Merchant Sends Email After Browsing Anonymously

[frank rice]

Hi,

 

I've searched the web but can't find a topic similar enough nor a forum exactly tailored to this topic, so I hope it is OK to ask here.

 

Early this morning I was looking at furniture on Sears regular and Outlet websites.  I came back later to see an email that was time stamped 6:01am from Sears with the subject "? We've got a surprise! Thanks for looking

[The Evil Overlord]

Welcome, and may I say, well done for taking the time to post correctly.

As for the email, I have no idea on how they could do that without any input from you.

Was the information you recieved in almost exact relation to what you were browsing?

Were you signed into a browser at the time?

[frank rice]

UPDATE

 

I know I posted only minutes ago, but I just zoomed in to look closer at the incredibly fine print at the bottom of the Sears spam email.  (I just got fitted for multifocal lenses and it is a bear getting used to focusing on small type right now).  Anyhow, here is the privacy disclosure link to the company that seems to be proudly responsible for this apparent email stealing technology (I hope the link is OK to post as it is general and freely available):

 

http://privacy.criteoemail.com/us/privacy-policy.html

 

 

I don't know how they could extract my email from just the related cookies but I assume there may be a way it is encoded into other tracking info from sites where I may have stored my email address or communicated through a web form.  This is scary.  I'm afraid to use their opt-out button.  Will research further.

 

Any experience or opinions with this BS?  Thanks!

[Dane]

I get these from newegg or Amazon at times. I'll be browsing. And a few hours later I'll get an email with things similar to what I was browsing.

[frank rice]

Welcome, and may I say, well done for taking the time to post correctly.

As for the email, I have no idea on how they could do that without any input from you.

Was the information you recieved in almost exact relation to what you were browsing?

Were you signed into a browser at the time?

Hi, thanks for the reply.  I've also updated my post which probably explains 'what' is happening, but not 'how'.

 

It appears to be a fairly legitimate looking spam email from Sears, and it includes an inset sofa image, one that I was looking at.  In of itself the ad inset is not surprising, though the email "knowledge" is, and scary as well.  As I tried to describe, this is an email address that is not linked to any type of Gmail or similar cross-linking or social site/plugin/etc.  I was using IE and do have Google as my home page, and do have a Gmail address that may have been logged in (I don't always log out of Gmail, it is just a throwaway account) but at any rate they emailed my primary paid email address that is not linked to anything like what you suggest.

[Barney T. Administrators]

To the OP: Your post is fine.

[Noir Angel]

Does your browser support/have do not track enabled? If not it's possible it could have been extracted from a tracking cookie.

[metallithrax]

Maybe they use something like "lead forensics".

[frank rice]

Does your browser support/have do not track enabled? If not it's possible it could have been extracted from a tracking cookie.

Thanks for the reply.  This is a new install on a "write zeroed" HDD, so I am still tweaking everything.  I started immediately with AV and anti malware running constant protection.  I just went into IE options and set 3rd party cookies to 'Prompt' so I can see what comes up.  Unfortunately I had them enabled before this.  AFAIK, "do not track" in IE is only accomplished by restricting cookies.  I could certainly be wrong.

[n_K]

Does your browser support/have do not track enabled? If not it's possible it could have been extracted from a tracking cookie.

DNT is a bit of a useless feature since the whole ignoring IE's option debacle and not many sites even paying attention to it anyway.

Get noscript and disable scripts from running on sites that could things like this, although they'd still know that you looked at items (cookies) they wouldn't get anything like google analytics, and you can browse in private mode to bypass that too.

[BinaryData]

I get these from newegg or Amazon at times. I'll be browsing. And a few hours later I'll get an email with things similar to what I was browsing.

I get it in my Facebook stream all the time. I'm thinking about writing a program to auto-clear cookies from my caches after each browser closing.

[DemonicHawk]

The only plausible explanation I can think of if you weren't logged in is that they already have a browser fingerprint record of your computer (See: https://amiunique.org/ or https://panopticlick.eff.org/

 

Since you said it was a "new W7 installation" rather than a new PC, I'm assuming you just reformatted, in which case your browser fingerprint wouldn't really change as far as I know.

[frank rice]

The only plausible explanation I can think of if you weren't logged in is that they already have a browser fingerprint record of your computer (See: https://amiunique.org/ or https://panopticlick.eff.org/

 

Since you said it was a "new W7 installation" rather than a new PC, I'm assuming you just reformatted, in which case your browser fingerprint wouldn't really change as far as I know.

Thank you, that seems plausible.  I believe that XP installs used to look at unique features like hardware MAC addresses, and saved a code that was generated from all of that data, which became the basis for approving a reinstall on the same machine.  I experimented with that in the early 2000's by necessity, changing out failed hardware devices and reformatting, and never had it fail to certify the copy of XP automatically.  They might have programmed some wiggle room into it.

 

Yes, it was a clean re-installation of W7 Pro on an existing machine, as I recently fell victim to a ransomeware attack.  I cleaned up the virus and restored my files from backups but to be safe felt it was worth the extra effort to reformat and reinstall.  Now I am paranoid about security since I don't even know how I got the ransomware in the first place.  I don't open unknown files or browse seedy sites.  Thanks again for the idea and links about unique browser detection.

[remixedcat]

wireshark it

[+John Teacake MVC]

Do you have a common name/email?

Have you been into a store? and maybe used their Wifi? Then gone home and used your Wifi? AdvertisingID....

Install Ghostery, Its amazing how many calls to third party API's Trackers and Beacons you get stopped

 

I highly recommend this to anyone.

 

https://www.ghostery.com/en/

 

Its a strange scary old world we live in. 

[n_K]

The only plausible explanation I can think of if you weren't logged in is that they already have a browser fingerprint record of your computer (See: https://amiunique.org/ or https://panopticlick.eff.org/

 

Since you said it was a "new W7 installation" rather than a new PC, I'm assuming you just reformatted, in which case your browser fingerprint wouldn't really change as far as I know.

That's a bit of nonsense really, if it's a fresh install the fingerprint data will show: timezone, IE version, screen resolution, additional software installed (none), language, cookies (none) - what you're trying to say is that the owner of a large domain can take that information and match it up to one user, well no, there will be at a bare minimum 10,000 visitors to the site with the exact same configuration and therefore 'browser fingerprint'.

The most likely scenario is the site was logged into or something from a third party site, then the cookie with/without javascript was used to get finer details and the background email system fired off an email to the account holder.

[frank rice]

Do you have a common name/email?

Have you been into a store? and maybe used their Wifi? Then gone home and used your Wifi? AdvertisingID....

Install Ghostery, Its amazing how many calls to third party API's Trackers and Beacons you get stopped

 

I highly recommend this to anyone.

 

https://www.ghostery.com/en/

 

Its a strange scary old world we live in. 

Not common, no.  I don't use public wifi, at least I haven't in a long time.  Thanks for the link, I'll check Ghostery out.

[DemonicHawk]

That's a bit of nonsense really, if it's a fresh install the fingerprint data will show: timezone, IE version, screen resolution, additional software installed (none), language, cookies (none) - what you're trying to say is that the owner of a large domain can take that information and match it up to one user, well no, there will be at a bare minimum 10,000 visitors to the site with the exact same configuration and therefore 'browser fingerprint'.

The most likely scenario is the site was logged into or something from a third party site, then the cookie with/without javascript was used to get finer details and the background email system fired off an email to the account holder.

I'm not saying you're wrong, but did you visit the sites I linked? Even if you do a clean install, you're highly likely going to install all the same plugins/software and configure everything the same way. OP did say that it was a "one week old installation" so he would already have everything installed.

[+BudMan MVC]

I get it in my Facebook stream all the time. I'm thinking about writing a program to auto-clear cookies from my caches after each browser closing.

Why?  All 3 major browsers Firefox, Chrome and even IE have this option already built in.

 

Here is settings in firefox that allow you to clear you cookies when you close your browser, delete them on close, etc.  Both chrome and IE also have settings like this - just showing firefox because that is browser I use 99% of the time.

 

[BinaryData]

Why?  All 3 major browsers Firefox, Chrome and even IE have this option already built in.

 

Here is settings in firefox that allow you to clear you cookies when you close your browser, delete them on close, etc.  Both chrome and IE also have settings like this - just showing firefox because that is browser I use 99% of the time.

 

clearcookies.png

You know, I'm one of those standard guppies when it comes to browsers. It works, so I don't mess with it. I never knew FF had this option. Now, to find it on Chrome!

[+BudMan MVC]

Yeah they hide it in chrome, advanced settings - privacy..

 

 

So can see how you could miss it

[+DonC Subscriber²]

Could it be as simple as having used your new computer on the same network as your old one (and thus having the same IP address) and they took a reasonable guess that you were the same person?