Adam D
asked on
Finding out how I am being digitally tracked
All systems show clean by Malwarebytes, Vipre, online testers, etc.
Mail server (Windows Server 2008 R2) same
Phone - clean
Minimal online presence, no social media use, no FB, no Google/Gmail account (not on my phone either), no Verizon syncing on my phone, no syncing at all except to my personally run server for my mail.
Samsung S8 Rooted w/ DroidWall, 95% of things locked down, no Play Store, minimal apps.
Problem: Search a topic, next day (or a few days depending) scam/fake email shows up about that topic.
I want to know what tools, techniques, methods, forensic investigations I can do to track down the leak.
Thanks. :)
Mail server (Windows Server 2008 R2) same
Phone - clean
Minimal online presence, no social media use, no FB, no Google/Gmail account (not on my phone either), no Verizon syncing on my phone, no syncing at all except to my personally run server for my mail.
Samsung S8 Rooted w/ DroidWall, 95% of things locked down, no Play Store, minimal apps.
Problem: Search a topic, next day (or a few days depending) scam/fake email shows up about that topic.
I want to know what tools, techniques, methods, forensic investigations I can do to track down the leak.
Thanks. :)
Dan
I would setup two step authentication on your Google account and change your password.
ASKER
I would recommend you re-read the question.
What browser do you use? Do you have addons installed? Which ones?
ASKER
Chrome/Firefox - no add ons
Phone - Chrome - no add ons
Thanks.
Phone - Chrome - no add ons
Thanks.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
EXPLORE YOUR ACTIVITY: https://myactivity.google.com
YOUR VOICE ACTIVITY: https://support.google.com/websearch/answer/6030020
Delete your Google Advertising ID
https://www.ghacks.net/2015/04/20/how-to-reset-your-advertising-id-on-android/
https://www.androidcentral.com/how-view-your-location-history-google-maps
ALTERNATIVE SEARCH ENGINES (Most use Google results without tracking/cookies)
https://www.startpage.com
https://duckduckgo.com/
https://www.qwant.com
https://searx.me
Use Firefox browsers with recommended security & privacy addons
YOUR VOICE ACTIVITY: https://support.google.com/websearch/answer/6030020
Delete your Google Advertising ID
https://www.ghacks.net/2015/04/20/how-to-reset-your-advertising-id-on-android/
https://www.androidcentral.com/how-view-your-location-history-google-maps
ALTERNATIVE SEARCH ENGINES (Most use Google results without tracking/cookies)
https://www.startpage.com
https://duckduckgo.com/
https://www.qwant.com
https://searx.me
Use Firefox browsers with recommended security & privacy addons
Switch to SRWare Iron or Iridium. They follow GDPR and remove all the google tracking.
Firefox also has connections to google if you use the "safebrowsing" stuff turn that off or use Waterfox.
Firefox also has connections to google if you use the "safebrowsing" stuff turn that off or use Waterfox.
ASKER
Thank you gr8gonzo for the detailed information. Not likely to be an observer-expectancy effect, it seems to be more than that. I have done the test of searching for something obscure and it was inconclusive. Rootkits - doubtful, have run various tests for them in the recent pass with nothing found.
I am aware of sharing my information with a company will usually result in spam and they will usually sell of my data to another company, etc. My email addressES are out there and some get more spam than others. I do not use a spam filter at all, I want to see what is coming in (no, I don't click on anything). I get all the usual stuff, but it is the targeted emails that happen within a short amount of time of a search that has me wondering where they got that information.
I want to make sure my systems/servers/network including ISP are not the leaks.
Eirman - as stated there is no Google Activity - I do not have a Google account nor voice activity - I do not use voice to text or search.
Google Advertising ID - maybe, but that would only be associated with my phone. Again, no Google account, no access to PlayStore.
Search Engines - maybe, since I usually use Google for searching, but again, no ID, no login, no account.
Serialband - thanks for the information, I will have to check into those, but no I don't use any of the "safe browsing" options or pre-load options as it does send my searching/browsing to Google to check it.
I am aware of sharing my information with a company will usually result in spam and they will usually sell of my data to another company, etc. My email addressES are out there and some get more spam than others. I do not use a spam filter at all, I want to see what is coming in (no, I don't click on anything). I get all the usual stuff, but it is the targeted emails that happen within a short amount of time of a search that has me wondering where they got that information.
I want to make sure my systems/servers/network including ISP are not the leaks.
Eirman - as stated there is no Google Activity - I do not have a Google account nor voice activity - I do not use voice to text or search.
Google Advertising ID - maybe, but that would only be associated with my phone. Again, no Google account, no access to PlayStore.
Search Engines - maybe, since I usually use Google for searching, but again, no ID, no login, no account.
Serialband - thanks for the information, I will have to check into those, but no I don't use any of the "safe browsing" options or pre-load options as it does send my searching/browsing to Google to check it.
"Safebrowsing" is turned on by default in Firefox. You have to go into about:config to turn it completely off.
Google Advertising ID - maybe, but that would only be associated with my phone.Not necessarily. Unfortunately, data collection is so rampant that it's highly probable that an email address was somehow leaked at one point, and it only takes one time for that data to be stored forever in a big data system.
Your own ISP is likely not the leak, nor internal network. These days, Google forces HTTPS which means that your search data is encrypted BEFORE it leaves your computer, so it's hidden all the way until it reaches Google's servers.
Now, there could be a man-in-the-middle (MITM) SSL interception happening, but it's very unlikely. The attacker would need to be able to install their own CA certificate into your trusted CA roots. That's not a common practice unless you're intentionally doing it yourself or if you're at a corporate office. If there is SSL interception occurring without that root CA certificate step, then you would see SSL warnings anytime you went to a new HTTPS site (because the attacker would be generating fake certificates on the fly and they wouldn't be trusted by your system). So it's VERY unlikely but possible. Plus, if an ISP were to do that, it'd be the absolute end of their business if word got out about it.
Typically the only thing that ISPs get to see is your DNS traffic (assuming you haven't switch to using a different DNS provider). So an ISP might know that you went to www.somesite.com simply because your computer asked them what the IP address was for it, but they would have no idea what page you went to, what data was sent or received, or anything else about it. And again, any sort of spam-related "monitoring" that any ISP did would be catastrophic if it became verified news.
If this is a result of big data collection by the search engine or an advertising network, then using safe/incognito browsing on any browser would avoid that since you wouldn't be using any existing cookies, so there's no way for a remote site to distinguish who you are (there is no guaranteed way for a remote site to identify you without cookies).
If you use safe / private / incognito mode and you run another test and still see targeted spam come to you, then it's almost certainly something on your computer.
Google is tracking everything. You can't stop that if you use google for searching. You can't stop that if you use Chrome or Chrome Canary. You can't stop that if you leave "safe browsing" enabled in Firefox. Google has been evil since 2003, on the day they IPO'd. They were only self deluding themselves until recently and finally removed their "Don't be evil" motto.
Private/Incognito mode does not protect you from that tracking. Private/Incognito mode just prevents the browser from saving that tracking data onto your computer disk drive. It does not affect what the remote server is collecting about you other than preventing them from reaching cookies or data you would have saved if you didn't use private/incognito. You'd still have to restart the browser or browser window upon each new site that you wish to visit if you want to prevent them from accessing previously visited sites from within the same tab, since that information remains in RAM. Google Chrome does a good job in preventing other companies from tracking you, but Google still tracks you.
Switch away from Google and 90% of that tracking disappears. Google is the most invasive tracker that somehow has a lot of people not noticing. They track data far more than Facebook. Facebook just got caught in the news. Google is still "hidden" from public view since they're still much more careful and have had better PR. They also haven't been "caught" in a data scandal.
Private/Incognito mode does not protect you from that tracking. Private/Incognito mode just prevents the browser from saving that tracking data onto your computer disk drive. It does not affect what the remote server is collecting about you other than preventing them from reaching cookies or data you would have saved if you didn't use private/incognito. You'd still have to restart the browser or browser window upon each new site that you wish to visit if you want to prevent them from accessing previously visited sites from within the same tab, since that information remains in RAM. Google Chrome does a good job in preventing other companies from tracking you, but Google still tracks you.
Switch away from Google and 90% of that tracking disappears. Google is the most invasive tracker that somehow has a lot of people not noticing. They track data far more than Facebook. Facebook just got caught in the news. Google is still "hidden" from public view since they're still much more careful and have had better PR. They also haven't been "caught" in a data scandal.
Private/Incognito mode does not protect you from that tracking.Ehh... sort of. Entering incognito mode is sort of like having a fresh start with cookies, for that session. So you'll end up with new cookies, but there's no data tied to those new cookies, so the tracking is pretty much useless. It's definitely not practical to just use incognito mode for the long-term, but it's useful for testing to isolate where things are happening.
Google has been evil since 2003"Evil" ? I'd say that's skewing the definition of evil a bit. Genocide? Evil. Terrorism? Evil. Collecting data about user behavior to grow their own business? Not quite on the same playing field... :)
Also, earlier, the OP said:
I do not use a spam filter at all, I want to see what is coming inThere are several spam filtering services that will "quarantine" spam messages and send you a nice, concise summary each day so you can review and choose to let something through or whitelist an address or things like that. Makes it faster to skim quickly through things that are 99% spam while letting the important stuff through. Personally, I use MailRoute.
. So you'll end up with new cookies, but there's no data tied to those new cookies, so the tracking is pretty much useless
No. Cookies aren't the only thing they use to track you. They have multiple ways and cookies just make it easier for them. They do know when you are in incognito mode and what IP address you come from. Since google controls chrome, they have multiple ways to track you without the need for cookies. If you leave Chrome running while you go from website to website, that session stores the current set of cookies in RAM. You can still be tracked by the server. They'll just sort the new cookies into a linked database for all the other pieces of information they have on you.
Collecting data about user behavior...I'm using the term as google founders were using it, when they created their company motto and placed it in their corporate charter. I find someone invading my privacy to be evil. I'm against the "1984" pervasive monitoring that already exists in China and I don't want it here in the western world. Europe considers it evil enough to pass GDPR.
If you're using a phone to browse, Verizon, AT&T, et al... sell your data to 3rd parties.
If you're viewing your spam or email without blocking images, you're getting tracked on their ad/malware server. They sometimes put single pixel tracking images to track whether you've viewed the data. That's also sufficient to get your IP address and geolocate you. I have had email images turned off by default since at least 2003. I individually enable images when I feel the need to view them.
https://www.cnet.com/news/google-has-secret-webpages-that-feed-your-personal-data-to-advertisers-report-says/ Here's google being evil and trying to break the law.
I suppose we have different standards for what we call evil. I don't dispute that Google tries to collect data and use it for advertising purposes. I don't think Google even disputes that. I just don't call it evil.
As far as cookies go, cookies ARE the only thing. IP addresses are not only dynamic but can represent many different people behind NAT. There's no value in data if it is unreliable.
You can also turn on Fiddler and watch the network activity between Chrome and any server it talks to, and you can see what data is being sent. This would include any data sent to try and correlate separate cookies together. However, no such thing occurs.
As far as cookies go, cookies ARE the only thing. IP addresses are not only dynamic but can represent many different people behind NAT. There's no value in data if it is unreliable.
You can also turn on Fiddler and watch the network activity between Chrome and any server it talks to, and you can see what data is being sent. This would include any data sent to try and correlate separate cookies together. However, no such thing occurs.
You don't go by just one bit of data. IP addresses correlate to locations and that can be used along with other data to correlate your activity. There's also browser fingerprinting. There's also sites that you sign in to. There's also patterns of other sites that you visit.
Here's google trying to remove privacy protections that people actually want.
https://www.bloomberg.com/news/articles/2019-09-04/google-industry-try-to-water-down-first-u-s-data-privacy-law
Here's google trying to remove privacy protections that people actually want.
https://www.bloomberg.com/news/articles/2019-09-04/google-industry-try-to-water-down-first-u-s-data-privacy-law
(shaking head) none of the data you mentioned is reliable data (aside from sign-in data, which the OP has already excluded from his own behavior) - it's not data that anyone can correlate into valuable identification.
Look, if you want to believe that Google is somehow persisting your identity into incognito mode without sending the same cookies (at which point you have to ask yourself why they would use cookies at all), then you can believe that. Unless you can provide some sort of proof of how that works (keeping in mind what the OP says he does not do or have, like a FB or Google account), then this is just getting into an off-topic conspiracy theory element. Let's stick to the question at hand.
With that in mind, he can use incognito mode to test out whether or not a "fresh" (no starting/existing cookies) session search triggers the spam. If it does, then the problem is somewhere on his PC.
Look, if you want to believe that Google is somehow persisting your identity into incognito mode without sending the same cookies (at which point you have to ask yourself why they would use cookies at all), then you can believe that. Unless you can provide some sort of proof of how that works (keeping in mind what the OP says he does not do or have, like a FB or Google account), then this is just getting into an off-topic conspiracy theory element. Let's stick to the question at hand.
With that in mind, he can use incognito mode to test out whether or not a "fresh" (no starting/existing cookies) session search triggers the spam. If it does, then the problem is somewhere on his PC.
Let's stick to the question at hand.I am sticking to the question at hand. Just because you don't understand how all data tracking works, doesn't make what I say invalid. He asked to find out how he can be digitally tracked and this is definitely one of the ways.
(shaking head) none of the data you mentioned is reliable data (aside from sign-in data, which the OP has already excluded from his own behavior) - it's not data that anyone can correlate into valuable identification.
One occurrence by itself is not reliable, but if you collect that same data over multiple days from the same behavior, it becomes statistically reliable enough to identify a person. That's what google does. Cookies just makes their job easier. They use those to figure out how the other data correlates, then that knowledge can be used to reliably correlate those users that don't keep cookies any more. They have such a large pool of data collected for nearly 2 decades to be able to track that. These days, IP addresses don't change unless you leave your cable or DSL modem off for a few days, or you switch your modem out. They're leaving the leases much longer.
That's just standard data science that any AI engine can easily parse. This is not any conspiracy. It's what data science has been able to accomplish from years of data gathering.
When Netflix released their anonymized data treasure trove a several years back, researchers were able to reverse the anonymization from that data. This was back in 2007, 12 years ago. It's not a conspiracy. It's fact. It's also not done by a person, but by their algorithms that will automatically generate the data to send you to targeted ads.
https://www.securityfocus.com/news/11497 <- netflix de-anonimized
You don't even need that much data to be trackable/identifiable: https://en.wikipedia.org/wiki/Data_re-identification#Examples_of_de-anonymization
This is why I mentioned in my first comment that you would only remove 90% of the tracking. You can't remove it all. Every person follows a pattern. Every pattern can eventually tracked. The only way to really avoid being tracked is to pipe junk data into all those databases and turn that data into garbage. (Garbage In - Garbage Out) While no person is actively looking at your specific activity, their data collection algorithms can correlate your activity well enough to send you targeted ads.
If he just started using incognito mode the exact same way as before and used the same session for long enough, perhaps it could be de-anonymized. But in this case, we are talking about a short-lived session to test the tracking theories - not something that is long enough to produce any pattern. Incognito mode isn't designed to be a permanent usage mode.
If he does a short test, there should be no way to correlate that test activity to his email address. While you're correct that IP addresses rotate less than they used to, there's a counter-acting factor of a surge in multiple disparate users behind single public IPs, and most people are still using IPv4. Add to that the surge in popularity of private VPNs and we start getting back to the days of faster IP rotation.
Anyway, if he gets spam after a short test, then that would indicate it's not a result of the advertiser network / big data but rather something local.
If he does a short test, there should be no way to correlate that test activity to his email address. While you're correct that IP addresses rotate less than they used to, there's a counter-acting factor of a surge in multiple disparate users behind single public IPs, and most people are still using IPv4. Add to that the surge in popularity of private VPNs and we start getting back to the days of faster IP rotation.
Anyway, if he gets spam after a short test, then that would indicate it's not a result of the advertiser network / big data but rather something local.
Unfortunately, many people use VPNs to bypass region locks, not ta actually make themselves anonymous. That actually reduces the pool of real anonymous users, making them easier to track than you think.
Using a phone, makes you easy to track. Phones are designed to be trackable. Your one off incognito mode only buys you anonymity for that one time. If you go back to the site, with the same device and same browser just a few times, there's enough data to correlate your activity. By configuring your browser and web activity to attempt to make yourself harder to track actually creates a more unique fingerprint than leaving the browser alone.
I've had years of changing browsers and setting browser strings while watching apache logs to know how to basically identify myself manually from the logs. AI can do that more easily. Unless everyone is doing it, you'll still be easier to track than you realize.
Using a phone, makes you easy to track. Phones are designed to be trackable. Your one off incognito mode only buys you anonymity for that one time. If you go back to the site, with the same device and same browser just a few times, there's enough data to correlate your activity. By configuring your browser and web activity to attempt to make yourself harder to track actually creates a more unique fingerprint than leaving the browser alone.
I've had years of changing browsers and setting browser strings while watching apache logs to know how to basically identify myself manually from the logs. AI can do that more easily. Unless everyone is doing it, you'll still be easier to track than you realize.
This is turning into an eye-rolling discussion. All I'm trying to get the OP to do is to run a short test. That's all. I don't really care that an AI can de-anonymize data from patterns that aren't even going to be a part of the test. I don't care that you can identify yourself in log files (good for you?). I'm just trying to help the OP narrow down where the issue is happening.
I'm just pointing out that if he's been visiting the same sites, he's been automatically tracked by AI. He wants to know how he gets his scamware/adware when he supposedly doesn't do anything to get tracked. He's getting tracked more easily than you think.
The only thing incognito/private mode gets you is reduced tracking. It also stops saving the tracking data to your disk. It's still running in RAM, until you completely quit the browser. It does not prevent the sites you visit from attempting to track you.
They can send an ad just from a single visit correlation, because it's advertising that's cheap for them to do. Don't delude yourself to believe that you can be completely anonymous on the internet. They might not know who you are from 1 visit, but they know that you visited from that one IP address, with a specific browser fingerprint and saved that starting visit as their initial tracking datum point.
The only thing incognito/private mode gets you is reduced tracking. It also stops saving the tracking data to your disk. It's still running in RAM, until you completely quit the browser. It does not prevent the sites you visit from attempting to track you.
They can send an ad just from a single visit correlation, because it's advertising that's cheap for them to do. Don't delude yourself to believe that you can be completely anonymous on the internet. They might not know who you are from 1 visit, but they know that you visited from that one IP address, with a specific browser fingerprint and saved that starting visit as their initial tracking datum point.
ASKER
Well, this has been a very interesting conversation to read from both sides of the table. Unfortunately, due to work, I have not been able to read it until just now.
I use a pseudo incognito mode (still in Chrome) by blocking all cookies unless a particular site doesn't work right or is trusted. In which case I only allow the cookie for that particular site and not all the other ad cookies.
For example: experts-exchange.com
Allow: experts-exchange.com
Deny: crazyegg, doubleclick, facebook, nr-data, secure.transfer.redsourcei
That is a lot of BS (in my opinion) that I definitely do NOT need and doesn't affect my ability to use the site.
I have a static public IP address, so that obviously doesn't help. My machines are behind NAT, but all traffic is still coming from that public IP.
Due to my location and speed (only 1.5 Mbps) I am not really able to use a VPN as it would just kill the speed altogether. I do not have a faster option at this time.
On the phone I don't use hotspots (like McD, Starbucks, etc) nor do I use Bluetooth or any over-the-air payment systems (nor store any data like that on the phone).
The most recent issue, was a search for "eye pain" on my rooted android phone w/ firewall blocking 95% of everything on that phone (and again no cloud accounts of any kind) and then 2 days later getting spam email for "eye floaters."
I had not searched for eye pain previously and I had not received any spam for eye floaters throughout the high volume of spam I do receive, I almost want to say "ever."
So, what gave away my search? There was no login/signup to search for eye pain, there were no emails involved (I have my own email server). Coincidence? I tend to think not....
I appreciate the interaction and enthusiasm on this topic and look forward to hearing both of your opinions on the matter.
Thanks. :)
I use a pseudo incognito mode (still in Chrome) by blocking all cookies unless a particular site doesn't work right or is trusted. In which case I only allow the cookie for that particular site and not all the other ad cookies.
For example: experts-exchange.com
Allow: experts-exchange.com
Deny: crazyegg, doubleclick, facebook, nr-data, secure.transfer.redsourcei
That is a lot of BS (in my opinion) that I definitely do NOT need and doesn't affect my ability to use the site.
I have a static public IP address, so that obviously doesn't help. My machines are behind NAT, but all traffic is still coming from that public IP.
Due to my location and speed (only 1.5 Mbps) I am not really able to use a VPN as it would just kill the speed altogether. I do not have a faster option at this time.
On the phone I don't use hotspots (like McD, Starbucks, etc) nor do I use Bluetooth or any over-the-air payment systems (nor store any data like that on the phone).
The most recent issue, was a search for "eye pain" on my rooted android phone w/ firewall blocking 95% of everything on that phone (and again no cloud accounts of any kind) and then 2 days later getting spam email for "eye floaters."
I had not searched for eye pain previously and I had not received any spam for eye floaters throughout the high volume of spam I do receive, I almost want to say "ever."
So, what gave away my search? There was no login/signup to search for eye pain, there were no emails involved (I have my own email server). Coincidence? I tend to think not....
I appreciate the interaction and enthusiasm on this topic and look forward to hearing both of your opinions on the matter.
Thanks. :)
I just noticed that you mentioned your phone was rooted. That's a pretty big red flag right there.
1. There have been instances of rooted ROMs that came with malware.
2. Rooted phones are intentionally stripping away a lot of the default security, which might be what you're after but in addition to providing YOU full access, it also provides full access to malware that gains a foothold.
A firewall is not capable of stopping malware. It might block 95% of sites, but we've seen malware injected into legitimate sources and apps before. So if you either got a ROM that came with some built-in malware or if you picked something up after rooting, then that could very well be the source. You could always try installing something like Kaspersky on your phone and have it do a free one-time scan to see if there's anything on it. Granted, if it's rooted, a malware app could hide pretty well. It could just be acting as a proxy that feeds your searches out to a separate server, and it wouldn't necessarily be recognized as malware.
For what it's worth, I personally stopped rooting all my phones about 5 years ago because of the surge in mobile-focused malware, and because rooting wasn't necessary anymore to turn the phone into a WiFi hotspot (which used to be the only way to do it a long time ago). You can also optionally install from non-Play-Store locations without rooting, and most of the vendor bloatware can either be uninstalled, disabled, or doesn't take up almost any resources, so most of the old reasons for rooting just aren't applicable anymore.
In any event, I would try to test to see if searches on your phone vs. searches on your PC have different spam outcomes. For example, if searching on your phone results in spam, but searching for a separate topic on your PC doesn't, then that would be a pretty big indicator. Maybe search for some other kind of pain (e.g. foot pain, stomach pain, leg pain, etc - just work your way through the body while testing).
1. There have been instances of rooted ROMs that came with malware.
2. Rooted phones are intentionally stripping away a lot of the default security, which might be what you're after but in addition to providing YOU full access, it also provides full access to malware that gains a foothold.
A firewall is not capable of stopping malware. It might block 95% of sites, but we've seen malware injected into legitimate sources and apps before. So if you either got a ROM that came with some built-in malware or if you picked something up after rooting, then that could very well be the source. You could always try installing something like Kaspersky on your phone and have it do a free one-time scan to see if there's anything on it. Granted, if it's rooted, a malware app could hide pretty well. It could just be acting as a proxy that feeds your searches out to a separate server, and it wouldn't necessarily be recognized as malware.
For what it's worth, I personally stopped rooting all my phones about 5 years ago because of the surge in mobile-focused malware, and because rooting wasn't necessary anymore to turn the phone into a WiFi hotspot (which used to be the only way to do it a long time ago). You can also optionally install from non-Play-Store locations without rooting, and most of the vendor bloatware can either be uninstalled, disabled, or doesn't take up almost any resources, so most of the old reasons for rooting just aren't applicable anymore.
In any event, I would try to test to see if searches on your phone vs. searches on your PC have different spam outcomes. For example, if searching on your phone results in spam, but searching for a separate topic on your PC doesn't, then that would be a pretty big indicator. Maybe search for some other kind of pain (e.g. foot pain, stomach pain, leg pain, etc - just work your way through the body while testing).
ASKER
Thanks gr8gonzo.
I agree, there can be a lot of injected malware in ROMs or apps for that matter and I very minimally use apps on the phone. My purpose for rooting, besides the bloatware, was all the internal android services that constantly call home. I have seen various spam targeting for things both from phone searches and/or pc searches so I don't believe the problem lies in the rooted ROM.
Unfortunately just last week, I broke my phone that I have had for the past 4 years so now I have a non-rooted (not happy about it) Samsung Note 10+ which I am sure is constantly sending back information it has no business sending (I haven't looked to see if I can put Wireshark on there or not).
I'll do another test and see what happens, but I think there is something, somewhere, that is tracking my searches that is tied to an ESN, or my IP, MAC, etc. I don't sign up for services with my primary email account, I block as much as possible when I do venture forth into the digital world and I don't use social media. :)
Thanks. :)
I agree, there can be a lot of injected malware in ROMs or apps for that matter and I very minimally use apps on the phone. My purpose for rooting, besides the bloatware, was all the internal android services that constantly call home. I have seen various spam targeting for things both from phone searches and/or pc searches so I don't believe the problem lies in the rooted ROM.
Unfortunately just last week, I broke my phone that I have had for the past 4 years so now I have a non-rooted (not happy about it) Samsung Note 10+ which I am sure is constantly sending back information it has no business sending (I haven't looked to see if I can put Wireshark on there or not).
I'll do another test and see what happens, but I think there is something, somewhere, that is tracking my searches that is tied to an ESN, or my IP, MAC, etc. I don't sign up for services with my primary email account, I block as much as possible when I do venture forth into the digital world and I don't use social media. :)
Thanks. :)
Use noroot vpn to redirect all the app access to null.
ASKER
Thanks for your help. I have not had much time to completely research this problem and the spam I see still appears, on occasion, to be related to my systems, but I still cannot say completely at this time.