The simple way would be to use part of the hash for the domain and part for the user. If you alternated bits it wouldn't be obvious.

I doubt it'd be worth spending the effort to target people with personal domains though, and it would have some negative effects, so your point is well taken.

If the hashing algorithm is known (and my guess is it is at least possible to reverse engineer it, if it isn't documrnted) then cracking a hash with a GPU may be quite feasible.

The hashing algorithm is well known, it’s unsalted md5/sha1/sha256. That doesn’t make it necessarily possible (sure, some cases yes, but not even most), let alone feasible, to rainbow table them.

Its pretty simple to crack unsalted hashes using rainbow tables, unless each hash is salted with a random distinct salt and if that is the case then these hash seem pretty useless. So how do tracking providers use these hash ? What other info is sent along with the hash ?

> So how do tracking providers use these hash?

They use it to match traffic across devices and IP addresses.

> pretty simple to crack unsalted hashes

Go ahead and rainbow table those hashes then. If you do it and are the first one to email me (email address in profile), I’ll pay you $100.