Someone using an unrecognised device!

I wasn’t sure whether this topic should go in Community Support, Aldershot or here; but many, I suspect, don’t read Aldershot and I am not looking for support, far from it!

Shortly after signing into Yahoo groups, I got the following email.

From: “Yahoo” <no-reply@cc.yahoo-inc.com>
Subject: Unexpected sign-in attempt

Yahoo

Hi David,

Someone using an unrecognised device attempted to sign in to your Yahoo account.

This sign-in attempt was made on:
When
January 29, 2018 at 09:03

If this was you, you don’t need to do anything else.
Did’t sign in recently?

Review your account activity…..
[cut a boring bit]

Thanks,
Yahoo
-—————

Well, I can’t tell you how pleased I am that I and my (RISC OS) “device” are unrecognised by Yahoo. I am over the moon! The problem these days is that IT firms, big business and intelligence services know too much about you, they don’t want anyone to go ‘unrecognised’.
I had a somewhat similar email from Google (the new Microsoft) after signing into my Google Groups saying “A new device just signed in to your Google account.”

I have had such emails before after signing in, but I am puzzling over the term “unrecognisable device”. I realise that “Device” could be merely an umbrella term for computers, mobile phones, tablets etc, but then the “unrecognisable” would refer to the person (or machine masquerading as a human?) signing in. In this case why doesn’t their system recognise me? I do sign in several times a year to both groups using a computer running RISC OS and remember receiving these emails before. In any case, I am glad that me and my “device” (Ho! Ho!) go unknown to the likes of Google and Yahoo. Whey hey!

PS I know of a mobile phone device that doesn’t run Google services. I am thinking of buying it.

Unrecognised, not unrecognisable.

In this case why doesn’t their system recognise me?

I expect they use a mix of cookies and server-side logs. The cookies might expire (or be deleted via other means, e.g. wiping your SD card). Server-side logs will also expire, and simply won’t recognise your machine if enough of the details change (IP, OS, browser, etc.).

The problem these days is that IT firms, big business and intelligence services know too much about you, they don’t want anyone to go ‘unrecognised’.

Although I’m sure they love tracking you so they can throw targeted ads at you, in this case they’re also using it to warn people that their accounts might have been hacked. Pros and cons.

I expect they use a mix of cookies and server-side logs.

That and the browser id strings probably roll through their short list of OS and browser and on out the other end without triggering anything recognisable for their scripts to play with.
Their system collected the info but it doesn’t match anything in their limited list.

It means you are logging in from an unknown IP address¹ with a device that doesn’t have their “I know you” cookie.
Don’t worry if they send this. Worry if they send this and you have not logged in!

I get this a lot as I reject third party cookies and the browser nukes those set during a session. It’s fun with Facebook too, they have to text me a code for every login (which is like once every other month…).

That said… Yahoo! and security, bit of a poor joke really.

¹ Seems rather dumb to record an IP address in the days of ubiquitous dynamic IP, but there you go…

Seems rather dumb to record an IP address in the days of ubiquitous dynamic IP, but there you go

I wonder how universal it is. I assumed that our IP address would keep being different, what with our service provider being Virgin, but it’s been consistently the same for years.

Seems rather dumb to record an IP address in the days of ubiquitous dynamic IP, but there you go…

There’s an open query at work about setting up the facility for a number of people in a department to use a web based service which can be used by an unlimited number of user account validated logins – just needs to come from a fixed IP or IP block but any organisation on N3 could appear on the internet from any one of a number of IP’s (in the same block) so the (non-N3) service providers say it won’t work from N3.

I suppose I could just declare the N3 block as the source block >:-), then again we do have a 200Mb link out to the internet direct. Yes, I think I’ll point it that way, then it won’t matter whether the subscribers are on the guest wireless or the normal LAN since I can make both sets of traffic ‘source’ from the same real world address.

All in all, just a spectacularly dim restriction.

I wonder how universal it is. I assumed that our IP address would keep being different, what with our service provider being Virgin, but it’s been consistently the same for years.

In the dialup days you’d typically get a different address each time you dialled in, but with modern always-on broadband it’s common to keep the same address for months or years. Some ISPs use “sticky” addresses where even if you explicitly disconnect and reconnect you’ll usually get the same number (but it’s not guaranteed). Other ISPs like mine go even further and give a guaranteed static IP.

PS I know of a mobile phone device that doesn’t run Google services. I am thinking of buying it.

I have just spent several months with a smartphone that doesn’t do google services fully, the main issue is with app developers using the google SDK and when including maps useage to overlay sites. I think it is possible to build apps with OSM and avoid services, the Wikicamps app allows offline browsing. Another app, Campermate uses OSM for offline but is still broken if you dont have google services, and generally Android developers are going to assume you have google services, and not offer support. I have a problem where I want to buy Wikicamps app but dont want to enter card information to the phone to do it. I think they have a help forum. A local fuel price watcher app retreived my email address from the phone to send out a blurb, which I thought was a bit much.

Ron, I had to read that a few times.
So, I’m guessing your phone is possibly a Chinese phone with otherwise good specs but lacking the proper Google .APKs
If that’s the case, your only real hope would be to possibly dig through xda-developers and see if there’s a solution for your phone.
I had a look at the WikiCamps site. I see what you mean about trying to purchase it via other means. I have the paid version on my phone.

I get the unrecognised device thing pretty regularly from my Google account. Even a major browser update can trigger it.

I had a look at the WikiCamps site. I see what you mean about trying to purchase it via other means. I have the paid version on my phone.

Actually it turrned out it might be OK, they do a paypal option that is independant of google services. I just had an a speedy email reply when I enquired about this at the same time as my last post. Good support, and I can do the offline useage without google services, still worth the ~$8.
My phone is a Blackberry with OS10, good display and can drive HDMI/DVI by cable, so no hurry to upgrade.
A good HDMI IPS display for use in the car might be my next purchase. (TV tuner, Rasperry pi, Blackberry)