Browser fingerprinting explained: How websites track you without cookies?

Browser fingerprinting explained: How websites track you without cookies?

You clear your cookies and browse only in incognito mode. You are very conscious about not leaving your footprints on any site.

Then here's the twist; even when you visit a website for the first time, it still recognizes you. Even though you haven't accepted any of the website's cookies, or have logged in. So how does it know?

That's because your browser just handed over a detailed portrait of itself which is enough to pick you out of millions and that's browser fingerprinting. Let's break it down.

What is browser fingerprint?

A browser fingerprint is a collection of technical attributes gathered from your normal browsing activities. When a user visits a website, it runs small tests and executes JavaScript in the background that slowly gathers information about device and browser and combines them into a unique profile.

It gathers information on your screen resolution, your OS version, installed fonts, graphic capabilities, cookies enabled/ disabled, hardware characteristics, software configuration, timezone, language settings, how your browser renders a specific piece of text.

Individually, they are unremarkable but when combined, they are unique fingerprint that distinguishes one user from the other.

The fingerprint may be stored by the website, shared with analytics, or sent to advertising networks.

 

Why cookies aren't even close to the full picture?

Cookies are visible. You can delete them, block them, inspect them. Fingerprinting is none of those things. There is no file to delete. There is no API call you can block without breaking large parts of the web.

 

There is no banner legally required to disclose it (in most jurisdictions). It happens at the rendering and hardware level, and it works whether or not you are "opted in" to anything.

 

Even if you have logged in incognito mode, it doesn't change your hardware, your GPU, your fonts, or your screen resolution, a fingerprint collected in incognito mode is often identical to one collected in a regular session. The two can be linked.

Difference between cookies and fingerprinting


Cookies

Browser fingerprinting

Stored on the device

Generated based on device characteristics

Can be deleted

Difficult to erase completely

Might request for user's consent

User might not be aware of the data being collected.

 

Who uses it and why?

Browser fingerprinting isn't inherently malicious. The technique can be a double-edged sword used for both security and tracking purposes.  

 

Advertisers and analytics: The obvious use case. Advertising networks use fingerprinting to: track users across websites, measure campaign effectiveness, continue recognizing or tracking even after cookie deletion. (talk about irony)

 

Fraud detection: This ones comparatively fair. Say, you login into your bank account from a device with a new fingerprint or fingerprint associated with previous suspicious or fraudulent activity. The system flags the activity for additional verification.

Bot detection: Automated tools, bots, and headless browsers often generate unusual, incomplete, or nearly identical browser fingerprints making it easier to identify and flag. By analyzing browser fingerprints, organizations can distinguish legitimate users from automated traffic, detect session hijacking attempts when a session suddenly appears from a different device profile, monitor suspicious login behavior, and prevent account misuse. This helps strengthen security without relying solely on passwords or cookies.

 

How to check if your browser is under the scanner?

If you have noticed any of the following, remember they are not signs from the universe. It's just that your browser fingerprinting is taking it's job seriously.

  • Product or service recommendations on websites you have just visited for the first time.

  • Advertisements based on your previous searches.

  • In some cases, online prices might also differ based on your device and browser.

  • Security challenges (CAPTCHAs) appearing more frequently when your browser configuration changes.

  • Streaming or banking platforms flagging a login as unusual because you're using a different browser or device setup.

  • Retail or travel websites showing urgency messages such as "Only 2 rooms left" or "Price increased since your last visit".

 

A simple rule of thumb: If a website seems to recognize your device despite clearing cookies, logging out, or using private browsing mode, browser fingerprinting may be playing a role behind the scenes.

How Ulaa helps you reduce browser fingerprinting data?

Browser fingerprinting cannot be completely prevented without breaking parts of the modern web. However, Ulaa helps reduce browser fingerprinting by preventing websites from compiling unique device and software configurations to track you.

 

  • Auto-reset browser IDs: Ulaa automatically refreshes certain browser identifiers and browsing data between sessions, making it more difficult for websites to build long-term profiles based on persistent browser characteristics.

  • Multi-ID system: Ulaa uses a multi-ID model across its isolated browsing modes (Personal, Work, Developer) to ensure sessions cannot be mapped back to your identity.

  • Built-in ad/ tracker blockers: Through its multi-tier blocker, Ulaa blocks many third-party trackers, advertising scripts, and known tracking domains before they can execute.

Frequently Asked Questions.

  1. What is browser fingerprinting?

 

Browser fingerprinting is a tracking method that collects specific hardware, software, and configuration details from your device to create a highly accurate, unique identifier.

 

  1. What is the difference between cookies and fingerprinting?

 

Cookies and browser fingerprinting are both used to identify and track you online, but they operate very differently. The key difference is that cookies store data on your device, whereas fingerprinting reads your device's unique configuration and calculates an ID on a remote server.

 

    • Related Articles

    • Declutter your browser with tabs manager

      We hardly close our browser or even the laptop lid in the fear of losing our browser tabs. Letting go of your precious tab collections is not easy, and sometimes even painful. If you feel this situation resonates with you, this blog is for you. We ...
    • The Impact of WEI on User Privacy: Unveiling the Hidden Concerns

      The Web Environment Integrity (WEI) API, developed by Google, claims to enhance website security by verifying browser integrity and blocking malicious activities. However, this feature seemingly favours Google and its browsers while putting ...
    • 5 Ulaa Features to Breeze through your Exam Prep

      We know all too well that preparing for exams can be stressful. There will be screaming, and crying, and you will often find yourself stuck in a hopeless pit of "What am I gonna do?" But with the right tools, you can make this process more manageable ...
    • New to Ulaa? Check out this beginners guide

      Using a new browser can be overwhelming, especially if the new features and settings are unfamiliar. You can quit worrying since this can happen to the best of us. In the beginner's guide, we will help you get started with a simple overview of Ulaa ...
    • What is Widevine digital rights management?

      What is DRM? Digital rights management is a technology that proactively controls the distribution, use and modification of copyrighted digital content such as software, videos, music albums and much more. This technology makes stealing copyrighted ...