Tech Friend: Can a VPN limit browser fingerprinting?

Tips & tricks
5 mins
Browser fingerprint with a magnifying glass.

Tech Friend is our advice column covering cybersecurity, privacy, and everyday technology. Email your question to techfriend@expressvpn.com. If you have questions about your ExpressVPN subscription or need troubleshooting help, please contact Support.


Reading between the lines

Hello Tech Friend, I know a VPN will hide my IP address, but does it help at all with browser fingerprinting? Thanks!

Submitted by: Michael 

In the physical world, fingerprints feature a unique set of swirls, which make them a reliable method for identifying individuals.

When we talk about browser fingerprinting, it’s a reference to various characteristics that, in combination, make your browser unique. These factors include your choice of browser (like Chrome or Firefox), the default language, the extensions you’ve installed, and more. It sounds far-fetched, but these small settings and choices can be unique—no one else in the world uses the exact same ones—and can allow companies to pinpoint you among everyone browsing the internet and collect data on what you’re doing online.

When you visit a site, the server has to look at some information about your browser for the site to work properly. In many cases, that’s all your information is used for. Services like banks might use browser information to stop suspicious activity. But some use browser fingerprinting to track your activity and interests across the internet, then selling the information to data brokers. 

And the answer is no, VPNs do not prevent browser fingerprinting. VPNs encrypt your traffic, preventing intruders from seeing what you’re doing online, and give you a different IP address. When you visit a website, the site can still gather information about your browser, even with a VPN turned on. 

That said, a VPN goes a long way to keeping your browsing activity hidden, whether it’s from your internet service provider, malicious third parties, or just nosy network admins. VPNs make a big impact because your real IP address carries relatively large risks, even allowing people to look up your location. Your ISP can also in theory connect an IP address to your actual identity and provide that information to governments or other monitors.

By comparison, browser fingerprinting requires more work than simply using your IP address to identify you. Despite that, many of the top websites use this technique to track users.

What characteristics make up your browser fingerprint?

When you go online, data collectors are able to figure out many characteristics about your browser. They do this by examining your web headers and looking at JavaScript code. These details include:

  • Your browser (such as Chrome, Firefox, Safari, etc.) and its version
  • Browser extensions you’ve added
  • Timezone
  • Dimensions of your current browser window and its color depth
  • Fonts installed
  • Whether cookies are enabled
  • Language
  • Operating system and CPU
  • Device memory amount

This is not an exhaustive list but gives a view into the types of characteristics used for browser fingerprinting.

Other common tracking methods

Before we talk about how to prevent browser fingerprinting, let’s briefly go over other ways for websites to track you. These are sometimes confused or conflated with browser fingerprinting and include:

Device fingerprinting

This is where a site looks at the settings of your device, rather than your browser. These include your device screen size and resolution, operating system, time zone, audio and visual capabilities, and more. Similar to browser fingerprinting, this method can narrow down your device.

Tracking your IP address

Your IP address is a string of numbers assigned by your internet service provider when you go online. It identifies a device on a network so other devices can communicate with it. Your IP address also reveals a lot about you by letting websites see your location and easily follow your online activity. 

When you use a VPN, all this information is encrypted and becomes unavailable to websites, as they all see the IP owned by your VPN provider, which is shared by many people. Your new IP address can also indicate that you are in a location different from your actual one. 

Read more: What can someone do with your IP address?

Cookies

When visiting a new website, you’re usually greeted with a message asking you to accept (or reject) cookies. Cookies are files created by websites that store data on your browsing activity in order to remember you if you visit the site repeatedly. For example, if you accept cookies, a shopping site will likely keep anything in their shopping cart if you close the site and come back another day—and it will forget them if you reject the relevant cookies. 

With cookies, the good thing is you can reject them, delete them, or change your browser settings to block them. 

Read more: GDPR 4 years on: How data consent changed the internet

How to limit browser fingerprinting

Here are some steps you can take to limit the effectiveness of browser fingerprinting by providing fewer data points, thereby making your fingerprint less unique.

  • Use a common browser. By keeping your browser characteristics boring and basic, you can more easily blend in with other users on the internet. One way to do this is to opt for a common browser like Firefox, not something offbeat.
  • Use a browser that limits fingerprinting. Browsers like Tor, Firefox, and Brave have built-in tools or specific designs that help limit browser fingerprinting.
  • Use incognito or private mode. Using incognito or private mode strips your browser of certain data points, like extensions, reducing the uniqueness of your fingerprint.
  • Disable JavaScript and Flash. When JavaScript is disabled, websites won’t have a way to detect certain characteristics of your browser, such as extensions and fonts. However, disabling Javascript could lead to websites not functioning properly.
  • Change browsers for private activities. Since it’s so hard to hide your browser characteristics entirely, one line of defense would be to use a different browser for extra-private activities. For example, if you log on to social media using one browser, use a different one for activities which you don’t want to be associated with your social accounts.
Phone protected by ExpressVPN.
Protect your privacy with the best VPN

30-day money-back guarantee

A phone with a padlock.
Enjoy a safer online experience with powerful privacy protection
What is a VPN?
Answering your online privacy, cybersecurity, and other everyday technology questions.