Before migrating to Lemmy, I decided to request a copy of the data Reddit has on me.
To my surprise, the export includes a file ip_logs.csv with a list of all IP addresses that I used to connect to Reddit for the last 3-4 months!!
That seems quite unnecessary.
When using a browser they can get your user agent (https://www.whatsmyua.info) They can also get some information about your device, like pixel resolution, screen size (https://www.whatismyscreenresolution.org), gpu (https://hardwaretester.com/gpu) etc…
All of those data combined make a fingerprint for your browser, that can be more or less unique.
I recommend having a look here for more information about how fingerprinting works and how to protect from it, and to see how “unique” your browser is (https://coveryourtracks.eff.org).
When using an app, it’s a whole lot more complicated to escape from it, but one step I can recommend, is to delete your phone advertisement id (https://www.eff.org/deeplinks/2022/05/how-disable-ad-id-tracking-ios-and-android-and-why-you-should-do-it-now).
That been said, from my own reddit gdpr export, it doesn’t look like reddit is doing any fingerprinting of that sort. I haven’t looked so close at it yet, however.