There needs to be much more coverage of this in the contemporary press as it is applied to credit card companies, agnostic of tech co.'s making it a joint venture.
I believe credit card co.'s gave this process momentum early on and tech co.'s are just taking it and running with it.
The same can be said for Google location tracking vs. Verizon's straight-up selling that data as an asset.
So IMO tech companies are well deserving of the criticism they’re facing.
Also, tech acts as a (mostly) reliable steward of this data because they can monetize it so well. If 90% of the revenues of Target came from advertising, we would probably not have had the massive leak of cc data. For most traditional businesses, this data is an additional source of revenue, not the primary one.
Google is in the business of utilising your data in the interest of advertising. No matter how you sugar coat it, the core of the business is tracking people and exploiting that data.
Are they doing their best to be careful and ethical? It sure seems like it, but that doesn't solve the issue.
The free services they and many tech companies provide for free are just payment for your data. The majority of people don't realise this implicit connection and many others do realise it but are happy with the transaction. But it's important to note that they undermine the ability to provide these services more ethically by setting a social norm of incredible services that are "free".
Edit: I will add that the cost and benefit to society of this kind of service provision is complex and nuanced, Google has obviously provided incredible value and society has decided that advertising is a fair price to pay, else they wouldn't be around still. But the true effects of immense tracking and advertising are still yet to play out completely.
Disclaimer: I work at Google.
Please accept our sincere apologies--Google is such a nice company with a 100% ethical business model!
If Google sold the data, someone else would have it. That would not only be awful from a privacy perspective, it would be desasterous for business.
It's primarily a case for precise language and not something to ridicule.
When they're choosing to not engage in behavior that no company in their shoes would engage in, it's hardly praise worthy and I think indeed that ridiculing it as a 'positive' for them is completely fair. So let's change the game a bit. If, somehow, their business changed or evolved such that selling user information directly was a profitable part of some business strategy - do you think they would still choose not to? What if I asked you, not that long ago, whether you think Google would be willing to build a search engine in China completely accepting (and thus arguably implicitly endorsing) all state level censorship engaged in by China?
I do think that Google at one time sincerely held the sort of anti-corporate-establishment view of 'don't be evil.' But it's much easier to moralize when you don't have the option of going against those morals to the tune of billions of dollars accompanied by immeasurable influence.
The way I see it, it’s a race to trillion dollar mark for AMZN, GOOG and MSFT now.
I have little expectations that they’ll do much to reverse their ad blasting and deep tracking trends.
On the contrary, it is a good business model and Google does it. They sell ad targeting, and targeting ads is based on accessing personal user data and making its results available to anybody who wants to pay. With each targeting of an ad the ad buyers can track more profiled users.
"selling your user data" implies that someone else has access. They don't.
I provided money to Google. Google provided [people, or perhaps bots] and told me they were left-handed Hungarian mimes. The user's information has passed from Google to me. I just tagged that person "left-handed Hungarian mime" in my database.
Now, you can invent new words and call that something other than a sale, but...
The tech industry is great. Package up software, give it a SKU, put it in a store, have people come in, exchange money for it, and walk out: They're very happy to call that a sale, not a license, but a license is what it is. Happy to use the word "sale" when it confuses the customer and benefits them.
But start talking about selling user data to advertisers, nope, don't like the word "sale" any more, even though the advertisers are handing over money and walking away with data they are free to use. Odd.
>If I target my ads to left-handed Hungarian mimes, and someone clicks on that ad and comes to my site, what do I know about that person?
Nothing, unless they register there, and if your goal is to convert left-handed Hungarian mimes, then you probably know about your target audience already. You've learned something about a tracking cookie. That's only valuable if you can continue to track the user.
More data means they can match us to clients better and charge a higher price for us.
Not matter how you sugarcoat it, if you work for Google or FB or any other ad blasting company, you help further the model of selling data of people’s private lives to the highest bidder and ad spam them throughout the internet for months.
I can only applaud Google employees who want to have a meaningful discussion here, and even disclose that they're working at Google.
I think that one thing Google tries to do is to make identifyingly small demographics not possible. As you say, that would leak personal info when the user clicked.
How would the advertiser know? Google is the one serving the ad.
I said "for the most part". There are multiple reasons why different users can see different ads:
Ads might be geo targeted ("Only show this to users in New York.").
There is some stochasticity in the serving process. Ads can run out of budget. Different data centers might have cached different things in cache.
Different advertisers that are eligible to show for a certain query can bid different amounts depending on the user, for example though RLSA .
But anyway ads personalization is not essential to Google's business model (except display ads and maybe youtube ads).
I'm old enough to remember when we had the same arguements about supermarket loyalty cards which track your purchases and sends out personalised deals. Now people just accept that happens but there was a massive uproar about it back in the 80s or 90s (I forget precisely when but it was a good few years ago now).
I honestly don't blame Google for doing what they're doing. It makes perfect business sense. What I do object to is Google employees (assuming you are who you say you are) trying to argue that Google don't make a business from personalised ads when it's pretty easy to prove they do and nearly every single member of HN has observed that it action. For the record, I also object to people argue who "X is definitely not y" while acknowledging that there are a whole plethora of examples where their arguement isn't completely factually accurate - that kind of dumb get out clause is just insult on everyone's intelligence.
Your assertion and supporting link are nothing more than semantics though. But if those semantics make you personally feel better then fine. But I think there's very few people who think that such a semantic distinction matters.
I'm not affiliated with them.. Just a satisfied user. (Although happy to hand out referral links.)
You can use pseudonymous billing info for the transaction. We then debit your underlying account afterwards.
And the example I'm giving there is the most completely innocuous possibility there is. This gets much worse when, for instance, politicians will (and to some degree already are) creat[ing] multiple mutually incompatible versions of themselves to sell to different demographics and ultimately even individuals. That's not cool, and you can come up with far worse scenarios that this sort of individualized tracking.
The bank were not spending millions on the web talking how about they profile you to "improve your experience". They were mostly silent about that. That's why Google/FB/you name it is super for me : it says aloud what happens behind closed doors since ages.
100% deserves/needs scare quotes around that.
I mean just look at the snake-oil bullshit wording Google are using to describe what they do here:
"Before we launched this beta product last year, we built a new, double-blind encryption technology that prevents both Google and our partners from viewing our respective users’ personally identifiable information,”
I mean, I guess there are proper cryptographic means by which you could achieve something that matches that description.
But does _anyone_ trust the worlds biggest advertising company to be doing that???
Anyway. Yes, I do trust that of all parties, Google actually would both develop and deploy whatever that "double-blind encryption technology" is. Still, it's not the problem.
I think we need to stop dancing around the real issue with all that talk about PII. No, I really don't care about my PII just leaking somewhere. I care about what people do with them. It's what companies do with PII, "anonymized" or not, that's the problem. Advertising, upselling, price discrimination. Those are the real problems.
I _strongly_ doubt they have the corporate will or motivation to actually put it into production. I'd go so far as to say "getting it right" is antithetical to their (enormously profitable and deeply entrenched) business model.
meta data like where you made purchases when you made purchases and how much you spent and maybe a few other details are all you need 4 or 5 times to de-anonymize
full disclosure... I have 3 credit cards from this company....at this point I cannot imagine writing checks and carrying cash for daily use... I am not sure this battle can be won at this point.
There is no other company (or a government agency) that knows exactly where you are, how you spend your time, what your precise interests are, what your fears and hopes are (based on your search history), your relationship network, including secret lovers, and so on.
Avoiding being tracked by Google is almost impossible these days, given that everybody uses Gmail, GA, Android and so on.
Not just hedge funds. All finance institutions buy ( "share" ) data from and with each other. Even if you "opt out" ( we should be defaulted to opt-in rather than having to opt out but that's another discussion ), banks have a sneaky trick of slightly changing your ToS and giving you 30 days to "opt out" again. It's one of the reasons why every year, people get "new terms" in the mail. If you look closely, you'll see a slip of paper in the pile of papers about "privacy" rights and saying you have 30 days or so to let your bank know you don't want them to "share" your data.
Also, keep in mind that anonymized data is anonymous in a local sense, not a global sense. Even if PII is removed from one data vender, you can link anonymized data from a variety of data venders to "unanonymize" you. If you have one set of PII ( say like your employer ), then it's really effortless to link you with the anonymized data.
If you have search history from google, data dump from facebook and CC data, then one could pretty much peer into most people's homes and lives without much problem. You could know people better than their spouses do and in many instances, better than they do themselves.
The difference between a slave or serf and a free man isn't paid labor ( as even slaves were paid for their labor ), but the right to prevent intrusion into their lives. A free man had privacy. Slaves had no right to privacy. We are moving into a world with little to no privacy. Well not all of us. The wealthy are moving into a world of greater privacy.
Buying up islands. Highly walled and heavily guarded compounds. Opaque offshore wealth centers.
They are looking for advance warning of something happening to the merchant, if they are a public company - not on you as an individual.
I get products, I give money. The End.
I have seen Germans using credit/debit cards for 100% of transactions; cash only seems to be more of a garlic-belt thing.
"The company said people can opt out of ad tracking using Google’s “Web and App Activity” online console. Inside Google, multiple people raised objections that the service did not have a more obvious way for cardholders to opt out of the tracking, one of the people said."
This is the kind of stuff where the government should have a heavy hand on regulations (unfortunately the members of the government like anyone else are incentivized by money so guess who has a lot of it to "lobby" them.)
It maybe isn't an ideal solution, but it has a lot of upsides. Advertisers (and ad middlemen like Google) bet that they can sell more stuff by drilling deeper and deeper into people's lives.
But the bottom falls out of all that when people decide to opt out of large parts of the commercial ecosystem.
Track your finances instead, the same way you would with a fitness app, and get that dopamine hit from seeing your savings increase. Feel secure in the knowledge that when the next major economic slump hits -- when, not if -- you'll be able to easily ride it out, maybe even enjoy a nice vacation at discounted rates.
The massive growth of ad blockers was an immune response to the excesses of advertisers on the web. Commercial minimalism is the only way to respond to all this crap happening everywhere else.
When I'm shopping it isn't just the old ladys digging deep and long in their purse for the exact change, almost everyone pays with cash.
Maybe this exists already. The difficulty would be in offering a good usability (how do you get that Amazon product you want in your local shopping basket).
You are right about the privacy guarantee, but there is the issue of trust in any business transaction. Why am I using ProtonMail/VPN? Because they have privacy + security as their primary USP and it is reflected in their business (transparency, privacy policies, compliance, certification, etc.). They work hard to earn and keep my trust, and I pay them to do just that.
I am no expert but probably you can let your company be audited by some trusted party on adherence to privacy promises and prove that you comply.
Having that they can keep my data in storage for as long my government requires by law.
Edit: Because this is deeply nested and tangential to the topic I created a separate Ask HN on this idea: https://news.ycombinator.com/item?id=17884474
Still a huge difference betwen that and the alternative where all three of:
- and MasterCard
knows what you've bought IMO.
This is the first Google result for “amazon.com pay with cash”.
It's ridiculous that credit cards, the primary mode of online purchases and strongly preferred by physical retailers, is dominated by just two/three companies... all of which freely sell your purchase histories to other companies.
There is absolutely nothing written about this being a way to opt out of their purchasing and tracking credit card use.
And yes, his style is very entertaining. I hope you enjoy it.
ProtonMail and ProtonVPN are legally separate, but they are both part of the Proton family of projects which originated from CERN.
I, personally, use an DuckDuckGo, an iPhone and Apple mail. Amazon isn't an issue really- just buy whatever you were going to get on amazon somewhere else - it's pretty rare that I find a noticeable price difference (unless we're talking about the cheap off branded stuff on amazon - but I don't want things like that anyway).
not using google is easy, not losing data for 15+ years and counting is significantly harder. even Apple dropped my photos due term of service change, I had to scramble gigabites off internet into disks and now my collection is an unindexed mess.
As for internet, you can always get yourself a VPS and tunnel everything through that, so your monopoly ISP doesn't get to see anything of what you do.
Most people pay for credit cards by way of yearly fees, they track you. Purchase music? Your music is cross referenced in the name of discoverability. Hardware? Same.
Some of those things might be helpful in some contexts, and in others not. That fuzzy line is the discourse.
With all of that said, to cite the locus of all evil as “ad supported” as the problem is a logical fault line.
1. Switch everything to Apple, hardware company. iPhone, Mac OS
2. Use email@example.com email, create few email aliases. Forward your gmail to it, and finally delete gmail accounts.
3. Don't use any of Googles software, like Chrome. Install adbocker extention/app and use Private Browsing windows by default
4. Buy a VPN subscription and set up your phone and Mac to always use it (on-demand).
- ISP has no clue what you do
- Your IP is hidden, major feature for fingerprinting you by websites, trackers and Google.
It appears that Apple Pay cash doesn’t share much, although they do say ‘We may disclose information that is not personally identifiable for other purposes.’
What they mean exactly by ‘personally identifiable’ is open to interpretation.
I don't know how folks who can't afford a car would get groceries (an hour round trip on the bus, I guess), but that can be said about nearly everything in Michigan. The whole wealth bootstrapping problem is really unsolved out there, you can't get started on anything without like $5k for a car and car-related expenses.
Shop at Aldi. https://aldi.us/stores/
If you pay by credit card, it just goes through without having to pay the deposit. It's one of the reasons why I begrudgingly got a Mastercard, and also for the travel insurance.
That's basically all I use it for, though. I think there's some additional electronics insurance or something, but the basic warranties here are pretty good already.
That's a huge over-generalization. It's true that cash is king in Germany for instance, but Scandinavians pay almost exclusively by card.
Sure, Germany is a bit behind the times when it comes to paying with plastic.
> but Scandinavians pay almost exclusively by card
Same goes for the Netherlands where I live, but we don't pay by credit card, we pay by debit card.
What? Of course we do. If anything, Europeans are less likely to use credit cards online (though that is slowly changing), instead opting for bank transfers or online debit cards.
I am about 85% serious here.
End-users have zero power anymore except by collective action in the form of government regulations.
The soul of that company is to turn the human experience into a vessel for the paid delivery of ads, nothing else matters. Of course I'm sure that one can join many interesting engineering projects there, with suitable blinders. Even when they introduced their AR glasses, they had to show virtual billboards assaulting one's field of vision. What you are to Google is a recipient for ad delivery -- not a customer, not a respected human, not someone to trade with.
The problem is, and always has been, that in exchange for some paltry “rewards” you have no idea just who gets sold what, or for how long, etc.
And this is a major new problem primarily because of how big and pervasive Google is, and how they’re into every business. This means I’m no longer sharing a few silly restaurant purchases with buyers of that data in the restaurant business, I’m enabling a crazy machine-learned madness that is hyper-connected to literally everything else I do. This should be illegal but our laws are too slow to catch up with powerful tech.
For the election, politics is 100% advertisement. Candidates have no legal obligation to keep their promises (and that's a good thing). An election won by something that isn't advertisement is not democratic.
Now for the 2016 presidential election specifically, the fact that Trump won despite having most of the Silicon Valley and a major part of the online world against him shows that "Google and others" are not that powerful compared to the traditional players.
A fraction of a fraction of the 2 billion dollars the Hillary camp spent trying to manipulate the election.
CA is the Clinton camp's boogeyman, much as Correct the Record was for Sanders fans and George Soros is for Trump supporters.
>A December report from Harvard University’s Shorenstein Center on Media, Politics and Public Policy delivered some sobering news for all those investigative reporters who may have supposed that their Trump exclusives were changing the world: None of them were breaking from the pack. “Clinton’s controversies got more attention than Trump’s (19 percent versus 15 percent) and were more focused,” noted study author Thomas E. Patterson. “Trump wallowed in a cascade of separate controversies. Clinton’s badgering had a laser-like focus. She was alleged to be scandal-prone. Clinton’s alleged scandals accounted for 16 percent of her coverage—four times the amount of press attention paid to Trump’s treatment of women and sixteen times the amount of news coverage given to Clinton’s most heavily covered policy position.”
It notes that:
> Trump’s coverage during the general election was more negative than Clinton’s
Positive coverage of Trump was during the primaries, which is what the Clinton camp wanted, calling him a Pied Piper:
> We need to be elevating the Pied Piper candidates so that they are leaders of the pack and tell the press to [take] them seriously.
Make no mistake, the media recognized very quickly that Trump drew viewers. There’s a damn good reason why CNN is posting record profits.
Seems to be true in this case. They covered Trump, which made him the person people think about.
They told people to hate Trump. The electorate didn't listen.
Back to the original question, does that mean we're easily manipulated?
On the original question: evidence seems to say yes.
Heck, very very few advertising campaigns involve telling the user to buy a product or service. Most focus more on creating a new need/want, or in repeated exposure to make the advertised good seem “normal”.
Now the tricky thing is that manipulation requires intent, which is very hard to prove. Hanlon’s razor would have us believing that in most cases, shady things happen because people are dumb, not malicious. So for my part I personally believe that the media got addicted to the ratings and felt internal pressure to provide equal coverage even when the scandals were quite unequal.
(b) seems to me like an expression of a naive view of personal identity that makes a binary distinction between anonymity and non-anonymity that doesn't exist in reality in any meaningful sense. Does manipulation against your interests become a non-problem when the manipulator doesn't know the name in your passport? Does it become a non-problem when the manipulator's tools are too imprecise to pick out you specifically, so they apply the same strategy to you and one other person, yielding only a 50% success rate? Does it become a non-problem when they lump you in with three other people? With four? Ten? A hundred? A million?
All of this is about power. Just because power is exercised indirectly or somewhat imprecisely doesn't make it categorically different from someone influencing specifically you, just as poisoning rivers and lakes isn't categorically different from poisoning your food on your plate. It's just a scheme for laundering the power to make it less obvious, and if you allow that, that's what people will do. People who want power don't care how they get it, all they care about is that they get it, so if you tell them that you are OK with being manipulated indirectly, then that's what they will do.
Why are we talking about this?
Safari ITP 2 doesn’t allow 3rd party cookies.
Second only to this is the creepy fact that tools like Deepmind are being built with the purpose of furthering these goals - all of the chess/go beating is literally a side line.
I think this is why people like Elon Musk - he may have some socially reprehensible behaviours, but at least his end goals are either benign or helpful to humanity.
If set A is the set of users shown ads for Merchant M, and set B is the set of customers at merchant M who purchased something, then this intersection can tell you what percentage of the ads were shown to people who made a purchase without revealing who made the purchase to A or revealing who was shown an ad to B.
There’s probably a way to do it with differential privacy as well but it might be less efficient.
Together with Location Services, they know everywhere you physically go, so given the last 4 digits of your cards and a transaction list it's pretty easy to guess who you are.
I don't actually know how to do this, so this is a bit like the "draw the rest of the owl" meme :)
If you assume there is an algorithm where Google can provide some "encrypted" form of their "users who have seen this ad" list such that the amount spent can be computed without knowing the intersection, you could exclude people who have opted out from the list Google inputs into the algorithm.
Google paid Mastercard millions of dollars for the data, according to two people who worked on the deal, and the companies discussed sharing a portion of the ad revenue, according to one of the people.
That is not an unusual arrangement for people with search indexes, party A provides a search query, party B provides 10 links to appropriate content and some advertisements, if the eyeball making the search clicks on an ad the revenue is split between in the index provider (party B) and the traffic provider (party A).
The most reprehensible president ever, curtailing the bad behaviour of the most reprehensible global advertising company ever.
"You've been provided two opportunities to cite those articles." That is worded in the most irksome manner. What is wrong with you?
But even if some company offered that all the retailers could still share their data with some aggregator which would effective work around your privacy oriented card not sharing data.
I'd love not to be tracked and would switch cards immediately if they offered the same services I get now and offered zero tracking. I suspect I'm in the minority but maybe with the right PR blitz you could get regular people to switch.
"Does your credit card spy on you? Do they sell all your purchase data to advertisers so they can target you with ads? Yes? Welcome to 'PrivacyCard'"
Next YC batch?
Building a new card network akin to Visa would be a monumental task. You'd be better off lobbying for legislation.
If you buy in a brick and mortar store the retailer would not have your address, only your card number. And a privacy-focusd CC company would allow you to generate new numbers for each transaction so the retailers can't use that to merge datasets.
Google is now closing the circle to get to know exactly what was bought - blowing all privacy advantages away.
An untapped opportunity perhaps
The only problem is that the total you can spend: ~$50 on the ones I've found, so not terribly useful. But it's at least proof of concept that they could do it if they wanted to.
Japan is mostly (for the moment, anyway) a cash based society, so these kinds of things work. Payment cards are becoming more and more popular, where you load money on to them and then you can use them in stores. Most of them don't require that you register with them, but of course they all recommend it (and you can't take money off of a card without it being registered, presumably to reduce theft of the cards).
I quite like the system, since I like privacy. Also much better than a debit card since I don't have to give access to my primary bank account to have a convenient payment system.
Or maybe I'm just too paranoid?
The average buyer would rather get cash back to allow Google to report to merchants how their ads resulted in credit card payments than to not get cash back and hide this information. This is the same economics for how loyalty card programs work.
They realized there's money laying on the floor of your house.
Why wouldn't they pick it up?
Another thing to worry about is whether iPhone really turns off the wifi radio when it is greeted out from the menu.. I remember a setting change somewhere around ios10/11..