3

I created a virtual machine with a clean Windows install on it. On that PC I create a virtual switch and I link it to one of my Wi-Fi boards. I disable IPv4 and IPv6 on that connection so I am not able to connect to the internet from the main PC, only from the virtual machines. I create a hotspot from a phone and connect to it.

Then I create another virtual machine with a clean Windows install on it. I connect it to the same virtual switch that is linked to the Wi-Fi board that has IPv4 and IPv6 disabled, and I create a hotspot from another phone.

Different phones with different IP's.

I created a user account on a certain web site from one virtual machine, and when I want to create another account from the second virtual machine the web sites said that there is a security problem and my new account could be linked to another account. Asking about it they said that the devices from which I am trying to connect might have been used by another user.

How do they know?

schroeder
  • 123,438
  • 55
  • 284
  • 319
user203516
  • 41
  • 3
  • You do not provide any details about what info you provided when you registered. Can you expand on that part? This might not be a technical issue at all. – schroeder Apr 02 '19 at 21:48

1 Answers1

6

Tricky question! It will be hard for us to give certain answers, we may only guess that they might employ fingerprinting techniques that match in both VMs. For example, the VMs might both have have the same operating system, user agent string, set of fonts, give the same canvas fingerprint, have similar CPU performance, etc. It might also be that they found the local IP address to be in the same range, if that was obtainable via WebRTC.

If you did the IP routing correctly (such that the IPs that you used are not the same), and the VMs are indeed clean (so there are no cookies or localStorage), and it's not a very esoteric setup (so your user agent by itself is already unique), then as far as I know, they can only rely on fingerprinting techniques.

You say you 'registered': maybe the email address domain matched as well? When all these factors are combined, it may give a pretty accurate result.

Note that the VMs can very easily become unclean. If you checked that the IP addresses differ by going to tell_me_my_ip_please.com, that website might have tracking scripts. A Like button from Facebook, Google Analytics, an embedded YouTube video, advertisements, etc. are very widely used and can all track you. If you did this to check that it works and then clone the VM, you now have two linked VMs. If you did not, then they'll not be able to link the VMs directly, but they may also do the fingerprinting and combine the information of "no cookies, using this operating system and browser, from this country, etc." into a profile like "probably a white male from Belgium". This information is often reported to website owners, and could also loosely link your visits. It's a little more far fetched, but could be an additional datapoint on which they based their decision.

You might get a better answer if you are able to share the software/website you were trying to use, but from your question it sounds like it's a small, commercial party that might see this post and identify you, so I assume you can't share that.

Luc
  • 31,973
  • 8
  • 71
  • 135