Browser fingerprinting is a technique where a site collects a dozen small parameters (canvas hash, WebGL renderer, audio context, screen size, available fonts) and combines them into a unique "hardware signature." Cookies aren't required.
The most stable signal is GPU UUID via WebGL. Even on a fresh browser profile or in incognito, the GPU stays the same — and your fingerprint with it. That's why Brave and the Tor Browser deliberately spoof these values.
MAC address used to leak through certain APIs (mDNS-based hostnames, WebRTC), but in 2023 Chromium tightened things up. Today MAC almost never leaks via the browser — but native apps still see it.
Volume ID and machine GUID don't leak to websites, but they do leak to native apps (Discord, Steam, Battle.net). Each of those builds its own "telemetry profile" of you.
An HWID rewrite reduces fingerprinting at the device level: even if you reset the browser, all the GPU/CPU/disk-derived identifiers change. It's a drastic step, but it's the only way to get truly anonymous if it actually matters to you.