
Thermometer Tells Your Temperature, Then Tells Firms Where to Advertise - js2
https://www.nytimes.com/2018/10/23/business/media/fever-advertisements-medicine-clorox.html
======
a3n
> Kinsa sells its data to other companies under the name Kinsa Insights. While
> Mr. Singh declined to share the names of other customers, citing
> confidentiality agreements, ...

The irony.

~~~
dmix
They (claim) they don't sell the names of their Thermostat users either, it's
all anonymized data. Where's the irony?

> It has promoted the usefulness of its “illness data,” which it says is
> aggregated and contains no identifying personal information before being
> passed along to other companies.

------
code4tee
For me the key is transparency of collection and use (which some will quickly
point out is very GDPR-like).

I’m OK to anonymously share my car’s position and speed of in return I get
live traffic data from others doing the same. I’m less cool about people
collecting my data without me knowing (or burying it deep in unreadable T&Cs)
and then selling that for uses that I’m not aware of or didn’t approve.

When you visit a free website or use a free service I get the “your the
product” mantra, but for products I buy and put in my home... no.

~~~
jatsign
Makes me wonder if we need the government to:

\- Require companies to register before collecting personally identifying
information (what, why, from whom, etc).

\- Specify how & when privacy policies are distributed.

\- Audit companies to ensure they adhere to their own privacy policies.

~~~
yellow_postit
I have long wanted to see a standardized data privacy table like food
nutrition information on the side of most packaged food in the US.

~~~
anon4738383
I'd like to see America regulate chemicals too as they are in Scandinavia,
such as requiring evidence proving their safety, but legislation such as TSCA
grandfathered in thousands of compounds with zero safety data. If you think
you're going to get a crumb from the klepto-plutocrats' table, I think you're
gonna need a straight-jacket and a padded room.

People are still dumb enough that they willingly hand over their contact
details for a "prize" car or something that no one ever wins in order for some
company to sell their details to be nonstop marketed to. And post-Equifax,
it's easier than ever to steal a person's identity by opening accounts in
their name without them figuring out until collections come calling.

When/if political winds shift far enough, then it might be possible for
Americans to gain identity protections as stringent as Germany's. Until then,
Americans will continue being screwed and lied to, and it's their fault for
being too compliant and not demanding better leadership.

------
mancerayder
There's a fantastic little blurb about Tim Cook arguing in favor of privacy
regulations:

 _“Today that trade has exploded into a data industrial complex. Our own
information, from the everyday to the deeply personal, is being weaponized
against us with military efficiency,” he said. “These scraps of data ... each
one harmless enough on its own ... are carefully assembled, synthesized,
traded, and sold.” He said algorithms, a major tool for competitors, were
turning harmless preferences into hardened convictions. “If green is your
favorite color, you may find yourself reading a lot of articles — or watching
a lot of videos — about the insidious threat from people who like orange,”
Cook said._ [1]

I love this, almost to the point that I want to move off of the EvilCorp Pixel
2 and onto something that doesn't resell my personal data. It seems Apple is
on a higher moral high ground.

1 [https://www.reuters.com/article/us-eu-privacy-apple/apple-
bo...](https://www.reuters.com/article/us-eu-privacy-apple/apple-boss-takes-
aim-at-weaponization-of-customer-data-idUSKCN1MY1DF)

~~~
superflyguy
Unless you're going to also stop using Tweedledum corp's browser and search,
I'd not bother. And if you are then just use, say, Firefox and duckduckgo and
ublock origin on your current os.

~~~
mancerayder
I use Firefox and DDG on my EvilCorp Pixel. I suspect there's a lot more than
that - for example, it seems widely accepted that it funnels GPS data out even
if you're not using a GPS-dependent app like GMaps in the foreground.

------
superflyguy
Amusing that the story about unwanted side effects of information unwittingly
exfiltrated contains numerous identical requests for me to disable my "ad
blocker".

~~~
peacetreefrog
Agree. It's the same with anything, when push comes to shove and it means
getting by or laying off writers etc the NY Times is going to fall back on
basically the same behavior these cough drop or chicken noodle soup or
whatever co's are using this health data: targeted advertising, whether that's
displaying ads on its site or advertising elsewhere to try and get
subscribers.

------
jatsign
"Amazon has submitted a patent application, recently granted, outlining how
the company could recommend chicken soup or cough drops to people who use its
Echo device if it detects symptoms like coughing and sniffling when they speak
to it, according to a report by CNET. It could even suggest a visit to the
movies after discerning boredom. Other patents submitted by the company have
focused on how it could suggest products to people based on keywords in their
conversations."

Really glad I don't own one of these things. I don't know if Brave New World
or 1984 was right. Looks like the future decided to split the difference.

~~~
CaptainZapp
What beggars believe is that in the novel, 1984, you didn't have a choice if
you want a televisor in your home, or not.

But people put an always on spy device connected to Amazon (or Google, or
Facebook [honest, we won't spy on you, maybe]) into their homes.

To each his own, I guess, but is the exchange of a little bit convenience to a
potential privacy nuclear device really worth it?

~~~
SmellyGeekBoy
> But people put an always on spy device connected to Amazon (or Google, or
> Facebook [honest, we won't spy on you, maybe]) into their homes.

Do you not walk around with one in your pocket most of the time? (I don't have
one of these devices either, just playing devil's advocate)

~~~
sonnyblarney
Your iPhone is not listening to you right now, but your Echo is. That's a big
difference.

~~~
menacingly
A software control prevents your iphone from spying on you, and a software
control prevents your echo from spying on you.

In both cases you aren't really sure it's the case, you wouldn't know if it
were suddenly disregarded or circumvented, and you're just trusting in the
good behavior of your chosen provider.

~~~
_jal
You also don't know that you're not being tailed by a PI, that your neighbors
are not focusing a mic on your home, or that your dentist isn't on the lizard-
peoples' payroll.

However, we all make certain risk tradeoffs based on numerous things,
including proxy signals. For instance, I would be intensely surprised to find
out my downstairs neighbor was recoding me, based on multiple years of
interactions. Likewise, I find the signal Apple sends ("We need a US-based
GDPR") about privacy rather more compelling than the signal Amazon sends
("scour the mic for hints about product we can shift").

I mean, sure, while both $huge_bank and your hypothetical deadbeat relative
might both steal your money, I bet I know which one you choose to to leave
your money with.

~~~
52-6F-62
> _You also don 't know that you're not being tailed by a PI, that your
> neighbours are not focusing a mic on your home, or that your dentist isn't
> on the lizard-peoples' payroll._

Totally tangential, so feel free to disregard:

This statement reminded me of my experience during my brother's TS clearance
(Canada). CSIS readily had accurate data (in surprising detail) about my time
spent during a short period they must have observed his family members to use
during an interview with him. It was pretty fascinating, mildly disconcerting—
but in this case didn't bother me (in the context, I understood why. I
certainly wasn't interesting at the time). They only could have captured the
data they had by a combination of tailing (however brief or otherwise more
expensive much more technical means) and bank records. I was of course none
the wiser.

Advertisers are another matter. I have a Google Home Mini. It remains
unplugged 100% of the time we're not using it. My phone can always go in
another room. If we decide to turn it on to play with it (search something
benign or play trivia) then we'll have it on. It's good for that kind of
thing, and those are useful enough we don't mind letting Google have the
little data that might produce.

------
elvinyung
To sum up something I've been thinking about: the panoptic dystopia of our
future is evidently not Orwellian, but Molochian (shameless self-promotion:
[1]). We aren't forced to install telescreens in our homes; we live within
social and psychological incentive structures that subtly nudge us toward
willingly having and using them. The network effects enmesh us all within the
stickest of webs.

[1] [https://www.notion.so/The-Bottom-Up-Surveillance-
State-8ea9a...](https://www.notion.so/The-Bottom-Up-Surveillance-
State-8ea9a6e019e14ef7ae4f3ef0ffb35984)

~~~
briandear
A “new version of notion is ready” pop up that can’t be dismissed without
clicking “update” makes your link unreadable. I have no idea what Notion is or
why a website would need me to click “update” on a pop-up.

~~~
elvinyung
Interesting, it doesn't show up for me. Mind posting a screenshot? I'll pass
it onto them.

------
apexalpha
After GDPR our next move needs to be a advertising category whitelist.

I say the EU makes a list of categories that you are allowed to categorize
users in:

\- Age (only year, no month or day this is not relevant).

\- Sex

\- City or geographic area with at least 500,000 people.

\- 5 items selected from a list of hobbies / preferences..

etc.

Companies should simply not be _allowed_ to target people based on categories
like being ill, being poor, being terminal, being depressed etc...

And here's the kicker: if every company is held to these same standards no one
company has a disadvantage.

Well, except the entire ads industry scene which is now set in anarchy.

~~~
FlyingLawnmower
I like the sentiment, but unfortunately predefining a set of categories
doesn't prevent the issues. Even without access to a specific attribute like
"wealth" or "race", the learning algorithms used here can still be used to
target poor people, minorities, etc. by leveraging correlations within the
dataset. Without these features, the bias just gets dispersed through other
correlated variables, and makes it harder to detect that an algorithm is
disproportionately targeting poor people.

Additionally, even a modest list of attributes can be sufficient to uniquely
identify someone.

I think limiting collection is a good thing in general, but to meet your
stated goals, we unfortunately have to do more.

------
oh_hello
This use of data seems reasonable if the company is truly following the
constraints described. The way I read it fever rates were sold to advertisers
with zip code granularity. Advertisers could then target markets, but not
individuals.

It doesn't sound like users would experience creepy invasions of privacy like
"I took my temperature and then every website I visited had a NyQuil ad."
Instead, there would generally be more ads in one city versus another.

~~~
kop316
It would be interesting to read their privacy policy, and then note if it has
something like:

"We reserve the right to change the terms of this agreement at any time and
only have to provide you notice."

That way, before the product is big, they can make those claims, but as soon
as it has an entrenched niche, they can do the privacy bait and switch and
collect all they want.

~~~
quux
Looks like they can do exactly that:

    
    
      By using this Site or Application, you consent to the use
      of information that you provide to us in accordance with
      this Privacy Policy. We do update this Privacy Policy from
      time to time so please review this Privacy Policy
      regularly. If we materially alter our Privacy Policy, we
      will notify you of such changes by contacting you through
      your user account or by posting a notice on our Site or in
      the Application. Your continued use of the Site or
      Application will be deemed your agreement that your
      information may be used in accordance with the new policy.
      If you do not agree with the changes, then you should stop
      using the Site or Application, and you should notify us
      that you do not want your information used in accordance
      with the changes.
    

[https://www.kinsahealth.com/privacy](https://www.kinsahealth.com/privacy)

~~~
kop316
"If you do not agree with the changes, then you should stop using the Site or
Application, and you should notify us that you do not want your information
used in accordance with the changes."

I interpret that to mean "If you don't like what we are doing now, your device
is a brick, too bad." I wonder if there is a legal way to fight back at that.

------
jdowner
So, would it be illegal to buy a large number of these thermometers and put
them in a water bath at 105 degrees?

~~~
ams6110
No, just watch the network -- I would bet $100 that the traffic is not secure.
Once you figure out the protocol, write a little python script to send it
random temperatures and locations.

------
crankylinuxuser
This just throws gasoline on a raging inferno... But here in Indiana, I can
legally walk into election central and ask for the voter registration of
everybody in the county.

The data contains: Full legal name, address, phone#, email, and Drivers
license OR last 4 of SSN.

This would be a breach notification anywhere else.

[https://www.reddit.com/r/bloomington/comments/9qqvmz/tilin_i...](https://www.reddit.com/r/bloomington/comments/9qqvmz/tilin_indiana_anybody_can_obtain_voter/)

Edit: seriously, why the downvotes? We're talking about a legal breach that
leaks PII if you choose to exert your right to vote.

Buying listening posts is voluntary. Voting shouldn't leak your PII.

~~~
Kaveren
I think the downvotes are because people might consider this off topic.

Though, realistically the damage has already been done. It no longer matters
if your SSN is stolen. A very sizable percentage of adults above a certain age
already have this data purchasable for $10 a pop.

A credit freeze is your best option against identity theft.

I think we need to rethink SSNs being used in the way they are today. They
were never designed to be your national identity number. We can do better.

------
AstralStorm
So, when will this data be sold to your insurance company so that you pay a
premium?

------
a3n
> One model of Kinsa’s thermometer plugs straight into phones, while another
> child-friendly version looks like Elmo from “Sesame Street.”

Elmo, a close relative of Joe Camel.

> The company said that most app users opt to share their location and that
> Kinsa does not link the information to phone numbers or email addresses.

For now. The'll either do it later, or they'll be acquired by BigCo, or if
they simply fold then that data will be an asset to sell during liquidation.

------
908087
It's always best to assume that any device billed as "smart" is actually
intended as an advertising surveillance tool.

~~~
dvfjsdhgfv
To be fair, it's not always intended that way, but sooner or later someone
discovers the additional monetizing potential.

~~~
ryandrake
I think we should evaluate people and companies by the results of their
actions, not by their intentions.

------
40acres
I'll admit I'd be very interested in a data broker system that would capture
my data and sell it to interested parties that I then can profit on. The
amount of data each person generates grows and grows per year, even a small
dollar amount would be beneficial I think.

~~~
berkes
There are several such products being built in the 'crypto' space. Civic
intends to allow you to benefit from selling PII for authorization. Datawallet
something similar. BAT intends to let you make money by looking at ads (or, to
be paid for the data you hand over to advertisers). There are much more
following this model of paying for data.

Whether one or more will succeed, wether they need blockchains and
cryptocurrencies: the future will tell.

------
creeble
Amazon patents lots of impractical things. Don't read too much into them.

------
jackvalentine
This might be the first device I've purchased that has betrayed me in a way I
didn't expect.

I don't use a Kinsa thermometer anymore having discovered the hardware was
crap anyway and moved on to a Withings one, but I did not realise, despite
probably agreeing to it in the T&Cs, that they were selling my data. I naively
had assumed me paying for the thermometer was the business model.

I must say it doesn't feel good.

------
gdrift
This makes me sick. Now I need to take my temperature.

I can't wait for the toilette paper that transmits my poop analysis in real
time directly to the good and helpful corporation. For my own good. Who
wouldn't want such close attention to their well being. And it would only cost
10x more and will be mandated for insurance eligibility.

------
jbob2000
> The data showed Clorox which ZIP codes around the country had increases in
> fevers.

No, all it did was show you wealthy areas where people buy stupid crap.

These are really stupid devices. I have the thermometer in my hand when I take
the reading, I can just glance at it to see the reading, why do I need it to
sync to my phone?

~~~
mschuster91
> I have the thermometer in my hand when I take the reading, I can just glance
> at it to see the reading, why do I need it to sync to my phone?

For persons with an uterus, reading a thermometer can be used both for getting
pregnant (=have sex on the day where a slight increase in vaginal temperature
indicates that an egg is released) and for preventing pregnancies... and the
latter case is where the phone sync comes in handy. The pregnancy-prevention
apps work by profiling the dates and volumes of periods, plus sex drive, plus
temperature, to determine a window in which unprotected sex is risky (IIRC,
it's seven days prior to egg cell release + 1 or 2 days after).

~~~
908087
Syncing data to your phone doesn't require sending that data to a third party.

~~~
kevin_thibedeau
Who doesn't need a REST API to convert units?

~~~
JustSomeNobody
You joke, but there's a ton of web devs who think this way.

------
Fnoord
The irony is that people pay _for_ such a device. They should _get_ paid
instead.

------
mountainofdeath
I will leave this here
[https://www.youtube.com/watch?v=DJklHwoYgBQ](https://www.youtube.com/watch?v=DJklHwoYgBQ).
It's comical and frightening when reality imitates art.

------
a3n
Lemme guess, more affluent neighborhoods will have more illness spikes.

------
atemerev
If the data is properly anonymized, it is actually a good idea. Could also
work for public health programs optimization / disease prevention.

------
blang
I'm failing to see the value add of this device.

