When you use a free 2nd line on your phone - how can they trace it back to your "real" phone number?

4 views
Skip to first unread message

Robin Goodfellow

unread,
Oct 12, 2021, 4:38:37 PM10/12/21
to
When you use a free 2nd line on your phone - how can they trace it back to
your "real" phone number?

This is not a "can they do it" question; it's an "how can they do it"
question (because I'm sure they _can_ do it). I'm curious how they do it.

Case in point...

Recently a college freshman needed to send money to her friends over her
iPhone or PC, where I was texted by her as to how she could transfer money
freely, quickly, and as privately as humanly possible on short notice.

My initial thought was "bitcoin", but the learning curve perhaps would have
been too steep for an inconsequential $25 transaction which needed to be
done that moment (as I've never mined bitcoins myself, nor bought any).

I googled and found _lots_ of choices for anonymous money transfers over the
iPhone or PC from kid to kid separated by states as new college Freshmen,
and, to hone my skills, I asked of this newsgroup for even better ideas.
*College kids needs to send 25 bucks over the phone or the PC*
<https://groups.google.com/g/comp.mobile.android/c/TPPOjX0YCc0>

Since the goal was anonymity (at least from my side of the equation), I
created a Venmo account using completely bogus information, which was:
a. A fake "legal name"
b. A throwaway email address
c. A throwaway 2nd-line phone number

Vemmo texted a security code (twice) to the throwaway 2nd line phone number
1. First, when I created the account on the PC
2. Second, when the kid used that account on her PC or iPhone (I didn't ask)

My question is simply how can they trace that transaction back to me?
A. Certainly they can easily trace the debit card transfer to her
B. But how do they trace 2nd-line phone texts back to the original phone?

Can they? (they probably can)
How? (that's what I'd like to know)

Does anyone have real experience in how they trace a "second line" throwaway
account (where I otherwise used my "real" cellphone) back to the original
cellphone?

Again, this isn't a question of can they (since I'm sure they can).
The question is "how" would they trace it back to me if they wanted to.
--
Note: If I wanted to be super cautious, I'd use a burner phone but this is
not really a threat question so much as "what can they easily

Nomen Nescio

unread,
Oct 12, 2021, 5:28:44 PM10/12/21
to
On 2021-10-12, Robin Goodfellow <Ancient...@Heaven.Net> wrote:

> Again, this isn't a question of can they (since I'm sure they can).
> The question is "how" would they trace it back to me if they wanted to.

With a database query to look up the routing and registration information
including all other numbers terminating at the same device.

scorpion

unread,
Oct 13, 2021, 9:20:03 AM10/13/21
to
In article <sk4roa$pfq$1...@gioia.aioe.org>
That's an error. Using a primary phone and associating it with
a "2nd-line throwaway".

The "2nd-line" must have an association with a primary phone
number to function, hence there are a multitude of "temporary"
records created in numerous places most would never consider.
The only assurances you have are with the party providing the
temporary "2nd-line". Those assurances don't extend to other
carrier parties once communications leave the point of initial
entry.

Also, governments monitor cellular calls and look for frequent
patterns involving specific numbers. One or two random calls
may disappear in the billions of calls made each day, but
regardless of any anonymity claims made by a provider of
throwaway numbers, a call was made and a record established.
EMC ($torage) and Ci$co (Buggy network equipment...) are both
participant$ in this deception.

Someone would have to be interested enough to look for the
transaction and work backwards from the endpoint.

Did you create interest?

Robin Goodfellow

unread,
Oct 13, 2021, 12:02:38 PM10/13/21
to
Nomen Nescio <nob...@dizum.com> asked
>> Again, this isn't a question of can they (since I'm sure they can).
>> The question is "how" would they trace it back to me if they wanted to.
>
> With a database query to look up the routing and registration information
> including all other numbers terminating at the same device.

I'm searching for where that (public?) database query lies...

Is it something secret? Hidden?

Where is this database located and who populates it around the world?

Nomen Nescio

unread,
Oct 13, 2021, 2:44:54 PM10/13/21
to
On 2021-10-13, Robin Goodfellow <Ancient...@Heaven.Net> wrote:
> Nomen Nescio <nob...@dizum.com> asked
>>
>> With a database query to look up the routing and registration information
>> including all other numbers terminating at the same device.
>
> I'm searching for where that (public?) database query lies...

Why? It's of no use to you. Those databases are for operational use by phone companies.

> Where is this database located and who populates it around the world?

SS7

Robin Goodfellow

unread,
Oct 16, 2021, 2:39:26 PM10/16/21
to
scorpion <inv...@dont-email.me> asked
> That's an error. Using a primary phone and associating it with
> a "2nd-line throwaway".

I'm not worried if they trace it.
I'm just trying to figure out how they trace it.

For example, sometimes when you use the 2nd line for a web site account
authorization, they seem to KNOW it's a 2nd line. But other times they don't
care.

But for the ones who know it's a second line, how do they know?

> The "2nd-line" must have an association with a primary phone
> number to function, hence there are a multitude of "temporary"
> records created in numerous places most would never consider.

Yeah. But where?
Are those 2ndLine-to-RealPhone indices accessible to we mere mortals?

> The only assurances you have are with the party providing the
> temporary "2nd-line". Those assurances don't extend to other
> carrier parties once communications leave the point of initial
> entry.

I'm not aware that the 2nd-line cellphone apps assure you of anything.

> Also, governments monitor cellular calls and look for frequent
> patterns involving specific numbers. One or two random calls
> may disappear in the billions of calls made each day, but
> regardless of any anonymity claims made by a provider of
> throwaway numbers, a call was made and a record established.
> EMC ($torage) and Ci$co (Buggy network equipment...) are both
> participant$ in this deception.
>
> Someone would have to be interested enough to look for the
> transaction and work backwards from the endpoint.
>
> Did you create interest?

I'm sure they'd be bored to death tracking my phone calls.
But that isn't the question of whether or not they'll be bored.

The question is how can we find these tracking sites they may use?

Robin Goodfellow

unread,
Oct 16, 2021, 2:51:51 PM10/16/21
to
Nomen Nescio <nob...@dizum.com> asked
>> I'm searching for where that (public?) database query lies...
>
> Why? It's of no use to you.
> Those databases are for operational use by phone companies.

Many sites nowadays ask for a phone number to verify with a text.
I give them always, first, the 2ndline numbers.
Somewhere roughly around half the time that bogus 2nd line works.
I get the confirmation text and I can then register the web account.

For the half that work, I don't care why they work. Because they work.
For the half that don't work - I'm curious HOW they knew it was a 2nd line?

More to my needs, I'd like to know how to tell what the lookups say for my
2nd lines as I'd like to expand my use of the 2nd lines to times when
companies ask for my phone number and I don't feel like arguing with them.

>> Where is this database located and who populates it around the world?
>
> SS7

I googled to find that SS7 is most likely "Signaling System 7"
<https://en.wikipedia.org/wiki/Signalling_System_No._7>
"SS7 separates signaling from the voice circuits."
"The SS7 protocol stack may be partially mapped to the OSI Model
of a packetized digital protocol stack."

Apparently whatever SS7 is, it's extremely vulnerable
"In 2008, several SS7 vulnerabilities were published that permitted the
tracking of cell phone users.[14] In 2014, the media reported a protocol
vulnerability of SS7 by which anybody can track the movements of cell
phone users from virtually anywhere in the world with a success rate
of approximately 70%"

It seems to have holes everywhere
"SS7 vulnerabilities had been exploited to bypass two-factor authentication
to achieve unauthorized withdrawals from bank accounts."

But I didn't want to get into how secure or insecure SS7 is.

Maybe I should have asked the question differently.
Q: How do they know that I'm using a 2nd line?
Reply all
Reply to author
Forward
0 new messages