How did FB know it's me when...?

I think you have to accept the possibility that even though it feels like FB knew its you, it was a coincidence brought on by FB having billions of data points to serve recommendations that can make you think this.

I am also a bit confused as to why you are so surprised they might know its you. Outside of using Mullvad, nothing you mentioned is going to help keep you anonymous. For all we know (as there is not nearly enough information for anyone here to provide anything more then a guess) there was a tracking pixel from your other “hardened FF browser” that outed you.

You did not answer the question, How are a webserver is being able to see a user MAC adress ?

So the search you did for niche product was on ubuntu - and on a separate browser, on same ubuntu instance, Meta was used?

I respectfully disagree. Sad to say there are some workers in a number of platforms that will throw coincidences at you for the rest of their lives. I have dealt with some five years now and my husband witness. They started off with credible death threats. They threaded 8 people together to come up with ways to harass. Had stalking data through discussions with ex boyfriends and friends. One is reasonably confirmed in Google - Apple- Simplisafe. Pray you do not get on their radar.

Same IP adress, same time zone, same fonts list, so a partial fingerprinting ?

That"s my guess.

Or your curtains were open.

I am a bit unclear on what you are disagreeing with. Are you saying there is no chance of OPs situation being a coincidence? I dont think there is nearly enough information to make a determination like that.

Is the glass full or empty. I have five years proof 3 companies have workers (at least) that are granted access to three systems. (Simplisafe/Apple ML/Webkit/Google Metadata at min) who cannot be trusted to explain motive/intent for severe stalking, death threats, intimidation and harassment. Every time you are not believed - it is dismissed as coincidence- there is in fact no help.

If you want to help them you have to err on the side of believing the concerned party until there is reasonable info to disbelieve.

People legitimately stalked and having privacy invasion require this. Else, we are not doing privacy- we are doing evasion. Which is fine - yet best to be honest about why we are taking the extraordinary measures and visiting this privacy specific forum to collaborate.

He wants to know how Facebook can know and I do not think we have enough information.

I can attest there are a lot of ways Facebook can know that are both technical and non-technical.

What are all of their techniques in inventory?

For me, there are physical- actual collab with people who know me, a window trick my husband and I have yet to figure out.

As well as logical- an alarm system company coordinating. Is a Facebook employee involved? Yes when I had an account they had my data takeout enabled and disabled my sisters and had edit procedures to how feeds are prioritized and presenting info. The adverts and feed modifications were based on inputs from people, interviews, metadata access to other systems, card transactions, and sms scraping. There are probably other ways too. I stopped taking inventory and closed my account w them.

Regardless of probability- if you do not want to them to continue presenting their capability to you, you have to leave them.

If you want to stick around, and try to figure out what they are doing, start with the advertising settings under account management. The data takeout logs were useful to see what IP’s had connected. Some test pages someone had built. Some messages that were likely acquired. The logs in data takeout were so good for piecing together some connection history, they wound up disabling my sisters.

I never spoke out against Zuckerberg yet I have had issues with their news of breaches and some solid review of how they are willing to mess with privacy interested parties.

Once I figured out I was dealing with one of their workers I tossed them.

Problem here is that you have the 5 years of proof, we don’t. Undocumented anecdotal evidence is tough to go on, and on an anonymous forum isn’t going to amount to much.

Friendly reminder to always think of

One time could just be a (lucky) accident, even if it feels improbable.

When dealing with attacks from people in data analytics, science, social media, security or tech in general (which is a lot of people in the world now) - they have read this mantra publically for so long they design their attacks around it.

In terms of proof:

I have an attack where someone decided to make it quite political and span domains from legal, social, physical security, cyber, identity and access. The premise being (assumed) a wonky guy hired for security architecture had maliciously claimed to a senior exec I was part of an anonymous attack on a high profile individual. They did hundreds of tiny attacks (some have lethality involved with or without causation). In fact, to prove out most people will call you crazy or pontificate on probability/causation instead of simply believing the reports that would be made to over 30 entities. Some multiple times.

No one in the middle of a crime that would be obviously designed this way, because the behavior is so obvious (I have read correlation and causation on 20 platforms) - wants anything but to be believed and help with investigation and prosecution.

It is academic. I think every new party here should be asked why they are here as a bio. I am personally not interested in providing privacy to a person discussing correlation and causation, unless they have a plan to help fix incident response.

Honestly IC3 gov was useless and FBI came out with “did you take your meds” to a large scale incident which made me more than happy their orgs are having a regime change.

I can confirm Facebook should not be trusted- to whom am I proving it? I have no desire to prove it to anyone except someone willing to help pull together a case for prosecution.

Hmmmm, I think there are a lot of different threat models being thrown around and blending together. I think the topic will be focused if we stick to the threat model of remaining anonymous to corporations and advertising.

. I guess you could use Proton VPN extension but I don’t think there is a per site toggle.

Could you please elaborate? How so?

Could you please explain how that would be possible given I didn’t know of the product’s existence (or anything related to it) during my usage of FB prior to searching it a few mins prior to seeing the ad?

Are you saying it is impossible for it to have been a case of causation?

impossible ≠ improbable
it is ≠ could be

I’m not sure if anyone mentioned this. Wouldn’t fingerprinting + facebook pixel tracking still be possible if you logged in with a VPN that not a lot of mullvad browser users use?

If you don’t use a popular VPN like Proton or Mullvad for users of the Mullvad Browser, you could theoretically be more finger-printable. It also depends on which server you were connected to.

I’m no expert, but to me, that could maybe be a potential explaination.