Do I have a choice, other than cancelling all of my MasterCard cards? This business of tracking and profiling is increasingly evil. If I dystopically discovered that someone has been following me around all the time, writing down everything I look at or do or purchase, in public and at home, I could not tolerate it.
"The company said people can opt out of ad tracking using Google’s “Web and App Activity” online console. Inside Google, multiple people raised objections that the service did not have a more obvious way for cardholders to opt out of the tracking, one of the people said."
I did read the article. That's discovering that someone is stalking you, until and unless you tell them you'd rather "opt out" even though you never "opted in" the evil stalking. Meanwhile, all shops and businesses you get near to or purchase from are calling the stalker to let him know what you're doing -- how do you "opt out" of these?
Hey at least the credit card companies are fully transparent - all that is clearly outlined in the 20-page size-3 font terms and conditions you signed up with! /s
It's ridiculous that credit cards, the primary mode of online purchases and strongly preferred by physical retailers, is dominated by just two/three companies... all of which freely sell your purchase histories to other companies.
That's free market for you; meaning people with more money than you set up a system so even handling money itself costs you money and they also try to squeeze even more money doing shady things such as tracking your shopping patterns.
This is the kind of stuff where the government should have a heavy hand on regulations (unfortunately the members of the government like anyone else are incentivized by money so guess who has a lot of it to "lobby" them.)
It maybe isn't an ideal solution, but it has a lot of upsides. Advertisers (and ad middlemen like Google) bet that they can sell more stuff by drilling deeper and deeper into people's lives.
But the bottom falls out of all that when people decide to opt out of large parts of the commercial ecosystem.
Track your finances instead, the same way you would with a fitness app, and get that dopamine hit from seeing your savings increase. Feel secure in the knowledge that when the next major economic slump hits -- when, not if -- you'll be able to easily ride it out, maybe even enjoy a nice vacation at discounted rates.
The massive growth of ad blockers was an immune response to the excesses of advertisers on the web. Commercial minimalism is the only way to respond to all this crap happening everywhere else.
However, you have other problems: If you have an account, or even a consistent shipping address, Amazon knows what you're buying. So you'd need to anonymize where you're shipping packages to, the names on those packages, and you'd need to register new Amazon accounts regularly with new email addresses to avoid them profiling your purchasing habits.
This makes me wonder if there is a business model for 'anonymous proxy' companies, where you do the shopping at your favourite online webshops, but handle actual ordering, payment and final delivery to your home via the proxy company, who guarantee your privacy for a small additional fee, or subscription charge.
Maybe this exists already. The difficulty would be in offering a good usability (how do you get that Amazon product you want in your local shopping basket).
That business would attract all the bad actors looking to use stolen credit cards and then get banned by the merchant processors for too many chargebacks. And no one can guarantee your privacy, unless they're deleting data very quickly, but the merchant processors wouldn't like that nor would the government.
It would have the same due-dilligence requirements as any webshop and validate your payment method (which could be any method, like iDeal, and even credit card, where the payment processor doesn't get to see the exact order details, but a 'proxied order').
You are right about the privacy guarantee, but there is the issue of trust in any business transaction. Why am I using ProtonMail/VPN? Because they have privacy + security as their primary USP and it is reflected in their business (transparency, privacy policies, compliance, certification, etc.). They work hard to earn and keep my trust, and I pay them to do just that.
I am no expert but probably you can let your company be audited by some trusted party on adherence to privacy promises and prove that you comply.
Having that they can keep my data in storage for as long my government requires by law.
Wouldn't that company have all your information? What would make me trust them? Seems more dangerous than buying directly from multiple retailers, for example.
Amazon Locker storage boxes can be used without any address and with a pseudonym as your Amazon account. You receive a six digit code to pick up your stuff. Only works for items that are fulfilled by Amazon, though.
As long as you don't travel on a highway where the money will be seized by law enforcement by use of civil asset forfeiture due to your suspiciously carrying cash.
The limit is not 10,000. There may be an official number where that starts happening but I have seen it happen (completely anecdotal) with amounts as low as $800.
There is no legal restriction of how much money you can carry around with you in the US, I believe. When you cross a national border you need to declare it and if you buy casino chips or deposit into a bank, they will report you to the government. But the cops can and often do "arrest" the money and will take much smaller amounts of money from you if they find it.
As long as this is possible. In China's social credit experiments cash money is no longer an option, and in countries such as Sweden they are thinking of getting rid of cash too (though public opinion has shifted somewhat with growing awareness of privacy issues).
And if I still want to use some of those features (because some are useful and I don't care about that data), it doesn't appear I can opt out of this specifically?
Wasn't this "Web and App Activity" just this month found to keep its own location history when Location Services are disabled? Seems like they've loaded a lot of different behaviors into this one setting.
How do you unGoogle? They have my phone, my email. Amazon now follows my grocery shopping at Whole Foods. I doubt Visa and Amex are far behind, it's free money for them so there is no point in canning Master. What a disaster! Ad supported Internet is the root of the problem.
re: Whole Foods, I've never heard of a place that was a food desert but for Whole Foods. You should take your business somewhere else if you don't want Amazon to have data on your grocery purchases.
Funny anecdote, my fiance used to live in midtown Detroit near the Whole Foods. At the time the groceries situation was worse, it was more-or-less a food desert other than that Whole Foods [0].
I don't know how folks who can't afford a car would get groceries (an hour round trip on the bus, I guess), but that can be said about nearly everything in Michigan. The whole wealth bootstrapping problem is really unsolved out there, you can't get started on anything without like $5k for a car and car-related expenses.
You can use ios or lineageos. You can use an email such as protonmail (although I personally find them just a touch shady, they're no doubt miles better than gmail) or host your own. Don't shop at whole foods. Pay with cash.
I believe a competitor of theirs has been actively trying to spread distrust of them on HN. I don't remember the details well, but I think they allege that ProtonVPN and ProtonMail aren't independent from each other when they claim they are.
There is a smear campaign going on, but not about precisely this. The smear campaign is that since ProtonVPN is free, it must be doing something nefarious.
ProtonMail and ProtonVPN are legally separate, but they are both part of the Proton family of projects which originated from CERN.
I'm not sure what competitor you're referring to, I don't think they have many of those (tutanota, maybe? Or startmail?) but I assure you I don't work for one of those. There's not another email provider I have significantly more trust in or that I think does everything right while protonmail does everything wrong, there's just a minor sticky feeling that I have using them.
Well, it is somewhat of an uphill battle, sure, but every hill has a top ;-)
As for internet, you can always get yourself a VPS and tunnel everything through that, so your monopoly ISP doesn't get to see anything of what you do.
Not using google is actually a piece of cake. Ther are reasonable competitors for nearly all of their services, except maybe translate and maps. Though I have been looking at OSM a lot lately.
I, personally, use an DuckDuckGo, an iPhone and Apple mail. Amazon isn't an issue really- just buy whatever you were going to get on amazon somewhere else - it's pretty rare that I find a noticeable price difference (unless we're talking about the cheap off branded stuff on amazon - but I don't want things like that anyway).
DeepL is a good alternative to Google Translate, though it is quite a bit more limited in terms of features and languages. I often find DeepL translations to be of higher quality than Google's (for the 2-3 languages I regularly translate between).
not using google is easy, not losing data for 15+ years and counting is significantly harder. even Apple dropped my photos due term of service change, I had to scramble gigabites off internet into disks and now my collection is an unindexed mess.
To be fair to Google, they (mostly) make it fairly easy to move out; exporting your Photos with Takeout returns a nice archive where each image is accompanied by a JSON file with metadata. It's not any standard format, as far as I can tell, but should be easy enough to massage into whatever you want.
[correction: Apple Pay Cash should indeed be a workable shield.] Using Apple Pay [not the "Cash" feature] only hides your details from the retailer, not from the credit card company nor evidently from Google.
It appears that Apple Pay cash doesn’t share much, although they do say ‘We may disclose information that is not personally identifiable for other purposes.’
What they mean exactly by ‘personally identifiable’ is open to interpretation.
Unfettered, profit-at-all-costs is the problem. Paying for something brings no shred of chance that your data isn't being harvested. Zero.
Most people pay for credit cards by way of yearly fees, they track you. Purchase music? Your music is cross referenced in the name of discoverability. Hardware? Same.
Some of those things might be helpful in some contexts, and in others not. That fuzzy line is the discourse.
With all of that said, to cite the locus of all evil as “ad supported” as the problem is a logical fault line.
For email, there's Fastmail, which is great and the web UI is clean, simple and fast. If your phone is supported, you can install LineageOS on it without any Google apps.
A couple of years ago, I decided to go with Runbox for email along with some self-hosted solutions. It has been great - Gmail over IMAP is relegated to newsletter subscriptions. I also use LineageOS on my phones and tablets.
Did you read Chaos Monkeys? What about Dragnet Nation? Both (of which are not new) peek behind the curtains you're concerned about. Both are recommended, and freightening. It's only going to get worse.
The best bit - relevant to this HN privacy discussion - is about two-thirds in. It's where FB cracks the code (breaks the back of privacy) and heads for advertisers' nirvana. And that was 5+ yrs ago.
And yes, his style is very entertaining. I hope you enjoy it.
Are you referring to GDPR? As far as I can tell, the data is allegedly anonymous, so not subject to GDPR. Even if it weren't, Google doesn't exactly have a good track record of respecting privacy or privacy related laws. They've been known to "accidentally" harvest wifi traffic in bulk. They drive spy cars around taking pictures or everything and everyone.
If they were anonymous Google wouldn't be able to match purchases against ad views or let users opt out. I suppose they are just exchanging something like a hash from customer data, so technically Google doesn't get personal information.
To clarify, in US even debit cards are primarily Visa or Mastercard, whereas in Europe they're not. E.g. Norway uses BankAxept: https://en.wikipedia.org/wiki/BankAxept
Danish person here. We mostly pay by Dankort, which is the standard national debit card, I would bet more than 99% of card payments here are direct debit.
> People in Europe don't use credit cards offline.
What? Of course we do. If anything, Europeans are less likely to use credit cards online (though that is slowly changing), instead opting for bank transfers or online debit cards.
Cash is tracked by the banks. It's usually pretty easy too, especially with things like coffee shops that take a lot of 20s and give a lot of 5s. Most people take out 20s, so it's pretty easy to know who was likely at some place at some day or week.
What a flawed analogy. This isn’t anything close to stalking. You are using a credit card processing service. If you don’t like what they do with your data, use a different one or just pay everything with cash.
Pretty sure there are a lot of companies that do not offer their hires the option to be paid in cash, its bank account or nothing. Plus some countries are moving to card-only economy where some stores don't take cash.
How long until a big-tech company starts to log, track, and connect banknote serial numbers from ATM to store? I wouldn't be surprised if ATMs already record the serial number of each note they distribute.
I feel like as consumers we've lost this battle. If it's profitable the other companies will do it, too. I'm hoping that as consumers keep getting more screwed we can get some regulation to give us at least a little control and visibility into our data.
Your only option is to refuse cards altogether because they've all been selling anonymized data on you for years. The big hedge funds pay big dollars for direct lines of data from the credit card companies.
I mean just look at the snake-oil bullshit wording Google are using to describe what they do here:
"Before we launched this beta product last year, we built a new, double-blind encryption technology that prevents both Google and our partners from viewing our respective users’ personally identifiable information,”
I mean, I guess there are proper cryptographic means by which you could achieve something that matches that description.
But does _anyone_ trust the worlds biggest advertising company to be doing that???
I don't doubt one bit that they have people capable and probably even willing to get the crypto right.
I _strongly_ doubt they have the corporate will or motivation to actually put it into production. I'd go so far as to say "getting it right" is antithetical to their (enormously profitable and deeply entrenched) business model.
I don't know about that. Measuring ad impact is extremely valuable. What is interesting to me is the obvious bias of being the seller of ads as well as the impact measurement provider.. fox guarding the henhouse and all
If they sold it to Mastercard as double blind I personally would trust them on it. Lying to consumers seems to turn out fine but lying to large corporations I would bet gets expensive and my experience is that a large org will bend over backwards to meet the letter (if not the spirit) of what they say.
What you're probably worried about is an entity being able to fingerprint you based on a few simple data points and a profile of someone who fits those data points. Which is possible, and increasingly accurate.
"Anonymized" always deserves scare quotes, because there ain't such thing as "anonymized"; there's only "anonymized until correlated with other data sets".
Anyway. Yes, I do trust that of all parties, Google actually would both develop and deploy whatever that "double-blind encryption technology" is. Still, it's not the problem.
I think we need to stop dancing around the real issue with all that talk about PII. No, I really don't care about my PII just leaking somewhere. I care about what people do with them. It's what companies do with PII, "anonymized" or not, that's the problem. Advertising, upselling, price discrimination. Those are the real problems.
having sat during conversations at a large credit card company it turns out 4 to 5 transactions are all that is needed to identify a person.
meta data like where you made purchases when you made purchases and how much you spent and maybe a few other details are all you need 4 or 5 times to de-anonymize
full disclosure... I have 3 credit cards from this company....at this point I cannot imagine writing checks and carrying cash for daily use... I am not sure this battle can be won at this point.
A lot of attention in the press is given to Google et. al. about purchase profiling and tracking for ads. But the concept of purchase profiling has existed really since the invention of the credit card. As others have mentioned hedge funds have brokered this data for decades - but for some reason it has not been covered as excruciatingly as it has for tech companies. While I disapprove of the practice overall I would bet that tech companies are actually a more responsible steward (jail warden?) for this data than credit card bureaus, precisely because the spotlight is on them and also we have come a long way for data security in general.
There needs to be much more coverage of this in the contemporary press as it is applied to credit card companies, agnostic of tech co.'s making it a joint venture.
I believe credit card co.'s gave this process momentum early on and tech co.'s are just taking it and running with it.
The same can be said for Google location tracking vs. Verizon's straight-up selling that data as an asset.
It is somewhat ironic that Google is probably more privacy focused and has better security than any other company in the fortune 500 and yet they seem to get some of the most negative criticism here.
Yes it is. Personally, I dislike tracking and don't mind disparaging Google for it - but I think in this case reporting like this manages to miss the heart of the problem and mischaracterize the situation.
You can be extremely ethical about your factory farm but it's still a factory farm.
Google is in the business of utilising your data in the interest of advertising. No matter how you sugar coat it, the core of the business is tracking people and exploiting that data.
Are they doing their best to be careful and ethical? It sure seems like it, but that doesn't solve the issue.
The free services they and many tech companies provide for free are just payment for your data. The majority of people don't realise this implicit connection and many others do realise it but are happy with the transaction. But it's important to note that they undermine the ability to provide these services more ethically by setting a social norm of incredible services that are "free".
Edit: I will add that the cost and benefit to society of this kind of service provision is complex and nuanced, Google has obviously provided incredible value and society has decided that advertising is a fair price to pay, else they wouldn't be around still. But the true effects of immense tracking and advertising are still yet to play out completely.
You're right–people often conflate "selling" with "using internally to sell ads." There's a difference, and it's meaningful, but the point is that Google's business model is based on gathering and exploiting as much data about you as possible
That's not true either, but that's a common misconception. Google makes the bulk of it's ad revenue from search ads. Two people issuing the same search query will see the same ads (for the most part). Hence, Google could still make money without user targeting - unlike Facebook.
I'm surprised that this comment was downvoted so much. I actually work at Google. I don't know if anyone is still going to read this, but I thought I would comment just in case.
I said "for the most part". There are multiple reasons why different users can see different ads:
Ads might be geo targeted ("Only show this to users in New York.").
There is some stochasticity in the serving process. Ads can run out of budget. Different data centers might have cached different things in cache.
Different advertisers that are eligible to show for a certain query can bid different amounts depending on the user, for example though RLSA [1].
But anyway ads personalization is not essential to Google's business model (except display ads and maybe youtube ads).
I like how you say "personalised ads are now essential aside all those times it is". The fact remains, personalised ads is always going to be far more profitable than non-personalised ads. You don't need to be an insider in Google to understand this. Moreover Google didn't even invent the concept of personalised adverts to begin with.
I'm old enough to remember when we had the same arguements about supermarket loyalty cards which track your purchases and sends out personalised deals. Now people just accept that happens but there was a massive uproar about it back in the 80s or 90s (I forget precisely when but it was a good few years ago now).
I honestly don't blame Google for doing what they're doing. It makes perfect business sense. What I do object to is Google employees (assuming you are who you say you are) trying to argue that Google don't make a business from personalised ads when it's pretty easy to prove they do and nearly every single member of HN has observed that it action. For the record, I also object to people argue who "X is definitely not y" while acknowledging that there are a whole plethora of examples where their arguement isn't completely factually accurate - that kind of dumb get out clause is just insult on everyone's intelligence.
Yes. And isn't it also the case that, by offering their very elaborate targeting capabilities to advertisers, they still leak your personal data to 3rd parties, though indirectly? After all, the fact that a certain personalized ad appears in your page confirms to the advertiser that you are in their carefully crafted target group.
(I work for Google, but not on ads and I have no social knowledge)
I think that one thing Google tries to do is to make identifyingly small demographics not possible. As you say, that would leak personal info when the user clicked.
Oh, of course. Google is actually really benign. They don't sell your data. They just automatically scrutinize it in unfathomable detail to make as much money as possible when they pimp you out to anybody else who wants to manipulate you.
Please accept our sincere apologies--Google is such a nice company with a 100% ethical business model!
Like you mention one of the most obvious reasons that Google does not sell user information is because it would not make good business sense. These immense profiles they're building on everybody are part of their 'secret sauce' and simply selling those would not be good for business.
When they're choosing to not engage in behavior that no company in their shoes would engage in, it's hardly praise worthy and I think indeed that ridiculing it as a 'positive' for them is completely fair. So let's change the game a bit. If, somehow, their business changed or evolved such that selling user information directly was a profitable part of some business strategy - do you think they would still choose not to? What if I asked you, not that long ago, whether you think Google would be willing to build a search engine in China completely accepting (and thus arguably implicitly endorsing) all state level censorship engaged in by China?
I do think that Google at one time sincerely held the sort of anti-corporate-establishment view of 'don't be evil.' But it's much easier to moralize when you don't have the option of going against those morals to the tune of billions of dollars accompanied by immeasurable influence.
> the most obvious reasons that Google does not sell user information is because it would not make good business sense
On the contrary, it is a good business model and Google does it. They sell ad targeting, and targeting ads is based on accessing personal user data and making its results available to anybody who wants to pay. With each targeting of an ad the ad buyers can track more profiled users.
If I target my ads to left-handed Hungarian mimes, and someone clicks on that ad and comes to my site, what do I know about that person? What user data has Google told me about them?
I provided money to Google. Google provided [people, or perhaps bots] and told me they were left-handed Hungarian mimes. The user's information has passed from Google to me. I just tagged that person "left-handed Hungarian mime" in my database.
Now, you can invent new words and call that something other than a sale, but...
The tech industry is great. Package up software, give it a SKU, put it in a store, have people come in, exchange money for it, and walk out: They're very happy to call that a sale, not a license, but a license is what it is. Happy to use the word "sale" when it confuses the customer and benefits them.
But start talking about selling user data to advertisers, nope, don't like the word "sale" any more, even though the advertisers are handing over money and walking away with data they are free to use. Odd.
Ok but is anyone doing that? Even if technically possible is that a violation of the ToS? (I don't know the answer to either of these questions, but I expect that the answer leans towards "no" for both).
>If I target my ads to left-handed Hungarian mimes, and someone clicks on that ad and comes to my site, what do I know about that person?
Nothing, unless they register there, and if your goal is to convert left-handed Hungarian mimes, then you probably know about your target audience already. You've learned something about a tracking cookie. That's only valuable if you can continue to track the user.
This captures Google’s and FB’s business model perfectly.
Not matter how you sugarcoat it, if you work for Google or FB or any other ad blasting company, you help further the model of selling data of people’s private lives to the highest bidder and ad spam them throughout the internet for months.
I'm not so sure it's so clear in that page you linked to. Google do also sell the largest analytics/user-tracking platform that exists (Google Analytics). That page you linked to seems to hinge around what constitutes 'personal information' which I'm sure others have differing opinions about but does go back to the parent's point: Google is in the business of selling your data. It maybe does it in a controlled way, segregating by client properties, or removing certain personally identifying information, but it's still selling your data.
It looks like they are back in the green now. I appreciate the dialogue it sparked and I can appreciate it takes a bit of courage to take part in a topic that's contentious toward where you work.
As we found out, they buy the data - this time from Mastercard and collect a detailed profile of every user, maybe more detailed than 3-letter agencies have.
No they don't sell your data they just sell "access" to your data. The bits don't leave Google servers.
Your assertion and supporting link are nothing more than semantics though. But if those semantics make you personally feel better then fine. But I think there's very few people who think that such a semantic distinction matters.
Yes non-tech companies have done this forever, but it was only when online tracking started that the amount of data you could collect on people exploded. And Google, Facebook etc. figured out how to monetize it much more effectively, generating the lions share of its revenues through such ads.
So IMO tech companies are well deserving of the criticism they’re facing.
Also, tech acts as a (mostly) reliable steward of this data because they can monetize it so well. If 90% of the revenues of Target came from advertising, we would probably not have had the massive leak of cc data. For most traditional businesses, this data is an additional source of revenue, not the primary one.
The reason tech companies get the spotlight is because there are times when the tracking is so much in your face. For example, if I look up specs on a pair of Bose headphones, I get plastered with ads for Bose for the next couple months (unless I flush my cookies, and/or browse anonymously or use an ad blocker). Yes, I know what is going on behind the scenes, but it still feels like stalking.
If you want to still use a "credit card" online without being tracked by the MasterCards or Visas of the world (or even individual merchants), then check out https://privacy.com/ .. It lets you generate a new credit card number for every transaction if you want.
I'm not affiliated with them.. Just a satisfied user. (Although happy to hand out referral links.)
If I understand the way the process works, no. The credit card is attached (via privacy.com) to a checking account via ACH. So if you get a refund (or perform a chargeback) on one of your credit cards, then the resulting funds are just deposited into your checking account.
The issue is individual tracking vs aggregate tracking. Tech companies now a days are starting to target individuals based on their individual patterns. This is quite a bit different than aggregate tracking based on group trends. For instance if you see a link to a Credence Clear Water video after watching a video of Under the Watchtower, it makes a lot of sense. On the other hand if you see a link to a lecture from Leonard Susskind -- then that's going to be exclusively the result of personalized tracking and it feels invasive.
And the example I'm giving there is the most completely innocuous possibility there is. This gets much worse when, for instance, politicians will (and to some degree already are) creat[ing] multiple mutually incompatible versions of themselves to sell to different demographics and ultimately even individuals. That's not cool, and you can come up with far worse scenarios that this sort of individualized tracking.
>>> but for some reason it has not been covered as excruciatingly as it has for tech companies.
The bank were not spending millions on the web talking how about they profile you to "improve your experience". They were mostly silent about that. That's why Google/FB/you name it is super for me : it says aloud what happens behind closed doors since ages.
I think you could buy an anonymous prepaid/gift card periodically, though I don't know if there's any restriction that prevents you from buying certain things (probably you can't use it for airline check-in). Wish this kind of things could be done more easily in future.
Credit cards know how much you spend at Whole Foods with a certain transaction amount. This I always assumed was tracked and could be used/sold by the credit card companies. This article tends to imply that MasterCard is getting the actual list of things that you buy at a store. I would hope that for this to happen the store must also be involved in selling the individual item list to the credit card company. I was hoping that stores were not doing this or I would have heard something about it, but maybe it would not really be news at this point in the data selling game.
Other companies are different: Google is unique in the sense that they have - or if they want, they have enough data to build - an extremely rich and complex profile including very intimate details of a given person.
There is no other company (or a government agency) that knows exactly where you are, how you spend your time, what your precise interests are, what your fears and hopes are (based on your search history), your relationship network, including secret lovers, and so on.
Avoiding being tracked by Google is almost impossible these days, given that everybody uses Gmail, GA, Android and so on.
> The big hedge funds pay big dollars for direct lines of data from the credit card companies.
Not just hedge funds. All finance institutions buy ( "share" ) data from and with each other. Even if you "opt out" ( we should be defaulted to opt-in rather than having to opt out but that's another discussion ), banks have a sneaky trick of slightly changing your ToS and giving you 30 days to "opt out" again. It's one of the reasons why every year, people get "new terms" in the mail. If you look closely, you'll see a slip of paper in the pile of papers about "privacy" rights and saying you have 30 days or so to let your bank know you don't want them to "share" your data.
Also, keep in mind that anonymized data is anonymous in a local sense, not a global sense. Even if PII is removed from one data vender, you can link anonymized data from a variety of data venders to "unanonymize" you. If you have one set of PII ( say like your employer ), then it's really effortless to link you with the anonymized data.
If you have search history from google, data dump from facebook and CC data, then one could pretty much peer into most people's homes and lives without much problem. You could know people better than their spouses do and in many instances, better than they do themselves.
The difference between a slave or serf and a free man isn't paid labor ( as even slaves were paid for their labor ), but the right to prevent intrusion into their lives. A free man had privacy. Slaves had no right to privacy. We are moving into a world with little to no privacy. Well not all of us. The wealthy are moving into a world of greater privacy.
Buying up islands. Highly walled and heavily guarded compounds. Opaque offshore wealth centers.
Wait, so for example hedge funds can buy aggregated data from BoA about how much is spent at Walmart on BoA CCs on a daily/weekly basis, wouldn't that data be very valuable prior to an earning call/report, somewhat like insider trading (but I guess not technically?)?
MasterCard has also started cracking down on customers whose speech they dislike. A Patreon creator was just a couple weeks ago removed because his content was disliked by MasterCard, who gave Patreon basically no choice in the matter.
I think that if Visa doesn't remain largely neutral (keeping its policies as minimally political as they are currently), there will be a considerable market for a principled creditor (maybe Discover becomes that, or a new player is born).
Effectively that's already the case. I gurantee if you live in modern society, eg. drive a car, use a phone, go on public transit, shop online or in stores with plastic etc... your "pattern of life" would be trivial to put together.
If you consider in aggregate all of the government and corporate tracking and surveillance these days, the only way to opt out is to move to an off grid shack in the Montana woods and live a lifestyle like Ted Kaczynsky.
Moving to Europe? I have always despised creditcards, their business model is anti consumer and legalised theft. Luckily I live in a country that has superior payment options.
In Germany direct debit (pull) is common and the EU is currently rolling out instant wire transfers (push). Either way cuts out the third party as you're paying directly from your bank account and banks are far more regulated wrt. privacy.
Unfortunately, you'll find it rather annoying to pay for a rental car. If you use a debit card, they'll pull an additional €250 deposit, which you won't get back until you return the car.
If you pay by credit card, it just goes through without having to pay the deposit. It's one of the reasons why I begrudgingly got a Mastercard, and also for the travel insurance.
That's basically all I use it for, though. I think there's some additional electronics insurance or something, but the basic warranties here are pretty good already.
There is a reason why I wrote my Google DoubleClick essay. What is fun is that credit cards directly ties an increase in debt to consumer spending, which in turn goes to Google as ad dollars in this case
Unlikely. What will end up happening is that MasterCard will be making money from this deal, which will incentivize it to either drop merchant fees (leading to merchant offers for buyers to use MasterCard) or increase card member benefits to get more data to sell, which will make people use MasterCard cards more.
The average buyer would rather get cash back to allow Google to report to merchants how their ads resulted in credit card payments than to not get cash back and hide this information. This is the same economics for how loyalty card programs work.
I don't understand how they can correlate a sale to a specific google account without getting personal identification data. By definition if they can associate a transaction with a user, the user has been identified and has lost all privacy.
Google users give up their PII the moment they sign up for an account. If you also use Google Wallet or pay for any Google service, you've given them the ability to associate some representation of your credit cards with you as well.
Together with Location Services, they know everywhere you physically go, so given the last 4 digits of your cards and a transaction list it's pretty easy to guess who you are.
They double ROT-13 the email address that each side collected so they can correlate, but not identify, individual consumers -- or something, TFA didn't specify the actual encryption algorithm.
Not sure how this works specifically, but usually you step back a bit and say that what you actually want to determine is not whether a user performed a transaction, but how many users who saw a specific ad bought a product, and then you develop a (statistical) zero knowledge proof/protocol to achieve this.
I don't actually know how to do this, so this is a bit like the "draw the rest of the owl" meme :)
The article mentions there is an opt out on google, so surely they must be able to correlate the transaction to an individual user, otherwise how do they know what transaction to exclude?
People on Twitter have mentioned that this probably extends private set intersection where each party learns the intersection of a set without learning either input set, but that wouldn't quite be enough.
If you assume there is an algorithm where Google can provide some "encrypted" form of their "users who have seen this ad" list such that the amount spent can be computed without knowing the intersection, you could exclude people who have opted out from the list Google inputs into the algorithm.
They've been doing variations of spend track as a $value to goods and services for years (I mean the banks) so.. I don't get it: whats significantly different this time, compared to the spend tracking they've done as business-intelligence for the last 20 years? They sell it to the highest targetted bidder. If you are buying BMW accessories for an old model car, without searching online, dont be surprised if you get ads for mercedes cars with a BMW buy-back: your postcode or ZIPcode, plus a few other details gets "you" as well as fingerprinting web purchase: remember your card is used in a weighted centroid centered on your home...
I’ve grown very weary of HN comments that just say “what’s new about this?” Things can be worth discussing after the exact moment they become known to the world
GNU Taler can't come soon enough.
Http://Taler.net
> When you pay with Taler, your identity does not have to be revealed. Just like payments in cash, nobody else can track how you spent your electronic money. However, you obtain a legally valid proof of payment.
The key here is "double-blind encryption" - assuming they got that right, neither can see exactly what I am buying, so I'm good. Bigger point: I'd be ok with any company tracking my activities _as long as_ one of two conditions are met: a) it benefits me (and me only), or b) it benefits them _but_ they cannot identify me.
The privacy aspects are important, but it is also worth considering the impact this sort of stuff has on society. We like to think of ourselves as semi-immune to advertisement (and manipulation), but we really aren't. The 2016 presidential election proved that. Putting more and more data into the hands of Google and others just gives them more power over the public at large. Are we OK with that? Is the discussion even really happening?
I'd say the 2016 election proved how hard we are to manipulate. Hillary lost despite spending more and having nearly the entire media (with only a few exceptions like Fox) on her side.
It's hard to say that the media was on her side when they gave billions worth of free coverage to Trump. They also gave her email scandals equal weighting compared to Trump admitting to sexual assault and directly asking a foreign government to hack his opponent on live television.
As Bernard Cohen reportedly said, the press may not be successful much of the time in telling people what to think, but it is stunningly successful in telling its readers what to think about.
Seems to be true in this case. They covered Trump, which made him the person people think about.
They told people to hate Trump. The electorate didn't listen.
Back to the original question, does that mean we're easily manipulated?
How can you agree that "the press may not be successful much of the time in telling people what to think" and at the same time think we're easily manipulated?
Because the bar for manipulation is not “think X”. It’s very possible to move public opinion by the way things are worded, presented, and brought up without ever going as far as saying “think X”.
Heck, very very few advertising campaigns involve telling the user to buy a product or service. Most focus more on creating a new need/want, or in repeated exposure to make the advertised good seem “normal”.
Now the tricky thing is that manipulation requires intent, which is very hard to prove. Hanlon’s razor would have us believing that in most cases, shady things happen because people are dumb, not malicious. So for my part I personally believe that the media got addicted to the ratings and felt internal pressure to provide equal coverage even when the scandals were quite unequal.
>A December report from Harvard University’s Shorenstein Center on Media, Politics and Public Policy delivered some sobering news for all those investigative reporters who may have supposed that their Trump exclusives were changing the world: None of them were breaking from the pack. “Clinton’s controversies got more attention than Trump’s (19 percent versus 15 percent) and were more focused,” noted study author Thomas E. Patterson. “Trump wallowed in a cascade of separate controversies. Clinton’s badgering had a laser-like focus. She was alleged to be scandal-prone. Clinton’s alleged scandals accounted for 16 percent of her coverage—four times the amount of press attention paid to Trump’s treatment of women and sixteen times the amount of news coverage given to Clinton’s most heavily covered policy position.”
I think it is obvious we are not immune to advertisement, that's why advertisement exists in the first place.
For the election, politics is 100% advertisement. Candidates have no legal obligation to keep their promises (and that's a good thing). An election won by something that isn't advertisement is not democratic.
Now for the 2016 presidential election specifically, the fact that Trump won despite having most of the Silicon Valley and a major part of the online world against him shows that "Google and others" are not that powerful compared to the traditional players.
(a) is underspecified. Benefits you according to whose values? If it's someone else's values, then I would object. If it is your own values, then whether it benefits you really becomes secondary, because what matters is that they need your consent. Whether you give consent based on what benefits you is not a primary concern, though presumably you would.
(b) seems to me like an expression of a naive view of personal identity that makes a binary distinction between anonymity and non-anonymity that doesn't exist in reality in any meaningful sense. Does manipulation against your interests become a non-problem when the manipulator doesn't know the name in your passport? Does it become a non-problem when the manipulator's tools are too imprecise to pick out you specifically, so they apply the same strategy to you and one other person, yielding only a 50% success rate? Does it become a non-problem when they lump you in with three other people? With four? Ten? A hundred? A million?
All of this is about power. Just because power is exercised indirectly or somewhat imprecisely doesn't make it categorically different from someone influencing specifically you, just as poisoning rivers and lakes isn't categorically different from poisoning your food on your plate. It's just a scheme for laundering the power to make it less obvious, and if you allow that, that's what people will do. People who want power don't care how they get it, all they care about is that they get it, so if you tell them that you are OK with being manipulated indirectly, then that's what they will do.
The defining feature of a conspiracy theory is that a large number of likely unrelated activities are either part of the conspiracy, or explained by the theory.
" With it, marketers see aggregate sales figures and estimates of how many they can attribute to Google ads -- but they don’t see a shoppers’ personal information, how much they spend or what exactly they buy. The tests are only available for retailers, not the companies that make the items sold inside stores, the spokeswoman said. The service only applies to its search and shopping ads, she said."
Credit card data sharing has been around for a while. Fortunately, financial institutions appear to be marginally less pathological about allowing people to control how their personal data is used than certain large social media companies, and there are opt-outs for pretty much all of the major financial institutions.
According to the article, users can also opt out of the tracking on Google's side using Google's privacy controls. However, I think it's probably best to opt out of that data being collected in the first place, since the financial companies are probably selling that data to other companies.
Here's the link for Mastercard: https://www.mastercard.us/en-us/about-mastercard/what-we-do/... (the language is kind of strange - "To opt-out from our anonymization of your personal information to perform data analyses" - I'm hoping it refers to opting out of sharing your anonymized personal info, not opting out of the anonymization so they can sell your un-anonymized personal info, but someone should confirm this by sending them a letter).
Amex seems to be somewhat better about this, saying "We only share your personal data with third parties where it is necessary to provide you with products or services or as part of the nature of our relationship with you, where we have previously informed or been authorized by you, in connection with our efforts to reduce fraud or criminal activity, or as permitted by law." (source: https://www.americanexpress.com/us/content/customer-privacy-...). Whether anonymized data is considered 'personal data' isn't clear, though - the definition given is "any information that relates to an identified or identifiable individual." Whether the "relates to" property persists after anonymization is not specified.
It's also worth noting that opting out of data sharing by a credit card network does not limit data sharing by the bank that issues the card - for that, you probably have to contact them separately (Chase, for instance, has a privacy number you need to call to opt out of data sharing https://www.chase.com/digital/resources/privacy-security/que...).
Slighly off topic, whenever I see rebates (or similar) in the form of gift cards, I always assume the the entity awarding the gift card does so because the use of the card deepens their data profile on you.
Tracking by credit card is so effective that some companies, such as Safeway (*in Canada), have ceased their loyalty card programs. Loyalty card programs are redundant and must offer incentives for consumers to choose to use them. Now, no such incentives have to be offered to the customer to obtain the same data.
There are cryptographic ways to compute a set intersection between two sets A and B held by two different parties without A and B revealing the membership of elements of the set.
If set A is the set of users shown ads for Merchant M, and set B is the set of customers at merchant M who purchased something, then this intersection can tell you what percentage of the ads were shown to people who made a purchase without revealing who made the purchase to A or revealing who was shown an ad to B.
There’s probably a way to do it with differential privacy as well but it might be less efficient.
I don’t think this is necessarily new for credit cards...the deal has always been that cards have perks in exchange for them gaining valuable profiling info (e.g. “1% cash back on restaurants!” and in exchange they have a good idea how people spend at restaurants).
The problem is, and always has been, that in exchange for some paltry “rewards” you have no idea just who gets sold what, or for how long, etc.
And this is a major new problem primarily because of how big and pervasive Google is, and how they’re into every business. This means I’m no longer sharing a few silly restaurant purchases with buyers of that data in the restaurant business, I’m enabling a crazy machine-learned madness that is hyper-connected to literally everything else I do. This should be illegal but our laws are too slow to catch up with powerful tech.
There are cryptographic ways to compute a set intersection between two sets A and B held by two different parties without A and B revealing the membership of elements of the set.
If set A is the set of users shown ads for Merchant M, and set B is the set of customers at merchant M who purchased something, then this intersection can tell you what percentage of the ads were shown to people who made a purchase without revealing who made the purchase to A or revealing who was shown an ad to B.
There’s probably a way to do it with differential privacy as well but it might be less efficient.
This is like the fourth time this story has hit the media. Google really needs to publish the full transparent details of their protocol and let the academic community analyze the, if only to avoid misinformation and speculation.
293 comments
[ 4.9 ms ] story [ 286 ms ] thread"The company said people can opt out of ad tracking using Google’s “Web and App Activity” online console. Inside Google, multiple people raised objections that the service did not have a more obvious way for cardholders to opt out of the tracking, one of the people said."
It's ridiculous that credit cards, the primary mode of online purchases and strongly preferred by physical retailers, is dominated by just two/three companies... all of which freely sell your purchase histories to other companies.
This is the kind of stuff where the government should have a heavy hand on regulations (unfortunately the members of the government like anyone else are incentivized by money so guess who has a lot of it to "lobby" them.)
It maybe isn't an ideal solution, but it has a lot of upsides. Advertisers (and ad middlemen like Google) bet that they can sell more stuff by drilling deeper and deeper into people's lives.
But the bottom falls out of all that when people decide to opt out of large parts of the commercial ecosystem.
Track your finances instead, the same way you would with a fitness app, and get that dopamine hit from seeing your savings increase. Feel secure in the knowledge that when the next major economic slump hits -- when, not if -- you'll be able to easily ride it out, maybe even enjoy a nice vacation at discounted rates.
The massive growth of ad blockers was an immune response to the excesses of advertisers on the web. Commercial minimalism is the only way to respond to all this crap happening everywhere else.
When I'm shopping it isn't just the old ladys digging deep and long in their purse for the exact change, almost everyone pays with cash.
Still a huge difference betwen that and the alternative where all three of:
- Amazon - Google - and MasterCard
knows what you've bought IMO.
Maybe this exists already. The difficulty would be in offering a good usability (how do you get that Amazon product you want in your local shopping basket).
You are right about the privacy guarantee, but there is the issue of trust in any business transaction. Why am I using ProtonMail/VPN? Because they have privacy + security as their primary USP and it is reflected in their business (transparency, privacy policies, compliance, certification, etc.). They work hard to earn and keep my trust, and I pay them to do just that.
I am no expert but probably you can let your company be audited by some trusted party on adherence to privacy promises and prove that you comply.
Having that they can keep my data in storage for as long my government requires by law.
--
Edit: Because this is deeply nested and tangential to the topic I created a separate Ask HN on this idea: https://news.ycombinator.com/item?id=17884474
This is the first Google result for “amazon.com pay with cash”.
https://www.washingtonpost.com/news/wonk/wp/2015/06/10/how-p...
https://support.google.com/websearch/answer/54068
There is absolutely nothing written about this being a way to opt out of their purchasing and tracking credit card use.
I don't know how folks who can't afford a car would get groceries (an hour round trip on the bus, I guess), but that can be said about nearly everything in Michigan. The whole wealth bootstrapping problem is really unsolved out there, you can't get started on anything without like $5k for a car and car-related expenses.
[0]: https://www.google.com/maps/search/midtown+detroit+groceries...
Shop at Aldi. https://aldi.us/stores/
ProtonMail and ProtonVPN are legally separate, but they are both part of the Proton family of projects which originated from CERN.
As for internet, you can always get yourself a VPS and tunnel everything through that, so your monopoly ISP doesn't get to see anything of what you do.
I, personally, use an DuckDuckGo, an iPhone and Apple mail. Amazon isn't an issue really- just buy whatever you were going to get on amazon somewhere else - it's pretty rare that I find a noticeable price difference (unless we're talking about the cheap off branded stuff on amazon - but I don't want things like that anyway).
not using google is easy, not losing data for 15+ years and counting is significantly harder. even Apple dropped my photos due term of service change, I had to scramble gigabites off internet into disks and now my collection is an unindexed mess.
https://applepaycash.greendot.com/privacy/
It appears that Apple Pay cash doesn’t share much, although they do say ‘We may disclose information that is not personally identifiable for other purposes.’
What they mean exactly by ‘personally identifiable’ is open to interpretation.
Most people pay for credit cards by way of yearly fees, they track you. Purchase music? Your music is cross referenced in the name of discoverability. Hardware? Same.
Some of those things might be helpful in some contexts, and in others not. That fuzzy line is the discourse.
With all of that said, to cite the locus of all evil as “ad supported” as the problem is a logical fault line.
https://www.antoniogarciamartinez.com/chaos-monkeys/
http://juliaangwin.com/dragnet-nation-available-now/
And yes, his style is very entertaining. I hope you enjoy it.
1. Switch everything to Apple, hardware company. iPhone, Mac OS
2. Use myname@icloud.com email, create few email aliases. Forward your gmail to it, and finally delete gmail accounts.
3. Don't use any of Googles software, like Chrome. Install adbocker extention/app and use Private Browsing windows by default
4. Buy a VPN subscription and set up your phone and Mac to always use it (on-demand).
- ISP has no clue what you do
- Your IP is hidden, major feature for fingerprinting you by websites, trackers and Google.
That's a huge over-generalization. It's true that cash is king in Germany for instance, but Scandinavians pay almost exclusively by card.
Sure, Germany is a bit behind the times when it comes to paying with plastic.
> but Scandinavians pay almost exclusively by card
Same goes for the Netherlands where I live, but we don't pay by credit card, we pay by debit card.
What? Of course we do. If anything, Europeans are less likely to use credit cards online (though that is slowly changing), instead opting for bank transfers or online debit cards.
End-users have zero power anymore except by collective action in the form of government regulations.
100% deserves/needs scare quotes around that.
I mean just look at the snake-oil bullshit wording Google are using to describe what they do here:
"Before we launched this beta product last year, we built a new, double-blind encryption technology that prevents both Google and our partners from viewing our respective users’ personally identifiable information,”
I mean, I guess there are proper cryptographic means by which you could achieve something that matches that description.
But does _anyone_ trust the worlds biggest advertising company to be doing that???
I _strongly_ doubt they have the corporate will or motivation to actually put it into production. I'd go so far as to say "getting it right" is antithetical to their (enormously profitable and deeply entrenched) business model.
Anyway. Yes, I do trust that of all parties, Google actually would both develop and deploy whatever that "double-blind encryption technology" is. Still, it's not the problem.
I think we need to stop dancing around the real issue with all that talk about PII. No, I really don't care about my PII just leaking somewhere. I care about what people do with them. It's what companies do with PII, "anonymized" or not, that's the problem. Advertising, upselling, price discrimination. Those are the real problems.
meta data like where you made purchases when you made purchases and how much you spent and maybe a few other details are all you need 4 or 5 times to de-anonymize
full disclosure... I have 3 credit cards from this company....at this point I cannot imagine writing checks and carrying cash for daily use... I am not sure this battle can be won at this point.
There needs to be much more coverage of this in the contemporary press as it is applied to credit card companies, agnostic of tech co.'s making it a joint venture.
I believe credit card co.'s gave this process momentum early on and tech co.'s are just taking it and running with it.
The same can be said for Google location tracking vs. Verizon's straight-up selling that data as an asset.
Google is in the business of utilising your data in the interest of advertising. No matter how you sugar coat it, the core of the business is tracking people and exploiting that data.
Are they doing their best to be careful and ethical? It sure seems like it, but that doesn't solve the issue.
The free services they and many tech companies provide for free are just payment for your data. The majority of people don't realise this implicit connection and many others do realise it but are happy with the transaction. But it's important to note that they undermine the ability to provide these services more ethically by setting a social norm of incredible services that are "free".
Edit: I will add that the cost and benefit to society of this kind of service provision is complex and nuanced, Google has obviously provided incredible value and society has decided that advertising is a fair price to pay, else they wouldn't be around still. But the true effects of immense tracking and advertising are still yet to play out completely.
Disclaimer: I work at Google.
I said "for the most part". There are multiple reasons why different users can see different ads:
Ads might be geo targeted ("Only show this to users in New York.").
There is some stochasticity in the serving process. Ads can run out of budget. Different data centers might have cached different things in cache.
Different advertisers that are eligible to show for a certain query can bid different amounts depending on the user, for example though RLSA [1].
But anyway ads personalization is not essential to Google's business model (except display ads and maybe youtube ads).
[1] https://support.google.com/google-ads/answer/2701222?hl=en
I'm old enough to remember when we had the same arguements about supermarket loyalty cards which track your purchases and sends out personalised deals. Now people just accept that happens but there was a massive uproar about it back in the 80s or 90s (I forget precisely when but it was a good few years ago now).
I honestly don't blame Google for doing what they're doing. It makes perfect business sense. What I do object to is Google employees (assuming you are who you say you are) trying to argue that Google don't make a business from personalised ads when it's pretty easy to prove they do and nearly every single member of HN has observed that it action. For the record, I also object to people argue who "X is definitely not y" while acknowledging that there are a whole plethora of examples where their arguement isn't completely factually accurate - that kind of dumb get out clause is just insult on everyone's intelligence.
How would the advertiser know? Google is the one serving the ad.
I think that one thing Google tries to do is to make identifyingly small demographics not possible. As you say, that would leak personal info when the user clicked.
Please accept our sincere apologies--Google is such a nice company with a 100% ethical business model!
If Google sold the data, someone else would have it. That would not only be awful from a privacy perspective, it would be desasterous for business.
It's primarily a case for precise language and not something to ridicule.
When they're choosing to not engage in behavior that no company in their shoes would engage in, it's hardly praise worthy and I think indeed that ridiculing it as a 'positive' for them is completely fair. So let's change the game a bit. If, somehow, their business changed or evolved such that selling user information directly was a profitable part of some business strategy - do you think they would still choose not to? What if I asked you, not that long ago, whether you think Google would be willing to build a search engine in China completely accepting (and thus arguably implicitly endorsing) all state level censorship engaged in by China?
I do think that Google at one time sincerely held the sort of anti-corporate-establishment view of 'don't be evil.' But it's much easier to moralize when you don't have the option of going against those morals to the tune of billions of dollars accompanied by immeasurable influence.
The way I see it, it’s a race to trillion dollar mark for AMZN, GOOG and MSFT now.
I have little expectations that they’ll do much to reverse their ad blasting and deep tracking trends.
On the contrary, it is a good business model and Google does it. They sell ad targeting, and targeting ads is based on accessing personal user data and making its results available to anybody who wants to pay. With each targeting of an ad the ad buyers can track more profiled users.
"selling your user data" implies that someone else has access. They don't.
I provided money to Google. Google provided [people, or perhaps bots] and told me they were left-handed Hungarian mimes. The user's information has passed from Google to me. I just tagged that person "left-handed Hungarian mime" in my database.
Now, you can invent new words and call that something other than a sale, but...
The tech industry is great. Package up software, give it a SKU, put it in a store, have people come in, exchange money for it, and walk out: They're very happy to call that a sale, not a license, but a license is what it is. Happy to use the word "sale" when it confuses the customer and benefits them.
But start talking about selling user data to advertisers, nope, don't like the word "sale" any more, even though the advertisers are handing over money and walking away with data they are free to use. Odd.
>If I target my ads to left-handed Hungarian mimes, and someone clicks on that ad and comes to my site, what do I know about that person?
Nothing, unless they register there, and if your goal is to convert left-handed Hungarian mimes, then you probably know about your target audience already. You've learned something about a tracking cookie. That's only valuable if you can continue to track the user.
More data means they can match us to clients better and charge a higher price for us.
Not matter how you sugarcoat it, if you work for Google or FB or any other ad blasting company, you help further the model of selling data of people’s private lives to the highest bidder and ad spam them throughout the internet for months.
I can only applaud Google employees who want to have a meaningful discussion here, and even disclose that they're working at Google.
Your assertion and supporting link are nothing more than semantics though. But if those semantics make you personally feel better then fine. But I think there's very few people who think that such a semantic distinction matters.
So IMO tech companies are well deserving of the criticism they’re facing.
Also, tech acts as a (mostly) reliable steward of this data because they can monetize it so well. If 90% of the revenues of Target came from advertising, we would probably not have had the massive leak of cc data. For most traditional businesses, this data is an additional source of revenue, not the primary one.
I'm not affiliated with them.. Just a satisfied user. (Although happy to hand out referral links.)
You can use pseudonymous billing info for the transaction. We then debit your underlying account afterwards.
And the example I'm giving there is the most completely innocuous possibility there is. This gets much worse when, for instance, politicians will (and to some degree already are) creat[ing] multiple mutually incompatible versions of themselves to sell to different demographics and ultimately even individuals. That's not cool, and you can come up with far worse scenarios that this sort of individualized tracking.
The bank were not spending millions on the web talking how about they profile you to "improve your experience". They were mostly silent about that. That's why Google/FB/you name it is super for me : it says aloud what happens behind closed doors since ages.
They are looking for advance warning of something happening to the merchant, if they are a public company - not on you as an individual.
There is no other company (or a government agency) that knows exactly where you are, how you spend your time, what your precise interests are, what your fears and hopes are (based on your search history), your relationship network, including secret lovers, and so on.
Avoiding being tracked by Google is almost impossible these days, given that everybody uses Gmail, GA, Android and so on.
I get products, I give money. The End.
I have seen Germans using credit/debit cards for 100% of transactions; cash only seems to be more of a garlic-belt thing.
Not just hedge funds. All finance institutions buy ( "share" ) data from and with each other. Even if you "opt out" ( we should be defaulted to opt-in rather than having to opt out but that's another discussion ), banks have a sneaky trick of slightly changing your ToS and giving you 30 days to "opt out" again. It's one of the reasons why every year, people get "new terms" in the mail. If you look closely, you'll see a slip of paper in the pile of papers about "privacy" rights and saying you have 30 days or so to let your bank know you don't want them to "share" your data.
Also, keep in mind that anonymized data is anonymous in a local sense, not a global sense. Even if PII is removed from one data vender, you can link anonymized data from a variety of data venders to "unanonymize" you. If you have one set of PII ( say like your employer ), then it's really effortless to link you with the anonymized data.
If you have search history from google, data dump from facebook and CC data, then one could pretty much peer into most people's homes and lives without much problem. You could know people better than their spouses do and in many instances, better than they do themselves.
The difference between a slave or serf and a free man isn't paid labor ( as even slaves were paid for their labor ), but the right to prevent intrusion into their lives. A free man had privacy. Slaves had no right to privacy. We are moving into a world with little to no privacy. Well not all of us. The wealthy are moving into a world of greater privacy.
Buying up islands. Highly walled and heavily guarded compounds. Opaque offshore wealth centers.
I think that if Visa doesn't remain largely neutral (keeping its policies as minimally political as they are currently), there will be a considerable market for a principled creditor (maybe Discover becomes that, or a new player is born).
[1] https://en.wikipedia.org/wiki/Pattern-of-life_analysis
I am about 85% serious here.
If you pay by credit card, it just goes through without having to pay the deposit. It's one of the reasons why I begrudgingly got a Mastercard, and also for the travel insurance.
That's basically all I use it for, though. I think there's some additional electronics insurance or something, but the basic warranties here are pretty good already.
The average buyer would rather get cash back to allow Google to report to merchants how their ads resulted in credit card payments than to not get cash back and hide this information. This is the same economics for how loyalty card programs work.
They realized there's money laying on the floor of your house.
Why wouldn't they pick it up?
Together with Location Services, they know everywhere you physically go, so given the last 4 digits of your cards and a transaction list it's pretty easy to guess who you are.
I don't actually know how to do this, so this is a bit like the "draw the rest of the owl" meme :)
If you assume there is an algorithm where Google can provide some "encrypted" form of their "users who have seen this ad" list such that the amount spent can be computed without knowing the intersection, you could exclude people who have opted out from the list Google inputs into the algorithm.
> When you pay with Taler, your identity does not have to be revealed. Just like payments in cash, nobody else can track how you spent your electronic money. However, you obtain a legally valid proof of payment.
https://taler.net/en/governments.html
I call bullshit in the comparison to cash.
Make no mistake, the media recognized very quickly that Trump drew viewers. There’s a damn good reason why CNN is posting record profits.
Seems to be true in this case. They covered Trump, which made him the person people think about.
They told people to hate Trump. The electorate didn't listen.
Back to the original question, does that mean we're easily manipulated?
On the original question: evidence seems to say yes.
Heck, very very few advertising campaigns involve telling the user to buy a product or service. Most focus more on creating a new need/want, or in repeated exposure to make the advertised good seem “normal”.
Now the tricky thing is that manipulation requires intent, which is very hard to prove. Hanlon’s razor would have us believing that in most cases, shady things happen because people are dumb, not malicious. So for my part I personally believe that the media got addicted to the ratings and felt internal pressure to provide equal coverage even when the scandals were quite unequal.
https://www.washingtonpost.com/blogs/erik-wemple/wp/2017/08/...
>A December report from Harvard University’s Shorenstein Center on Media, Politics and Public Policy delivered some sobering news for all those investigative reporters who may have supposed that their Trump exclusives were changing the world: None of them were breaking from the pack. “Clinton’s controversies got more attention than Trump’s (19 percent versus 15 percent) and were more focused,” noted study author Thomas E. Patterson. “Trump wallowed in a cascade of separate controversies. Clinton’s badgering had a laser-like focus. She was alleged to be scandal-prone. Clinton’s alleged scandals accounted for 16 percent of her coverage—four times the amount of press attention paid to Trump’s treatment of women and sixteen times the amount of news coverage given to Clinton’s most heavily covered policy position.”
https://shorensteincenter.org/news-coverage-2016-general-ele...
It notes that:
> Trump’s coverage during the general election was more negative than Clinton’s
Positive coverage of Trump was during the primaries, which is what the Clinton camp wanted, calling him a Pied Piper:
> We need to be elevating the Pied Piper candidates so that they are leaders of the pack and tell the press to [take] them seriously.
https://www.politico.com/magazine/story/2016/11/hillary-clin...
A fraction of a fraction of the 2 billion dollars the Hillary camp spent trying to manipulate the election.
CA is the Clinton camp's boogeyman, much as Correct the Record was for Sanders fans and George Soros is for Trump supporters.
For the election, politics is 100% advertisement. Candidates have no legal obligation to keep their promises (and that's a good thing). An election won by something that isn't advertisement is not democratic.
Now for the 2016 presidential election specifically, the fact that Trump won despite having most of the Silicon Valley and a major part of the online world against him shows that "Google and others" are not that powerful compared to the traditional players.
(b) seems to me like an expression of a naive view of personal identity that makes a binary distinction between anonymity and non-anonymity that doesn't exist in reality in any meaningful sense. Does manipulation against your interests become a non-problem when the manipulator doesn't know the name in your passport? Does it become a non-problem when the manipulator's tools are too imprecise to pick out you specifically, so they apply the same strategy to you and one other person, yielding only a 50% success rate? Does it become a non-problem when they lump you in with three other people? With four? Ten? A hundred? A million?
All of this is about power. Just because power is exercised indirectly or somewhat imprecisely doesn't make it categorically different from someone influencing specifically you, just as poisoning rivers and lakes isn't categorically different from poisoning your food on your plate. It's just a scheme for laundering the power to make it less obvious, and if you allow that, that's what people will do. People who want power don't care how they get it, all they care about is that they get it, so if you tell them that you are OK with being manipulated indirectly, then that's what they will do.
Why are we talking about this?
According to the article, users can also opt out of the tracking on Google's side using Google's privacy controls. However, I think it's probably best to opt out of that data being collected in the first place, since the financial companies are probably selling that data to other companies.
Here's the link for Mastercard: https://www.mastercard.us/en-us/about-mastercard/what-we-do/... (the language is kind of strange - "To opt-out from our anonymization of your personal information to perform data analyses" - I'm hoping it refers to opting out of sharing your anonymized personal info, not opting out of the anonymization so they can sell your un-anonymized personal info, but someone should confirm this by sending them a letter).
Visa users can opt out here: https://usa.visa.com/legal/privacy-policy-opt-out.html (actual opt-out page is https://marketingreportoptout.visa.com/OPTOUT/request.do).
Amex seems to be somewhat better about this, saying "We only share your personal data with third parties where it is necessary to provide you with products or services or as part of the nature of our relationship with you, where we have previously informed or been authorized by you, in connection with our efforts to reduce fraud or criminal activity, or as permitted by law." (source: https://www.americanexpress.com/us/content/customer-privacy-...). Whether anonymized data is considered 'personal data' isn't clear, though - the definition given is "any information that relates to an identified or identifiable individual." Whether the "relates to" property persists after anonymization is not specified.
It's also worth noting that opting out of data sharing by a credit card network does not limit data sharing by the bank that issues the card - for that, you probably have to contact them separately (Chase, for instance, has a privacy number you need to call to opt out of data sharing https://www.chase.com/digital/resources/privacy-security/que...).
The most reprehensible president ever, curtailing the bad behaviour of the most reprehensible global advertising company ever.
Or maybe I'm just too paranoid?
"You've been provided two opportunities to cite those articles." That is worded in the most irksome manner. What is wrong with you?
Safari ITP 2 doesn’t allow 3rd party cookies.
https://adexchanger.com/data-exchanges/ding-dong-third-party...
https://amp.theguardian.com/technology/2018/jan/09/apple-tra...
If set A is the set of users shown ads for Merchant M, and set B is the set of customers at merchant M who purchased something, then this intersection can tell you what percentage of the ads were shown to people who made a purchase without revealing who made the purchase to A or revealing who was shown an ad to B.
There’s probably a way to do it with differential privacy as well but it might be less efficient.
The problem is, and always has been, that in exchange for some paltry “rewards” you have no idea just who gets sold what, or for how long, etc.
And this is a major new problem primarily because of how big and pervasive Google is, and how they’re into every business. This means I’m no longer sharing a few silly restaurant purchases with buyers of that data in the restaurant business, I’m enabling a crazy machine-learned madness that is hyper-connected to literally everything else I do. This should be illegal but our laws are too slow to catch up with powerful tech.
If set A is the set of users shown ads for Merchant M, and set B is the set of customers at merchant M who purchased something, then this intersection can tell you what percentage of the ads were shown to people who made a purchase without revealing who made the purchase to A or revealing who was shown an ad to B.
There’s probably a way to do it with differential privacy as well but it might be less efficient.
This is like the fourth time this story has hit the media. Google really needs to publish the full transparent details of their protocol and let the academic community analyze the, if only to avoid misinformation and speculation.