Ask HN: I bought Voltaren at the chemist, now Google shows me ads for it. Why?
How does google know I bought Voltaren?
Is my bank purchase history shared with google somehow?
I guess it could just be coincidence?
Is my bank purchase history shared with google somehow?
I guess it could just be coincidence?
493 comments
[ 2.9 ms ] story [ 300 ms ] threadAt this stage I’m just assuming it’s a coincidence.
It has made me realize the holy grail for google and advertisers is to access your bank transactions and advertise to you based on that.
If prices were unique you could deduce something from a few items bought together though.
In the business of advertisements the user pays for clicks. However, it would be much more reliable for the user to pay for ads that led to actual transactions instead of just clicks.
Is there some reason for why this hasn't happened so far? (Or has it already happened?)
https://paymentdepot.com/blog/level-3-data-processing/
It would be cleverer to identify the replacement cycle for each kind of product and only promote stuff the victim is likely to be looking for at that point in time (after 3 years likeliness of looking for a laptop replacement is higher).
Could it be? of the billions of items you could be advertised for, why then exactly Voltaren?
Do you have an android phone, by chance?
https://en.wikipedia.org/wiki/Frequency_illusion?wprov=sfti1
I know my devices are (probably) not listening, but I can't explain it either. Neither of us searched for the product or saw it online or anything, we just discussed something and got ads about it a few minutes to hours later.
How do you know?
I used to believe that too. You might call it the unwieldy conspiracy principle. But I'm not as certain of it anymore. Things like the Snowden revelations might seem evidence for the principle but I kind of see it the opposite. For years, thousands even tens of thousands of people knew about that and they still kept it secret. It's entirely possible it could've gone on for years more without a particularly conscientious person happening to be let in on it.
The same goes for the Pentagon papers. And COINTELPRO was only uncovered due to people actively breaking into an office and stealing records.
Who's to say if stories like those are inevitable conclusions that befell all the major conspiracies worth writing about in our recent history or if they are just some portion of ones uncovered. Similar maleficence has persisted in the private sector too.
I'm not saying for sure they are listening in but at the same time, I'm not sure I buy unwieldiness as a surefire principle demonstrating it is not happening either.
The wierdest instance of this is I told my wife her father should consider geting those fixed bridge dentures, next day I start seeing all-on-4 ads on the phone. I asked her if she looked it up (to rule out IP tracking) and she said she hasn't. It's a very random thing to advertise to me, I'm not the target group, I didn't look it up.
A lot of it is IP tracking - I'll start browsing for guitars or some other random stuff my wife has no interest in - she'll start seeing ads for it.
Preparation:
1. Get two identical phones, one that you use, and one that has a dead battery.
2. Fix a set of product-categories.
Experiment:
Every week,
1. Label the phones A and B. Use a coinflip to decide whether the working one is A or B. Record which it was.
2. Hand the phone to someone else. They exchange the labels for 1 and 2. If heads A=1, if tails A=2, and record the coinflip.
3. Get the phone labelled 1 back. Neither of you know whether it is working or not.
4. Randomly pick a topic from the pre-fixed list and talk about the topic near the phone.
5. Let the other person remove the labels.
6. Pick out the working phone and go about your day.
7. Write down whether you see ads relating to the topic, yes or no.
Analysis:
Join the records, to see which weeks you used a working phone, and if those corresponded to seeing ads.
Good target markets are: Grown adults with $$$ who either don’t have teeth or know someone who doesn’t have teeth (likely parents/grandparents/in-laws). This is basically every upper-middle class adult. More people than you think are missing their teeth.
This is perhaps even more creepy than just "phones listening in", but it's not an explanation I hear very often.
If it's listening, you'll start getting ads specific to that snack food, best to try it with a bunch of different products to try and find a pattern.
It's probably statistical to a certain extent: people of your specific demographic are interested in a certain thing, and you are talking about it the same as all of your peers are, and a statistically significant amount of your peers did Google for it such that now Google assumes that anyone in your demographic will be interested.
Of course that only metas the problem up one level, which is that Google knows enough about you to do this kind of analysis a) on your cohort and b) on you.
Right. This was is actually much more alarming to me.
Whenever this topic comes up in conversation I point out that the fact that the most attractive-seeming explanation is “they’re listening”, but they actually _aren’t_, should have one even more concerned.
Not thinking this is happening either. But just to speculate on a fictitious scenario..
Given a shady company, maybe even outright involved in illegal practices, where employees employ any surveillance tech they can lay their hands on. All in order to collect as much personal information as possible, from as many people as possible. As such, they won't shy away from breaking & listening in and do subsequent speech-to-text information gathering (e.g. via some Ad-obtained Windows malware, or a malicious mobile app).
They trade the collected info on the data markets, selling to anyone who'd pay. Wouldn't it be likely that this data then indirectly ends up at Google, so they can indeed target - in this case Voltaren - ads to you?
Also: If any illegally obtained information enters the data markets.. won't it be 'whitewashed' automatically as it is trading hands?
I've seen examples of this too, and it's downright creepy. At the same time, I love my Google Assistant. Yes, I know. I'm the product.
Ads are getting more targeted and getting closer to the kind of things you would talk about based on your interests and data that networks have collected about you, but we are still pretty far from continuous ad surveillance.
Not every instance of someone providing an explanation for something you don't understand is "gaslighting."
You know this: https://news.ycombinator.com/item?id=26970960
I agree with you that the term gaslighting is overused but that doesn't mean there aren't legitimate uses of it that you can also utilize.
I no longer have a Android phone, but too frequently I would buy something offline and have the item follow me - including impulse buys and things that I definitely didn't look for online.
It happened with things I would talk about as well on occasion. I joked in front of my phone about visiting Greece, and a few minutes later auto-suggest in Google offered me "How much.. [is plane tickets to Greece]"
Next day, voila, the whole internet is plastered with ads for this product.
I switched to an iPhone.
Visa has very strict rules about audience size, and all the audiences are modeled. (Your criteria can’t target something like less than 20k users, and then they model that up to a few million users).
In this case either the store, the pos/crm, or bank used his purchase data.
The eerie feeling compounded by the fact that we are sometimes correctly targeted and there's no way to distinguish the two. Zeynep Tufekci writes a lot about the this type of thing if you're interested in it.
It is deeply invasive and should be blocked.
It works like this. You go to a store and buy, say, a sexual wellness product. You then get targeted with ads online (search result ads, facebook ads, news media ads, amazon sponsored results etc) for the same product, or something related (let's say something embarrassing that you might not want other people to see). Other users on your same network or IP may also be re-targeted with the same ads.
Credit card data tracking is a levelling up of surveillance capitalism. It is deeply intrusive. Not all card providers participate, but it is a significant source of revenue for them [1]
[1] https://www.fastcompany.com/90490923/credit-card-companies-a...
[Edit: Removed specific reference to a medication as it likely triggered anti-spam]
https://paymentdepot.com/blog/level-3-data-processing/
I did bring my Android phone that has got Messenger lite installed, but that's stretching it tbh.
Google is an ad company, they sell your profile/interests and such to advertisers, it's their core business. So it's not "stretching" at all...
https://marketingreportoptout.visa.com/OPTOUT/request.do
Second, disable GPS, and cellphone tower ID reporting (root needed.) So Google can't correlate you with sales records.
At the moment, there is no way to disable Google AGPS spying on the stock Android.
Third, block Google apps from reading your IMEI/IMSI/serial number, so they can't get AGPS data from your cellphone provider if it sells it.
Better, get a de-Googled ROM
But it does "work". iPhone is the only phone besides a GrapheneOS phone with an intact security model worth writing about.
Their incentive is to not annoy their rich & powerful customer base with privacy violations.
Apple knows how much they can get away with annoying, that's why they can push updates that slow down your phone, or make devices less repairable.
Privacy is trickier though because it's based on trust not annoyance and it doesn't take much to lose it. I've already lost trust in Apple. What I do trust is that 'privacy' is currently working for Apple to increase their market share. It also conveniently keeps data away from competitors.
Why is this even a thing? Maybe I should just go back to buying everything with cash, it's impossible to keep up with all the crap we need to disable or hack around
And some agencies may be more interested in these exclusion databases. So I don't think there is any way to get out of this maze. When you sign up to exclude from a list, you get included in many other.
The question is what unintended (and specifically undesirable) consequences that poses to the members of the list.
I guess this is one of the things that just has to be forbidden by law.
Ok Nat west has Coutts but not just any euro trash millionaire can get an account there
[0] https://www.mastercard.co.uk/en-gb/vision/terms-of-use/commi...
The page is super vague, and the question remains if they can fully anonymise the data, but if they can, it's allowed. Personal data is covered under the GDPR, while anonymous data isn't [0].
[0] https://ico.org.uk/for-organisations/guide-to-data-protectio...
So this isn't covered by the 1-3% transaction fee the merchant pays every time you use your card?
>Most consumers are okay with this trade off
No they aren't. Most consumers aren't even aware they are paying with their privacy, so you cannot take a low opt-out rate to mean high levels of consent.
PS: this is really a response to grandparent poster, not parent.
Your friends, family, and coworkers might though, so the critical mass of people not okay with this can still grow :)
As debit cards became popular here (well after Europe) the banks push them hard on people who aren't excellent credit risks (good credit risks = profit), because they push essentially all the risk onto the account holder and absolve the banks of any responsibility.
I have three CCs (one of each major network) and pay them off every month; it's like having three debit cards except I get a free loan of a month's worth of spending. The term used in the banking business for people like me is "deadbeat"
AFAIK the main reason people prefer CC’s over debit cards for fraud prevention is simply that with a debit card your money comes out immediately if it is used by someone else, whereas with a CC there is a 30-day buffer.
The TL;DR is:
- you have a short window to report DC fraud before you bear the full risk; CC risk is capped
- dispute a CC charge: you don’t owe anything / accrue interest until resolved; DC case you don’t get any money back until bank decides it’s not your fault. Tough luck if you needed that money to pay your rent.
https://www.consumer.ftc.gov/articles/0213-lost-or-stolen-cr...
https://www.experian.com/blogs/ask-experian/are-credit-cards...
https://www.nerdwallet.com/article/credit-cards/credit-card-...
https://creditcards.usnews.com/articles/why-credit-cards-are...
https://komonews.com/sponsored/wafd/financial-focus-tips/cre...
Maybe they are sick of surveillance capitalism and don't wish to be part of it?
I'd do the same, but I really don't want a flip phone. Maybe once Pine Phone with GNU/Linux is working reasonably well, I'll switch to that.
I bought a locally made KaiOS phone but it has too low RAM and keep crashing.
Nokia makes flip phones with KaiOS but they aren't allowed in my country sadly.
Reason is I want a phone I can repair myself, all my previous phones I had to replace because some unrepairable part that didn't need to be unrepairable (one of them it was the battery!) broke down.
Instead of shelling a ton of money to be tracked and buy a product that won't last, I wish I could spend my phone on something that will last.
And the flip cover is convenient for me because I keep forgetting to lock my phone and managed to pocket dial even with an android.
Its reducing the attack surface as I see it.
You should.
Better to focus on privacy laws.
> We will not scan or read your Gmail messages to show you ads.
Oh yeah, and Google frames asking for a birthdate as being "in order to comply with the law". They are deliberately ambiguous in order to imply that it is me who could be breaking the law, rather than Google. Also, the law only requires verifying age, and doesn't require storing the birthdate afterwards. That one is entirely on Google.
So overall, my trust in anything that Google claims is rather low.
If you are referring to reading email for ad targeting, you are correct that dishonesty in one area doesn't necessarily imply dishonestly in another. However, it does mean that a person or entity loses the benefit of the doubt, and must have independent verification of their claims.
I don't trust Google. They are evil.
Also, hiding order info is a way to push you back to the store to engage in more Amazon ads.
[1] https://www.wsj.com/articles/google-to-stop-reading-users-em...
This is like how you get a million ads about dishwashers the day after you Google around and buy one. At least wait for a short duration of time to let the target run out of medicine before adversiting new stuff.
Also in general I've noticed there are a lot of people that return online purchases a lot, even the non broken ones, since you can't determine if the clothing fits, if the colors really look good, if it has a good texture, from pictures and descriptions online.
They may not be good customers, but Google probably gets money per purchase, not for customer quality.
... or not. Maybe their recommender systems have simply decided that buying product X is highly correlated with buying product Y where Y = X. Who knows? Probably not even google itself knows.
Also, remember that google is not trying to sell you anything, they're only trying to maximise adoption of their ad platform by advertisers. Who cares what you actually buy? Not Google.
Also, completely unrelatedly, if you saw some armchair internet rando claim they'd debunked a major and long-standing business strategy of market sector leader, how seriously would you take them?
They’ve conflated “most purchases of a toilet seat are made by someone who buys another” and “most people who buy one toilet seat buy a second”.
There’s a small, but high volume group of toilet seat purchases — eg, office buildings or apartment maintenance.
And it kind of makes sense if you think about it... really, what are the consequences of seeing these silly over-recommendations? Did you stop buying from Amazon? I bet the vast majority of people shrug or laugh, but don’t change habits.
Also, big one-time purchases tend to be rare, so optimizing a recommendation system around those is probably suboptimal compared to optimizing it around frequent consumable purchases.
Or you tell all your friends about it and end up having a conversation about guitars/dishwashers or whatever.
It may not be intentional on their part, but spin off conversations can be a nice by-product for them. Feels like it helps it stick in the mind, a bit like writing a witty TV ad.
At a certain point in my life, one where I sought fewer material comforts (and had less media exposure), I used to claim that advertising won't convince me to buy anything but it may convince me not to. There is a very fine line between persuasion and overstepping ethical boundaries.
Business is subject to fads and stupidies, we have proof that open officez are a net negative, yet businesses continue. We have proof that getting people to change passwords every month is bad for security, but its still policy in many places. We have proof that using basalt or stainless rebar in RCC is more cost effective in the long run, but bs still continues.
For urban life multiple doesn't make sense. For professional/rural it really does.
For medicinal products I’d be keen to see research on whether a treatment group being re-targeted would report better efficiency of a treatment than a non-retargeted control.
It throws dust into eyes of advertising efficiency measurement.
Company pays for ads, and Google just sizes the ad impressions to what it can find.
That clicks all adds for you. Maybe it can be modified somehow to click already bought item?
* Big businesses are unaffected as they use click fraud prevention services.
* Businesses that don’t use that have to pay more money to Google because people clicked on their ad, and they think their marketing is effective (at least from a click through perspective).
* Google makes even more money because you are clicking on all the ads and it makes them look better. They can demonstrate how well their marketing platform works even better!
P(buying crap) < P(buying crap | has bought crap before)
Advertising is applied statistics and works on large cohorts. Nobody cares about you personally or your psychology.
Consider: one of the hardest parts about advertising is figuring out when someone is ready to buy the product. That is why car companies bombard ads everywhere, just to catch you in the rare moment when you may be buying a car. Lets guess that maybe the odds of a random person wanting to buy a dishwasher is 1 in a million.
Now consider someone who has just bought a dishwasher. What are the odds they need a new one or a second one? Maybe the one they bought is a few cm too tall/wide/deep. Maybe it came broken on arrival. What are the odds here? I have no data, but I would guess like 1 in ten thousand.
The odds of you buying a dishwasher and then needing to buy another are much better than the odds of someone wanting to buy a dishwasher in the first place, because the hard part is finding people who want to buy a dishwasher.
I think once your dishwasher breaks, the time you are “live” to buy is closer to a week :). Also it is (maybe?) harder to identify a person with a broken dishwasher than one who just bought one and may need another.
Something like 30% of purchased products (including appliances) are DOA or returned.
The follow-on advertising is hoping to capture your replacement activity.
People really do return major appliances though. Perhaps dishwashers less frequently than refrigerators, though people never fail to surprise me.
"A standard dishwasher is about 24 inches wide, 24 inches deep and 35 inches high. Most cabinet openings are made to fit a standard dishwasher size. Note that certain handles may affect the overall dishwasher depth. Oversized dishwashers are built wider than the standard opening."
they come in three sizes compact standard and custom.
Other comment explains it though: Many people return the dishwasher or screwdrivers (they might have ordered several) - Amazon wants to make sure you buy with them (though my account history should show that I practically never return things because I hate getting returned things as new).
Personal anecdote: Recently I cancelled an order because a better product was shown in ads post-purchase.
Thus far, the clearest signal for answering the question "will I buy a mechanical keyboard in the next few days?" is "did I just buy mechanical keyboard?"
https://www.shopify.com/retail/examples-of-great-post-purcha...
Also, this person is now in a certain class of shopper (I think some this may be Experian Mosaic classes), so the advertiser knows what quality level of dishwasher this person is buying. The cheapest kitchen applicances, or premium kitchen applicances? Premium kitchen applicances on credit or premium kitchen applicances full price?
This will have a massive effect of choice of other items to advertize, the difference between ads for loans (credit purcahse) or ads for international holidays (full price purchase).
I mean, if you have to try and double-guess your phone to make sure it's not spying on you the game is lost. I don't even know what game that is. But it's lost.
> U.S cardholders may opt out of Visa using their card transaction data for VAS, a suite of aggregated data products in the United States.
So while outside of US, I don't get the perks like cashabacks and no privacy either!
If you have the patience and knowledge, I can't recommend this enough. If you don't have the patience and the knowledge, this is a good way to end up with a non-functioning phone. (It will probably be recoverable, provided that you have the patience to acquire that knowledge and don't mind being without a phone in the meantime.)
When I say I can't recommend it enough, I mean it. I have been okay with simply disabling Google services for the past few years, yet Google seems to be embedding their services deeply in applications like Phone, Messages, Contacts, and Files. It is at the point where these applications would throw up a stream of notifications when Google services were disabled on Android 10. Even though they appeared to be usable, they are clearly trying to annoy people into re-enabling Google services.
You need a non-Verizon version of the device to do so, but there are services out there that'll hunt the devices down and even install the OS for you if you lack the time/patience https://grapheneos.org/ https://noagendaphone.com/
What I will suggest is looking at the device specific forums at XDA. You will get an idea of what is available and what is reliable. Personally, I shy away from distributions that don't include a "what works" and "what doesn't work" section in the first post. I also prefer "official" distributions. At the very least, it is easier to track updates. The next filter I use is feature based. In this context, look for distributions that don't include Gapps and offer additional privacy enhancing features. Once you have something that you think you want, read the thread for the distribution. It often reveals pitfalls, variations within the model, and variations between carriers. These pitfalls exist even with the popular distributions, which is another reason to check out the forums.
I went with OmniROM this time around, but I have been happy with Resurrection Remix on other devices. Some devices have nice alternatives that are specific to them. As an example, I use KatKiss on the Asus TF300T. For a while, it was running a more recent version of Android than my much newer phone!
If you want the above, but also want access to Google Play apps, then install CalyxOS.
The third option is LineageOS (was originally CyanogenMod back in the day). This custom ROM is the most accessible for a variety of devices. It's good for privacy, but, because the bootloader is left unlocked (which may or may not be relevant depending on your threat model), it is the least secure of the three.
Both GrapheneOS and CalyxOS have very user-friendly installation methods, but exist primarily for the Pixel line of devices. LineageOS has the most involved installation process, but it's available for the widest variety of Android devices.
I've installed all three ROMs on several different devices. For the average person, CalyxOS will probably be the best bet (though I think the Trebuchet launcher in LineageOS is better).
https://adwords.googleblog.com/2017/05/powering-ads-and-anal...
> Google’s third-party partnerships ... capture approximately 70% of credit and debit card transactions in the United States
See also https://www.bloomberg.com/news/articles/2018-08-30/google-an... and https://www.technologyreview.com/2017/05/25/242717/google-no... - Google has deals with the credit card providers to get purchase data so they can link them back to your online behavior.
Which means no push, breaking an absurd amount of apps.
If you're using a store card, the merchant == the CC company and so knows everything about you anyways.
If you're not using the store card, the merchant probably has an agreement with the CC company to share the information, so the technical implementation is irrelevant.
Geolocation is not very accurate from gps, so unless the store was off in a field by itself that’s not what happened here.
The only real way to avoid this happening would be to use a new credit card for each purchase, with a fake name/billing address.
Is there no way to get GPS location, without sending it to Google? As I understand, GPS positioning does not require the phone to send any data?
The majority of targeted advertising I see is for items I just bought. There’s also a reasonable explanation for this...
Not every merchant shares purchase data, so if you do any research anywhere before making a purchase, they know you are interested, but as there was no tracking beacon on the site you ultimately bought from (or the purchase was misidentified or delayed or any number of reasons), that’s why you are now seeing targeted ads for it.
Have you ever noticed how you don't seem to see much of X, and then all of a sudden you see one X. And then you can't stop seeing X.
Though, googles probably spying on you.
If you want to avoid being tracked, use cash.