I recently played an investing simulation game called Compoundle, which I discovered through an ad. After a few days, I decided to replay some previous sessions, but I opened a new incognito window to do so. To my surprise, the game recognized me and showed the same scores from my regular browsing session! I was under the impression that incognito mode would be more private, but even after switching networks and using a VPN, it still figured out who I was. Can someone explain how this tracking is happening even without any identifiable information? I'm really puzzled by this!
2 Answers
I actually ran some tests, and I found a JWT (JSON Web Token) stored in Local Storage, which contains your user details and play history. Once it's there, even deleting it doesn't get rid of it for a new session. It's definitely something they're using either as an anti-cheat measure or for tracking purposes.
It sounds like they might be using browser fingerprinting. It's a technique where the site gathers information like your device's specifics and screen settings to create a unique ID for your browser. So even if you go incognito, they can still recognize you by those details.
Thanks for the insight! I didn't realize fingerprinting could function so independently. It's strange that it can act as a standalone identifier for authentication.