FYI if you remove the mailbox from your residence, the USPS will silently return every attempted delivery to the sender.
You can then get a PO BOX, setup your important things like property taxes/dmv/utilities/banks with it as the mailing address, and carry on supplying your residence as your physical address to whoever appropriately asks without even lying.
Most places are just assuming your physical address receives mail and send unsolicited spam to it. Critical services must support a mailing address distinct from a residence address, as it's common for those living at the end of a dirt road without mail service; a perfectly legal way to live.
I currently do this, and my PO BOX receives practically zero mail, and I must say it's a glorious signal:noise ratio.
There are some frustrations though, some places do refuse to send to a PO BOX, and some shippers which claim to use FedEx or UPS will then go on to use USPS and your purchase doesn't arrive. Non-USPS deliveries will still arrive at the physical address without a mailbox, but USPS deliveries will not - those must go to the PO BOX. YMMV
Banks haven't been an insurmountable problem for me, but there's definitely varying degrees of friction. Having an official current property tax document for the residence showing the PO BOX mailing address it was sent to seems to help, but it does require in-person time-wasting to navigate the barriers. I assume it's a real PITA or impossible if you just do a web/app kind of signup, especially with a huge bank. My local small rural bank didn't even bat an eye to separate mailing address and resident address, happily sending the bank card to the PO BOX, but they serve a rural community of many people living at the end of dirt roads and the account was opened in-person.
I did have a problem with E*Trade because they partner with a banking provider. Despite having the PO BOX as the mailing address, their bank insisted on sending the debit card to the residence address. This was resolved by them sending it via FedEx, no mailbox required, still fulfilled their requirement of confirming the card goes to the residence on file, done.
I haven't had to get a new license in this mode yet, but the vehicle registration has all been frictionless with separate fields for residence and mailing addresses. Maybe it will be a mess for the DL, but I'm pretty confident there's a way. Even retirees who sold their home and are living exclusively in their RV have an escape hatch at the DMV AIUI.
At least in the UK it’s very easy to it’s costly if you use the Royal Mail one there are others but I wouldn’t trust them all the ones I’ve seen look rather dodgy.
That hasn't been my experience, but maybe it's possible? You could switch to a different box if you got unlucky, my local postmaster is super friendly and helpful FWIW.
One idea is to use active disinformation such as receiving mail in your own name at a UPS Store or PO Box and ordering things to your home -- magazines especially as they aggressively resell subscription lists -- in the name of an alias or the former owner (once mail forwarding has expired). These are just a couple ideas I picked up from listening to the "Privacy, Security, and OSINT" podcast. An episode dedicated to Advanced Disinformation can be found at:
https://soundcloud.com/user-98066669/105-advanced-disinforma...
It's not uncommon for people to buy a magazine subscription for someone else. Half of the magazines to which I subscribe send me letters offering half-price gift subscriptions.
For payment, you could use a pre-paid card. If the magazine company doesn't take that, you can send a check. Checks with no name or address on them are stupid easy to get. And I've never seen a magazine that didn't take checks.
A few years ago, I think you used to be able to sign up for free subscriptions to magazines like Sports Illustrated at Best Buy. I'm not sure if that's still happening, but I think it was part of a strategy to keep circulation up.
not like many people get magazines delivered anymore.
I was surprised to learn that this is just one of those things that people say on the internet. The whole "print is dead" meme.
I ended up in a conference room with a magazine circulation manager in 2019 and asked him about the state of the industry while we awaited the next presentation. He told me it's rebounded quite a lot since about 2005, and some magazines are doing better than ever. Unfortunately, I didn't have a chance to ask him anything further because the next speaker came in.
You're probably right, sadly. I think there's a great deal of merit to this idea. To but to actually take on the companies and start messing with things like AdSense revenue meaningfully, probably millions or millions of us would have to do this consistently. And if it had that level of broad social support and motivation, perhaps we should channel the energy into legal regulation of the industry.
In Germany it's pretty tightly regulated. Cold personal mail is not a thing you get, and for unnamed mail you just put a no ads sticker on your mailbox and repeat violators are strictly punished
It’s encouraged by the US postal system, as spam mail is one of the most reliable income sources (which is necessary given how Republicans are trying to kill the public postal system).
This has led to the postal system taking legal action against startups that tried to shield people from spam.
The techniques outlined in the article are naive and generally will not work. Robust methods exist for both detecting and filtering sophisticated data poisoning, and the kinds of organizations we are talking about here will already have that capability.
Defense against data poisoning isn't just about ad tech. State actor threats routinely engage in sophisticated data poisoning operations that require robust mitigations for system integrity purposes. A "simple" strategy is not remotely at the level of sophistication required to have a chance of bypassing these defenses, which need to withstand state actors.
> Data poisoning, which involves contributing meaningless or harmful data. AdNauseam, for example, is a browser extension that clicks on every single ad served to you, thus confusing Google’s ad-targeting algorithms.
Wait a minute, if every ad is clicked on won't that give an enormous amount of money to the companies that created the problem in the first place?
e.g. "We believe obfuscation is an important form of resistance to data tyranny. It can frustrate surveillance, help users to express their discontent, and act as a communal, rather than merely individual, practice."
I believe the general idea is that by contesting targeted ad technology in general, the eventual goal is move away from that model (which arguably, Google is doing with their big ad "reframing", although I realize this is contentious)
1 - the goal is so google doesn't know which ads are interesting for you, so it helps you with that.
2 - in the short term, you are making google earn more, but if more people do it, ads are going to start being way less effective, as the companies pay google per click, but they don't actually get any signups (or whatever their goal is). Maybe that could make google ads less relevant
FWIW, I changed my gender, first and last name, e-mail address, phone number and moved states and they still connected me. It doesn’t help when every company you have an account with sells your information to the ad networks and DMPs. Ending 3rd party cookies should help to wind this down however.
I am sorry to hear about your pain. No idea why you are being downvoted. I also have a transsexual experience. It goes a lot deeper than 3rd party cookies and ad networks. Private companies like Lexis Nexis have vast databases of aggregated and collated personal identity information. That is only one place that shady companies like those people search sites get their info from. This is to say nothing of credit, bank reports, voter rolls, and if you got a new job that used certain firms to do a background check on you. It should be illegal. I plan to use Privacy Duck although it is expensive ($1000 per year).
I'm curious how you think you were linked. Also, how you have identified that you were successfully linked?
Perhaps you still have the same social media accounts somewhere? Perhaps you used your same PC you'd formerly used when creating new ones? Perhaps your friends merely updated their phone's contact information for you rather than deleting the contact and adding new ones?
I’ve been off social media for a very long time; kind of a hipster about it :)
I wasn’t able to identify where it came from, but I do suspect it’s the latter — which is really hard to deal with because it’s other people leaking info about you. But the same could have happened with facial recognition at an ATM or checkout.
Personally, I’ve accepted that being an American in 2021 just means being under constant surveillance. The fantasies of going off-grid will run into the realities of your human relationships.
It's sad that your last point is the current state of affairs. My kids (in their 20's) have a completely differ idea of privacy, and are really ignorant of how much data exists on them.
It's an interesting side effect of our need to have constant identifiers on everyone that legal name/gender changes are so complicated. It's certainly not the only reason, or even the biggest. But it does seem like our society is particularly hostile to people changing anything that can be used as a primary identifier.
You mention contact linking being a possible cause of advertisers figuring out your new address, but it also wouldn't surprise me if at some point during the legal process credit industries just got notified about it. Although if that was the case you'd think that advertisers would have had the courtesy to use your correct name when sending junk mail, so... shrug.
It's a weird system that is so ridiculously good at tracking people, but still messes up so many basic details.
The hostility would likely predate modern government tracking systems and bueracracies. While going from Jimmy Brown to Jim Brown wouldn't raise much of an eyebrow (head of your household now - fair enough) but going by a different name in every town would raise suspicion of being a spy, serial con artist, fugitive, or other sort of scoundrel. Bypassing "means of trust" like word about you gets viewed with suspicion even without rationalization of rules imposed by might maked right.
Name changes seem to not have been frowned upon generally if they had significance. Often they were recorded as part of a rise of status whether formally like say becoming pope or a Norse deed name style like being known as Shieldbreaker because you struck the blow that split a foe's shield in two.
As for tracking - many buggy but functional systems linger at good enough for generations with a weirdly stable whole. Even if you can get a "NULL" vanity plate you shouldn't unless you like taking the chance of receiving every ticket for cars without plates and having to dig your way out of that mess.
> It doesn’t help when every company you have an account with sells your information
That may or may not be the case.
It's enough to have a friend of yours who (unknowingly) posts a picture on FB with "Me with X. He/She changed his/her name and move to ...". The chances are you'll never discover where the "leak" comes from.
I started getting junk mail under my old name at a new address. No idea how they figured it out. I wasn’t explicitly trying to avoid being tracked — I got a new job in another state at the same time my legal name change went through — but I was surprised at how quickly they were able to connect the dots.
"The types of personal information Goldman Sachs Bank USA collects and shares depend on the product or service you have with us. This information can include:
Social Security number and account balances account transactions and purchase history transaction history and payment history
For Goldman Sachs Bank USA's marketing purposes: to offer our other products and services to you
Does Goldman Sachs Bank USA share? No
For joint marketing with other financial companies
Does Goldman Sachs Bank USA share? No
For Goldman Sachs Bank USA's affiliates to market to you
Does Goldman Sachs Bank USA share? No
For nonaffiliates to market to you
Does Goldman Sachs Bank USA share? No"
While both AppleCard and AppleID were involved in the story, the situation wasn’t exactly that.
Apple issued this statement in response: “We apologize for any confusion or inconvenience we may have caused for this customer. The issue in question involved a restriction on the customer’s Apple ID that disabled App Store and iTunes purchases and subscription services, excluding iCloud. Apple provided an instant credit for the purchase of a new MacBook Pro, and as part of that agreement, the customer was to return their current unit to us. No matter what payment method was used, the ability to transact on the associated Apple ID was disabled because Apple could not collect funds. This is entirely unrelated to Apple Card.”
You can buy prepaid debit cards in cash and load them with up to $500 at almost any Walmart (and probably a lot of other locations). I like the OneVanilla prepaid debit cards because I can use them online (but only with US-based vendors -- no international transactions) and put anything I want (such as "Hacker News") as the cardholder name.
Another great alternative is privacy.com which allows you to create anonymous credit cards (your bank is then debited). While the vendors won't know who you are privacy.com certainly does and they use Plaid on the back end so they likely know as well. VISA just tried to buy Plaid; someone eventually will acquire them (maybe Google?) so keeping your financial info private via privacy.com might not be something that works long-term.
That's a good point! And Privacy.com does offer a product that lets you generate temporary credit cards for this type of thing, which seems like a more elegant solution.
>I'm interested in learning if there are alternative credit cards available that do not track/resell your purchase history.
While they certainly do track many things (I was an employee for several years), American Express does not provide information to credit reporting agencies (Equifax, TransUnion, Experian).
While that doesn't help with more mundane tracking (although you could buy Amex gift cards for cash, but that would be the same for any other gift cards), it does impact some of the more insidious tracking that's been going on for decades.
Isn't it illegal for a financial institution/money transfer organization to not track your purchase history from AML(anti-money laundering) reasons alone? I would imagine just from the sheer exploitability.
Actually selling your data (as opposed to selling a derivative which is lazily conflated) they could manage to abstain from. The other party could also sell their transaction data which happens to contain you (although retailers tend to be cagey about what sells and keep their use internal they are infamously one of the things sold upon bankruptcy by their debtholder heirs).
Hey all, I'm the one of the authors of the conference paper discussed here and was quoted in this. Glad to see it's interesting to HN!
Wanted to briefly highlight a couple points that I think will be interesting to the HN audience.
One of the major goals of the paper is to describe a framework of three "data levers" (ways a group of people can hurt or harm a data-dependent technology). Data poisoning (well known to ML people for a long time) is one of the three "levers". The other two are "data strikes" (withhold future data and/or delete past data via deletion request) and "conscious data contribution" (ala conscious consumerism — give data to a firm you support and want to compete with incumbents).
A major point in the paper is that there are some big differences in terms of barrier to entry, legal considerations, ethical considerations, and ability for a data lever to be impactful. Basically, for any given company + technology, there's probably a particular data lever that's a "best fit". It might hard to organize a large enough "data strike" that will meaningful hurt a huge company's search engine, but conscious data contribution could help improve a competitor (esp. if that competitor focuses on search verticals). On the other hand, data strikes could be really great vs. facial recognition, because there's precedent of forcing companies to delete actual model weights ([https://www.theverge.com/2021/1/11/22225171/ftc-facial-recog...).
Another point is that there's some nice connections between levers. On the topic of data poisoning defenses: if you've been feeding poisoned data, and get caught (quite likely for naive attacks, as noted below), the company deletes your poison and you've just been "reduced to a data strike".
A final point: the paper discusses implications for folks who work in ML, design, HCI, and policy. There's great opportunities to build to tools to support data leverage, and for ML researchers to "bake in" data leverage (e.g. compute a performance v. dataset size learning curve to characterize how "vulnerable" a system is to data strikes). Also, there's huge potential for win-wins with privacy regulation: data deletion and data portability both enhance the public's leverage.
I'll end this long comment now, curious to see what others think (and appreciate all the comments already here!)
You can then get a PO BOX, setup your important things like property taxes/dmv/utilities/banks with it as the mailing address, and carry on supplying your residence as your physical address to whoever appropriately asks without even lying.
Most places are just assuming your physical address receives mail and send unsolicited spam to it. Critical services must support a mailing address distinct from a residence address, as it's common for those living at the end of a dirt road without mail service; a perfectly legal way to live.
I currently do this, and my PO BOX receives practically zero mail, and I must say it's a glorious signal:noise ratio.
There are some frustrations though, some places do refuse to send to a PO BOX, and some shippers which claim to use FedEx or UPS will then go on to use USPS and your purchase doesn't arrive. Non-USPS deliveries will still arrive at the physical address without a mailbox, but USPS deliveries will not - those must go to the PO BOX. YMMV