Just to see what I could find I fired up something called MITMProxy, essentially a local HTTPS/SOCKS proxy, and with its inspection certificate installed I can now snoop all HTTPS traffic leaving my machine.
I then left a review of an airport I purchased for 2024, and inspected the traffic sent.
"CustomTags": {},
"Events": [
{
"CustomTags": {},
"Entity": {
"Id": "<HEX characters here>",
"Type": "title_player_account"
},
"EventNamespace": "custom.title.C1771",
"Name": "MarketPlaceItemRated",
"OriginalId": null,
"OriginalTimestamp": null,
"Payload": {
"Body": {
"BuildID": "1.6.34.0",
"BuildType": "Master",
"EventSequenceID": "55",
"GameBranch": "LIVE1.0",
"HitchCount": "100",
"IsInFlight": "0",
"IsOoF": "1",
"ItemID": "fs24-creativemesh-johnson-creek-3u2",
"PlatformID": "6",
"PlayerSessionID": "6A26D6F0-4DD0-471B-92F1-3F8E543BFCB9",
"Ratings": {
"global": "4",
"realism": "3",
"technical": "4",
"visual": "4"
},
"SandboxID": "RETAIL",
"SubSessionID": "2253AC97-EDA2-1ACF-00E3-5BFD151F44E5",
"Success": "TRUE",
"Tag": "SIMUPDATE4",
"Variants": [
"a07cb9"
]
}
},
"PayloadJSON": null
}
]
}
You can see some identifying information here. My player ID, which I have munged, the product in question, and my “review” under ratings. Asobo/MS can 100% identify who reviewed what, and even if multiple reviews were made under the same session or not. Couple that with their HTTPS logs, and you have an IP address as well.
If anyone wants to have a play around with that, its easy to set up, just make sure you disable the system proxy when not actively testing with it.