Hacker News new | past | comments | ask | show | jobs | submit login
Google starts tracking what people buy in physical stores (latimes.com)
369 points by Jerry2 on May 24, 2017 | hide | past | favorite | 243 comments

This is probably an unusual opinion, but for me privacy is similar to freedom. Freedom is usually defined as a negative: people are free of oppression, have freedom of speech (freedom from speech being constrained), freedom of movement (not forced to stay in one place), religious freedom (freedom to believe what one will and not be limited in practice or assembly), etc.

Privacy is the freedom from being watched, from having one's movements and actions and consumption and words observed, tabulated and stored. I hope that one day whether by laws or technological solutions, privacy will again be the norm in our lives.

I think it's important to note the definition of privacy you use is important.

For me, in my daily life, all of this is completely "private". Google having my data in mass and an identity profile on me that no human will ever specifically look at is just as good as private to me. The fact that computers will be handing this data, not other humans, is an important distinction for me. No human will ever see my individual data in all likelihood.

I don't think the lack of privacy is a problem, but rather the centralized power. It's really tough right now with so much power in information, but the only real information power coming in volume.

> the definition of privacy you use is important

Yes, it is. Defining privacy to mean the very opposite of "private" is pure doublethink/newspeak.

> Google having my data

You're not giving your data only to google. You're also giving it to anybody that hacks Google's servers to take their data at any point in the future (and anybody that buys it from the hackers), and any government (or other entity with sufficient power or influence) that orders (legally or illegally) Google to turn over their data, and anybody that Google might sell the data to should they have unfortunate financial troubles. This list will probably grow as the value of data grows and creative new ways to exploit data are discovered.

I commend Google for taking security seriously. You data is probably saver with them than than many business. However, they are still human so they make mistakes. Hacks will happen even with the very best well-funded security teams using impossibly good practices. When governments are involved, it may not even be Google's choice.

You need to remember that data doesn't go away, so the risk of who it may spread to only increases with time.

> other humans

Humans don't need to see your data for it to harm you. Your insurance company doesn't need a human to feed data from Google (or whomever) (possibly blinded through some sort of "rating service"?) through the machine learning and/or "risk assessment" heuristic du jour to raise your rates or deny coverage.

> centralized power

Pretending the world is just[1] - that your data will somehow be limited to only Google - gives Google a lot of power, that will be hard to reclaim. If by some miracle they are able to do better than most people throughout history that acquire power and only use their power for benevolent reasons, the same cannot be said indefinitely into the future.

[1] https://en.wikipedia.org/wiki/Just-world_hypothesis

I agree with what you are saying but given the probabilities (I don't see the big 5 having a significant data breach any time soon) it is something I'm willing to trade off or sacrifice so to speak. I guess the ideal scenario would be that all corporation and the government does not store my data, even anonymously. But this is unrealistic and I haven't bothered looking for alternatives that are safer/have more privacy.

Focusing on unlikely events is inefficient in that the preparations or measures taken against them often are not worth the expected benefit. Pointing out that there is always risk of improbable events is not always useful especially when mitigating these risks is costly. We increase the chances of being hit by a car when we leave the house or when we jaywalk.

Personally for me, the benefits from using services provided by Google or any other company outweigh the risks of my information falling into the wrong hands. The worst that I can hypothesize would be a political opponent using some data to pin a crime on me and throw me in jail. Or maybe some of this data could lead to me losing my job. Both unlikely scenarios. I am fortunate however because I live in a country where politicians are less likely to abuse their power (still a possibility of course) and I am not a political dissident nor a criminal. The same can't be said for everyone, so for people where the risks are far greater, they take extra precautions because it is worth it for them.

I emphatically opt out of all of Google's services and tracking. I have done everything I can to avoid having them track me, short of quitting my job (we use google apps at work...).

When you (I think, naively) traded your privacy and freedom for their services, you also traded a bit of my privacy and freedom, and that is unacceptable to me.

The same can be said about any of the other big surveillance capitalism companies (facebook, microsoft, etc).

I don't know why you think they will only hypothetically use this information against you. You are bombarded with machine generated attempts at psychological manipulation on a daily basis, and your private information is regularly leaked/sold to bad actors and out of control law enforcement agencies on a continuous basis.

You even say you are lucky you are not a political dissident, so you admit that, in your own mind, you have given up the right to participate in our democracy as you see fit.

I opt out when when it's convenient (ie. located in the settings I don't dig further than that) I deleted by FB.

I value it different and am fully rational in what I have done. Psychological manipulation? You mean ads and recommended youtube videos? If you could elaborate, this would interest me.

With regards to bad actors and overreaching LE, I really haven't felt the negatives to warrant changing my behaviour.

I have no idea what you mean giving up participating in democracy. How does choosing not to be a dissident mean I have given up the right to participate in the democratic process? I'm not American by the way. I'm in a country where I have my vote and I can speak up against my government without repercussion. If I were in an authoritarian one I'd be much more concerned.

Political changes can happen very quickly. Countries can go from free democracies to authoritarian dictatorships in 20-30 years. You cannot know what the world, and your country, will look like in 50 years. Being okay with giving companies ammunition against you is the same as making bad decisions like driving without a seatbelt because "I'm a good driver and I will never crash".

> Personally for me, the benefits from using services provided by Google or any other company outweigh the risks of my information falling into the wrong hands

Which benefits? Most of the services Google provides can be replaced for free or for very small amounts of money -- and without giving up your privacy.

Is saving $50-100/yr really worth granting Google the right to store and abuse your data forever, or the risk of your data ending up in the hands of criminals?

These events are not improbable imo. They are inevitable.

There is anonymity in crowds. That's potentially the privacy he's speaking about.

> Google having my data in mass and an identity profile on me that no human will ever specifically look at is just as good as private to me.

This feels like saying "I have nothing to hide".

>No human will ever see my individual data in all likelihood.

What matters to me is not the likelihood, but the possibility. Can someone who wants to at a later date, "pull my file" and see it all.

If its true then what we have is a classic example of the panopticon. They can't watch everybody all the time, but they can watch anybody whenever they want, even retroactively. That's bad news.

It is private, but it is not securely private, meaning it is a castle made of glass.

How incredibly naive.

Metadata is surveillance

"in all likelihood" ... the key bit.

The US, for example, is one presidency away from complete democratic failure. By which I mean all that data, which now is effectively, "in all likelihood", private via volume, can and will be abused.

Giving up and allowing privacy to fail now only makes disastrous consequences more likely later at the whim of that centralised power you mention.

Privacy and freedom are very intricately related, but rather than saying privacy is a "type" of freedom, I would say that privacy is a requirement for freedom. Perhaps our most basic freedom (more than travel or speech), is the freedom to think. This is possible solely because our thoughts are private.

When you say 'freedom', you mean 'liberty'. Read up on the words and the Federalist Papers - you'll enjoy it.

Isaiah Berlin on Negative Freedom too

Remember that Roosevelt's famous "four freedoms" included two "freedom of" and two "freedom from".

The "freedom from" elements have been de-emphasised lately as they're extremely unpopular with the right-wing:

"The third is freedom from want—which, translated into world terms, means economic understandings which will secure to every nation a healthy peacetime life for its inhabitants—everywhere in the world.

The fourth is freedom from fear—which, translated into world terms, means a world-wide reduction of armaments to such a point and in such a thorough fashion that no nation will be in a position to commit an act of physical aggression against any neighbor—anywhere in the world."

seems to me the only recent threats to freedom of speech have all been from the "liberal" side expressed quite well in colleges with heckler vetoes and codified in law with nebulous hate speech definitions. with regards to worship, same thing, you can have your beliefs but you have to bow to our laws which supercede.

we have lost freedom from fear because both politicians and terrorist profit by exploiting it.

Interesting. So one person sees the right wing de-emphasizing the "freedoms from" and another sees the left-wing taking away "freedoms of".

I guess we need a middle wing that attempts to preserve as much liberty as possible for as many people as possible regardless of who feels it is unequal or offensive.

I say this because I feel that the fight for equality is in direct opposition to the fight for liberty.

Liberty without equality is liberty for some, not for all. Or we're back to the view that people are "free" to do things which they cannot afford to do, or might risk their precarious employment or healthcare situation.

We have also lost freedom from fear because of militarization of police, violent suppression of protest, extensive surveillance, harassment and manipulation of journalists, and threatening actions taken by bigots.

A Googler gave a talk at Real World Crypto in January describing a system that might back this. The relevant part of the talk starts around the 10 minute mark: https://www.youtube.com/watch?v=ee7oRsDnNNc&t=10m1s

In short, they're able to compute the intersection of the set of users who have viewed an ad with the set of people who purchased a product in a store, without either party disclosing their side of the set.

After studying the slides, it looks like they do a Diffie Hellman-like exchange of user identifiers.

g_i = Google's identifier for customer i. s_j = Merchant identifer for customer j.

If g_i == s_j then customer i == j. These identifiers might be phone numbers or email addresses or other identifiers that both parties have.

Neither party wants the other to learn any identifiers it doesn't already known about.

So Google picks a random secret value G and sends g_i^G to the Merchant. The Merchant picks random secret value T and sends g_i^(G* T) back to Google. Additionally the merchant sends s_j^T to Google.

Then Google calculates s_j^(T* G). If s_j^(T* G) == g_i^(G* T) then s_j == g_i and i == j. So know Google knows the exact set of their users who purchased something at the Merchant.

Additionally, for each s_j^(T), the Merchant sends a homomorphically encrypted value for the amount they spent. Then Google can perform a homomorphic addition on these encrypted values of only the intersection it calculated. The Merchant can then decrypt it to get the total sum and share it back to Google.

So in the scheme I described

1) Google still learns who is purchasing at which merchant. 2) Google does not learn individual amounts. 3) Merchants can't perform the same calculation to learn which users saw their ads unless Google sends s_j^(T* G) back to them (not pictured in the slides).

Either side learning that one of their customers is also a customer of the other company would be a significant privacy issue in some scenarios. If comparison identifiers are derived from an email address then there would likely be cases where one party also learns a portion of the login credentials their customer is using at the other company.

It's not a new and a very common process. A personal identifying variable is calculated in the same way on both sides (usually by a third party), then hashed. Hashed values are then compared/matched.

Which is better than exchanging the raw personal identifiers, but still isn't "safe" from a privacy point of view. One or both parties often hold PII and other personal info, and they know which of that is associated with a given hash. So what they learn through exchanging hashes is also (linked to) PII.

Furthermore, although reversing a one-way hash is problematic, computing hashes for known inputs (such as an email address) is straight-forward. So it is possible to just test or probe datasets for known identifiers and persons. The potential for hash collisions is of little comfort.

What makes you think they are just comparing hashes and not this diffie hellman algorithm that they say they have been using?

No idea how Google is doing it. Was referring to how others have been doing it for years.

The European Union is often made fun of with "the Americans innovate, the EU regulates", but in the meantime GDPR[1] is coming into force in 2018

> The primary objectives of the GDPR are to give citizens and residents back control of their personal data

[1] https://en.m.wikipedia.org/wiki/General_Data_Protection_Regu...

Doesn't this fall squarely into "the Americans innovate, the EU regulates"?

Whether that saying is derogatory or not obviously depends on your point of view, but this new regulation isn't contradictory to the saying.

The point was that it's usually said in a derogatory fashion, insinuating that European innovation suffers as a result of this.

Those also aren't strictly tied together. I absolutely believe that EU's internet regulations make it less desirable to start interesting new internet companies there. In many cases, I would also gladly trade that for the benefits of being an individual living under such a system.

Indeed, but again the point is that it's usually said, so as to imply that the EU suffers from these policies.

Whether or not that's actually the case is a different question. To your point, it's a much less cut-and-dry question as well.

I've read the Wikipedia summary, and it appears to me, that GDPR only requires encryption, not anonymisation, of personal data! Or did I miss something?

It also requires trivial opt-out and readability of the opt-ins.

And it gives enough power to really control what companies are doing with people's data. And the fines are huge (up to 3% of the company's global gross amount) compared to what exists today.

Can users still be manipulated to opt-in to a service X if they want a service Y badly enough? I.e., you can only use Y if you also take X?

How many people would opt-out of (or not opt-in to) a service like Google search?

There are some things that must have a separate opt-in from the bare minimum that's necessary to provide the service.

Typically, there are three bullets on European privacy forms: handling personal data to provide the service, handling personal data for commercial and advertising purposes, sharing personal data with third parties (usually for commercial and advertising purposes). Pre-printed forms can only have the first ticked to yes, the other two must be filled in by the customer.

But can ticking those boxes be mandatory for using a service? ie. "if you don't tick all three boxes you won't have access to Google Search"?

No. Anything not strictly necessary must be opt-in.

See also: https://www.google.it/amp/s/amp.theguardian.com/technology/2...

Think it's actually 4%. Seriously huge fines

Just wait to see how the lawyers game these. my bet is no major corp ever pays a penalty that high, ever. there may be some egregious offender that gets caught with this, but not one of the big boys.

If I'm in debt to somebody 10.000, he owns me. If I'm in debt 10.000.000, I own him. Huge fines for behemoths will always be negotiated.

Nevertheless, it's a strong incentive for even the biggest companies to follow the law. EU has the capability and desire to enforce huge fines to make sure data protection laws are obeyed.

They actually do get fined huge sums, and they do pay up. To them it is just the cost of doing business.

Facebook getting fined for privacy violations:


Fines in antitrust cases can already be huge so I would doubt that those fines could be gamed if regulators take it seriously. The alternative to paying a fine is being banned from the market, which for the EU is a big deal.

> Think it's actually 4%. Seriously huge fines

And we'd all be delighted with taxes as low as 15%!

FTA: "Google says it has access to roughly 70% of U.S. credit and debit card transactions through partnerships with companies that track that data."


MasterCard and Visa not only make money from each credit card transaction but to add insult to injury, they make money selling that transaction data as well! That's what I call a ludicrous business.

Or like cable companies trying to get you to pay for TV and then also wanting you to watch commercials. It's all about double dipping.

And Cinemas! I realized a few years ago with the Scottish Indy Ref, that the BBC was state media so I briefly stopped watching and paying for that service.

As a result, everything else that is moving media is surrounded by spam. Even if you pay 60 pound for a premium service (Think how much money it is, even if you have infinite money), you will spend 1/3 of that time watching Adverts.

It is like a Freemium Game Model but when you pay, it doesn't matter.

I have no idea why people are so careless with their time. Now that I ditched TV/Film, and found other ways to fill that time, I honestly feel better within myself. I twiddle around with robots while listening to the 20 hour audiobook (of your 90 minute film), or try to grow Carrots with some weird automated soil probe remotely at an Allotment.

Compared to the enjoyment I get from these time fillers, motion picture is honestly the lowest form of entertainment and the lest rewarding.

You understand you pay cable companies for the infrastructure and it's different companies who show you the programming, right? Do you call it double dipping when you pay your internet provider and then the Netflix account isn't free?

Not sure if you meant lucrative. Ludicrous also works.

I've heard that this is not a very big business for Visa/Mastercard. That's because the credit card processors don't get many details on the purchase, they just know the amount, the user, and the bank they are sending the money to.

My bank seems to know the origin and destination of all the plane tickets I buy (for example), so presumably the CC processor has this sort of information as well? I'm sure someone reading this is in the industry and can explain.

Plane tickets have an odd setup in CC processing systems where it actually shows origin/destination in the transaction information itself. The only other similar example I've seen has been in payment processors like Square or Paypal where they'll include both that it was a Paypal transaction and some customizable string showing the merchant who actually received the payment.

Other than those sorts of situations though, Visa/MC or the bank issuing the cards only know where the transaction occurred and how much it was and don't directly get SKU-level data on what was purchased barring some other sort of partnership with the merchant.

Yeah, this is called "Level 3 data" and can include line items from a receipt and other details of transactions.

False. Years ago I had a business credit card charge from either Target or Kmart where you could see the individual items. So some merchants do share that kind of detail.

That's because they can't do much with this info since they aren't also a giant ad network. Now imagine the same data in the hands of a company which has built one. They should probably start charging more :-)

Indeed - and with their stupid reward programs they essentially buy the users to spend more and more with them.

Is this also true of Amex (which makes more money from each credit card transaction than Visa and Mastercard)?




They used to have a "Business Intelligence Group" which acted as a Consulting firm to corporations who want to answer questions like "Where should my company set up more stores?" The group often sifted through their customer data to answer that question.

That's reasonable, and different from selling it to third parties.

Just an uninformed guess, but I'd say that 70% figure probably covers Visa/MasterCard but not Amex or Discover, based on what I've observed working in retail in the past.

a logical conclusion could be drawn that there either Visa/Mastercard should start an ad network, or Google gets in the credit card game (As android pay becomes more widely accepted, this may be an irrelevant step for them)

So the only way to break the circle is to purchase with cash... And now fewer and fewer people buy with cash, to the point some Nordics plan on doing away with cash as much as possible.

It's very important to keep making as many purchases in cash as possible, precisely for this reason. At least where I live (France), this is very doable.

Cash is an anonymous payment system which cannot be traced and is widely accepted. It's something that would be impossible to bootstrap today if it didn't already exist. Hence, it's crucial to keep it alive.

> Cash is an anonymous payment system which cannot be traced ...

I just wanted to point out the possibility of tracking serial numbers on bills. Obviously it's not going to be as reliable, at least not now, but it could be made more so; for instance, if there was a sudden movement to use more cash for privacy. Of course, that seems unlikely; most people like the convenience of plastic/digital payments, and there's a lot of market pressure pushing people toward those payment methods, so deploying the infrastructure for more reliable cash tracking probably isn't worth a whole lot. But I haven't exactly run the numbers, and there are other possible incentives, so who knows..

It is possible to track the serials, if they wanted to; however, except for banks, I have not exchanged cash with a retailer who scans the bills at the point of transaction and if they did, they'd also have to tie a given ser no with me at the time of purchase. Since a particular bill will go through many hands, it'd be like trying to figure out who made a change on a system when it was done by 'root' or 'administrator' where the whole team logs in as root or admin. Basically attribution would be kinda inaccurate.

Something like half of the supermarkets in Denmark scan all money bills they receive supposedly with the purpose of defeating counterfeit money. However it could easily do OCR on the serial as well. Combine that with CCTV records, and and it does not offer much more privacy than credit card payments.

Ironically I started to appreciate it, after I received a fake bill from a different store.

Sigh, but Google will find a way...

They'll build a "better" cash register which bundles counterfeit money detector and serial number scanner in the same package. Combined with facial recognition on the cameras and accurate timestamps on both CCTV and the cash register, you have your perfect money tracking system right there.

No they won't it would be too high cost, it's easier to make it very convenient to use your phone or card for payments and 95% of people will follow suit.

> Cash is an anonymous payment system which cannot be traced

Not really; bills are individually identifiable and can be tracked by either party to the transaction, and even if the payment medium isn't tracked, the transaction can even tracked by other means (e.g., cameras + facial recognition.)

It's only really untraceable if you assure privacy of the location of the transaction, and neither party to the transaction chooses to track it, and even then if the next party out on either side is tracking, a lot can be revealed.

So you need someone scanning notes, logging locations, watching for patterns to infringe on your privacy, this sounds like it's private except if you are under targeted surveillance.

Cash is no silver bullet. Even if you buy with cash only, you can and will still be profiled. Cameras can identify you automatically, track you around the shop, know which ads you react to, etc. It's already going on.

>Cash is no silver bullet. Even if you buy with cash only, you can and will still be profiled.

Doesn't have to be a silver bullet. Just to be better off than without cash.

Nothing ever is a silver bullet, which was sort of my point.

I was responding to “the only way to break the circle is to purchase with cash”, which just is not enough if your goal is to not end up in a database with your buying behaviour tabulated and analysed. Better? Clearly. But it is neither sufficient nor necessary to break the circle.

Honestly, these days the only way to avoid ending up in someone's database somewhere is to go 100% off grid. While that's still technically feasible, it's becoming more and more difficult to do, and it's still not an absolute guarantee. There are cameras in supposedly "off grid" campsites, and cell towers pretty much everywhere.

That's quite normal here in Germany. A lot of people I know still only pay with cash because most of the people are skeptical about data that may be used against them. Sure, there are a lot of young people (born >=2000) sharing everything and paying everything with card but the older ones still care about their privacy.

That means a safe way I and a lot of people prefer is to get a bunch of cash from a cashpoint and use that to buy stuff to not get profiled...

Germany is one of the few countries that has recently seen the reality of what tracking can lead to if the wrong people end up in power. So the question is, do you trust Trump or whoever comes after him?

My main gripe with shopping in Germany is everyone is standing there at the cash-register trying to find the correct ammount of cash to pay. There is a large amount of different coins you have to sorth through and they all look similar to me. But everyone does it (even the young) because everyone cares about privacy.

Haha, I don't know why you are writing about Trump but no: I don't trust him or anybody else but I think that's because I'm a very skeptical person.

I think the problem with long waiting queues at cash-registers isn't the amount of different coins but the people that 1) do not calculate what the need to pay 2) want to speak with the sellers because they have nobody else they can speak to

But that's all a thing of personal attitude: Do we always have to be fast at everything what we do? Do we always need to optimize everything and use every free minute? In my opinion the laxness comes with age and who knows if we will do the same things in some years that we are hating others for today?

> There is a large amount of different coins you have to sorth through and they all look similar to me.

Only a problem for non-Eurozone visitors really.

Was there really any need to include a remark comparing Trump to Hitler?

(a) it’s not about Hitler, but the StaSi/MfS, the East German internal spy agency

(b) it’s not necessarily about Trump – but considering the US has elected Trump, and considering how many freedoms Trump has tried to erase already, what’s if someone worse comes after Trump?

I personally think it's more likely the poster was referring to the stasi.

they were referring to the stasi [0] in east germany. and yes, your leader does have some worrying autocratic tendencies that merit being pointed out ad nauseam (since he's supposed to be the 'leader of the free world' and all that jazz...)

[0] https://en.wikipedia.org/wiki/Stasi

The reality in the Nordics is already that most people never use cash. I cannot recall making a cash transaction in the past 18 months.

I use cash mainly for convenience at yard sales and crowded bars/events in Finland. There's not many situations you'd need cash if you live in a big city, even yard sale transactions can be made with mobilepay.

It's mostly older people using cash anymore.

Yep, there are still places in Finland where even young(ish?) adults find cash occasionally useful, especially in unusual transactions where the seller is not professional.

For example, if you start having kids, and going into their sporting events or whatever, you'll find that any form of electronic payment is most likely not accepted in the pop-up cafeterias ran by parents. No cash? No coffee for you.

Cash is still a handy way to give your kid some money to spend. I know some people already get their second graders a debit card with a monthly allowance, though.

But yes, about 99.5% of the transaction volume in my household is electronic.

In Denmark, in a noisy, busy bar, a card payment (especially contactless) is easier -- I don't need to hear the amount from the barman (obviously a challenge in Danish even in ideal circumstances...) and the barman doesn't need to return to me with the change.

The primary use of cash is shopping in Christiania.

My car is due for an emissions test, and this morning I was looking at the testing company's site to see if they accept cash. I thought it was ludicrous that I couldn't be sure whether a face to face transaction could be done with "legal tender."

I'm actually surprised that retailers haven't started surcharging people paying in cash by now in order to drive all of individuals' transaction data into the panopticon.

Many do, effectively. See: loyalty cards with special pricing or rewards attached. Membership cards for Costco or Sam's, though there are other reasons for those, too.

Stacking that stuff and CC rewards can save you several percent of your retail spending a year. Paying cash is like paying sales tax twice.

[EDIT] to be clear, you effectively pay more to not be tracked in general, not just for avoiding a CC. Loyalty cards get you regardless of payment method. Also, lots of stores try really hard to get you to take "their" credit card (god, Target won't shut up about it) with unusually good rewards or discounts at their store. You can bet they get access to those data, including when you use it other places, even if Visa or MasterCard services it (and also gets the data)

They won't in the medium term because of how much they hate the credit card company's cut. 3% is a lot on an already low-margin transaction at Walmart.

There is no way Walmart pays 3% when a small business with minimal documentation can pay less via Square, PayPal, etc...

And as mentioned elsewhere, cash has a cost as well (theft, miscounting change, counting in and out cash drawers during shift changes, arranging daily deposits, trips to the bank, etc). As someone who worked retail 10+ years ago, I can assure you all these things happened, and probably added 2-3% to costs vs electronic payments.

3% is probably inaccurate, it may be 2% with a cap of 21 cents or something like it, I don't know the average percentage. I do know it is upsetting enough to Walmart to sue for 5.9 billion in 2014[1] and join a class action lawsuit for 3 billion in 2003[2], to go in on a electronic mobile payments processor with rivals target and stores rite aid and cvs[3]. I got all this perspective following the news that Walmart would not back Apple Pay because it was holding out for it's own system [4] with lower fees called "CurrentC" (that I think died? I haven't heard about it since).

That last article quotes it at up to 3% but most say 2%, so I am assuming there is a percentage and a fixed cost, and possibly a cap. In any case Walmart had a long history of being very unhappy with the relationship.

[1] http://mobile.reuters.com/article/idUSBREA2Q2BJ20140327 [2] https://mobile.nytimes.com/2003/06/06/business/merchants-may... [3] http://www.computerworld.com/article/2839144/heres-why-rite-... [4] http://time.com/money/3541247/apple-pay-walmart-current-swip...

Walmart wouldn't take credit if it wasn't financially sound for them to do so.

Walmart Canada has stopped accepting Visa due to the fees.

Doesn't mean they like the arrangement and are going to shill for the credit card companies though. That was my point.

Um... Walmart IS a credit card shill, they have their own credit card - https://www.walmart.com/cp/walmart-credit-card/632402

We don't know Walmart's feelings, they may like the arrangement. Business go cash free for all kinds of reasons. Customers that use credit spend more money than cash customers. Walmart probably isn't one of those places that benefit as much as a pub but they may have a small credit spending boost that covers the fees.

Walmart is a really smart and data driven company and I'm sure they've weighed their options about what is effective business practices for them.

A walmart branded card gives them money back though, I see it more as a way to slow the bleeding on transaction fees they are going to have to pay no matter what. See my cousin comment on the whole "CurrentC"[0] debacle for where I am coming from on this. Walmart has a long history of sueing the credit card companies over their rates and had tried to make a competitor.

[0] http://time.com/money/3541247/apple-pay-walmart-current-swip...

It still has transaction costs.

So does cash handling.

I went to a store in my city that just opened a few weeks ago. They advertise as being paperless and cash free, and only accept debit/credit. I think it's the first time I went to a store that refused cash.

I don't travel a ton but I have not been on an airplane in the last decade that accepted cash for in-flight purchases. Debit or credit only.

My experience with short regional jumps operated by a subsidiary or third-party under a larger airline brand has been that they do cash-only while the medium- and long-haul flights actually operated by the large airline have been card-only.

AFAIK in Germany merchants have an obligation to accept cash. https://de.wikipedia.org/wiki/Bargeld#Rechtsfragen

Only to settle existing debt. If they say "No cash accepted" they could do their business that way (and have no customers). As an extension, gas stations are allowed to refuse large bills if they put out a sign (and the all do).

Costco doesn't take cash. Probably the biggest physical retailer that doesn't.

Why would retailers care? They are not making money from the payment information; the credit card company is. Further, they're not making money from the fact that people use the credit card; it's again the credit card company. I don't think that adding a surcharge for cash purchases (or, more realistically, a "discount" to credit card purchases) would make much sense economically? (Except in situations where handling cash is especially inconvenient, e.g., buses, vending machines, etc.)

Retailers definitely make money by tying together transactions (easy with cards, impossible with cash). That's why loyalty cards exist.

They do it in a different way - through loyalty cards. In a store I frequent (which is cheap, and thus services lots of poor people), you can save a bit of money by just letting the clerk scan your loyalty card.

Interestingly, the discounts are usually not on the "exclusive" items, but on basic necessities - like vegetables.

Also, the shop in question didn't even have debit/credit card readers until very recently. I suppose stores may be reluctant to pushing people into card payments simply because processing fees are too large if you're running on small margin.

That's an idea that hurts poor people.

My first thought was: why only 70%?

This may be a case where the savings (i.e. money from selling data in return for a big pile of cash) are actually passed on to the customer - e.g. transaction costs are lower for Visa/Mastercard for merchants, which is why they sometimes don't accept Amex and Discover.

It would be interesting to see if Visa and Mastercard have some clause which prevents Google from buying data from AMEX and Discover (competitive advantage for them because then Amex and Discover's transaction costs aren't subsidized) in return for agreeing to part with their data. Said another way, what's preventing Google from also getting data from Amex or Discover? Its not as if Google is going to say no.

Agree -- that is a staggering figure and I'd love to know more about what they mean here.

This is the point that really shocked me! I'd love to read more on this.

The book "Chaos Monkeys"[1], while irritating in many ways, has a detailed description of how Facebook correlates its own advertising data with information from data brokers (such as credit card transaction aggregators). This kind of stuff has been happening for quite some time. (As an extra bonus, the book describes how the author's ad-tech startup got into YC and was bought by Twitter.)

[1] https://www.amazon.com/dp/B019MMUAAQ

Oh it gets better. "We don't know what you bought or how much".


> Level 3 processing can benefit businesses who sell to other businesses or government by lowering your transaction cost by as much as 1.50%.

> Line Item Details:

Of course, if they are like one of the places I worked...they just turn it on for everyone and pass it along regardless.

This was absolutely the most worrying part for me. How in the hell did Google get access to that much?


Google: You're already way too deep in our lives and now this. When will you ever stop? When you own us?

I was under the impression that Google already did this.

A Googler already described this to me years ago as "closing the loop", where Google's ad network already exposed a customer to a brand/product, but Google only gets credit for the conversion if it happens in the same browser session online. By tying together stats between impression and conversion (purchase, even in-store), the ad network becomes more valuable -- or less, if there was already an assumption of this effect with previously overestimated results.

You are correct, this is not new at all. I worked as a partner with Google on implementing this 2 years ago. By then there was already public documentation on the internet.

Lots of companies have been improving attribution online. Offline is quite a different beast.

I remember reading an article a few years ago about Facebook doing this. It's also why some merchants will ask for your phone number, even if you pay in cash. With your phone number, the merchant can identify you. In Facebook's case, they know what ads they show you online, then they can tie any subsequent purchases tagged with your phone number back to your FB account.

Sounds like another company claiming credit for something it didn't actually do.

facebook showed me ChristianMingle ads for years despite marking myself as agnostic. I have a fair amount of experience with the Ad-words network and all I can see of facebook's ad network and target is that it sucks. I've never seen any place I've worked have much success deriving any meaningful value from facebook ads.

What if ChristianMingle was OK with attracting agnostic to their site? I mean, you don't have to be Christian to want a partner and agnostic can also be synonymous with open.

It works for us. But we cater to a small niche that's fairly easy to target.

I would guess that Christian Mingle specified an age/location target, and assumed the name would filter out non-Christians from clicking(and therefore the company wouldn't have to pay).

This sounds like some bullshit to me. Not that Google claims to be able to close the loop, but that a Google ad actually influenced me in any way, let alone a physical purchase in a brick-and-mortar.

PPC Ad-words perhaps influences me if I'm researching a product or service, but that's mostly a function of search results placement rather than . Usually I scan down below the first few search results because those are people trying to tell me they're what I'm looking for and they usually aren't.

I will readily admit that I have to consider that I am a freakish outlier, though.

If you're a mammal, you are subject to operant conditioning. Hell, most vertibrates are, as well). You aren't "freakish" for believing advertising doesn't work on you. There are plenty of gamblers who have convinced themselves that they have a system that will beat the house or alcoholics that believe they can hold their liquor.

The world is rife with people who believe they are immune to marketing. Nearly no one believes the ad impressions subliminally control your mind and force you to buy their advertised product. By simply seeing a product image, logo, brand name, etc (even in your periphery), you are being (re)exposed to a product in hopes that over time, you will remember the impression that ad made on you. Advertisers know, from studying consumers, that advertising doesn't work equally on all people or at all times.

You should read or watch Tristan Harris describe how some of the best companies in the world (especially tech companies) are great at "persuading" their customers/users/visitors to go through a well defined loop, often taking advantage of quirks in human behavior.

As a developer who worked at a game company, I've seen the development process first-hand.

As an enthusiast of behavioral economics, I've seen proof that humans aren't as rational or and don't have as much "free will" as most Americans believe they have.

As an amateur dog trainer who has trained a blind and deaf dog, I've seen amazing progression of learning and intent that happens when using operant conditioning to train an animal.

[1] http://www.tristanharris.com/essays/

My former employer Square (generally a great company) has been doing a similar thing for a while, in partnership with Facebook [1].

[1]: https://techcrunch.com/2016/06/14/facebook-knows/

I'm interested to read about where people believe this progression of technology will take us in the near and far future. Are there thought out considerations of what type of world we are heading towards? Has Google revealed their vision of advertising for 2032? I don't mean this rhetorically, I genuinely want to know what vision there is for advertising in the future because I believe it's something we really ought to be thinking about and judging so we can make informed decision about what's best for us.

I love this question too. I think we're heading for a full blown "société de contrôle" (see Wikipedia). So the locus of power is changing. Before it was repression, now it is control. It's not inhernetly good or bad. But my gut feelings says that we're transtionning to that society. And while we're transitionning, the first movers, the fastest movers (Google, FaceBook, etc) have an advantage and therefore may look dangerous to us. So in complement to your question I'd like to hear about what are the forces that are here to balance the powers.

> what are the forces that are here to balance the powers.

Well there's no chance of a David vs Goliath so the only one I can think of is governments. Yeah...

Yep, I know that but somehow, at my age (and I'd say even at a younger age), one must think that change does exist and that change is for the better. So maybe there's a David somewhere... Right now I'm thinking about the Pirate Party, but I have no ideas of what they're doing...

Jaron Lanier writes about this in his book "Who Owns the Future" [1]

Disclaimer: I haven't read it yet, so can't say if it meets your "thought out considerations" criteria.

[1] https://openlibrary.org/books/OL25424120M/Who_Owns_the_Futur...

Now I will have to seriously consider getting off the Google ecosystem now. Deactivating facebook was okay, but Google might be tricky considering many of website accounts use Google authentication.

Okay, this is a small rant that is not directly aimed at you, so nothing personal. This is aimed generally more at people in the privacy at all costs camp and the like. If there's some viewpoint I'm missing here I'd also love to hear it, so it's not really a mean-spirited rant either.

Google owns the internet at this point. For general use purposes, they ARE the internet. So avoiding them should really have at least SOME effect before it's even seriously considered.

What does getting off Google do?

It doesn't hurt them, as there's no way a significant number of people will take action, at least in the near future.

So, then it must be done for you. By not being in these services and having all this data collected on you, what do you actually gain? Likely, nothing at all. You won't be able to be tracked down as easily if Google turns evil, sure. If their data is breached in a meaningful way, sure again. But, for both of these, emphasis on "as easily". At this point, if you're looking to maliciously track down just about anyone, it's not hard at all. You'd have to go fully off the grid to get this. And in that scenario, what do you gain again? We follow down the same road of "I only gain something in very unlikely scenarios" again.

So to me, the only way this type of perspective makes sense is if you believe those very unlikely scenarios (from my view) are much more likely. And if they are, we're all fucked already, and being one of the few to be off the grid probably won't matter in the end.

Basically, at this point, you've already given yourself to Google. Rather than decide whether or not to trust them, I think putting more effort into trying to influence them towards "not being evil", as they say, is much more of a realistic move for someone with concerns over data, privacy, power/security of all this, etc.

Am I missing something?

PS: I understand Facebook - for some, there are no significant benefits you give up. For most, you're going to give up a lot more with Google.

I don't know, I think it's easier than you make it out to be. I don't use gmail, I have Duck Duck Go as my main search engine, I don't log into Google in my main browser. I just don't use anything on a regular basis that needs a google login. When I do, I open Chrome and log in there, so it doesn't taint my main browser. It hasn't affected my life or my career negatively (or at all, really).

That's a fair answer, and I'm sure one that many share. Thanks for addressing the question directly - I see how for a minority of users, the switch makes sense.

I guess for me, I don't care enough to make all those changes. As a Chrome user, the sync across things is nice, and I enjoy the interface. I'll take the ease at risk of someone having my data in a catastrophic situation. Obviously, your choice makes great sense for you.

> I guess for me, I don't care enough to make all those changes.

Up until I read this article, I used to feel the opposite way. I think there is some value in everyone having privacy and personal space. It gives us an opportunity to decompress and relieve some of the stresses of our increasingly connected world.

However, discovering that Google (and others) are merging my online and offline behavior is making me doubt my viewpoint (the 70% figure really hit hard). If I can't escape it, why not just be apart of it? Surely life is a bit simpler: not having to pay for email, better search results (DDG vs Google)... It seems that whether you want to or not, you _will_ become part of the google/facebook/etc ecosystem.

The other reason I used non-google services was in some ways to "hedge" my position. By using a non-google email with a custom domain, I am not tied down to any email provider (note: I bought the domain explicitly for email use). If I ever became unsatisfied with my email service, I could always switch to a different provider without the hassle of creating a new email address. Now, maybe this is just a defeatist view, but I think google/facebook are too big to fail. If google disappeared tomorrow or in 10 years, there would be chaos -too much of the world depends on it. Does this give them enough power to exist in perpetuity? Maybe it's time to just cave in and use all google services. It sure is cheaper.

> "I think there is some value in everyone having privacy and personal space."

I never got how Google having my data as part of a larger picture ever affected either of those in my daily life. They use it for power in mass, not over individuals. It's an important political conversation, but it's doing everything but affecting me specifically/individually in my daily life (in negative ways at least)

Edit: Just wanted to say I appreciated the comment. As far as too big to fail goes, I don't think Facebook is yet - they are fighting hard to become that right now though. You can easily function without Facebook - right now it's basically only serving as an address book and messaging service for me, and I have good alternatives for both of those. Google's integration into everything is what makes them too big to fail. I've given up on fighting Google, but I'm still careful to some extent with Facebook.

They can track your purchases, but if you stop using Google credentials, they're going to have a lot harder time tying it to your ad views.

It's impossible to avoid having at least some data in various services, but if you divide and conquer, keep accounts separate as much as possible, don't have accounts with companies that collect data about you in other ways (or use fake names and email aliases), you can break up their picture of you.

While articles will point out how small groups of anonymous information can positively identify someone, these programs are likely to be more fragile on a large scale basis. Don't make it easy, and more than likely, at least some of the tracking and the benefit they get from it will fail.

Another possible solution is to go through all of Google's privacy settings and opt-out of all their tracking. They're better than most about being upfront and giving you opt-out options.

Indeed, though AFAIK they still haven't implemented a 'stop constantly nagging me to turn the surveillance settings back on' option.

I've had the settings off for some time.

Unfortunately now anything you buy in person using non-cash is likely being tracked by them anyway

"Hey, they did feed us our whole lives, and gave us room to run for a bit. And they're a farm, so it's your fault for not realizing they were going to kill you for meat the entire time. And we're practically halfway to the slaughter house right now, so why would you even try to put up a fight. Just give in and let them end it nice and quick."

As opposed to going kicking and screaming, all to the same end?

The metaphor is still flawed thoguh doesn't add anything to the conversation here. What exactly is the equivalent of death here? Google has all your data - what could they do with it that will affect you realistically? Or if someone malicious gets it?

My point is that the likelihood of malicious activity is low, and so are the consequences. Am I missing something?

We live in the information age, when information is the ultimate power.

One danger is that with all that data about you and very advanced AI/ML tech Google can push you into making irrational purchase decisions (yeah, I know YOU are special, and advertising doesn't work on YOU) - e.g. buying a red sports car in your 40s.

The other is this data will be available to NSA, GCHQ, etc. and their controlling governments, politicians, their wealthy sponsors/muppetmasters, etc. Do you trust the politicians in USA, or any other courtry?

We are all man and not angels. Having all data on someone, you can always find shady stuff. Using that government and big business can make sure there are no influential union leaders, political parties offering real change, etc. It will be the end of (however imperfect) democracy.

"We live in the information age, when information is the ultimate power."

That power doesn't come from your individual data point, but rather from the collective points. In order to have an effect on that power, you need mass action.

The rest of my comment back is already covered by the other child comment here by name_for_now, which I strongly agree with.

So, outside of giving your data to government agencies, you're saying the worst thing Google can do is use ML to turn you into a consumer-zombie? While I mostly share your stance on this, that argument just seems completely ineffective (in part to the sense of exceptionalism you mention). Unless there's some poster child case of this that I'm unaware of, I'm not sure why "big scary ML-injected ads" keep getting brought up when there are potentially more valid concerns out there.

Moving on, the remainder of the argument relies on the assumption of an antagonistic state, which if true, means you have a much bigger and immediate problem in the first place. Google or not, China seems to be doing pretty well as a surveillance state so that doesn't seem too convincing either.

So I don't think that opinions will change without a string of high profile incidents that substantiate both of the concerns you mention.

> So, outside of giving your data to government agencies, you're saying the worst thing Google can do is use ML to turn you into a consumer-zombie?

Or a political zombie. Did everyone forget ad-tech's role in the 2016 election?

> I think putting more effort into trying to influence them towards "not being evil", as they say, is much more of a realistic move for someone with concerns over data, privacy, power/security of all this, etc.

There's absolutely no chance for me to do that. I don't work at Google, I'm not rich nor influential. I have as much influence on what Google does as I have influence on the orbit of the planets.

Voice (https://en.wikipedia.org/wiki/Exit,_Voice,_and_Loyalty) doesn't work. The only other option is Exit, and while it's shitty, it's not as utterly futile as Voice is.

i don't avoid spy-tech companies to hurt them, i do it because i have a problem with being spied on. i also prefer to be a direct customer of the businesses whose services i utilize. it is important to me that our interests are aligned. why? i don't really know. personal preference? paranoia? doesn't really matter.

i can't control google and i don't care about trying to influence them. i do my own thing and i make a lot of my own stuff. i like it that way. i like the independence.

> By not being in these services and having all this data collected on you, what do you actually gain? Likely, nothing at all.

By closing the curtains in your bedroom when you're about to get busy with your partner, what do you actually gain? Likely, nothing at all.

I place a not-inconsiderable weight on not feeling like I'm being watched and recorded every second of the day and night. By controlling which data I give companies like Google and Facebook, I significantly reduce this creepy feeling and so gain a significant amount of peace of mind.

You're not wrong but for me this kind of behavior just takes away the joy of technology. We don't completely own or control our devices. The services that we use all have hidden (or not so hidden) agendas and treat us as products.

I'm still using an old Nexus 4 but I can't be bothered to replace it. Nothing on that market excites me anymore.

I think the point is that we will give our data and maybe trust to other companies. I don't care if Google is hurt or not. Another company that is more privacy-centric and not creepily tracking everything (anonymized or not) will benefit though.

Agreed, I'm not for/against Google here either. So is there a privacy-centered company that offers what Google does?

Depends what you're looking for. You won't find one single company with as many tendrils as Google... but that's okay, you should be really worried about a company with that many tendrils. If you need email/calendar/contacts, I recommend FastMail, for example, but you're gonna have to get your hardware and your other services from someone else.

What are you talking about?

Personally I use a few Google services - search, News, Products, YouTube, without logging in and don't see why you'd ever NEED an account. If you have to use something like their analytics or cloud, just spin up a VPN-ed VM.

It's also a matter of principle. You can always argue that if you have nothing to hide, then you have nothing to fear in support of more surveillance. But that's a slippery slope.

(OP of parent thread here) Okay. I understand your points.

Actually I have posted the reasons for such considerations before on my blog:


> Google owns the internet at this point. For general use purposes, they ARE the internet.

This is an obscene exaggeration.

You are seriously overestimating how much significance Google has, and how irreplaceable they are in people's lives.

If you've never seriously bothered looking into leaving the Google ecosystem though, I could see how you might think that way.

The hardest part about transitioning away from Google for me personally, was the time it took to switch all my accounts from one email address (GMail) to others (Kolab, Posteo).

It was still no more than a few hours of one day. After that, no more Google. I've been free of any Google accounts or services for around 4 years now and despite an initial headache, I don't feel like I'm missing any irreplaceable conveniences.

Just use a different email provider (or roll your own), use duck duck go for web searches, don't use an android device.

What else do they own?

It's already becoming in vogue to move away from facebook/google and are actively looking to move towards other systems but there aren't a lot of quality options out there at the moment.

If I could quickly spin up a remote server that had baked in panels for email, blog, and hooked up to mastadon, and a distributed reddit, I would probably go a step further. Further than that? Not sure what else I could do.

Open to suggestions.

> don't use an android device

what else is there? I don't want Apple.

My vote doesn't mean anything either.

Yes, you are missing something.

You are the product.

By using these services, your beliefs, habits, work, and by extension you yourself, are slowly being turned into a product for consumption by, at best, profiteering business executives, and at worst, totalitarian regimes.

Does facebook want you to find and actually spend time with people? No, they want you hooked on their website endlessly posting cat pictures and looking at cat pictures from your "friends". By doing this, they make you lonely and isolate you from actual social contact; there's an entire generation of kids who think socialization is facebook. Facebook is loneliness and isolation and when they have you there, on facebook, isolated, they own you.

Integrate your Facebook with Spotify? Someone pays spottily to run subversive, politically motivated songs. Who do you talk about that for reference? To know if the politics or history you are being sold are factual.

Integrate your Facebook with Uber? Uber now knows your approximate income and how gullible you are, and will charge you a consummate rate.

Integrate your Facebook with your New york times subscription? All of the MSM outlets use parametric targeting of readers to display articles to them think they will identify with. If someone pays them advertise to passionate democrats in order to get them to donate, chances are, you will see a never-ending news "feed" (Love how they call this a feed, like a cattle feed) of tabloid news which provides you with all kinds of "calls to action" in order to donate. You'll see stories on how chocolate cures cancer, then an ad from nestle. The more information they have on you, the more precise and intense the targeting.

And you won't know, you can't know, because engaging in that degree of paranoia is crazy.

What do you get by opting out completely?

Advertising works by making you unhappy, by manipulating you to be unhappy, by whispering terrible and horrible things in your ear and hoping you buy a lifetime subscription of unhappiness. It tells young, beautiful women they need makeup in order to be beautiful. It tells ingenious IT geeks they aren't good enough without knowing framework X or having product Y. It tells fat people to buy dieting products that never work, that can't work, because if they were to cure the problem, they couldn't ever be sold another approach. Go search google for weight loss right now; How useful is ANY of that information to someone who wants to lose weight? The observation being, google is providing you with nothing, absolutely nothing, because you_are_the_product.

While you are ingesting advertising, you will never be content. You will never be fulfilled. And worse, the more time you spend in the bubble, the more of what and who you are will be configured to be that unhappy, totally messed up amalgamation people the big businesses wanted you to be, and the longer it will take to de-consumerize.

This is what psychological warfare has become; what the studies and sciences of psychographics, psychovisuals, psychoaudio, public relations, communication and marketing has become.

If you opt out, you retain your freedom to think for yourself, act for yourself, and be yourself. You retain your ability to be content and happy. You get to have real friends. You no longer exist in the 7th circle of hell.

> "You are the product."

From a business perspective, yes.

The rest of this is a lot of nonsense.

I don't want to dismiss it as completely paranoid, because I know it isn't fully. Many of these things could be or are happening (I would likely say fewer are in existence now than you I'm sure). The difference is that I don't really mind that much.

Your view of advertising is quite terrible. It doesn't work that perfectly. I've never had a Coke in my life, but I know their brand because of their effective advertising. My happiness has never once been affected by it. If you are able to parse advertising language, the messages are clear, and the bad messages just become laughable.

Of course companies have motives all centered around profit - welcome to capitalism, for better or worse.

> "If you opt out, you retain your freedom to think for yourself, act for yourself, and be yourself. You retain your ability to be content and happy. You get to have real friends. You no longer exist in the 7th circle of hell."

You can also be "in" and still be able to think, act, and be yourself. You just need to be aware that you're in. I'd be a lot more affected by trying to opt out rather than the mental filtering that anyone who's aware trains themselves with. Not to mention that this has nothing to do with real friendships.

There are anonymized credit card services, including pre-paid and other solutions. The following is based on notes at least a year old, and I haven't tried them:

* Abine

* Final https://getfinal.com/

* Privacy Inc. https://privacy.com/

Also, many pre-paid cards require the user to identify themselves before the card is activated

I didn't downvote, but some of those only help so much. Your name is still in the track data, and for credit you generally have to input a zip code. For online purchases, you're entering an address as well.

Yes, but even if a panopticon could theoretically piece your entire history back together, using multiple companies to keep the silos separate is one way to reduce the ease with which this can be done.

That's why it's such a big deal when companies sell your info. Merging silos dramatically increases the amount that can be inferred from each piece of information.

I'm not sure why you're getting down voted. This is reasonable contribution.

> The new tracking system was created in consultation with “incredibly smart people” to ensure it's not invasive. He described the program as “secure and privacy safe.”

It's not "incredibly smart people" you need; it's "highly ethical people".

Very important point. In my workplace, often the smartest engineers are so focused on doing smart things, they forget that the data they're dealing with belongs to, or identifies, people.

Got to make those yearly objectives/appraisals count though.

Perhaps a more subtle thing for them to keep in mind: many people carry out a mix of card/online and cash transactions. Only the card/online transactions will be captured. The Panopticon's record will show an extremely unhealthy and meagre diet for me for instance because I buy fresh fruit/veg at markets - cash only.

It strikes me that data censored through transaction modality and then used to make marketing decisions may result in poor results.

If they can still make predictions based on a partial dataset it's better than nothing and probably profitable to use. Chuck some linear regression or similar at it.

Also in this particular example, they could probably compute that your junk food shopping doesn't account for your daily calories intake.

The Panopticon central says 'cash is going bye bye sunshine'.


Cash will be around for a fair time yet, but you have a point for any form of regular or recurrent expenditure. As the above pdf explains 'hoarding' of notes as a store of value seems strangely popular...

Sooner or later people will start to revolt and either go back to use semi-anonymous cash or truly anonymous payment systems like bitcoin. Google and advertising will then be in the dark.

Bitcoin is not "truly anonymous" by default. All transactions are public and can be traced back to you, unless you use non-logging bitcoin mixers for every single transaction.

No, you just mix a bunch, and then use them. But you must use VPNs and/or Tor, to avoid linkage by IP address. If you want compartmentalization, just mix into separate wallets. And if you want strong compartmentalization, do everything via Tor, and put those wallets in separate VMs (such as Whonix).

Indeed, Bitcoin can be anonymous if there is enough critical mass. But that requires far more involment than the average person is willing to do. Cash is easy and simple.

Only if we don't all but lose the option of cash before then. The war on cash is being waged, more in some countries than others, but is a political trend to envision a future without cash.

Would not it be easier to make a law forbidding transferring personal information without a person's consent? Not opt-out, but rather opt-in scheme. Companies like Google just exploit a lack of regulation.

As usual, the European Union has some good intentions in this area:


We'll see how that goes. I have a feeling most users will just opt in without much care.

Bitcoin: I don't want Google to have access to a private ledger of my transactions, so instead I'm going to make all of my transactions available via a public ledger.

People, in general, do not seem to care about privacy so long as they are getting something in return. So, yes, some people will revolt but not a critical mass.

How anonymous is cash really? All money bills have serial numbers that could automatically be correlated with ATMs and your time/location data.

I read an article about a year ago that about 50% of China's ATM had this serial number recording capability, and that at least some compuer-connected cash counters had it too. I was highly sceptical, but then I found a cash counter that had this capability listed on its specifications page. I don't have time right now to find it again, but they are out there and it's already being done at some places. Okay, maybe not correlated, but recorded for sure.

What does that mean? The point behind that quote is that they're very aware of the privacy implications and took some of their best engineers to make sure things are well implemented and secure. The product in itself is clearly described here. It's not up to individual employees to be "trusted" with this type of data, as it must be encrypted at rest and all accesses audited etc.

Which is why I'm very worried about DeepMind's secret ethical board, if one even exists:


Why would it have to be secret if it's supposed to make people trust Google's AI more? And what are they hiding? Is President Duterte or a Saudi prince on that ethics panel? (serious question - we just don't know right now)

It needs to be secret to facilitate open discussion. That said, there should be a public component to it. For instance, they should publish their findings when they come to consensus.

Agreeing to work on mass surveillance/manipulation tech isn't something highly ethical people do.

Are there concrete recommendations for being able to use a credit card (i.e. for an airline purchase where cash is tough) and maintain maximum privacy? I know Apple Pay helps vis-a-vis the merchant since the CC number is hidden. Are Visa, AMEX, MC different at all? Are there banks that have better privacy policies or does it not matter since the bank is just handling the final money transfer?

I use a service called Privacy.com which is quite convenient for certain types of transactions or when dealing with certain merchants. Check their privacy policy: https://privacy.com/terms#privacy-policy

The one thing that stands out to me is this line: "Privacy.com does not disclose personal data to third parties for direct marketing purposes."

I am suspicious that the addition of the word 'direct' in that sentence might be significant. I'd love to hear of other similar services.

"The kinds of data that Google is collecting also could become an inviting target for hackers, said Miro Copic, a marketing professor at San Diego State University"

As if Google wasn't already a target already?!

It's worth seeing the information from the source. The talk[0] and the blog post[1]. Plus, as Engadget called out[2] in an update, you can opt-out by contacting your credit card company, and there are more details at the FTC[3].

[0] https://www.youtube.com/watch?v=MmkRJqnQ2T8&19m05s

[1] https://adwords.googleblog.com/2017/05/powering-ads-and-anal...

[2] https://www.engadget.com/2017/05/23/google-track-shopping-tr...

[3] https://www.consumer.ftc.gov/articles/0222-privacy-choices-y...

Not Google specific, but some good reading on this topic came out in January - The Aisles Have Eyes: How Retailers Track Your Shopping, Strip Your Privacy, and Define Your Power [0]

[0] https://www.amazon.com/Aisles-Have-Eyes-Retailers-Shopping/d...

Amazon already has been doing this as well.

They started to recommend some items related with books I have never bought online, just after I got them at local bookstore by credit card.

Isn't there a difference? Google is sharing that offline purchase insight with advertising clients, rather than simply using that data itself, as does Amazon.

Where the advertising client is the local bookstore that he purchased the book from.

I think everyone remembers the first ad to follow them around multiple websites. For me it was an ASPCA campaign.

The next version of that experience will be researching a purchase and where to get it, then seeing ads on the way that are customized to (a) the product you're buying and (b) your preferences.

If you're 55 you'll get michael jordan advising you to buy nikes. If you're 35 it will be Noel Gallagher (air noels?), and if you're 10 it will be the ninja turtles.

The good news is at a certain point the competition for eyeballs will become so fierce that the ads become honest & informative.

>The good news is at a certain point the competition for eyeballs will become so fierce that the ads become honest & informative.

How exactly would that transition work? If anything, the trend has been going the other way for the past century.

If ads were going to become honest and informative, it would have happened already. A sale from a lie is equal in value to a sale from the truth.

> A sale from a lie is equal in value to a sale from the truth.

And a sale from a lie is also cheaper to achieve than a sale from the truth. So even if your ads are always 100% honest, if your competitor starts lying, you're forced to either do the same, or risk going out of business. This is how the market optimizes human values away as inefficiencies.

not always -- returns are pretty expensive for retailers.

I've been allergic to adverticing all my life, I don't remember any adverticement following me around at all... :-)

Adblockers is no new thing.

Where I live we have laws in place that criminalize stalking. Why isn't this considered stalking?

Maybe you implicitly agree to their ToS when you enter a partner store? It's a technical detail of creative lawyering. They must have covered the legal aspects and factored in the fines in case they get a slap on the wrist.

I guess it is the same thin line you have between tax evasion and tax optimization and Google has a nearly unlimited budget to try to move this line in their favor.

But it's not like agreeing to a ToS allows you to do illegal things, stalking being one of them. And yes, the definition keeps fitting more and more Google's tracking methods.

I know that I sound dramatic, but all of these kind of things that we have let Google do would be considered HIGHLY illegal if instead of a company it was a single, private individual.

Not dramatic at all, it is stalking, it is unethical but defining illegal is very complicated and up to the elected bodies.

Powerful entities should not be above the law but in practice they are, no point denying that. I'm sure everyone has an explanation according to taste how come double standards can be the normal.

Earlier, on HN:

Report warns computers may threaten constitutional rights (1982)


Thinking about it, the entire US economy has been about increasing consumption and credit since the 1970s.

There are certain products that people are more likely to buy in-store than online (clothing etc) but may be exposed to/advertised to online. I've always wondered how retailers track offline conversions effectively...

This is not just starting - Google has been testing this since at least 2014.

I worked at a big online advertising agency from 2013-2014 and we had a lot of fortune 500 companies as clients. Google began offering this tracking functionality as a beta in 2014 to a small number of very large companies.

Here's the thing - Google is basically telling advertisers "just trust us to report on our own performance." They are saying buy traffic from us and we will use our secret algorithms to tell you how much revenue we drove and you will have no way to verify the totals.

As you can imagine this is not an attractive proposition.

> Google says it has access to roughly 70% of U.S. credit and debit card transactions.

I don't get it, does VISA, MASTERCARD or AMEX just gives google the transactions? That got to be illegal, right?

Only if you didn't sign a contract that says they can.

In Europe it would be opt-in in all likelihood.

Yesterday, I received [1] from a friend. I laughed it off as the usual exaggeration when someone talks about Google and privacy. Today, I read that Google moved one step closer to that story.

[1] https://www.devrant.io/rants/605665/hello-gordons-pizza-no-s...

Another way companies are connecting your online profile with offline activities is by using one of the many call tracking services. Basically when you visit a site using these you will be shown a unique phone number. When you ring it the service will tie your web session to the call. The company will see the caller's whole web user journey and any subsequent visits.

Cash is a great invention.

This is likely unpopular, but this makes my job exponentially easier. The number of "What is that click worth" questions to us data driven marketing folks by small businesses effectively closes off a lot of us that focus primarily on the data from that market. With this, there is very real money to be made with small businesses that were too skittish to advertise before. We've been playing with Facebook's online to offline and frankly the brick and mortar folks we work with that we're utilizing it are incredibly delighted.

Just because it makes your job easier doesn't mean it's the right thing to do.

Your job is a terrible thing, building the panopticon for cash

Hmm I was wondering how some stores show up on Google maps even though I did not use Google maps to get to those places. God damm Google.

This has nothing to do with CC. Google collects the places you go to even if you don't use maps to get there.

Basically if you go to some restaurant for example and sit there for 10+ minutes google already knows that you are there as a customer and it saves the location.

That is because you have location services enabled on your phone. Google collects your phones location with this on. You can see the details by going to your location history.

Yeah I keep location services turned off most of the time. I also have never intentionally clicked on an online ad of any kind.

> Yeah I keep location services turned off most of the time.

Even if your location services, wifi and bt are off, they occasionally turns on to get your location. In Lineage OS there is an additional setting to not use wifi (when it is off) for location services.

May be you can look into developer options to disable this setting (Please note that even if wifi is off, your phone searches for wifi hotspots to find itself where it is).

And if your wifi/bt is on, your location is (almost) always available to Google. You know it, right?

well i do have location services on, but on my iphone. i dont have google maps open even in the background. i have background app refresh off for google maps too. i really dont see how google could get that info. apple maybe.

Also WiFi

> Hmm I was wondering how some stores show up on Google maps even though I did not use Google maps to get to those places.

Isn't that just advertising?

sure, but these are small local convenience stores. i doubt they would advertise on google maps.

Many ways are being suggested as workarounds for maintaining annonimity about where one spends their money. Fact if the matter is, if the money leaves your account in batches these guys will know. So Google, and others, in the age of bitcoin will just partner with banks.

Are there any credit card companies or banks offering cards that will not participate?

Dr. Stallman and FSF always promoted used of free software to counter surveillance.

Next phone will be an iPhone even if I think Android is so much better.

I'm not concerned. By the time they've figured out what everyone is buying, people won't have any money anymore to buy anything. So... whatever.

Best part about this article, it's talking about Google advertising and meanwhile the page loads with 147 trackers, page entry interstitials, auto-play videos, and pop-up interstitials while I'm trying to read. Many of the ads on that page are all google driven including the massive annoying pushdown at the top of the page.

As to the topic, let's be clear credit card data mining has been going on since before the web was born. I've explained this to people for decades, that and "customer loyalty" programs are amazing sources of data while being very scary at the same time.

What google is doing here is not any different than 100's of other vendors and companies in advertising technology. Their advantage is the retention of all your search data, clicks when it's a google ad etc. Facebook has comparable data as do many companies. Both these companies enjoy a duopoly that is massive and in some markets, they capture more than 70% of all advertising spend. Those resources combined with offline techniques creates a white-hot spot light that ignites a dialog that most likely should have happened before the web was born.

Advertisers want to know the money they spend is effective and works. We can all debate for eons about the effectiveness of advertising, but let me tell you de facto that it works. These types of systems are designed to help them optimize the spend.

Sadly, meanwhile you have perfectly good outlets like this newspaper where that optimization has led to downward pressure combined with user habit changes. They are desperate to stay in business and allow their digital offerings to be turned into graffiti pages in hopes to make up for lost revenues in the physical business. This leads to turning users off (157 trackers now as I write this) and they stop coming to the site. The leads to a vicious cycle where the users stop coming, the advertisers notice and stop spending or start discounting the money they're willing to pay. Digital death is horrific, rapid and all automated.

I don't know the answer to all these things, what I do know is people do want to have intelligent dialogs with other people who are offering something of interest. But advertising has always in the past been about injecting itself into people's lives in unwanted ways, from the kid screaming on the street corner "Come and get it, hot off the press" to a page on latimes.com with now 158 trackers and more ad space than content.

I dream of a world where I can have intelligent dialogs with people offering things that could enhance my life in some way. I spend every day of my life thinking about how to do this, and I'm building technology and products to address this idea. I would love nothing better than a single ad on a site like this, the right one, the one you wouldn't mind hearing from and one that pays the site owner 20x what they get now with their graffiti strategy. I can tell you advertisers also want this, they don’t want to be on a page with 158 trackers, and a graffiti layout where their message is diluted by all the noise.

It’s a real problem, it will get much worse before it gets better, but those who say advertising is evil are missing the point. Effective advertising is about communication, and should be person to person. The most powerful advertisement is a friend telling another friend about something new and exciting they discovered. However, to have that dialog you must have the first experience, the discovery, the friend of a friend had to learn about this amazing new product and advertising sets out to do that.

Does who advertise for products sold offline doesn't care about clicks though, only views.

Tracking more please google. Im really happy that you violate my privacy with fancy new terms and ideas.

Applications are open for YC Winter 2021

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact