There's a company, currently called Tie (meettie.com), formerly known as Revenue Roll, who promises to "de-anonymize your highest value web traffic", which in practice means that they give you an email address for retargeting, for a user who visited your site without ever explicitly providing any identifying info.
The old site had a blog post [0] where they explicitly said they were using fingerprinting, and even called it "privacy-compliant".
I'm sure they're not unique in the service they provide, but that was the first time I'd seen someone brag about browser fingerprinting.
It's pretty hilarious legalese and tells you nothing about what it even achieves. Maybe makes you a Very Important Marketing Target.
One thing that struck me was the 'Under penalty of perjury, I declare all the above information to be true and accurate'. Shame they seem to require validating request by email. It'd be fun to take a PII breach and throw all the emails you find at 'em.
Their opt-in doesn't work - go to a few of their customer sites (listed in their blog/success stories) and they make a lot of calls to revenueroll IPs without asking. Some of those call contain PII responses too. Trying to contact them, but they've been brushing me off
If you find the right API endpoint, you can spoof the `Forwarded` header to get different results. Big PII leak IMO but they seem to think it's intended behavior?
The old site had a blog post [0] where they explicitly said they were using fingerprinting, and even called it "privacy-compliant".
I'm sure they're not unique in the service they provide, but that was the first time I'd seen someone brag about browser fingerprinting.
[0] https://web.archive.org/web/20240527125312/https://www.reven...