
How your data is collected and commoditised via “free” online services - matthewwarren
http://www.troyhunt.com/2016/03/how-your-data-is-collected-and.html
======
hodwik
He's on the right track, but absolutely wrong about where the bulk of this
data comes from.

It's not shady "Take a free trip!" websites.

It's your Dominoes Pizza order, it's your trip to Target, it's everything you
do. (A sales person for one of the big companies listed those specific groups,
but said it was basically everyone.)

The big companies in the industry (LexisNexis, Thompson Reuters' CLEAR) buy
everyone's data. Anything they can get their hands on.

As far as I can tell, everyone in the country's data is being stored;
everywhere you have ever lived, all of your phone numbers, voting records,
debts, legal history, marriages, past names and aliases, email addresses,
everything.

It's all in a handful of huge private systems. Systems that were originally
marketed to law enforcement agencies, but are now being shopped to private
companies as well. Insant CheckMate is just a tiny tiny fraction of what is
actually captured by these data brokers.

Source: You'll have to take my word for it.

Interesting tidbit -- They have alerts setup in the system; E.g. if you search
for the wrong person you'll get a call from headquarters asking why you're
pulling up Kanye West's home phone number, etc.

~~~
state
OK, I'll take your word for it.

Everything I do is being tracked, recorded and passed around by companies big
and small. Yep, got it.

Anyone care to speculate on how we actually change this situation? Or is it
that there's really not much utility in privacy for most people, so we can
just forget about it permanently. I realize that the paths to change are
either regulatory or technical (and I find the latter more likely), but
seriously: paint the picture.

Should we just accept this as the norm?

(edit: grammar)

~~~
bduerst
This isn't a popular question, but is there really a problem?

I've heard the big-brother nightmare scenario type answers before, but I'm
curious to see how they are more likely to negatively affect me than a car
accident or slipping in the shower.

Even with government agencies (NSA/FBI) overstepping or trying to overstep
their limits, isn't the root problem with policy makers keeping them in line?

~~~
AnonymousPlanet
I will answer you with a lengthy anecdote. A couple of years ago I wanted to
buy something from a popular online shop. The shop offered various payment
options. I won't bother with details, so let's make it simple: option A was no
risk on their side but time consuming, while B was higher risk but fast
procedure. I was time pressed, so I was happy to see B in their FAQ. After
signup and checkout there was no option B for payment. I thought it was a bug
in their site and sent them an email.

I then decided to have it shipped directly to my parents (I wanted to use the
item over the holidays) and set up an account in their name. After checkout,
option B was suddenly available. Yay, they fixed it. I made the order.

Back to my account: option B was still missing. Huh.

I then made several new accounts using various addresses over the city. The
pattern that emerged was that in more affluent zip codes option B was
available, in poorer parts it wasn't.

Several days later, my email was answered: they claimed not to offer B to any
new accounts on principle. This clearly wasn't the case.

My sample set wasn't big, and maybe it was a bug or A/B testing plus
coincidence, but it made me think.

Big brother will not kill you or bite you with big fanfare. Instead, you will
be struck by inconveniences. Online shopping will be more pleasant for some
and maybe even impossible for others. That flashy item you want will be
available for others but you will be told that it's out of stock. All of this
will be explained away as mistakes.

~~~
bduerst
What? It sounds like the problem is they _didn 't have_ enough information
about you.

If they had more info, they could avoid blanket policies such as avoiding
riskier shipping options with all _new_ customers, and use with customers they
can prove are not fraudulent.

But here's my anecdote:

I bought a metal collar extender at Macy's with my credit card. It was an
impulse buy at checkout and I have never searched, emailed, liked, etc. this
product in my life. I get on Amazon a week later and I have a recommendation
carousel of metal collar extenders. I was so surprised I even checked my email
for a receipt to see if that's how Amazon retargeted me [there was none].

But then I just stopped caring, because I realized that if anything Amazon was
incurring an opportunity cost for not recommending me something more useful,
and I have more important things to do with my time than to worry about how
I'm being retargeted on Amazon.

~~~
AnonymousPlanet
> What? It sounds like the problem is they didn't have enough information
> about you.

That is part of my point. It will never be perfect, but perfect enough to get
a benefit for businesses. If this leaves you as part of a small percentile at
the road side, that is your problem not their's. In the end, you may be
regularly unfairly disadvantaged because of it nevertheless.

~~~
bduerst
This is an example of a Nirvana fallacy - where you are saying it should be
abolished because the "perfect solution for everything" is unattainable. If
anything, your anecdote proves that should be made even better, not abolished.

Besides, the business lost a customer with you, so it's obviously not perfect
enough for them either.

------
textaural
I have found [https://donottrack-doc.com](https://donottrack-doc.com) [made by
the NFB] to be helpful in thinking about data collection. If I have time at
the end of this semester I'll be taking my first-year students through the
first episode.

------
TheCartographer
He says it in the article but it walkways bears repeating: if you aren't the
customer, you're the product.

~~~
guelo
No, even if you are the customer, say at a supermarket, they're still going to
take your purchase data and sell it. Supermarkets are especially sneaky,
they'll charge you extra if you refuse to be tracked via a "loyalty" card, and
then they market that extortion as savings!

~~~
pravda
Supermarkets will give you as many 'loyalty' cards as you want. And you can
put false info on them.

I assume they can still track your purchases by credit card #.

~~~
newman314
Actually, BevMo is now being much more brazen about it. They scan your
driver's license under the guise of age verification.

I'm several decades past 21. There's no way in hell that I'm an underage
drinker. When pressed the last time I was there, I was told that age
verification up to the age of 50 is store policy.

~~~
hodwik
Along the same lines --

In bars occasionally young women will come in who will give you free packs of
cigarettes in exchange for scanning your ID. I've heard, mind you, this could
be completely false, the cigarette companies sell that data to insurance
companies.

------
mirimir
Just disappear. Gradually, a little at a time. Diversify identities. Take your
friends with you. Make it a game. Many games. What's left public is just the
boring stuff. Make it as normal and unremarkable as possible.

~~~
bgar
I've toyed with the idea of vanishing completely, but nowadays employers often
want to see a web presence.... if it weren't for that, and the convenience of
Facebook Messenger, I might have disappeared already.

I was just thinking about how since one usually uses the same identity for
many different accounts and interests online, it would be very easy to find
someone by looking for people that match those specific sets of interests. You
would have to make separate identities for every sort of interest, and never
mention the other from a different profile.

~~~
mirimir
Well, most people on Facebook just share links. So it's not hard to look
normal. Maybe a little more boring than most, but hey, you work hard and all
;)

If you're going to use multiple identities, they shouldn't have overlapping
interests, or common friends, accounts, etc, etc. And they shouldn't ever
refer to each other. However, it's fine to have a bunch of identities that
break all of those rules, just for the fun of it. You have unassociated clouds
of associated identities.

Dig into Mirimir, if you're interested. There are several more-or-less
associated identities. Some of them are obvious. Some would take a little work
to find. But then, Mirimir is just a relatively superficial pseudonym.

------
gcb0
most other countries listed have laws that completely drop the "we can sell
your data" clause on the site.

If you can find a presence of the company in such countries (and for most you
have to provide some sort of tax id to buy national domain sulfix) then you
can enter unique data there, and call a lawyer. profit.

