Browser fingerprinting: tracking that needs no cookies
Your screen size, fonts, GPU and settings combine into a near-unique signature — trackable with zero cookies and no banner. It is regulated anyway; the industry pretends otherwise.
How it works: scripts read dozens of harmless-looking properties — screen resolution, installed fonts, timezone, language, GPU rendering quirks (canvas/WebGL), audio-stack behaviour — and hash them into a signature that singles your browser out of millions. No cookie stored, nothing to “reject”, survives incognito and cookie-clearing. The legal reality the ad-tech industry ignores: ePrivacy Art. 5(3) covers any access to information on your device — regulators have said plainly that fingerprinting needs the same consent as cookies, and the resulting identifier is personal data under the GDPR (pseudonymous, not anonymous). A site fingerprinting silently after you clicked “reject all” is violating the rules twice, using technology chosen specifically to dodge the first violation’s visibility. Legitimate uses exist — fraud prevention and bot detection at login can qualify as strictly necessary; “analytics and personalisation” cannot. Your defences, honestly rated: Tor Browser and hardened Firefox make you blend into a crowd (strongest); Brave randomises fingerprints per site (good); Safari and Firefox ship partial protections (helpful); standard Chrome offers little. Extensions that block tracker scripts kill most fingerprinting at the source. Perfection is not available — but neither is it required to fall out of the profitable-to-track segment. The wider fight over tracking’s future runs through What’s changing.
Verified against the sources above on 18 July 2026. Information, not legal advice.