• Welcome to the new Mac-Forums. See News and Community Announcements for more details.

A Web Site Mysteriously Knows Who I Am & Details About My Last Visit. Scary!

krs


Joined
Sep 16, 2008
Messages
1,689
Reaction score
35
Points
48
Maybe I should go back to iCab.

It did just as well as Brave in this test and seems to be quite fast - the app is only 16.8 MB

iCab test_800.jpg
 
Joined
Mar 15, 2006
Messages
1,101
Reaction score
12
Points
38
if you want to learn more about cyber security from an expert, this guy is the man. 4 courses are $50. best $50 I ever spent. This guy covers everything... over 50 hours of video, lifetime access. free certificate of completion. this is not a affiliate link so I get paid nothing for sharing this... I just feel strongly that every mac user can benefit from this course... regardless of your skill level you will learn something.

The Complete Cyber Security Course! - Station X | The StationX Cyber
 
Joined
Dec 5, 2008
Messages
591
Reaction score
15
Points
18
Location
Detroit
Your Mac's Specs
2007 Mac Book Pro 2.2 Ghz 4 GB RAM SSD OSX 10.11 & 2006 MBP Stuck At 10.6.8
Thanks for the link to StationX Cyber, Macgig. It seems to be well worth looking into.

Your iCab result looks a whole lot better than my Safari results, KRS -
Safari Set To: Private Browsing with DuckDuckGo extension. Preferences are set for Cookies from web sites I visit only.

Safari also shows No Extensions, but I have at least the DuckDuckGo extension. I don't know what others are hidden in here somewhere (none that i've added). There isn't a setting I have found for blocking ads, so I guess that is wide open. Also it's set for Never Save Passwords for any site.

Opera Browser with Private Window gave identical results as Safari.

Panopticlick screen shots for Safari are attached. The fingerprint entries with white rectangles, I blocked out.

Then I went to Safari - Preferences - Privacy - Manage Website Data. There are a zillion entries for trackers on the computer. Ironically, one is called "Do Not Track". So much for all of that "privacy" stuff. Even Twitter & Facebook are tracking, although I've never been to either domain.

When I opened Opera it went to a page telling me that Yahoo, Verizon and Google will track me and supply my data to "partners". It had a link to Opt Out, but the link was in German. I translated as well as I remember how and there was absolutely no place to opt out. Greedy, greedy, greedy.

It will be interesting to try other browsers, such as iCab that KRS mentioned and repeat Panopticlick.

It is quite amazing how little privacy we have in the Connected World.

View attachment Panopticlick Results.pdf
 
Joined
Dec 5, 2008
Messages
591
Reaction score
15
Points
18
Location
Detroit
Your Mac's Specs
2007 Mac Book Pro 2.2 Ghz 4 GB RAM SSD OSX 10.11 & 2006 MBP Stuck At 10.6.8
This entry isn't related to a browser privacy, rather to tracking and privacy- so I'm writing it separately. I think you all might find it interesting:

My bride of over 30 happy years is turning 65 next month, thus newly eligible for Medicare (senior health insurance) in the United States, where we live. Her iPad has been receiving pop ups and e-mails about Medicare plans from private vendors. No surprise there. She goes on Facebook & shops and I'm sure they all sell her stuff.

But...

Her phone has been getting text messages & voicemails for Medicare supplement & advantage plans. (These are private vendors, not the government.)
They are surprisingly personalized: "Hello Grace-Marie, here are your supplement plan links..." or "Grace- Marie, you're soon eligible for fill it in Medicare Advantage plan".

These messages are quite a surprise- especially the personalization, complete with her name. They also apparently know her birthdate.
My wife doesn't even use her full, real name on any documents- not even Social Security or Secretary of State. The Marie half of her first name never appears anywhere. She's never been in the military, or worked for the government, so that's out. (Social Security & the IRS know her birthdate by law, but not her real first name. And I am certain they are not selling her data.)

Why Am I So Surprised?
1) My wife has an AT&T "Go Phone". It has no contract. The only paperwork was to pay for it & get a telephone number (in my name, not hers). The was several years ago.
2) The only person or entity having this phone number is me. She absolutely, positively guards this phone number like a dog guarding a steak. (She uses our home phone instead, and uses it very rarely. The home phone service is in no way linked to the cell phone. It's Ooma in my name and on my company credit card.
3) Her name appears nowhere on any AT&T paperwork. She just, plain does not exist to AT&T. (Nor to any other cell carrier)
4) Anything related to the phone is in my name, but nothing else. No address, no personal data- nothing.
5) The payments are with my company credit card- again no name.

6) Her phone number is not even in my computer or phone's Contacts list. It's just on a piece of paper in my wallet.
7) My wife has never even set up a Google account for the phone or linked the phone to anything, so Big Daddy Spy is out.

8) She has never, ever turned on Location nor WiFi in the history of having a cell phone. Actually, the only app on the whole phone that she has opened is the one you open to make a phone call. She's not opened Messaging, but sees the messages on her home screen automatically. (Android 5.?)

9) She has never texted anyone, nor has she opened a text message. (Or deleted them.)

10) She has never even taken the phone out of the house when it was on, or turned it on while out of the house.
11) No one has her number except me. No One! (At her request) She only has a "car phone" at my insistence.
12) She's never used the phone to check voicemail. I use the home phone dial in for her so I can press "7" a billion times to delete bunches-o- messages.

13) The entire history of the time that my wife has had this phone she has made exactly 5 phone calls. All were to my cell phone. She's received 3- each from my cell phone.
She's never cleared History, so that one was easy for me to figure out. It's also on AT&T web site when I add money to her phone. (One has to add money every 3 moths even if the phone wasn't used. She's got a huge pile of minutes stored up.)

I thought that perhaps the call to my cell phone were the weak link, but it would only show the caller and callee are the same person.

14) My wife has no contacts in her address book on the phone & no contacts in her address book on the computer nor iPad.

All she knows how to do, or cares to know, is to turn it on, enter the unlock the PIN, get to the Dial Pad & dial a number (or answer a call).

I would love to figure out how these vendors found not only this quite guarded phone number, but my wife's name and age. It will be interesting to learn (and unsettling, I'm sure).
 
Last edited:
Joined
Jan 1, 2009
Messages
8,019
Reaction score
138
Points
63
Location
Winchester, VA
Your Mac's Specs
MBP 15" Mid 2015, iPhone 11 Pro, an iMac, plus ATVs, AWatch, MacMini
You have her in your contacts list? Then that is the vector for them to find it. And if you have her birthday in the contact list...

There are a number of ways for your contact list to get into the internet. Facebook, for example, accesses your contacts list and mines the data so that they can link you to your "friends."

So it's not what SHE has done, but what YOU have done, or your children (if any) or friends (if any) or acquaintances (if any) have done. Once it's out, the rest is easy.
 
Joined
Jan 1, 2009
Messages
8,019
Reaction score
138
Points
63
Location
Winchester, VA
Your Mac's Specs
MBP 15" Mid 2015, iPhone 11 Pro, an iMac, plus ATVs, AWatch, MacMini
Ian, it has to be somewhere. Somewhere in the internet her name is associated with that number. Some friend she trusted with the number, some place he trusted to have that number, maybe the AT&T account, bank, anywhere. They don't make this stuff up out of thin air. He says he's texted her, that could be the link. Could be their network service, or whatever the phone is linked to. Assuming she has ever travelled out of the home with the phone, it could be that she connected to a non-AT&T tower and the phone was listed. And even if she hasn't, if the nearest tower has ever had an issue and the phone connected through a different tower, that could be it. Or if her phone ever connected to the WiFi in the house. The situation described by Paul is simply impossible. There was, or is, some link between her name and that number, otherwise the texts are not possible. Something he and/or she has long forgotten that they did, but the internet never forgets. And the phone OS is Android, so it's reporting to the mothership everything ever done on that phone. Put together that he has texted and called her, Google knows that (through Android), and Google knows he is married to her (public record). And if he has an Android phone, too, Google knows who is in his contacts, including maybe her. Not much to deduce that this phone is for her, and even if it's for him, no harm in selling the information to health care providers as if it were hers. They send a text using the name for her they have on record, kind of like getting junk mail (which I did when I got to that point myself, way back when). Birth records are public, so every person getting into the age window for Medicare gets contacted. Bingo...she gets email that looks like it's to her, when it's a fishing expedition based on the logic Google had.

It doesn't take much to build a profile.
 

IWT


Joined
Jan 23, 2009
Messages
6,544
Reaction score
232
Points
63
Location
Born Scotland. Worked all over UK. Live in Wales
Your Mac's Specs
iMac 5K Retina 27", August 2019, 3.6GHz Intel Core i9, Memory 32GB, 2TB SSD, macOS Mojave 10.14.6
Totally agree, Jake. Frankly, it comes as no surprise to me. My guess (and remember I'm not acquainted with US medical customs), is that Medicare, or similar, have access to DOB and medical records via Family Doctors or hospitals.

Ian
 
Joined
Jan 1, 2009
Messages
8,019
Reaction score
138
Points
63
Location
Winchester, VA
Your Mac's Specs
MBP 15" Mid 2015, iPhone 11 Pro, an iMac, plus ATVs, AWatch, MacMini
Ian, what the topic is about is Medicare supplemental insurance, which is provided by private insurer's to cover what Medicare doesn't. So the texts are not from the Government or Medicare, but insurance companies. They buy the information from Google (and other sources) to sell to folks as they near the age to receive Medicare, and every November/December when the options open again. The government has all that data, but doesn't sell it. Google assembles it, applies analytics and forensics to it and sells it to the insurance companies. It is hard to be "hidden" today.
 
Joined
Dec 5, 2008
Messages
591
Reaction score
15
Points
18
Location
Detroit
Your Mac's Specs
2007 Mac Book Pro 2.2 Ghz 4 GB RAM SSD OSX 10.11 & 2006 MBP Stuck At 10.6.8
You have her in your contacts list? Nope. She's no where on my computer, nor phone. She isn't on her phone or computer either.
I did an Easy Find search for the phone number on my computer. It is on the receipts for when I add money to the phone. However it is in an encrypted sparsebundle. Again, her name isn't there.

He says he's texted her, that could be the link. I must have written poorly. I never have texted Grace. Only advertisers have. She doesn't know how to text, so it didn't go outbound.

So it's not what SHE has done, but what YOU have done, Holy Smokes Jake! Don't tell her that or I'm a dead man!


The only entities that I can think of who know her real first name, other than family, are the church in Detroit where she was baptized in 1954, the city department of health record of birth and probably the Catholic grade & high schools she attended in the 60's. So, somewhere in the Archdiocese exists Grace's full name. I am sure it is stored digitally in their records. Do they sell that stuff? Doubt it. And, they sure don't know her phone number. She's not even registered at the parish.

My only other guess it that about 3 years ago Grace had emergency surgery. I used her partial name on all of the paper work. (The Marie did not appear). But, perhaps she was in that hospital system as a child, thus the real name. It would be easy to link with her birthdate. It's a remote possibility, but who knows?

Jake & Ian have me thinking really hard about this.
You guys are right- The link between phone & real name has to be somewhere. It might be a long trip to make the connection, but if there is money to be made figuring it out...
That phone number must be out there in a place that it can be linked to Grace's real name. A relative on Facebook is the only place one would find her full name being used in writing.

Since no one has the cell number, but our home phone (VOIP with Ooma) is known by her relatives and her relatives use her full name- there must be a way that it all got linked.

We've never put the phone on line, not even for an update. It does not even have the home network name. But mine has been on line often- and on the same home network as Ooma. Also, both of our phones are AT&T. And our computers and her iPad are on that same network. It will pester me until I figure out the path that linked them all together.

My best guess at this point is that AT&T or Android (Google) can connect the phone to the internet without our knowledge to get an update or something. They must be able to velcro the pieces together to link the name Grace's relatives use and the phone number. How the number suddenly became hers & not mine is still a mystery.
 
Joined
Jan 1, 2009
Messages
8,019
Reaction score
138
Points
63
Location
Winchester, VA
Your Mac's Specs
MBP 15" Mid 2015, iPhone 11 Pro, an iMac, plus ATVs, AWatch, MacMini
Was she born? (Yeah, I know, silly question, but it's pertinent, trust me.) If so, the state/country where she was born will have a record of that, with the full name, and most of them are now digitized and online for genealogy research, so getting her full legal name is not that hard to do. Did she go to school? College? All of that history is available through public records. Add in your marriage registration, her driver's license, voter registration, real estate transactions (buy/sell/pay real estate or personal property taxes), credit applications (Mortgage, car, credit card) etc., and it's easy to put you and her together. Now add in an Android phone reporting everything done on it and Google has all it needs to make a list with her full name, phone number, address, family, etc., for sale to whomever has the money to buy it. Along comes a health care company who also knows she is a patient with Dr. X, is of an age to get close to Medicare, may be on AARPs radar as well, and you have the text to that number, hoping it's her. If it isn't, they have no real loss. If it is, they *might* win if she buys insurance from them. The wins are just frequent enough to pay for all of the misses, so it's a good business move. Freaky to you (and her) but just business.
 
Joined
Oct 16, 2010
Messages
13,209
Reaction score
204
Points
63
Location
Brentwood Bay, BC, Canada
Freaky to you (and her) but just business.
And not to forget the good old fashioned Phonebook that is still published in many areas, as well as City Directories that many cities publish. Lots of valuable information both Publications.

And of course the king of personal info... Facebook and their affiliates!!!


- Patrick
======
 
Joined
Dec 5, 2008
Messages
591
Reaction score
15
Points
18
Location
Detroit
Your Mac's Specs
2007 Mac Book Pro 2.2 Ghz 4 GB RAM SSD OSX 10.11 & 2006 MBP Stuck At 10.6.8
Jake, you explained it all very well. The path to information makes very good sense.

I was stuck on the fact that the use of Grace's whole first name isn't on Social Security, IRS Taxes, Marriage License, Driver's License, etc. But it is on Catholic church & school records. That church can find anyone. My old Catholic grade school found my current address, so why can't hers know stuff too? (Although her parish is long gone, the archdiocese surely has the records.)

Pinning a 1950's female with "Marie" in her name to a Catholic church is easy, so that gives someone a direction in which to search for records. In Catholic grade schools, it was easy to figure out which girls belonged to the Catholic church. In my multi-ethnic Catholic school, we had Catholic, Jewish, Islamic students and kids from various Christian denominations- as well as non Abrahamic faith children. The Catholic girls all had Marie or Mary in their names. I think it was a law or something. (Oh yeah- And they all had at least 6 siblings...)

Grace's city of birth is Highland Park which is a separate city inside Detroit. Highland Park certainly has her whole name from birth records. I've heard of data leak notices from that city more than once. So her stuff is certainly out there somewhere, as well as at Highland Park & Wayne County data banks.

You used one key word: "Genealogy".
I asked Grace if she ever searched around on an ancestry site using her real first name. She said sure. (Makes sense) She also searches by both her married last name and her original last name. And she's searched with my name & her short name. I'm sure the ancestry sites, as well as Google are more than happy to sell what they find out.

Studying what you said above, Jake, here's my take on one path to invasion:
An ancestry site can link her real, full name & her short name to our IP address. They can also link her original & married last names to our IP address. They can link my name to the same IP address. My phone can link my name to the same IP address. Since AT&T knows my phone & hers (in my name) are at the same address, they have a match. If I picture all the above laid out on pieces of paper, it is easy to draw a line connecting the papers.

You also mentioned AARP. She is a member, but with her short first name. They have her address & our house phone number, but don't have her cell phone number. They know she is over 50 (to join up), but haven't been specifically given her birthdate by us.
Any hospital or doctor she has dealt with surely has her short name, age and address- another link in the chain-of-privacy. In the US, health care providers are required to comply with HIPPA privacy laws, so supposedly none of that is shared. Supposedly. (Check out openpaymentsdata.cms.gov Doctors are more than willing to accept money for other than healthcare reasons.)

So, when we add up what you said, along with what is in the paragraphs above, and consider how things can be narrowed down (as exemplified by Panopticlick) the snooping business is easier than I thought it was. My phone gets a lot of random texts for odd stuff, so your mention of that they might win sounds right. Maybe a dozen other people got the same "Grace-Marie we can sell you Medicare insurance..." text. It probably doesn't cost them anything to have the computer send the texts to many people.

Here, however, is the icing on the link-it-all-together cake:
Today MY phone number got a text message saying "Grace-Marie it's time to pick a Medicare Supplement Plan. Call us to ..." The names "Grace" and "Marie" appear no where on my phone or computer. These entities are mighty good a linking stuff together. Personally, I'd use those talents to get a real job.

So, in retrospect we would have been way better off sticking with two-tin-cans-and-a-string phones. They worked great when we were kids.
On the bright side, Grace doesn't have to be terribly concerned wth keeping her phone number private 'cause is sure ain't working!
 
Joined
Dec 5, 2008
Messages
591
Reaction score
15
Points
18
Location
Detroit
Your Mac's Specs
2007 Mac Book Pro 2.2 Ghz 4 GB RAM SSD OSX 10.11 & 2006 MBP Stuck At 10.6.8
Sorry Patrick, I didn't see your message when I was typing my way too long reply above.

I didn't even think of phone books. We get many different ones delivered here. I can't check them today because they go straightaway into the recycle tub. I'll surely check the next one.

Grace does go on Facebook, but without her long name or birthdate & certainly not the precious phone number. She said she doesn't type anything to people there, just looks around. But the Facebook people are famously good at digging deep.
I've never been to Facebook or any social media site on any computer or phone I've owned, so I should be in the clear. (Yeah, sure I am!)

Sites are really snoop-crazy as evidenced by checking Safari - Preferences - Privacy - Manage Website Data.
I just tested by opening Safari in a private window and typing only Amazon.com & pressing <enter>. After Amazon loaded I went to Manage Website Data. The list was huge! And this was before I searched for anything. So much for Private Window. I can only imagine what Google and Facebook do when on one of their sites. (I tried the same test by going only to this site. Even after logging in the list was empty. Kudos to Mac-Forums for keeping our data private!)

I forgot about obituaries and county death records.
I'm sure Grace's 'real' name Grace-Marie appeared on the obituary notices & death records for her parents and on obituaries for her grand parents. Those records are both here in the US and in Canada, as well as probably Scotland. Wow! Her name sure gets around!
 
Joined
Jan 1, 2009
Messages
8,019
Reaction score
138
Points
63
Location
Winchester, VA
Your Mac's Specs
MBP 15" Mid 2015, iPhone 11 Pro, an iMac, plus ATVs, AWatch, MacMini
Paul, while HIPPA is an attempt at privacy, if the doctor is in a practice that is associated with a medical vendor who provides coverage for Medicare patients, the data gets shared. Not specifically for marketing, but once the vendor knows about the patient, at least name, age, contact information, etc., then it's easy for the marketing dept to use that data to "offer opportunities" for her. It's clear from the text you got today that they don't know which phone number is yours and which is hers, so they are going to both.

Bottom line, it is almost impossible to hide from the big data gathering. Never have a phone, mobile or otherwise. Never have a computer online. Never have cable, internet, electricity, water, sewer from anyone. No credit cards, no loans. Never use your SSN. Never vote. Don't own any property. Never fly. Never buy anything requiring an ID card. No driver's license. No bank account. No job.

Basically, be homeless.

Not much of a life, frankly.
 

krs


Joined
Sep 16, 2008
Messages
1,689
Reaction score
35
Points
48
Reminds me of some fun I had a few years ago.
I was in a forum frequented by seniors where the topic of "privacy" came up.
One lady there was absolutely sure that she was anonymous since she only has some initials as her handle.
For fun, just because she made such an issue about her privacy, I decided to see what I could find out about her...and told her I would do that.

So I just went through her posts on that forum, picked up a few bits and pieces here and there, did a bit of googling, eliminated people who she couldn't possibly be and eventually ended up with a photograph were she (I think) was shown with a local politician at a fund raising event.
Took me maybe two hours.

I either posted the picture or sent her a pm with it - can't remember, but I got back a "Oh My God!"
So I assume I hit pay dirt.
I stopped at that point because I was actually feeling uncomfortable starting to dig around in her private life.
 
Joined
Jan 1, 2014
Messages
428
Reaction score
14
Points
18
Your Mac's Specs
MacBookPro 13 v11.1, i5 2.4 GHz, 256 GBs SSD, 8 GBs DDRs
Was she born? (Yeah, I know, silly question, but it's pertinent, trust me.) If so, the state/country where she was born will have a record of that, with the full name, and most of them are now digitized and online for genealogy research, so getting her full legal name is not that hard to do. Did she go to school? College? All of that history is available through public records. Add in your marriage registration, her driver's license, voter registration*, real estate transactions (buy/sell/pay real estate or personal property taxes), credit applications (Mortgage, car, credit card) etc., and it's easy to put you and her together. Now add in an Android phone reporting everything done on it and Google has all it needs to make a list with her full name, phone number, address, family, etc., for sale to whomever has the money to buy it. Along comes a health care company who also knows she is a patient with Dr. X, is of an age to get close to Medicare, may be on AARPs radar as well, and you have the text to that number, hoping it's her. If it isn't, they have no real loss. If it is, they *might* win if she buys insurance from them. The wins are just frequent enough to pay for all of the misses, so it's a good business move. Freaky to you (and her) but just business.
*-Emphasis mine...

If your intent had been to scare me, you've succeeded Jake... :eek:

The largest verified data source is coming from the federal, state and local governments. Just like the voter registration, most of government records are public. Here's a link to Arkansas voting records:

Registered Voters in the State of Arkansas, U.S.A.

You can search other states as well, all you need a family/last name and you'll have:

  1. Full name
  2. Date of Birth
  3. Address
  4. Phone #, if provided at registration
  5. Etc...

The site also allows downloading the data base free of charge. You can request removing your name from the data base, but that's just like closing the barn door, after the horses left. The data brokers, who also downloaded the data base, will not remove it from their record.

When you're trying to protect your privacy, just keep in mind that the your government had already sold you out...
 
Joined
Jan 1, 2009
Messages
8,019
Reaction score
138
Points
63
Location
Winchester, VA
Your Mac's Specs
MBP 15" Mid 2015, iPhone 11 Pro, an iMac, plus ATVs, AWatch, MacMini
No reason to be scared, just cautious. I don't worry to much about what is in public domain because my entire life history was stolen in the breach of the government (Office of Personnel Management) files where applications for security clearances were held. Those applications contain my entire life history--addresses, relatives, references, jobs, everything. I immediately changed all my passwords and signed up for Lifelock to lock down my accounts and notify me of any activity. The Gov't also offered ID protection for a while, so I have that running, too. What any voter registration file has is trivial compared to what was stolen at OPM.
 

chscag

Well-known member
Staff member
Admin
Joined
Jan 23, 2008
Messages
60,424
Reaction score
752
Points
113
Location
Keller, Texas
Your Mac's Specs
2017 27" iMac, 10.5" iPad Pro, iPhone 7+, iPhone 8, iPhone 11, Numerous iPods, Catalina
Off Topic a bit....

Actually Jake, you and I don't know what information, if any was stolen about us. The breach you refer to was that some government idiot left his computer in his car that had an OPM personnel data base on it. The computer was stolen from his car after the vehicle had been broken into. Whether the thief or thieves used the data that was on the computer or they just took the computer for its value is unknown.

However, I agree with you 100% about not taking chances about our personal information.
 
Top