Open a site in incognito with cookies cleared, and an ad network can still recognise you — by your hardware. This technique is called device fingerprinting, and it does not need cookies at all.
What gets collected
A fingerprint is built from dozens of small signals: the graphics card and how it renders (via WebGL), the set of installed fonts, the audio stack, screen resolution, the number of CPU cores, supported codecs — even subtle timing patterns. Combine enough of them and the result is close to unique.
Browser-level vs device-level
Privacy-focused browsers (Brave, LibreWolf, the Tor Browser) deliberately fuzz many of these browser signals, and that helps against websites. But native apps — game launchers, Discord, Steam — read deeper hardware identifiers directly, and a browser extension cannot touch those.
Where an HWID change helps
Changing your hardware identifiers addresses the device layer that browsers cannot. It is worth being precise about what that covers: a software HWID change rewrites the identifiers it safely can — Windows IDs, the disk volume serial, network adapter (MAC) addresses. Firmware-level values such as the GPU and CPU identifiers are not changed by software, so this is a strong layer of privacy, not total invisibility.
A realistic privacy stack
For tracking that genuinely matters to you: a fingerprint-resistant browser for the browser layer, an HWID change for the device layer, and a VPN for the network. No single tool covers everything — privacy is the combination.