That’s how iOS Safari’s Password AutoFill works for both iCloud Keychain and third party password managers. Password managers can also supply a prebuilt list so that Safari handles everything, although custom widget handling user input is also allowed.
A browser-integrated password management API could make for a smoother transition to a future automated auth technology based on public keys, like WebAuthn
Just FYI, it's "carrier-grade NAT". And there are a lot of ways to associate people with each other other than their public IP address. The linked twitter thread doesn't even mention IP addresses, neither does the comment you responded to. I suspect IP addresses are already a pretty inaccurate way to link people with each other.
It likely doesn’t for IPv4 now that everyone has switched to HTTPS.
Many ISPs used to insert “client id” and other uniquely identifying information while NATting/proxying. Luckily, they can’t do that for https - but I wouldn’t put it beyond them to sell a back channel “connection xyz is unique user abc” service.
However, with the move to IPv6 , at least in my area, NAT is gone and static assignment is in. You just need to know the isp’s prefix length, and you get a unique identifier.
I think the question isn't so much how it works with that (as in you are pointing towards it just not working) and instead just how well it works with that.
Do you have numbers on how many consumers in say NA, various European countries etc are behind CGNs? I would guess most are used by mobile carriers (but I have no data) and I would gather that this particular technology is not going to be used to try and associate random mobile users anyway. It's more about who likely lives in the same household.
Google has that covered since many of those behind CGN are also on networks with native ipv6. Many mobile networks have already made the switch - dual stack to the handset with native ipv6 and ipv4 handled via CGN.
Googles interest in ipv6 isn’t entirely altruistic after all…
There are other identifiers that can work cross-device other than IP. Basically anything tied to you (identifying or not) that exists on both devices can be used.
Have you logged into a service or websites on multiple devices before? Then you voluntarily gave them enough data to link it.
Heuristics. Marketers do cross-device correlation only when seeing a small number of devices (ie. look like they could be part of the same household). If they see hundreds of devices behind the same IP it's probably a larger entity (ie. a company office).
But there are significant sums invested to fund research. In many ways it's a similar transaction to the VC. An investment into 'bad' research does not help the university or funding council reach their goals e.g. to raise their own funding or contribute impactful research to science. Hopefully, they are diversified enough for the bad eggs not to matter
Looks like they are prioritizing a path towards being a social influencer platform. To displace Twitter, Youtube, Instagram, does facebook even count anymore?
