You realize that whenever a user visits a page that uses AdWords, AdSense, or login via Google, they download a script file from one of those domains, right?
So a user can log into Google and then log out, tying that header data to whatever PII Google has attached to them, and future visits to any sites using those and probably other services can be attached to the individual, despite them having intended to be logged out of Google services.
So a user can log into Google and then log out, tying that header data to whatever PII Google has attached to them, and future visits to any sites using those and probably other services can be attached to the individual, despite them having intended to be logged out of Google services.