Something really freaky happened to me back on Reddit. I don’t think I posted anything that was too personally identifiable. About as close as I’ll get is saying that I live in red-county in Colorado and am a Broncos fan. Then one day on a fairly niche gaming subreddit, I mentioned how close something in the game was to a nickname that people called me at work, and said something like “hopefully my coworkers never find out about this in the game or I would never hear the end of it.” Then someone responded, “see you at work on Monday [my first name] ;-)”
I still have no clue how that happened. I went back through every comment I had ever made and not once did I post where I worked or what my first name was. I’d never once told any of my coworkers my reddit user name either. It was a bit of a privacy eye-opener for me to realize that even if I thought I was posting anonymously, someone could still potentially find a way to tie my online persona to me.
The simplest explanation is probably that even though the subreddit was niche, the reason you are on it is connected to your demographics, which you share in common with coworkers, making it more likely for one of them to also be browsing it.
Might be worth your time to go to the gaming subreddit on your web browser and then use the development mode of the web browser to inspect all the cookie data.
The company might be putting more information in there than they show on the screen, that could be available to anyone who can do a search on their website for your characters name.
For example, once I was playing World of Warcraft on an alt, and I argued with a tryhard player about being nice to other players. The WoW Armory, when you look up the alt’s name, adds in its cookie/memory the name of all the other characters for that same account (to populate a drop-down selection). So that guy started harassing me on my main character without having never knowing its name.
Was that guy the owner of the wow armory? Because otherwise…
No, he was another player/customer. See below.
how did they get your cookie store inside your browser?
When you pull up a character on the Armory inside of the cookie/memory information was a list of all the other characters for that same account/character. And anyone can pull up any other account characters name on the Armory.
My guess is the list of all the character names for the account was there so if you wanted to switch between one character to another from a drop-down UI object.
My point is developers can leak additional information assuming that users can’t see it because it’s not displayed on the UI, but if somebody goes into the developer mode on the browser they can inspect all the memory/cookie information for that web page.
Finally, this was a long time ago, so who knows if it still works that way today or not. My point of mentioning it was as an anecdote on how additional information can leak in ways we wouldn’t suspect.
Something really freaky happened to me back on Reddit. I don’t think I posted anything that was too personally identifiable. About as close as I’ll get is saying that I live in red-county in Colorado and am a Broncos fan. Then one day on a fairly niche gaming subreddit, I mentioned how close something in the game was to a nickname that people called me at work, and said something like “hopefully my coworkers never find out about this in the game or I would never hear the end of it.” Then someone responded, “see you at work on Monday [my first name] ;-)”
I still have no clue how that happened. I went back through every comment I had ever made and not once did I post where I worked or what my first name was. I’d never once told any of my coworkers my reddit user name either. It was a bit of a privacy eye-opener for me to realize that even if I thought I was posting anonymously, someone could still potentially find a way to tie my online persona to me.
Most likely scenario is they saw you browsing Reddit at work and saw your username on the screen. Reddit leaves the username out on the main page.
The simplest explanation is probably that even though the subreddit was niche, the reason you are on it is connected to your demographics, which you share in common with coworkers, making it more likely for one of them to also be browsing it.
Might be worth your time to go to the gaming subreddit on your web browser and then use the development mode of the web browser to inspect all the cookie data.
The company might be putting more information in there than they show on the screen, that could be available to anyone who can do a search on their website for your characters name.
For example, once I was playing World of Warcraft on an alt, and I argued with a tryhard player about being nice to other players. The WoW Armory, when you look up the alt’s name, adds in its cookie/memory the name of all the other characters for that same account (to populate a drop-down selection). So that guy started harassing me on my main character without having never knowing its name.
Was that guy the owner of the wow armory? Because otherwise… how did they get your cookie store inside your browser?
No, he was another player/customer. See below.
When you pull up a character on the Armory inside of the cookie/memory information was a list of all the other characters for that same account/character. And anyone can pull up any other account characters name on the Armory.
My guess is the list of all the character names for the account was there so if you wanted to switch between one character to another from a drop-down UI object.
My point is developers can leak additional information assuming that users can’t see it because it’s not displayed on the UI, but if somebody goes into the developer mode on the browser they can inspect all the memory/cookie information for that web page.
Finally, this was a long time ago, so who knows if it still works that way today or not. My point of mentioning it was as an anecdote on how additional information can leak in ways we wouldn’t suspect.