conbersa.ai
Infra4 min read

How Does Cookie Fingerprinting Link Multi-Account Portfolios?

Neil Ruaro·Founder, Conbersa
·
cookie-fingerprintingmulti-accounttrackingaccount-linkingdetection

Cookie fingerprinting links multi-account portfolios by persisting identifiers across multiple browser storage locations — standard cookies, localStorage, IndexedDB, ETags, Flash storage, and cache headers — that survive individual clearing attempts and reconstruct the link across accounts sharing the same browser profile or machine. A platform does not need every tracking mechanism to succeed. It only needs one to connect the accounts, and the redundancy of modern cookie fingerprinting makes reliably breaking every link extremely difficult from a shared browser environment.

First-party cookies set by the platform (e.g., TikTok, Instagram, YouTube) carry session identifiers and authentication tokens. When a user logs into Account A, the platform sets a cookie linking that browser session to Account A. When the same browser profile logs into Account B, even in a different tab or after Account A has logged out, the platform can read the existing cookie domain state and recognize that both accounts originated from the same browser.

The EFF Cover Your Tracks project research demonstrated that tracking mechanisms extend well beyond standard cookies. The project tests multiple storage mechanisms simultaneously to evaluate real-world tracking surface. The overlap between cookie-based and fingerprint-based tracking means platforms do not rely on either mechanism alone — they use both in combination.

What Are Evercookies And How Do They Survive Clearing?

Evercookies, first documented by security researcher Samy Kamkar in 2010, store identifiers redundantly across multiple browser storage APIs:

  • Standard HTTP cookies
  • HTML5 localStorage and sessionStorage
  • IndexedDB databases
  • ETag headers (cached HTTP responses)
  • Web SQL databases
  • Flash Local Shared Objects (LSOs)
  • Cache API entries
  • Service Worker caches

When the user clears standard cookies, the evercookie mechanism checks the remaining storage locations, finds the identifier, and rewrites the standard cookies. The cookie clearing is reversed immediately. Modern browsers have restricted some of these vectors — Flash is deprecated, ETag tracking is partially mitigated — but the principle of redundant storage across multiple APIs remains effective because new storage APIs arrive faster than old ones are closed.

GeeTest's device fingerprinting research documents that modern identification systems combine cookie-based identifiers with device fingerprints and behavioral signals. A platform that loses cookie linkage still maintains device fingerprint linkage and behavioral pattern linkage. The three mechanisms are independent fallbacks.

Cookie syncing, also called cookie matching, is a practice where advertising and tracking networks share identifiers between domains. Platform A sets a cookie with a user identifier. It shares that identifier with an advertising network. When the same user visits Platform B, the advertising network matches the identifier and tells Platform B. The user has never visited Platform B before, but Platform B already knows who they are.

For multi-account operators, cookie syncing means that an identifier associated with Account A on one platform can follow the operator to other platforms, creating a cross-platform tracking graph that links accounts the operator believed were isolated.

How Does This Affect Multi-Account Operations?

Cookie fingerprinting makes shared browser environments dangerous for account isolation. Clearing cookies between account sessions provides partial protection but is unreliable because of redundant storage across multiple APIs. The only reliable protection is complete browser profile isolation, where each account has its own browser profile with its own storage sandbox.

Anti-detect browsers provide this profile isolation. Each profile has its own cookie jar, its own localStorage, its own IndexedDB, and its own cache. Cookie-based linkage between profiles is impossible because the storage is physically separate. However, cookie isolation does not isolate the underlying machine fingerprint or the IP address, which means cookie fingerprinting is only one layer of the linking surface. Isolating cookies while leaving the device fingerprint and IP correlated is insufficient.

We built Conbersa so every account operates on its own real physical device. Cookie storage, localStorage, IndexedDB, and every other browser storage API is physically isolated per device because each device is a separate piece of hardware. There is no shared storage to clear and no evercookie reconstruction vector because there is no shared environment. Combined with the device-level fingerprint isolation that real hardware provides, the cookie fingerprinting layer is one more surface where isolated devices outperform shared browser profiles.

Frequently Asked Questions

Related Articles

Infra · 4 min readHow Does Cookie Fingerprinting Link Multi-Account Portfolios?Infra · 5 min readWhat Is Browser Fingerprinting?Infra · 4 min readWhat Is Canvas Fingerprinting and How Does It Affect Multi-Account?Infra · 4 min readHow Do WebRTC Leaks Expose Multi-Account Operations?Infra · 5 min readHow Do Platforms Detect Accounts Through Behavioral Fingerprinting?Infra · 4 min readWhy Does Fingerprint Consistency Matter For Multi-Account Distribution?