[mrybczyn]

Eh? That assumption of "not associating my personal identity" doesn't actually work. Your profile IS your personal identity, and can be associated trivially. If not algorithmically, then via one connecting piece of information supplied by various databases and no such agencies. You're living in a dream.

[dmix]

> Your profile IS your personal identity, and can be associated trivially.

I'm hardly new to his stuff and to say it's trivial is nonsense. Most people make it trivial but it's not trivial to associate identities of people who put basic effort into obscuring them.

Merely disconnecting your primary profiles from your online activity is enough to throw most mass-surveillance/drag-net stuff off, aka 99.9% of advertising firms and most government programs.

If you're an activist or someone interested in keeping your internet activity private then the bar is far higher (and the targets of which are ever expanding as governments and private organizations get better at this stuff). FBI agents, or likewise in your country of residence, have plenty of forensic tools at their disposal to connect disparate identities. It takes some real time investment and requires being super careful to evade these measures. But I'm not talking about that here. I mean the average person in 2017.

I've personally done the total anonymity stuff as an experiment so I know what that takes.

Having studied many documents from the various global national security organizations and being fortunate to have dated a defense attorney in the past who engaged with police surveillance reports on a daily basis for their work I'm convinced that even basic privacy measures such as never using your real identity when using internet services, creating full legitimate sounding backstories (and subsequent online profiles) for your fake identity, and changing the ID you use often enough will throw off most basic surveillance measures.

I'm not doing anything to get people really invested in uncovering my online identities, as most people aren't, which is what I'm talking about.

The simple fact is the vast, vast majority of people reuse the same username (and passwords) across the internet and use their real name and emails everywhere. So it's really not hard to track people online from an LEO or 4chan doxxing perspective.

But I'm not convinced you have to be isolated from the utility of most online (cloud) services. You just have to invest in using them intelligently to not associate your actual identity with the services.

Ad companies aren't interested in deanonymizing people anyway. They are looking for low hanging fruit and there are more than enough people to fill databases who fit this profile. So I'm not that concerned about those who don't.

[mcbits]

It's not trivial to match any arbitrary profile with an offline identity, but it is possible to cluster pseudonymous profiles into "almost certainly the same individual" by patterns and peculiarities in how they use their devices. If the same patterns later show up for an identified user, they can be linked with high probability.

With the sites Google runs plus running their own JavaScript on a sizable fraction of other people's web pages, they can pick up a lot of patterns, many of which would be inaccessible to police and intelligence surveillance.

Some people have nervous habits like moving the mouse around, clicking/tapping on whitespace, scrolling up and down, etc. Some always/never use the scrollbar. Some always/never open links in new tabs. Some tend to put the adjective before/after the noun in their searches. Some will rapidly open up the first 5 search results in new tabs. Some always disable instant search, and some of those change their settings to 20 or 50 or 100 results. Some use search features like the calculator, searching for "weather", stock symbols, etc, and others never do.

[teaneedz]

> Ad companies aren't interested in deanonymizing people anyway.

Seems to me that there is a huge monetary aspect to matching online activity with real identity.

"deanonymizing" is trivial but ad tech is poison to any level of "privacy", filter bubbles and fake news propagation.