Safari 26 Now Injects Noise Into Every Fingerprinting Script—Here's What That Means for Tracking

The Fingerprinting Arms Race Just Escalated

When third party cookies began their slow death across major browsers, the advertising industry pivoted to browser fingerprinting as a replacement. The technique collects dozens of signals from your browser, your screen resolution, installed fonts, GPU model, audio processing characteristics, and combines them into a unique identifier that follows you across the web without storing anything on your device.

In February 2025, Google quietly reversed its own 2019 policy that had called fingerprinting "wrong" and began allowing advertisers on its platform to use the technique. Then Apple went in the opposite direction. With Safari 26, Apple introduced Advanced Fingerprinting Protection (AFP), a system that injects random noise into the very APIs that fingerprinting relies on. It is enabled by default in every browsing mode, not just Private Browsing.

How AFP Works Under the Hood

AFP takes a fundamentally different approach to anti fingerprinting compared to previous protections. Rather than blocking APIs outright, which would break websites, Safari injects subtle noise into the data these APIs return. Each time a fingerprinting script queries the browser, it receives slightly different results.

The affected APIs include:

• 2D Canvas and WebGL: Safari adds noise during readback operations, so the rendered output varies between sessions even on the same device
• WebAudio: AudioBuffer samples are slightly altered each time they are read, breaking audio fingerprinting signals
• Window and screen metrics: APIs that report screen dimensions, window size, and display properties return fixed standardized values regardless of the user's actual configuration

The result is that fingerprinting scripts collect data that looks valid but is unstable. A user's fingerprint changes every session, making it impossible to build the persistent profiles that trackers depend on.

AFP vs. Existing Protections

Safari already had an anti tracking feature called Advanced Tracking and Fingerprinting Protection (ATFP), which blocks known tracking domains and limits cross site data. AFP is a separate, complementary layer. Even if a user disables ATFP, AFP continues working in the background on Safari 26.

The distinction matters because ATFP operates at the network level, blocking requests to known trackers, while AFP operates at the API level, poisoning the data that tracking scripts receive. A fingerprinting script hosted on a first party domain would bypass ATFP entirely, but AFP still scrambles its results.

This means Safari 26 users are protected against fingerprinting regardless of where the tracking script is hosted, a significant improvement over previous approaches that relied on blocklists.

The Google Contrast

Apple's move stands in sharp contrast to Google's direction. In 2019, Google called fingerprinting a technique that "subverts user choice" and pledged to fight it. But in early 2025, Google's Ads platform quietly updated its policies to permit fingerprinting, a reversal the UK's Information Commissioner's Office called irresponsible.

Chrome, which holds roughly 65% of the global browser market, has not implemented equivalent fingerprinting protections. This creates a two tier privacy landscape: Safari users get automatic fingerprinting defense, while Chrome users remain fully exposed unless they install third party extensions.

What This Means for You

If you use Safari on an iPhone, iPad, or Mac running the latest software, AFP is already active. No settings to change, no extensions to install. Your browser is automatically returning scrambled data to any script attempting to fingerprint your device.

For Chrome users, the situation is less encouraging. Google has shown no indication that similar protections are planned. Extensions like fingerprint spoofers can help, but they require manual installation and maintenance.

AFP does not affect UTM parameters used for marketing attribution, so legitimate analytics still work. The protection specifically targets the canvas, audio, and screen APIs that fingerprinting scripts abuse, not standard website functionality.

Browser fingerprinting was supposed to be the tracking industry's answer to cookie deprecation. With Safari blocking it by default and regulators treating it as personal data under GDPR, the technique's future as a reliable tracking method is increasingly uncertain, at least outside Google's ecosystem.