I am asked about my opinion in a case as follows:
Someone visited a (totally legal, in fact US government) website A and identified themselves. At a very different point in time they – allegedly – visited a (doubtlessly very) illegal website B.
US law enforcement claims there is no doubt that the access to B was by the same person/from the same PC as the access to A. If the identification were based on the client’s IPv4 address (outside the US!), say, I’d argue that these are typically reassigned to new client’s every few hours or days (not to mention shared/NATed use by multiple entities, including WiFi guests), hence is at most very weak evidence. In addition, it currently seems that the non-US ISP was not asked to reveal the identity of their customer associated with the IP in question at the point of time in question. Rather the claim of identity is by comparison with said access to A. Meanwhile, it seems that the identification is not claimed to be done by IPv4 address, but rather by something referenced as a “GUID” identifying the PC. I am not aware of a standard or wide-spread use of any such GUID in any internet protocol that would allow cross-site identification between sites that do not even wish to collaborate on such an issue.
Note that the term GUID was specifically mentioned, i.e., we are not talking about browser fingerprinting or cookies.
Q: Is there anything “GUID-like” that can act as described to identify a PC/device across multiple unrelated(!) sites? In TCP? In http? In TLS? “Anywhere else” in the process?