The more you try to hide, the more attention you attract. -- Anon - the movie
Anonymizing one's self is difficult. Technology companies are coming up with surprising ways to bypass the cloak of 'leave me alone' we attempt to wrap around ourselves. From a news group, here is an interesting mechanism describing the continuing escalation:
The statement of purpose:
To augment what many already have said here - it's a tie between IP
address and household address and name/surname that should not be
public, the address itself is mostly harmless and it doesn't matter if
it's static or dynamic. Tracing gets done on L7 and above anyway
The statement of bypass:
In the current state of the web, if a user gets a new address, the
various web surveillance mechanisms will associate it with the previous
user identity and context after maybe a dozen web queries or two. That
gets better if the user has a strong defensive posture, blocks web
trackers, etc. But it just takes one cookie, or one login, or some other
inference, and poof, the surveillance databases know that new_address_X
is the same user as old_address_Y.
The case of the household is even worse. It takes only one cookie,
login, etc, and the surveillance databases will learn that new_prefix_P
is the same household as old_prefix_Q. Even you run Ghostery or Privacy
Badger or the latest release of Firefox, you won't escape if you share a
prefix with someone in your household who doesn't. Or with one of those
surveillance devices that masquerade as thermostats or light switches or
voice assistants.
So that's pretty bleak. If you want defense, you probably want to
allocate different /64 prefixes to different devices, and change them
really often. You may not need to change them for every devices -- no
point providing privacy to the surveillance thermostat. But for your
laptop, your tablet or your phone, they to change before the
surveillance advertisers see you access a dozen web pages or two.
-- Christian Huitema
To help the discussion of how matching identifying information can be quite easy, take the following tests with your browser:
Background info on browser fingerprinting and tracking:
To finish things off, another quote from Anon - the movie:
It is not that I have something to hide, it is that I have nothing I want you to see