[HN Gopher] Ask HN: Why do my online accounts keep getting banned?
___________________________________________________________________
Ask HN: Why do my online accounts keep getting banned?
Hi HN. I am at my wit's end so I'm asking here. In the last few
years, nearly half of all my online accounts for a variety of
different services have been either restricted or banned for no
reason. I have no idea what I could possibly be doing "wrong" here
so I'm asking HN for help. * Lyft. Got a generic error when
requesting a ride, which told me to contact support. I contacted
support and they said my account was suspended due to violation of
ToS with fradulent activity. I asked exactly what they think I did
to violate ToS and they would not tell me. I've taken hundreds of
5-star rides, never comitted any fraud, I don't drive for Lyft or
even know anyone who does. To this day I still don't know what I
did "wrong." * Instagram. Signed up for an account a couple years
ago. Followed some celebrities and friends. A week later when I try
to login, it errors saying my account has been suspended with no
reason and recourse for recovery. I made another account. Banned
again after a couple of days. Now, whenever I try to make a new
account, the SMS verification never passes. It is like they have
blacklisted my IP address. * Letgo. It's like Craiglist. I moved
within San Francisco a few years ago and signed up for an account
to get rid of some furniture that I would not be taking with me.
Within a few days I couldn't login and support told me my account
was banned due to fradulent activity. All I did was create a
listing for a couch with some pictures! I hadn't even gotten
responses to the post. * Google. I tried logging in to an old
account associated with some domains in Webmaster Tools. That's all
I use this account for and I haven't logged in in years. I enter in
the right password and am greeted with "You're trying to sign in on
a device Google doesn't recognize, and we don't have enough
information to verify that it's you. For your protection, you can't
sign in here right now. Try again from a device or location where
you've signed in before.". What am I supposed to do here? Last I
used this account has at an old address (different IP) and on a
computer that has since been retired (motherboard swapped out, OS
reinstalled). * Twitter. I created an account several years ago.
After a week when I logged in it said my account was restricted and
asked me to enter a phone number for SMS verification. I complied,
and even after entering the correct code, it errored saying it
cannot verify my identity. Haven't used Twitter since. * Fidelity.
This morning I tried to log in to my investment account and it says
my account has been blocked "for security reasons" with no other
information or explanation. It says I have to call Fidelity. Over
the phone they asked me to supply a ton of documents over fax for
identity verification and a record of all the devices I've ever
used to sign into Fidelity. They won't even tell me why my account
was blocked in the first place. This is endlessly frustrating.
There must be _something_ unique about either me or my devices. I
have a regular residental ISP in San Francisco, I 'm not using Tor
or VPNs, I use a vanilla Mac with Firefox. I use an adblocker
(uBlock) but so does everyone else. I have a bog-standard Samsung
phone running bog-standard unmodified Android. Does HN know why my
accounts keep getting banned? Especially for those who work on
identity/trust and safety teams in Silicon Valley who have inside
knowledge of how this works.
Author : lopkeny12ko
Score : 222 points
Date : 2022-03-03 16:19 UTC (6 hours ago)
| e9 wrote:
| Fidelity is the worrisome one. Someone could be impersonating
| you.
|
| - check your credit report for any suspicious activity
|
| - if you are tmobile client(or network that uses tmobile
| underneath), check to see if your SSN and DL was leaked last year
| jedberg wrote:
| My initial guess is that you have a virus on your PC that is
| acting as relay and keeps doing nefarious things from your IP. Or
| you have a neighbor that has hacked your wifi.
|
| I'd unplug your router and then wipe your computer clean and
| change the password on your Wifi. Then plug in the router again
| and see if you get a new IP address. IF not, unplug it again and
| call your ISP and tell them the router is broken so they send you
| a new one, which hopefully will get a new IP. Oh and also you
| might need a new phone number as yours might be blacklisted now.
|
| Then start making new accounts. In the meantime follow up with
| Fidelity because as a bank they have a legal duty to work with
| you and at least give you some clues as to what happened.
| nkurz wrote:
| Most of these seem reasonable, but why do you suggest that he
| lie to his ISP by telling them his router is broken instead of
| buying a new one himself? You are casually suggesting he commit
| fraud to save $100. What are you thinking?
| jedberg wrote:
| Not sure how their ISP works, but I pay a rental fee every
| month for my router, and the rep told me I'm welcome to
| change it out any time, all I have to do is tell them it's
| broken. I'm not allowed to buy my own router, and most big
| ISPs in the US work the same way. So I'm just repeating what
| AT&T told me.
| Tenoke wrote:
| Assuming you haven't done anything else my guess will be
| something like having an IP/phone number that has been
| blacklisted because of a prior owner, having your personal
| details used by a scammer (e.g. if you've had your ID lost and
| then returned), you accidentally share the details with a scammer
| or something in that vein.
| dcminter wrote:
| I think this is likely the issue. If so you are not being given
| a reason because when you are rejected by certain kinds of
| compliance rules (e.g. anti money laundering) it is illegal (in
| many jurisdictions) for them to tell you that.
| kube-system wrote:
| Few providers will tell you why you are blocked even if it is
| legal to do so, because that effectively constitutes evasion
| instructions for scammers.
| dcminter wrote:
| Fidelity is the one that stands out to me though. They'll
| have compliance obligations to answer some kinds of
| questions and not others (again, details depending on
| jurisdiction). And they'll mostly be worried about
| different kinds of scams from those that concern Twitter
| and Instagram.
| lopkeny12ko wrote:
| This is good insight. As another commenter pointed out the
| common thing among all of these accounts is that I've supplied
| my mobile number. Any way to check if my phone number is in
| some kind of shared spam/scam database?
| diebeforei485 wrote:
| Do you have apps from these companies installed on your
| phone? Your phone's unique identifier (plus maybe associated
| account information like name/email/phone number/etc) might
| be flagged on some database used by all these apps - perhaps
| Sift Science?
| elliekelly wrote:
| I don't think a phone number being associated with spam
| calling would be enough for Fidelity to black-list you but I
| suppose if they're only blocking your online login (and not
| your transactions) it could be a possibility. You could get a
| pre-paid sim card/phone number and try signing up for Uber
| and Instagram with your same address, email, credit card
| details, etc. and see if your account gets blocked.
| IMSAI8080 wrote:
| Tried just simply googling it (use several variations of the
| number format)? There's many online databases of bad phone
| numbers which usually all show up on regular search engines
| with a separate page for each number. I usually add the
| numbers of scammers that call me to these services out of
| frustration.
| whoopdedo wrote:
| Assuming all scam phone numbers are spoofed, isn't this
| putting innocent people in "digital jail"?
| [deleted]
| bombcar wrote:
| Something common is affecting it - do you use your own domain for
| email? Is anything associated with that domain pointing at a
| "spammy" or "scammy" site? Switch to a provider like gmail
| perhaps?
|
| Is your email or phone number used for anything besides
| _personal_ activities? If your "work" is polluting your email,
| it may be getting caught on that.
|
| You could try a new email that you _never_ access from your
| phone, but if it is your phone number that is triggering it, that
| may not help.
|
| The SMS never arriving is suspicious - are you on a major
| provider with a normal US phone number, or is it some other
| setup?
| neogodless wrote:
| Have you created accounts with any of the big three credit
| reporting agencies (Equifax, Experian, TransUnion)? Or with Chex
| Systems?
|
| These will let you run reports against your identity to see if
| any information has been compromised and used fraudulently.
|
| The big three have to let you do one free credit report per year,
| which is a quick way to see if any new accounts were opened. Chex
| Systems has the same thing, but for bank accounts.
| 300bps wrote:
| You're in the U.S. but you used the term, "bog-standard" which is
| typically British. Questions and I apologize in advance if
| they're sensitive. I don't really expect you to answer them
| publicly, but maybe they give you some food for though.
|
| 1. What is your nationality?
|
| 2. Are you on the OFAC list? Do you have a common name that might
| be on that list?
|
| 3. Are you on the SDN list? Do you have a common name that might
| be on that list?
|
| 4. Do you have an average+ credit score? (About 720+)
|
| 5. Any possibility you have a virus or other malware on your Mac?
| protomyth wrote:
| I grew up on a rez in North Dakota and use the term "bog-
| standard". I get the feeling we all went to college and watched
| BBC videos.
| bbhart wrote:
| Do you use the exact same email address across all these
| services? Try it with unique addresses (e.g.
| lopkeny12ko+lyft@gmail.com) for each... or instead of 'lyft'
| something harder to guess. Maybe someone is messing with you and
| this would make it more difficult/impossible.
| logronoide wrote:
| My guess is your email address is in a database of breached
| passwords and low-profile hackers are using this database to
| perform brute force attacks frequently triggering some kind of
| account banning to avoid performance impact on the platforms.
|
| Try creating a new email and register again in the services you
| are banned and wait and see what happens.
| notRobot wrote:
| Your name might be on a shared corporate or government blacklist?
| londons_explore wrote:
| Anti-fraud systems at most companies are pretty simplistic. Most
| of these companies will have a bunch of 'indicators' of possible
| fraud (eg. account is <24 hours old, phone number country doesn't
| match IP country, email address isn't gmail/hotmail/yahoo/aol,
| customer does not have cookies from last login, customer name
| does not match credit card name, name and DOB not found on
| equifax, etc.)
|
| If you trip too many indicators, your account will be banned.
|
| 'Privacy conscious' people tend to get caught up in these anti-
| fraud systems.
| protomyth wrote:
| A lot of amazing technical advise, but I'm going to give the
| other type. Do you live with anyone or have someone in your life
| that you might not have parted on good terms with that had access
| to your devices? I've seen a "supportive spouse" sabotaging their
| significant other to take control. Security is often about a
| technical quirk, but you might need to look at the people around
| you. It sucks, but sometimes its the problem.
| cyanydeez wrote:
| likely your ip is in a flagged zone that your isp purchased.
|
| i had to call schwab to get them to allow me to login.
| scrollaway wrote:
| If figuring out why your banned accounts are getting banned isn't
| fruitful, you could take a look at the accounts that haven't been
| banned yet and see if there is anything suspicious on them. Spam,
| weird login sessions, unknown IPs; asking site owners could work
| as well (eg you could ask hn@ycombinator whether there is
| anything weird about your account).
| Beaver117 wrote:
| Probably someone hosting, or used to host a tor node (or worse)
| on your IP.
| brimble wrote:
| Go get one of your annual free credit reports and read it
| carefully.
| core-utility wrote:
| Make sure you go to the only reputable source,
| AnnualCreditReport. https://www.consumer.ftc.gov/articles/free-
| credit-reports
|
| (Didn't link the service directly for self-verification from a
| trusted name)
| ivank wrote:
| If your IPv4 is shared, it might be because of the other users
| doing bad things on the same IP.
|
| If you have a compromised device on your network, it might be
| being used as a proxy to attempt logins, or for other uses as a
| "residential proxy": https://datadome.co/bot-detection/how-proxy-
| providers-get-re...
| YuccaGloriosa wrote:
| The common factor with seemingly all of those accounts is a
| mobile number. That seems to be the only thing that really
| connects them all together.
| traceroute66 wrote:
| First, I second all the people here who said "focus on Fidelity".
| Absolutely, you should forget all the others, Fidelity is the
| most serious. Not only because of the direct implications of your
| financial account there, but because "people talk" in the
| financial industry, so you could easily see problems arising with
| other financial companies.
|
| Now, moving on. You explicitly mention "SMS verification failed"
| for two separate providers. This to me smells as if your number
| has ended up on some fraud list (this could well be the reason
| behind Lyft too).
|
| Perhaps you have been subject to SIM cloning ? Perhaps share your
| concerns with your phone provider ? Maybe go as far as changing
| your number (but perhaps not until you've fixed Fidelity if your
| Fidelity account is linked to your phone number).
| garyfirestorm wrote:
| Are you repeating your passwords? Are they getting hacked from
| obscure locations. Do you use password manager? Is your email
| very specifically suspicious - I don't know some keyword
| triggering these. Do you have any accounts that aren't banned? -
| just a lurker here. Not industry insider.
| awslattery wrote:
| I'd take whatever cell phone number you're using, and run it
| through https://www.twilio.com/lookup
| (https://www.twilio.com/docs/lookup/tutorials/carrier-and-cal...,
| specifically) to see if for whatever reason, you aren't showing
| up as your carrier and a mobile phone type.
|
| Services that once let me use my Google Voice number, for
| example, locked me out until I could pass verification with a
| "real" mobile number over the years.
| zelphirkalt wrote:
| Many of the services mentioned are generally no reliable partners
| and should not be relied upon.
|
| My guess would be malware infected devices or someone having your
| credentials (Do you use a new random password for each sevice?)
| or is making similar accounts and you are being targetted by
| measures taken against such actors.
|
| For many of those services they would rather sacrifice a few via
| false positives, than spend more money to solve.
| corobo wrote:
| Is it possible your card infos have been leaked anywhere?
|
| My only thought would be that your card is on the darkweb and
| these services are seeing it tested using their systems,
| blacklisting it and related accounts
|
| Pure guess though, I can't think of much more that would affect
| you across services like that
| Calvin02 wrote:
| If you're using the same email address across all these, it might
| be something in the email address that's setting these off.
| Companies do periodically scan email addresses to remove accounts
| they think are malicious or do not represent an active user.
|
| I had an email *junk*@gmail and it was sometimes flagged.
| yokoprime wrote:
| Almost sounds like your email is compromised. Change password if
| you haven't done that in a while. You should also check the last
| account activity (gmail:
| https://support.google.com/mail/answer/45938?hl=en)
|
| Make sure you are using MFA for any account which allows this.
| Don't re-use passwords, get a password manager like 1password or
| bit warden.
| lopkeny12ko wrote:
| I do use a password manager with a unique generated password
| for all my online accounts. I've checked my Gmail and Google
| account activity and everything looks ok. I do have Yubikey for
| Google MFA which I've been using for several years.
| Matheus28 wrote:
| Or maybe a Tor exit node running on his IP address?
| fluidcruft wrote:
| How can he check his account activity if Google won't log him
| in?
| renewiltord wrote:
| Well, he's clearly signing up for new services (which all
| require email verification) so he has another email account.
| pc86 wrote:
| Not sure how that helps with the original account, though.
| renewiltord wrote:
| Presumably OP user would be content with entering a
| future world where he is no longer banned on new
| accounts.
| fluidcruft wrote:
| It just seems like a chicken and egg thing. How can you
| identify activity that led to account bans on a new
| account that hasn't been banned yet?
| silvestrov wrote:
| also: do you have any browser extensions installed? They can
| leak all sorts of info, including passwords.
| lopkeny12ko wrote:
| I have uBlock, Facebook Container (from Mozilla), React
| devtools, Redux devtools.
| ge96 wrote:
| uBlock origin right?
| isaacimagine wrote:
| progmetaldev wrote:
| Possibly a compromised account (most likely email), or you ended
| up getting a blacklisted IP from your residential ISP that
| someone else previously used for nefarious reasons. Sometimes
| it's an unfortunate combination of the above, along with using an
| adblocker.
| sliken wrote:
| I'd suggest a full online reboot:
|
| * reinstall the OS on whatever desktop/laptop you use, don't
| install any browser plugins, get a pihole to help with ads.
|
| * Buy some Yubi key or similar U2F token. Install authy or
| similar on your phone that supports TOTP and HOTP and allows for
| backups. Enable U2F or HOTP/TOTP on any site that supports it.
|
| * Use bitwarden or something of similar capabilities (keepassx,
| bitwarden or similar functionality self hosted if you want). Keep
| notes on recovery codes, security questions, old passwords, data
| of account creation, which email to use for verification, etc.
| etc. etc. The more info the better when it comes to recovering
| the account. Always use a random answer to any security question,
| not anything easy to guess or discover about you.
|
| * buy a new phone with a new phone number (keep the old if
| needed), ideally an IOS or Google Pixel, both of which have
| really good security and don't install random crapware from the
| cell provider or manufacturer. In particular avoid Samsung
| androids and the crapware they install from "partners" and cell
| providers.
|
| * get a new online email address, use a strong password not
| shared with any other service. Enable 2FA, never use SMS for 2FA.
|
| * Open a new credit card, set the notification threshold to $1.00
| and have it email or SMS you any transactions. Use your new email
| account. Use said credit card online and offline.
|
| * Create an account on an credit reporting/watching service like
| experian, watch for any fraudulent activity.
|
| * for any new account use the new credit card, new email, turn on
| 2FA (not SMS), use a unique strong password, and keep notes in
| your password DB. The only connections to your previous existence
| should be your home address and name.
|
| * Do not use your email address/account for posting apps to the
| Google or Apple stores, various automated scanning can trigger a
| violation that will impact your Apple or Google account
| associated with it.
| dmead wrote:
| oh hey someone is getting hacked on hacker news.
| dmead wrote:
| wow tough crowd.
| wanderer_ wrote:
| Just FYI, it is technically against the rules [0] to reply to
| one's own comment to complain about being downvoted. Probably
| better to just delete in future instances.
|
| [0] https://news.ycombinator.com/newsguidelines.html
| nathias wrote:
| maybe you have some russian ancestry ...
| pdw wrote:
| The Google problem is "normal", in my experience. If you're
| trying to access an inactive account, Google will almost always
| insist on a second factor (verification via secondary email
| account, phone number, etc). If you haven't configured any of
| that, getting access to the account becomes almost impossible.
| Even if you have the password.
| stuu99 wrote:
| Because someone is most likely using your dynamic IP address, aka
| the ISP you are on is possibly hosting a TOR node or perhaps
| spammers using your IP. I'd contact your ISP.
| c7DJTLrn wrote:
| If you use ProtonMail or any other "private" email provider that
| will be why. I've had so many accounts blocked, locked, banned,
| and so on just because I use ProtonMail without a custom domain.
| I use the premium domain now (pm.me) for important things that I
| can't afford to go wrong.
|
| These companies have a list of things they check for and if your
| score reaches a threshold you'll just be automatically locked
| out. In a lot of cases support will be totally useless and unable
| to help. I've tried to buy things before and been locked out,
| then just didn't bother, so it's their loss too.
|
| Some offenders I've come across: * Apple *
| Amazon * Ebay * Netlify * Patreon *
| Discord * Vercel (formerly ZEIT) * SpareRoom
| nyuszika7h wrote:
| Hmm, I haven't had issues with Tutanota on Apple and Discord,
| though I don't use it for my main accounts, only alternate
| ones.
| throwawayboise wrote:
| I'm on a few different tech-oriented email lists. The
| ProtonMail users are all weird. Extraordinarly argumentative
| and paranoid. Ask questions and then riducule the answers,
| almost always on the basis of far-fetched "security" concerns.
| Rarely contribute substantively, mostly seem to be there to
| virtue-signal their security awareness at every opportunity.
| They are tedious.
| genewitch wrote:
| protonmail is the @aol.com of this age?
| c7DJTLrn wrote:
| ProtonMail is arguably the biggest privacy brand, especially
| when it comes to well... email. They do a bit of marketing as
| well which people who aren't so technical are going to be
| picked up by. It's the same situation as with VPNs being
| advertised on YouTube. Both of these kinds of products are
| used by paranoid people who don't have an understanding of
| what they're protecting themselves from.
| orangepurple wrote:
| Now I understand how people are backed into a corner and feel
| the need to fight a war
| dleslie wrote:
| Just having the origin be in ProtonMail servers is enough to be
| flagged. I use custom domains, with all the security options
| available, with ProtonMail and still my outgoing Email is
| frequently flagged as suspicious.
|
| But I figure this is the price that I pay for not using Gmail
| or Outlook.
| nicoburns wrote:
| > But I figure this is the price that I pay for not using
| Gmail or Outlook.
|
| Fastmail doesn't seem to have this issue either.
| dleslie wrote:
| Fastmail also hosts mail on American and Australian
| servers, using encryption keys they control, making it
| unsafe for foreigners to use.
| c7DJTLrn wrote:
| >But I figure this is the price that I pay for not using
| Gmail or Outlook
|
| That's one way of looking at it. Over the years that price
| has risen and it's getting to the point where I'm not sure if
| I want to pay it anymore. Is being paranoid about my flight
| boarding pass being cancelled over my damn email address
| worth the privacy? Is being paranoid over whether an
| important email I've sent has actually reached someone and
| not hit a provider-level filter worth the privacy? I'm not
| sure anymore.
| mbg721 wrote:
| Moreover, have we decided that the concept of a "boarding
| pass" is acceptable?? You used to just show up, pay, and
| ride.
| pc86 wrote:
| Yes, we have, as long as your definition of "we" includes
| "society" or "people who aren't Sovereign Citizens." I
| don't know anyone who thinks an airline boarding pass is
| "unacceptable."
| mbg721 wrote:
| I know a lot of people who kind of put up with it because
| "I guess that's how it has to be." That sort of
| compromise is pretty fragile in the longer term.
| pessimizer wrote:
| We were lobsters in a pot. Watching the relationship that
| we used to have with air travel and airports in movies
| from the 90s and before must be surrealistic to young
| people.
| kelnos wrote:
| You must be in a pretty restrictive bubble if you believe
| the "compromise" needed to accept the boarding pass
| system creates a fragile situation.
|
| If you were talking about the security theater around
| travel, as well as garbage like secret no-fly lists, I'd
| agree with you.
|
| But requiring a boarding pass to get on a plane is no
| more ridiculous to a near-total majority of humans than
| requiring a ticket to watch a movie at a theater.
| mbg721 wrote:
| Does Ridley Scott get a list of the names of people who
| watch his films?
| fredoliveira wrote:
| I'm not sure how you equate watching a movie (which many
| would consider a relatively safe activity) to riding a
| plane with hundreds of other people (which some might
| consider not necessarily risky, but riskier).
|
| But sure, I guess I'll say "no, he doesn't". Now what?
| [deleted]
| kelnos wrote:
| You can still do that (boarding pass has nothing to do
| with that process), but given that most people book in
| advance, you'll run the risk of there not being room on
| the flight you want, or of getting a crappy seat, or of
| having to pay significantly more than if you booked in
| advance.
| jdporter wrote:
| Show up, pay, and ride? Like getting on the subway? Not
| workable, for two reasons: 1, from the passengers'
| perspective, you need to get to Indianapolis, and when
| you show up, there are no seats, or worse, no flights. 2,
| from the airlines' perspective, no one buys advance
| tickets, you have no idea how big of a plane (and thus
| also how much fuel and how many support staff) you'll
| need, nor when, nor even whether you'll need a plane at
| all. Planning. Airplanes aren't subways.
| rtkwe wrote:
| You always received some form of printed boarding pass...
| It's not exactly a new concept in air travel.
| mbg721 wrote:
| The difference is how intricately tied it is to personal
| identity. It's the difference between cash and a card.
| pc86 wrote:
| Yes, I can't possibly imagine why it might be important
| to verify the identity of people getting on an airplane.
| mbg721 wrote:
| I get the sarcasm, but...why does it have to be that way?
| For decades, high-school kids kept their rifles in the
| trunk, and fewer students got shot than now.
| evilDagmar wrote:
| At our high school most of the pickup trucks had gun
| racks. It wasn't until like, my sophomore year of high
| school before _anyone_ even considered "Hey... those
| shouldn't be on school grounds". We all knew quite well
| "no guns allowed _in_ the school ", but rifles were about
| as common as umbrellas and considered equally notable.
| One day a nice officer noticed there were like five
| trucks with rifles visible in the back window, and went
| to the office to ask the students be advised _they might
| be stolen_. Halfway through that conversation it dawned
| on them that they were in fact guns, and then an
| announcement was made on the PA reminding students that
| they were actully still guns and were very banned in
| school so people should take them home after school and
| not bring them back.
|
| ONE student forgot the next day (who was a "bad" kid but
| not actually a bad guy) and was allowed to apologize to
| the school for his forgetfulness over the PA to make
| amends. (I shared a class with him when he got called to
| the office, so I know he was embarrassed to have
| forgotten. It was bad for his carefully cultivated "bad
| boy" reputation to get caught out doing something this
| trivial.)
|
| The difference between then and now is that since people
| were always interacting _in person_ there was less
| tendency for people to become psychopath basement trolls
| who would willfully bully someone to the breaking point
| and beyond.
| g_p wrote:
| In the UK, you can fly domestically without showing any
| ID (unless you check in luggage, where there's a cursory
| visual check against the ticket name).
|
| No ID is checked at airport security. On airlines that
| aren't trying to use name change fees as a revenue
| stream, there's no ID check at the boarding gate either.
| evilDagmar wrote:
| It's amazing the number of people who can't think just a
| little bit ahead and realize one of the major reasons for
| boarding passes and seat assignments is the possibility
| of a plane crash. Because there's two possibilities...
|
| One, where the FAA investigators have a list of people's
| names and what seats they were assigned, the seats have
| numbers engraved on them, and if lap belts were in effect
| generally still contain at least a torso. Meaning getting
| everyone's various bits and pieces back to their loved
| ones is a gruesome jigsaw puzzle, but a solvable one.
|
| The other possibility is that the FAA investigators get a
| list of names of people who were /probably/ on the plane,
| a large field strewn with "loose meat and offal", and
| absolutely no good starting point. Also, a gigantic
| lawsuit and a moon-sized chunk of bad press as loved ones
| get the wrong body parts, or too many body parts, or too
| few body parts.
|
| (BTW, never explain this to anyone who is currently _on_
| a plane.)
| mbg721 wrote:
| How is that different from a car crash? Just the number
| of passengers?
| vineyardmike wrote:
| Also you generally know who is in a car.
|
| If its my car, and i'm missing. Its my body. If its my
| car, and i'm at home, its my partner driving my car, or i
| knew who borrowed it.
|
| Cars are tagged with a plate, and VIN and other details
| that make it easy to identify. Less people means easier
| to find wallets/phones/identifiers in a clean up action.
| jfk13 wrote:
| Also the extent to which the pieces of the puzzle may get
| scattered, I guess. A car crash rarely leads to body
| parts strewn across entire fields.
| nahkoots wrote:
| For me it'll be "yes".
|
| If an airline cancels my boarding pass because they don't
| like my email address (?), too bad for them, they just lost
| a sale.
|
| If someone keeps missing important emails because their
| provider's spam checker isn't very good, that's not my
| problem.
|
| Although I have to say that I don't run into these
| situations very frequently, and I use a basic
| postfix/dovecot setup on a VPS for my mail.
| aspyct wrote:
| On the other hand, if you lose a sale because of lost
| emails, that's annoying...
| vineyardmike wrote:
| > If an airline cancels my boarding pass because they
| don't like my email address (?), too bad for them, they
| just lost a sale.
|
| Sure but now you can't get home. I travel a ton, and this
| would be a major issue for me. You can't always just get
| on a different plane. Lucky you i guess, but airlines are
| one of those things that most people can't mess with.
| neysofu wrote:
| > too bad for them, they just lost a sale
|
| I think it's delusional to think they care any more than
| you do.
| c7DJTLrn wrote:
| >If an airline cancels my boarding pass because they
| don't like my email address (?), too bad for them, they
| just lost a sale.
|
| Trust me, they don't care, I say this from experience.
| They don't seem to even have insight into these bans or
| the volume they're happening in. I had to spam Amazon
| support on and off for two years to get my account
| unlocked. And we all know how much Amazon cares about the
| customer... pah.
|
| Standing your ground as a customer doesn't do anything
| but make life a misery.
| leephillips wrote:
| Same situation and attitude on my part. It doesn't happen
| often, but when someone is not getting my email (usually
| hotmail or some other garbage provider) I tell them to
| complain to their email provider or get a new one. My
| mail is going out, my server logs show everything is OK,
| and I will not jump through hoops to prove that I am not
| a spammer (I already jumped through the DKIM, etc.
| hoops).
| AshamedCaptain wrote:
| There are a lot of intermediate options and smaller (&
| older) ISPs other than ProtonMail or Gmail. For some reason
| it's very tempting to go to the big names.
| tytso wrote:
| Since you live in San Francisco, a number of companies (I know
| for sure Facebook and Google) have ways where you know somone who
| works at that company, and who can vouch for you, they can help
| you get control back to an account that has been lost or taken
| over by someone malicious. Maybe you know someone at those
| companies? The companies themselves generally don't advertise
| this, because it obviously doesn't scale, and they'd be concerned
| with people who try to strike up a "friendship" with an employee
| just so they can backdoor access to an account --- this is
| something that can be used as a security attack vector as well!
| (So it works best for, "I've known this person for the last X
| years, and last month they completely lost control over their
| account. I can say for sure they are who they say they are and
| not a conman or a state-sponsored intelligence agent." sort of
| thing.)
|
| Other than that, what I try to tell everyone to use 2FA
| authentication, and not just SMS text messages or TOTP's, but
| FIDO Security Keys to protect your digital identity. Never reuse
| passwords and use a password manager, yadda, yadda, yadda.
| dwighttk wrote:
| > and they'd be concerned with people who try to strike up a
| "friendship" with an employee just so they can backdoor access
| to an account
|
| They should be concerned about this enough to change that
| policy even without it being generally known
| numpad0 wrote:
| Found this post[0] from same username as yours. Is your phone
| okay?
|
| 0:
| https://old.reddit.com/r/GooglePixel/comments/t2cuuu/help_pi...
| sascha_sl wrote:
| HN
|
| > I have a bog-standard Samsung phone running bog-standard
| unmodified Android.
|
| Reddit
|
| > I have root and LSPosed. I can use any solution that requires
| root.
|
| The plot thickens.
| lopkeny12ko wrote:
| I'm in the process of upgrading to a Pixel.
| Mo3 wrote:
| sillystuff wrote:
| If using a 3rd party ROM, this might not be anything to worry
| about. E.g., to get notifications to occur immediately for the
| AOSP messenger app:
|
| adb shell dumpsys deviceidle whitelist +com.android.messaging
|
| https://i.reddit.com/r/LineageOS/comments/dpk7v4/messaging_n...
| rvba wrote:
| 3rd party rom can have a built in trojan horse that sends
| everything somewhere
| sam1r wrote:
| Seems like a pretty custom configuration. Anything this custom
| with root is bound to have some hiccups.
| moritonal wrote:
| Did you do all this from the same phones/computers? My guess is
| you've got a persistent virus that's dedicated to staying with
| you whilst waiting for a big payoff or just proxying crap through
| your devices.
|
| With something this persistent I'd also be open the possibility
| someone in your life is hacking you (room-mate, colleague,
| someone left alone with your tech) or maybe a very specific app
| you install on everything is compromised.
|
| I'd get rid of most the hardware you own and start a new digital
| life from a coffee-shop nearby.
| samstave wrote:
| _3u10 wrote:
| Start with a new phone you paid cash for and a new SIM. Do
| that once you move, don't bring your old phone to your new
| pad for the first few weeks.
| Mo3 wrote:
| What.. that sounds a little bit over the top lol
| uoaei wrote:
| With fresh VPN account for good measure.
| naetd wrote:
| This doesn't happen to most people so you have a clear personal
| identity problem. Maybe your name is on a list (when I worked at
| a brokerage, we had to do identity screens and close accounts if
| someone was on some sort of international security list... I
| wasn't a member of compliance so I don't know the full details).
| Possibly your identity has been stolen and is being misused. Or
| maybe it is just one specific rogue email account that you are
| using that is causing you problems. I would recommend reaching
| out to customer service at some of these companies, possibly
| Fidelity first as they are a financial institution with strict
| requirements and might be able to tell you most directly what
| your problem is. You should probably also make an attempt to
| check / lock down your credit and any other important accounts
| you have.
| edmcnulty101 wrote:
| I'd be very interested to get a follow up on this, and what you
| found out.
| jstarfish wrote:
| You mentioned a residential ISP. You don't mention phone service
| provider.
|
| If VoIP, someone might be spoofing your phone number.
| PixelPaul wrote:
| Have you ever done a charge back for an online purchase? You card
| or ip may be flagged as a person who does charge backs.
| ttybird2 wrote:
| Google recently blocked my logins because apparently according to
| them I have a malware installed. They ask me for my password and
| I provide it but they are unable to "verify that it is me". I am
| running a fresh Linux Mint installation.
|
| I use a randomly generated password with 30+ characters. If I can
| provide it then they should assume that it is me. This is what I
| get for using gmail.
| IYasha wrote:
| I'm with you (and lots of other victims) here. I even had a
| secret answer - and that didn't help either.
| lupire wrote:
| Are you using Chrome? Google authentication only fully supports
| Chrome.
| Shared404 wrote:
| Quick reminder that Google Is Not Your Friend, and everyone
| who has the choice should step as far away as possible.
| ttybird2 wrote:
| I use Firefox. This seems like a reason for antitrust.
| Thespian2 wrote:
| Sounds like the most likely common element is phone number. You
| could have been the victim of a SIM swap attack, where the bad
| actor used your number to do BadStuff(TM) getting your number on
| a block list. Or, if you got the number recently, it could have a
| bad reputation attached to it.
| newbamboo wrote:
| Replace your router and buy the new router from a brick and
| mortar. Don't trust any of your existing hardware.
| kingcharles wrote:
| Being on HN has shown me one thing, when your accounts get locked
| or banned (and they will), the only way to get them reopened is
| to have a REALLY HUGE MEGAPHONE.
|
| That means you either need a social media account with thousands
| of followers, or manage to write your story up in a way that will
| get you to the top of a major news source, such as HN.
| bluGill wrote:
| Right. EBay has locked me out, I need to call them. But they
| won't give me the number to call.
| serverlessmom wrote:
| There's a number of theories stated here but I'd definitely
| highlight the idea that you've become interesting to law
| enforcement for one of a number of reasons. This pattern looks
| like ones experienced by sex workers, being banned from various
| services because the verification phone numbers are the same as
| those of a known Sex Work account. Once you match a pattern, the
| blocking and banning are very aggressive.
|
| So some possibilities:
|
| * your name is the same or very close to a target you don't know
| at all/have nothing to do with.
|
| * you're working in an industry target by federal law
| enforcement. Big ones here would be sex work, cannabis, or
| political liberation
|
| * Someone is repeatedly using your identity for something
| sinister. If this is a repeated pattern (which it sounds like),
| then it would make sense if that person is a close friend or
| family member. - Almost any time some is the victim of identity
| theft more than twice it turns out it's their partner or parent.
| jrochkind1 wrote:
| I'd be terrified I was some sort of US government list...
| ck2 wrote:
| If this had happened to me I would be thinking the wifi/router
| had been hacked and someone was doing evil things with the
| connection/bandwidth.
|
| BTW that google problem happens to every old account before they
| required phone number backup.
| more_corn wrote:
| Your IP probably got on a list of Bad People. Tech companies
| share a list of bad ips and they tend to silently block. The last
| thing they want to do is provide a failure feedback loop the bad
| guys can use to map their fraud and abuse detection system.
|
| Is your Wi-Fi password nontrivial? Are you using WPA? Lock down
| your Wi-Fi and call your ISP to ask that they expire your dhcp
| lease or assign you a new static IP. (If that's not possible
| switch isps. For example if you have ATT fiber you can switch to
| Sonic. The fiber is the same but the service is actually handled
| differently)
|
| Less likely but still worth considering: Do do you reuse
| passwords? If you reuse passwords it's possible someone is doing
| some fraud on your behalf. Check haveibeenpwned to see if a email
| address associated with your shared password has been leaked.
|
| If you don't already start using a password manager and use
| unique, nontrivial passwords for everything.
| wanderer_ wrote:
| OP should probably try over a cellular connection, to control
| for that blacklisted-ip possibility and the MITM one as well.
| jph wrote:
| Fidelity is the one to focus on immediately because it's the most
| serious-- by far-- and they have walk-in locations where a real
| account rep can help you. The downtown SF location near Market &
| 2nd has excellent staff in my experience.
|
| Fidelity might turn up something about identity theft, or credit
| reports, or red flags, or similar. If so, you can handle these.
| If not, then ask a private investigator for help; a good PI has
| research tools to find problems then help you fix them.
| wrs wrote:
| Don't expect too much from the personal approach. I had a
| similar problem with Bank of America where they wouldn't open a
| business account for me because the risk management department
| vetoed it. Visiting the local branch didn't help: the local
| staff was friendly and tried to assist, but were equally
| stonewalled by the home office.
|
| They refused to give me any clue how to address their concerns,
| so I just moved my accounts -- _all_ of them -- to another
| bank. But that was mostly out of spite, not because I believe
| the new bank doesn't have equally troublesome possibilities.
|
| BTW, I have got to be about the least risky imaginable person
| to open an account for.
| devortel wrote:
| What kinds of non-public research tools do PIs have access to?
| FearTheTrees wrote:
| Agree that Fidelity is the most serious but they cannot help OP
| anymore. OP's situation sounds like his/her SSN and CC is
| circulating on the dark web forums.
|
| OP, you should buy an Equifax or Experian credit package
| immediately, review every account, and put a freeze on your
| credit report. This will be the best twenty bucks spent in your
| situation.
| BenjiWiebe wrote:
| You can check your credit for free, and the freezes are also
| free.
| mint2 wrote:
| Shouldn't requesting the free credit report from each bureau
| be the first step before going to the paid one?
| Nextgrid wrote:
| Absolutely - don't use the paid one ever, that's basically
| submitting to their protection racket. It's a problem
| _they_ created in the first place.
| zippergz wrote:
| Instagram and Google would not even have their SSN or credit
| card number (if OP is being honest about how little they used
| those accounts), so I don't see how you can conclude that one
| of those is the factor...
| hoffspot wrote:
| Agree with the other comments here and would like to add that
| the OP may have the same name as a person on one of those
| government lists like OFAC and are getting identity confused
| with a "known terrorist". US Gov requires certain companies to
| check the list before doing business with people.
| Freak_NL wrote:
| Ouch. I can't think of any other plausible explanation. If
| so, is that a problem that can actually be fixed except by
| changing your name? They're not going to strike the name from
| the list (and all its copies) just because it's a nuisance to
| someone.
|
| It kinda makes one wonder if anyone getting into a bit of
| terrorism for a hobby wouldn't do well to change their name
| to that of someone in the US congress first: no way that name
| would stay on a blacklist for long.
| jrochkind1 wrote:
| > If so, is that a problem that can actually be fixed
| except by changing your name?
|
| It wouldn't shock me if even changing your name didn't do
| it, the name change records are surely data available to
| the algorithms.
| pfarrell wrote:
| I can confirm I had issues flying for about the first four
| years post 9-11. The first flight I took, there was kind of a
| panic and security showed up. Every time I flew, there was
| always some kind of issue and a call for assist, though each
| time it got less and less of a panic. One time the desk
| attendant lamented, "more and more of these every day". I
| asked why this keeps happening. He said my name or ssn was
| close enough to someone on the govt watch list that I was
| effectively on the list.
| throw10920 wrote:
| > ssn was close enough to someone on the govt watch list
| that I was effectively on the list
|
| This is _exceedingly_ dumb if true. Numerical adjacency of
| SSNs is completely meaningless.
| dihydro wrote:
| Yes, but if I was looking to make a fake identity, I
| would steal a real one and fudge something like the SSN
| plus or minus one on a random digit. Then you can blame
| the mismatch on their people making a typo, and they
| would be less likely to look closer at my forged SSN
| card/Passport/Drivers License.
| Zircom wrote:
| Okay but the issue here is SSNs close to one that's
| already flagged also get flagged apparently. If you know
| your social is flagged and are giving a fake one why
| would you make it anything remotely similar to your own
| already flagged one?
| caseysoftware wrote:
| We need to remember this every time some politician says
| "if you're on the terrorist watch list, you shouldn't be
| able to..."
| johnmaguire wrote:
| I'm pretty sure I run into this any time I fly
| internationally. Our group always gets held up, a manager
| gets called, and we're approved.
|
| One time the manager pointed at me and said with a smile,
| "You're trouble."
|
| There was a (presumed dead) Canadian terrorist with my
| name.
| dahdum wrote:
| I had the same issue post 9/11 for a few years. I was
| unable to check-in to flights or receive boarding passes. I
| had to get a "gate pass" from a baggage agent to go through
| security and then check-in with the gate agent to be
| assigned a boarding ticket. This also applied on _every_
| connection and they required identification and
| occasionally additional questions each time.
| the_lonely_road wrote:
| https://sanctionssearch.ofac.treas.gov/
|
| Go to this tool and check to see if your name is coming up
| with any returns.
| ufmace wrote:
| I don't know about Fidelity specifically, but it seems like
| these days, most of the staff at the in-person bank offices
| don't do anything but guide you through the same web forms you
| could fill out yourself.
| vintermann wrote:
| It's really insane if you need to hire a PI to find out what
| you did wrong.
| manojlds wrote:
| To find out what people think you did wrong
| marcosdumay wrote:
| Privatized justice is great, isn't it?
|
| I would go after the most important accounts on the real
| government based Justice system (and forget about any non-
| important one). But I'm not from the US and I don't know how
| binding are those agreements that you won't seek the
| Judiciary. (Anyway, arbitrage should be fair enough to let
| your point through, but I don't know how accessible it is.)
| caseysoftware wrote:
| Agreed, this is the most important. And go ahead and bring key
| documents - driver license, passport, lease/rental agreements,
| last year's taxes, a previous statement you have from them,
| whatever.
|
| Anything that will help you prove: a) you are who you say you
| are and b) this is your account will be useful.
|
| And if you're physically in their office, they can and will
| follow the backchannels to get a better result faster than you
| can over the phone.
| more_corn wrote:
| Also set up 2fa on your fidelity account. Don't use SMS, use
| their app.
| amacneil wrote:
| Check if someone with a similar name to you is on the OFAC SDN
| list (a list of people that US companies are banned from
| interacting with):
|
| https://sanctionssearch.ofac.treas.gov/
| readme wrote:
| My first thought is that you have an enemy who is messing with
| your online accounts.
|
| Try creating a new email, and do not give anyone that email, keep
| it secret. Use this email to sign up for all new accounts. It
| will be a laborious process, but it's worth a try. If you want to
| be super paranoid rule out remote access to your devices or
| computers too -- get a new phone and do everything on there.
| core-utility wrote:
| Even better, while you're making a new email, get a domain name
| and attach it to a service like Fastmail. Create a wildcard
| rule to forward anything @yourdomain.com to you, and start
| changing services to be facebook@yourdomain.com,
| fidelity@yourdomain.com, etc.
| Extropy_ wrote:
| That's an intriguing idea. Do you think you could go into a
| little bit more detail on how to do that?
| sneak wrote:
| I wrote a blog post with step by step instructions:
|
| https://sneak.berlin/20201029/stop-emailing-like-a-rube/
| Extropy_ wrote:
| Thanks. Nice title by the way.
| unfocussed_mike wrote:
| These are all different problems with different causes, aren't
| they?
|
| Could it not be confirmation bias? I mean, if you have enough
| accounts you will have a list of accounts where you have trouble
| like this.
|
| The only things I can think of are: are you using a low-cost VPN
| service, a Chinese or Russian free email account, or a free SMS
| number service?
|
| (There are some good suggestions below re: FOSTA/SESTA and
| matching the experience of known sex workers, but I don't know if
| most US firms are consulting some master list here)
| mynameishere wrote:
| Sounds like a SAR filing to me. You can look that up--they won't
| tell you about it if you ask. It's a Patriot Act thing.
| notatoad wrote:
| How many times have you issued chargebacks on your credit cards?
| Retr0id wrote:
| There are various sites that can check if your IP address is on
| any blacklists, might be worth a look.
| onphonenow wrote:
| Easy questions:
|
| What email provider are you using?
|
| What telecom provider are you using for phone / internet?
|
| Have you pickup up a new number in the last few years?
|
| Is your internet shared with others?
|
| Is your router a google wifi or similar updated router (or ISP
| provided)?
|
| Any old computers on network?
|
| When did you last run your credit?
|
| Any changes in address overlap with this issue? In stone ages I
| used to have debt collectors literally coming to my door because
| of previous tenants. Also cops etc etc coming through. I only
| stayed there a few months, that address would have been trouble
| today I suspect.
|
| Have you done any chargebacks in the last 2-3 years?
|
| Something is almost certainly triggering a fraud detection
| system.
|
| Check out datavisor for an example of how these things work.
|
| https://www.datavisor.com/industry-solutions/marketplaces-ol...
|
| False positive rates run 0.5% - 1% if folks are aggressive on
| these systems.
|
| Fidelity might talk to you, but my guess is something backend is
| flagging, and no one on the front end will have a clue what its
| actually using to flag.
| IYasha wrote:
| Google did the same to me. Never had the chance to get my box
| back :( Never ever shall I trust any of those shady services with
| my private data! For more google hell look here:
| https://news.ycombinator.com/item?id=30060405#30077431
| mattnewton wrote:
| Are you reusing the same email/password with these accounts?
| shmatt wrote:
| How often do you change your password? Do you share passwords
| across services?
|
| Does your email show up on haveibeenpwned?
|
| The only thing I can think about, are bots doing credential
| stuffing and successfully inputting your password
| bennyp101 wrote:
| You could try checking on https://haveibeenpwned.com/ if anything
| appears in there - or maybe just google for you email / phone
| number and see if it pops up anywhere?
|
| Maybe also try checking your IP against various geolocation
| sites, just in case one is returning something wrong, or
| searching for it - see if it pops up on any sites as 'bad'
| paulnpace wrote:
| Whatever the outcome, it would be nice if you posted back with
| your discoveries.
| Aachen wrote:
| I'm surprised by all the people here thinking your device is
| compromised. This is my experience with the Internet nowadays as
| well; a friend complained about it today also.
|
| The emptier the account the quicker you are banned as well (work
| accounts used every now and then during work hours, like twitter,
| are banned quicker than a private account that you login to
| regularly and share more things on). Old accounts are usually
| unaffected for me. Probably removing cookies/localStorage/etc. on
| a schedule doesn't help either.
|
| Every new account on a popular service where you can interact
| with others is like this. It's like everyone saw what google did
| to gmail, saw nobody cared about the collateral damage, and
| figured we can all fight spam without any human intervention. In
| the past we didn't have this problem because it was humans that
| looked at posts from new members. Innocent small Internet I
| guess.
| rom16384 wrote:
| Check your IP geolocation, there might be an error in the
| geolocation database.
| LeonM wrote:
| This is a good tip.
|
| I had a friend who's home IP address was listed in a different
| country from where he actually was. This often tripped anti
| fraud detections if he used the same account on his phone
| (other IP address) and his home PC at the same time.
| z3t4 wrote:
| It's very unlikely all these web services have fingerprinted your
| device. More likely it has something todo with your information.
| If the service is not willing to help you out I suggest using an
| alternative service, or if possible signup with fake information.
| dorianmariefr wrote:
| Someone might have access to your emails and is committing fraud
| on your accounts.
| ceejayoz wrote:
| Or access to their wifi, and committing abuses via OP's IP.
| throwaway889900 wrote:
| Sounds like your phone number is probably banned and someone in
| the past with that phone number had abused it for spam or
| something.
| criddell wrote:
| Is your phone number from one a traditional telephone companies
| (Verizon, AT&T, etc...) or from a VOIP based service?
| [deleted]
| ransom1538 wrote:
| Are you a Russian oligarch? Jokes aside. What are ISP are you
| using for internet? No nord vpn right?
| Cornelius267 wrote:
| It's possible that your information is flagged in a third-party
| risk monitoring system that these companies all use. Perhaps
| something like ThreatMetrix, from LexisNexis. There are others
| that operate in this space as well.
|
| As for how to fix it, I'm not entirely sure. Since you are
| located in California, you might make CCPA requests to retrieve
| and then delete all of your data from as many companies as
| possible.
| [deleted]
| benlivengood wrote:
| Google accounts that haven't been logged into for years are
| basically dead at this point as far as I can tell. I lost access
| to a ~10 year old account that I didn't log into for years.
|
| With good (if unfortunate) reason; the vast majority of old
| accounts are made by normal people as throwaways and likely have
| weak passwords that appear in existing password dumps. There is
| no other verifiable information attached to Google accounts with
| which attackers can be differentiated from the original user
| aside from any login cookies residing on a device that logged in
| before, and old accounts likely have access to other accounts as
| the recovery email address which would let attackers gain
| additional access to other systems by harvesting old Gmail
| accounts.
|
| Your phone number may be associated with fraud in some way. Think
| about the only identifiers you give to these companies; IP (which
| changed without fixing the problem), name, phone number, email
| address. It's going to be one or more of those signals.
| dec0dedab0de wrote:
| Maybe there is something/someone doing something bad on your
| network, and every time one of your accounts logs in from the
| same IP they get associated with your phone number,browser
| fingerprint, and whatever other identifiable info they have about
| you.
|
| When was the last time you updated your router firmware or
| changed your wifi password?
|
| Is it possible your name or email address could be getting caught
| up in filters as a bad word or associated with something these
| businesses are against?
|
| It seems very odd that this keeps happening over years, I'm
| really curious if some people from the companies mentioned will
| read this, and figure out what they have in common.
___________________________________________________________________
(page generated 2022-03-03 23:01 UTC)