Network & Infrastructure · 2026-04-13

What Is Browser Fingerprinting? How Websites Identify Your Device

Your browser reveals dozens of technical signals that combine into a near-unique identifier. Unlike cookies, fingerprints cannot be cleared. Here is how the technology works and why it matters for multi-account detection.

What Is Browser Fingerprinting? How Websites Identify Your Device

The Identity You Cannot Delete

Every time you visit a website, your browser shares a collection of technical details about your device. Screen resolution, installed fonts, GPU model, timezone, language settings, CPU core count. Individually, none of these details identify you. Combined, they create a fingerprint that is nearly unique to your specific device.

Unlike cookies, which are stored files you can delete, a browser fingerprint is computed from your hardware and software configuration. You cannot clear it. You cannot reset it. And every website you visit can compute it independently, without storing anything on your machine.

This is browser fingerprinting — and it is one of the primary technologies platforms use to detect when multiple accounts are operated from the same device.

How Browser Fingerprinting Works

Browser fingerprinting collects data points from multiple categories, then combines them into a single hash or identifier. The more data points collected, the more unique the resulting fingerprint.

Canvas Fingerprinting

Canvas is an HTML5 element that allows websites to draw graphics using JavaScript. When a website asks your browser to render a specific image or text through the Canvas API, the result depends on:

Your GPU hardware

Your graphics driver version

Your operating system's font rendering engine

Subpixel rendering settings

Anti-aliasing configuration

The same Canvas instruction produces slightly different pixel-level results on different hardware. A website can render an invisible image, convert the pixel data to a hash, and use that hash as a device identifier.

Why it works: GPU rendering is deterministic. The same hardware always produces the same result. But different hardware produces different results, even for identical rendering instructions. Two computers with different GPUs will produce different Canvas hashes with high reliability.

WebGL Fingerprinting

WebGL (Web Graphics Library) provides browser-based 3D rendering. It exposes additional hardware details:

**GPU vendor string** — the manufacturer (NVIDIA, AMD, Intel, Apple)

**GPU renderer string** — the specific GPU model

**Supported WebGL extensions** — which rendering capabilities are available

**Max texture size and viewport dimensions** — hardware-specific limits

**Shader precision format** — floating-point precision supported by the GPU

The combination of these values creates a hardware profile that differs across GPU models. Even two computers with the same CPU but different GPUs produce different WebGL fingerprints.

Font Enumeration

Your operating system comes with a set of installed fonts. You may have installed additional fonts for design work, language support, or software requirements.

Websites can detect which fonts are available by attempting to render text in specific font families and measuring the resulting dimensions. If the text renders at the expected width and height for a given font, that font is installed.

The set of installed fonts varies significantly across machines. A fresh Windows installation has a different font set than a Mac. A machine with Adobe Creative Suite installed has dozens of additional fonts. A machine with language packs for Chinese, Japanese, or Korean has fonts that English-only systems lack.

Uniqueness contribution: Font enumeration alone can narrow identification to a small group of devices. Combined with other signals, it becomes highly discriminating.

Screen and Display Properties

**Screen resolution** — pixel dimensions of the display

**Color depth** — bits per pixel (typically 24 or 32)

**Device pixel ratio** — physical pixels per CSS pixel (1x, 2x for Retina, 3x for some mobile)

**Available screen size** — display area minus taskbar/dock

These values are easily queried through JavaScript. While common resolutions (1920x1080, 2560x1440) are shared by millions of devices, the combination with other signals adds discriminating power.

Timezone and Language

**Timezone offset** — the UTC offset of your system clock

**Timezone name** — the IANA timezone (e.g., America/Denver)

**Browser language** — the language preference sent in HTTP headers

**Navigator languages** — the ordered list of preferred languages

A browser configured for English with timezone America/Denver narrows the geographic scope. Add Japanese as a secondary language and the combination becomes uncommon.

Hardware and System Properties

**Hardware concurrency** — the number of logical CPU cores (navigator.hardwareConcurrency)

**Device memory** — approximate RAM in gigabytes (navigator.deviceMemory)

**Platform string** — operating system identifier

**User agent string** — browser name, version, and OS details

**Do Not Track setting** — whether the user has enabled DNT

**Touch support** — whether the device has a touchscreen and how many touch points it supports

Audio Fingerprinting

The AudioContext API can generate a unique audio signal by processing sound through the device's audio stack. The resulting waveform varies based on:

Audio hardware

Audio driver implementation

Operating system audio processing

Like Canvas fingerprinting, audio fingerprinting exploits deterministic hardware behavior to create a device-specific identifier.

Why Each Person's Fingerprint Is Nearly Unique

Research by the Electronic Frontier Foundation's Panopticlick project (now Cover Your Tracks) found that browser fingerprints are unique for approximately 83-99% of browsers tested, depending on the data points collected.

The math is straightforward. Consider just five data points:

Screen resolution: ~50 common values

Timezone: ~24 values

Language: ~100 common combinations

GPU renderer: ~200 common models

Installed fonts: thousands of possible combinations

Even with conservative estimates, the combination space is enormous. When you add Canvas hash, WebGL parameters, audio fingerprint, and behavioral data, the fingerprint becomes unique with approximately 99.5% probability.

This means that if a website computes your browser fingerprint today and sees the same fingerprint tomorrow from a different account, it can conclude with high confidence that both sessions originated from the same physical device.

How Platforms Use Fingerprinting for Association Detection

For e-commerce platforms, browser fingerprinting serves a specific purpose: detecting when multiple seller accounts are accessed from the same device.

The process works as follows:

1. Collection: Every time a user loads Seller Central (or equivalent), the platform collects fingerprint data points through JavaScript

2. Hashing: The data points are combined into a fingerprint hash and stored server-side, associated with the user's account

3. Comparison: When any account is accessed, the current fingerprint is compared against all stored fingerprints

4. Association scoring: If the same fingerprint (or a highly similar one) appears on two different accounts, the accounts are flagged as potentially linked

The critical difference from cookies: fingerprinting happens transparently, without storing anything on the user's device. The user cannot see, modify, or delete the fingerprint data because it is never stored locally. It is computed fresh on every page load from the device's actual hardware and software properties.

The Difference From Cookies

Cookies are explicit: the website stores a file on your device, and your browser sends that file back on subsequent visits. You can see cookies in your browser settings, delete them, or block them entirely.

Browser fingerprinting is implicit: your browser reveals its hardware and software properties simply by functioning normally. There is no file to delete because no file was created. The identification comes from who your device is, not from what was stored on it.

This is why clearing cookies, using incognito mode, or switching browsers on the same device does not reset your fingerprint. The fingerprint comes from the hardware — the GPU, the fonts, the screen, the CPU — and those properties persist across browser sessions, browser types, and even operating system reinstalls (if the hardware remains the same).

How Anti-Detect Browsers Try to Spoof Fingerprints

Anti-detect browsers (Multilogin, GoLogin, AdsPower) attempt to defeat fingerprinting by injecting false data at the JavaScript level:

**Canvas noise injection** — adding random pixel variations to Canvas rendering results

**WebGL spoofing** — reporting fake GPU vendor and renderer strings

**Font list randomization** — reporting a different set of installed fonts

**Screen resolution spoofing** — reporting false display dimensions

**User agent rotation** — changing browser and OS identification strings

Each spoofed data point creates an apparently different fingerprint, making each browser instance look like a separate device.

Why Spoofing Creates Detectable Anomalies

The fundamental problem with fingerprint spoofing is that it creates internally inconsistent profiles. Real devices have coherent hardware configurations. Spoofed profiles often do not.

Canvas noise detection: Real GPU rendering is deterministic — the same GPU always produces identical Canvas results. Anti-detect browsers inject random noise, which means the Canvas hash changes between sessions on the same "device." Platforms can detect this inconsistency: a genuine device produces the same Canvas hash every time, while a spoofed device produces a different one each session.

WebGL / Canvas mismatch: If the WebGL renderer string reports an NVIDIA RTX 4090 but the Canvas rendering performance characteristics match an Intel integrated GPU, the profile is internally inconsistent. Real devices do not have this mismatch.

Font / OS inconsistency: If the browser reports Windows 11 but the installed font list includes macOS-exclusive fonts (like San Francisco), the profile is obviously fabricated. Anti-detect browsers that randomize font lists without checking OS consistency create this signal.

Statistical anomalies: When platforms see thousands of fingerprints, they can identify which parameter combinations occur in real devices and which do not. A fingerprint with a statistically impossible combination of values — screen resolution common on Mac, GPU common on Windows, timezone from Asia, language set to Norwegian — stands out as synthetic.

Temporal instability: Real device fingerprints are stable over time. The same laptop produces the same fingerprint for months or years (until hardware or software changes). Anti-detect browser profiles that rotate parameters between sessions exhibit fingerprint instability that real devices never show.

What This Means in Practice

Browser fingerprinting is one layer in a multi-layer detection system. It works in concert with network identity (IP/ASN), payment data, address records, and behavioral analysis.

A fingerprint match between two accounts does not guarantee they are linked — two people could theoretically have identical hardware configurations. But in practice, the combination of fingerprint similarity with any other shared signal (same IP, same address, similar behavior) pushes association confidence past the threshold for action.

The practical implication for multi-account operations: using the same physical hardware for multiple accounts creates a persistent association signal that cannot be cleared, deleted, or reset through software means alone. Anti-detect browsers attempt to mask this signal but create new detectable anomalies in the process.

For how platforms combine fingerprinting with other detection layers, see Anti-Detect Browsers, VPNs, and Proxy Risks for E-Commerce in 2026.

For a detailed look at Amazon's specific fingerprint detection model, see How Amazon Detects Linked Accounts: The Fingerprint Model.