Check the SSL certificate you are using for a MITM attack on you by phone company, FBI stingray/hailstone tower, ISP, or upstream FBI controlled router. SSL for poal.co was created by someone on 3/5/2021, 9:54:37 AM (Eastern Daylight Time) Fingerprint SHA-1 = 33:69:37:F0:6E:27:31:ED:64:13:DF:F8:19:52:91:DB:95:F8:F2:8F (SHA-1 hacked in 2021 though) Fingerprint SHA-256 = DB:6A:41:93:E4:38:6D:F6:BD:28:C9:CF:69:A7:4A:FE:2B:AD:71:62:42:2F:23:87:08:31:E2:43:B8:1C:07:EB If you see suspicious crap coming from poal, check the "padlock" https SSL key to see if it matches "DB:6A:41:93:E4:38:6D:F6:BD:28:C9:CF:69:A7:4A:FE:2B:AD:71:62:42:2F:23:87:08:31:E2:43:B8:1C:07:EB" If I wrote a MITM i would text swap that string so no one could warn you, so i put it in a image for you here : https://files.catbox.moe/843b3f.png If the padlock matches then its a fact that poal sent you the thing you saw. all data in https is 100% encrypted. EDIT: === Addendum written because of request by user FuckingJoke. Simple explanation... Modern browsers send a list of local WIFI ANTENNA NAMES to allow GPS location, if machine has wifi turned on, and people in neighboring homes have wifi, and Google and others maintain a list of WiFi identification from DRIVING AROUND IN "GOOGLE MAP CARS" and storing list of antennaes. This allows locating you to within 4 houses. Modern browsers on Tablets and Phones also in addition, have REAL GPS, allowing location within 15 feet! 15 feet!!!!! The exact ROOM you are holding your iPad in! To get this data a broweser needs PERMISSION, and caches your acceptance or refusal for a day , per site. To get this data a web site has to run javascript code in your machine that has these two lines of code, and can happen anytime you are on a page, not just when connecting : ~~~ if (navigator.geolocation) { navigator.geolocation.getCurrentPosition(Store_Gps ,Show_Gps_Errors , {maximumAge:650000, timeout:Gps_Timeout, enableHighAccuracy: true}); } ~~~ "navigator.geolocation" is a test to see if any form of gps exists "wifi, real satellite gps, phone A-GPS (assisted cell tower GPS), etc. if "navigator.geolocation" then a command to asynchronously fire up GPS is started, and can take up to 50 seconds to complete if only 2 or 3 visible satellites at your location , from in a basement or mountain ravine. 50 seconds!!!! but the answer will be accurate to 15 feet. Phones and tablets CACHE the GPS up to 5 minutes and just report it instantly without 50 second delay unless you tell javaascript the example I showed : "enableHighAccuracy: true" and "maximumAge:650000" (in milliseconds) That tells browser to keep trying until timeout. The result returned if good, has a value telling the computer how accurate it is (15 feet is normal, but the technology allows 1 foot for missile descent hit of a bunker air vent , unaided by pulsed laser marker, if "GPS WOBBLE code defeated", there are large public managed hobby sites that defeat wobble by merely mapping gps location from device to actual surveyed location on map and reporting X and Y wobble. Scientists proved vertical GPS is the hardest, but in egypt scientists proved reliable 11 centimeter accuracy VERTICALLY from a normal GPS device reading , when wobble defeated and 10 satellites used. 11 centimeter accuracy!!!!!!!! Specifying too many digits of accuracy into a software library from Windows or macintosh causes trouble, so most programmers strip it to lat and long integer followed by 8 digits. 8 decimal places of accuracy per degree of lattitude. SUMMARY : The OP is claiming a javacript library poal used or poal code itself has this line of code hidden in the encrypted https data stream FOR HIM, FOR HIS BROWSER, FOR THAT DAY, TO HIS IP... of this line of code : ~~~ if (navigator.geolocation) { ~~~ since poal code can be studied by other people (who are NOT him and NOT his code that day), and because poals code does not have "if (navigator.geolocation) {" in it... for others... then poal provably normally does NOT try to locate your exact home when you are on a phone or tablet. China and other nations, already know your phones exact location and the IP address you visit, they know poal ip address and your address and your location... buy nobody.. not USA gov, or shines gov... can break into your encypted data to or from poal because it uses https (SSL). In ssl, only the IP address and port 43 are known. not even the url. The url is also military grade encrypted. https is 100% secure... unless... UNLESS YOU HAVE A MITM! ***MITM!*** ======== https://en.wikipedia.org/wiki/Man-in-the-middle_attack MITM can happen inside a machine, in a cable router, in a wifi service at a hotel, or airport, or school. MITM can happen anywhere at any point from your screen all the way almost up to poal computer. The purpose of a MITM is to pretend to not be a MITM and reencypted data biderectionally. but a MITM cannot do that and still maintain the encryption key ID. It cannot be done in 2021, not even by the US gov NSA. This key id : https://files.catbox.moe/843b3f.png (which needs to be looked at also on a non-infected machine!) would prove if you have a MITM or not. MITM does happen inside a windows machine if you deliberately install a MITM detector, then no HTTPS is between your browser and poal, the https has a MITM detector service in your computer RE-ENCRYPTING to a russian government controlled and owned encryption HTTPS SSL key. I know many that uses these. They trust Russia more than microsoft or china. SOME RUSSIAN MITM services were hackable once (Kaspersky antivirus fiasco) : https://www.pcworld.com/article/3154608/https-scanning-in-kaspersky-antivirus-exposed-users-to-mitm-attacks.html Personally, I would not mind installing russian gov code in my machines to protect me from Joe Biden's FBI thugs. And most russian security products can offer that for you so you dont have to laboriously keep checking SSL keys manually. Why does a hacker want to use a MITM attack on your https connection? SIMPLE... TO READ ALL YOUR DATA! They decrypt back and forth on the conneciton to poal, and RE-ENCRYPT on the connection back to YOU, using a different encryption key signature (because poal does not let hackers have their keys, assumedly). The OP went one further step in his claim... he claimed EITHER a MITM tried to get his location within 15 feet of accuracy... OR **he claimed an admin at poal targeted his account with special javascript code to get his GPS location*** Statistically, the odds are high in 2021, of a MITM targeting him for all activities because of his 4Chan or 8Chan IP traffic. MITM is common in hong kong, and common in all international travel hotels with "free wifi", and paid wifi at londons heathrow airport. **So original posters issue was one of three things :** 1 > a lie he made up to waste my time 2 > the truth and he has a powerful enemy doing a MITM attack 3 > the truth, and 25% chance the admins at poal noticed he had a handheld device and they indirectly or directly had their site try and get his exact location. It is one of those three.