Clearly there was data leak somewhere but it makes me wonder, in a government run (or government as single payer) system, what recourse does one have if (for example) Health Canada had a data leak that marketers jumped on?
It was a while ago, but from the OPM data breach of the US Federal Government, you would get 1 year of credit monitoring (free!). You get a letter too.
There are now companies which have the business model of correlating a physical address with an e-mail or IP address and then making use of that for marketing purposes.
I've had the DMV sell my info multiple times. Every time I update my registration I get months of insurance scam calls.
I had my landlord's property manager sign me up for a identity theft protection service without my permission.
Equifax sells any info about me it can get.
Google has a full profile for my public ip it seems and will fill in suggestions across multiple youtube sessions where one is logged in and the other isn't, on separate machines.
Is this really all technology has to offer? For every new break through, we have 100s of rent seeking middlemen exposing every aspect of our lives.
The don't-bother-unless-it-hyperscales majority attitude of tech company funding and growth heavily limits the variety of new things that the tech world at large can offer. There are simply not that many types of tech business models that are capable of scaling fast and quickly without massive infusions of cash, but it turns out that data brokering, large dataset analysis, and profile building are a few of those things, and so the market success of these business looms large in the technology space.
I had hoped that rising interest rates and a tighter consumer market would change that dynamic somewhat but unfortunately for now it seems to be an incredibly well entrenched status quo that doesn't appear to have a clear path away from
There is a private toll company operating the 407 highway in Canada. They are capable of sending bills to New York drivers. That can't happen without the NY DMV providing vehicle registration data access to a foreign business or an intermediary.
Sometimes I see funeral homes advertising on Syracuse TV. On the other hand most of the ads are for prescription drugs, invitations to participate in Medicare fraud, personal injury lawyers, etc. About the one thing you see advertising for things you spend you own money on is the occasional ad for a car dealership, if nobody bought cars and drove them on the demolition derby that is I-81 you wouldn't need the personal injury lawyer.
This reminds me of the time I had to go to A&E (ER on the other side of the Atlantic) for an allergic reaction to a horsefly bite and they had adverts for funeral directors mixed into the slideshow on the wall. I thought that was quite funny, although obviously that's a very different beast to getting personally targeted with an assumption like that.
Comments so far are focused on how information about her chemo got out to advertisers, but I'm not seeing much criticism of the advertiser. Are we to believe that if a company gets information, they are welcome to do whatever they want with it?
Advertising is a blight. Why? Because it's mostly lying. Once you've signed up to lie, it's a small step into sleazy stuff, a small step into selling info, and after that a small step into distributing malware via your ad network.
Along the way, you end up thinking nothing of corrupting the medium your ads support.
People like tobacco, too, but we generally structure society so that people who like tobacco aren't blowing smoke in the faces of everyone else. If you want to brain damage yourself for corporations that's your prerogative, but you can do that where it isn't harming everyone else.
It's pretty arrogant of you to claim that you know what people prefer and consent to, when in fact you know neither of those things.
Given the primary purpose of GDPR banners is asking permission for tracking so you can advertise to me, which I've already made abundantly clear I do not want, no, I don't prefer GDPR banners. Just don't track me, and you won't have to do this nonsense.
GDPR banners are a symptom of the blight you're supporting. Don't blame it on us.
I wouldn't be that worried about generic, nonpersonalized ads, but the idea that by clicking a link you consent to be systematically spied upon by means that an average user cannot even comprehend is repugnant to me.
You do not get to say what other people consent to. People get to say what they consent to, and if they don't say they consent to something, you have not obtained their consent. Clicking a link is not consent to view ads.
To be abundandtly clear: I do not consent to view ads. You cannot consent for me, and it is pretty fucked up that you think you can.
Not only is this not consent, even when people explicitly tell advertisers that they do not consent, such as by sending a "do not track" header or using an adblocker, advertisers are specifically violating their explicit non-consent. You really have no moral ground to stand on here--this is literally someone saying "no" and you trying to shove your garbage in front of them anyway. Shame on you for defending this behavior.
If you want me to view ads as a condition of you serving up content, don't serve up content until I view the ad. There are plenty of sites that do this and I have no problem with that.
Life is too short for advertisements, I can't imagine going back to accepting them in my daily life. I'd rather be called a pirate than give up my autonomy and time.
There are so many ways the information could have been leaked. For example,
1. Searching for things around chemotherapy, cancer, and death on some site
2. Having an app on your phone that tracks your location and sells it. Many apps do this. It's not too difficult to reverse engineer where people went and who they are with the various datasets that can be bought.
3. Data brokers getting access to medical information. Too many companies play fast and loose with their data. It would not be a surprise.
We leak data everywhere. Companies are often poor at following regulations. There are too few regulations in most of US around data about us.
When my late partner went through chemo they also got a lot of targeted funeral and estate planning ads. Probably some combination of location tracking and signing up for a bunch of resources on dealing with cancer, which in turn sold out their contact info.
And it was all useless marketing because we'd already done all this when the diagnosis first came through, so it just kept reminding us of what was likely going to happen. I kept getting them for a year after the cremation.
It also could be her significant other searching about funeral costs and arrangements. I highly doubt it was chemotherapy because the ROAS would be insanely small especially for mail based marketing($0.50 per touch at least). Person isn't dead and could recover. If the cancer is terminal it still could take years.
Sometimes its better not knowing why you received that type of marketing.
It’s more about tainting your profile to appear as though you’re a “good” potential customer to an entity you’re planning to do business with (who might purchase this data as a background check).
we found three trackers on the Planned Parenthood site which is kind of shocking in this age where private citizens could sue you in some states over healthcare decisions.
She probably clicked a link from a search engine or other source that could have shared her interest. Even if the service themselves isn't tracking, very few people type an exact URL in. Even if they do it is often being transmitted to Google or others stroke by stroke
I'm trying to decide if that's a cut on the husband (who can't really do much after he dies) or a cut on the wife because that's actually an actionable ad for him if she dies.
Recently purchased a Subaru from a friend and called Subaru to finish registration of the vehicle in their system. I almost immediately got spam from Sirius XM. Who the heck told Subaru it was ok to give my (fortunately throwaway) email to Sirius?? Certainly not me. Considering the only thing I know about Sirius is they got called out by the NY Attorney General for a difficult cancellation process, that's enough to never bother subscribing.
Subaru is terrible for this. A couple times a year I get mail from Subaru but when I open it, it’s really from Liberty Mutual Insurance.
Also, every time I contact my dealer for just about anything, I get a survey in the mail. I’ve tried everything I could think of to stop them but nothing has worked so far. The last one I gave a very low score on about half the questions and a week later I got a call from somebody at the dealership. When I explained it was because I’m trying to get the surveys to stop he said he would contact somebody in the regional Subaru office to see if there was anything they could do but he didn’t sound hopeful.
Healthcare providers and insurers in the US are bound by HIPAA privacy rules, but data brokers (mentioned in the article) and the ads industry generally are not. For example, if she used an app in the doctor's waiting room that shared/sold location data to a data broker, they can use her location data for retargeting purposes. There have been many cases in the past where advertisers targeted users based on visiting medical or other sensitive locations.
As to how they mailed it to her and got her home address, a data broker who has location data can fairly easily determine a user's home address from that data. Many brokers and networks may also already have an association between a "pseudo-anonymous advertising ID" and real user with name and address. Not saying that location-based retargeting happened this time as the article doesn't give us enough to go off of and other types of retargeting are another possibility.
Overall, I think it's unlikely that the provider or insurer shared her data and other alternatives are more likely.
Disclosure: I work in the ads industry but on contextual targeting only. Some location-based retargeting is terrifying and will probably eventually be criminal. It's a bit of the wild west right now.
I would assume that a more likely scenario (although yours is also likely!) is someone with cancer will almost certainly search the internet at some point for information about cancer and their treatments. This will immediately be sucked up by the pervasive surveillance economy and used to extract the maximum amount of marginal revenue attainable through any means necessary. You don’t need to know they’re in a doctors waiting room, using the internet for information retrieval will specifically inform everyone interested in paying for it what you are searching for.
Yes, I agree. It's also quite likely that people who know people with cancer will search about cancer, and sadly some of them will later need to purchase cremation services. This means that statistically it's not a bad idea to target people who have searched for cancer with cremations. This seems like the most likely explanation to me.
(Edit to add a meta note: Apparently this has to be said on Hacker News because people can't distinguish between someone presenting facts and someone making a defense, but I'm not defending the practice. I think it's abhorrent. But if we can't dispassionately analyze reality to try and understand the motivations, then we've really abandoned reason and lost our way).
Ya, other types of retargeting like this are also likely. The jump from visiting a website to an advertiser does physical mailings isn't a big one (political advertising uses this a lot). Long story short, she was probably retargeted based on her actions and probably not based on the insurer or provider doing anything illegal.
Edit: I don't want to sound like I'm blaming the victim here. That's not my intent. I just don't think blaming the insurer or provider is fair either. I dump the blame on the data broker/ad network and to a far lesser extent the advertiser.
> There have been many cases in the past where advertisers targeted users based on visiting medical or other sensitive locations.
Yep, I used to get ads like that all the time during my cab driving days.
I would often ponder on how they made any inferences out of my location data because I went to so many different places. There were definitely patterns, hauling around the same people once you learn their schedule is a big part of the job, but using it to sell me stuff is worthless.
Now that the youtubes have taken up the adblocker fight I still get all sorts of ads for medical stuff that has no direct relation to me. I do try to keep up on all the complicated "don't track me, you fucking stalkers" clicky buttons they like to add so perhaps I just fall into age group where their ad dollars shine, dunno?
I wonder would the effect would be of extending HIPAA protections to information that you have inferred. If you have inferred something about a person that is protected by privacy laws, should that inference itself also be protected? How much of a shield should "we're not 100% sure, so it's just a very well-informed guess" be?
I have my own story about advertisers inferring personal. Relationship status isn't protected, but the last time I went through a breakup, I was suddenly inundated with dating site ads. I don't feel like my shopping or web browsing habits changed, but they must have to figure it out.
> I wonder would the effect would be of extending HIPAA protections to information that you have inferred.
That would be helpful. Also, HIPAA itself isn't exactly a panacea and is full of loopholes. Having effective medical privacy laws would be even better.
I remain convinced that something on my phone listens to incidental conversations. Yesterday my wife was asking about the difference between our (past) Plymouth Voyager and the current Chrysler Pacifica. Today I get an ad in my Google (Android) feed for the Pacifica. I haven't looked at mini-vans in decades and neither of us searched for anything related.
We had just visited the Sloan museum in Flint, MI which has an extensive Buick display so an ad for a Buick would not have been unexpected.
Coincidences like this have happened too many times to be coincidental.
I think these conspiracy theories happen because people don’t understand how easy it is to leak data and how easy it is for data collectors to gather metadata and make a conclusion. Metadata is incredibly powerful and a lot of non-data scientists don’t realize the level of sophistication that companies have in their possession.
The classic example is Target predicting your pregnancy based on specific purchase behaviors. All they have to know is a consistent identifier and your purchase history and they can predict whether you’re pregnant. There’s no need to listen in on conversations or obtain other more detailed user data.
Also, a lot of “private” services and apps really don’t promise jack shit in their privacy policy. They are probably all gathering and selling the data nearly in real time. Their privacy policies are often far more broad, vague, and permissive than their PR will tell you.
You’re with your wife, your devices are often on the same networks, so it’s likely that advertisers know you know each other when you browse. Despite what your wife says, you really don’t know if she interacted with a Pacifica ad or piece of sponsored content. Even if she didn’t search for a Pacifica, it doesn’t have to be specifically something related to minivans, because that information that you are potentially more interested in minivans can come from other metadata.
TikTok manages to figure out your perception of a particular video based on how your fingers are moving on the screen, how long you’re spending on a video, what’s happening when you’re lingering or swiping, etc. You never really have to tell TikTok directly what things you like.
The game of 20 questions works from a similar concept. You can start knowing absolutely zero and ask a very small amount of binary questions to find the specific item the person has on their mind, only metadata.
> Cox Media Group recently gave advertisers an overview of a new technology it calls Active Listening. CMG claimed that its technology can use microphone data from devices like smartphones and tablets, specifically analyzing "pre-purchase conversations." The since-deleted blog post also mentions using AI to determine when the phrases heard from smart devices could be "relevant" to advertisers.
> We know what you're thinking. Is this even legal? The short answer is: yes. It is legal for phones and devices to listen to you. When a new app download or update prompts consumers with a multi-page terms of use agreement somewhere in the fine print, Active Listening is often included.
This means you have to give permissions and ignore the orange dot on your screen for this technology to work.
Probably, but that’s why new versions of iOS have a recording indicator anytime the microphone or camera is active.
And, you know, at some point consent is consent. It’s a giant dialog box that explains everything. Some people might even want an app that records their activity and gives them compensation for doing so (e.g., Microsoft/Bing Rewards). Who am I to tell that person they don’t want that?
> You’re with your wife, your devices are often on the same networks,
I'm on Fi, she's on Verizon. But I don't doubt that data miners know we're together due to consistent proximity. Neither she nor I did any Pacifica related searches.
Advertising may ever only be related to the surrounding content. It's the (traditional) TV model. Saturday morning cartoons shows you cereal commercials.
For the web this would translate to seeing funeral ads if you're on a website for cancer. But if this follows you later, then we should simply get the death penalty involved for the company that follows you.
From a simple sense, all AI and logic created to track people goes away - ad companies need to simply focus on determining the BEST ads to display on the web pages the ad is pinned to.
That's not a simple law. To start, it violates the first amendment. Then, after you decide that somehow commerce overrules the first amendment in this situation, you are stuck with the job of setting up a government process that will judge, with legal force, whether an advertisement is sufficiently related to the surrounding content. This institution will have to grapple with, among many questions, "Is an ad for replacing your gutters ever related to its surrounding content?" or "What does it mean for an advertisement to be related to a work of fiction?"
Also, do you think Saturday morning cartoons should somehow relate to breakfast cereals? The reason that there haven't been Saturday morning cartoons in a couple of decades is because of a law saying the opposite.
You are focusing too much on the content related part.
If you want to display gravestone advertisements during saturday morning cartoons, you are free to do so. I'm just referring to the concept of trying to do well in your advertising efforts on that part, as LONG as it is done so without knowing who is witnessing this ad.
Yes re-reading my post doesn't state this, I just thought that would be obvious given the story we're discussing.
I would argue that corporations do not have rights, except inasmuch as the people within the corporation have rights. Rights are for people, and corporations are not people. So, there's no conflict with the first amendment here.
Yes, I'm aware of corporate personhood in the U.S.--I'm saying that the Supreme Court was wrong when they interpreted the constitution that way.
To flesh this idea out a bit: if a person decides to say of their own accord "people who eat Cheetos are cool", that's protected speech. However, if you're acting on behalf of the Cheetos corporation to say "people who eat Cheetos are cool", i.e. you are paid by the Cheetos corporation to say it, that's you acting on behalf of that corporation and the corporation can be punished. Note what I said here: the corporation can be punished, not the person: this sidesteps a lot of ambiguous situations where a person's right to free speech might be violated.
> Then, after you decide that somehow commerce overrules the first amendment in this situation, you are stuck with the job of setting up a government process that will judge, with legal force, whether an advertisement is sufficiently related to the surrounding content. This institution will have to grapple with, among many questions, "Is an ad for replacing your gutters ever related to its surrounding content?" or "What does it mean for an advertisement to be related to a work of fiction?"
This sort of handwringing amounts to a complaint that a Hacker News poster didn't post a fully-detailed piece of legislation. Okay, some details haven't been explained, but it isn't reasonable to expect that a user on an internet forum would draft a complete piece of legislation. These details aren't insurmountable or even difficult to iron out through normal legislative processes, and even when (not if) this is done imperfectly, it would likely be a massive improvement over the current free-for-all.
One assumes you also don't believe in rights for religious groups, political parties, unions or the press?
The reason rights apply to corporations is that rights apply to people in aggregate, as well as individually and there is no way to deny rights to the group without denying rights to the individuals within that group (also because treating corporations as legal entities makes things like suing them as entities possible. Otherwise one would have to file individual lawsuits with individual people for any claim.)
If rights only applied to individuals, then it would be trivial to suppress any political or cultural expression by making any collective gathering or expression illegal. There is no reason to consider corporations a special case in this regard.
> One assumes you also don't believe in rights for religious groups, political parties, unions or the press?
In that statement, yes, but there's a ton of nuance to how that's applied.
> The reason rights apply to corporations is that rights apply to people in aggregate,
True, but corporate personhood captures the aggregate rights of people in a corporation only slightly more effectively than the 3/8 compromise captured the rights of slaves. If you're going to claim that the rights of a corporation are based in the rights of the people in that corporation, then you'd expect that the people in the corporation get to wield those aggregate rights equally, because they all have equal rights. But the reality is that a handful of people within a corporation get to wield those aggregated rights: executives and board members are literally taking the rights of their workers and wielding them in ways that often don't benefit the workers. That's not aggregated rights, that's an injustice.
> there is no way to deny rights to the group without denying rights to the individuals within that group
This is a pretty blanket statement. There are certainly some cases where a right cannot be denied to a group without denying rights to the individuals within a group. But it is abundantly clear that making it illegal for a corporation to pay for advertising, while allowing individuals to pay for speech or say things, is a restriction of the corporation's rights and not the individual's.
Again, you're free to say anything you like about products, that's your right. But a corporation has no right to pay people to say anything about their product.
> If rights only applied to individuals, then it would be trivial to suppress any political or cultural expression by making any collective gathering or expression illegal.
We've got a separate right to assemble which I believe in, so no, you're making a straw man argument on my behalf here.
And "collective expression" needs more explanation. Certainly, advertising does not represent the views of every individual in the corporation that advertises, so the idea that this is a "collective expression" is absurd. If anything, it's forcing speech on peons who had very little choice in what was said--if we're claiming their aggregate rights are being represented here, then the decision makers in what is said are violating their rights by not giving them input on what is said.
Put another way: it is well-established that forcing someone to say something is a clear violation of their right to free speech. So if the free speech rights of a corporation are the aggregate of the rights of the individuals, then there has to be unanimity within the corporation on what is said in order to not force that speech on the individuals in the corporation who might object to what is said.
> There is no reason to consider corporations a special case in this regard.
The central case is perfectly fine for my point: there is no group in existence which is capable of exercising my right to free speech. Even groups where I get to vote, so they theoretically represent me, do an extremely poor job of saying what I want said.
A clarification: I'm saying that groups of people do not have a collective right to free speech beyond the rights of their individual members, but that doesn't mean I think we should make laws that silence groups for no reason.
For example, corporations do not have a right to post accurate information about their products on their own website, because as I said, corporations don't have rights. However, a law against corporations posting accurate information about their products on their own website would be obviously counterproductive.
Advertisement Campaigns are based on Returns on Investments not on accuracy. For example, lets say a "Pet Insurance" company makes on average $400 profit for each customer they obtain.
It makes sense for them to spend $200 to acquire each new customer. You could send out around 300 bulk letters for $200. So it makes sense to cast a wide net including mailing people who just made their first purchase at a pet store. Obviously some of those people only bought a $4 gold fish and will laugh at the pet insurance quote.
I'm getting more and more to the feeling that there needs to be stronger penalties for misuse of data than stuff like the GDPR.
I get emails to an old, legacy email address of mine. I haven't actively used it in like 15 years, and when I did use it, it was on gaming forums because remember the days where you didn't give your real contact details to every random person with a site on the internet?
Anyway, this email has ended up in various people search databases for me which has then resulted in the likes of AWS recruiters, Druid salespeople, etc. emailing me on this address.
I can see the path how this came to be:
Gravatar Leak tied this email to newer email addresses I actually use -> various data brokers, probably buying off each other -> people search websites -> Amazon recruiting, Druid sales, etc.
And now data from an illegal data breach has laundered its way into companies that consider themselves very serious about being law-abiding using that data.
Unfortunately, the closer you get to the source, the less upstanding and more transient these companies are. The people search websites are kind of sketchy at times, the data brokers they buy from are more so, etc. So trying to get legal actions against the data brokers is kind of pointless, it feels.
And this has real world effects. Recently a company which I was in the hiring process for decided midway to switch to emailing this legacy email address. Not any of the ones listed publicly with my real identity, not the one on linked where they claimed to have contacted me from, not the one we'd been conversing over for months, but one they'd plucked out of whatever people search DB they were using. Luckily I was aware of recruiters less-than-ideal handling of contact details, so I knew to check the ancient inbox when they went weirdly quiet in a way that was odd for that phase of the process.
I think the only way to stop this is for there to be financial penalties on the end users of the ill-gotten data. When the druid salesperson emails me on the address obtained from the Gravatar data breach, there should be a fine for misuse of data, no matter how many layers of intermediaries there are between the Gravatar hackers and Imply Data, Inc. and the same story for when Amazon's recruiter does it. It's clear that anything less will not dissuade companies from the dissolution of responsibility for using ill-gotten data.
95 comments
[ 3.4 ms ] story [ 222 ms ] threadMuch more likely is that she has been Googling keywords about chemo, and those websites she clicked on sold her data to a data broker.
I had my landlord's property manager sign me up for a identity theft protection service without my permission.
Equifax sells any info about me it can get.
Google has a full profile for my public ip it seems and will fill in suggestions across multiple youtube sessions where one is logged in and the other isn't, on separate machines.
Is this really all technology has to offer? For every new break through, we have 100s of rent seeking middlemen exposing every aspect of our lives.
I had hoped that rising interest rates and a tighter consumer market would change that dynamic somewhat but unfortunately for now it seems to be an incredibly well entrenched status quo that doesn't appear to have a clear path away from
https://en.wikipedia.org/wiki/Driver%27s_Privacy_Protection_...
One example: https://egov.maryland.gov/mva/
Advertising is a blight on society.
Along the way, you end up thinking nothing of corrupting the medium your ads support.
It's a blight all the way down.
I for one enjoy personalized ads
Lol, most sane HackerNews commenter
What I think is abhorrent is that the rest of us are being forced into that system as well.
Given the primary purpose of GDPR banners is asking permission for tracking so you can advertise to me, which I've already made abundantly clear I do not want, no, I don't prefer GDPR banners. Just don't track me, and you won't have to do this nonsense.
GDPR banners are a symptom of the blight you're supporting. Don't blame it on us.
Same as with sex: consent matters.
To be abundandtly clear: I do not consent to view ads. You cannot consent for me, and it is pretty fucked up that you think you can.
Not only is this not consent, even when people explicitly tell advertisers that they do not consent, such as by sending a "do not track" header or using an adblocker, advertisers are specifically violating their explicit non-consent. You really have no moral ground to stand on here--this is literally someone saying "no" and you trying to shove your garbage in front of them anyway. Shame on you for defending this behavior.
If you want me to view ads as a condition of you serving up content, don't serve up content until I view the ad. There are plenty of sites that do this and I have no problem with that.
As such, it's also good to condemn everybody who helps them in their endeavors.
1. Searching for things around chemotherapy, cancer, and death on some site
2. Having an app on your phone that tracks your location and sells it. Many apps do this. It's not too difficult to reverse engineer where people went and who they are with the various datasets that can be bought.
3. Data brokers getting access to medical information. Too many companies play fast and loose with their data. It would not be a surprise.
We leak data everywhere. Companies are often poor at following regulations. There are too few regulations in most of US around data about us.
And it was all useless marketing because we'd already done all this when the diagnosis first came through, so it just kept reminding us of what was likely going to happen. I kept getting them for a year after the cremation.
Sometimes its better not knowing why you received that type of marketing.
Private jet pricing? Maid services? Live-in nannies?
https://www.forhers.com/
we found three trackers on the Planned Parenthood site which is kind of shocking in this age where private citizens could sue you in some states over healthcare decisions.
https://www.forhers.com/sexual-health
https://www.forhers.com/birth-control
Planned Parenthood also offers birth control ordering through the mail. adrr says no tracking/retargeting, so could be a coincidence.
Woman sorting mail: "Oh, an ad for cremation! This one's for you." (handing it to husband)
I am at the hospital right now.
Please continue telling standup jokes until I cease from existing.
Now I only need about five minutes of material that good.
Also, every time I contact my dealer for just about anything, I get a survey in the mail. I’ve tried everything I could think of to stop them but nothing has worked so far. The last one I gave a very low score on about half the questions and a week later I got a call from somebody at the dealership. When I explained it was because I’m trying to get the surveys to stop he said he would contact somebody in the regional Subaru office to see if there was anything they could do but he didn’t sound hopeful.
As to how they mailed it to her and got her home address, a data broker who has location data can fairly easily determine a user's home address from that data. Many brokers and networks may also already have an association between a "pseudo-anonymous advertising ID" and real user with name and address. Not saying that location-based retargeting happened this time as the article doesn't give us enough to go off of and other types of retargeting are another possibility.
Overall, I think it's unlikely that the provider or insurer shared her data and other alternatives are more likely.
Disclosure: I work in the ads industry but on contextual targeting only. Some location-based retargeting is terrifying and will probably eventually be criminal. It's a bit of the wild west right now.
(Edit to add a meta note: Apparently this has to be said on Hacker News because people can't distinguish between someone presenting facts and someone making a defense, but I'm not defending the practice. I think it's abhorrent. But if we can't dispassionately analyze reality to try and understand the motivations, then we've really abandoned reason and lost our way).
Edit: I don't want to sound like I'm blaming the victim here. That's not my intent. I just don't think blaming the insurer or provider is fair either. I dump the blame on the data broker/ad network and to a far lesser extent the advertiser.
Yep, I used to get ads like that all the time during my cab driving days.
I would often ponder on how they made any inferences out of my location data because I went to so many different places. There were definitely patterns, hauling around the same people once you learn their schedule is a big part of the job, but using it to sell me stuff is worthless.
Now that the youtubes have taken up the adblocker fight I still get all sorts of ads for medical stuff that has no direct relation to me. I do try to keep up on all the complicated "don't track me, you fucking stalkers" clicky buttons they like to add so perhaps I just fall into age group where their ad dollars shine, dunno?
I have my own story about advertisers inferring personal. Relationship status isn't protected, but the last time I went through a breakup, I was suddenly inundated with dating site ads. I don't feel like my shopping or web browsing habits changed, but they must have to figure it out.
That would be helpful. Also, HIPAA itself isn't exactly a panacea and is full of loopholes. Having effective medical privacy laws would be even better.
We had just visited the Sloan museum in Flint, MI which has an extensive Buick display so an ad for a Buick would not have been unexpected.
Coincidences like this have happened too many times to be coincidental.
The classic example is Target predicting your pregnancy based on specific purchase behaviors. All they have to know is a consistent identifier and your purchase history and they can predict whether you’re pregnant. There’s no need to listen in on conversations or obtain other more detailed user data.
Also, a lot of “private” services and apps really don’t promise jack shit in their privacy policy. They are probably all gathering and selling the data nearly in real time. Their privacy policies are often far more broad, vague, and permissive than their PR will tell you.
You’re with your wife, your devices are often on the same networks, so it’s likely that advertisers know you know each other when you browse. Despite what your wife says, you really don’t know if she interacted with a Pacifica ad or piece of sponsored content. Even if she didn’t search for a Pacifica, it doesn’t have to be specifically something related to minivans, because that information that you are potentially more interested in minivans can come from other metadata.
TikTok manages to figure out your perception of a particular video based on how your fingers are moving on the screen, how long you’re spending on a video, what’s happening when you’re lingering or swiping, etc. You never really have to tell TikTok directly what things you like.
The game of 20 questions works from a similar concept. You can start knowing absolutely zero and ask a very small amount of binary questions to find the specific item the person has on their mind, only metadata.
https://www.businessinsider.com/cox-active-listening-claims-...
> We know what you're thinking. Is this even legal? The short answer is: yes. It is legal for phones and devices to listen to you. When a new app download or update prompts consumers with a multi-page terms of use agreement somewhere in the fine print, Active Listening is often included.
This means you have to give permissions and ignore the orange dot on your screen for this technology to work.
And, you know, at some point consent is consent. It’s a giant dialog box that explains everything. Some people might even want an app that records their activity and gives them compensation for doing so (e.g., Microsoft/Bing Rewards). Who am I to tell that person they don’t want that?
I'm on Fi, she's on Verizon. But I don't doubt that data miners know we're together due to consistent proximity. Neither she nor I did any Pacifica related searches.
99.9% of people who have a healthcare provider at a minimum use their website - communicate with doctor, prescriptions, etc.
All these websites use adtech stuff, and the apps are even worse.
look, don't take my word for it, just look at kaiser permanente's website:
https://www.kp.org
It references google.com directly.
(also try www.dmv.ca.gov, same thing, same cookies)
Advertising may ever only be related to the surrounding content. It's the (traditional) TV model. Saturday morning cartoons shows you cereal commercials.
For the web this would translate to seeing funeral ads if you're on a website for cancer. But if this follows you later, then we should simply get the death penalty involved for the company that follows you.
From a simple sense, all AI and logic created to track people goes away - ad companies need to simply focus on determining the BEST ads to display on the web pages the ad is pinned to.
Also, do you think Saturday morning cartoons should somehow relate to breakfast cereals? The reason that there haven't been Saturday morning cartoons in a couple of decades is because of a law saying the opposite.
If you want to display gravestone advertisements during saturday morning cartoons, you are free to do so. I'm just referring to the concept of trying to do well in your advertising efforts on that part, as LONG as it is done so without knowing who is witnessing this ad.
Yes re-reading my post doesn't state this, I just thought that would be obvious given the story we're discussing.
Make the spying illegal, not the advertising that relies on it. Then there is zero first amendment issue.
I would argue that corporations do not have rights, except inasmuch as the people within the corporation have rights. Rights are for people, and corporations are not people. So, there's no conflict with the first amendment here.
Yes, I'm aware of corporate personhood in the U.S.--I'm saying that the Supreme Court was wrong when they interpreted the constitution that way.
To flesh this idea out a bit: if a person decides to say of their own accord "people who eat Cheetos are cool", that's protected speech. However, if you're acting on behalf of the Cheetos corporation to say "people who eat Cheetos are cool", i.e. you are paid by the Cheetos corporation to say it, that's you acting on behalf of that corporation and the corporation can be punished. Note what I said here: the corporation can be punished, not the person: this sidesteps a lot of ambiguous situations where a person's right to free speech might be violated.
> Then, after you decide that somehow commerce overrules the first amendment in this situation, you are stuck with the job of setting up a government process that will judge, with legal force, whether an advertisement is sufficiently related to the surrounding content. This institution will have to grapple with, among many questions, "Is an ad for replacing your gutters ever related to its surrounding content?" or "What does it mean for an advertisement to be related to a work of fiction?"
This sort of handwringing amounts to a complaint that a Hacker News poster didn't post a fully-detailed piece of legislation. Okay, some details haven't been explained, but it isn't reasonable to expect that a user on an internet forum would draft a complete piece of legislation. These details aren't insurmountable or even difficult to iron out through normal legislative processes, and even when (not if) this is done imperfectly, it would likely be a massive improvement over the current free-for-all.
The reason rights apply to corporations is that rights apply to people in aggregate, as well as individually and there is no way to deny rights to the group without denying rights to the individuals within that group (also because treating corporations as legal entities makes things like suing them as entities possible. Otherwise one would have to file individual lawsuits with individual people for any claim.)
If rights only applied to individuals, then it would be trivial to suppress any political or cultural expression by making any collective gathering or expression illegal. There is no reason to consider corporations a special case in this regard.
In that statement, yes, but there's a ton of nuance to how that's applied.
> The reason rights apply to corporations is that rights apply to people in aggregate,
True, but corporate personhood captures the aggregate rights of people in a corporation only slightly more effectively than the 3/8 compromise captured the rights of slaves. If you're going to claim that the rights of a corporation are based in the rights of the people in that corporation, then you'd expect that the people in the corporation get to wield those aggregate rights equally, because they all have equal rights. But the reality is that a handful of people within a corporation get to wield those aggregated rights: executives and board members are literally taking the rights of their workers and wielding them in ways that often don't benefit the workers. That's not aggregated rights, that's an injustice.
> there is no way to deny rights to the group without denying rights to the individuals within that group
This is a pretty blanket statement. There are certainly some cases where a right cannot be denied to a group without denying rights to the individuals within a group. But it is abundantly clear that making it illegal for a corporation to pay for advertising, while allowing individuals to pay for speech or say things, is a restriction of the corporation's rights and not the individual's.
Again, you're free to say anything you like about products, that's your right. But a corporation has no right to pay people to say anything about their product.
> If rights only applied to individuals, then it would be trivial to suppress any political or cultural expression by making any collective gathering or expression illegal.
We've got a separate right to assemble which I believe in, so no, you're making a straw man argument on my behalf here.
And "collective expression" needs more explanation. Certainly, advertising does not represent the views of every individual in the corporation that advertises, so the idea that this is a "collective expression" is absurd. If anything, it's forcing speech on peons who had very little choice in what was said--if we're claiming their aggregate rights are being represented here, then the decision makers in what is said are violating their rights by not giving them input on what is said.
Put another way: it is well-established that forcing someone to say something is a clear violation of their right to free speech. So if the free speech rights of a corporation are the aggregate of the rights of the individuals, then there has to be unanimity within the corporation on what is said in order to not force that speech on the individuals in the corporation who might object to what is said.
> There is no reason to consider corporations a special case in this regard.
The central case is perfectly fine for my point: there is no group in existence which is capable of exercising my right to free speech. Even groups where I get to vote, so they theoretically represent me, do an extremely poor job of saying what I want said.
For example, corporations do not have a right to post accurate information about their products on their own website, because as I said, corporations don't have rights. However, a law against corporations posting accurate information about their products on their own website would be obviously counterproductive.
It makes sense for them to spend $200 to acquire each new customer. You could send out around 300 bulk letters for $200. So it makes sense to cast a wide net including mailing people who just made their first purchase at a pet store. Obviously some of those people only bought a $4 gold fish and will laugh at the pet insurance quote.
1. the woman in question is old,
2. the data broker has a list of all old people
3. the data broker sold that list of old people to a cremation firm
4. the cremation firm sent out mailers
5. the chemotherapy was a coincidence.
I get emails to an old, legacy email address of mine. I haven't actively used it in like 15 years, and when I did use it, it was on gaming forums because remember the days where you didn't give your real contact details to every random person with a site on the internet?
Anyway, this email has ended up in various people search databases for me which has then resulted in the likes of AWS recruiters, Druid salespeople, etc. emailing me on this address.
I can see the path how this came to be:
Gravatar Leak tied this email to newer email addresses I actually use -> various data brokers, probably buying off each other -> people search websites -> Amazon recruiting, Druid sales, etc.
And now data from an illegal data breach has laundered its way into companies that consider themselves very serious about being law-abiding using that data.
Unfortunately, the closer you get to the source, the less upstanding and more transient these companies are. The people search websites are kind of sketchy at times, the data brokers they buy from are more so, etc. So trying to get legal actions against the data brokers is kind of pointless, it feels.
And this has real world effects. Recently a company which I was in the hiring process for decided midway to switch to emailing this legacy email address. Not any of the ones listed publicly with my real identity, not the one on linked where they claimed to have contacted me from, not the one we'd been conversing over for months, but one they'd plucked out of whatever people search DB they were using. Luckily I was aware of recruiters less-than-ideal handling of contact details, so I knew to check the ancient inbox when they went weirdly quiet in a way that was odd for that phase of the process.
I think the only way to stop this is for there to be financial penalties on the end users of the ill-gotten data. When the druid salesperson emails me on the address obtained from the Gravatar data breach, there should be a fine for misuse of data, no matter how many layers of intermediaries there are between the Gravatar hackers and Imply Data, Inc. and the same story for when Amazon's recruiter does it. It's clear that anything less will not dissuade companies from the dissolution of responsibility for using ill-gotten data.