I was alarmed today to receive two marketing emails from a company after browsing their website yesterday (the emails suggest I signed up for their marketing which I definitely did NOT do). I was browsing using Brave, and Proton VPN on a Macbook. I have shopped with this retailer before but my last order was a long time ago and I did not log in to the site/my account. I have only recently starting using Brave and have never logged onto this site using this browser before. They emailed the email address they hold for me but as I didn’t log in, and was using Brave and a VPN, I don’t know how they knew it was me to connect the dots (let alone set me up for marketing emails which I would have previously declined!).
I only looked at a few pages but one thing I did do was “share” one page link to the Apple Reminders app. I did this via “File” and “Share” in the Brave browser not from a button on the page itself. Could this have somehow let them know who it was? Is this something I need to avoid doing moving forward? My main concern is how I avoid this type of invasive tracking and marketing moving forward. Or is this just not possible?
Grateful for any advice but, if you are kind enough to take the time to respond, I have very limited knowledge so please talk me to me as if I am 5 Many thanks for any help!
Not sure if it might have been some cookies that last for a year or something?
Maybe some auto-fill saved in the browser?
I know Shopify tends to have this feature of having a “quick checkout” kind of button that wants to syphon you into giving your precious email.
But it’s maybe also some shady script running on their side? Like Hotjar or some other kind of session replay? Even if you don’t submit your email, just type it, they are maybe still fetching it somehow?
Thanks for your reply. It shouldn’t be cookies as I haven’t accessed this site before using Brave; I am still migrating across from Chrome, so still have that installed, but assume they don’t migrate across?
Shopify/Shop is insidious. I did have Shop (pre my privacy epiphany!) but deleted that and my data/account and yet it still seems to know who I am on new sites without logging in. And it’s everywhere….
I’m going to contact the retailer and complain and see if I can get an answer, as on the face of it it seems quite nefarious. Probably won’t get far, but if customers don’t complain about such things, they’ll continue doing them.
One thing I did remember late last night was that I did turn off the VPN very briefly as I couldn’t get a particular (different) website to work. And I assume that if the webpage of the company who sent me the marketing email was still open when I did this, then maybe that’s how they got my IP. I almost certain that their webpage was closed when I did this however, but its the only “clutching at straws” less nefarious thing I an think of.
I’ll come back if I find out anything of interest from the retailer.
there are many companies who do this as their primary service.
tracker scripts will load, and they compare on their end to figure out who you are.
often they just give this information to their sales department, but in some cases they are more brazen and automatically contact you.
Sorry what are tracker scripts and how do they work?
What does ublock origin do that Brave doesn’t? I have Brave set up as recommended by Privacy Guides although you usually have to unselect “block javascript” as almost no sites work without it.
When you say use ublock origin, do you mean with Firefox? I opted for Brave as it seemed a simpler option and is more like Chrome which I am used to.
I don’t really want to use Tor for normal web browsing.
Have you checked the timing of previous emails from this company? It’s close to Christmas time and I wouldn’t be surprised if they’re targeting old accounts that have shopped around Christmas with promotional messages. You may have just gotten caught up in an advertising campaign that started this week in preparation for Black Friday/cyber Monday.
You have tools like Fingerprint that can tell you if you do have a unique one or not.
Not sure how unique you are and maybe if you have some DNS leaks or alike, this might be worth checking.
But there are probably a few sneaky ways to track you accross websites or have some websockets/service running in the background, can definitely spot an IP change with a service worker I guess (Javascript is powerful for that).
I guess that using a totally different device on a free wifi will not log you into Shop hopefully. But also, don’t expect to be truly “deleted” on their side, just hidden from your POV.
It’s hard to guarantee that they do actually delete you and they probably aren’t because data is precious, why losing it?
Many thanks for any help!
