Paranoia or prudency?
An elderly relative with some health issues asked me to arrange travel insurance for a flight to Europe.
I checked out a list of insurance companies who specialize in passengers with medical problems online using Tor.
3 of the 7 I checked used Canvas Fingerprinting
and will request an image and #hex
from my #graphics
chip. Most #browsers
accept this request without the user realizing and their chips render a unique signature or #digital
and send it back to the website’s servers.
I try to avoid financial companies getting such sensitive info – it can be used, sold and shared with other companies who could easily cross reference the #ID
and influence any future transactions my device might make or insurance I might take out. Naturally I blocked the requests with Tor and crossed these companies off my list.Many corporations have turned to Canvas Fingerprinting as a sneaky way to ID a device
The 4th website had a problem with Tor – some websites, especially those using Cloud Flare
, deliberately block all Tor #relay
s. To justify its existence, #CloudFlare
tells them all #Tor
. This is rubbish of course and I ditched this website from my list along with the 5th one, which was full of #trackers
Next, I went through the sixth one’s #online
. It was not too intrusive and its trackers were manageable but I used a fake name, address, zip and age although I had to declare my relative’s correct medical conditions. I did the same to the 7th, which turned out to be cheaper quote and had a more user-friendly website.
Finally, I used my relative’s old Android to phone the company. Yes, that’s actually ring up and talk to a real person. This is still safer than doing this online, although phone-based transactions like #banking
claims are being phased out, some say at the insistence of #tracking
companies and #spooks
My relative’s #phone
and I’ve cleaned it as much as I can. The main #sim
number is set to hide the #caller
ID. I tell my relative to keep this one #private
, never put it online or use it in two-step verifications. The other sim is set to do regular stuff. It always gets #spam
. The first one NEVER does.
So I ring these guys to get a quote. I have to use #real
names and details for this last hurdle. I get the quote and my relative nods and gives card details. They announce they are turning off recording of the call for the card details bit. Hmmm.
My relative is #happy
with the #cost
and I insist the process is much #safer
and that there should little or no spam or #hacking
after. Another satisfied #customer
. All my cloak-and-dagger operations have paid off.
The next day my relative gets an unsolicited call “to talk about your life insurance”. “Sorry, wrong number” my relative replies and quickly rings me.
My pride is pricked. I rack my brain.
Then I remember the 2nd sim that gets all the spam – after I check it I realize it doesn’t have caller ID set to hidden. Although I used the safe sim to call the company, somehow their systems detected the other sim’s number.
This sim number could be on a hundred ‘Sucker Lists’ of course but this kind of spam process doesn’t usually kick in that quickly. They probably passed my relative’s details on to another department or a partner company. Caller ID is now turned off on both sims and I told my relative to block the insurance spam sales number.
Interestingly, the spam sim received another spam call once my relative had arrived at the vacation destination. This one was a recorded message in Chinese. Recorded messages are usually more dangerous – especially if we click or ring the number mentioned in the call.
However, it was disconnected quickly and the number blocked. I was a bit bemused by this type of spam call as it came from a roaming network based in the vacation country, but it is proof my relative’s spam sim is on an international Sucker List.