So I opened a disp vm. I was browsing a site, Orange mobile to be precise. I clicked on a link which lead to a sign in page. I wasn’t going to sign in (I have no account with them), but there was a account already registered there?! It was saved, like what happens with some sites, and all one needs to do to access would be re-type a password.
But my question is… HOW did this occur in the first place?! I don’t know the email address, I havent ever even browsed to this site, that I can remember. Certainly not on Qubes, and certainly not on this fresh disp. Opening a new disp does the same thing, with the same email address.
It’s mullvad browser. But I have a disp set up with Firefox too, and that’s the same. They are both exactly as default. Navigating to the same site on a different device with different a different os doesn’t yield the same results.
Could be that the site does this automatically based on IP and maybe someone with your current IP logged in there with that IP at some earlier point; if you’re using TOR then the exit node IP would be relevant and make it far more likely that someone with the same exit node logged in there.
They keep email addresses based on IP from what I understand. If you are using an orange IP, they may have registered that mail from someone else before and are serving it to you somehow.
I considered that. But it’s not an Orange connection, it’s the same result with a vpn too. I also have no idea what the email address is. It’s my home wifi, nothing random
Can you confirm that you can reproduce this with a new disp with vpn enabled? Make sure it actually works, it might be leaking. Use something like https://ipleak.net/
If it’s not IP based then it could be based on user agent or other identifiers…maybe try with a disposable based on a different base template and a different browser.
It is strange that they serve you the same mail with and without vpn on 2 different qube. They should at least be different since the IP is not the same.