Aallannott.techAccount justice for the people big tech ignores
Open intelligence

Field reports

Lockouts rarely start at the login screen. They start with a redirect, a recovery page you didn't expect, a 2FA code arriving on a phone that isn't yours, a browser that quietly forgets every site at once. This page is where those signals get pooled.

Why this exists

Stories tell us what happened. Field reports tell us what was on the screen, what network it was on, and what the device was doing when it happened. With enough of those side by side, patterns become visible: a recovery URL that 302-redirects to a different domain, a "verify it's you" page asking for a phone number nobody registered, simultaneous logouts across Google, Meta, and a bank within minutes — fingerprints of SIM hijacks, eSIM swaps, device clones, and router-level tampering.

No single person can see this. A few hundred people uploading what they saw, in the same shape, can.

Patterns worth reporting

  1. A recovery or verification URL that redirects to a domain different from what the link said.
  2. A "verify it's you" page asking for a phone number you never registered to the account.
  3. SMS 2FA codes arriving on a phone you didn't authorise — classic eSIM-swap fingerprint.
  4. Sudden simultaneous logout from Google + Meta + bank within minutes — points at device-level token theft.
  5. Your browser pre-filling a recovery email you don't recognise.
  6. A login screen that looks right but the URL bar shows a punycode or near-identical lookalike domain.
  7. A passkey link that breaks with Cross-Origin-Opener-Policy errors only in certain browsers.

The report template

Copy the block below, fill in what you can (skip what you can't), and email it to reports@allannott.tech. Until persistent storage is enabled, reports are sorted manually and published in aggregate — never with anything that identifies you.

FIELD REPORT — Locked Out

1. URL you landed on (paste exactly, including https://):

2. Was that the URL you expected? (yes / no / unsure — describe):

3. Browser + version (e.g. Safari 17.4, Chrome 124):

4. Device + OS (e.g. iPhone 15 / iOS 17.5, MacBook / macOS 14.5):

5. Network at the time (home wifi / mobile data / public wifi / VPN / unknown):

6. SIM / eSIM status — any of these in the last 30 days?
   - Carrier pushed an eSIM change you didn't request: yes / no
   - A SIM stopped working with no warning: yes / no
   - 2FA codes started going to a phone that isn't yours: yes / no
   - Phone number ported without your authorisation: yes / no

7. What the page showed (exact error text, or a short description):

8. What you were trying to do when it appeared:

9. Date + approximate time (with timezone):

10. Optional — SHA-256 of a screenshot (see /preserve for how to compute it).
    This lets the screenshot be tied to this report later without uploading
    the image itself:

11. Anything else worth noting (other accounts affected at the same time,
    devices that behaved oddly, calls or texts that arrived just before):

Don't paste anything you wouldn't want quoted. Don't paste recovery codes, passwords, full ID numbers, or session tokens. URLs and symptoms only.

What happens to your report

  • Read by a human, not a script.
  • Cross-checked against other reports for matching URLs, redirect chains, carrier patterns, device fingerprints.
  • Aggregated patterns are published here — never with your name, email, or device ID.
  • If your report shows clear criminal activity (SIM hijack, port-out fraud), you'll get a reply pointing to the right regulator or carrier escalation path for your country.
Preserve the trail first →Back to Get help