Today around 12:00pm EDT, a post was uploaded to r/whenthe by u/concussionmaker_91 about how despite their multiple privacy measures, Reddit was still able to ping their location and show them an ad about a business in close proximity to their house. Then, in less than 2 hours after the post when live, their year old account was permanently banned. 
Redditors in the comment section used a website called SnooSnoop to see if this account has done anything malicious in the past that may be grounds for a ban only to find nothing. 
I don’t think this is a mere coincidence and some comments I read on the post may be there to dismiss the situation.
I’m currently working on archiving the post and comments in case Reddit decides to try and erase this entire situation from the web, I’ll attach the files when I do.
That identifies the user sure, not location. More likely, the VPN was off at one point and reddit logged their known location. Just ignore the IP and take the last known personal location.
Guys logged in so fingerprinting isn’t needed. They already got the guy. They’re still fingerprinting though
It can identify the user and their hobbies, schedule, device, and all sorts of info depending on how careful the user is. Not too far of a leap to match it to a non vpn fingerprint with a known ip and location.
If they can identify the user’s computer, they can cross reference against all the other tracking metadata available. Since they know the browser down to the individual, they also know the predominant IP of said browser and can link your actions from before and after the vpn/proxy account was created.
As long as javascript is running they can track your mouse movement, which is similar to people’s gait when they walk. it’s unique, it’s identifiable. You can probably fuck with them by using a trackball on one profile, but once they link that trackball movement to your profile with other metadatas then the cat is out of the bag and you’re permanently known to Reddit and whoever it sells it’s data to.
As much as people will claim “just disable javascript!” - you’ll find that you practically cannot use the internet without it… and having JS disabled makes your fingerprint even more unique as few disable it carte blanche.
Basically, once they have a shadow profile of who you are it’s just a matter of time for them to link any account created to it. I suspect almost everybody’s shadow profile is quite complete.
Good thing I have never looked at anything questionable on Reddit…
Gonna need a source or a reference for that second part. Yes, I’m very aware that your mouse movement can be tracked, so we can skip that part.
Just look up mouse fingerprinting.
This was one of the first results for me.
The rest were companies selling user deanonimization solutions that use mouse fingerprinting.
^ Not to mention that considering how privacy conscious the OOP was there’s a good chance they had some way to limit IP tracking. When I verify log-ins for 2FA the approximate location shown in emails is rarely in my city much less close enough to pin any business near my home.
It just takes one time logging in without having VPN enabled for your account to be associated with a location. Their ad network probably filters out known VPN IPs, or IPs from countries where there are no ads to serve up, which might leave the only valid IP address associated with their account to be used.
Or it’s just a bakery they’ve looked at online, and that has been packed into their advertiser profile.
So might not have anything to do with location. Also, most VPNs are data brokers. Which is why Israel has been buying them up.
True. Weird a supposed privacy conscious dude doesn’t have an arblock and/or a tracker blocker to minimize that risk.
Ublock, Firefox, and Ghostery are friends
Not ghostery. uBO is fine by itself.
It IDs the user which is then matched to the last known location of that user.