4.2 Browser-Level Identity Leaks: Fingerprinting Anatomy

In many real-world deanonymization cases, Tor worked correctly and the network layer was intact—yet users were still identified.
The common failure point was the browser layer.

Browser fingerprinting exploits the fact that modern browsers expose a large amount of observable, semi-stable metadata. When combined, this metadata can uniquely identify a user or link sessions over time—even across anonymous networks.

This chapter explains what browser fingerprinting is, why it works, and how it undermines hidden-network anonymity, without providing exploitation steps.

A. What Is Browser Fingerprinting?

Browser fingerprinting is the practice of identifying or linking a browser instance by observing attributes it reveals during normal operation.

Unlike cookies:

fingerprinting does not require storage on the user’s device
it often works even when cookies are disabled
it can persist across sessions and network changes

Fingerprinting relies on passive observation, not active compromise.

B. Why Browsers Leak Identity Information

Browsers are designed to:

optimize user experience
support diverse hardware and software
expose capabilities to websites

These goals conflict with anonymity.

Every exposed feature increases the entropy of a browser’s observable profile.

C. Core Components of a Browser Fingerprint

Fingerprinting is combinatorial: individual signals may be common, but their combination becomes unique.

1. User-Agent and Platform Information

Includes:

browser name and version
operating system
CPU architecture

Even coarse differences can split anonymity sets.

2. Screen and Display Characteristics

Examples:

screen resolution
color depth
device pixel ratio

These are influenced by hardware and OS settings and tend to remain stable.

3. Fonts and Rendering Behavior

Browsers differ in:

installed fonts
font fallback order
text rendering quirks

Font metrics and rendering outputs have been shown to be highly identifying.

4. JavaScript-Exposed APIs

APIs can reveal:

timezone
locale
system preferences
hardware concurrency
memory estimates

Even when values are rounded, patterns remain.

5. Canvas and WebGL Fingerprinting

Graphics APIs can leak:

GPU model
driver behavior
floating-point precision quirks

The same drawing code can produce slightly different outputs on different systems.

6. Audio and Media Stack Behavior

Audio APIs may reveal:

audio hardware characteristics
sample rate handling
processing differences

This creates another entropy source.

D. Why Fingerprinting Is Especially Dangerous on Tor

Tor hides:

IP address
network location
routing paths

But Tor does not change how the browser renders content by default.

If a Tor user’s browser is:

unique
customized
inconsistent with the majority

Then:

sessions can be linked
activity can be correlated
anonymity sets shrink dramatically

This is why Tor Browser exists.

E. The Role of Tor Browser: Standardization, Not Invisibility

Tor Browser does not aim to make users invisible.
It aims to make users indistinguishable from each other.

Key Strategy: Uniformity

same user-agent for all users
same window sizes (letterboxing)
same fonts
same extensions
same configuration

Anonymity comes from blending in, not standing out.

F. How Customization Causes Self-Deanonymization

Research consistently shows that:

browser customization increases fingerprintability

Examples of risky customization:

installing extra extensions
resizing windows freely
changing default settings
enabling experimental features

Each deviation reduces the anonymity set.

G. Browser Fingerprinting vs Hidden Services

Fingerprinting affects:

visitors to onion services
administrators accessing their own services
developers testing hidden services

If the same browser is used:

on clearnet and Tor
or across different onion services

Linkability becomes possible without breaking Tor.

H. Documented Research Findings

1. High Uniqueness of Browser Fingerprints

Large-scale studies show that:

most browsers are uniquely fingerprintable
uniqueness increases over time

2. Stability Over Time

Fingerprints:

change slowly
persist across sessions
survive IP changes

This makes them ideal for long-term tracking.

3. Difficulty of Complete Mitigation

Blocking one signal (e.g., canvas) is insufficient.
Fingerprinting relies on many weak signals combined.

I. Why Fingerprinting Is Hard to Defend Against

Defending against fingerprinting requires:

redesigning browser APIs
sacrificing performance or features
enforcing uniform behavior

This is why:

fingerprinting remains an active research area
defenses evolve slowly
mistakes reappear in real cases

J. Lessons Learned from Browser-Level Failures

From past incidents and research, several lessons emerged:

Anonymity is collective
You are only as anonymous as the group you blend into.
Customization is dangerous
Personalization increases identifiability.
Network anonymity ≠ application anonymity
Tor protects traffic, not behavior.
Standardization beats concealment
Uniformity reduces entropy more effectively than blocking APIs.