Privacy Score

Fingerprinting is a tracking technique that combines a handful of normally-innocent signals — your User-Agent string, screen size, installed fonts, GPU model, audio stack quirks, canvas-rendering oddities — into a single ID that uniquely identifies your browser without using cookies. Even if you clear cookies and switch to private browsing, the same combination of signals usually still hashes to the same fingerprint. privacyscore.dev shows you exactly which of these signals your browser is currently emitting.

You start at 100 (nothing leaked). Each finding deducts points: visible IP −15, geo to city level −10, browser version −5, OS −5, language −5, canvas fingerprint −15, WebGL renderer −10, audio fingerprint −5, fonts −3 to −8 depending on count, WebRTC local IP leak −15. Tor and commercial-VPN users skip the IP/geo deductions entirely and get a small bonus, because the IP leaked is the exit node, not the user.

A VPN only hides your IP. It does nothing to canvas, audio, WebGL, font, WebRTC, or User-Agent fingerprints — a tracker with the same set of fingerprint signals can re-identify you across two different IPs. Hardening the browser (Firefox with privacy.resistFingerprinting, Tor Browser, Brave with strict shields, or LibreWolf) is what actually moves the score.

No. We never persist your IP or fingerprint. For our own analytics we keep a daily-rotating SHA-256 hash of IP + salt + day for 30 days, then aggregate the result into hourly visitor counts and discard the hashes. There are no third-party trackers and no advertising cookies. The full policy is on the privacy page.

Every six hours we fetch the official Tor exit-node list from check.torproject.org/torbulkexitlist (with a fallback to dan.me.uk) and load it into Redis. When you visit, your IP is checked against that set in O(1). For commercial VPNs we match your IP's autonomous-system organisation against a curated list of known VPN providers (M247, Mullvad, ProtonVPN, NordVPN, ExpressVPN, IPVanish and others).

Some browsers (Tor Browser, Firefox with RFP, Brave) defend against canvas fingerprinting by injecting a tiny amount of random noise into every canvas read. We detect this by drawing the same canvas twice in a row: identical browsers always produce identical hashes, so two different hashes is proof that the browser is randomising. That's a privacy win, not a leak — we score it as such.

WebRTC is a real-time communication API that, by default, exposes your local network IP addresses behind NAT to any website, even without permission. It's intended for video-call setup but is widely used for tracking. Browsers that filter WebRTC (Brave, Tor, Firefox with the right pref) will show no local IPs or only mDNS .local UUIDs, which we ignore because they rotate per session.

Concrete steps, ordered by impact: (1) switch to Tor Browser or Firefox with privacy.resistFingerprinting=true for the biggest single jump; (2) disable WebRTC or use a browser that filters it; (3) install uBlock Origin to remove tracker payloads; (4) use Brave or LibreWolf if Firefox tweaks are too much; (5) route DNS through DoH or DoT to hide queries from your ISP; (6) avoid extensions that uniquely identify you. A VPN helps the IP/geo deductions but does nothing to fingerprinting.