Yes that's exactly how this gets implemented in practice.
I did quite a bit of client work here too, specifically around using already existing surveillance camera networks to build user profiles.
At the end of the day the goal is to optimize for the intersection of "what the user wants" and "what we want to sell." So, a low collection system will give bad recommendations and a really good recommendation system will have an immense amount about the user.
Now that I talk with people on the other side of this, it's clear that most don't really care as long as they are getting good suggestions. I had this conversation just a few weeks ago with a young lady and her take was: "It's kind of creepy, but if it gives me good suggestions, I don't really care."
Part of the problem I think is that these people don't actually comprehend what is happening and the possible consequences. To them it's just a magic black box.
Maybe I’m one of these people. What exactly are the consequences? So far, the most damaging consequence of overreaching customer privacy is the famous teenage pregnancy leak when Target sent out coupon mailers to expecting moms based on shopping history.
That’s a really weirdly specific issue, and hard to imaging a similar scenario that would affect my life in some equally horrible way.
Am I missing something? Why should I be so afraid of Home Depot or whatever knowing a little bit about me?
My wife got a box of Enfamil Fedexed to our door as a promotion on what would have been the due date of our baby. Unfortunately, she miscarried at 3 months.
They knew this because marketers get near real-time access to prescriptions, hospital admissions and other things.
You should care because your information will be sold or traded, and behaviors can be correlated against medical and other outcomes.
Are you a divorced dad who has moved within 90 days and play daily fantasy sports? I can buy a list that will find you for $250. You are a risk for opioid addiction and may get denied service in the future for medical issues. Or you may attract advertising tailored to get you to gamble or drink more, when you are at your most vulnerable.
If what you are saying is true (I'm genuinely asking), that sounds like behavior that should absolutely be made illegal and severely punished.
I try to maintain a "lite" internet footprint (no facebook, only social media is LinkedIn, I use a VPN when I can) ... it's a little disturbing to think that someone can just purchase my buying history and use it as, essentially, an attack vector to serve me ads or gaslight me into buying stuff I don't really want or need.
Yes, you are. The events surrounding what happened to my wife was very painful (an ectopic pregnancy that nearly killed her), and a thoughtless reminder was very unwelcome. I still feel violated and betrayed.
In our case, I found out the marketing list from Enfamil and bought it for my zip code. I complained to the hospitals’ privacy officer and the state regulator and found that everything was legal.
In our case, the hospital pharmacy issued drugs to her indicative of a pregnancy. The pharmacy or insurer provides that information in real time to data brokers. The pharmaceutical companies assign quotas and send salespeople for certain drugs. There are other ways for data to get out that we’re not certain of. Perhaps the insurer “anonymizes” and sells subrogation information. Or the lab. In any case, they knew that my wife was admitted to an OB floor of a hospital, but didn’t know the outcome.
It’s not going away. The US government uses these same techniques with companies like Google to combat extremism or terrorist conversions — they actually use factors like this to target potential recruits with counter-information via ads.
> I complained to the hospitals’ privacy officer and the state regulator and found that everything was legal.
Both of those are the wrong venue for complaint on this issue; the hospital privacy officer exist to protect the hospital from liability and will never confirm to an outside party, especially a complaining party, that an act is a violation of the hospital’s legal duty, and the state regulator isn't responsible for enforcing federal law.
The right place for complaint is the federal Department of Health and Human Services Office or Civil Rights, which is actually responsible for enforcing the privacy provisions of HIPAA. Or getting your own attorney.
It's not a HIPPA violation because they give the information to one of their "partners", and you agree to this in all the crap that gets signed.
I went to a Norton Hospital Immediate Care Center and paid cash because I didn't have insurance at the time. Because I paid cash, Norton turned all of my contact information over to a company that sells health insurance and gives loans to pay for medical services. They bugged the everlovin' shit out of me with automated phone calls until I decided enough is enough.
The Immediate Care Center denied giving any information out and were shocked this was happening, but Norton central billing knew about it, said they would remove me, but the 3rd party already had my info so it was too late.
The 3rd party were complete assholes, and when I got fired up because I wouldn't give them even MORE personal info to be removed from their call list, they said it was my fault: if I had just called them back and given them the 15-digit code, an agent would have removed me. That's also a lie, because I eventually did try that.
To protect my privacy, I told Norton my phone number had changed, and my new number was 812-555-1212, which is the 812 area code directory assistance number.
They did the same thing to my sister when she paid with cash because her husband had just changed jobs and she didn't have the new insurance info yet.
That's really awful; I'm so sorry you both had to go through that.
Would you mind sharing more information about how you found that list (esp for a given zip), and how you think they tied that information to an address? My email is in my profile, if you wouldn't mind reaching out.
I called and asked Enfamil. They readily provided the name of the marketing list. When I bought it, you had to get a minimum number of entries, which I did by targeting a couple of local zip codes.
I don’t have ready access to it now, but it had all sorts of stuff, probably about 150 columns. Stuff ranging from likely medical conditions to car owned, to stores frequently shopped to specific consumer products used.
As a more serious and well-known concrete threat, this type of data is regularly aggregated by data brokers, and then used by stalkers and domestic abusers to commit crimes.
I imagine it being available and cheaply for sale is also a boon for various financial crimes/fraud.
It's not home depot specifically to be worried about knowing a little about you, but about them not being competent to control that data and everyone's little bit becoming a lot more significant and dangerous when combined.
edit: Also, the same type of information can easily be used later by government. I imagine if Uyghurs were not being specifically targeted by the Chinese government for cultural extermination there would be little trouble in their cultural identity being discernible from certain purchasing profiles. Once they are rounded up into camps, the last 15 years of detailed surveillance about them becomes very troublesome for them.
Never heard of them selling to individuals but it wouldn't surprise me if they do. At the very least a record should be kept of who they sold the data to in case it is used for a purpose like stalking someone.
I work in credit scoring and you should be afraid of what you will not be eligible / priced systematically for in the future.
What will employers find when they use this for background checks? If you regularly buy alcohol a drinks_alcohol flag could be set or a health_indicator could increase.
This feels like it should be better dealt with via legislation. Already sounds like health data, which is legislated to high-heaven in the US, and also sounds like the juiciest ever GDPR suit waiting to happen in the EU.
Well the example was now around health data, but you can easily make up other more innocuous examples that will discriminate enough to give you a disadvantage.
It's not that you should necessarily be afraid of it but rather that you should be more aware of it. Advertising is now weaponized to the point that companies can take advantage of people through psychological tricks to get them to disadvantage themselves just to make a sale. Imagine the housing crisis amped up to an order of magnitude. Transactions, theoretically, should be based on good faith from both parties. If a business has far more insight into you than you have into them, though, then nearly every transaction has the potential to be predatory.
Is there a concise, well written, summary of the types of things that are likely to happen to folks because of data collection? Would be nice to have something to give people that don’t understand.
This is, in general, the problem with America and other countries, in my opinion. Technical literacy is extremely low for the level of technical sophistication present in everyone's everyday life. I know it's not great in other countries but I think America has it worse in a lot of ways because our society encourages companies to take advantage of people in every way imaginable and lawmakers are possibly even less tech savvy than the majority of the population. People don't actually understand the consequences of their actions (agreeing to ToS, giving Facebook their data, using Amazon Echo/Google Home, etc.) and so they can't actually make an informed decision. The EU, at the very least, has attempted to make this conversation more public through the GDPR, but America is too self-involved to even consider educating the populace.
>This is an Unpopular Opinion, but IMHO thats kind of a reasonable stance to take.
I disagree. The recommendation is immediate and apparent to the end-user. The negative potential uses/consequences of all the other data collection are not.
It's funny, but when an unsuspecting person gets a home loan they can't possibly afford pushed on them by a shifty mortgage broker, people here cry bloody murder. But when people ignorantly consent to having their data harvested for the pleasure of better targeted advertising, the tech community happily says "but they asked for it!"
> But when people ignorantly consent to having their data harvested for the pleasure of better targeted advertising, the tech community happily says "but they asked for it!"
What? I feel like the only topic the tech community gets worked up about that nobody else cares about is digital privacy. There are always people on hacker news condemning a lack of privacy and targeted ads - I'd venture it's the majority of people on this site that feel that way.
All Reddit twitter and HN do is complain about data privacy and ads. It’s the complete opposite of ever being “they asked for it”. Can you find any big thread with more than a few small comments Resembling “they asked for it”? I can give you tons of examples for data privacy and anti ad stances. Just go to any FB thread. Or even this thread.
That's not unpopular. That's the idea of a two sided transaction, you learn a little about me and point me in the right direction as a personal shopper and I'll buy something from you.
Also, point out that you're going to sell that data to anyone who asks, link it to your facebook profile and CC data and people start to get a little uneasy. The reason people tend to view these things as OK, is that they see it as a 2 sided transaction and don't realize the implications of unregulated data. If we had clear laws around data, and consent of use of data like GDPR in the EU, it's a completely reasonable stance to take. (even with GDPR, there's a lot of data in things like tracking beacons and video recognition in public that are difficult to consent too or have data removed . . ..)
I've used systems that leverage passive detection of Bluetooth, Wifi, and other radio signals as an indicator. No Apps required. Tying beacons into points of authentication (login from workspace) or transactional data at a register.
A large portion of it was actually focused around security and not product marketing, but the tech is the same.
Reminds me of an old Mac application from PowerPC days that would sense your phone's Bluetooth coming into the room and automatically unlock your computer.
I thought it was pretty cool.
Current Macs have that possibility built-in, but it only works with the Watch.
I use MacID app on my iOS device to quickly wake my OSx machine via Bluetooth and authenticate w touchID. I think it's pretty slick. Not for the security crucial installation but fine for home.
Does the BT detection work the same way that WiFi access point scanning works? I know that app developers use this WiFi tech from a client (device) side to determine location, but I am a bit disturbed about the aspect of this being so accurate with BT devices.
I did quite a bit of client work here too, specifically around using already existing surveillance camera networks to build user profiles.
At the end of the day the goal is to optimize for the intersection of "what the user wants" and "what we want to sell." So, a low collection system will give bad recommendations and a really good recommendation system will have an immense amount about the user.
Now that I talk with people on the other side of this, it's clear that most don't really care as long as they are getting good suggestions. I had this conversation just a few weeks ago with a young lady and her take was: "It's kind of creepy, but if it gives me good suggestions, I don't really care."