Tor Browser eliminates browser fingerprinting by making all users report the same user agent, screen resolution, fonts, and rendering characteristics to trackers, effectively giving them a fingerprint shared by hundreds of thousands of users. This is achieved through letterboxing (gray margins that normalize window size), font standardization, and JavaScript tricks that return identical values to scripts attempting to identify your browser, making you statistically invisible among the crowd.

Understanding Browser Fingerprinting

When you visit a website, your browser reveals numerous pieces of information that can be combined into a unique fingerprint. These include:

• User agent string
• Screen resolution and color depth
• Installed fonts
• Canvas rendering output
• WebGL capabilities
• Audio context fingerprinting
• Hardware concurrency (CPU cores)
• Device memory
• Timezone and locale settings
• Installed plugins and extensions

JavaScript can access most of these properties directly. For example, a tracker might collect your screen resolution:

const screenData = {
  width: screen.width,
  height: screen.height,
  colorDepth: screen.colorDepth,
  pixelRatio: window.devicePixelRatio
};

Or extract canvas fingerprint data:

function getCanvasFingerprint() {
  const canvas = document.createElement('canvas');
  const ctx = canvas.getContext('2d');
  ctx.textBaseline = 'top';
  ctx.font = '14px Arial';
  ctx.fillText('Hello World', 2, 2);
  return canvas.toDataURL();
}

The combination of these values creates a highly unique identifier. Research shows that over 90% of users can be uniquely identified using just a few fingerprinting vectors.

Tor Browser’s Anti-Fingerprinting Strategy

Tor Browser does not simply randomize your fingerprint for each session—a technique that can still be detected through consistency analysis. Instead, it employs a strategy called uniform fingerprinting, where all Tor Browser users appear identical regardless of their actual hardware and software configuration.

Theabout:config Restrictions

Tor Browser locks down numerous browser settings that would otherwise contribute to fingerprinting. Access to many about:config preferences is blocked entirely. The browser reports standardized values for sensitive properties.

For instance, when JavaScript queries window.screen.width, Tor Browser always returns a consistent value (typically 1000) regardless of the actual screen size:

// In Tor Browser, this always returns the same value
console.log(window.screen.width); // Outputs: 1000 (standardized)
console.log(screen.height);       // Outputs: 800 (standardized)

Canvas and WebGL Protection

Canvas fingerprinting is particularly powerful because rendering varies slightly between different hardware and driver combinations. Tor Browser randomizes canvas readback operations, adding invisible noise that changes the output while remaining visually imperceptible:

// When websites attempt canvas fingerprinting, Tor returns
// slightly different data each time while the visual output
// remains consistent to the user
const canvas = document.createElement('canvas');
const ctx = canvas.getContext('2d');
ctx.fillStyle = 'red';
ctx.fillRect(0, 0, 100, 100);
// The actual fingerprint data returned includes random noise
// but the user sees a consistent red rectangle

Font Enumeration Prevention

Websites often attempt to enumerate installed fonts by measuring text width with different font families:

function detectFont(fontName) {
  const baseFonts = ['monospace', 'sans-serif', 'serif'];
  const testString = 'mmmmmmmmmmlli';
  const testSize = '72px';
  const body = document.getElementsByTagName('body')[0];

  const span = document.createElement('span');
  span.style.fontSize = testSize;
  span.innerHTML = testString;
  span.style.visibility = 'hidden';

  let detected = false;

  for (const baseFont of baseFonts) {
    span.style.fontFamily = baseFont;
    body.appendChild(span);
    const defaultWidth = span.offsetWidth;
    body.removeChild(span);

    span.style.fontFamily = `'${fontName}', ${baseFont}`;
    body.appendChild(span);
    const fontWidth = span.offsetWidth;
    body.removeChild(span);

    if (fontWidth !== defaultWidth) {
      detected = true;
      break;
    }
  }

  return detected;
}

Tor Browser prevents this by using a minimal font set and blocking access to font enumeration APIs. The browser reports that only system default fonts are available.

Resistance Extensions and DOM

Tor Browser includes built-in protection against common fingerprinting vectors:

• NoScript integration: Limits JavaScript execution to trusted sites
• Letterboxing: Adds padding to the viewport to prevent screen dimension leakage
• First-party isolation: Cookies and other storage are isolated by origin

The letterboxing technique deserves special attention. When you resize a Tor Browser window, the content area remains constant while gray bars fill the extra space:

/* Tor Browser adds margin/padding to standardize viewport */
/* The actual window size is hidden from websites */
html {
  margin: 0;
  padding: 0;
  background: #333;
}
#container {
  margin: 0 auto;
  max-width: 1000px; /* Standardized content width */
}

The Privacy Trade-offs

This uniform fingerprinting approach comes with trade-offs. Some websites may function differently or display content incorrectly when their fingerprinting scripts fail. Tor Browser provides a security slider that lets users adjust the balance between functionality and privacy:

• Safest: Maximum protection, blocks all JavaScript on non-HTTPS sites
• Standard: Balanced protection and functionality
• More Private: Similar to Standard but disables some features

For developers testing their applications in Tor Browser, understanding these restrictions is crucial. Your analytics and tracking scripts will behave differently—indeed, they should fail to create unique identifiers.

Practical Implications

When you use Tor Browser, websites see the same fingerprint as every other Tor Browser user:

// What websites see from Tor Browser users
{
  userAgent: 'Mozilla/5.0 (Windows NT 10.0; rv:128.0) Gecko/20100101 Firefox/128.0',
  screenWidth: 1000,
  screenHeight: 800,
  timezone: 'UTC',
  language: 'en-US',
  platform: 'Win32',
  hardwareConcurrency: 2,
  deviceMemory: 4
}

This uniformity means that even if a tracker collects your fingerprint, they cannot distinguish you from thousands of other Tor Browser users. The anonymity set—the number of people you could be confused with—becomes effectively infinite from a tracking perspective.

Verifying Your Protection

You can test Tor Browser’s fingerprinting protection using online tools:

1. Open Tor Browser and navigate to a fingerprinting test site
2. Note the fingerprint values reported
3. Open Tor Browser in a new window (new identity)
4. Compare the fingerprint values—they should remain identical

This consistency across sessions is exactly what Tor Browser intends. The goal is not to appear random, but to appear identical to everyone else.

Related Articles

• Tor Browser Canvas Fingerprinting Protection
• Tor Browser Font Fingerprinting Protection
• Browser Fingerprinting Protection Techniques
• Tor Browser Screen Size Fingerprint Protection
• Browser Connection Pooling Fingerprinting How Http2 Connecti

Built by theluckystrike — More at zovo.one