[toyg]

Even just your UA string is enough in most cases to make educated guesses. See here: https://www.eff.org/deeplinks/2010/01/tracking-by-user-agent... . The server will get that UA string, and it can make subsequent calls (or serve you content that will automatically make calls, like hidden <img> tags...) to further restrict the search space. You can have middleware that does this transparently.

I'm not in that particular market, but I know people who are and tbh more often than not I think it's an arms race the individual simply cannot win. Unless there's a conscious effort from browser-makers to actively counter tracking practices, you should assume everything you do on the web is public and can be tracked by multiple parties.

[krick]

But the question is if GA and others actually accept these kind of requests: remember that someone with such and such UA (or IP, or whatever) has visited that website? And if people actually use it? I still have my doubts that tracking someone by UA is possible — there will be collisions for the large part of the market — but that some analytics service is actually doing it? It's easy to track me if Google can "reach" to the client side when visiting some website: they can use cookies, all HTTP-request data, even flash-cookies maybe. It's a no brainer to track individual with information like this. But guessing who is who just by UA? This doesn't seem that trivial, so I wonder if they really do that.

[malka]

Not just the UA, but there are ways : https://panopticlick.eff.org/