Over the last decade, the internet has become cluttered with layers of intrusive cookie popups. They are a UX and accessibility challenge, often using dark patterns—for example hiding the ‘reject’ button deep within the navigation or omitting it entirely—to steer users towards accepting tracking cookies.
In theory, these popups exist to give users control over how the website uses their data, but in practice they are often overly complicated, poorly implemented, and flawed. Cookie tracking should be managed at the browser level, not the website level.
The good news is that the era of the tracking cookie is nearing its end, with most browsers now blocking third-party cookies by default.
However, a more persistent and less visible tracking method is growing: browser fingerprinting.
Browser fingerprinting is one of the most difficult tracking techniques for users to control. Unlike cookies, which can be blocked or deleted, fingerprinting collects subtle details about a user’s browser and device—such as screen resolution, installed fonts, and how graphics are rendered—to create a unique identifier. This allows websites and advertisers to track users across sessions without their knowledge or consent.
Traditionally, fingerprinting has been discouraged beyond security applications, largely because users cannot control it. This makes it harder to align with data protection laws that require transparency and consent. In early 2025, Google made a significant policy change that permits fingerprinting-based tracking within its Privacy Sandbox framework, raising questions about the long-term impact on privacy.
What’s driving this shift? While Google has positioned itself as a supporter of privacy, pushing cookie deprecation and the Privacy Sandbox framework, its strategic interests are clear. Google's dominance in online advertising is facing growing regulatory scrutiny and competition from emerging AI-driven search models like OpenAI’s ChatGPT and Perplexity. Consolidating data flows within its own ecosystem helps Google adapt to this new landscape.
How Browser Fingerprinting Works
Each time you visit a website, your browser shares information about your system—operating system, browser version, screen resolution, installed fonts, and even subtle details like how your device renders graphics or processes audio. When combined, these details can create a fingerprint unique enough to track users across different websites.
Common fingerprinting techniques include:
- Canvas Fingerprinting – Uses the HTML5
<canvas>element to detect device-specific rendering differences. - WebGL Fingerprinting – Gathers details from a device’s graphics processing unit (GPU).
- Audio Fingerprinting – Analyses how sound waves are processed by the device.
- Behavioural Fingerprinting – Observes user actions such as mouse movements, typing patterns, and scrolling behaviour.
Google’s 2025 Policy Shift
In early 2025, Google made a significant policy change that permits fingerprinting under specific conditions within its Privacy Sandbox framework. The company argues this allows for more controlled, privacy-conscious advertising practices compared to traditional third-party tracking. However, critics suggest it also consolidates Google's role as a gatekeeper for online data, potentially limiting competition.
This development is particularly notable given the rise of AI-powered search engines like OpenAI’s ChatGPT and Perplexity, which are challenging Google’s dominance in search. As user habits evolve, maintaining detailed user profiles helps Google sustain its advertising model even as traditional tracking methods like cookies fade away.
The Rise of Fingerprinting in Digital Tracking
Originally, browser fingerprinting was mainly used for fraud prevention and bot detection. Banks and security firms still rely on it to verify legitimate users and detect anomalies. Over time, advertisers and analytics firms have adopted fingerprinting as a way to track users in the face of stricter cookie regulations.
A 2021 study of the Alexa Top 100,000 websites found that nearly 10% of the sites used scripts to generate fingerprints, often without informing users. With growing restrictions on cookies, especially following Google’s phased deprecation of third-party cookies, browser fingerprinting has become an attractive alternative for advertisers looking to maintain cross-site tracking capabilities.
The Broader Privacy and Competition Concerns
Browser fingerprinting raises a number of legal and ethical concerns:
- GDPR Compliance – The EU’s data protection laws require transparency and consent for data collection. Unlike cookies, fingerprinting operates passively, often without explicit permission.
- Anonymity vs. Persistent Tracking – Although companies often claim fingerprints are anonymous, research shows they can be used to build persistent profiles.
- Market Power – Embedding fingerprinting within large ecosystems may disadvantage smaller competitors who cannot access the same data.
- Regulators are already examining the role of dominant tech firms in the advertising market, and Google's shift is likely to add further scrutiny.
Can Users Protect Themselves?
Mitigating fingerprinting is difficult, but steps include:
- Privacy-Focused Browsers – Firefox (with “resistFingerprinting” enabled), Brave, and Tor offer protection against fingerprinting.
- Script Blockers – Extensions like NoScript or uBlock Origin can limit the execution of fingerprinting scripts.
- Anti-Fingerprinting Tools – The EFF’s Cover Your Tracks tool can reveal how unique your browser fingerprint is.
- VPNs with DNS Filtering – Most modern VPN providers, such as MullVad or NordVPN, offer settings that block known fingerprinting scripts using a DNS sinkhole, preventing tracking scripts from loading. In my view this is the most effective way to block fingerprinting without compromising your experience of using the web.
What’s Next?
Google’s policy change highlights the complex relationship between privacy, technology, and competition. As online tracking methods evolve, the challenge for regulators and businesses is twofold: ensuring data protection laws keep pace, and addressing how dominant players influence the market.
Whether browser fingerprinting becomes the new standard for tracking or faces regulatory pushback remains to be seen—but it is clear that the battle for control over user data is far from over.
