Probably UUIDs based on fingerprinting the browser/machine. With enough js there’s usually enough to qualify a person’s activity as unique even with minor changes regarding updates or whatever. You can mitigate it by changing user agent strings or disabling some/all js or site permissions, but they can also block you from using the service for doing so, so ¯⁠\⁠_⁠(⁠ツ⁠)⁠_⁠/⁠¯.