Safe Browsing Check.
SAFE BROWSING CHECK · ONLINE TRACKING A name tag you can't wipe off. Private windows and cookie-clearing work by erasing. The new tracking leaves nothing to erase. What still works, plainly.

You Clicked "Reject All." They Tracked You Anyway.

Marta Lane · Updated March 20, 2026 · 6 min read

You open a private window when you don't want a site remembering you. You clear your cookies every so often. And when a banner slides up at the bottom of the screen, you hunt for "Reject All" instead of just clicking through to read the page.

Those are good habits. For years they did real work.

They no longer touch the way most websites follow you. And the two companies you were quietly counting on to hold the line both stepped back in 2025. The rules changed while your settings stayed put.

This isn't a reason to feel foolish. You were playing by the book. The book got rewritten, and almost nobody sent you the new edition. The new edition is short, and it ends with the one change that still works.

What a private window actually does

Private mode — Incognito in Chrome, Private in Safari and Firefox — has one job, and it does it well: it forgets the session on your own device. When you close the window, that browsing history and the cookies from it are wiped from your computer. Handy if you share a laptop, or you're booking a surprise gift.

What it was never built to do is hide you from the website on the other end. The site still sees your visit. Google's own Incognito mode doesn't block trackers, and it does nothing about a newer method that no setting touches. The Electronic Frontier Foundation, the long-running digital-rights nonprofit, shows you exactly how exposed your browser is even with a private window open.

Clearing your cookies has the same ceiling. A cookie is a name tag a site puts on your device. Wipe it, and yes, that tag is gone. But the site can hand you a fresh one the moment you come back. And there's now a name tag you cannot wipe at all, because it was never stored on your machine in the first place.

The tag you can't delete

It's called browser fingerprinting, and the idea is simpler than the name.

Every time you load a page, your browser hands over small, harmless-looking details so the site knows how to display itself: your screen size, the fonts you have installed, your time zone, your language, the kind of graphics chip in your device. No single detail identifies you. Stitched together, though, that combination is almost always unique — your device and no one else's.

How unique? Researchers from Texas A&M and Johns Hopkins, presenting at a 2025 web-science conference, confirmed fingerprinting is being used to track real people across the web, and earlier studies put the share of devices it can single out above 90%.

Why clearing works on one and not the other One tag is stored on your device. The other is read off your browser every visit. THE COOKIE — STORED ON YOUR DEVICE your device a stored cookie Clear ✓ Removed wiping works …but the site hands you a fresh one on your next visit. THE FINGERPRINT — READ OFF YOUR BROWSER, EACH VISIT your device screen size · fonts time zone · graphics chip (nothing stored to wipe) read THE SITE stitches the traits into a unique ID (90%+) Clearing finds nothing A private window, deleting cookies — it never moves. THE MOVE — block the trackers' scripts before they load. Clearing works on yesterday's tag. Blocking stops the read itself.
The single fact that explains why every erasing habit fails. Sources: EFF Cover Your Tracks; Texas A&M / Johns Hopkins, 2025.

Your usual habits miss it because there's nothing sitting on your computer to clear. Open a private window and your fingerprint is identical. Delete every cookie and it doesn't move. Switch off your Wi-Fi and back on and it's still you. The methods you've been relying on all work by erasing something. Fingerprinting leaves nothing to erase.

Why 2025 made it worse

For a while there were two safety nets above all this. Both gave way within ten weeks of each other.

Google had been blunt about fingerprinting, calling it a practice that "subverts user choice and is wrong." Then, on February 16, 2025, it quietly stopped forbidding the advertisers who use its tools from doing it. The UK's privacy regulator, the Information Commissioner's Office, called the reversal "irresponsible" and noted that fingerprinting is, by design, far harder for ordinary people to refuse than cookies.

The second net was the long-promised end of third-party cookies — the cross-site trackers that follow you from one website to the next. After years of "we're phasing these out," Google decided on April 22, 2025 to keep them in Chrome, with no new off switch. The cookies you were told would disappear are staying.

So the picture today is the older tracking that never left, plus a newer kind that ignores your settings entirely.

And no, you can't just trust the software

The natural next thought: fine, I'll let a security product handle it.

In 2024 the Federal Trade Commission ordered Avast — an antivirus name millions of people installed precisely to stay safe — to pay $16.5 million after it sold customers' browsing data to more than 100 outside companies. The same product had promised to block online tracking.

The lesson: what protects you is a single, checkable thing — whether the tracker's code ever gets to run. A logo or a promise proves nothing by itself.

What actually works: stop the code before it loads

Every one of these trackers has to load on the page to do its job. The fingerprinting script has to run to read your fonts. The tracking pixel has to load to log that you opened the email. The ad network has to connect to drop its tag.

Block those connections, and there's nothing left to read your screen size, nothing to drop a pixel, nothing to phone home. You're not erasing the evidence after the fact — you're refusing the request before it happens.

Erasing the evidence vs refusing the request Same visit, two timings — only one stops the data. ERASE AFTERWARDS Page loads Trackers run, scripts load, data sent You clear cookies ✗ Too late — it already ran BLOCK BEFORE IT LOADS Page starts Blocker refuses the tracker connections Nothing runs ✓ Data never sent THE MOVE — refuse the request before it loads, don't erase after.
Same goal, opposite timing — and only one matches how the tracking works.

That's the one move that matches how the tracking actually works. A browser-level ad and tracker blocker sits inside your browser and turns away the connections to known tracking and ad networks while the page is still loading. Clearing cookies works on yesterday's tag. A private window still loads every script on the page. Blocking works on the cause.

No honest tool will promise to make you invisible — only the most extreme setups come close. But cutting off the trackers' scripts stops the great bulk of the following-around, including the fingerprinting and pixel scripts your other habits sail right past.

**Block the trackers before they load →**

Total AdBlock installs in your browser in a couple of minutes and blocks ads, pop-ups, and third-party trackers — the analytics scripts, tracking pixels, and social-media tags that sites drop by default. You can start free.

Your 10-minute privacy tune-up

You don't need to become a security expert. Five steps, in order of how much they matter:

  1. Install a browser-level ad and tracker blocker. This is the one that addresses the cause. Set it up first.
  2. See what sites see. Run EFF's Cover Your Tracks once. It shows you how identifiable your own browser is right now — eye-opening, and free.
  3. Turn your browser's tracking protection to its strongest setting. Firefox has a "Strict" mode; Safari blocks cross-site tracking by default; check yours is on.
  4. Keep clearing cookies and using private windows. Still worth doing for what they do well. Just don't count on them alone anymore.
  5. Give out less. When you make an account, skip the optional fields. Every extra detail is one more thing that can leak later.

Your habits, plus the missing piece

You were careful the whole time. The tracking industry rewrote the rules when you weren't looking — and then two of the companies you trusted to protect you stepped aside in the space of a single spring.

Your habits still help. They just need the one piece that works on the cause instead of the symptom: stop the trackers' code from loading in the first place.

**Stop being followed, site to site →**

Try Total AdBlock free.

You might also like