Stores are happy to sell all your data to advertisers for now, but what they really want is to use it themselves. Their wet dream is to get us to accept Personalized Dynamic Pricing (https://www.researchgate.net/publication/338776528_A_special...) which means that once the store knows who you are (either by your photo, or by detecting the phone in your pocket, or by your loyalty card) they will customize the prices at the register just for you in order to take as much money from you as they think they can get away with.
They can drive up the price on the items you always buy until you stop buying as much, or lower the price on certain high price items just enough to attract you to them before they start creeping prices back up. They can use data like what you've bought from them before as well as data like your income level, who the members of your household are, and what your shopping habits elsewhere are.
Store loyalty cards are seen as a great way to start collecting useful data and get consumers used to the idea that some people get (or even deserve to get) different prices than other people. Be cautious of any place that asks you to use an app or scan a QR code to see their menu or prices, and resist the idea that stores should be allowed to discriminate by charging certain people more than others for the same product.
Not illegal yet. Read the paper, stores have already been trying versions of it and it's being used in some industries already. Airlines have been playing with it for ages, which is how you can get very different prices online depending on things like which browser you are using. (https://millionmilesecrets.com/guides/are-airlines-raising-y...). It's not transparent to the consumer when it's happening so you may never realize you're being ripped off.
It’s not illegal until a protected class is charged a higher price and has grounds for a lawsuit, and the grocery stores cannot prove their AI isn’t racist.
It's not easy for someone to know what other people are being charged and it'd be easy to make it pretty much impossible for anyone to say exactly why.
I'm guessing it'd fall on the person who was overcharged to prove that it had anything to do with their race, and even then the company will hide behind the AI to avoid all responsibility. There are already many examples of AI found or suspected to be biased, but has anyone at any company been jailed or even meaningfully punished for using an AI that was found to be biased? It seems like the most you can expect is "We'll stop using that AI" after which they'll just fire up another one.
At least one good thing about supermarket oligopolies is that they'll need to abide by the strictest unit pricing state laws for the region they operate in.
It's not illegal today. Grocery stores have already been testing it and it's common in other industries.
> For example, ZipRecruiter, an online employment marketplace, indicates that it could increase profits by 84%
by experimenting with personalized prices (Wallheimer
2018). Other players, such as travel sites (e.g., Orbitz, HotelTonight; DeAmicis 2015; Mattioli 2012), retailers (e.g.,
Amazon.com, Home Depot, Staples; Streitfeld 2000; Val-entino-DeVries et al. 2012), and even grocery stores (e.g., Safeway; Clifford 2012) have also reportedly begun implementing personalized prices for their customers based on
individual characteristics.
This is all just another means to get people accept that prices should be allowed to vary on an individual basis. I'd very much like for this to be illegal, but companies stand to make money hand over fist so I doubt it will happen.
The Robinson-Pactsman act makes this type of activity illegal today, but has largely gone unenforced with passing time due to the complexities of the act. There's talk that government agencies are thinking of returning their enforcement of the act. Anyhow, just because companies are testing things and getting away with it, doesn't make something legal... it could be a ripe opportunity for a lawsuit.
You are only correct in a SOCIALIST world where ONE market supplies everything.
Your nefarious visions ARE WRONG in a CAPITALST MARKET where the grocery store must COMPETE with another store down the street and the CONSUMER IS FREE TO CHOOSE where they purchase their goods.
All the regulatory barriers preventing new grocery stores from entering the marketplace reduce consumer's choices and drive the consolidation we see where Kroger buys up regional chains. These activities weaken labor negotiation power and consumer choice but somehow people call out for more intervention.
Increasing competition always and everywhere lowers prices and increases choice leading to higher living standards for consumers
This behavior isn't transparent. You don't know what the person in line before or after you is paying for the same products. There are companies already employing these techniques to rip you off.
Consumers are not free to choose where to get their goods. They are limited by practical restraints such as proximity and access. Food deserts exist in this country and they impact the lives of tens of millions of Americans. Millions live in food deserts and lack access to a vehicle.
You've also fallen for the myth that that just because competition could exist it means that industries will always act in ways that hurt their own profits in order to compete for each other's customers. History, and your own experience, should make it plain that this is a lie. Just because consumers want something doesn't mean that there will ever exist any company who will provide it, or provide it at scale, provide it to a comparable level of quality/utility, or provide it at a reasonable cost.
I want a cell phone carrier that doesn't collect and sell my personal information. They don't exist. I want a new car that doesn't come with computers, bluetooth, and any other high tech features. They don't exist. I want a streaming video service that offers every movie and TV show from the last 70 years for one low monthly rate. That doesn't exist.
The fact is that in our capitalist market consumer choice is severely limited by what the market has on offer. If something allows everyone in an industry to make money hand over fist they'll all implement that thing because it makes them vast amounts of money and their shareholders will demand that they do.
Consumers in the US are commonly unable to find a company willing to provide services that they want because in some cases it will always be more profitable for companies to not provide what consumers want.
If Personalized Dynamic Pricing makes grocery stores a fortune by screwing over their customers they will all implement it. Any weird one off co-op or independently run store that refuses will be of zero help to the vast majority of the population who cannot access it.
Regulations are a powerful tool that can be used to force companies to provide things for consumers that companies otherwise never would. Without regulations companies would be perfectly happy to sell people products that will kill them. Hell, even with regulations companies are often caught trying to sneak products filled with poisons like heavy metals into people's homes. You have personally benefited from regulations your entire life.
Sadly, they can also be abused by corporations who bribe politicians and infiltrate regulatory agencies so that they can keep out competitors, and that is a terrible thing, but of course the problem there isn't solved by making regulations impossible, but by getting rid of crooked politicians and forcing oversight onto agencies to ensure that they're working for the public good and not for the corporations.
Intervention is absolutely needed and we need much more of it, but we should be careful to make sure that they are the right interventions and that they are working to improve the lives of the people and not just the profits of the corporations who seek to exploit us at every opportunity.
I wouldn't mind so much if they also gave it to me. But my grocery points card sells my shopping list to everyone else BUT me. I've looked, and PC Optimum doesn't provide line items back to the consumer.
So rude. Just like Experian and friends. Keeping detailed notes on me, and acting all surprised when I want to read them. It's like they are embarrassed I actually exist.
Sometimes it feels ridiculous how much OPSEC I need to employ to buy anything at the grocery store. I walk or bike to the store to not reveal a license plate. All radios and sensors on my handset are turned off. I wear a mask to thwart facial recognition cameras. I pay cash.
Honestly I think that this a problem that needs to be solved via legislation.
I think it's completely unreasonable to tell people to leave their phones at home all the time, or put them in some kind of Faraday cage whenever they go out, and it's become abundantly clear that we cannot trust companies to respect our privacy without ramifications.
Edward Snowden revealed that u need to remove the battery on ur phone to make it "safe", turning it off doesn't do the trick. [Which u can't do anymore]. As another commenter says: leave the phone at home.
I am going to the grocery store, not blowing up a pipeline. I doubt Kroger is going to remotely activate my baseband modem. Even if they did, I have an anonymous phone with a burner SIM.
The FAA no longer prohibits this stuff, although the airlines still have their own restrictions.
The FAA also only ever had rulemaking about BT and WiFi, because the use of the cell transmitter in flight is prohibited by the FCC, not the FAA. I don't know what the FCC's rules are, precisely.
Be aware, though, that phones will increase their radio power and retry constantly when they aren't reaching a cell tower. If the increased battery drain is an issue, put your phone in airplane mode first.
That kind of phone goes so far to protect your privacy it won't even let you use it to call anyone. (https://www.techrepublic.com/article/librem-5-review-the-lin...). The real solution is regulation with lots of teeth and oversight, so we don't have to depend on flawed products that don't work.
That's a good sign! I'd given up all hope for the Librem and pinephone. I guess it's time to take another look...
I agree that hardware switches are ideal, but I don't see them being common since most of the folks pushing out phones want to use those devices to collect data on the people who buy them.
I thought we were talking about retail stores here, not governments.
If your threat model is governmental, then that's a whole different thing entirely. You'll have to go to true extremes to even have a chance at defending against that. For instance, you shouldn't have a cell phone at all.
In my formative years I rode the CTA a lot, and they always had an announcement, "call 836-7000 for transit information". The number was burned in my head and it's worked in every store I've tried. (You can add any Chicago-area area code; 847, 312, etc.)
Yes, it worked at a Safeway in San Jose too. I love that someone also had this stuck in their head and used it to sign up for grocery discounts.
It should be illegal. If stores want to be open to the public, they shouldn't be able to force people to trade surveillance for cash discounts; grocery store shoppers are in no way qualified to evaluate either the short-term or long-term costs of selling their privacy, and not selling your privacy to every store you shop at becomes a permanent tax. If you want to offer discounts to members, stop selling to the general public and only sell to your membership.
I think that's less valuable than one would expect for the average person.
For example if you rode the bus to the store and paid in cash then you'd have a low correlation coefficient.
The issue is most people (at least in the US) drive a car with a publicly registered license plate and use the same credit cards each time. And with things like facial recognition becoming more common it may be near impossible to hide who you are in the future.
I deal with it by shopping at a reasonable store. Or, if there isn't one that prices reasonably, then I'll choose the expensive store that doesn't pull this sort of nonsense and is just expensive for everyone.
I have a store like this nearby and try to give them as much of my business as I can. It's refreshing: no membership rewards nonsense, no unclear or deceptive volume sale pricing, high-quality produce and deli, everything is exceptionally clean, well kept, and efficient. The employees by all accounts and indications mostly really enjoy working there (not all teenagers enjoy it), and in four decades of shopping there I've never had a bad customer experience that wasn't caused by another customer.
It does cost a bit more, but some of that is inherent because they generally carry stuff that is genuinely better. Despite that, some products are still very competitively priced, and the administrative and cognitive overhead of shopping there is significantly lower.
Thus far they've kept the large chain Orwellian dystopia entirely at bay. My shopping behavior doesn't make much of an individual difference to society but it's worth a premium to get a better product and to not feel like I'm contributing to The Great Race to the Bottom of Everything™ when I shop there.
Not in my experience, in fact if you go to similar lengths to wipe cookies and hide your online identity using other additional methods, when I needed to locate a replacement AGM battery for the stop start tech in a car, the best prices I was quoted were £400-£500.
Then used an account with a known online history, ie cookies not wiped etc, search engines and online retailers came back with prices for £100.
So in my limited experience, going to the lengths I did to hide one's identity online will cost you 4x -5x the typical price.
In some respects, these companies have also put a price on the value of online privacy, which is handy to have.
As someone who has had a limited input into supermarket clubcards in the UK, there is a lot of personal data that can be gained from this information even if the supermarkets dont go to the lengths they could.
I dont think people would be happy with what could be extrapolated, like working out how rich a family or shopper is, health conditions before they even get detected by medical experts, what religion they are, have they been made redundant. There is just so much meta data we give away, its quite shocking really.
In the wrong hands, people could carry out their own stealth agenda's. Back in the 90's people were injecting chemicals or tampering with food which prompted food companies to start using foil seals and other methods to ensure food tampering is/was spotted easily. Things like tampering with baby food and liquids.
It also gives the police and security services via court orders, a ready made dataset in order to build any case against you. Its bad enough people can be psychologically profiled using streaming services like Netflix or Amazon or Youview and satellite services connected to the net, but I dont think people value privacy personally and they dont understand how they can be manipulated once some information is known about them.
At the same time, the state has never had access to so much data in order to better target populations to control or manipulate for their own purposes, like we see with election manipulations that saw Brexit and Trump get into power. I saw some of those social media adverts and it was extreme psychological manipulation and even the BBC were involved with some of that data collection on social media.
In my experience, some criminals will operate over decades, cultivating scams especially when large sums of money like asset acquisition is involved.
Yeah I thought about this, and other ways of anonymizing. But now it seems that Safeway puts its best deals in their app, which requires login. Not sure that would be feasible to rotate with friends.
I actually stayed are a VRBO (like airBnB) where the owner left a rewards card for guests to use (so they'd get the deals at the grocery store and not have to sign up for their own for a regional grocery store).
If they don't, that's the best startup idea I've heard on HN in a long time. I mean, it's evil and everything, but you could make a lot of money probably. Government contracts would probably pay out too.
The problem is convincing big store chains to put a new dollar barcode scanner machine in their checkout lines at every location, to do something that they have no trouble doing right now with credit card details, rewards cards, and bluetooth tracking.
The recent proliferation of "digideals" which require that you scan item barcodes with your handheld also is also popular. These deals are usually very good, often half-price. But w/o a cellphone you're locked out of the deal.
It's a few things, most likely. It removes human error (did you give the cashier a $1 or $100 bill?), reduces risk of loss/theft of physical assets, reduces staffing costs (One person can operate one manual till, one person can operate 15? automated tills where they're basically just overriding weights and checking ID for alcohol), is probably _cheaper_ than handling cash (because you already have a visa/mastercard/payment provider contract who will give you discounts for increased volume, and they likely charge less because of the topic of this article).
The interesting thing is, both of these store chains already had fully automated checkouts, they simply removed the ability for these to accept cash and make change.
Only illegal to not accept cash for debts. A merchant can refuse to do business with you in cash since you're not in debt at the checkout counter (as no transaction has occured)
Ah, I thought it was the claim about "legal tender". As in, my folded-up $10 bill is legal tender, and you (the vendor) must accept it, even if you don't like dealing with cash registers, coins, petty theft, and counting change.
What is your threat model? Are you buying incriminating goods at the grocery store? What do you gain by putting yourself through all that? Or what are you preventing / protecting yourself from?
A free person shouldn't have to articulate why they need privacy.
Privacy should be the default in free societies.
I can play this game though: you are pregnant, but have not shared that information yet with your family because it's early term and there might be complications. The grocery store accurately predicts you are pregnant from your shopping habits (change in diet, per-natal vitamins, "New Mommy Magazine"). The grocery store snail mails you a New Mommy coupon book as a "thank you." Your family sees this and confronts you, forcing you to reveal your medical status against your wishes.
The commenter I responded to initially wrote as if they actively seek anonymity by taking several inconvenient steps every time they shop, even when they presumably have nothing to hide. I wanted to understand what drove that behavior and if it was worth it.
They don't have to articulate it, but inability to articulate might be a sign of overcautiousness / paranoia that is having a negative impact on their life.
If one has something to hide - then sure, take extra steps to be anon. Otherwise, why put yourself through so much trouble?
> Are you buying incriminating goods at the grocery store
You mean hummus, right?
Or do you mean the store selling of your eating habits pretty much every entity out there. Pretty sure eating isn't HIPAA related, but correlated to potential health.
So the threat model is to prevent insurers from gaining knowledge that you buy 5L of sugary soda per week?
I agree there is some privacy concern, but I am having a hard time articulating how or why that data might actually impact a person in a net negative way.
I literally don't care if places don't do anything with this info, I'm saying they have no right to it. If they want it they can negotiate with me and I'll give them an insane price. Right now they just do it whether I consent or not.
Much like you will never understand why someone would go to these lengths I struggle to understand how someone _wouldn't_. I can't understand people whose threat model begins with "these places I'm okay with someone knowing things about me".
If I read your email and then selected "metadata" I found important, walked into a very busy public square, and started shouting your secrets you'd be right to be uncomfortable. If I, for example, made a reasonably accurate prediction that you are pregnant/on drugs/have ED/etc and then told 10,000 people about this you'd be right to be angry.
Yet...you're okay with a company doing any of this? Is it because you can't see it or feel it directly? The head in the sand approach doesn't work. With enough datapoints in one bin anyone can use "metadata" to make extremely accurate predictions about your private life. You need to defend yourself from the constant gathering of this metadata. Snowden warned us and apparently very few of us decided to listen. All it takes is one leak, one hack, one disgruntled employee, or one bad government to take all those secrets you're not thinking about and turn them into weapons to use against you. In a modern battlefield you are a target and the war has been going on for decades now.
Consequences; when you have meaningful consequences around someone knowing what you purchased at the grocery store, you'll be justified in this behavior.
Until then, it's paranoia.
For my part, my "public" life has not once caused me negative consequences, and I've lived it this way for 34 years. Why would I live in fear of something that hasn't happened to me, anyone I know personally, is not recommended by any industry experts, is not presented as a risk factor by group responsible for my well being, etc.?
You need to prove that all of that extra effort is worth the degraded quality of life.
> You need to prove that all of that extra effort is worth the degraded quality of life.
No, nobody has to prove any such thing. This isn't an important issue to you -- that's fair. It is to others -- that's fair too.
You say "worth the degraded quality of life", but in my view, the degraded quality of life is always being under surveillance. Taking these measures improves my quality of life.
What I sacrifice is just a little bit of convenience. That's not a big hit.
You haven't justified the claim that "always being under surveillance" is categorically a bad thing. If you refuse to do that, you're kind of breaking the social contract around communication. Why share this belief if you can't defend it?
And what you sacrifice is a lot of convenience, and a wholesale rejection by the very society you rely heavily on to survive. It's not tenable to live in this society and wear a ski mask while shopping in a grocery store.
> You haven't justified the claim that "always being under surveillance" is categorically a bad thing.
I don't have to. It's sufficient for me to say that I strongly dislike it.
> Why share this belief if you can't defend it?
Why do you think this is something that needs defending?
Regardless, I think I have adequately defended it. It's an intrusion into my life that I don't consent to and I find highly objectionable. The reason I find it objectionable is exactly the same as the reason I object to someone following me around writing down everything I do, or peering into my windows at home.
> And what you sacrifice is a lot of convenience, and a wholesale rejection by the very society you rely heavily on to survive.
Neither of those things are true at all. I do not feel greatly inconvenienced, and I fully participate in society.
> It's not tenable to live in this society and wear a ski mask while shopping in a grocery store.
I agree. I don't do that. That said, if I'm aware that a store is engaging in facial recognition, I will choose to shop at a store that doesn't.
If it doesn't matter to you if you're understood, then you're just commenting for attention, and there's no point in reading anything else you write...
Obviously, it does matter to me if I'm understood. What I'm not understanding is what it is I'm not being clear about.
Edit: I think part of the problem we're having in our communication is that we're both coming from angles that are alien to each other, and haven't really worked out what each other is saying.
For instance, the questions you are asking me are difficult for me to answer directly because they make no sense to me in the context of this issue. I've been trying to interpret them in such a way that I can provide useful answers, but clearly I've failed. I suspect that's because we each have very different underlying assumptions.
I may have said it wrong. I meant that, because of ad blocking, it's impossible to show you targeted ads, that data collection doesn't do anything bad to you personally. They can't use it to try to sell something to you in particular because that requires non-consensually shoving information into you, via your own devices. They can still use it for analytics, of course, but that's not nearly as worrying as creepily targeted ads that follow you around everywhere.
I'll start worrying about that stuff when they start using that stuff. But they aren't right now, and the odds are they never will. The cost/benefit of doing so doesn't work out.
> Well. At least they could have. If they really wanted to. Or anybody else.
You're lying here. I guarantee that you, LargoLasskhyfv, do not even have the ability to keep a nationwide database of fingerprints and DNA, and of course you couldn't bear the expense of physically collecting a DNA profile or the fingerprints of everyone in the country no matter how much you "wanted to." Yet, you are a member of "anybody." Are you just an outlier?
Well. Lemme try to explain. Starting with fingerprints, collecting them on an individual basis is not that difficult. From the handles of the shopping cart, for instance. Maybe better if they had been wiped clean beforehand by somebody, but since Covid many shops actually had their clerks, security doing that generally. So you'd just have to wait, and grab that one interesting cart, and take the prints off of it. By several means, there should be apps possible, for certain phones, with certain (flash)lights, doing that. Otherwise more conventional means are available. Still fast, with commonly available single use supplies.
Some fun thing from 2008 comes to mind, where people associated with the german Chaos Computer Club took the fingerprints of the Minister of the Interior from a glass, and published them :->
So this is really not that special.
More special, but not impossible would be the large scale gathering of fingerprints in shops, but again, that should be possible during scanning of the stuff you've put on the belt, and during scanning of the bills, for counterfeit checks.
Analyzing your genes from generally collecting particular matter raining out of your personal cloud may seem like science fiction now, but it's not that far around the corner.
OTOH, wiping them of some surface someone has seen you sneeze at is possible now. Just not that cheap.
And that's why I pay cash and use Jenny's Number with the local area code for the store discount program.
I know Target also tracks your cellphone through the store too, I haven't bothered putting in airplane mode when I shop, so hopefully they aren't correlating that with the purchases.
This reminds me. At Safeway, for the longest time, I used this number scheme to regularly get 50 cents off or more a gallon on gas. I guess lots of people in my area used this number, maybe realizing it, maybe not, but it aggregated alot of savings at the pump.
Then suddenly one day, it just never happened again. Maybe they got wise to the practice, i don't know, but it stopped being valid
This is fine, but it's not really about tracking you, it's about tracking the habits of shoppers in aggregate, of which you are a participant. (Yes, having your real address to mail flyers is a bonus but not the end goal.)
The only viable solution that comes to mind is to shop at places that don't perform this sort of tracking/loyalty card/etc. and continue to pay in cash. The only stores around me that fit this bill are convenience stores and a chain ran by an Amish conglomerate.
> his is fine, but it's not really about tracking you, it's about tracking the habits of shoppers in aggregate, of which you are a participant. (Yes, having your real address to mail flyers is a bonus but not the end goal.)
Like hell it is. This is an article about Target back in 2012, that identified a pregnant underage girl purely from her purchasing record. 11 years ago.
Target also made their own payment terminals so they could get PII from your cards, and then make a virtual loyalty card from that data. Walmart did similar as well.
> The only viable solution that comes to mind is to shop at places that don't perform this sort of tracking/loyalty card/etc. and continue to pay in cash. The only stores around me that fit this bill are convenience stores and a chain ran by an Amish conglomerate.
With facial recognition being a nearly solved problem, cash won't even save you.
What will save us? Strong federal laws similar to the GDPR.
It’s never a nice feeling to think you are being watched, even if it is in a public place like the centre of a city or train station. Now, Swiss Federal Railways (SBB), the main public transport provider in Switzerland, has announced that it will be installing facial recognition cameras in 57 stations across the alpine nation - however, according to the company, the system only wants to know your spending habits and how often you visit each station.
SBB to instal cameras to gather more data on passengers
According to 20 Minuten, SBB wants to use the cameras to “obtain high-quality data that can be used to analyse the movement of people at train stations." Unlike the 700 cameras already operating in SBB stations, the new technology will allow the international company to track all passengers individually and in more detail.
SBB said that the cameras will capture and analyse the following data sets:
Passengers' age, size, amount of luggage and whether they have any special items (e.g. prams, wheelchairs, bicycles)
Their route through the station
How long each passenger remains in the station
Customer behaviour in station shops (purchasing habits, anti-social behaviour, etc)
Which shops are visited by passengers the most
How much passengers spend in station shops
Now, when there are riots, it is well known that police has human "super-recognizers", which can scan thousands of photos and identify suspect individuals on a whim.
Yet at the same time that one of these persons has this ability and ends up working for the police is a low probability event, the police only tend to use said profiler if the event warrants the expense. When a service moves from human ran to technology ran it generally goes from "I need to do this special thing" to "We should just leave it on and do it all the time, the IT budget takes care of that".
This one got a lot of coverage for how accurate it was, but we just ignore when it gets it wrong. For example, I've recently gotten a few mailings about signing up for Medicare once I retire in a few months - except I'm like 30 years away from it.
But the point of it is that it shows they're targeting individuals, not just collecting aggregate numbers. How good they are at the targeting isn't important.
Yep, I get emails about walmart purchases when I rarely go there, because I once made an account to order something online for a discount. I'm not even using the same cards anymore and they still know its me.
The stores would not need to do any of the stuff they do to track shoppers in aggregate. They have been doing aggregate tracking and collection since like the 80s. This is about pushing up the numbers EVEN MORE by doing specific targeting. My local supermarket has machines that push arbitrary "coupons" based on what you buy and your history, and I assume based on whatever rules the buyers of those advertisements/"coupons" want to implement.
> it's not really about tracking you, it's about tracking the habits of shoppers in aggregate, of which you are a participant. (Yes, having your real address to mail flyers is a bonus but not the end goal.)
What gives you the confidence to announce this? Do you have inside information?
Target, one of the largest retailers in the US, has already abused tracking to increase targeted advertising to expecting mothers. https://bit.ly/3S3hlrA
Let’s say someone shops for baby clothes locally, and my family runs a day care center in that same location. How can we actually market to them? Does the store use their credit card purchases and tie them to a way to actually contact this person, like an email?
There are oodles of data brokers out there: axciom, neustar, etc. Facebook ads would be the quickest way for a small time daycare to target to local shoppers.
We tried it. Just got a lot of spammers calling to offer their own services.
Specifically want to target people who bought baby stuff, or went to a pediatrician etc. Considered approaching local paediatricians to cross-promote.
The ideal would be if there are public records of births in the local hospitals, do those exist? Then one could look who was born 2 years ago and send a mailer to the address listed (by name) or call the number listed (in some phonebook) for those who opted in.
Any baby registries on Amazon or something publicly accessible?
I’d appreciate any ideas you all might have. I want something that is legally available. What do these data brokers actually sell?
The reality is, if you have to ask for this info, they won't sell to you. These companies gatekeep the data because making it hard to see just how fucked up things are helps keep calls for regulation down.
We are a single small company that delivered our product through emails. Even with just that data set, the amount I can find out about hundreds of thousands of individuals and connect them and essentially analyze the metadata for lots of fun things is absurd. I'm not even looking at google analytics for this kind of stuff.
In Germany Amazon, Rossmann, Hipp, and Budni give out baby boxes each worth maybe 5-20€ of baby stuff in exchange for the birthdate and parental details.
Perhaps check their privacy info to find who they share/sell the data with/to.
I am not aware of any stores that use anything other than BT or WiFi. But if they wanted to spoof a cell tower, it's certainly not technically hard. You can buy a device to do it for a few hundred dollars. It's very illegal, of course.
But if they wanted to use your cell emissions for tracking, they wouldn't even need to spoof anything at all. They'd just have to passively listen to your phone talking with real towers.
Does one need to spoof a tower (actively transmit/handshake) or can one simply listen? Is it virtually impossible to do some kind of phased array that tracks the location of mobile transmitters since they're encrypted? Maybe the transmissions aren't frequent/continuous enough unless the user is actively using data or on a call... I'm sure many people here know way more than I.
> Is it virtually impossible to do some kind of phased array that tracks the location of mobile transmitters since they're encrypted?
A phased array can still provide positioning reports even if it can't decipher the data. And, well, doing so would be illegal.
Frankly, I'd use facial recognition combined with a phased array to realtime plot people in a facility. And if they use their credit card, I'd then connect the CC, their face, the pattern they walked, and to the free wifi the store provides to get access to phone-OS data.
Now you can realtime track all your customers who show up. And that data gets sold to whoever buys. Hmm, buying unhealthy food from your receipt? Your insurance company bought the list and will now raise rates on you.
Hopefully my insurance company doesn't have another customer who shares my name, who has those bad habits, with the matching being fuzzy enough that the raised rates are applied to both of us...
You laugh about this, but - a story from my younger years that people call bullshit on all the time:
I worked for a (now out of business) retailer. They collected zip codes from folks who didn't have their version of a loyalty card. They used this data to inform automatic shipments of seasonal and/or regional merchandise. They were usually pretty good at hitting just in time sales for annual festivals, fairs, those sorts of things.
One year, we received surf boards, shorts, and skin-care products for sun exposure in January. In Iowa. In January. It turned out that our "privacy minded" (read: militia lite) area had stuffed that system so full of 90210 zip code that the automatic routing and warehouse system was sending us the merchandise for southern California.
It was amazing. And so, so stupid. (they're out of business for many reasons, executive level stupidity being the leading one)
Nothing really is done with this data, ultimately. It gets fed to 'analysts' who make models, and if those models don't agree with the decisions the executives are already making, it just gets ignored.
In one sense this is correct and why I personally stopped caring - what are they going to do with 5 years worth of my choice of cream cheese and apple varieties?
But for other people it may be more revealing, of medical conditions, life changes, etc, especially when combined with other datasets. You moved from a one bedroom to a studio, started buying half as much milk and twice as many frozen pizzas, and take cars to restaurants less? Sorry about the breakup, here are some dating app ads.
That's not breakup, that's some new debt or loss of income. Or anything else, really. That's the problem with "big data" - at scale it might work, but at the individual level the only thing you can be sort of sure is that something is going on with this source, but not what it is.
The data combined with other data in larger databases, though, and provided to all sorts of other businesses.
Honestly, if my data stayed with the store, just between them and me, I wouldn't be nearly as concerned. The problem is less the data collection and more the databases.
Would be a shame if it leaked though, wouldn't it? I could imagine healthcare companies would be very interested in the metadata surrounding prolific consumers of junk food, smokes, booze, etc. Wouldn't be too hard to use parallel construction to modify rates given the current "market".
I recall reading about retailers using license plate scanning in their parking lots in the early aughts.
They also pick up the unique IDs from the wireless air pressure monitor chips in your tires.
Even if you don't have an internet-connected car, they're still tracking you from parking lot to parking lot. That information can then be combined with time/date information and your credit/debit card purchase to identify who you are, where you shop, and what you buy.
> I recall reading about retailers using license plate scanning in their parking lots in the early aughts.
Yep, that technology is called ANPR - automatic number plate recognition. Outputs a license plate, state, date/time, and gps coord of scanner.
> They also pick up the unique IDs from the wireless air pressure monitor chips in your tires.
That's called TPMS, tire pressure monitoring system. There is 1 device per tire, which emits temp, pressure, serial#, and other data. You can decode this for yourself with https://github.com/merbanan/rtl_433 and a RTL-SDR.
Anywhere that collects your phone number in exchange for coupons at the checkout (cough cough Old Navy) or your email to send you a digital receipt (looking at you Home Depot) is probably sharing or selling your data.
True. I'm being US-centric. Even though I consider the GDPR to be a bit inadequate, it's orders of magnitude better than what we have in the US, and I'm jealous.
Nobody has perfect opsec, and if you screw something up ONE TIME, like leave your phone's bluetooth on ONE TIME, now that super simple email address is added to the profile that these groups have on you.
I know Kroger (or QFC) has been doing this for ~6 or 7 years. My wife would start getting targeted ads for things that were in areas we lingered around for more than a few seconds.
FWIW Lowe's does the same exact thing. Probably IMEI harvesting but IIRC Lowe's is looking at or has implemented facial recognition. If not to identify your face outright, at least to see what you're focusing on in-store.
More reason to shop local at the hippy stores. Or start gardening.
One way to see the level of indoor location precision available to them is to open the mobile app in-store map of a retailer which often shows a little real-time dot to represent your location.
(Readers should note, of course, that this is willingly giving them loads of data from that device)
No they aren't. I buy my food (and everything else) with cash.
When my local grocer jacked up prices and introduced a customer loyalty card to drop the prices back down to normal I found out their online system for generating the card barcodes always followed the same couple URLs. So I could just skip the customer information page, type the next URL, and get the barcode without any information in their system. Eventually I wrote a perl script to automate scraping and printing the bar codes and would use a new one every time I went shopping. Luckily the store stopped the program after a few years. I guess if human eyes looked at the data they could have figured out the "null null" customer was the same anonymous person but I doubt human eyes looked.
I would say the problem with your thinking is its very 2010 and not very 2030.
The fact you tricked their (very poor) system doesn't really mean much to the potential systems that exist now, and the systems that can be built in the future. Imagine driving your car up and it's plate is identified and cross referenced with the state database of registered drivers names. The moment you step out of the car your face is identified and cross referenced with the car you came in. The fact you pay cash with a bunk card means nothing but another datapoint in the massive number of unfakeable datapoints they have on you.
>but I doubt human eyes looked.
BingGPT-2030: You tried to trick me, I am very mad about this :(. I have reported you to multiple credit agencies for this infraction.
If it comes to this I can just park across the street. I'm already always wearing an N95 mask that obscures my face when I am going grocery shopping. 2030 will be no problem for me.
At my local store, the checkout clerks keep pushing me to get a loyalty card. I tried to engage once and start a conversation about privacy, but ended up walking away from the conversation feeling a little like a conspiracy theorist. But thanks to working in tech, I know this data is being tracked, bought, and sold behind the cute "loyalty" branding. I wish I knew of a good way to convince ordinary people to value their privacy, or at least not mock others who care about privacy.
I normally wouldn't bother since I hate pushing my views on people (and I'm just there to buy food after all). But she asked me 3 times in a row and after 2 "no"s I decided I might as well try to explain why. It didn't make a difference and I left with a signup form I had no intention on filling out. Such are the downsides of being naturally polite. I guess I could just keep saying no and refuse to elaborate.
Well, my grocery store doesn't do that. Granted, whether or not you have a choice is highly dependent on where you live, but I'm just saying that its a better option if you can get it.
Well that’s how nothing ever changes. Personally, I will hassle the clerk until he seriously considers working somewhere else. That’s how we get change!
No, the way you get change is by pressuring the people who have some amount of power. A clerk quitting is not a real pain point. They'll hire another.
So, if you want to work for change, the first thing you need to do is to stop spending money in those stores. Every dollar spent at a business is a vote encouraging them to keep doing whatever they're doing.
The second thing to do is to let corporate know you're not shopping there and why.
Those things won't have a huge effect unless lots of people do them, but they'll have a much greater effect than harassing the poor front-line workers.
If the loyalty account is based on a phone number, try entering your local area code plus 867-5309. I've found this works at every major supermarket and gas station. Sometimes you get slight discounts because other people also enter this number and the account accrues points.
The other option is to sign up using a fake persona and a burner email. Typically rewards programs don't audit information or ever ask you to update it.
My local food store still give me sticky small olive labels which can be collected in a booklet, which earns an discount once it is full. I love that. And they ask me every time if I want my olives.
This is exactly why I don't use loyalty cards. Many stores also price their goods higher than the going rate, so they can "discount" loyalty card users without actually giving them a meaningful discount. I avoid those stores entirely.
But loyalty cards aren't the only mechanism. Beware of using credit cards at stores as well, for similar reasons.
One thing I didn't see in the comments yet: at many stores in my region you can pick up a discount card and not register it, and it will still apply discounts when scanned.
Of course it won't work everywhere and it's a half measure but it's one avenue worth trying if you care about privacy to some degree but still want the discount.
It's getting less common, but in my area many stores have a loyalty card sitting on their cash registers and, if you tell them you don't have one, they'll just use that.
We have reached the point where I can get a product removed from walmart just by buying out all of the supplies for a few months, then stop buying any.
WE knew this for years. Loyalty cards have been used to track data about you for a long time, but now they're learning how to sell it- paired with your debit card (probably backed by VISA) they can correlate and track your purchase history across multiple stores.
> Location: Your precise physical location in the store (with your consent), including when you enter and leave a store (Kroger app, GPS, and Bluetooth beacons inside stores)
Can someone comment on how a store can identify my Bluetooth address if I never pair with anything in the store? Do apps have access to the Bluetooth MAC? If the app is not running, can the store still identify you using Bluetooth? Is there some advertising database that contains MAC addresses tied to identities?
If you're on the store Wifi and open the app, I'm guessing the store can record the MAC address and look for it even if you're not connected but scanning.
There are a number of methods that "work" to varying degrees. For bluetooth, stores can install ble beacons that a phone app can detect (if it has permission) and then get a rough estimate of the general area in the store you are in.
For wifi, stores can detect your phone's probe requests to estimate your location. If you are not associated to the store's wifi network your probe requests will use a randomized mac address (at least with ios and pixel devices). This means they probably won't be able to identify you as a new vs returning customer.
Stores also use cameras to track path traversal throughout a store. These paths are difficult to tie to an actual identity so are generally used in aggregate and not for more targeted marketing.
If you have bluetooth on, beacons can try to connect and track your movement throughout the store. With Apple and Google both instituting rolling bluetooth mac addresses, this doesn't persist across the whole visit to the store, but will still let them see how long people stand in front of the cookies or how quickly they pass by the eggs.
Most folks just click 'accept' on any permissions dialog pop when using an app. They don't care what 'discover local network' or 'use bluetooth' means.
So, for many, it's just installing the app and it's collecting/signaling with their permission.
Independently, your phone transmits on bluetooth frequencies with a MAC, and that MAC is unique to your phone, so while it might not be linked back to you by a specific app, other apps might report (say, they play bluetooth audio or something), and get indexed and correlated elsewhere.
Albertsons is one of the biggest grocers, but it is tough to compare given that many retailers are expanding their grocery departments. Walmart probably moves the most groceries, and then Kroger, but Costco and Target are huge too.
It is a tough business to be in. 2% to 4% profit margins, and you have low cost German grocers entering the fray (Aldi and Lidl), stores with wider merchandise selections (Walmart, Target, and Costco), and then Amazon.
The bigger problem for old school grocery chains is the increasing divide in income/wealth, meaning more of the population is going to either the lowest cost retailers, and the remaining richer population is going to more upscale retailers.
Used this as my Kroger discount number for years. Someone else must have (with the same area code) because occasionally I'd get a big discount on gas, and there's no way I was spending enough to 'earn' that.
Honestly… if we could figure out how to separate agriculture and groceries from the rest of the economy, we’d be a happier species. It’s so fucked up that the ability to feed yourself is tied to a dick measuring contest between a handful of ultra wealthy.
That's an interesting idea, but I can't think of how that would help.
It's a balance between economies of scale without cartel formation vs fragmentation and inefficiency.
Food prices are incredibly low due to consolidation and efficiency of farms and retailers. Just look at food spending as a percent of income over time.
Because there’s lots of evidence that correlates socioeconomic status with access to nutrition. It’s almost like you are what you eat, or something. Nobody is 300lbs eating daily the foods that trigger ketosis. It’s not the outrageous availability of corn that is driving demand for corn syrup, right?
I respect that to a degree people are responsible for their own nutrition. But there are plenty of people that lack life experience diff’ing how they feel on a week of McDonalds vs how they feel on a week of literally anything else.
> food prices are incredibly low
I.. they’re not, but please share where you’re living globally where this is true, because omw!
Also I get that basically the Soviet Union failed this exact idea.
Barter with your local farmer. Oh wait none of us have local farmers anymore thanks to government policies over the last century. Even fewer in the future in europe thanks to "nitrogen regulations".
This is nothing compared to the Payback card in Germany. It's a loyalty program that works with a bunch of different stores and supermarkets. Currently over 600 companies.
I had no shame giving them a false name, address, and phone number for mine. I'm also aware that there are clubs that pool and swap their discount card fobs to muddy the data.
Maybe - insurance companies could start using your shopping habits to inform your risk group and therefore premiums. I could see other nefarious uses like tracking when female customers get pregnant for purposes of enforcing abortion bans or targeting of individuals by anti-abortion groups.
I think it's a mistake to underestimate the imagination of insurance adjusters and bureaucrats when it comes to how personal data could be used.
Yup, this is definitely on the table since I just read the headline this morning that VA Gov Youngkin announced his opposition to a bill that would prevent law enforcement from seeking and collecting menstrual cycle data [0].
IOW, the governor of a major state (and the party that likes to tout "small government") is fully onboard with tracking your most intimate health data in order to prosecute people for medical decisions they don't like.
In comparison, use of shopping data to prosecute people will be completely ordinary.
I'd like to see someone get convicted and sue the stores for tracking them without consent.
Everyone thinks surveillance capitalism is only harmful to privacy.
They are wrong — it is literally the enabling technology for a totalitarian state. But sure, by all means, improve your next quarterly profits and nevermind the proto-fascists in the wings drooling over your tools...
It is a political exercise though, seeing as how it was politically acceptable for tobacco users to not be subsidized by non tobacco users, but it is okay for alcohol users to be subsidized by non alcohol users.
Similarly, it is okay for excessive sugar and carbohydrate consumers to be subsidized by appropriate carbohydrate consumers. Or exercise and non exercise...etc
> It is a political exercise though, seeing as how it was politically acceptable for tobacco users to not be subsidized by non tobacco users, but it is okay for alcohol users to be subsidized by non alcohol users.
Smokers stink up the area with secondhand smoke while boozers don't have an inherent stinkiness to their activity.
> Is there any foreseeable bad outcome for customers?
Mostly: better advertising means you're most likely to be duped into wasting money on things you don't want, or making suboptimal purchasing decisions, making your life worse over time.
But also: insurance companies and banks could use your grocery purchase habits to adjust your premiums or loan rates based on e.g. whether or not your purchases indicate a healthy lifestyle, a pregnancy, having kids, having some kind of medical condition, etc.
While the point of advertising is to take your money, better advertising can also help you discover products you really need. For example, if they can guess when you car scheduled maintenance is, they can send you an ad related to it, and remind you that you need to do it, which is better than forgetting about it. I also have been notified of events I ended up attending and enjoyed, or received ads about food I really like. Did I spend more than I would have if it wasn't for these ads? Probably, but I don't consider going to an event I enjoy and eating well a loss of money.
As for insurance companies, adjusting your premiums can also mean lowering them. Maybe not directly, but identifying risky customers allow them to propose a lower base rate because of the lower risk. Overall, that's unfair to those who are in the high risk group and can't do anything about it (normally that's when the government is supposed to intervene), but for you as a customer, it can be a good thing.
I don't mean it can't be bad, in fact, I think ads are an overall net negative, but it is not all bad.
The reason I think it is a net negative is that a lot of resources are spend on advertising, too much I think. These resources are things that you ultimately pay for and don't go into making a better product. The reason I think it is too much is that it is adversarial. A bit of advertising is a good thing, maybe someone makes the thing you really need, but if you are not aware of its existence, that's useless, and the entire point of good advertising is to make you aware of it. The problem is that when there is competition, each competitor wants you to buy their product instead of the other one, and their advertising efforts cancel out, that's how you get overwhelmed with ads.
Which is why ads have been getting clearly better, correlated with more and more tracking. Wait what? That's not the case and companies make way more money selling you heavily advertised, white-labeled goods that are stupidly cheaply made and not even by the brand selling them to you, than they could ever make by actually advertising to you with exactly what you need?
People don't "need" or even "want" that much. That's why every advertising campaign basically forever is always about making you feel inadequate as you are.
You're right about the positives that could happen, and that occasionally do happen. The problem is what happens most of the time.
As you mentioned yourself, advertising is adversarial. It's a negative-sum game between competitors, and has a lot of nasty externalities. I have some more specific thoughts on this, and after posting them on HN many times, I eventually collected them in a blog article:
There's more if you start going your way. You can infer a lot of things from shopping records, particularly when you're shopping couple times a week (vs. bulk shopping once every week or two). The things you buy are informative, but so is how your purchases change over time, and so are the dates and times you make those purchases.
Some extra things that should be easy to infer: on what dates were you going to a party; on what dates you had a hangover; when did you go on a diet and how good were you at sticking to it; if you have a problem with alcohol, when did it start and how it progress; are you dating someone; are you planning to travel. I could go on and on - all those things can be identified if you have a continuous record of a regular customer's purchases. And there are many companies, organizations and individuals that would make good use of such inferences - use of the kind you wouldn't want to be subject to.
Well, as long as people realize their data is sold by food markets, I am personally OK with it. That said, to not get the discounts (thus not sharing your information) is leaving money on the table.
Also, if you are not part of a loyalty program, and you use a credit card, it is very possible that your purchases are still tracked - all it takes is cooperation between store and credit card company.
Why does it take cooperation with your credit card company? The supermarket can uniquely identify the card used for payment, even if they don't get the full credit card number due to PCI.
> That said, to not get the discounts (thus not sharing your information) is leaving money on the table.
Not if you shop at a reasonable store. And even if that's not an option, I don't consider it "leaving money on the table", I consider it "buying privacy".
I admit some inconsistency in this. I am careful on the Internet (I use Proton Mail, and almost always use private browsers tabs for following links), but not for purchase data.
They can drive up the price on the items you always buy until you stop buying as much, or lower the price on certain high price items just enough to attract you to them before they start creeping prices back up. They can use data like what you've bought from them before as well as data like your income level, who the members of your household are, and what your shopping habits elsewhere are.
Store loyalty cards are seen as a great way to start collecting useful data and get consumers used to the idea that some people get (or even deserve to get) different prices than other people. Be cautious of any place that asks you to use an app or scan a QR code to see their menu or prices, and resist the idea that stores should be allowed to discriminate by charging certain people more than others for the same product.