最新您知道哪些法規適用於貴公司嗎?3 分鐘內即可確認。我們誠摯的禮物:歐盟法規工具韓國法規工具
我們能為您做什麼?

透過以下方式傳訊

KakaoTalkLINE

48 小時內回覆

傳送電郵給我們 →
部落格
Beyond Cookies: You're Still Being Tracked
資料隱私

Beyond Cookies: You're Still Being Tracked

2026年7月2日·Alex Holmquist, Panke IT Solutions LLC

You clicked "Reject All." The same ads still follow you. Your instinct was right — rejecting cookies is worth doing. It just closes one door of several. Here is how websites track you without cookies, and what actually helps.

A four-row panel showing

The other doors

Most sites embed third-party content: an ad, a share button, an analytics script. That embedded code sees you on every site that runs it and links those visits into one profile — cookie or no cookie. This is cross-site tracking, and rejecting cookies never touched it.

Some sites go further. Session-replay scripts record your mouse movements, your scrolling, and what you type — including text you delete before hitting send. A Princeton study found these on 482 of the 50,000 most popular sites.[1]

The one you can't delete

Even with every cookie rejected and cleared, a site can still recognize your browser from how it's configured: screen size, installed fonts, hardware, language, settings. Stitched together, that profile is nearly unique. The EFF measured roughly 83.6% of browsers as individually identifiable with no cookies at all.[2]

A cookie you can delete. A fingerprint you cannot.

And in February 2025, Google updated its policy to permit fingerprinting for ad measurement.[3] The hardest method to escape just got a green light.

Why it's getting harder to block

On Chrome, the most capable blockers are being curtailed. Manifest V3 replaced the powerful content-blocking API with a rule-limited one; the full uBlock Origin was pulled, and the remaining older extensions were disabled for good in July 2025.[4] Firefox still supports full-strength blockers. Turning off JavaScript defeats most tracking too — and breaks most of the modern web.

What actually helps

None of these are complete. That's the honest part.

  1. Separate browser profiles or devices for work and personal — compartmentalizes, but does nothing about tracking within a profile.
  2. Clear cookies and site data on every browser close (Firefox has a setting for it) — clears cookies, not your fingerprint, and you re-enter every password.
  3. A VPN with tracker blocking — hides your IP, but not cookies or your fingerprint, and "tracker protection" is usually just a DNS blocklist. It has sharper limits than most people expect: your iPhone can leak its real IP with the VPN on.
  4. Tor Browser for quick, sensitive browsing — genuinely strong, because every user looks nearly identical, but it breaks many sites, and any login re-identifies you.

Which of these four did you already have in place — and which one surprised you?


References

  1. No Boundaries: Exfiltration of Personal Data by Session-Replay Scripts — Princeton CITP, via Privacy International. https://privacyinternational.org/examples/1918/no-boundaries-exfiltration-personal-data-session-replay-scripts
  2. Cover Your Tracks (formerly Panopticlick) — Electronic Frontier Foundation. https://coveryourtracks.eff.org/
  3. Google's pivot on digital fingerprinting for cross-device ad measurement (effective February 16, 2025) — eMarketer. https://www.emarketer.com/content/google-pivot-digital-fingerprinting-enable-better-cross-device-measurement
  4. Google disables uBlock Origin and Manifest V2 content blockers in Chrome — The Next Web. https://thenextweb.com/news/chrome-manifest-v3-ublock-origin-content-blockers-disabled
擔心您的攻擊面暴露風險?

若想了解您的基礎設施在攻擊者掃描模型中的評分,請聯絡 contact@pankeit.com,進行攻擊面評估。

訂閱我們的部落格

掌握最新資安趨勢

絕無垃圾郵件,隨時可取消訂閱。

©2026 Panke IT Solutions LLC

Austin, TX