OK, but how do you account for changing IP-Addresses? You would need to take one identifier that never changes.
Maybe they have machine learning which combines a couple of factors and then create long-term profiles based on the likelihood of some data belonging to the same person.
That’s what shadow profiles are: they are not necessarily illegal (depends on jurisdiction, illegal under GDPR), they act on probabilities (this particular set of data identifies a person and is significantly different from/similar to other sets of data), they look for patterns in data and behaviour (a user with browser fingerprint A from Pasadena that looks at youtube videos of category X yesterday and today is likely to be the same person even if IP changes)
Maybe they have machine learning which combines a couple of factors and then create long-term profiles based on the likelihood of some data belonging to the same person.
That would be illegal though.