Michael Horowitz
Home => You will be spied on
[Formatted for Printing] From the personal web site of  Michael Horowitz

You will be spied on

August 26, 2020 | Updated: September 3, 4, 2020 and August 31, 2020

Once upon a time I knew someone who used Spectrum Mobile as their cellphone provider. If you live in a Spectrum area, you may have seen the ads for their cellphone service, they are pervasive. Spectrum Mobile is a sub-contractor of Verizon Wireless (not the official terminology) and like all such companies charge less than the company they sub-contract from.

This person wanted to check their bandwidth usage. Spectrum Mobile customers that use little bandwidth pay only $14/month for cell service, but this escalates quickly for customers that use a lot of 4G/LTE data.

The Spectrum Mobile Android app would not login, even when provided the correct userid/password. It would do nothing for about 30 or 40 seconds before complaining that "Something went wrong".

The Spectrum Mobile website (mobile.spectrum.com/login) did not even bother with an error message; after entering the userid/password it just hung while "Loading".

Spectrum Mobile website logon
Logging in to the Spectrum Mobile website

The customer first noticed the problem, gave up, waited a few days and then tried again. The problem continued, so they called tech support. The call resulted in rounding up the usual suspects.

On the mobile side, the usual suspects means un-installing and re-installing the app. This did not fix the problem.

On the website, the usual suspect is deleting cache and cookies. This did not fix the problem either. In fact, the problem persisted across three different web browsers on the same computer.

Tech support confirmed it was not a system wide Spectrum problem. No one else was having this problem.

The tech support person forced a new password. Didn't help. They also disabled the account and re-enabled it. Didn't help. Eventually, they had to escalate the problem. I am writing this two days after a techie was supposed to call back, but, no one called. Fortunately, I figured out the problem.

I had configured the router for the Spectrum Mobile customer and was thus well aware that it blocks a few dozen advertising and tracking domains. My guess was that no one ever tested either Spectrum system with the tracking/spying being blocked.

There are two ways around the restrictions in a router and each worked to eliminate the problem. On a computer, the customer connected to a VPN. On the Android phone, they connected to 4G/LTE rather than their home Wi-Fi.

If I really cared which domain was the problem, it would be a simple matter to configure a web browser to use NextDNS.io, insure that DNS logging was enabled and trace the domains the browser references when logging in to a Spectrum Mobile account. On the mobile side, NextDNS can be activated system wide using either the Intra app on older versions of Android, or the Private DNS feature on Android 9 and 10.

Increased security means increased hassle. That will always be the trade-off.

- - - - - - - - - - - - - - -

Update: Aug. 28, 2020. Mozilla just released a greatly revised version of Firefox for Android that seems to have upped its tracker blocking. When looking at the Spectrum Mobile login page (seen above) Firefox reports that the page includes facebook.com and connect.facebook.net as social media trackers. Not news. It also reports that the page has cross site tracking cookies from google.com and bat.bing.com. This too, is nothing out of the ordinary. But the big clump of trackers that Firefox on Android blocked is shown below.

Spectrum Mobile website viewed with Firefox on Android
Spectrum Mobile website viewed with Firefox on Android

Note the warning from Firefox at the top of the list: "May affect some website functionality" No kidding.

- - - - - - - - - - - - - - -

Update: Aug. 31, 2020. Another instance of the same thing.

I pay for Real VNC. When I had a problem in July 2020, I could not get to their tech support website. The site appears to be help.realvnc.com, but it really is realvnc.zendesk.com and without tracking me/us, the website will not function. In both Chrome and Brave the error I got was "realvnc.zendesk.com refused to connect". In Firefox the error was "To protect your security, realvnc.zendesk.com will not allow Firefox to display the page if another site has embedded it. To see this page, you need to open it in a new window." The only way I got the site to load was by using Microsoft Edge with no ad blocking and no tracker blocking.

Since I pay for the service, I complained. The response from Real VNC was "The cookies used by the Zendesk service used by RealVNC are required for analytics and performance and are anonymised. They can be checked using a cookie checker such as www.cookieserve.com. If you do not want to allow these cookies as an exception in your browser, we recommend that you use an inPrivate Browsing / Incognito tab."

Of course, that is not the full story. InPrivate/Incognito browsing affects removing cookies when the browser is closed. In my case, I need to carve out an exception beforehand or I can not even see the website. And, when someone has a problem with a product, adding a problem with tech support itself is like adding insult to injury.

- - - - - - - - - - - - - - -

Update: September 3, 2020. Still, another instance of the same thing.

The US Open tennis tournament is currently being played and live video is available at the official website of the tournament. But, with all my defenses up, all I saw was a grey square (below), no video, no error message, nothing.

US Open - no video with ads and trackers blocked
US Open - no video with ads and trackers blocked

When I lowered my shields, things looked more normal and I was asked to choose my Television provider.

US Open - video with ads and trackers allowed
US Open - video with ads and trackers allowed

- - - - - - - - - - - - - - -

Update: September 4, 2020.

With all my defenses up, I could not logon to walmart.com today. After entering my userid/password, there was a Captcha. Solving the puzzle, produced another one. Solving that puzzle produced yet another one. And so on ... and so on...

With my defenses down, there was no Captcha and I logged on, as usual, with just a userid/password.

 

 

 @defensivecomput TOP Home => You will be spied on   
 michael--at--michaelhorowitz.com   Last Updated: November 1, 2021 4PM UTC  
  License Plate
Copyright 2001-2024
Copyright 2001-2024  
Printed at:   March 28, 2024 7:35pm   ET
Viewed 19,066 times since August 26, 2020 (15/day over 1,310 days)