Hacker News new | past | comments | ask | show | jobs | submit login
Google and Mastercard Cut Ad Deal to Track Retail Sales (bloomberg.com)
449 points by petethomas on Aug 30, 2018 | hide | past | favorite | 281 comments

Do I have a choice, other than cancelling all of my MasterCard cards? This business of tracking and profiling is increasingly evil. If I dystopically discovered that someone has been following me around all the time, writing down everything I look at or do or purchase, in public and at home, I could not tolerate it.

Your only option is to refuse cards altogether because they've all been selling anonymized data on you for years. The big hedge funds pay big dollars for direct lines of data from the credit card companies.

A lot of attention in the press is given to Google et. al. about purchase profiling and tracking for ads. But the concept of purchase profiling has existed really since the invention of the credit card. As others have mentioned hedge funds have brokered this data for decades - but for some reason it has not been covered as excruciatingly as it has for tech companies. While I disapprove of the practice overall I would bet that tech companies are actually a more responsible steward (jail warden?) for this data than credit card bureaus, precisely because the spotlight is on them and also we have come a long way for data security in general.

There needs to be much more coverage of this in the contemporary press as it is applied to credit card companies, agnostic of tech co.'s making it a joint venture.

I believe credit card co.'s gave this process momentum early on and tech co.'s are just taking it and running with it.

The same can be said for Google location tracking vs. Verizon's straight-up selling that data as an asset.

Yes non-tech companies have done this forever, but it was only when online tracking started that the amount of data you could collect on people exploded. And Google, Facebook etc. figured out how to monetize it much more effectively, generating the lions share of its revenues through such ads.

So IMO tech companies are well deserving of the criticism they’re facing.

Also, tech acts as a (mostly) reliable steward of this data because they can monetize it so well. If 90% of the revenues of Target came from advertising, we would probably not have had the massive leak of cc data. For most traditional businesses, this data is an additional source of revenue, not the primary one.

The reason tech companies get the spotlight is because there are times when the tracking is so much in your face. For example, if I look up specs on a pair of Bose headphones, I get plastered with ads for Bose for the next couple months (unless I flush my cookies, and/or browse anonymously or use an ad blocker). Yes, I know what is going on behind the scenes, but it still feels like stalking.

Such a useful idea as well, ads for the product you just bought and only need one of..

It is somewhat ironic that Google is probably more privacy focused and has better security than any other company in the fortune 500 and yet they seem to get some of the most negative criticism here.

You can be extremely ethical about your factory farm but it's still a factory farm.

Google is in the business of utilising your data in the interest of advertising. No matter how you sugar coat it, the core of the business is tracking people and exploiting that data.

Are they doing their best to be careful and ethical? It sure seems like it, but that doesn't solve the issue.

The free services they and many tech companies provide for free are just payment for your data. The majority of people don't realise this implicit connection and many others do realise it but are happy with the transaction. But it's important to note that they undermine the ability to provide these services more ethically by setting a social norm of incredible services that are "free".

Edit: I will add that the cost and benefit to society of this kind of service provision is complex and nuanced, Google has obviously provided incredible value and society has decided that advertising is a fair price to pay, else they wouldn't be around still. But the true effects of immense tracking and advertising are still yet to play out completely.

Google is not in the business of selling your data. Google does not sell your data. It’s pretty clear in their privacy policy: https://privacy.google.com/how-ads-work.html

Disclaimer: I work at Google.

Oh, of course. Google is actually really benign. They don't sell your data. They just automatically scrutinize it in unfathomable detail to make as much money as possible when they pimp you out to anybody else who wants to manipulate you.

Please accept our sincere apologies--Google is such a nice company with a 100% ethical business model!

Parents point is valid in so far as that selling really is the wrong term for it.

If Google sold the data, someone else would have it. That would not only be awful from a privacy perspective, it would be desasterous for business.

It's primarily a case for precise language and not something to ridicule.

Like you mention one of the most obvious reasons that Google does not sell user information is because it would not make good business sense. These immense profiles they're building on everybody are part of their 'secret sauce' and simply selling those would not be good for business.

When they're choosing to not engage in behavior that no company in their shoes would engage in, it's hardly praise worthy and I think indeed that ridiculing it as a 'positive' for them is completely fair. So let's change the game a bit. If, somehow, their business changed or evolved such that selling user information directly was a profitable part of some business strategy - do you think they would still choose not to? What if I asked you, not that long ago, whether you think Google would be willing to build a search engine in China completely accepting (and thus arguably implicitly endorsing) all state level censorship engaged in by China?

I do think that Google at one time sincerely held the sort of anti-corporate-establishment view of 'don't be evil.' But it's much easier to moralize when you don't have the option of going against those morals to the tune of billions of dollars accompanied by immeasurable influence.

Don’t be evil ship sailed a long time ago. They’ve demonstrated over and over again that their stock price matters more than privacy of their users.

The way I see it, it’s a race to trillion dollar mark for AMZN, GOOG and MSFT now.

I have little expectations that they’ll do much to reverse their ad blasting and deep tracking trends.

> the most obvious reasons that Google does not sell user information is because it would not make good business sense

On the contrary, it is a good business model and Google does it. They sell ad targeting, and targeting ads is based on accessing personal user data and making its results available to anybody who wants to pay. With each targeting of an ad the ad buyers can track more profiled users.

(I work at Google).

"selling your user data" implies that someone else has access. They don't.

If I target my ads to left-handed Hungarian mimes, and someone clicks on that ad and comes to my site, what do I know about that person? What user data has Google told me about them?

I provided money to Google. Google provided [people, or perhaps bots] and told me they were left-handed Hungarian mimes. The user's information has passed from Google to me. I just tagged that person "left-handed Hungarian mime" in my database.

Now, you can invent new words and call that something other than a sale, but...

The tech industry is great. Package up software, give it a SKU, put it in a store, have people come in, exchange money for it, and walk out: They're very happy to call that a sale, not a license, but a license is what it is. Happy to use the word "sale" when it confuses the customer and benefits them.

But start talking about selling user data to advertisers, nope, don't like the word "sale" any more, even though the advertisers are handing over money and walking away with data they are free to use. Odd.

Ok but is anyone doing that? Even if technically possible is that a violation of the ToS? (I don't know the answer to either of these questions, but I expect that the answer leans towards "no" for both).

>If I target my ads to left-handed Hungarian mimes, and someone clicks on that ad and comes to my site, what do I know about that person?

Nothing, unless they register there, and if your goal is to convert left-handed Hungarian mimes, then you probably know about your target audience already. You've learned something about a tracking cookie. That's only valuable if you can continue to track the user.

They don't sell our data, they rent us out to the highest bidder.

More data means they can match us to clients better and charge a higher price for us.

This captures Google’s and FB’s business model perfectly.

Not matter how you sugarcoat it, if you work for Google or FB or any other ad blasting company, you help further the model of selling data of people’s private lives to the highest bidder and ad spam them throughout the internet for months.

I'm not so sure it's so clear in that page you linked to. Google do also sell the largest analytics/user-tracking platform that exists (Google Analytics). That page you linked to seems to hinge around what constitutes 'personal information' which I'm sure others have differing opinions about but does go back to the parent's point: Google is in the business of selling your data. It maybe does it in a controlled way, segregating by client properties, or removing certain personally identifying information, but it's still selling your data.

You are right, selling is the wrong term. I will update my comment to use the word "utilising" instead.

It's a shame you're getting downvoted. There's nothing wrong with your comment, and it adds a useful argument to the discussion that's going on here.

I can only applaud Google employees who want to have a meaningful discussion here, and even disclose that they're working at Google.

It looks like they are back in the green now. I appreciate the dialogue it sparked and I can appreciate it takes a bit of courage to take part in a topic that's contentious toward where you work.

You're right–people often conflate "selling" with "using internally to sell ads." There's a difference, and it's meaningful, but the point is that Google's business model is based on gathering and exploiting as much data about you as possible

Yes. And isn't it also the case that, by offering their very elaborate targeting capabilities to advertisers, they still leak your personal data to 3rd parties, though indirectly? After all, the fact that a certain personalized ad appears in your page confirms to the advertiser that you are in their carefully crafted target group.

(I work for Google, but not on ads and I have no social knowledge)

I think that one thing Google tries to do is to make identifyingly small demographics not possible. As you say, that would leak personal info when the user clicked.

confirms to the advertiser

How would the advertiser know? Google is the one serving the ad.

Tracking referals. It's a key part of ecommerce advertising metrics to keep track of who came from what campaign.

That's not true either, but that's a common misconception. Google makes the bulk of it's ad revenue from search ads. Two people issuing the same search query will see the same ads (for the most part). Hence, Google could still make money without user targeting - unlike Facebook.

Two people making the same search query wouldn't even produce the same search results, let alone adverts.

I'm surprised that this comment was downvoted so much. I actually work at Google. I don't know if anyone is still going to read this, but I thought I would comment just in case.

I said "for the most part". There are multiple reasons why different users can see different ads:

Ads might be geo targeted ("Only show this to users in New York.").

There is some stochasticity in the serving process. Ads can run out of budget. Different data centers might have cached different things in cache.

Different advertisers that are eligible to show for a certain query can bid different amounts depending on the user, for example though RLSA [1].

But anyway ads personalization is not essential to Google's business model (except display ads and maybe youtube ads).

[1] https://support.google.com/google-ads/answer/2701222?hl=en

I like how you say "personalised ads are now essential aside all those times it is". The fact remains, personalised ads is always going to be far more profitable than non-personalised ads. You don't need to be an insider in Google to understand this. Moreover Google didn't even invent the concept of personalised adverts to begin with.

I'm old enough to remember when we had the same arguements about supermarket loyalty cards which track your purchases and sends out personalised deals. Now people just accept that happens but there was a massive uproar about it back in the 80s or 90s (I forget precisely when but it was a good few years ago now).

I honestly don't blame Google for doing what they're doing. It makes perfect business sense. What I do object to is Google employees (assuming you are who you say you are) trying to argue that Google don't make a business from personalised ads when it's pretty easy to prove they do and nearly every single member of HN has observed that it action. For the record, I also object to people argue who "X is definitely not y" while acknowledging that there are a whole plethora of examples where their arguement isn't completely factually accurate - that kind of dumb get out clause is just insult on everyone's intelligence.

No they don't sell your data they just sell "access" to your data. The bits don't leave Google servers.

Your assertion and supporting link are nothing more than semantics though. But if those semantics make you personally feel better then fine. But I think there's very few people who think that such a semantic distinction matters.

As we found out, they buy the data - this time from Mastercard and collect a detailed profile of every user, maybe more detailed than 3-letter agencies have.

Indeed, they don't sell your data. They give it for free through deals such as PRISM.

Yes it is. Personally, I dislike tracking and don't mind disparaging Google for it - but I think in this case reporting like this manages to miss the heart of the problem and mischaracterize the situation.

If you want to still use a "credit card" online without being tracked by the MasterCards or Visas of the world (or even individual merchants), then check out https://privacy.com/ .. It lets you generate a new credit card number for every transaction if you want.

I'm not affiliated with them.. Just a satisfied user. (Although happy to hand out referral links.)

How does that hide the data from Mastercard and Visa? Surely they must know who is behind every card number, otherwise who would they charge?

Disclosure: I work for privacy.com

You can use pseudonymous billing info for the transaction. We then debit your underlying account afterwards.

Wouldn't that cause weird issues with rebates for faulty products?

If I understand the way the process works, no. The credit card is attached (via privacy.com) to a checking account via ACH. So if you get a refund (or perform a chargeback) on one of your credit cards, then the resulting funds are just deposited into your checking account.

Anyone know if there's a similar service to Privacy in the UK?

I was wondering the same.

The issue is individual tracking vs aggregate tracking. Tech companies now a days are starting to target individuals based on their individual patterns. This is quite a bit different than aggregate tracking based on group trends. For instance if you see a link to a Credence Clear Water video after watching a video of Under the Watchtower, it makes a lot of sense. On the other hand if you see a link to a lecture from Leonard Susskind -- then that's going to be exclusively the result of personalized tracking and it feels invasive.

And the example I'm giving there is the most completely innocuous possibility there is. This gets much worse when, for instance, politicians will (and to some degree already are) creat[ing] multiple mutually incompatible versions of themselves to sell to different demographics and ultimately even individuals. That's not cool, and you can come up with far worse scenarios that this sort of individualized tracking.

>>> but for some reason it has not been covered as excruciatingly as it has for tech companies.

The bank were not spending millions on the web talking how about they profile you to "improve your experience". They were mostly silent about that. That's why Google/FB/you name it is super for me : it says aloud what happens behind closed doors since ages.


100% deserves/needs scare quotes around that.

I mean just look at the snake-oil bullshit wording Google are using to describe what they do here:

"Before we launched this beta product last year, we built a new, double-blind encryption technology that prevents both Google and our partners from viewing our respective users’ personally identifiable information,”

I mean, I guess there are proper cryptographic means by which you could achieve something that matches that description.

But does _anyone_ trust the worlds biggest advertising company to be doing that???

"Anonymized" always deserves scare quotes, because there ain't such thing as "anonymized"; there's only "anonymized until correlated with other data sets".

Anyway. Yes, I do trust that of all parties, Google actually would both develop and deploy whatever that "double-blind encryption technology" is. Still, it's not the problem.

I think we need to stop dancing around the real issue with all that talk about PII. No, I really don't care about my PII just leaking somewhere. I care about what people do with them. It's what companies do with PII, "anonymized" or not, that's the problem. Advertising, upselling, price discrimination. Those are the real problems.

Out of all the other possible parties that could have attempted this? Yup, I'd say I trust them the most.

What Google can do and what they choose to do are two different things.

I don't doubt one bit that they have people capable and probably even willing to get the crypto right.

I _strongly_ doubt they have the corporate will or motivation to actually put it into production. I'd go so far as to say "getting it right" is antithetical to their (enormously profitable and deeply entrenched) business model.

I don't know about that. Measuring ad impact is extremely valuable. What is interesting to me is the obvious bias of being the seller of ads as well as the impact measurement provider.. fox guarding the henhouse and all

If they sold it to Mastercard as double blind I personally would trust them on it. Lying to consumers seems to turn out fine but lying to large corporations I would bet gets expensive and my experience is that a large org will bend over backwards to meet the letter (if not the spirit) of what they say.

What you're probably worried about is an entity being able to fingerprint you based on a few simple data points and a profile of someone who fits those data points. Which is possible, and increasingly accurate.

having sat during conversations at a large credit card company it turns out 4 to 5 transactions are all that is needed to identify a person.

meta data like where you made purchases when you made purchases and how much you spent and maybe a few other details are all you need 4 or 5 times to de-anonymize

full disclosure... I have 3 credit cards from this company....at this point I cannot imagine writing checks and carrying cash for daily use... I am not sure this battle can be won at this point.

Yes, I do trust them. They don't need PII to get value from this.

Other companies are different: Google is unique in the sense that they have - or if they want, they have enough data to build - an extremely rich and complex profile including very intimate details of a given person.

There is no other company (or a government agency) that knows exactly where you are, how you spend your time, what your precise interests are, what your fears and hopes are (based on your search history), your relationship network, including secret lovers, and so on.

Avoiding being tracked by Google is almost impossible these days, given that everybody uses Gmail, GA, Android and so on.

Credit cards know how much you spend at Whole Foods with a certain transaction amount. This I always assumed was tracked and could be used/sold by the credit card companies. This article tends to imply that MasterCard is getting the actual list of things that you buy at a store. I would hope that for this to happen the store must also be involved in selling the individual item list to the credit card company. I was hoping that stores were not doing this or I would have heard something about it, but maybe it would not really be news at this point in the data selling game.

I think you could buy an anonymous prepaid/gift card periodically, though I don't know if there's any restriction that prevents you from buying certain things (probably you can't use it for airline check-in). Wish this kind of things could be done more easily in future.

And that's one of the reasons Germans prefer cash.

I get products, I give money. The End.

Where in Germany?

I have seen Germans using credit/debit cards for 100% of transactions; cash only seems to be more of a garlic-belt thing.

Berlin, for example. When there's a card payment for groceries it tends to be tourists.

> The big hedge funds pay big dollars for direct lines of data from the credit card companies.

Not just hedge funds. All finance institutions buy ( "share" ) data from and with each other. Even if you "opt out" ( we should be defaulted to opt-in rather than having to opt out but that's another discussion ), banks have a sneaky trick of slightly changing your ToS and giving you 30 days to "opt out" again. It's one of the reasons why every year, people get "new terms" in the mail. If you look closely, you'll see a slip of paper in the pile of papers about "privacy" rights and saying you have 30 days or so to let your bank know you don't want them to "share" your data.

Also, keep in mind that anonymized data is anonymous in a local sense, not a global sense. Even if PII is removed from one data vender, you can link anonymized data from a variety of data venders to "unanonymize" you. If you have one set of PII ( say like your employer ), then it's really effortless to link you with the anonymized data.

If you have search history from google, data dump from facebook and CC data, then one could pretty much peer into most people's homes and lives without much problem. You could know people better than their spouses do and in many instances, better than they do themselves.

The difference between a slave or serf and a free man isn't paid labor ( as even slaves were paid for their labor ), but the right to prevent intrusion into their lives. A free man had privacy. Slaves had no right to privacy. We are moving into a world with little to no privacy. Well not all of us. The wealthy are moving into a world of greater privacy.

Buying up islands. Highly walled and heavily guarded compounds. Opaque offshore wealth centers.

The big hedge funds pay big dollars for direct lines of data from the credit card companies

They are looking for advance warning of something happening to the merchant, if they are a public company - not on you as an individual.

Wait, so for example hedge funds can buy aggregated data from BoA about how much is spent at Walmart on BoA CCs on a daily/weekly basis, wouldn't that data be very valuable prior to an earning call/report, somewhat like insider trading (but I guess not technically?)?

From the article

"The company said people can opt out of ad tracking using Google’s “Web and App Activity” online console. Inside Google, multiple people raised objections that the service did not have a more obvious way for cardholders to opt out of the tracking, one of the people said."

I did read the article. That's discovering that someone is stalking you, until and unless you tell them you'd rather "opt out" even though you never "opted in" the evil stalking. Meanwhile, all shops and businesses you get near to or purchase from are calling the stalker to let him know what you're doing -- how do you "opt out" of these?

That's free market for you; meaning people with more money than you set up a system so even handling money itself costs you money and they also try to squeeze even more money doing shady things such as tracking your shopping patterns.

This is the kind of stuff where the government should have a heavy hand on regulations (unfortunately the members of the government like anyone else are incentivized by money so guess who has a lot of it to "lobby" them.)

Buy less stuff.

It maybe isn't an ideal solution, but it has a lot of upsides. Advertisers (and ad middlemen like Google) bet that they can sell more stuff by drilling deeper and deeper into people's lives.

But the bottom falls out of all that when people decide to opt out of large parts of the commercial ecosystem.

Track your finances instead, the same way you would with a fitness app, and get that dopamine hit from seeing your savings increase. Feel secure in the knowledge that when the next major economic slump hits -- when, not if -- you'll be able to easily ride it out, maybe even enjoy a nice vacation at discounted rates.

The massive growth of ad blockers was an immune response to the excesses of advertisers on the web. Commercial minimalism is the only way to respond to all this crap happening everywhere else.

Or do like the germans that remember the old times of big brother watching you. Use cash.

When I'm shopping it isn't just the old ladys digging deep and long in their purse for the exact change, almost everyone pays with cash.

Thats pretty backwards. Just make it illegal for banks to sell customer data. No need to make life miserable for everyone.

How do I pay with cash on amazon.com?

You can buy Amazon gift cards with cash anywhere like drug and grocery stores.

However, you have other problems: If you have an account, or even a consistent shipping address, Amazon knows what you're buying. So you'd need to anonymize where you're shipping packages to, the names on those packages, and you'd need to register new Amazon accounts regularly with new email addresses to avoid them profiling your purchasing habits.

This makes me wonder if there is a business model for 'anonymous proxy' companies, where you do the shopping at your favourite online webshops, but handle actual ordering, payment and final delivery to your home via the proxy company, who guarantee your privacy for a small additional fee, or subscription charge.

Maybe this exists already. The difficulty would be in offering a good usability (how do you get that Amazon product you want in your local shopping basket).

Wouldn't that company have all your information? What would make me trust them? Seems more dangerous than buying directly from multiple retailers, for example.

See my response to lotsofpulp.

That business would attract all the bad actors looking to use stolen credit cards and then get banned by the merchant processors for too many chargebacks. And no one can guarantee your privacy, unless they're deleting data very quickly, but the merchant processors wouldn't like that nor would the government.

It would have the same due-dilligence requirements as any webshop and validate your payment method (which could be any method, like iDeal, and even credit card, where the payment processor doesn't get to see the exact order details, but a 'proxied order').

You are right about the privacy guarantee, but there is the issue of trust in any business transaction. Why am I using ProtonMail/VPN? Because they have privacy + security as their primary USP and it is reflected in their business (transparency, privacy policies, compliance, certification, etc.). They work hard to earn and keep my trust, and I pay them to do just that.

I am no expert but probably you can let your company be audited by some trusted party on adherence to privacy promises and prove that you comply.

Having that they can keep my data in storage for as long my government requires by law.


Edit: Because this is deeply nested and tangential to the topic I created a separate Ask HN on this idea: https://news.ycombinator.com/item?id=17884474

Amazon Locker storage boxes can be used without any address and with a pseudonym as your Amazon account. You receive a six digit code to pick up your stuff. Only works for items that are fulfilled by Amazon, though.

> If you have an account, or even a consistent shipping address, Amazon knows what you're buying.

Still a huge difference betwen that and the alternative where all three of:

- Amazon - Google - and MasterCard

knows what you've bought IMO.


This is the first Google result for “amazon.com pay with cash”.

Well don't use amazon dot com then.

Pull money out at an ATM and pay for things with cash I guess. Not great, but it's an option.

As long as you don't travel on a highway where the money will be seized by law enforcement by use of civil asset forfeiture due to your suspiciously carrying cash.

I believe that limit is $10,000 and you never use a credit card when spending that amount of money because the transaction fees are too high.

There is no legal restriction of how much money you can carry around with you in the US, I believe. When you cross a national border you need to declare it and if you buy casino chips or deposit into a bank, they will report you to the government. But the cops can and often do "arrest" the money and will take much smaller amounts of money from you if they find it.

The limit is not 10,000. There may be an official number where that starts happening but I have seen it happen (completely anecdotal) with amounts as low as $800.

Care to tell your story because that is totally fucked up if a cop took a measly $800 in cash from you?

In Philadelphia, most cash seizures are under $250.


You don't read much about police abuse of power, huh.

Do you think gift cards would shield you enough? I mean they can be tied to the card used to purchase. But are the data-mongers doing that?

Gift cards can be purchased with cash.

As long as this is possible. In China's social credit experiments cash money is no longer an option, and in countries such as Sweden they are thinking of getting rid of cash too (though public opinion has shifted somewhat with growing awareness of privacy issues).

On the other hand, most credit cards already sell transaction data to third parties.

Hey at least the credit card companies are fully transparent - all that is clearly outlined in the 20-page size-3 font terms and conditions you signed up with! /s

It's ridiculous that credit cards, the primary mode of online purchases and strongly preferred by physical retailers, is dominated by just two/three companies... all of which freely sell your purchase histories to other companies.


I have to create a google account and link it to my mastercard somehow just to be able to opt out?!

Do you really believe they stop tracking your data even if you opt out after recent events?

What events are those?

Wasn't this "Web and App Activity" just this month found to keep its own location history when Location Services are disabled? Seems like they've loaded a lot of different behaviors into this one setting.

Followed the link. Read the description at


There is absolutely nothing written about this being a way to opt out of their purchasing and tracking credit card use.

And if I still want to use some of those features (because some are useful and I don't care about that data), it doesn't appear I can opt out of this specifically?

You never had a choice. Paying with plastic always meant that you were tracked and that data sold. If you don't like it, use cash.

Banking data has strong regulatory protection. I am surprised payment data hasn't.

Cash is tracked by the banks. It's usually pretty easy too, especially with things like coffee shops that take a lot of 20s and give a lot of 5s. Most people take out 20s, so it's pretty easy to know who was likely at some place at some day or week.

not even remotely the same league.. I've never once heard of cash analytics for spend habits the same I have seen for cardholder/loyalty programs.

It's tracked to the person and has been for decades. It's used to fight crime, not to help advertisers.

Well then get your cash from a teller because it will not be scanned before it's handed to you.

Interesting. I haven't seen retail banks tracking cash this way.

How do you unGoogle? They have my phone, my email. Amazon now follows my grocery shopping at Whole Foods. I doubt Visa and Amex are far behind, it's free money for them so there is no point in canning Master. What a disaster! Ad supported Internet is the root of the problem.

Did you read Chaos Monkeys? What about Dragnet Nation? Both (of which are not new) peek behind the curtains you're concerned about. Both are recommended, and freightening. It's only going to get worse.



Borrowed Chaos Monkeys from the library based on this post. Thanks for the recommendation, it's very engaging so far.

The best bit - relevant to this HN privacy discussion - is about two-thirds in. It's where FB cracks the code (breaks the back of privacy) and heads for advertisers' nirvana. And that was 5+ yrs ago.

And yes, his style is very entertaining. I hope you enjoy it.

You can use ios or lineageos. You can use an email such as protonmail (although I personally find them just a touch shady, they're no doubt miles better than gmail) or host your own. Don't shop at whole foods. Pay with cash.

Just out of curiosity, what feels shady about ProtonMail?

I believe a competitor of theirs has been actively trying to spread distrust of them on HN. I don't remember the details well, but I think they allege that ProtonVPN and ProtonMail aren't independent from each other when they claim they are.

There is a smear campaign going on, but not about precisely this. The smear campaign is that since ProtonVPN is free, it must be doing something nefarious.

ProtonMail and ProtonVPN are legally separate, but they are both part of the Proton family of projects which originated from CERN.

I'm not sure what competitor you're referring to, I don't think they have many of those (tutanota, maybe? Or startmail?) but I assure you I don't work for one of those. There's not another email provider I have significantly more trust in or that I think does everything right while protonmail does everything wrong, there's just a minor sticky feeling that I have using them.

Thank you, I am aware of the alternatives but it's an uphill battle to fight a monopoly, i.e. I have only Comcast here as Internet option, etc.

Not using google is actually a piece of cake. Ther are reasonable competitors for nearly all of their services, except maybe translate and maps. Though I have been looking at OSM a lot lately.

I, personally, use an DuckDuckGo, an iPhone and Apple mail. Amazon isn't an issue really- just buy whatever you were going to get on amazon somewhere else - it's pretty rare that I find a noticeable price difference (unless we're talking about the cheap off branded stuff on amazon - but I don't want things like that anyway).

DeepL is a good alternative to Google Translate, though it is quite a bit more limited in terms of features and languages. I often find DeepL translations to be of higher quality than Google's (for the 2-3 languages I regularly translate between).

> Not using google is actually a piece of cake

not using google is easy, not losing data for 15+ years and counting is significantly harder. even Apple dropped my photos due term of service change, I had to scramble gigabites off internet into disks and now my collection is an unindexed mess.

To be fair to Google, they (mostly) make it fairly easy to move out; exporting your Photos with Takeout returns a nice archive where each image is accompanied by a JSON file with metadata. It's not any standard format, as far as I can tell, but should be easy enough to massage into whatever you want.

Well, it is somewhat of an uphill battle, sure, but every hill has a top ;-)

As for internet, you can always get yourself a VPS and tunnel everything through that, so your monopoly ISP doesn't get to see anything of what you do.

For email, there's Fastmail, which is great and the web UI is clean, simple and fast. If your phone is supported, you can install LineageOS on it without any Google apps.

A couple of years ago, I decided to go with Runbox for email along with some self-hosted solutions. It has been great - Gmail over IMAP is relegated to newsletter subscriptions. I also use LineageOS on my phones and tablets.

Unfettered, profit-at-all-costs is the problem. Paying for something brings no shred of chance that your data isn't being harvested. Zero.

Most people pay for credit cards by way of yearly fees, they track you. Purchase music? Your music is cross referenced in the name of discoverability. Hardware? Same.

Some of those things might be helpful in some contexts, and in others not. That fuzzy line is the discourse.

With all of that said, to cite the locus of all evil as “ad supported” as the problem is a logical fault line.

It is vital to unGoogle, to protect your data. Totally possible.

1. Switch everything to Apple, hardware company. iPhone, Mac OS

2. Use myname@icloud.com email, create few email aliases. Forward your gmail to it, and finally delete gmail accounts.

3. Don't use any of Googles software, like Chrome. Install adbocker extention/app and use Private Browsing windows by default

4. Buy a VPN subscription and set up your phone and Mac to always use it (on-demand).

What makes you think your VPN company isn't selling your net usage data to Google?

I carefully selected it :) Even if it does, there are other benefits:

- ISP has no clue what you do

- Your IP is hidden, major feature for fingerprinting you by websites, trackers and Google.

You could move to Apple and use Apple Pay Cash to buy purchases you'd rather not be tracked and sold to Google (and a million other companies).

[correction: Apple Pay Cash should indeed be a workable shield.] Using Apple Pay [not the "Cash" feature] only hides your details from the retailer, not from the credit card company nor evidently from Google.


It appears that Apple Pay cash doesn’t share much, although they do say ‘We may disclose information that is not personally identifiable for other purposes.’

What they mean exactly by ‘personally identifiable’ is open to interpretation.

I said Apple Pay Cash, and yes, it does.


Sorry I didn't realize the distinction you were making! you are right that seems to be an electronic equivalent to cash.

re: Whole Foods, I've never heard of a place that was a food desert but for Whole Foods. You should take your business somewhere else if you don't want Amazon to have data on your grocery purchases.

Funny anecdote, my fiance used to live in midtown Detroit near the Whole Foods. At the time the groceries situation was worse, it was more-or-less a food desert other than that Whole Foods [0].

I don't know how folks who can't afford a car would get groceries (an hour round trip on the bus, I guess), but that can be said about nearly everything in Michigan. The whole wealth bootstrapping problem is really unsolved out there, you can't get started on anything without like $5k for a car and car-related expenses.

[0]: https://www.google.com/maps/search/midtown+detroit+groceries...

> Amazon now follows my grocery shopping at Whole Foods.

Shop at Aldi. https://aldi.us/stores/

Or pay cash!

Moving to Europe? I have always despised creditcards, their business model is anti consumer and legalised theft. Luckily I live in a country that has superior payment options.

Which country is it? What payment systems do you use?

In Germany direct debit (pull) is common and the EU is currently rolling out instant wire transfers (push). Either way cuts out the third party as you're paying directly from your bank account and banks are far more regulated wrt. privacy.

Unfortunately, you'll find it rather annoying to pay for a rental car. If you use a debit card, they'll pull an additional €250 deposit, which you won't get back until you return the car.

If you pay by credit card, it just goes through without having to pay the deposit. It's one of the reasons why I begrudgingly got a Mastercard, and also for the travel insurance.

That's basically all I use it for, though. I think there's some additional electronics insurance or something, but the basic warranties here are pretty good already.

Bitcoin, minus LE EPIC CRIPTO CRAZEH, was supposed to fix this specific idiocy.

I feel like as consumers we've lost this battle. If it's profitable the other companies will do it, too. I'm hoping that as consumers keep getting more screwed we can get some regulation to give us at least a little control and visibility into our data.

Move to Europe, where there are sane laws against this type of behavior.

What makes you think MC and Google aren't doing the same thing in Europe?

If they do, I hope they get caught and have to pay 4% of their global revenue under GDPR.

There are laws against them doing this in Europe.

Are you referring to GDPR? As far as I can tell, the data is allegedly anonymous, so not subject to GDPR. Even if it weren't, Google doesn't exactly have a good track record of respecting privacy or privacy related laws. They've been known to "accidentally" harvest wifi traffic in bulk. They drive spy cars around taking pictures or everything and everyone.

If they were anonymous Google wouldn't be able to match purchases against ad views or let users opt out. I suppose they are just exchanging something like a hash from customer data, so technically Google doesn't get personal information.

The first GDPR suits against Google will be interesting. Nobody knows yet exactly what is banned under the GDPR.

Bloody nanny state socialists and their business destroying government overreach. No wonder they'll never catch up with Silicon Valley. /s

This is about linking real-world credit-card payments to your online identity. People in Europe don't use credit cards offline.

>People in Europe don't use credit cards offline.

That's a huge over-generalization. It's true that cash is king in Germany for instance, but Scandinavians pay almost exclusively by card.

> It's true that cash is king in Germany for instance,

Sure, Germany is a bit behind the times when it comes to paying with plastic.

> but Scandinavians pay almost exclusively by card

Same goes for the Netherlands where I live, but we don't pay by credit card, we pay by debit card.

To clarify, in US even debit cards are primarily Visa or Mastercard, whereas in Europe they're not. E.g. Norway uses BankAxept: https://en.wikipedia.org/wiki/BankAxept

And in Sweden we use Mastercard and Visa.

Danish person here. We mostly pay by Dankort, which is the standard national debit card, I would bet more than 99% of card payments here are direct debit.

And with Dankort, you have the additional pleasure of being spied on by tabloid news papers.

> People in Europe don't use credit cards offline.

What? Of course we do. If anything, Europeans are less likely to use credit cards online (though that is slowly changing), instead opting for bank transfers or online debit cards.

Effectively that's already the case. I gurantee if you live in modern society, eg. drive a car, use a phone, go on public transit, shop online or in stores with plastic etc... your "pattern of life" would be trivial to put together.

[1] https://en.wikipedia.org/wiki/Pattern-of-life_analysis

If you consider in aggregate all of the government and corporate tracking and surveillance these days, the only way to opt out is to move to an off grid shack in the Montana woods and live a lifestyle like Ted Kaczynsky.

I am about 85% serious here.

Maybe a simple NYCE debit card? Apparently they are widely accepted at POS.

The only choice is to lobby your government officials to create laws preventing this sort of data collection.

End-users have zero power anymore except by collective action in the form of government regulations.

I am curious though, what is the down side to the consumer for this kind of analytics?

My favorite is tracing back the problems to Larry/Sergey, which is why I wrote the essay.

I'm with you. Short answer...pay cash.

Considering in my experience most debit cards are typically MasterCard, good luck.

Don’t worry, they only use it anonymously. Until they don’t want to.

buy something your friends need at a place you rarely shop and get cash back...then go do your cash on hand shopping...

What a flawed analogy. This isn’t anything close to stalking. You are using a credit card processing service. If you don’t like what they do with your data, use a different one or just pay everything with cash.

Pretty sure there are a lot of companies that do not offer their hires the option to be paid in cash, its bank account or nothing. Plus some countries are moving to card-only economy where some stores don't take cash.

The best way to encourage shops to accept cash, and generally encourage countries to stick with cash, is to use cash whenever possible.

How long until a big-tech company starts to log, track, and connect banknote serial numbers from ATM to store? I wouldn't be surprised if ATMs already record the serial number of each note they distribute.

I've been repeatedly contacted by Google over recent years (supposedly because of the work I've done) but I've always felt uneasy about them and hesitated to respond. This additional layer of tracking and the recent revelation on location tracking regardless of explicit settings both seal the non-deal for me.

The soul of that company is to turn the human experience into a vessel for the paid delivery of ads, nothing else matters. Of course I'm sure that one can join many interesting engineering projects there, with suitable blinders. Even when they introduced their AR glasses, they had to show virtual billboards assaulting one's field of vision. What you are to Google is a recipient for ad delivery -- not a customer, not a respected human, not someone to trade with.

FWIW, the Ads org is about 8000 employees (not counting sales), out of 80000 total at Google. Cloud is about 25000 (of which about 4000 are sales and supporting GTM functions). There's MUCH more going on at Google than ads... and that doesn't count the enormous teams working on things like Android, Chrome, Maps, and Youtube.

85% of revenue is directly attributable to advertising. Its an ad company that would like not to be.

Uhh... ultimately Android, Chrome, Maps, and Youtube are all about siphoning more data on you and delivering more ads

Let's not forget GA, Fonts, DNS and CDN services.

And the free version Google Mail, ReCAPCTHA and Google Fiber, plus many of their other services.

Even 'someone to trade with' is a limited viewpoint, a set of blinders in its own right. That said, agreed with the rest of it.

I don’t think this is necessarily new for credit cards...the deal has always been that cards have perks in exchange for them gaining valuable profiling info (e.g. “1% cash back on restaurants!” and in exchange they have a good idea how people spend at restaurants).

The problem is, and always has been, that in exchange for some paltry “rewards” you have no idea just who gets sold what, or for how long, etc.

And this is a major new problem primarily because of how big and pervasive Google is, and how they’re into every business. This means I’m no longer sharing a few silly restaurant purchases with buyers of that data in the restaurant business, I’m enabling a crazy machine-learned madness that is hyper-connected to literally everything else I do. This should be illegal but our laws are too slow to catch up with powerful tech.

The key here is "double-blind encryption" - assuming they got that right, neither can see exactly what I am buying, so I'm good. Bigger point: I'd be ok with any company tracking my activities _as long as_ one of two conditions are met: a) it benefits me (and me only), or b) it benefits them _but_ they cannot identify me.

The privacy aspects are important, but it is also worth considering the impact this sort of stuff has on society. We like to think of ourselves as semi-immune to advertisement (and manipulation), but we really aren't. The 2016 presidential election proved that. Putting more and more data into the hands of Google and others just gives them more power over the public at large. Are we OK with that? Is the discussion even really happening?

I think it is obvious we are not immune to advertisement, that's why advertisement exists in the first place.

For the election, politics is 100% advertisement. Candidates have no legal obligation to keep their promises (and that's a good thing). An election won by something that isn't advertisement is not democratic.

Now for the 2016 presidential election specifically, the fact that Trump won despite having most of the Silicon Valley and a major part of the online world against him shows that "Google and others" are not that powerful compared to the traditional players.

SV was against Trump, but also provided the tools that Trump used to win.

I'd say the 2016 election proved how hard we are to manipulate. Hillary lost despite spending more and having nearly the entire media (with only a few exceptions like Fox) on her side.

Really? Have you ever heard of https://en.wikipedia.org/wiki/Cambridge_Analytica?

Hard to find detailed info about them, but what I've found says they had a staff of 40 and a budget of about ten million dollars.

A fraction of a fraction of the 2 billion dollars the Hillary camp spent trying to manipulate the election.

CA is the Clinton camp's boogeyman, much as Correct the Record was for Sanders fans and George Soros is for Trump supporters.

Hillary received far more negative coverage across the media than Trump did.


>A December report from Harvard University’s Shorenstein Center on Media, Politics and Public Policy delivered some sobering news for all those investigative reporters who may have supposed that their Trump exclusives were changing the world: None of them were breaking from the pack. “Clinton’s controversies got more attention than Trump’s (19 percent versus 15 percent) and were more focused,” noted study author Thomas E. Patterson. “Trump wallowed in a cascade of separate controversies. Clinton’s badgering had a laser-like focus. She was alleged to be scandal-prone. Clinton’s alleged scandals accounted for 16 percent of her coverage—four times the amount of press attention paid to Trump’s treatment of women and sixteen times the amount of news coverage given to Clinton’s most heavily covered policy position.”

The actual report is here:


It notes that:

> Trump’s coverage during the general election was more negative than Clinton’s

Positive coverage of Trump was during the primaries, which is what the Clinton camp wanted, calling him a Pied Piper:

> We need to be elevating the Pied Piper candidates so that they are leaders of the pack and tell the press to [take] them seriously.


It's hard to say that the media was on her side when they gave billions worth of free coverage to Trump. They also gave her email scandals equal weighting compared to Trump admitting to sexual assault and directly asking a foreign government to hack his opponent on live television.

That was negative coverage of Trump. Perhaps what 2016 proved is that there really is no such thing as bad publicity.

They not only covered his rallies without commentary, they would regularly post up hours of video waiting for the rally to start.

Make no mistake, the media recognized very quickly that Trump drew viewers. There’s a damn good reason why CNN is posting record profits.

As Bernard Cohen reportedly said, the press may not be successful much of the time in telling people what to think, but it is stunningly successful in telling its readers what to think about.

Seems to be true in this case. They covered Trump, which made him the person people think about.

They told people to hate Trump. The electorate didn't listen.

Back to the original question, does that mean we're easily manipulated?

I agree 100% on the first point.

On the original question: evidence seems to say yes.

How can you agree that "the press may not be successful much of the time in telling people what to think" and at the same time think we're easily manipulated?

Because the bar for manipulation is not “think X”. It’s very possible to move public opinion by the way things are worded, presented, and brought up without ever going as far as saying “think X”.

Heck, very very few advertising campaigns involve telling the user to buy a product or service. Most focus more on creating a new need/want, or in repeated exposure to make the advertised good seem “normal”.

Now the tricky thing is that manipulation requires intent, which is very hard to prove. Hanlon’s razor would have us believing that in most cases, shady things happen because people are dumb, not malicious. So for my part I personally believe that the media got addicted to the ratings and felt internal pressure to provide equal coverage even when the scandals were quite unequal.

(a) is underspecified. Benefits you according to whose values? If it's someone else's values, then I would object. If it is your own values, then whether it benefits you really becomes secondary, because what matters is that they need your consent. Whether you give consent based on what benefits you is not a primary concern, though presumably you would.

(b) seems to me like an expression of a naive view of personal identity that makes a binary distinction between anonymity and non-anonymity that doesn't exist in reality in any meaningful sense. Does manipulation against your interests become a non-problem when the manipulator doesn't know the name in your passport? Does it become a non-problem when the manipulator's tools are too imprecise to pick out you specifically, so they apply the same strategy to you and one other person, yielding only a 50% success rate? Does it become a non-problem when they lump you in with three other people? With four? Ten? A hundred? A million?

All of this is about power. Just because power is exercised indirectly or somewhat imprecisely doesn't make it categorically different from someone influencing specifically you, just as poisoning rivers and lakes isn't categorically different from poisoning your food on your plate. It's just a scheme for laundering the power to make it less obvious, and if you allow that, that's what people will do. People who want power don't care how they get it, all they care about is that they get it, so if you tell them that you are OK with being manipulated indirectly, then that's what they will do.

The defining feature of a conspiracy theory is that a large number of likely unrelated activities are either part of the conspiracy, or explained by the theory.

The defining feature of an aircraft is that it has wings.

Why are we talking about this?

Apple is making Google get creative with ad tracking.

Safari ITP 2 doesn’t allow 3rd party cookies.



Possibly off-topic but it's so sad that the greatest minds of our generation, the previous generation, and the next are all working out how to maximize digital profiling to more accurately sell us things.

Second only to this is the creepy fact that tools like Deepmind are being built with the purpose of furthering these goals - all of the chess/go beating is literally a side line.

I think this is why people like Elon Musk - he may have some socially reprehensible behaviours, but at least his end goals are either benign or helpful to humanity.

They've been doing variations of spend track as a $value to goods and services for years (I mean the banks) so.. I don't get it: whats significantly different this time, compared to the spend tracking they've done as business-intelligence for the last 20 years? They sell it to the highest targetted bidder. If you are buying BMW accessories for an old model car, without searching online, dont be surprised if you get ads for mercedes cars with a BMW buy-back: your postcode or ZIPcode, plus a few other details gets "you" as well as fingerprinting web purchase: remember your card is used in a weighted centroid centered on your home...

There are cryptographic ways to compute a set intersection between two sets A and B held by two different parties without A and B revealing the membership of elements of the set.

If set A is the set of users shown ads for Merchant M, and set B is the set of customers at merchant M who purchased something, then this intersection can tell you what percentage of the ads were shown to people who made a purchase without revealing who made the purchase to A or revealing who was shown an ad to B.

There’s probably a way to do it with differential privacy as well but it might be less efficient.

Google: free, credit card: 20% APR, human right to privacy: priceless. There are some things money can't buy, for everything else there's Mastercard.

I don't understand how they can correlate a sale to a specific google account without getting personal identification data. By definition if they can associate a transaction with a user, the user has been identified and has lost all privacy.

Google users give up their PII the moment they sign up for an account. If you also use Google Wallet or pay for any Google service, you've given them the ability to associate some representation of your credit cards with you as well.

Together with Location Services, they know everywhere you physically go, so given the last 4 digits of your cards and a transaction list it's pretty easy to guess who you are.

Not sure how this works specifically, but usually you step back a bit and say that what you actually want to determine is not whether a user performed a transaction, but how many users who saw a specific ad bought a product, and then you develop a (statistical) zero knowledge proof/protocol to achieve this.

I don't actually know how to do this, so this is a bit like the "draw the rest of the owl" meme :)

The article mentions there is an opt out on google, so surely they must be able to correlate the transaction to an individual user, otherwise how do they know what transaction to exclude?

People on Twitter have mentioned that this probably extends private set intersection where each party learns the intersection of a set without learning either input set, but that wouldn't quite be enough.

If you assume there is an algorithm where Google can provide some "encrypted" form of their "users who have seen this ad" list such that the amount spent can be computed without knowing the intersection, you could exclude people who have opted out from the list Google inputs into the algorithm.

They double ROT-13 the email address that each side collected so they can correlate, but not identify, individual consumers -- or something, TFA didn't specify the actual encryption algorithm.

"double blind" == "dual ROT13" - of course!!!

Google finally cracks the affiliate nut :-) This was pretty killer for me:

Google paid Mastercard millions of dollars for the data, according to two people who worked on the deal, and the companies discussed sharing a portion of the ad revenue, according to one of the people.

That is not an unusual arrangement for people with search indexes, party A provides a search query, party B provides 10 links to appropriate content and some advertisements, if the eyeball making the search clicks on an ad the revenue is split between in the index provider (party B) and the traffic provider (party A).

Well, if you're looking for some anti-Google legislation to get traction in the US, there's probably never going to be a more interested President...

That'd be some sort of delicious irony.

The most reprehensible president ever, curtailing the bad behaviour of the most reprehensible global advertising company ever.

Tracking by credit card is so effective that some companies, such as Safeway (*in Canada), have ceased their loyalty card programs. Loyalty card programs are redundant and must offer incentives for consumers to choose to use them. Now, no such incentives have to be offered to the customer to obtain the same data.

Safeway has not ceased their loyalty program.

Why ruin a good story with facts?

They did in Canada. (And I've seen articles that say Canadians use cash less often than in the States.)

You've been provided two opportunities to cite those articles.


"You've been provided two opportunities to cite those articles." That is worded in the most irksome manner. What is wrong with you?

Is there are opportunity for a non-tracked credit card? Would it even be possible? I don't mean anonymous, I just mean "We promise not to share your data period, not even anonymized" but we still have your name and address and phone number on your account.

But even if some company offered that all the retailers could still share their data with some aggregator which would effective work around your privacy oriented card not sharing data.

I'd love not to be tracked and would switch cards immediately if they offered the same services I get now and offered zero tracking. I suspect I'm in the minority but maybe with the right PR blitz you could get regular people to switch.

"Does your credit card spy on you? Do they sell all your purchase data to advertisers so they can target you with ads? Yes? Welcome to 'PrivacyCard'"

or something

Next YC batch?

This card will have to work with Visa or Mastercard network, otherwise it won't be accepted in many stores. That is just two companies that Google has to approach to hoover up all of that data.

Building a new card network akin to Visa would be a monumental task. You'd be better off lobbying for legislation.

> But even if some company offered that all the retailers could still share their data with some aggregator which would effective work around your privacy oriented card not sharing data.

If you buy in a brick and mortar store the retailer would not have your address, only your card number. And a privacy-focusd CC company would allow you to generate new numbers for each transaction so the retailers can't use that to merge datasets.

Funnily enough, Google Pay (and Apple Pay even earlier) is doing exactly that [1]. The merchant is only seeing a token that will be connected to the actual card number in the credit card network.

Google is now closing the circle to get to know exactly what was bought - blowing all privacy advantages away.

1: https://support.google.com/pay/merchants/answer/6345242?hl=e...

And removing the oportunity for the retailer to collect info on who shops in their stores...

An "opportunity" they never had with cash in the first place.

Yes but they do have the opportunity when customers pay with their credit card directly..

An untapped opportunity perhaps

There are pre-paid "credit" cards in Japan (and I imagine other places as well). You can even get a Visa card. While they do have a special number range, you can usually use them in the same place you can use any other card. I can go down the convenience store and purchase one and then use the card online. The most that they can track me is to find the time and location of the convenience store I bought it at (as long as I pay cash).

The only problem is that the total you can spend: ~$50 on the ones I've found, so not terribly useful. But it's at least proof of concept that they could do it if they wanted to.

Japan is mostly (for the moment, anyway) a cash based society, so these kinds of things work. Payment cards are becoming more and more popular, where you load money on to them and then you can use them in stores. Most of them don't require that you register with them, but of course they all recommend it (and you can't take money off of a card without it being registered, presumably to reduce theft of the cards).

I quite like the system, since I like privacy. Also much better than a debit card since I don't have to give access to my primary bank account to have a convenient payment system.

I wouldn't mind paying a larger monthly/yearly fee if this was a thing.


Am I the only one who finds this outrageous? I'm not surprised, but I am angry.

This is hardly the first outrageous thing google has done.

Slighly off topic, whenever I see rebates (or similar) in the form of gift cards, I always assume the the entity awarding the gift card does so because the use of the card deepens their data profile on you.

Or maybe I'm just too paranoid?

Yes, although gift cards are usually limited in where you can spend. It's also an amazing amount of float for larger companies: https://en.wikipedia.org/wiki/Float_(money_supply)

The thing about paranoia is, it doesn't necessarily make you wrong, but it might make you crazy.

" With it, marketers see aggregate sales figures and estimates of how many they can attribute to Google ads -- but they don’t see a shoppers’ personal information, how much they spend or what exactly they buy. The tests are only available for retailers, not the companies that make the items sold inside stores, the spokeswoman said. The service only applies to its search and shopping ads, she said."

Privacy focused payment products will be more in demand because of these kind of things. I look forward to it !

Unlikely. What will end up happening is that MasterCard will be making money from this deal, which will incentivize it to either drop merchant fees (leading to merchant offers for buyers to use MasterCard) or increase card member benefits to get more data to sell, which will make people use MasterCard cards more.

The average buyer would rather get cash back to allow Google to report to merchants how their ads resulted in credit card payments than to not get cash back and hide this information. This is the same economics for how loyalty card programs work.

Yeah, this is like them stepping into my house. This whole time they’ve been peering through every window but now, they’ve let themselves in.

Well, yeah.

They realized there's money laying on the floor of your house.

Why wouldn't they pick it up?

Financial crime risks?

This is precisely why "going cashless" is silly. At least leave the option to those citizens that care about their privacy to be able to pay with cash and not be tracked the heck out of them.

Sure you can pay with cash. But you better turn off your phone because they also track you with your WiFi MAC address when you walk into stores.

Your phone should randomise the Mac when searching for access points.

That's where IOS did much better.

Does iOS randomize MAC addresses when looking for public wifi networks?

Another thing to worry about is whether iPhone really turns off the wifi radio when it is greeted out from the menu.. I remember a setting change somewhere around ios10/11..

iOS 8 MAC address randomization

And going all-cash, at this point, is futile. It's the same as the Google email or the Facebook profile conundrums. You can opt out, but they have enough context to infer most everything about your "hole" in their data anyway.

Applications are open for YC Summer 2023

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact