What piece of information can websites retrieve that would allow for later identification without cookies?
Intro Out of interest I jumped into the rabbit hole of online marketing scams. The site I visited* used a system called Proof** to show ‘conversions’ (cq. signups) to visitors and I was curious if this system could be fooled, since the traffic I witnessed seemed way too high.
Case The Proof homepage made an assumption about my identity even though I visited all these sites whilst in incognito mode. The assumption was pretty accurate: it assumed my identity was the company someone I share my WiFi with works for. Both on desktop as on mobile it printed:
Easily personalize Companyname website for every visitor.
It even came up with the correct domain name, Companyname.tk
It did however fail on Tor, and printed the generic message:
Easily personalize your website for every visitor.
Question How could this site that I’ve never visited assume my identity almost correctly whilst without cookies?
1. I am aware of the possibility that this site gathers data through many other (junk) sites about things like browser use, screen size, device use, and location. However, this information alone is very generic (chrome, desktop) to make a prediction. In addition, I live in a densely populated area and this company does not the biggest employer of the area.
2. This prediction was just a lucky shot.
What piece of information can websites track that would allow for identification without cookies?
Thanks for reading!
EDIT: It was not my purpose to hide my identity, I am just curious on what data they could make this estimation. The incognito part is just interesting because it doesn’t allow for cookie-based predictions.
Everyone’s pointing at IP, so I believe my misconception (through sites like IP-lookup & rDNS that are 100 miles off) was that IP was not that specific.