Google Chrome reportedly leaves a gaping hole for browser fingerprinting, privacy consultant warns

The claim

It has been reported that privacy consultant Alexander Hanff says Google Chrome does not protect users against browser fingerprinting — one of the most basic and common ways to track people online. "There are at least thirty distinct fingerprinting techniques that work in Chrome right now, today, as you read this," Hanff allegedly wrote in a critique for The Register. Fingerprints are simple: an OS, a screen resolution, installed fonts. Small bits of data that, stitched together, become a persistent identifier.

Why it matters

Browser fingerprinting surged after browsers and platforms began clamping down on third‑party cookies, pushing advertisers to find other ways to follow users. It has been reported that fingerprinting appears on more than 10% of the top 100K websites and over a quarter of the top 10K, per a 2021 paper, and a Nature study found that behavioral fingerprints — the four sites you visit most — can identify 95% of people. So yes, it’s invasive. And yes, it can be used for both ad tracking and fraud detection. Privacy advocates call it a stealthy, hard‑to‑clear tracking method. Feels a bit like leaving your fingerprints on every door you walk through.

The response and what's next

Google launched Privacy Sandbox in 2019 promising to "smudge" fingerprints and build privacy‑reserving web standards, and it publicly tied fingerprinting’s rise to cookie blocking. But after years of fits and starts — and a change in stance in December 2024 from "fingerprinting is wrong" to "it's okay if disclosed" — it has been reported that Google essentially abandoned the effort. So where does that leave Chrome users? Caught between marketing that touts safety and a reality where simple, widely deployed fingerprinting techniques may still identify them. Not a great look for a browser that sells itself as a security leader.

Sources: The Register