Brave, Firefox, or Tor: you can’t trust your browser to protect you from tracking

Last updated: 27 June 2025
1
Browsers leaving fingerprints, data tracking
Image by Cybernews.

No browser offers complete protection from fingerprinting. While Firefox, Brave, Tor, or any other browser and tools have their strengths and weaknesses, never have the illusion that you’re untraceable.

I was looking for a browser and settings combination that makes me private online. But no matter what I did, I was always unique in the eyes of websites.

Even with all the cookies disabled, ads and trackers blocked, and VPN enabled, do you ever wonder how much other data you expose to the websites you visit?

ADVERTISEMENT

It rains. Don’t believe me? Click the button below to see what I mean.

This demonstration is all local. No servers, no tracking. It’s your own device, telling you what any website can see.

And it’s just a small fraction of all the data that leaks to websites without you ever clicking “Accept.” I am not a developer – I vibe-coded this in 5 minutes, including a few dozen data points.

Every time you visit a website, your device reveals tiny clues about who you are – your browser, screen, GPU, battery level, fonts, or supported technologies. The seemingly harmless data fragments combine into a unique fingerprint that can be used to track you across the web, even without cookies.

All this data makes you unique. Your user agent – the combination of browser, OS, and other device information – is like an ID that is shown on every website you visit. And a single data point sometimes is enough to track you effectively online.

Why is this the case?

When a browser advertises its privacy features, it’s a bit misleading. Even if you have many protections against fingerprinting, you may expose less data, or some of it will be fabricated. But you’re still unique enough to effectively be tracked online.

ADVERTISEMENT

It’s just a part of how the web works. Modern web browsers expose rich APIs for developers so that websites can render graphics, detect screen size for layout, optimize audio playback, access a webcam, etc.

The following APIs were not designed for tracking, but can be used for that:

  • WebGL (for 3D rendering)
  • Canvas (for drawing images)
  • AudioContext (for audio processing)
  • Navigator (for platform and version info)
  • Screen (for resolution)
  • MediaDevices (for access to camera, microphones, and screen sharing)
  • Etc. The list of available APIs is exhaustive

Without them, your browser would become useless – you wouldn’t be able or even want to browse the web if websites were completely broken, without images, functions, JavaScript, etc.

What was the experiment?

I have been a Firefox user for a while now, but I was still not satisfied with how this browser protects me from fingerprinting techniques, even with an adblocker (uBlock Origin) and Privacy Badger extensions enabled.

The first failed test was “Cover Your Tracks,” a handy tool developed by the Electronic Frontier Foundation (EFF), a major non-profit digital rights group.

Here you can test how well your browser protects against three main categories of privacy intruders: tracking ads, invisible trackers, and fingerprinting technologies.

I wish Firefox had better fingerprint protection because no matter what I did, I couldn’t achieve “Yes” for the third category. I even enabled the experimental Fingerprint Protection feature and tried other advanced configuration (about:config) settings. The browsing experience was completely broken, most sites didn’t work, but I still had a unique fingerprint.

eff-check
ADVERTISEMENT

So, I gave Brave a second chance. I had had this browser installed for a while, but deleted it due to the crypto wallet, AI, ads, and other bloat, as well as some controversy with lobste.rs. But maybe privacy is worth it?

And yes, the Brave browser passes this specific EFF’s test. But hold on. Does it really protect against fingerprinting?

Other online services, such as “Am I Unique?” or “Browser Leaks,” can check the uniqueness of your fingerprints in much more detail.

And they unveil the uncomfortable truth. If you see images in your browser, run JavaScript, or use many other features, every single one can be abused to create a unique fingerprint.

If you load a single small PNG image, it will be rendered uniquely on your system compared to all other systems, depending on many variables, such as GPU, OS, drivers, browser, etc. This information can be turned into a hash, which would be your ID on the web.

justinasv Marcus Walsh profile Gintaras Radauskas jurgita
Be the first to know and get our latest stories on Google News
Google News Follow us

“The Canvas API, which is designed for drawing graphics via JavaScript and HTML, can also be used for online tracking via browser fingerprinting. This technique relies on variations in how canvas images are rendered on different web browsers and platforms to create a personalized digital fingerprint of a user's browser,” Browserleaks explains.

I don’t know anyone who would browse the web without graphics, JavaScript, Fonts, or even other basic functionality and security (encryption) features, to make themselves more private.

Even if you tried, that makes you even more unique in the eyes of website owners. The more privacy measures you apply, the more you stand out from other visitors.

It makes sense. If you’re browsing the web on Chrome without an ad blocker, you’re similar to billions of other smartphone users. But if you see someone from Firefox on Kali Linux with these specific disabled features? It’s more likely than not that the visitor is Aras Nazarovas, our senior security researcher.

ADVERTISEMENT

If you really need to access something sensitive, he recommends using the default Chrome on a Windows VM as a better approach to “blend in” rather than fighting an uphill battle with privacy settings compromising functionality. To maintain anonymity, delete the user agent after each session and create a new one for the next time, so you have a new virtual ID.

So, am I still unique using Brave? Yes, according to both other services. For example, the unique Canvas fingerprint was repeatedly the same.

brave-unique-hash

In some sense, my fingerprints are even more distinguishable, as not many people use this browser on a Mac. Blocking JavaScript, Canvas, etc, will make you even more unique. Back to square one.

The same is true for the TOR browser, which is the holy grail of anonymity. While its canvas hashes will be different every time, it still leaks some unique information about the user agent, which can be used for fingerprinting and tracking. For example, the feature detection hash value remained the same despite several separate visits.

tor-hash

Protections still matter

While you can’t completely eliminate being tracked online, it doesn’t mean you shouldn’t use at least some basic protections against the most invasive trackers.

Trackers and advertisers abuse third-party cookies to follow your browsing habits. Cross-site tracking cookies are harmful and “must be removed from the web platform.

Blocking them, using adblockers, will limit the data they can receive. Add a VPN to prevent spies in the middle. It helps protect your data and privacy, even if complete untraceability online remains an elusive goal.

ADVERTISEMENT
Share
Post
Share
Share
Share
More from Cybernews
Saudi industrial services group breached, hackers claim
Estimating age with augmented cameras in tobacco shops is a no-go, CNIL says
Law enforcement authorities bust international Microsoft scam call center
JD Vance’s Disneyland vacation sparks outrage, mockery
Samsung may be turning jewelry into AI-driven devices
A simple radio hack can emergency stop any train in North America, researchers warn
ADVERTISEMENT

Comments

M.R.
prefix 18 days ago
The "Mullvad" browser might be worth checking.
Leave a Reply

Your email address will not be published. Required fields are markedmarked