Practical privacy guide
Browser fingerprinting: practical privacy guide
Browser fingerprinting isn’t magic. It combines many small browser and device signals that can identify you, even if cookies are blocked.
This guide explains what truly matters, which protections help, and how to build a setup private enough for daily use without breaking sites.
The useful short version
If you remember only one thing: a VPN changes your network identity, but fingerprinting occurs within the browser. For better privacy, use a browser that makes you look typical, keep extensions minimal, and separate private activity from personal logins.
Contents
How browser fingerprinting works
A fingerprint isn’t a single secret number but a pattern. Your browser reveals small details so sites can display pages properly, play media, render graphics, select language, and prevent fraud. Fingerprinting converts these details into a tracking profile.
1. The site loads scripts
Websites can run JavaScript to query your browser’s capabilities and behaviour.
2. The browser responds
Your browser reveals details like screen size, graphics behaviour, language, timezone, audio, and installed features.
3. Signals are combined
Individually these details are ordinary, but combined they form a stable pattern.
4. The pattern is analysed
If the same pattern reappears later, the site or tracker may recognise it as the same browser.
Signals that make your browser identifiable
One signal alone is usually weak; the combination is the issue. A common screen size plus a common browser isn’t unique. Add unusual fonts, graphics behaviour, language, timezone, extensions, and media features, and the profile becomes far easier to identify.
Canvas rendering
Your browser draws a hidden image. Minor differences in graphics drivers, fonts, and antialiasing can produce a recognisable result.
WebGL and GPU
3D graphics can disclose GPU model, driver behaviour, shader precision, and rendering quirks.
Fonts and text metrics
Installed fonts and text measurement can reveal your operating system, apps, and language settings.
Screen and window
Screen size, pixel ratio, zoom level, and browser window size can narrow the crowd.
Audio behaviour
Audio APIs can create subtle device-specific differences even without audible sound.
Extensions and settings
Unusual extension mixes, disabled APIs, and rare privacy flags can make you stand out.
What really helps and what doesn’t
Fingerprint protection is counterintuitive: the oddest privacy setup is often easier to detect than a dull, common one. Aim for fewer unique details, not a browser that shouts custom configuration.
| Measure | How much it helps | Why |
|---|---|---|
| Use Mullvad Browser or Tor Browser | Strong | They aim to make many users appear similar rather than exposing unique setups. |
| Maintain a dedicated privacy profile | Strong | Separating personal logins from sensitive browsing prevents identity leaks. |
| Block third-party trackers | Helpful | It blocks scripts that gather fingerprints across multiple sites. |
| Use a VPN | Partial | It changes your IP address and network route, but browser signals remain. |
| Install numerous privacy extensions | Risky | A rare combination of extensions can form part of the fingerprint. |
| Randomise everything | Risky | Constantly changing values may appear suspicious and break sites without making you typical. |
Change fewer things, but change the right ones.
Block intrusive tracking, use a privacy-focused browser, avoid too many extensions, and keep sensitive browsing in a separate profile or browser. This offers most users better real-world privacy than endlessly tweaking hidden settings.
Recommended setup by situation
There’s no single perfect setup. The right choice depends on what you’re protecting: everyday ad privacy, research, or high-risk identity separation.
For everyday browsing
You want fewer ads and less tracking without battling every login page.
- Use Brave, Safari, or a carefully hardened Firefox profile.
- Keep uBlock Origin or one trusted blocker, not a large extension collection.
- Block third-party cookies and clear site data for untrusted services.
For OSINT, testing, and sensitive reading
You need stronger separation but still want websites to function properly.
- Use Mullvad Browser with a trusted VPN.
- Avoid logging into personal Google, Meta, Microsoft, or shopping accounts.
- Keep downloads, bookmarks, and autofill separate from your main profile.
For high-risk identity separation
You accept slower speeds and stricter rules because linking the session to you would be costly.
- Use Tor Browser with default settings.
- Do not resize the window or add extra extensions.
- Never mix personal accounts, real phone numbers, or reused usernames.
Browser choice: quick overview
Browsers adopt varied strategies: some randomise signals, others standardise users, and some mainly block ads. Standardisation tends to offer stronger fingerprint resistance as many users appear similar.
| Browser | Best suited for | Strength | Watch out |
|---|---|---|---|
| Mullvad Browser | Private daily research | Strong fingerprint standardisation without the Tor network. | Use it cleanly; personal logins still identify you. |
| Tor Browser | Maximum anonymity | Best standardisation and network anonymity when configured properly. | Slower, more blocked, and easily weakened by custom changes. |
| Brave | Everyday privacy | Effective built-in tracker blocking and fingerprint protection. | Less uniform than Tor or Mullvad Browser. |
| Firefox with Resist Fingerprinting | Custom privacy configurations | Can reduce numerous high-value signals. | Advanced settings may break websites and make your profile unusual. |
| Safari | Apple ecosystem privacy | Good baseline protections with fewer extension combinations. | Less control and not available everywhere. |
| Chrome or Edge | Prioritise compatibility | Works almost everywhere and supports basic privacy settings. | Not a strong fingerprinting option without extra controls. |
Proton VPN
Proton VPN is a solid default if you want a privacy-focused VPN alongside a separate browser profile: audited apps, strong leak protection, and simple daily setup.
The 5 minute fingerprint check
Don’t guess. Test your current browser, change one thing, then test again. This is the quickest way to see if a privacy tweak truly helps or just feels better.
Test your current browser
Open the fingerprint test and note the visible IP, browser, screen, canvas, WebGL, and WebRTC results.
Change one thing at a time
For example, switch browser, enable a privacy feature, or remove an extension. Don’t change five things simultaneously.
Test again
Compare what became less unique and what remained unchanged. This is more useful than a generic checklist.
Watch for identity leaks
Check if WebRTC, language, timezone, login status, or extensions reveal more than anticipated.
Choose the simplest effective setup
Keep your setup stable. A dull, consistent profile is usually better than constant tweaking.
Mistakes that increase fingerprinting risk
Misconception: incognito mode as protection
Incognito mode mainly limits local history and cookies after closing the window. It doesn’t erase your browser fingerprint.
Using a VPN and thinking that’s enough
A VPN conceals your IP from websites, but canvas, WebGL, fonts, timezone, and extensions remain browser-side signals.
Creating an extension collection
Each additional extension can alter behaviour. Too many privacy tools may make you less typical, not more private.
Logging into personal accounts
If you log into your real accounts, fingerprint resistance matters less as you’ve identified yourself directly.
Conclusion: aim to be ordinary, not invisible
The best practical fingerprinting strategy is to appear less unique, leak fewer signals, and keep identities separate. A perfect setup isn’t necessary for meaningful privacy.
For most users, the ideal setup is simple: one regular browser for personal accounts, one privacy-focused browser for sensitive browsing, a minimal extension set, and a VPN when network privacy is important.
FAQs
Can I fully prevent browser fingerprinting?
Not fully achievable in normal browsing. You can reduce uniqueness, block many trackers, and separate identities, but any usable browser reveals some technical details.
Does a VPN prevent browser fingerprinting?
No. A VPN changes your visible IP and network path. Fingerprinting reads browser and device behaviour, so browser-level protection is still necessary.
Is Tor Browser better than Brave for fingerprinting?
For fingerprint resistance, yes, if you keep Tor Browser at default settings. Brave is generally easier for daily use, but Tor focuses on making users appear similar.
Can privacy extensions worsen fingerprinting?
Yes. A small trusted set helps, but a rare mix of extensions and custom settings can itself become a recognisable signal.
Does incognito mode conceal my fingerprint?
No. Incognito mode reduces local traces and starts with cleaner cookies, but the browser can still reveal many fingerprinting signals.
What is the best practical setup for most users?
Use your regular browser for personal accounts, a separate privacy-focused browser for sensitive browsing, keep extensions minimal, block third-party trackers, and add a VPN when network privacy is important.