Cookies vs Fingerprinting vs Behavior: What Really Tracks You More?

Most people hear about cookies. But your browser, your device, and even your habits can be used to follow you too. This page shows the three main "shadows" you leave online.

This is an educational overview, not legal advice. We explain how tracking works in simple terms.

Why This Is Misunderstood

Public debate is obsessed with cookie banners. Every website asks you to "accept all cookies" or "manage preferences." This makes it seem like cookies are the only way you're tracked online.

But regulators and researchers warn that fingerprinting and cookie-less tracking are rising. The Office of the Privacy Commissioner and Internet Policy Review have highlighted how fingerprinting works invisibly, without any popup or banner.

Research published in venues like Nature has shown that browsing behavior alone—which sites you visit, when you visit them, and how you interact—can identify and re-identify people, even without cookies or fingerprints.

This page explains all three "shadows" you leave online, how hard each is to block, and which tools can help.

Three Shadows That Follow You Online

Think of tracking as three different "shadows" you cast online. Each shadow reveals different information, and each requires different tools to reduce.

1. Network Shadow

Your IP address and location

2. Device Shadow

Cookies and local storage

3. Configuration + Behavior Shadow

Fingerprinting and browsing patterns

Test Your Own Shadows

Use these tools to see what information you're revealing right now:

Your Browser Fingerprint

Your fingerprint is the pattern of settings, plugins, fonts, languages, and more that makes your browser look different from others.

Check my fingerprint →

Your IP on This Site

Your IP address tells sites roughly where you are and which network you use. A VPN changes this address.

Loading...

This is a client-side check. Your real IP is only visible to the server.

Cookies and Storage Used by This Site

This demo only looks at cookies and storage used on BestPrivacyApps. Real news, social, or shopping sites usually have many more trackers.

Cookies:
LocalStorage:
SessionStorage:

A. Cookies – The Visible Shadow

What It Is

Cookies are small pieces of data saved in your browser. They remember that you are logged in, what's in your cart, and how you use the site. Third-party cookies (from ad networks) can follow you across many sites.

Local storage and session storage work similarly—they store data on your device, but unlike cookies, they're not automatically sent with every request.

Why People Focus on It

Cookie banners are everywhere. Every website shows a popup asking you to "accept all" or "manage preferences." This makes cookies feel visible and controllable. People think: "If I reject cookies, I'm not being tracked."

Regulators like GDPR and CCPA have pushed for cookie consent, which makes cookies the most talked-about tracking method. But this focus can hide other, less visible tracking methods.

How Hard It Is to Block

Moderately easy. Modern browsers can now block third-party cookies fairly well. Extensions like uBlock Origin, Privacy Badger, and strict browser settings can block even more.

However, first-party cookies (on the main site you're visiting) often still remain for logins, shopping carts, and basic site functionality. Blocking all cookies can break many websites.

Which Tools Help

  • Privacy-friendly browsers with built-in cookie blocking (Firefox with strict settings, Brave, etc.)
  • Content blockers and extensions (uBlock Origin, Privacy Badger, Ghostery)
  • Stricter cookie settings in your browser preferences

→ See privacy-friendly browsers and blockers in our directory.

B. Fingerprinting – The Invisible Shadow

What It Is

Fingerprinting reads many small signals from your browser: browser type, operating system, screen size, languages, fonts installed, time zone, plugins, and more. Even if each piece looks harmless, the combination can be unique—like a fingerprint.

Canvas fingerprinting, WebGL fingerprinting, and audio fingerprinting are advanced techniques that extract even more unique signals. Some estimates suggest that 1 in 286,777 browsers share the same fingerprint—making you nearly unique.

Why It's Misunderstood

No popups, no banner, no obvious "accept" button. Fingerprinting happens silently in the background. You can't see what a site is collecting unless you use special tools.

It works even without cookies. Even if you block all cookies, clear your storage, and use incognito mode, fingerprinting can still identify you. Tools like our browser fingerprint tester, BrowserLeaks, Cover Your Tracks, Privacy.net Analyzer, and Pixelscan try to show you what's being collected.

How Hard It Is to Block

Much harder than cookies. You need browsers or engines that randomize or normalize data, or make you look like many other users.

Tor Browser, Mullvad Browser, and hardened Firefox builds try to make all users look the same. Anti-fingerprinting scripts or extensions can help a bit, but sometimes they can even make you look more unique if misconfigured.

VPNs and privacy DNS help with IP-based tracking, but they don't alone fix fingerprinting—your browser still reveals the same unique signals.

Which Tools Help

  • Tor Browser / privacy browsers with anti-fingerprinting (Mullvad Browser, hardened Firefox)
  • VPNs / privacy DNS (for IP), but note: they don't alone fix fingerprinting
  • Canvas Blocker and similar extensions (with caution—test if they help or hurt)

There is no perfect fingerprint defense, but you can reduce how unique you look and limit where your fingerprint is seen.

C. Behavior – The Long Shadow Over Time

What It Is

"Behavior" means: which sites you visit, when and how often you visit, what you click, read, or buy. This can be collected by ad networks, analytics scripts, and logged-in platforms.

Even if your cookies change or your fingerprint changes, your pattern of behavior can still identify you. For example: "User visits Site A at 9am, Site B at 2pm, Site C at 8pm" is a pattern that can be unique.

Why It's Powerful

Research from places like Nature has shown that browsing behavior alone can re-identify many users, even without cookies or fingerprints. Your habits are hard to change and hard to hide.

If you're logged into Google, Facebook, or other platforms, they can link your behavior across sites. Even if you're not logged in, ad networks can build profiles based on which sites you visit and when.

How Hard It Is to Block

Very hard to fully block, because sites need analytics and logs to run. Logged-in services know who you are by design.

But you can reduce how much of your behavior is linked to one identity. Use different "profiles" or "containers" for different activities (work, personal, sensitive research). Log out, or don't stay logged into big social networks while you browse everything else.

Which Tools Help

  • Use different "profiles" or "containers" for different activities (work, personal, sensitive research)
  • Privacy-friendly search engines that don't track your queries
  • VPNs and DNS-based blockers to limit which trackers load
  • Log out, or don't stay logged into big social networks while browsing
  • Separate tools instead of big platforms (e.g., use privacy-focused notes apps instead of Google Docs for sensitive content)

Which Tools Help for Each Shadow?

Network Shadow
((IP & Location))

  • VPNs
  • Privacy DNS / DNS firewall
  • Tor

Categories: VPN, DNS-firewall, Privacy-suite

Device Shadow
((Cookies & Storage))

  • Privacy browsers
  • Content blockers
  • Strict settings

Categories: Browser, Extensions, Analytics (for site owners)

Configuration + Behavior Shadow
((Fingerprinting & Patterns))

  • Anti-fingerprinting browsers
  • Multiple profiles
  • Disciplined login behavior
  • Good defaults

Categories: Browser, Search-engine, VPN, Notes

Next Steps

Explore our recommendations for private browsers, VPNs, email, and more in the BestPrivacyApps directory.

Browse Privacy Apps → Test Your Fingerprint →