Web tracking is a technique to remember and recognize past website visitors. Up to now, web tracking has evolved into three generations that co-exist in today’s web. The first-generation tracking adopts stateful, server-set identifiers like cookies to track web users. After that, browser fingerprinting—defined as the second-generation tracking—emerges, moving from stateful identifiers to stateless. Nowadays people are developing third-generation, cross-device tracking.In this talk, I will present our group’s research on web tracking and anti-tracking. In the first half of the talk, I will present a novel 2.5-generation tracking, which can track users across different browsers on the same machine. Then, in the second half of the talk, I will discuss an anti-tracking technique, which can defend against timing-based browser fingerprinting as well as other timing attacks.