the open web. The goal is to:

  1. Blend into a larger crowd (Tor Browser approach)
  2. Break the stability of the fingerprint so tracking across sessions fails (Brave approach)
  3. Reduce the number of unique signals so fingerprint confidence is lower

Combining good browser choice with a VPN or Tor removes the network-layer correlation that would otherwise link your anonymized fingerprint to your real IP.

Built by theluckystrike — More at zovo.one

Explore Our Developer Guides

© 2026 theluckystrike Developer Guides