You clear your cookies and browse only in incognito mode. You are very conscious about not leaving your footprints on any site.
Then here's the twist; even when you visit a website for the first time, it still recognizes you. Even though you haven't accepted any of the website's cookies, or have logged in. So how does it know?
That's because your browser just handed over a detailed portrait of itself which is enough to pick you out of millions and that's browser fingerprinting. Let's break it down.
It gathers information on your screen resolution, your OS version, installed fonts, graphic capabilities, cookies enabled/ disabled, hardware characteristics, software configuration, timezone, language settings, how your browser renders a specific piece of text.
Individually, they are unremarkable but when combined, they are unique fingerprint that distinguishes one user from the other.
The fingerprint may be stored by the website, shared with analytics, or sent to advertising networks.
Cookies are visible. You can delete them, block them, inspect them. Fingerprinting is none of those things. There is no file to delete. There is no API call you can block without breaking large parts of the web.
There is no banner legally required to disclose it (in most jurisdictions). It happens at the rendering and hardware level, and it works whether or not you are "opted in" to anything.
Even if you have logged in incognito mode, it doesn't change your hardware, your GPU, your fonts, or your screen resolution, a fingerprint collected in incognito mode is often identical to one collected in a regular session. The two can be linked.
Difference between cookies and fingerprinting
Cookies | Browser fingerprinting |
Stored on the device | Generated based on device characteristics |
Can be deleted | Difficult to erase completely |
Might request for user's consent | User might not be aware of the data being collected. |
Browser fingerprinting isn't inherently malicious. The technique can be a double-edged sword used for both security and tracking purposes.
Advertisers and analytics: The obvious use case. Advertising networks use fingerprinting to: track users across websites, measure campaign effectiveness, continue recognizing or tracking even after cookie deletion. (talk about irony)
Fraud detection: This ones comparatively fair. Say, you login into your bank account from a device with a new fingerprint or fingerprint associated with previous suspicious or fraudulent activity. The system flags the activity for additional verification.
Bot detection: Automated tools, bots, and headless browsers often generate unusual, incomplete, or nearly identical browser fingerprints making it easier to identify and flag. By analyzing browser fingerprints, organizations can distinguish legitimate users from automated traffic, detect session hijacking attempts when a session suddenly appears from a different device profile, monitor suspicious login behavior, and prevent account misuse. This helps strengthen security without relying solely on passwords or cookies.
If you have noticed any of the following, remember they are not signs from the universe. It's just that your browser fingerprinting is taking it's job seriously.
Product or service recommendations on websites you have just visited for the first time.
Advertisements based on your previous searches.
In some cases, online prices might also differ based on your device and browser.
Security challenges (CAPTCHAs) appearing more frequently when your browser configuration changes.
Streaming or banking platforms flagging a login as unusual because you're using a different browser or device setup.
Retail or travel websites showing urgency messages such as "Only 2 rooms left" or "Price increased since your last visit".
A simple rule of thumb: If a website seems to recognize your device despite clearing cookies, logging out, or using private browsing mode, browser fingerprinting may be playing a role behind the scenes.
Browser fingerprinting cannot be completely prevented without breaking parts of the modern web. However, Ulaa helps reduce browser fingerprinting by preventing websites from compiling unique device and software configurations to track you.
Auto-reset browser IDs: Ulaa automatically refreshes certain browser identifiers and browsing data between sessions, making it more difficult for websites to build long-term profiles based on persistent browser characteristics.
Multi-ID system: Ulaa uses a multi-ID model across its isolated browsing modes (Personal, Work, Developer) to ensure sessions cannot be mapped back to your identity.
Built-in ad/ tracker blockers: Through its multi-tier blocker, Ulaa blocks many third-party trackers, advertising scripts, and known tracking domains before they can execute.
What is browser fingerprinting?
Browser fingerprinting is a tracking method that collects specific hardware, software, and configuration details from your device to create a highly accurate, unique identifier.
What is the difference between cookies and fingerprinting?
Cookies and browser fingerprinting are both used to identify and track you online, but they operate very differently. The key difference is that cookies store data on your device, whereas fingerprinting reads your device's unique configuration and calculates an ID on a remote server.