
Everything We Know About What Data Brokers Know About You - bsims
https://www.propublica.org/article/everything-we-know-about-what-data-brokers-know-about-you
======
DanielBMarkham
One of the sadly funny things about watching the politics of this play out is
that the folks that traditionally blame the government are all up in arms
about the government tracking you. But they seem fine with corporations
tracking you. The other bunch, which traditionally blame corporations are all
up in arms about corporations tracking you. But they have no problem with the
government tracking you.

And for all of that fighting, it never really mattered. The fact is it doesn't
matter who tracks you, the information is available to all parties. You're
being tracked.

Cross-reference this pile of tracking information to cell phone records, which
can locate you within a few dozen meters at all times, and you have a
surveillance system Orwell himself could never have dreamed of. It's beyond
any state-ran security system ever put into place in the history of the world.
Yet we all sit idly around as if none of it matters.

And for all of that political fighting about privacy and anonymity, it never
amounted to anything.

Amazing.

Side note: As a movie buff, I've seen lots of dystopian movies set into some
far future where the state has taken control over people's lives. Our hero
somehow manages to fight the system.

What they never really cover is _what happened_. How exactly did people sit
around and let this happen? Didn't they see this terrible future approaching?

Now I have the answer. Yes, some folks saw what was happening, but the vast
majority didn't see an immediate negative impact in their lives, so they
didn't care. The rest of us were just -- overwhelmed by events. Threats came
from multiple and unseen directions and kept coming until we couldn't fight
them. People who owned the data were careful not to share the scariness of
what they were doing with the common man. Privacy and anonymity advocates were
labeled scaremongers.

~~~
trotsky
While I'm not happy about the idea, I submit that we've tipped over a scale
within technical surveillance - the same irresistible forces that are
reshaping the content industries are hard at work reshaping our concepts of
available privacy. It's just too cheap & easy, and getting much easier, and
people want to do it (badly).

~~~
pasbesoin
Part of a subsequent response should be transparency. For example, an
organization accumulating health-related data on you should not be able to in
surreptitiously influence (directly or through data brokerage) your ability to
get health insurance.

Such information asymmetry, in the hands of large, powerful self-interests, is
something we should seek to mitigate.

------
aslewofmice
And to think that this article doesn't even touch on the ability marketer's
have to track you across multiple devices, locations, and other insight that
Facebook allows.

I believe we're at a point where a legitimate proof of concept could emerge
where given a first and last name of a person, one could theoretically track a
person's location and browsing behaviors for an indefinite amount of time.
Granted, it would require that the person not clear their cookies, grant geo-
location on their phone and that you have a bit of money to ensure you win
enough ad impressions in that time period. The takeaway would show that people
aren't as anonymous as they think they are and that with enough money and
motivation, someone could gain valuable insight into your behaviors.

~~~
digitalengineer
Correct. But even without their permission their phone will transmit it's
location to the nearest celltower. Also, in my country we have CCTV-camera's
along all major roads with licenceplate-tracking. Public transport requires a
chipcard with login. I feel so much safer...

------
d23
Is it so wrong that I... don't really mind? I feel bad admitting that, but I
actually think it's kind of cool. Marketing is moving beyond "generically spam
this to millions of people in this 'demographic'" to actually giving me
personalized advertisements that I actually might be interested in.

I treat it the same way as I treat the rest of my online identity: if I'm
doing something I want to be anonymous I take steps to make it that way, such
as using a throwaway account with cookies disabled. I recognize that when I
buy store loyalty cards, I'm giving them access to my purchase patterns.

It's a trade-off I make, and I don't put the responsibility for that decision
on anyone but myself.

------
binarymax
My first brush with this, was near my 16th birthday, in 1994. Gillette sent me
a free razor. I had never bought anything from Gillette, and neither had
anyone in my family. Yet somehow they knew I was in prime shaving time, and
they were smart enough to send me this birthday gift.

Their reward? I've been shaving with Gillette for almost 20 years. A back of
the napkin estimation is that initial free razor got them about $500 worth of
business in blades (and I don't even shave very often).

I have no idea from where they got this data - but this sort of thing has been
going on for a lot longer than people think.

~~~
ams6110
Even back in those days, many products came with "warranty registration cards"
which would ask for your name, address, DOB, and other demographic data. It
had nothing to do with warranties, it was to collect information about who
bought the products for use in further marketing campaigns. And that
information was bought and sold (probably on 1/2" magnetic tape reels) even
then.

------
racbart
Would that even be legal in the EU? “Upscale furniture store Restoration
Hardware said that it had sent "your name, address and what you purchased" to
seven other companies, including a data "cooperative" that allows retailers to
pool data about customer transactions”

~~~
belorn
The short answer is yes.

The long answer is a bit more complicated by it will result in the same
answer. Companies in EU can send data over to NA to have it "processed". Once
there, the data is outside the protection of EU law, and can be sold without
hindrance.

~~~
karambahh
Saying it is indeed possible is akin to say that "tax evasion is possible"....
possible yes, legal, I don't think so

My understanding of my (EU) country law is that you cannot send data outside
the EU to have it processed if the data is deemed "sensitive". Even if you are
allowed to export it, you have to guarantee that data won't sold once it has
left EU.

~~~
belorn
For patient data, there are some exceptional laws in some countries. While I
hope it does become EU law someday, we are not there yet. I have never heard
of any laws that allow one to export data but then to give some guarantee that
the data won't be sold. Source?

But for the general case (ie a normal business venture), people are already
using services that will exploit/refine any personal data being sent there.
Gmail is one, but Facebook is a better example. Facebook will use the data
even if it about someone who aren't a Facebook user. Cloud services could be
doing things, but I am not sure its true in practice yet. Mobile apps are
already getting and selling data, and has a long history of doing exactly
that.

Webshops that use paypal are sending their customer data to paypal. If one
read their privacy policy, one can see that they use the data to: a) compare
information and verify it with third parties. b) Send to companies that
perform marketing and "other services" for paypal. c) Send aggregated
statistical data to their business partners. d) send any data to eBay Inc.
corporate family—like eBay, Skype or Shopping.com
([https://cms.paypal.com/au/cgi-
bin/marketingweb?cmd=_render-c...](https://cms.paypal.com/au/cgi-
bin/marketingweb?cmd=_render-
content&content_ID=ua/Privacy_full&locale.x=en_AU))

~~~
jrabone
That PayPal data almost certainly also goes directly to Palantir (another
Peter Thiel company), to be added to the vast corpus of information they (and
by association the three letter agencies & DoD contractors) hold on you.
Palantir arose from the anti-fraud work that PayPal was having to do 10 years
ago and is now supposed to be a big deal in data mining for govt, defence etc.
Want to bet that they have quite a few "exceptional laws" on their side?

------
summerdown2
This is a very American centric view of data where privacy is not written into
law. In the EU, the data protection act prevents much of this:

[http://www.ico.gov.uk/for_organisations/data_protection/the_...](http://www.ico.gov.uk/for_organisations/data_protection/the_guide/the_principles.aspx)

Of course, in our modern world of cloud computing even in the EU people place
their data willingly beyond the reach of EU law. However, even cloud companies
are sometimes inside its scope because of where their offices exist:

[http://www.theregister.co.uk/2012/09/21/irish_data_protectio...](http://www.theregister.co.uk/2012/09/21/irish_data_protection_commissioner_facebook_review_following_2011_audit/)

------
ams6110
The only real way to avoid most of this is to not use loyalty cards (thus pay
the marked-up prices) or to give ficticious data when you get them, and change
them frequently. Never use a credit card with your loyalty card, they will be
linked... pay cash for everything... don't use online services... don't use
mobile devices.

Who among us would want to give up all that?

------
jayfuerstenberg
I once thought about making a proxy server that would randomly change HTTP
request headers (user agent etc...) enough to make you appear to be a
different person with each request.

But I suspect service providers (Facebook etc...) would find a way to adapt
and it would just result in an arms race that would leave HTTP in a state of
disarray.

~~~
m0nty
Browser fingerprinting?

<https://panopticlick.eff.org/>

------
rayj
Health insurance companies could purchase loyalty-card information from
grocery stores. Want to know if someone is always eating trans-fats and
smoking? There we go.

Want to know how much booze someone is purchasing per week?

The possibilities are endless, and I am sure this has already been thought of
many years ago.

