Table of contents
- What online tracking really is
- Cookies: what they are and what they no longer do
- Device IDs: when the device matters more than the browser
- How fingerprinting works in practice (with an Example)
- Why fingerprinting is so effective
- Why this topic is still rarely discussed
- Future implications: where we are headed
Every time you open a website, scroll a page or click on a link, you leave behind a trail of data. Some traces are obvious, like cookies. Others are almost impossible to notice, such as browser fingerprinting or the use of device IDs.
The question is no longer whether you are tracked online, but how much and how.
This article aims to answer a growing curiosity among privacy-aware users: understanding what really happens “under the hood” of the modern web, distinguishing between well-known techniques and invisible tracking, explaining the difference between cookies and fingerprinting, and showing why you can still be identifiable even if you do not accept anything.
What online tracking really is
Talking about online tracking means talking about the ability of a website, an advertising network or an analytics service to recognize a user over time. There is no need to know your real name: it is enough to understand that “it’s you” today, tomorrow and next week.
Historically, this role was played by cookies, small text files stored in the browser. But as user awareness, regulations and blocking tools increased, tracking evolved into less visible and more sophisticated forms.
The key point is that tracking is not only about marketing. It is also used to prevent fraud, manage login sessions and personalize content. The problem arises when tracking becomes opaque, undisclosed and difficult to control.
Cookies: what they are and what they no longer do
Cookies are files stored by the browser at the request of a website. They can be session or persistent cookies, first-party or third-party.
For years, they were the main profiling tool: a cookie with a unique identifier allowed an advertising network to follow you from one site to another.
Today, however, cookies have three major limitations:
- They are visible
You can see them, delete them and block them. - They are regulated
GDPR requires explicit consent for many uses. - They are fragile
A simple browser cleanup can remove them.
This has pushed the industry toward more resilient alternatives.
Beyond cookies: the rise of invisible tracking
When we talk about invisible tracking, we refer to techniques that do not store anything on your device but instead use already available information to create a probabilistic or deterministic identifier.This is where browser fingerprinting comes into play.
Browser fingerprinting: your browser’s digital signature
Browser fingerprinting is a technique that combines dozens (sometimes hundreds) of parameters from your browsing environment to create a unique “signature”.
Nothing needs to be installed, and no explicit consent banner is required: the browser is simply queried.
Some examples of data used in browser fingerprinting include:
- User agent (browser, version, operating system)
- Screen resolution
- Time zone and language
- Installed fonts
- Support for WebGL, Canvas, AudioContext
- Extensions and plugins
- Graphics rendering behavior
Individually, these data points identify no one. Together, however, they become extraordinarily unique.
Cookies vs fingerprints: the key difference
The difference between cookies and fingerprints is not only technical, but conceptual.
Cookies are stored data.
Fingerprints are observed data.
This means you can:
- Delete cookies
- Block third-party cookies
- Browse in incognito mode
But you cannot easily “delete” the combination of characteristics that define your device. Every time you go online, your fingerprint can be recalculated.
Device IDs: when the device matters more than the browser
In addition to browser fingerprinting, there are device IDs, especially in the mobile and app ecosystem. A device ID is an identifier linked to the hardware or operating system: think of it as a digital license plate.
On smartphones and smart TVs, device IDs are often used for:
- Targeted advertising
- Behavioral analytics
- Anti-fraud systems
Here too, regulations aim to limit their use, but alternatives continue to emerge.
How fingerprinting works in practice (with an Example)
Imagine visiting a website. In the background, a JavaScript script is executed:
const fingerprint = {
userAgent: navigator.userAgent,
language: navigator.language,
screen: `${screen.width}x${screen.height}`,
timezone: Intl.DateTimeFormat().resolvedOptions().timeZone
};
console.log(fingerprint);This is an extremely simplified example. In reality, fingerprinting libraries collect dozens of signals and convert them into a hash.
The result is not “John Smith”, but “User X with a 99.3% probability”. And that is more than enough for tracking.
Why fingerprinting is so effective
Browser fingerprinting is effective because it exploits the diversity of digital environments. Each user customizes, updates, installs and modifies their setup. Every choice increases entropy, meaning uniqueness.
Paradoxically, the more you try to “personalize” your setup, the more recognizable you become.
Privacy and consent: a slippery slope
One reason fingerprinting is considered so “wow” is that it bypasses traditional consent mechanisms.
Many cookie banners do not mention fingerprinting at all. Yet from a privacy perspective, the effect is similar, if not worse.
European authorities have started addressing the issue, but practical enforcement is complex: how do you request consent for something that does not store data?
Are you really anonymous in incognito mode?
The short answer is: no.
Incognito mode does not prevent browser fingerprinting. It only avoids saving history and cookies, while the fingerprint remains unchanged.
This is one of the most common misconceptions, even among very privacy-conscious users.
Defense tools: what actually works
Defending against invisible tracking is possible, but it involves trade-offs.
Some effective strategies include:
- Privacy-oriented browsers
- Anti-fingerprinting extensions
- Reducing the attack surface (fewer plugins, fewer customizations)
- Isolating browsing contexts
No solution is perfect. The realistic goal is not to become invisible, but less distinguishable.
The online privacy paradox
Here an interesting paradox emerges.
To protect their privacy, many users install extensions, custom themes and advanced configurations.
The result? An even more unique fingerprint.
True privacy often comes from uniformity, not exception.
Why this topic is still rarely discussed
Browser fingerprinting is difficult to explain, invisible and generates no notifications.
There is no popup saying, “We are calculating your digital fingerprint”.
Yet it is one of the pillars of the modern web.
Talking about it means going beyond the surface of cookies and that is where many articles stop.
Future implications: where we are headed
As third-party cookies are gradually phased out, fingerprinting and device IDs will become increasingly central.
At the same time, regulatory and technical pressure to limit abuse will continue to grow.
The game is not over. It has just begun.
Conclusion
Understanding how tracked you really are online is a leap in awareness. Cookies are no longer the main enemy. The real issue is fingerprinting, invisible tracking and the ability to recognize you even when you believe you are leaving no traces.
For privacy-aware users, knowledge is the first line of defense—not to live in suspicion, but to navigate clearly within a digital ecosystem that rewards observation, correlation and recognition.
Questions and answers
- Is browser fingerprinting legal?
It depends on its use and regulatory context, but it is increasingly under scrutiny. - Are cookies now useless?
No, but they are no longer the only tracking tool. - Can I completely avoid fingerprinting?
It is very difficult, but you can reduce its effectiveness. - Does a VPN block fingerprinting?
No, it hides your IP address but not your browser fingerprint. - Do anti-tracking extensions really work?
Yes, but with limitations and trade-offs. - Does fingerprinting work on mobile devices too?
Yes, often combined with device IDs. - Does accepting or rejecting cookies change anything?
It affects cookies, not fingerprinting. - Do mainstream browsers protect against fingerprinting?
Some do more than others, but none completely. - Is fingerprinting more invasive than cookies?
Often yes, because it is harder to control. - Is it really worth worrying about?
If you care about privacy, understanding how it works is already a big step forward.
