Digital fingerprinting is a method of data collection – one that in the past has been refused by Google itself because it “subverts user choice and is wrong.” But, we all remember that Google removed “Don’t be evil” from its Code of Conduct in 2018. Now, the Silicon Valley tech giant has taken the next step by introducing digital fingerprinting.

But what does digital fingerprinting actually do and why does Google want it?

What is digital fingerprinting and why is it worse

Digital fingerprinting collects and analyzes multiple data points from a user’s device - such as screen resolution, installed fonts, browser settings, and even battery status - to create a unique profile. Fingerprinting is persistent and can not be deleted or wiped like cookie data. Even after clearing browsing data, users remain identifiable across websites, devices, and services.

This is a radical departure from previous tracking mechanisms because:

1. It Subverts User Choice: With cookies, users at least have the option to reject tracking through consent banners or browser settings. Digital fingerprinting, on the other hand, operates silently in the background, stripping users of any meaningful control over their data.

2. It Is Harder to Block: Privacy-focused browsers like Brave and Firefox have built-in tools to block cookies, while mainstream browsers, namely Google Chrome, have limited such protections. Unlike cookies, which can be wiped, fingerprinting relies on hardware and software characteristics that cannot be easily altered.

3. It Enables Cross-Device Tracking: Google’s new approach extends beyond web browsers, linking user activity across desktops, mobile phones, smart TVs, gaming consoles, and other connected devices. This means your browsing habits on a phone, TV preferences on a Chromecast, and gaming activity on a PlayStation could all contribute to a single, identifiable profile.

And this is exactly why Google wants to use digital fingerprinting: It is way more powerful than cookie-based tracking, and it can’t be blocked for instance by switching to a privacy-first browser.

Fingerprinting has been activated

Google announced launch of digital fingerprinting in December 2024.

On February 16, Google officially loosened its restrictions on digital fingerprinting, allowing advertisers and marketers to track users across devices and services with greater precision. This move coincides with Google’s planned global roll-out of a new “don’t track me” prompt, which will enable users to opt out of traditional cookie-based tracking, and which Google will use strategically for its privacy-washing campaigns. By giving people the choice to opt out of cookie tracking, Google makes it look as if it is protecting your privacy. But rest assured, Google knows a lot about you and with digital fingerprinting, it will learn even more!

It will also help Google maintain its market dominance as other advertisers rely much more heavily on cookie tracking. Now, Google can gather data without requiring explicit user consent: with digital fingerprinting.

Google is making this transition now for two key reasons. First, regulators and privacy advocates have put increasing pressure on tech companies to limit cookie-based tracking, making fingerprinting a convenient way to continue data collection while appearing to comply with stricter regulations. Second, by enabling more precise tracking mechanisms that can function across multiple devices, from smartphones to smart TVs and gaming consoles, Google hopes to maintain its prime position in digital advertising. In 2024, Google made more than 264 billion USD just from digital advertising as reported by Statista while Meta, the runner-up to Google, “only” made 160 billion USD from advertising.

Google turns 180°

Digital fingerprinting gives Google a solution to remain the number one advertiser online – despite, or because of, the larger privacy risks that are involved. At times when Google’s motto of “Don’t be evil” was still fresh in the heads of Google’s employees’, the classification of digital fingerprinting was much different.

In 2019 Google said: “Unlike cookies, users cannot clear their fingerprint, and therefore cannot control how their information is collected. We think this subverts user choice and is wrong.”

Now, the company turned 180°.

Privacy risks of fingerprinting

Digital fingerprinting reintroduces a level of tracking that even Google itself previously criticized. The UK’s data regulator has issued a warning that fingerprinting “is not a fair means of tracking users online because it is likely to reduce people’s choice and control over how their information is collected.”

Some of the most alarming risks include:

• Loss of anonymity: Even privacy-conscious users who avoid Google accounts, use VPNs, or frequently clear cookies can still be tracked across the web and beyond with digital fingerprinting.

• Targeted exploitation: Advertisers, political organizations, and even malicious actors can leverage fingerprinting to profile individuals based on their interests, vulnerabilities, or financial status.

• Regulatory evasion: Many privacy laws, including the EU’s GDPR and California’s CCPA, require user consent for tracking. However, because fingerprinting works without explicit storage of user data on a device, companies may argue that existing laws do not apply which creates a legal gray area that benefits advertisers over consumers.

Cookie banners – the lesser of two evils

Over the past decade, cookie consent banners and app tracking have been heavily criticized as privacy-invasive and not beneficial to the users. However, compared to digital fingerprinting, these cookie banners appear harmless. The real issue with cookie banners was never the banners themselves but the flawed implementation that made people consent to tracking even when they did not want to. That’s also why we have said all along that targeted advertisements must be forbidden – no matter the tracking method. If targeted advertisements must stop, there’s no point in tracking anymore.

With Google’s shift to fingerprinting, the dangers of invasive and unlimited tracking become obvious. Users who once had the option to reject cookies will now be subjected to a tracking method that is virtually impossible to escape.

Tracking at its worst

Google’s adoption of digital fingerprinting marks a new, more intrusive phase in online tracking. Unlike cookie banners, which at least offer an opt-out mechanism, fingerprinting operates without user consent and is nearly impossible to avoid. Google’s entire business model is based on tracking-based advertisements. As regulators try to limit advertisers’ power and tracking techniques, Google has made it clear that it will not go down silently. Rolling out digital fingerprinting for tracking is Google’s answer to protect its business – despite the massive privacy risks.

But what can we learn from this: We learn that a company that relies on tracking and advertisement for its profit will never put the user first.

The choice is yours: Stay with Google or join the growing movement of deGooglers.

How to protect against fingerprinting

Google’s digital fingerprinting is a tracking technique harming your privacy in so many ways that we must prevent it!

First of all, you can check whether you can be tracked via fingerprinting: Learn how identifiable you are on the Internet and how you can cover your tracks.

If, as a result, you are unique, this is generally awesome, but in the context of fingerprinting, this is really, really bad. To not be identifiable via this method, you need to be as common and as much as anybody else as possible. Using only the defaults and mainstream products make it harder for third parties to create a unique digital fingerprint about you.

Example of a browser fingerprint from a Linux laptop running Firefox.

Block browser tracking

On browsers, it is actually possible to block tracking when choosing the right tools and blockers. As one user on Bluesky recommends, you should:

“Switch to a Linux OS, use FireFox and DuckDuckGo, which actually have built-in features to counter fingerprinting, get a Linux Phone with e/OS, IodeOS or GrapheneOS, switch to Tuta. … Always use a VPN and sandbox Google services in separate profiles”

This is actually a very good tip. You can also test which browsers partition websites, meaning they prevent one website from sharing information with another. Privacy Tests lets you quickly check which browsers isolate websites to prevent them from sharing data to track you.

Screenshot from Privacy Tests website showing which browsers protect best against fingerprinting.

Use Firefox add-ons

In addition, some browsers offer add-ons that can help you prevent Google digital fingerprinting privacy tracking. One known add-on is Firefox’s Resist Fingerprinting. Mozilla states on their website:

When Resist Fingerprinting settings are enabled in Firefox Advanced Preferences (the Configuration Editor about:config page), it can help prevent websites from uniquely identifying you by limiting the information they can gather about your device. While this may be ideal for those prioritizing maximum privacy, it can cause some websites to function improperly. For most users, Mozilla recommends Fingerprinting Protection mode in Firefox Settings for Enhanced Tracking Protection, which blocks invasive tracking methods while maintaining compatibility with most websites. Add-ons can enable Resist Fingerprinting in Advanced Preferences, which means it might be active without you explicitly enabling it. You can manage the privacy.resistFingerprinting settings in the about:config page.

Spoof your browser profile

Blocking digital fingerprinting is one option to protect your privacy, another one is spoofing who you are. Google’s digital fingerprinting invades your privacy with such extensive tracking, including processor type, IP address, browser in use, installed fonts, time zone used, language used, dark or light mode, and many other settings that blocking fingerprinting on the browser might not be enough. All this tracking enables Google - and others - to create such a detailed profile about you that it’s highly likely unique.

The good news is, there are still ways, you can confuse Google and others invading your privacy. One user on Mastodon recommends to switch profiles using Chameleon.

Mastodon user recommending Chameleon for switching profiles.

Chameleon (successor of Random Agent Spoofer) is another add-on for Firefox that helps you spoof your browser profile so that you can appear to be changing your profile every few minutes.

Do install these add-ons, and then test your browser again! Are you still unique? If not, you’ve made it!

Also check out these private browser alternatives. To resist fingerprinting, good browsers are Mullvad, LibreWolf, Firefox, and Brave.