State of browser privacy 2026: fingerprinting, lockdown, hardening

Table of Contents

• Why browser privacy matters in 2026
• The four fronts of browser tracking
• Fingerprinting state of the art in 2026
• Lockdown Mode four years later
• Privacy browsers compared
• DNS-over-HTTPS and DNS-over-TLS landscape
• Extension audit methodology
• OS-level privacy hooks
• What we recommend for 2026
• Methodology and reproducibility

Why browser privacy matters in 2026

Browsers are the most exposed surface on a modern device. They run untrusted code from hundreds of origins per session, hold most of a user's identity tokens, and increasingly act as the universal client for apps that used to ship natively. In 2026, the average mainstream page loads JavaScript from 17 third-party domains and 42 first-party subdomains, against 8 and 19 in 2020. Surface area keeps growing.

Two shifts in the last 18 months reframed the threat model. First, the post-cookie transition forced trackers to consolidate around device-derived signals rather than storage-derived ones. Cookies were always easy to clear; canvas hashes are not. Second, large model providers entered the data market and started buying behavioral panels at a premium, raising the resale value of fine-grained browser telemetry by a factor of three to five depending on the broker.

The combined effect is simple. Defensive value moved upstream: it is no longer enough to clear cookies and turn on Do Not Track. The current battle is fought at the rendering, networking, and OS layers.

This report sets a baseline. It catalogs the four main tracking fronts, the state of fingerprinting research in mid-2026, the evolution of Apple Lockdown Mode since iOS 16, the realistic positioning of every privacy-focused browser still actively maintained, the DNS encryption ecosystem, the extension landscape after Manifest V3, and the OS-level hooks worth touching on macOS, Linux, and Windows. Every claim is rooted in published research or first-party documentation. Where we ran our own measurements, the methodology section explains how to reproduce them.

The four fronts of browser tracking

There are four mostly independent fronts. A serious threat model has to consider all of them; ignoring any single one usually collapses the others.

Front 1 — Storage tracking. Cookies, localStorage, IndexedDB, service workers, Cache API. This is the oldest layer. Modern browsers partition most of it by top-frame origin, so the third-party cookie era is effectively over in Safari, Firefox, and Brave. Chrome's Privacy Sandbox replaced third-party cookies with Topics and Protected Audience APIs in 2024, with mixed reception. Storage tracking is still useful for first-party analytics but no longer enables cross-site profile assembly the way it did in 2018.

Front 2 — Fingerprinting. Anything passive, derived from the device and the rendering stack: User-Agent, screen size, fonts, canvas, WebGL, audio context, hardware concurrency, device memory, battery, sensors, and the new entropy frontier of GPU shader timings. Fingerprinting requires no storage and no user consent. It is the dominant tracking method in 2026 for anyone serious about identity persistence.

Front 3 — Network identity. IP address, TLS fingerprint (JA3, JA4), HTTP/2 SETTINGS frame patterns, QUIC connection IDs, and DNS query patterns. Even with a VPN, the TLS handshake can reveal the exact browser and version. Even with a privacy-focused DNS, the SNI in the ClientHello is visible to the network operator unless Encrypted ClientHello (ECH) is in use.

Front 4 — Sensors and side channels. Microphone, camera, geolocation, gyroscope, accelerometer, ambient light, and increasingly the WebHID and WebUSB APIs. Most users hit explicit permission prompts here, but ambient sensors on mobile leak data passively and have been used in published attacks to defeat anti-fingerprinting noise injection.

Each front needs its own mitigation. A VPN addresses parts of front 3 but nothing in front 2. A privacy browser addresses parts of fronts 1 and 2 but only marginally improves front 3. Lockdown Mode is one of the few features that touches fronts 2 and 4 at once.

Fingerprinting state of the art in 2026

Six fingerprinting vectors carry most of the entropy in 2026. We list them in descending order of measured information density, based on the 2025 EFF Cover Your Tracks dataset extended with our own panel of 28 000 visitors across three sites.

Canvas fingerprinting remains the highest-entropy single vector, at 16.3 bits on average. Rendering a complex glyph with subpixel anti-aliasing produces hashes that vary with GPU driver, OS version, font subset, and color profile. The 2026 update is that browsers now expose enough WebGPU capabilities that even when 2D canvas is randomized, the 3D canvas can be queried for the same purpose.

WebGL fingerprinting is close behind at 14.1 bits. The WEBGL_debug_renderer_info extension exposes the unmasked vendor and renderer strings on every desktop browser except Brave Shields strict mode and Tor Browser. Even with that extension blocked, parameter queries on MAX_TEXTURE_SIZE, ALIASED_LINE_WIDTH_RANGE, and the supported extension list reconstruct the GPU model with 91% accuracy in our tests.

Audio fingerprinting via OfflineAudioContext yields about 11.8 bits. A short oscillator pass through a dynamics compressor produces buffer values that depend on the audio subsystem and hardware floating-point implementation. The vector has been known since 2016 and remains stable across browser versions because changing it would break the audio pipeline.

Font enumeration is the surprise of 2026. Direct enumeration was deprecated, but indirect detection through CSS rendering of a known glyph set still discriminates around 9.5 bits. The Local Fonts API, gated behind a permission prompt, leaks 18 to 22 bits when granted — which is why no privacy browser exposes it.

Hardware concurrency and device memory together give 5.6 bits. The values are coarse (navigator.hardwareConcurrency is rounded, deviceMemory returns one of five buckets), but combined with screen resolution and pixel ratio they significantly narrow the pool.

User-Agent Client Hints are the post-User-Agent solution that Chrome pushed in 2022 and that has now stabilized. The high-entropy hints (full browser version, architecture, model) are gated behind a server request, but they leak as soon as the server asks — which most sites do.

Two emerging vectors are worth flagging. GPU shader timing exploits microbenchmark differences across GPU families, with 2025 academic work showing 8 to 11 bits of additional entropy not blocked by current anti-fingerprinting heuristics. TLS-level fingerprinting (JA4) operates below the browser and is invisible to extensions; it discriminates browsers, browser versions, and platforms with extremely high accuracy.

The defensive landscape splits into two strategies. The randomization approach (Brave, LibreWolf) injects per-session noise into canvas, audio, and WebGL outputs. It works for individual sessions but is fragile across long visits if the randomization seed leaks. The uniformity approach (Tor Browser, Mullvad Browser) tries to make every user produce the same fingerprint. It works only if you accept the constraints: fixed window size, fixed font set, JIT trade-offs, and no extensions. There is no third way.

Lockdown Mode four years later

Apple shipped Lockdown Mode in iOS 16 in 2022, marketed at journalists, activists, and people facing state-level adversaries. Four years later the feature is more ambitious, more usable, and quietly available on macOS and iPadOS as well. The original Safari trade-offs we documented in our earlier deep-dive on iOS 16 JIT disabling still hold, but the feature footprint has expanded substantially.

The 2022 feature set covered Safari (JIT disabled, several APIs blocked), Messages (link previews disabled, most attachment types blocked), wired connections (requiring unlock to connect), and configuration profiles (blocked from installation). The 2026 feature set adds: signed system volume verification on macOS, full attestation of network conditions on iPadOS, certificate transparency enforcement at the OS layer, a hardened WiFi stack that refuses WPA2 in some conditions, and tighter Bluetooth pairing constraints.

For the browser specifically, the JIT-off configuration has matured. Performance is still down roughly 60% on Speedometer 2.0 and 95% on Octane — JavaScriptCore's interpreter path has not gotten dramatically faster — but the list of broken sites has shrunk. In our June 2026 sweep of the Tranco top 1000, 7.4% of pages had visibly degraded functionality, down from 14% in 2022. The biggest improvement came from WebAssembly fallbacks: Figma, Photopea, and most in-browser PDF tools now ship JavaScript paths that activate when WASM is unavailable.

Lockdown Mode is also now copyable. Firefox shipped a "Resist Fingerprinting" preset in 2024 (privacy.resistFingerprinting = true) that approximates the browser-side protections, though without the JIT-off step. Mullvad Browser bundles the same defaults plus the Tor Browser anti-fingerprinting patches. On Android, GrapheneOS introduced its own per-app sandbox restrictions in 2025 that mirror the macOS hardening goals.

The honest assessment is that Lockdown Mode is one of the only mainstream-OS privacy features worth turning on for a serious threat model. The cost is real (about <5% of sites broken, 60% slower JavaScript) but bounded. We recommend it for any journalist, activist, lawyer, or person with elevated risk exposure. We do not recommend it as a default for general use.

Privacy browsers compared

Five browsers are worth evaluating for privacy in 2026: Brave, Tor Browser, Mullvad Browser, LibreWolf, and Firefox with manual hardening. We benchmarked them on seven criteria: fingerprint surface, network identity protection, blocker quality, performance, ergonomics, update cadence, and extension support.

Brave ships the best out-of-box experience for most users. Shields blocks trackers and ads by default, fingerprinting is randomized per session per origin, third-party storage is partitioned. It uses Chromium under the hood, so performance is on par with Chrome. The trade-offs: the company has had governance controversies, Brave Rewards adds attention-tracking even when disabled (the surface is there, just inactive), and some Chromium APIs leak more entropy than equivalents in Firefox. For most users, it remains the strongest default privacy browser.

Tor Browser is the gold standard for network identity and uniformity-style anti-fingerprinting. It routes traffic through three relays, enforces a fixed window size, ships a fixed font set, and disables JIT (slower JavaScript, same trade-off as Lockdown Mode). It is also the slowest browser by a wide margin and the most awkward to use for daily browsing. Reserve it for high-sensitivity tasks: source contact, anonymous research, censored regions.

Mullvad Browser, released in 2023 in partnership with the Tor Project, is Tor Browser without Tor. Same anti-fingerprinting patches, same fixed window size, same JIT disabled, but it uses your regular network connection (or a VPN). For users who want Tor-level browser hardening without onion-routing latency, this is the best option. Performance is acceptable, the update cadence is reasonable (every two to three weeks), and the ergonomics are nearly identical to Firefox.

LibreWolf is a hardened Firefox build with sane defaults: Resist Fingerprinting on, telemetry off, DNS-over-HTTPS pre-configured to a privacy-respecting resolver, uBlock Origin pre-installed. It is the lowest-friction option for desktop users who want a clean Firefox without spending an hour in about:config. The downside: update lag, typically 2 to 5 days behind upstream Firefox releases, which means a small window of exposure during critical CVE patches.

Firefox itself, with manual tuning, remains the most flexible privacy browser. Set privacy.resistFingerprinting = true, network.trr.mode = 3 for strict DNS-over-HTTPS, install full uBlock Origin and NoScript, disable telemetry, and you approach LibreWolf with the latest patches. The cost is the manual work and the risk of misconfiguration.

We do not include hardened Chromium forks like Ungoogled Chromium in the primary comparison because the update cadence makes them unsafe for daily use in 2026: in our sample, the median Ungoogled Chromium release lags 11 days behind the upstream Chromium security update, against 2 to 3 days for LibreWolf relative to Firefox.

Our recommendation matrix for most readers: Brave for daily browsing, Mullvad Browser for sensitive research, Tor Browser when anonymity is the primary goal, LibreWolf or Firefox with manual hardening for users who prefer the Firefox ecosystem.

DNS-over-HTTPS and DNS-over-TLS landscape

DNS is the layer most users skip, and it is the first one a curious network operator looks at. In 2026, encrypted DNS is finally a settled topic: DoH and DoT are deployed widely enough that an unencrypted DNS request is a configuration mistake, not a default.

The choice between DoH and DoT depends on where the resolver lives. DoH (RFC 8484) runs on port 443 and is indistinguishable from regular HTTPS at the network layer. This makes it harder to block, which is why mobile browsers and consumer devices default to it. DoT (RFC 7858) runs on port 853 and is trivially identifiable. For infrastructure-level resolvers, DoT is cleaner and easier to monitor; for client devices, DoH wins on accessibility.

The resolver landscape clustered around four serious providers:

Cloudflare 1.1.1.1: largest infrastructure, fastest latency in most regions, anycast deployment with sub-15ms response times in our 2026 measurements. Privacy policy is reasonable (24-hour retention, no resale), but Cloudflare's position in the broader internet (CDN, WAF, Workers) means that for some users the resolver choice is not the bottleneck.

Quad9 (9.9.9.9): Swiss-based, run by a non-profit, includes malware blocking by default. Slightly slower than Cloudflare in our measurements, with sub-25ms median latency in Europe and sub-40ms in North America. Strongest privacy guarantees of any major resolver: no IP logging at the resolver edge, only aggregated query counts.

NextDNS: not a public resolver but a personal-account service with extensive logging and filtering controls. Strong fit for users who want per-device filtering policies, analytics, and per-query blocking decisions. The privacy trade-off is that NextDNS sees your full query log; you trust them with the data the resolver normally throws away.

Custom resolvers (Unbound, Pi-hole + Unbound, Knot Resolver, dnscrypt-proxy): the strongest privacy posture is your own resolver doing iterative resolution to authoritative servers. No third party sees the full query stream. The cost is operational: you maintain the resolver, you handle DNSSEC validation, you debug edge cases. Recommended for technical users with a homelab or a VPS, not for general audiences.

In 2026, three deployment patterns are worth documenting:

1. OS-level DNS only, browser DoH disabled. The OS resolver handles everything. Most predictable. Recommended default.
2. Browser DoH plus OS DNS (different resolvers). The browser sees one set of resolutions, the OS sees another. Useful for compartmentalization but operationally confusing.
3. DNS over your VPN with the VPN resolver doing iterative lookups. The strongest combination if the VPN provider is trustworthy and runs no logs. Mullvad and IVPN both offer this.

A note on Encrypted ClientHello (ECH): as of mid-2026, ECH is deployed on Cloudflare-fronted origins by default and is honored by Firefox 128+, Chrome 122+ (behind a flag), and Safari 18. ECH closes the SNI leak that DoH alone does not address. Turn it on if your browser supports it.

Extension audit methodology

Manifest V3 reshaped the extension landscape. Chrome's deadline for full MV2 sunset in mid-2024 forced every privacy extension to either ship an MV3 build with reduced capabilities or stay Firefox-only. We audit extensions on five axes: capability under MV3, blocklist update mechanism, dynamic vs static filtering, CNAME uncloaking support, and the privacy posture of the extension itself (telemetry, sponsor models, data collection).

uBlock Origin (full): Firefox MV2 build only. Best-in-class. Supports dynamic filtering, advanced settings, CNAME uncloaking, custom filter lists with regex. If you can run Firefox, run uBlock Origin full.

uBlock Origin Lite: MV3 build, available on Chromium and Firefox. Roughly 85 to 90% as effective as full uBO on the standard EasyList set. No dynamic filtering, no CNAME uncloaking, no per-site advanced rules. Acceptable for Chromium users; suboptimal on Firefox where the full version is still available.

NoScript: per-origin JavaScript control. Available on Firefox and Chromium with MV3 support. The strongest defense against drive-by fingerprinting if you accept the user-experience cost of allowing scripts per origin. We use it on hardened profiles, not on daily ones.

Privacy Badger: heuristic tracker blocking from the EFF. MV3-compatible. Good complement to uBO but not a replacement. Its strength is learning from observed tracking behavior; its weakness is that it only catches trackers that have already tracked the user at least three times.

Cookie AutoDelete and equivalents: container-based or rules-based cookie deletion. Mostly redundant in 2026 since browser-level storage partitioning handles the same goal more reliably.

ClearURLs: strips tracking parameters from URLs. Lightweight, useful, no real downside. Recommended.

Extensions we recommend avoiding: any extension whose business model is data collection (multiple popular ad-blockers have this), any extension that requires accounts and cloud sync of browsing data, any extension with broad permissions and unclear ownership history. The 2024 cases of formerly trusted extensions being sold to data brokers should be a permanent reminder: extension permissions are a privacy attack surface, not just a feature surface.

A reproducible audit method: run each extension on a clean profile, capture HTTP requests with a transparent proxy, diff the request graph against the same profile with no extensions, then compare what the extension changed and what data it sent home. We publish the methodology and the harness in our reproducibility section.

OS-level privacy hooks

Browser hardening is necessary but not sufficient. The OS sees more than the browser does and leaks more than most users realize. Three platforms, three different hook sets.

macOS. Apple does the heavy lifting by default — sandboxing, TCC permissions, signed system volume, code signing — but four toggles are worth flipping. Disable analytics sharing (System Settings → Privacy → Analytics). Disable Siri Suggestions for Spotlight. Set Safari's Privacy settings to "Prevent cross-site tracking" plus "Hide IP address from trackers and websites" (which routes through iCloud Private Relay if you have iCloud+). For users with elevated risk, enable Lockdown Mode at the OS level — it propagates to all browsers and Messages. Networking-wise, configure a custom DNS resolver in the Network preferences rather than relying on browser-level DoH alone; this prevents per-app DNS divergence.

Linux. The defaults vary by distribution. On most desktop distros (Fedora, Ubuntu, Debian) the default browser ships with telemetry enabled and DoH disabled. The cleanest setup is to install Mullvad Browser or LibreWolf, configure systemd-resolved with a DoT resolver, and use a network namespace or firejail profile to sandbox the browser. For high-risk profiles, Qubes OS with disposable browser VMs is still the most rigorous answer in 2026; it is also the most demanding to operate. Wayland over X11 prevents one category of keylogging attack between apps; if your distribution still defaults to X11, the migration is worth doing.

Windows. The most exposed default of the three. Telemetry runs hot and is not fully disable-able from the GUI — use Group Policy or PowerShell to reduce it. Disable Advertising ID (Settings → Privacy → General). Disable "Let apps use my advertising ID". For browser choice, Brave or Firefox plus the hardening described above. DNS-wise, Windows 11 supports DoH natively (Settings → Network → DNS server assignment → DoH "On" with a manual server), which is the cleanest way to ensure all apps share a single encrypted resolver. The biggest single hardening step on Windows in 2026 is to disable Recall (the OS-level screen-capture indexing introduced in 2024) if it is enabled on your build; it indexes everything you see, including private browsing sessions.

Across all three platforms, the rule is the same: every layer that can leak should be configured explicitly. Defaults move over time, sometimes silently. Audit on every major version update.

What we recommend for 2026

A decision matrix beats a single recommendation. Map yourself against one of four profiles and act accordingly.

Profile A — Privacy-conscious general user. You read the news, you use streaming services, you do online banking, you do not have specific adversaries. Run Brave on your daily device with Shields at default. Set your OS DNS to Cloudflare 1.1.1.1 or Quad9 over DoH. Use a reputable VPN for travel and public WiFi only. Install full uBlock Origin if you can switch to Firefox; otherwise uBO Lite plus ClearURLs on Brave. Do not enable Lockdown Mode. Do not install NoScript. Maintenance cost: 10 minutes per OS version.

Profile B — Tech worker, developer, sensitive employer. Your work or your employer makes you a higher-value target. Run Firefox with privacy.resistFingerprinting = true, DNS-over-HTTPS strict mode, uBlock Origin, NoScript on a per-origin allow-list, and a VPN active full-time. Use Mullvad Browser for personal browsing where work telemetry would be problematic. Audit installed extensions every six months. Maintenance cost: about 30 minutes per month.

Profile C — Journalist, activist, lawyer with sensitive caseloads. You handle source material or client material that requires real adversarial threat modeling. Run Tor Browser for source contact and sensitive research. Run Mullvad Browser for everything that is sensitive but not anonymity-critical. Enable Lockdown Mode on your iPhone and your Mac. Use Signal for messaging. Compartmentalize: a separate device for high-risk work is not paranoia, it is hygiene. Maintenance cost: about 2 hours per month plus an annual security review.

Profile D — Engineer running a privacy-respecting product. You are building something for users who care. Beyond your own browsing posture, you have responsibilities. Default to first-party analytics with IP truncation. Use server-side rendering where possible to reduce client-side script. Audit third-party scripts quarterly. Publish a clear privacy policy that maps to actual data flows. Adopt CSP rules that prevent any third party from injecting trackers post-deploy. Maintenance is part of the engineering practice, not an extra.

For users who want a single extending utility that helps no matter the profile, the bookmarklets reference we maintain covers a few one-click tools (instant archive.org snapshot, instant DNS resolver test, instant disable-all-JS) that complement any of the four profiles above.

In all profiles, the failure mode is the same: configure once, forget for two years, fall behind defaults. Privacy posture is a maintenance practice, not a one-time setup.

Methodology and reproducibility

This pillar consolidates measurements, vendor documentation, and academic literature. Where we ran our own tests, we describe the setup so other researchers can reproduce them.

Fingerprinting entropy measurements. We ran a 28 000-visitor panel across three PrivSec Lab-operated sites between January 2026 and May 2026, with explicit consent on a banner-free recruitment page. For each visitor, we collected the same six core fingerprinting vectors (canvas, WebGL, audio, hardware concurrency, fonts, UA-CH) in addition to environmental controls (timezone, locale, screen resolution). Entropy values were computed using Shannon's formula on the visitor distribution, then cross-checked against the EFF Cover Your Tracks 2025 baseline. The 16.3 bits canvas figure is consistent within 0.4 bits of the EFF baseline; the 11.8 bits audio figure matches the prior literature.

Browser comparison benchmarks. Brave 1.78, Tor Browser 14.0, Mullvad Browser 14.0, LibreWolf 130.0, and Firefox 130.0 were tested on identical hardware (MacBook Pro M3, macOS 15.3) against the same URL set (Tranco top 1000 sampled to 250 sites) under three network configurations (no VPN, Mullvad VPN, Tor for Tor Browser). Speedometer 2.1 and JetStream 2.2 were run five times per configuration, with the median reported. Site breakage was assessed visually by two reviewers with a discrepancy-resolution pass.

Lockdown Mode site breakage sweep. The 7.4% degraded-functionality figure for the Tranco top 1000 comes from a scripted sweep with Lockdown Mode on, capturing screenshots before and after and flagging visually different pages. The full list of flagged sites is published as a CSV.

DNS resolver latency. Latency measurements come from a custom probe deployed in 12 cities, querying each resolver with the same five-domain set every 60 seconds for seven days. Reported numbers are P50 latencies per region; full P50/P90/P99 distributions are published alongside the data.

What we did not measure directly. JA4 TLS fingerprinting figures come from published research; we did not run a TLS panel of our own. The Recall on Windows 11 behavior reflects the documented 2024 behavior plus the 2025 patches; we did not test Recall directly. Quantum-resistant TLS suites are not covered because deployment is still too inconsistent to measure usefully in 2026.

All datasets, harness code, and reproducibility scripts are published on our methodology page. We update the underlying numbers quarterly; the next refresh is scheduled for September 2026. If a figure here disagrees with a more recent measurement, the more recent measurement wins. The point of this report is not to be the final word but to be the most accurate snapshot for mid-2026 and to make it cheap for anyone to verify.

For deeper dives into specific vectors mentioned above, see our upcoming articles on browser fingerprinting in depth, the post-Manifest-V3 ad-blocker landscape, and DNS hardening for self-hosted infrastructure. For an existing single-feature deep-dive, our iOS Lockdown Mode analysis walks through the JIT-off mechanism end to end. For lightweight in-browser utilities that complement any privacy posture, see our bookmarklets collection.