If you’ve been online in the last decade, you’ve likely heard that companies (such as Facebook, Twitter, and Google) that provide free products make you the product and sell your data. They catalog what you look at, where you go, and how long you’re there. You may already know that cookies are the primary way they do this.
But there’s another way that sites can track you, by a method known as Browser Fingerprinting. Most browsers allow a programing language known as JavaScript to do interesting things with web pages. One such thing is to load bits and pieces of pages rather than have to refresh. It allows endless scrolling in feeds (if you’ve ever had a chat with a support agent in a browser window or used Facebook messenger off a phone, you’ll see a good example in action).
It also lets the website capture basic information about your computer and browser, then sends it back to the website. It can usually tell what web browser you’re using (and if it’s up to date), your operating system, screen resolution, fonts you have installed, language, and time zone. It can grab enough details to narrow down to a small pool of people — sometimes even just down to you. This doesn’t mean they know who you are, but they can track you across multiple websites without using a cookie or violating the law. They take all these variables and can convert them into a number called a hash, and that number goes into a database to assign information to a cookie. Over time companies can narrow down who you are by comparing against other info they have already stored and identified. What’s worse is that ad blockers and Incognito Mode don’t block it.
You can find out your browser fingerprint’s uniqueness by using a site like “Am I Unique?” There are browser add-ins that can help block fingerprinting, such as Canvas Blocker for Chrome and No Fingerprint for Firefox.