[ogeiczvm]

> Of course, you could mitigate this by setting up your own VPN on something like Linode, but unless you're regularly rotating IP addresses, you've just traded a pseudo-identifier that multiple people/devices share for a persistent identifier.

This actually happened to me. I'm using a persistent VPN (50% to access my private infrastructure and 50% because I have a hostile ISP).

I mostly don't use any Google services (maybe one google search a month and the occasional google map search but I avoid when I can) and I was very surprised when once I did a google search and saw my postal code at the end of the page. The IP address was for a VPS (in the same city but with a different post code). I found it unusual but didn't pay too much attention. A few months later I moved places (different post code) and after a while google had my new post code at the end of their search page. That's when I found it troubling and assumed that a family member's iPhone was using Google Maps and based on the 'directions' usage they figured out that that IP address has a home address for those GPS coordinates. (The iPhone in question is reasonably 'hardened' with background updates off and location services only 'when app opened' and disabled for most system services). That was the only plausible correlation between IP address and location google could have done automatically - neither I nor the said family member no longer login to old google accounts we had many years back.

That's when I started rotating IP daily (which is trivial in my case as I use lightsail, I issue a shutdown from a different server and then a power on, AWS rotates the IP automatically out of a very large pool - so far I haven't gotten the same IP twice).

The only problem I have with lightsail is that I often get a 'dirty' IP so I rotate 4-5 times before getting a good one (I test this by going a curl on a website that sends google captcha on dirty IPs but lets the 'good' ones straight in).