How Websites Track You Without Cookies

You've done everything right: cleared cookies, enabled "Do Not Track," installed an ad blocker, and use private browsing. Yet advertising networks still serve you eerily targeted ads. How? Because cookies are just the most visible tracking method — and the easiest to block.

Modern tracking has evolved far beyond cookies into a sophisticated ecosystem of techniques that are nearly impossible to detect or prevent.

1. Browser Fingerprinting

Every time you visit a website, your browser reveals a surprising amount of information:

• Screen resolution and color depth
• Installed fonts (each computer has a unique combination)
• Browser version and installed plugins
• Time zone and language settings
• Operating system and hardware specs
• WebGL renderer (your exact GPU model)
• Audio processing characteristics

Individually, each piece of data is common. Combined, they create a fingerprint that is unique to your device with 99.5% accuracy, according to research by the Electronic Frontier Foundation.

Unlike cookies, you can't "clear" your fingerprint. It's derived from your hardware and software configuration.

2. Canvas Fingerprinting

This clever technique uses the HTML5 Canvas element. A website draws an invisible image using JavaScript — text, shapes, gradients. Due to differences in GPU hardware, driver versions, and font rendering engines, the resulting image is slightly different on every device.

The website hashes this image into a unique identifier. You never see the image — it's drawn off-screen and immediately converted to data.

Canvas fingerprinting is used by over 5% of the top 100,000 websites and is virtually undetectable by users.

3. Tracking Pixels

A tracking pixel is a 1×1 transparent image embedded in a webpage or email. When your browser loads it, the request sends your IP address, browser info, and the exact time you viewed the content to the tracking server.

Email marketers use tracking pixels to know:

• Whether you opened an email
• What time you opened it
• Your approximate location
• What device and email client you use

4. CNAME Cloaking

To bypass ad blockers, companies now use CNAME cloaking. Instead of loading tracking scripts from tracker.adcompany.com (which ad blockers can block), they set up a subdomain like analytics.yourfavoritesite.com that secretly redirects to the tracking company.

Since the domain appears to be first-party, ad blockers and browser protections allow it through.

5. Behavioral Biometrics

Advanced tracking goes beyond your device to track how you use it:

• Mouse movement patterns and speed
• Typing rhythm and cadence
• Scroll speed and patterns
• Touch pressure on mobile devices
• How you hold your phone (accelerometer data)

These behavioral patterns are unique enough to identify individuals even when they switch devices or use VPNs.

🔍 How Unique Is Your Browser?

How to Reduce Tracking

• Firefox with Enhanced Tracking Protection: Set to "Strict" mode, which blocks known fingerprinters and tracking scripts.
• Tor Browser: Makes all users look identical by standardizing the fingerprint.
• uBlock Origin: Blocks tracking scripts, pixels, and known fingerprinting endpoints.
• Disable JavaScript selectively: Many fingerprinting techniques require JavaScript. Use NoScript for sensitive browsing.
• Block images in emails: Prevents tracking pixel loading. Most email clients now offer this option.
• Use common settings: Paradoxically, having a "unique" browser setup makes you more trackable. Default settings blend in better.

Related Tools

• Your Digital Footprint — see how unique your browser really is
• Password Generator — strong passwords for every account