Incognito Can't Hide You: Browser Fingerprinting Explained

You open an incognito window, flip on a VPN, wipe your cookies, and you feel invisible. You're not. The site knew it was you before the page finished loading. This is browser fingerprinting: how websites identify and track you without cookies, without storing anything on your machine, across different browsers and networks. We cover how it works, why incognito and VPNs barely dent it, the entropy math that names one machine out of billions, canvas and WebGL and audio fingerprinting, the header and TLS signals that give you away before any JavaScript runs, and the twist almost nobody sees coming: everything you do to hide can make you easier to find. By the end you'll know which crowd to disappear into, and how to test your own fingerprint in five seconds. ⏱️ Chapters 00:00 You feel invisible. You are not. 00:50 Cookies vs fingerprints: the name tag you can't peel off 02:13 33 bits: how weak signals name one machine in billions 02:59 Canvas, WebGL & audio fingerprinting 04:08 Why blocking scripts barely helps 04:27 Headers, TLS & JA3: fingerprinted before JavaScript runs 05:31 The backfire: hiding harder makes you easier to find 06:29 Blend or lie: Tor, Mullvad, Brave & the two real strategies 07:27 What actually works (Tor, Brave, Safari, Firefox) 07:53 Who's really fingerprinting you: fraud defense vs ad tracking 08:29 Test it yourself: Cover Your Tracks + FingerprintJS 08:54 Quit trying to be nobody 🔎 What you'll learn Why a fingerprint survives cleared cookies, incognito mode, and a VPN The 33 bits of entropy it takes to single out one person on Earth Canvas, WebGL, and AudioContext fingerprinting, explained simply HTTP header order, TLS handshakes, and JA3: fingerprinting before JavaScript runs Why hardening your browser and anti-fingerprint extensions can backfire Blend vs lie: how Tor, Mullvad, and Brave actually beat fingerprinting Who's really fingerprinting you (fraud and bot defense vs ad tracking) How to test yourself with EFF's Cover Your Tracks and the FingerprintJS demo What is browser fingerprinting? It's a stateless tracking technique that builds a unique ID from dozens of weak signals your browser already exposes: screen size, fonts, timezone, graphics hardware, and how it renders text and audio. Because nothing is stored on your device, there's nothing to delete, which is why it works in incognito mode and survives a VPN. Clearing cookies is changing your shirt. You've still got the same face. 🧪 Test your own fingerprint EFF Cover Your Tracks → https://coveryourtracks.eff.org FingerprintJS demo → https://fingerprintjs.github.io/finge... 📚 Sources & further reading EFF, "How Unique Is Your Web Browser?" (Panopticlick, Eckersley 2010) Mowery & Shacham, "Pixel Perfect: Fingerprinting Canvas in HTML5" (2012) Acar et al., "The Web Never Forgets" (2014) Englehardt & Narayanan, "Online Tracking: A 1-Million-Site Measurement" (2016) Gómez-Boix et al., "Hiding in the Crowd" (2018) W3C, "Mitigating Browser Fingerprinting in Web Specifications" Tor Project — Fingerprinting protections Brave — Privacy through randomization (farbling) Mozilla — Firefox Fingerprinting Protection (FPP, Firefox 145) Apple — Safari Advanced Tracking and Fingerprinting Protection UK ICO statement on advertiser fingerprinting (Dec 2024) JA3/JA4 TLS fingerprinting (Salesforce / Cloudflare bot management) Subscribe for animated deep dives on the tech you use every day →    / @devsplainers   #browserfingerprinting #privacy #cybersecurity