惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Help Net Security
Help Net Security
Engineering at Meta
Engineering at Meta
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
小众软件
小众软件
爱范儿
爱范儿
IT之家
IT之家
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
阮一峰的网络日志
阮一峰的网络日志
C
CERT Recently Published Vulnerability Notes
月光博客
月光博客
Cisco Talos Blog
Cisco Talos Blog
Google DeepMind News
Google DeepMind News
T
Tor Project blog
T
Tenable Blog
Forbes - Security
Forbes - Security
AI
AI
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
NISL@THU
NISL@THU
人人都是产品经理
人人都是产品经理
博客园 - 司徒正美
F
Full Disclosure
雷峰网
雷峰网
N
News and Events Feed by Topic
T
Threatpost
TaoSecurity Blog
TaoSecurity Blog
Simon Willison's Weblog
Simon Willison's Weblog
AWS News Blog
AWS News Blog
Hacker News: Ask HN
Hacker News: Ask HN
S
Secure Thoughts
S
Security @ Cisco Blogs
The Hacker News
The Hacker News
P
Palo Alto Networks Blog
P
Privacy International News Feed
H
Heimdal Security Blog
博客园_首页
MongoDB | Blog
MongoDB | Blog
V
Visual Studio Blog
C
Check Point Blog
Stack Overflow Blog
Stack Overflow Blog
B
Blog RSS Feed
有赞技术团队
有赞技术团队
B
Blog
Microsoft Security Blog
Microsoft Security Blog
S
Schneier on Security
T
Tailwind CSS Blog
C
Cyber Attacks, Cyber Crime and Cyber Security
Project Zero
Project Zero
T
The Exploit Database - CXSecurity.com
U
Unit 42
Jina AI
Jina AI

Privacy International News Feed

Humanless Resources? Uncovering AI recruitment software When algorithms go to war PI’s submission to the UN Working Group on the Use of Mercenaries Collateral Damage: Claude Mythos and the Privacy Risks of AI Key highlights of our 2026 results by season World Food Programme expand Palantir partnership Time to address the human rights implications of AI in the military domain Bad Vibes: AI coding tools and privacy issues How New EU Access to Documents Rules Can Reduce Transparency and Shield Big Tech Privacy International’s submission to the UN High Commissioner for Human Rights on the protection of human rights defenders in the digital age Collateral Damage: Grok AI and the Human Cost of Generative AI From Big Oil to Big Algorithm: Public Money in Private Models Dual-use tech: the BAE Systems example Dual-use tech: the Lockheed Martin example Voter Disenfranchisement: A Privacy Issue Moving Goalposts: Football, Facial Recognition and the Expansion of Surveillance Dangerous data The ILO Convention on decent work in the platform economy Challenging the militarisation of tech: a visual explainer Are IP addresses personal data? PI seeks to inform inquiry of UK Joint Committee on Human Rights on human rights and AI Transparency and explainability for algorithmic decisions at work Our key achievements from 2025 Joint Statement on New Finnish Social Welfare Laws’ Human Rights Implications Privacy International’s remarks at the side event of the 61st Session of the UN Human Rights Council on the Human Rights Impacts of Using Artificial Intelligence in Countering Terrorism What does it mean when Big Tech goes to war? Privacy International & Women on Web - Securing Reproductive Justice: A Guide to Digital Privacy for Sexual and Reproductive Justice Activists
What is digital fingerprinting: Is my device ever truly anonymous?
staff · 2026-04-16 · via Privacy International News Feed

Explainer

Post date

16th April 2026

When it comes to the conversation of advertising technologies (AdTech), you probably typically think about tracker pixels and cookies. However, there is another pernicious tracking technique lurking in how your browser and devices communicate on the internet.

That technique is called digital fingerprinting. This explainer will cover what fingerprinting is, how it works, and why it matters.

What is it?

Fingerprinting is the automatic collection of individual users’ browser and/or device data (e.g., IP address, browser version, Operating System) to create a unique ‘fingerprint’ for that user. This automatic data collection happens at the moment a user accesses a website or app. Typically, it’s not possible for a user to block this information being shared and devices connected to the internet will provide this information when it is requested.

Examples of data that may be automatically collected includes:

  • Browser name
  • Browser version number
  • Operating system
  • Location of the website being accessed
  • IP address
  • Screen size
  • Screen resolution
  • Battery life
  • Timezone
  • Language/locale
  • Installed fonts
  • Hardware details, such as device architecture and memory capacity
  • Referrer, as in which page the user accessed before the current page

On the surface, data like screen size (or more accurately canvas size, as in the size of browser window) and browser data may appear generic and non-identifiable; however, the likelihood of two individuals having the exact same combination of browser and device fingerprint data is so statistically low that individual users are often unique, and consequently identifiable.

You can find out just how unique your device fingerprint using an online tool like one of these:

Photo by Marten Newhall on Unsplash

Why is it done?

There can be practical and justified uses for fingerprinting. Websites and services may need to know certain information about a user’s device in order to appropriately display the content and its layout (e.g. responsive design which allows a website to adapt to whether a phone, tablet or PC is being used)

Or, an online banking website might need to uniquely identify a user to protect against fraud. Unique device identifier data may be needed to distinguish between a trusted user/device versus a potential bot or hacker accessing the site from an entirely different region.

Crash reporting services may also use this type of data, as an app may seek to identify which devices or browsers lead to a higher rate of issues, or seek to understand the geographic breakdown of app crash reports to ‘improve’ services and develop aggregated analytics for prioritising improvements.

While it may not be a problem for an individual website to know that a user is using the mobile version of the site in the GB region, functional reasons for data collection leave the door open to potentially pernicious uses of the same data.

Photo by William Warby on Unsplash

What does this mean for users and our privacy?

A user may accept the collection of their fingerprint data for functional reasons (like crash reporting), but they might not have understood the risk that this data could be used for advertising purposes. Just like cookies, collecting user data through fingerprinting techniques requires the user’s consent. But, because fingerprinting can occur invisibly in the background the moment a user navigates to a website or opens an app, data can be automatically collected before user consent is obtained.

This issue of consent raises wider concerns around the lack of user control. Fingerprinting techniques make it harder for users to both detect what data is being collected about their online activity, and to prevent it happening. Some data that can be used for fingerprinting is sent out without even being requested, meaning that its collection is hard to detect. Even when information must be requested, it may be hard to know when requests are legitimate or not.

While it’s possible to delete cookies from your device, fingerprinting tracks more permanent digital identifiers that a user cannot so easily wipe, such as hardware specifications and browser settings. This type of hardware data can be harder to modify and effectively impossible to delete. Additionally, fingerprinting is harder for browsers and extensions to block, so ‘even privacy-conscious users will find this difficult to stop’.

In the end, fingerprinting is an unfair means of tracking users online that is intrusive, invasive, and prevents control over how information is collected.

What you can do to protect yourself

Options for how to protect against fingerprint tracking largely involve having to make potentially difficult trade offs - ad blockers may sufficiently block some tracking scripts, but they can’t easily block fingerprinting tracking due to fingerprinting being so embedded in the service of browsers and devices. Options include:

  • Browser extensions like cookie managers or ad-blockers traditionally help protect users’ privacy from cookies and similar trackers - but with digital fingerprinting, the downloading of these extensions ironically only provides more unique fingerprint data or may require a higher level of technical knowledge to set up properly.
  • Disabling Javascript as most trackers run on it, but many websites will be inaccessible or their functionality heavily limited because they typically run on Javascript - a significant trade-off.
  • Some browsers offer anti-fingerprinting tools such as browser randomisation or enhanced tracking protections. Their effectiveness may be limited and a more throughly fingerprint-resistant browser, such as Tor, may be a significant trade-off for those who might be required to use a mainstream browser for work or other reasons.
  • Some VPNs also offer some protection by blocking DNS requests to known tracker domains.

The limited control you, the user, have ultimately demonstrates how we’re in the hands of others who get to decide how websites and apps work, such as the amount and type of fingerprint data they collect. The invisible and embedded nature of fingerprinting risks deep tracking and surveillance of users’ online activity and behaviour. With companies like Google able to change their fingerprinting policies at will, and users having to potentially accept a distinct loss in functionality in order to have a tracker-free experience, we are reminded of the need to always be aware of the power imbalances at play in how the internet (and its reliance on advertising) is designed.

Glossary

Ad targeting

Ads are "targeted" when they are aimed at an audience with specific traits based on the product or service that is being advertised.

Ads personalisation

Ads are "personalised" when they are targeted to a specific person based on their perceived or inferred interests or characteristics. These interests and characteristics are themselves derived from previous online activity, such as visited websites or apps used.

Browser addon

A plugin that extend the functionnalities of your browser. Addons are browser specific, an addon for Firefox might not be available for Chrome. Addons can be nefarious, don't install anything without prior research.

Tracking pixel

Used to identify your online activities. A website or tracking firm gets your browser or mail app to download an invisible image, that is linked to a unique tracking object stored on the server, thereby disclosing to the server that you have undertaken an activity. When in an email, it indicates to the server that you have opened the email.