Clearing your cookies isn’t enough to protect your privacy online, according to new research from Texas A&M University.
The study shows that many websites are secretly using a method called browser fingerprinting to track users across different sessions and websites — even when people think they’ve erased all traces of their online activity.
Browser fingerprinting works by collecting details like your screen size, device type, time zone, and other settings every time you visit a website.
Put together, this information creates a unique “fingerprint” that can identify you, even if you’re not logged in or have blocked cookies.
Unlike cookies, which you can delete or block, browser fingerprints are much harder to hide.
Dr. Nitesh Saxena, who led the study, said that while browser fingerprinting has long been suspected, this is the first clear proof that companies are actively using it to track people online. The research was published at the ACM Web Conference 2025.
To uncover how websites use fingerprinting, the team built a tool called FPTrace. It allowed them to test how websites and online ads reacted when browser fingerprints were slightly changed.
If changing the fingerprint led to changes in ad prices or the way data was handled behind the scenes, it meant the fingerprint was being used to track the user.
That’s exactly what the researchers found. Even when users cleared their cookies, websites continued to track them using fingerprints.
Some websites even passed fingerprint-based data to advertisers in real time, helping them decide which ads to show and how much to pay to target a user. This kind of tracking also happened to users who had specifically opted out under privacy laws like Europe’s GDPR or California’s CCPA.
The researchers warn that current privacy tools — and even browsers that promise to protect users — are not enough to stop fingerprinting. They’re calling for stronger protections in web browsers and new regulations to address this hidden form of tracking. They hope their FPTrace system will help watchdogs better detect and stop these practices.
This study was conducted in partnership with Johns Hopkins University and highlights the urgent need for more transparency and better privacy protections for internet users.
