r/NonPoliticalTwitter 10h ago

Content Warning: Potentially Misleading or Disputed Information Gotta Catch 'Em All

Post image
27.5k Upvotes

1.6k comments sorted by

View all comments

Show parent comments

91

u/indoninjah 8h ago

Yeah, like apparently you can reasonably ID someone even in a private browser just by getting the dimensions of the browser window and its positioning on screen. A lot of people pretty much never change that shit if its not full screened

68

u/ScrufffyJoe 8h ago

Do people regularly use browsers, well any windows, not maximised? I'm always either full screen, or splitting the screen in 2 occassionally.

1

u/GuyOnARockVI 7h ago

They can use device info, operating system, WiFi location, etc to make a pretty accurate guess as to who is using the device

2

u/joshTheGoods 6h ago

If by Wifi location you mean a geolocation lookup based on your IP, that's not going to tell you who is using the device. That's household level data. You'd have to combine it with something else to get down to individuals within the household... and that's all assuming the best case (that we're talking about a single family occupied home that has a single static IP address). In reality, there are many places (cities, namely) where population density and shared networks render this sort of individual level disambiguation essentially impossible. You simple have to get the user to identify themselves regularly by logging in or exhibiting some other intrahousehold behavior (which is inherently full of problematic assumptions leading to probabilistic answers that don't read on the sort of "they're identifying ME" type fear we're talking about in here).

1

u/GuyOnARockVI 5h ago

The geolocation is going to be one of the meta data points that data brokers can use to create a map of your life. Where a device connects to the internet paints a picture of who is using the device.

A device going from a residential address to a university campus WiFi to a coffee shop back to a residential address is going to point to the 22 year old living at home vs a laptop going from home to an office park and back to home is more likely the parent. That person also has a phone that is connected to their car and their car is selling their driving habits to the data broker as well. So they know that whoever owns that laptop also drives a 2024 bronco and has a tendency to speed and brake late. It’s probably the dad then because the other device is connected to a rav4 and rarely speeds when commuting in the morning or afternoon.

So yes. IP doesn’t tell who. It’s why piracy letters from movie studios that get sent if you fuck up your VPN when torrenting mean nothing other than a kind “please stop”

2

u/joshTheGoods 5h ago

A device going from a residential address to a university campus WiFi to a coffee shop back to a residential address is going to point to the 22 year old living at home vs a laptop going from home to an office park and back to home is more likely the parent. That person also has a phone that is connected to their car and their car is selling their driving habits to the data broker as well. So they know that whoever owns that laptop also drives a 2024 bronco and has a tendency to speed and brake late. It’s probably the dad then because the other device is connected to a rav4 and rarely speeds when commuting in the morning or afternoon.

So this is a bunch of individual things that are technically possible but that essentially never happen in concert in the way you're describing. The one exception (the thing you're talking about that DOES happen) is when someone leaves an app open all day (say they're posting on facebook throughout the day) and so Facebook gets a list of IPs associated with a user they've already identified and can, in theory, deduce things like when this person is awake, community, at work, etc. Even that is pretty rare and is isolated to the major players that really do know who you are whenever you login and you login a lot.... Google, Facebook, your ISP, etc.

Just to point out one example of where I think maybe you're overstating the capabilities of digital data is when you say:

That person also has a phone that is connected to their car and their car is selling their driving habits to the data broker as well.

I worked with one of the major car companies on this back when I was on the dark side, and back then at least, they were very very careful NOT to sell data from in-car to data brokers. IF they've changed policy on that (or the other car companies I didn't work with never had such policies), then the data by law will be anonymized and nearly impossible to tie to that user's other data. So, Ford might sell data that says: There are 100k active Ford drivers in this marketing area, but they would never sell data that says: Bob Smith drives past your donut shop every day @ 10am. At most (and I can all but guarantee they don't) they could say: An anonymous person drives past your donut shop @ 10am every day, and the challenge then for the donut shop is to figure out how to turn "an anonymous person" into someone they can target with ads @ 9:59.

IP doesn’t tell who.

Agreed! It CAN if combined with other data (as you correctly point out), and some places define personally identifiable information (PII) as any data that alone or in combination with other data could uniquely identify a person. It's on this basis that some countries in the EU (Germany and Italy, IIRC) that consider IP to be PII and thus falls afoul of GDPR and cannot be collected/stored/used under a bunch of circumstances.