Can two different instances of Firefox Profiles be tracked to the same machine?

Question

I am running some headless tests with Selenium & firefox to login to some website. If I switch between separate firefox profiles in the same browser to login to separate accounts on the website is there any way besides IP tracking to track my connections and find out it's all on the same machine (on which the Selenium script is running)?

What I am doing:

profile = webdriver.FirefoxProfile('path/to/profile1')
driver = webdriver.Firefox(profile)
driver.get("website.com")
#connect as user1 on website & do stuff...
driver.quit()

profile = webdriver.FirefoxProfile('path/to/profile2')
driver = webdriver.Firefox(profile)
driver.get("website.com")
#connect as user2 on website & do stuff...
driver.quit()

EDIT: In other words, Given the code above and excluding IP tracking can website.com figure out that the accounts user1 and user2 are actually on the same machine(hence one person with 2 accounts) ?

Answer 1

Multiple Firefox profiles

A profile in Firefox is the collection of settings, customizations, add-ons, and other personalizations that a user has made or installed into their copy of Firefox.

Reasons to have multiple profiles

The casual user may want to have different profiles for different family members. Having different profiles would allow each person to have his or her own set of bookmarks, settings, and add-ons.

Web developers might want a secondary profile for testing websites, apps, or other projects on different Firefox channels. For example, you might want to have some extensions installed for Web development, but not for general-purpose Web browsing.

For QA, testing, and bug triaging contributors, you may want to have multiple development versions of Firefox installed, each with its own profile. Creating new profiles for testing can keep you from losing your preferences, bookmarks, and history. It takes little time to set up a new profile, and once it is complete, all of your Firefox versions will update separately and can be run simultaneously.

Bursting the Myth

So multiple instances of Firefox Browser Clients with multiple Firefox Profiles can be run simultaneously. So your assumtion of ...If I switch between separate firefox profiles in the same browser to login to separate accounts... is incorrect. The Web Browsing Client variant might be same i.e. Firefox but each of them will inherit different set of preferences, bookmarks, and history.

---

User Agent

Your User Agent tells every site you visit what browser you're using. Sites are able to detect your UA and redirect to a more fitting page for your browser if desired. In other words, if you go to a site with this detection in place from a mobile phone the site might detect you are a mobile user via the UA and redirect you to their mobile site if available. This doesn't work on all sites becuase not all sites have UA detection in place.

UAs also tell the sites you're visiting some browser related software which you may have installed. For example, this UA:

(Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; GTB6; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; InfoPath.2; .NET CLR 3.5.21022; .NET CLR 1.1.4322; .NET CLR 3.5.30729; OfficeLiveConnector.1.3; OfficeLivePatch.0.0;) 

Tells us that the visitor is using Internet Explorer 8, Windows Vista, has Media Center PC 5.0 installed, Office Live Connector, etc. So if we had a special section for Vista users, we could redirect this person based on the Windows NT 6.0 string to a sub section in our site related strictly to Vista. On the other hand, this User Agent:

Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3 

Tells us the visitor is using FireFox 3.5.3 and Windows Vista. Not much else.

Having the knowledge from above, User Agent Spoofing is used by many programmers that don't want people to know how they're getting to the site(s). Some programmers will find legitimate UAs and program their script to use such UAs. UAs can be blank, or contain custom information like a URL to a site that might promote a particular browser or script.

---

Update

As per your question update ...can website.com figure out that the accounts user1 and user2 are actually on the same machine... I am not sure if User Agent carries the Browser Profile information. However based on the different User Agents different parameters can be extracted. As an example, for a user-agent string e.g.:

Mozilla/5.0 (Windows NT 6.2; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36

Different User-Agent detection library thinks as follows:

• According to useragent v2.1.9:

  • ua

    rawUa: Mozilla/5.0 (Windows NT 6.2; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36
    string:
    family: Chrome
    major: 70
    minor: 0
    patch: 3538
    device: Other 0.0.0
    

  • os

    string: Windows 8 0.0.0
    family: Windows 8
    major: 0
    minor: 0
    patch: 0
    

• According to ua-parser-js v0.7.11:

  • ua

    ua: Mozilla/5.0 (Windows NT 6.2; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36
    

  • browser

    name: Chrome
    version: 70.0.3538.102
    major: 70
    

  • engine

    name: WebKit
    version: 537.36
    

  • os

    name: Windows
    version: 8
    

  • device

    model: undefined
    vendor: undefined
    type: undefined
    

  • cpu

    architecture: amd64
    

• According to platform.js v1.3.3:

  • ua

    name: Chrome
    version: 70.0.3538.102
    layout: Blink
    

  • os

    os: Windows 8 64-bit
    

  • device

    product:
    manufacturer:
    description: Chrome 70.0.3538.102 on Windows 8 64-bit