Every device a person uses carries identifiers that, by design, persist longer than any single login. The advertising identifier on a phone is one. The hardware MAC address of a network card is another. The serial numbers of various components, the cryptographic identifiers used by operating systems for trust, the device tokens issued by app stores: each of these stays with the device through restarts, account changes, and reasonable efforts to reset.

Many of them can be reset, but not always cleanly. An advertising identifier can be regenerated by the user; the regeneration is itself a signal that some watching systems treat as worth noting. A device fingerprint composed of many small attributes (the exact combination of hardware, software, settings, and timing) is more robust than any single identifier because it is not stored in any one place that can be erased.

The identifiers travel with the device through the systems that interact with it. An online retailer learns the device that visited it; an app records the device that installed it; a network operator sees the device that connected to it. The records are kept for the operator's own purposes and are often shared, in some form, with third parties.

A person who uses several devices is identified, with reasonable confidence, across them by the patterns of co-use: which device logs into which account, from which networks, at which times. The pattern is more identifying than any single device would be.

· · ·

The desk reads device-level identifiers where they are visible to outside parties and where they bear on a client's present exposure. The work is, in part, to understand what a typical commercial system already knows about a person before any deliberate effort to find them has begun.