Hacker News new | past | comments | ask | show | jobs | submit login
How Target Figured Out A Teen Girl Was Pregnant Before Her Father Did (forbes.com)
465 points by antoncohen on Feb 17, 2012 | hide | past | web | favorite | 156 comments

For those who want real journalism, here is the original story:


It's much better than Forbes' click-bait re-packaging of it, by the way.

And one of the most interesting parts isn't even mentioned in the Forbes article: on page 8, Duhigg has a great description of how he hacked his own brain to reprogram an unwanted routine. (Well, he probably wouldn't describe it that way.)

How Duhigg hacked his brain to reprogram an unwanted routine:

1. Identify the habit's reward.

Ex: going to a cafeteria to eat a cookie could be to satisfy hunger, get a burst of energy, take a break from work, socialize, etc.

2. Identify the habit's cue.

Ex: location, time, emotional state, other people or the immediately preceding action.

3. To shift the routine, replace the habit, but maintain the cue and reward.

Ex: If you eat a cookie everyday around 3:30 as a way of taking a break to socialize, stay current with office gossip and talk to friends, then continue taking a break at 3:30, but instead of hitting the cafeteria, look around the newsroom for someone to talk to. This way, the benefits of the habit are being preserved (taking a break and socializing), but the unwanted aspects are being replaced.

Of course, these examples are lifted directly from the article.

Thanks for the link; the Forbes article (while factually interesting) has some seriously distracting prose in it. I don't understand the write-a-news-article-off-the-cuff mentality at all.

Thanks for the link, I especially loved the Febreze story.

And now I know why a supposedly barely scented spray leaves such a perfumed stink when I use enough to remove real odors.

A fie on on Forbes for slapping a click-baiting headline on another publication's professional reporting and hard work.

It's one thing to tweet about it, but to reprint numerous chunks of the original article? Wrapped in your own ads? How is this journalistically sound?

Forbes optimizes for pageviews like Target optimizes for sales. They even emphasized the most emotionally compelling part of the story. And comparing the HN votes and discussion for this post vs. the original New York Times version, they chose wisely.

Perhaps Ian Ayres' book Super Crunchers would have been more widely read had it begun with the pregnancy angle.

But it works, not just the headline, but the condensed information. The Forbes article is 2 pages long in large font, the NYT article is 9 pages in a much smaller font. There's something to be said for providing useful info in a short form.

When folks link to a regurgitated version of an original piece of journalism, they are rewarding someone for doing a lazy copy/paste job rather than the person who took weeks (if not more) to produce original information. The Forbes article doesn't even add much insight to the discussion and takes such a substantial portion of the article that it removes a great deal of the incentive to click through.

Perhaps. But more people are likely to read the 2-page article than the 9-page one. And if the point is to communicate "business knows more about you than you think they do" then they've done the job.

Who cares about default font size? Learn how to use your browser's text resizing keychords (usually C-+ and C--)

Mentioning the font size here is like declaring the units used to measure something (e.g. inches). It's not a complaint about the font size being wrong.

It makes me hold my nose too, but I think in twenty years this "rewrapping" method will be a staple in J-school textbooks.

In 20 years? That's what the Internet is today. 90% of stories are based on an interesting article the author read, and rewrote as a blog entry.

It made it into The Onion, which is close: http://www.theonion.com/articles/huffington-post-employee-su...

There won't be J-school in twenty years if this continues.

What Forbes did/does isn't journalism.

Maybe it's because I live on the internet and think there's 1024 meters in a kilometer, but I didn't find this surprising or worrisome in the least. I would expect all large stores to perform data-mining, that data is valuable.

Took me a moment to realize what was wrong about "1024 meters in a kilometer". I think I need to go outside more.

1024 meters would be a "kibimeter", abbreviated "Kim".

(see http://en.wikipedia.org/wiki/Kibibyte)

1024 meters is only a kibimeter if you're a pedant.

Welcome to The Internet.

I agree. I'm sure there was a time not too long ago when merchants at local shops would know customers by name and learn their habits, and, possibly, be able to learn intimate details about customers by looking at what products they bought. If the merchant then recommended a product to one such customer based on those observations, that's good business. I suppose the translation from local town merchant to faceless corporation is something of a change (most notably because the corporation may be able to use this information for other/nefarious purposes), but, conceptually, it seems to be replicating the same behavior that doubtlessly has occurred in some form since people began selling products to other people. Instead of arguing that businesses have become more invasive of our privacy, you could also argue that we have simply become more protective (or aware of) our privacy in recent years, which is why this seems like a big problem to a lot of people.

If you warch the old BBC classic 'Open All Hours' about a corner shop you'll see this behaviour - "we've got that gingerbread that your Mr likes so much" or whatever.

Not to mention there seems to be an implicit value judgement here. All fathers are deeply connected with their children, and know their darkest secrets, all the time!

The reality is plenty of parents are very uninvolved in their childrens' lives.

Kids get pregnant even when the parents are very involved. The reproductive imperative will be served, like water seeking its own level.

Surprising that they mine data? No.

Surprising that they mine data, and act on potentially sensitive information? Somewhat.

Worrisome that they effectively took it upon themselves to disclose to her father that she was pregnant? I find it shocking that anyone would think it's not.

  > Worrisome that they effectively took it upon themselves to
  > disclose to her father that she was pregnant? I find it
  > shocking that anyone would think it's not.
I don't think that they 'disclosed' that to the father. Sounds like it went down like this:

  1. girl gets pregnant
  2. girl gets pregnancy coupons
  3. father gets angry, goes to store and complains
  4. store manager has no clue why the ad was sent,
     and apologizes to father
  5. girl admits to father that she is pregnant
  6. father apologizes to store manager

They effectively did, because step 2 was really:

"2. Based on girl's purchases, company sends flyers - not private mail - addressed to girl by name, advertising specific types of products directly to her."

That her father didn't immediately put 2 and 2 together is besides the point. I think in his position, I might well have figured it out.

Perhaps its a function of age (I'm 37), but I am genuinely surprised at someone not finding this a clear violation of privacy.

[EDIT: Afterthought - it might be quite interesting to plot HN's attitude towards this against age. Would the younger people be less uncomfortable with it because this is the world they've grown up in?]

I do find it an invasion of privacy. I just take issue with this statement:

  they effectively took it upon themselves to disclose
  to her father that she was pregnant
Mostly with the 'took it upon themselves.' I'm pretty sure that this was an unintended consequence. It just goes to show you that when you do these things you're really playing with fire, and you can't be so cavalier.

Yes, you're right - I concede your point.

"They effectively disclosed to her father that she was pregnant"

> invasion of privacy

Like most, you have a naive and non-legal concept of what privacy is. Analyzing public behavior (shopping) and sending mail to your public address isn't even close to the realm of privacy.

  > you have a naive and non-legal concept
  > of what privacy is
I'm curious as to why your immediate response was to claim that I don't know anything about the legal concept of privacy.

1. This is not a court.

2. Very few of us are lawyers.

3. Nobody is talking about criminal charges or civil suits.

Who said it was about legality? Substitute "decency" for privacy if you prefer, the point is essentially the same.

There is no law that requires anyone (least of all, a corporation) to be decent.

Which is why the parent comment about legal issues is apropo. That, is what will be, and only be, considered.

I'd sort of expect older people to be _less_ uncomfortable about it. Back in the day you bought more things from from smaller stores with proprietors who might recognize you and remember what you purchased last time. I'm pretty sure I've old movies where someone walks into a store and the guy behind the counter says something like "Hi Bob, we've got a new order in of those Foozits you like!" and Bob is embarrassed because he's with someone who he didn't want to know that he bought Foozits. I'm not very sensitive to privacy issues for a HN reader, but I know that my parents positively want to have personal relationships with the entities they buy things from.

I see what you're saying - in fact, I just switched my usual hardware store from a big Home Depot to a local Home Hardware (a somewhat smaller, Canadian chain), partly because of that personal relationship you're alluding to.

I think, though, that the relationship to Target isn't like that, because while they know an awful lot about you personally, you don't know them personally at all - they're just a corporate face, not a familiar one behind the counter.

In fact, you've just helped me figure out a bit more specifically what I found vaguely unsettling about it.

With the local sole proprietor knowing your intimate details, you as the customer know his. You probably go to the same, if not similar church. You also have neighbors who you both have in common. You also know about his life, his children, his wife.

In the end, he's another person (not 'person' like target) who lives in your community.

Who, perhaps, is Target? Or Wal-mart?

In this case, the difference is if Foozits were something you used to stop your whatzit from itching, the proprietor probably wouldn't mention that out loud in the company of others. Target, on the other hand, is fine sending you an ad for it - and I suspect when the day comes that they can announce that to you when you walk in the store, they'll use all the tact and grace they apparently used in divining a girl was pregnant without also divining her age.

I'm 41 and did a long stint working with social services and I find it problematic. I agree with your expansion of point 2 and can very much imagine and have heard cases where a step 7 is added.

  7. father reacts violently and girl is injured (with potential loss of child)
     or is killed.
sometimes these situations have:

  1b. girl is looking to escape current situation
It is mentioned later in the article (or maybe in another) that mixing coupons that have nothing to do with the person into the mix to disguise the company's knowledge might be a better way to handle it. I do wonder if Target knew the age of the person receiving the flyer?

If I had a business that could gather this type of information, I would be very careful about how the full extent of my company's knowledge is presented to my customers. It is worth looking into the presentation to make sure you will not be the subject of a tabloid article with the words "Killed" or "Spying" in the title.

Perhaps its a function of age (I'm 37), but I am genuinely surprised at someone not finding this a clear violation of privacy.

I'm 38 and I don't know that it's a clear violation of privacy. They presumably didn't realize that she lived with her father and that he would have access to her mail. To me, this one is a bit of a gray area.

Father didn't know the reasoning in step two though. So it isn't like they sent a letter that said hey we know you have bought multiple pregnancy tests this week, and as such are probably due in may. Here is a coupon for a car seat that will work in the Buick you regularly drive.

That is to say the store sent coupons but that doesn't imply knowledge of anything other than a name and an address. Given the number of ads that they mail it seems almost impossible for this to not happen just by random chance. I know I get baby ads from target and I don't have a baby. Wait, does this mean I knocked up an ex? Should I start calling all of my exs to verify pregnancy status? Oh wait that would be stupid, ads might be targeted but it is more shotgun targeting than laser targeting.

I dont think people would care so much if they receive baby ads. On the other hand, I imagine I'd be pretty pissed if I had a teenage daughter and she received this.

Well, I'm 21, and I don't see it as a violation of privacy because they're choosing to publish the data (their purchasing habits) simply by making the purchases. I think it'd be naive to assume otherwise. Similarly, Google and Facebook track you to show you more relevant ads, and thus increase conversions.

That's not to say I don't find things creepy, but if the data is obviously collectible, you should assume it's being collected.

I don't think the issue is with the fact that they are data-mining purchasing habits. I think it's the way they acted on it without any subtlety.

  > they're choosing to publish the data (their purchasing habits)
  > simply by making the purchases
I would not call it 'publishing.' In this case, the girl's purchasing habits were really only between her and Target. Target then inadvertently disclosed them to her father.

  >  Similarly, Google and Facebook track you to show
  > you more relevant ads, and thus increase conversions.
Google/Facebook would be wise not to fill your browser with ads about herpes medication just because they think that you have herpes... Just sayin'.

  > if the data is obviously collectible, you
  > should assume it's being collected.
This isn't free license to say that data collecting is good or bad though. If you walk through the 'bad part of town' wearing expensive jewelry, you'll probably be robbed. That doesn't make robbery acceptable.

The second half of TFA is about how they realized they creeped people out and what steps they took to remedy that - namely to "hide" the targeted coupons among irrelevant ones to make them look random.

I don't see how buying something is "publishing data". I'm sure most people realize that their purchasing habits are being "collected", but I don't think people expect that that information is going to be casually leaked to people around you like this was.

It seems to me that this is somewhat analogous to Facebook posting on my wall, "Hey, jgw, would you be interested in buying some of this special topical cream that is remarkably effective on certain types of rashes? Nudge, nudge."

Or Google sending me targeted advertising for anatomical adjustments by email - and casually CC a few of my friends in my address book.

>I'm sure most people realize that their purchasing habits are being "collected", but I don't think people expect that that information is going to be casually leaked to people around you like this was.

That's a good point, and while I don't think that was Target's intention, the potential is certainly notable.

Later in the article, it mentions that Target got smarter with these. Instead of just sending coupons for diapers and such, they would send coupons of diapers interspersed with coupons of, say, lawnmowers and chainsaws. In other words, they would use the same customer database to send coupons that they knew the customer wouldn't want, just to through them off the scent.

Aside from the privacy issues, I think this is the biggest cock-up of the whole thing: They managed to predict, with shocking accuracy, the fact that the girl was pregnant - yet they missed that she was a teenager living with her parents. This is why I worry about algorithms: We're extremely bad about identifying what's important information until we screw something like this up. In this case, the father called Target sheepishly. In other cases, he may have beaten his daughter or disowned her.

This touches on one of the biggest problems when using compute-driven data. I'm pretty sure the data could easily tell you her age and residential status... if you had thought of checking. Ultimately, the algorithms can only answer the questions you ask.

I think the creepy feeling comes in that you don't realize the merchant is profiling you. At least not until they tip their hand a little too much (like sending you an entire booklet of nothing but maternity stuff).

You get a Safeway club card and you know full well that they're tracking you, because you hand them the card every shopping trip. Or you use Amazon or Netflix, where customers really want to be tracked -- the tracking and data mining are part of the draw, because they have such good suggestion engines.

I had LASIK a few years back and bought dry eye drops from Target - a lot of them, over six months time. Then my eyes healed and I quit buying it. A month later I get a coupon generated by a Target cash register for Systane drops, the exact brand I used to buy. I guess they thought I started buying them at Walgreens instead?

It was only when they gave me a coupon for a specific brand and product, that most of the population would likely not buy on a typical weekly shopping trip, that I realized all my purchases were being tracked and linked by my credit card number.

All that time before then, their prediction engine was selecting coupons for completely unrelated products, and I was using the coupons not even thinking about it.

Amazon's been annoying me lately because it somehow got convinced that I'm a 30 year old woman and won't stop showing me dresses and jewelry on the front page, neither of which I have ever bought. What can you even do when their core profile of you is completely off-base?

Amazon at least lets you fine-tune a little bit, but not enough to say, "no you're completely wrong" short of starting over with a new account. Which is a lot harder with physical stores...

Check out http://www.amazon.com/gp/history/ and https://www.amazon.com/gp/yourstore/iyr where you can delete stuff that Amazon knows; this may fix recommendation problems.

Thanks for both of those links -- and for scaring the crap out of me when I clicked the second one and got to the bottom of the page.

"1 - 15 of 534"

Five hundred and thirty-four purchases. Like having a cattle prod jammed into the back of my head.

Note, also, that Amazon has a checkbox along the lines of "this is a gift" in the purchasing workflow. I think this keeps the item out of your history.

Yeah. Sometimes the stats get it horribly wrong. I recently purchased new stove plates and burners and that's pretty much all they've been recommending to me for a few weeks. As though it's some kind of oft-recurring purchase or something? It seems to me, at least in my case, that they're missing a crucial piece of data (frequency of purchasing a particular product), and I expect it to eventually correct itself.

But in your case, I have no idea. Maybe try contacting them?

...But I only watched Will and Grace one time, one day!

Wish I hadn't, 'cause TiVo now thinks I'm gay!

"What can you even do when their core profile of you is completely off-base?"

Shop logged out, don't log in until you've decided.

It's not hard to track you even this way, if you're using the same browser. You already have a unique code assigned to you (the session id) and they can make a permanent cookie too, so it will be the same the next time you open the browser. When you login, they just link everything together. I'm not saying they're doing it, but it's not hard to do. Of course, there are ways to avoid that, like using different browsers or removing cookies. And even this way, they can link your data with pretty with high accuracy if they use your ip and time (how many people that are on the same IP, that is known to belong to an ISP and not a corporate ip range shop on the same time on the same site?).

In reality, Amazon doesn't link incognito browsing to your regular session.

Probably not, but we're not as safe as we'd like to think we are.

The register printed coupons I get have plenty enough digits on them to be individually tracked. I imagine they are, but I haven't tried to figure it out. Several uses do come to mind, tracking the campaign, linking credit cards, things like that.

If you pay cash they can give a coupon to have a second go at adding purchases to your history, what's better is they're things you thought you'd kept off your history - it's cool in an evil overlord sort of way.

I find that Tesco give coupons for whole cart discount at a purchase price of about 25% above our average spend. That's a good tactic too.

And then we have Wal-Mart...

> "We were contacted about two years ago by somebody who runs a security company that had been asked in a request for proposals for ways they could link video footage with customers paying for their purchases," Albrecht said. "Wal-Mart would actually be able to view photos and video of customers paying, say, for a pack of gum. At the time, it struck me as unbelievably outlandish because of the amount of data storage required."


In general, an isolated video is not interesting.

It becomes more interesting and potentially scary once you have a digital, searchable, analyzable history of video customer transactions.

Reduce leakage/theft:

If a cashier has been already flagged and the customer matches up in the network of cashier's friends (Facebook?), possibly in conjunction with another theft deterrent system, be able for managers to watch in real time a potential leakage event (where they don't scan certain items).

Hyper-targeted marketing:

(New) wedding ring detected. Commence deluge of in-kind marketing partnerships with Home Depot, maybe even Crate & Barrel.

Customer over the past three months has been showing signs of possible pregnancy relative to their baseline body mass index. Somehow, non creepily, market to them via 3rd party mailing lists who had no idea how you learned she was expecting or more subtly by changing the default landing homepage of walmart.com to reflect more future mother when her cookie is detected.

Kids. If the kids seem hyperactive in the overhead view, email coupons for toys that appeal to ADD-type kids.

Over the last year of transactions, customer's head has been exhibiting signs of male pattern baldness. Send them targeted coupons for hats to see if they think its something they need to cover up.

The most worrisome thing of this, to me, is that it may increase differences between groups in society. Imagine a refinement where a shop splits the 'just pregnant' group into a 'looking for abortion' and a 'looking forward to having a child' group. Sending them targeted adverts based on that prediction may/will make that prediction come true (and that is the 'accidental effect' case. Think of what a racist shopkeeper/data miner could do)

"Robot Readable World" by Timo Arnall does a great job illustrating what's behind entirely plausible scenarios like these.


Look up Shopperception, they're trying to do something of the sort:


using Kinect to track customers.

NYTimes article that this one is referencing: http://www.nytimes.com/2012/02/19/magazine/shopping-habits.h...

And the corresponding HN discussion: http://news.ycombinator.com/item?id=3598558

I'm really surprised Target thought this was a good idea. I'm 7 weeks pregnant, and keeping it quiet enough that I made a fake account just to post this. Most women don't tell anyone outside of close family until the first trimester has passed, largely due to the number of things that could go wrong.

I'd find it creepy and invasive to get something physical in the mail with private medical information.

If you aren't using something like Adblock, just wait until all the ad networks figure out you're pregnant. My wife was totally creeped out one day when she realized practically every site she visited was showing baby ads.

I'd find it creepy and invasive to get something physical in the mail with private medical information.

It's not private medical information. It's an analysis of your public actions. All the coupons say is that many people that bought the things you did are pregnant. It doesn't say that you are pregnant.

If purchases are public, where can I get the data so I can build my map of the economy?

You can get the data by hanging out in target and watching what people buy.

On one occasion, some kid in a CVS gave me a high five after seeing me buying a mega-pack of condoms while carrying a bottle of whiskey. Did he violate my privacy?

You used to be able to get aggregated data for free at data.mint.com, but it looks like they have removed that feature.


You have a pocket full of credit cards, debit cards, and loyalty point cards. Every air mile you get is paid for by someone selling your purchase history to another company for marketing purposes.

It's not public for anyone to grab. You have to pay for access to the data. But if you can pay, you can get the data.

Data that can be had for a price, but not by anybody, is usually called "proprietary", not "public".

Of course they think it's a good idea - they have been able to trace a huge increase in sales to this promotion/mining program.

The point is that it's not as private as you think it is.

It's not that I think it would be difficult for almost anyone to figure out that I'm pregnant, it's incredibly obvious.

My point was that it is crass for a company to send an announcement like that to a woman in her first trimester. And crass in general to send out mailings targeting specific medical conditions. If I had bought hemorrhoid cream at target, I wouldn't want a mailing non-subtly directed at hemorrhoid sufferers showing up on my doorstep.

I don't think they would. I would suspect that Target doesn't consider pregnany to be a medical condition that someone is ashamed of. It's a huge change in a person's life. One that's usually celebrated; and, they want to be the store you go to for your pregnancy needs by hooking you in with advertisements.

Personally, I don't find a problem with this at all. It's a life status "pregnancy" and the later status "with children". It's about the same as if I bought a lot of sports gear, so Target started pre-emptively sending me coupons on new sporting equipment for the upcoming season, and telling me of late-seasons sales.

I gave them the information by purchasing there. I know I did, so ... I just can't see why this is bad in the general case.

This is what happens when male marketing execs target female customers (no pun intended).

My friends and I used to do a Safeway card swap party once in a while to avoid exactly this.

Everyone would throw their Safeway card into a pile and then randomly select one to keep.

Not even we knew who's card we had.

I moved into a rental house and we had a stack of these that we'd just throw on the counter and take them whenever. As far as I know each one had been used by at least 2 generations of renters before me.

It must have been odd.."Wow, this vegan keeps buying the cheapest hot dogs ever..."

It'd be even better to figure out the details of their targeting algorithms and swap cards intelligently. If it looks like you used to be a strong (brand/store) customer and then stopped, they'll give you worthwhile coupons.

This is why they send coupons in the post to the card owner.

That's only effective if you shop with cash.

How so? My loyalty card is not linked to my preferred form of payment (atm).

Because as soon as you pay with a debit/credit card they don't even need a loyalty card to track your habits.

I never understood why anybody would carry one of those things around. I just ask for a new one every time I buy groceries at a place that uses them, then leave it on the counter when I go.

I figure I'm doing the world a favor this way, since eventually enough cashiers will notice how much time this wastes and how much more effort it takes to hand out a new card to every customer. Hopefully they'll mention this to their boss, and eventually (possibly 30 years down the line) it will sink in that it's a bad idea and they'll stop doing it.

But at the end of the day, it's the store's choice to inconvenience its customers with these cards. They can't possibly be surprised when I don't happily stuff their loyalty card in my wallet.

They start asking you to fill out the form first before giving you the card, and they give the cashiers shit if the cashier starts using their own card all the time. These cards come from on high, complaining to the cashiers doesn't do much, since the feedback doesn't go back to the decision makers.

Better still. The more inconvenience it causes everybody involved (especially the other customers in line behind that form being filled out), the better.

They've already convinced one person (me in this case) to make a conscious effort to find grocery stores that don't have silly loyalty cards when its convenient. If they start delaying the checkout process every time they sell me groceries by making me fill out a form, they'll start convincing those other people in line that maybe they should go across the street to that other giant grocery store that doesn't require those cards.

I just wish that more people did this. Most everybody I see in stores these days seems perfectly happy to carry around a dozen of those cards.

> I just wish that more people did this. Most everybody I see in stores these days seems perfectly happy to carry around a dozen of those cards.

I'm perfectly happy to get the discounts they provide, as well as occasional targeted coupons. Often times those coupons are appreciated!

Normally this game is played with car keys in a goldfish bowl ;-)

Me and my siblings all use our parent's phone number to get discounts, 5 people using the same number.

In some situations, this sort of thing isn't just creepy - it's incredibly fucked up.

My mother gave birth a while ago, and sadly, the child only lived for two months. But for months after his death, we received a LOT of coupons - "20% off diapers for your bundle of joy," etc. It was a sensitive time, and checking the mail often led to tears. After reading this article, thinking back - Target ads. I specifically remember giant, full-paged ads for nothing but baby items from Target.

edit for type, it's =/= isn't

Just wait until an adult dies. You get tons of mail in their name. Some of it even tries to sell them life insurance.

Yeah, I've had this more or less happen to me.

A telemarketer from the bank I used to be with called me on the day of my brother's funeral to try and sell me life insurance.

Terribly bad timing as at the time I was waiting for the car to pick my mother and myself up to lay him to rest.

I'd like to say I handled it well, but I didn't. I vaguely recall some hefty swearing on my part the next day as I closed my account with them.

"We are very conservative about compliance with all privacy laws. But even if you’re following the law, you can do things where people get queasy.”

That's what everyone should take out of this article. Even though doing something is technically legal, it doesn't mean you or your startup/company should be doing it. Always take into account what your customer base will feel.

So the Forbes article does little but paraphrase the NYT article, and then includes the typical array of Facebook and Twitter "Share This!" links at the bottom.

Aren't they just contributing to the very thing they're trying to scare you about? Pick a side.

An interesting aspect of this story that no one's mentioned yet is that collecting this sort of information about a minor is illegal under COPPA [0] when it happens online. It should have been apparent for some time now that customer/user tracking and the accompanying privacy issues apply offline as much as online, but our laws have not caught up.

Legislation like COPPA that proscribes behavior/activities solely online will only become more obviously non-sensical as the line between online and offline activities continues to blur.

0. http://en.wikipedia.org/wiki/Childrens_Online_Privacy_Protec...

COPPA applies to children under 13 years of age, not minors who are under 18 years of age.

You're right. (Though I will add that there has been recent discussion of raising COPPA's age limit. [0]) But regardless of the age of the girl who is the subject of this article, my general point still stands.

0. https://www.privacyassociation.org/publications/subcommittee...

COPPA basically made it illegal for people under 13 to be on the Internet. (Not that they weren't anyway, but it's the precedent and expectation that counts.) Making this situation worse doesn't strike me as a particularly good idea.

The "Minors aren't people." meme ranks somewhere at the top of my list of annoying beliefs.

No, COPPA doesn't basically make it illegal for children under thirteen to be on the Internet. It doesn't restrict what children under thirteen can do in any way. COPPA restricts what websites can do–they can't collect certain information about users without asking whether they're over thirteen.

Sure, you can make a case that we shouldn't burden the web with these sorts of rules. Or that we shouldn't have to differentiate between adults and young children. (You'll lose that argument.) That's not my point. My point is that legislation that differentiates between online and offline activities—and the information we collect about them—will become increasingly nonsensical as online and offline activities become less distinct.

When COPPA was passed in 1998, Target wasn't data-mining customers' purchase histories. Only websites were doing that sort of thing (or so the story went). Fast forward to today and offline activities (what you buy at the grocery store, where and when you get on the bus) are now being tracked in the same way that online activities have been for the last decade. Whatever limits you believe should (or shouldn't) be placed on tracking these activities, it's apparent that customer/user privacy is no longer an "online" issue. There will be no "online" issues in the future because the distinction between online and offline is quickly disappearing.

That point makes more sense. Yes, I think that in the future privacy laws that try to differentiate between the "Digital world" and "Reality" will find the lines too blurry to draw. Were already there and were not even close to the mountains peak.

> When COPPA was passed in 1998, Target wasn't data-mining customers' purchase histories.

O'really? Got a reference for that? I would be stunned if they weren't.

I'm surprised no-one has mentioned 'cryptonomicon' and detachment 2702 so far. Basically, Target are doing the same thing, i.e. planting information to mask statistically significant results.

O ye scared of the inevitable future ... Future generations will look back at these writings and smile gently at the past where people were afraid of such things as individually personalized targeted marketing, just as we smile back today at the ignorant masses afraid of steam locomotives, vaccines and the like, way back when.

Reading the linked NYTimes article, I found the most interesting component to be that Target's goal wasn't just trying to sell diapers, but rather trying to get customers to form buying habits. Pregnancy just happens to be a very vulnerable time for consumers to start new shopping routines, and that's why it received so much analytic focus.

It's a travesty that Forbes glosses over this point. The data mining isn't too surprising, and a habit of shopping at Target is what keeps making them money long after the baby has been born.

this is one of the reasons I've been finding myself paying with cash more and more. While this seems fairly benign at first glance its becoming rather disturbing how much data is being collected and analyzed about consumers. In some ways I'm for stricter privacy laws like those in the EU.

If it's benign now, do you see it becoming not benign? I'm fine with it, and I don't see it going in a direction that makes me uncomfortable.

I knew Target and other stores were tracking me with my credit card, I noticed it specifically with Target too. At one retail chain I made my first purchase there with a debit card, almost immediately I started getting discount cards in the mail. I can't say for sure how they correlated me to my physical address, but I can guess. They were part of a larger company with other chains, one of which I purchased something from online, using the same debit card.

People seem spooked out by Target using credit cards to track people, what about not using credit cards? Safeway uses Club Cards, and they to it totally in the open by giving people "Just for U" coupons on things they buy (I used two of them yesterday). I'm not at all bothered that Safeway gives me a coupon on the exact laundry detergent I always buy, I think it's pretty nice of them.

I have to wonder how much benefit you're really getting from that coupon program if everybody is getting them. At grocery stores you basically have to use a club card to get the same prices you could have gotten if the store didn't have a club card. If you're an early adopter you can get good deals for a while, but as the number of customers in the program approaches critical mass, the benefit to each customer from having volunteered their information diminishes, and by then the Nash equilibrium is for everybody to be in the program. There's probably a name for this situation but I've forgotten it. It's like an inside-out race to the bottom.

And if stores can track you just as easily through credit cards, then I wonder how long it will be until Target offers discounts for using credit cards instead of cash, if that's legal.

(Also, you could be getting those coupons because you don't buy that laundry detergent as much as you could; if you bought it much more frequently they might guess that they couldn't get your purchase volume up much further by dropping the price.)

It is not benign, now or ever. It is the ultimate discrimination tool, targeted on our private actions and not on broad categories like "petit-bourgeoise".

Yeah, it's all fun and games if shops do it and they apply it to baby powder coupons. But the invasion of privacy and the private dossiers Target or Visa or Facebook are building on every one of us can be used in other contexts.

Is this person likely to engage in extreme sports? Hike his health insurance quota 5x because he is a "risk" to profits.

Does this job applicant fit a union sympathiser profile? Deny him the job, on the "pure" economic reason that he is a risk to our bottom line profits.

I'd much rather ensure that this kind of data collection and targeting is illegal across the board. I'm ready to sacrifice the coupon industry, thank you very much.

Is this person likely to engage in extreme sports? Hike his health insurance quota 5x because he is a "risk" to profits.

This person is likely to remain healthy for a long time, requiring little/no care for chronic ailments. Even in the event of an accident, it's likely to result in either death (free) or a serious injury (a moderately large one-time cost).

The expensive person is the fattie who develops diabetes, blood clots, and all the other chronic ailments of a sedentary lifestyle. Those sorts of things are expensive.

What is wrong with those scenarios? It sounds like you are proposing that instead of using this information, people should ignore it and make bad decisions.

They shouldn't be allowed to use it. Who really wants to live in a 'fishbowl' world where every corporate entity and government organization can have full access to every minute detail of your life. It opens the door for rampant discrimination

Yes, I can see how it could become not benign. With the way the government has been going, I could see them wanting access to all this data and even start doing something like profiling people's buying habits.. oh, so you frequently buy packs of mini zip-lock bags (the kind they sell weed and pills in)... must be a drug dealer.. the fear is mainly that the government would become active in profiling people's buying habits, they are already trying to gain more power over online data and I can see them doing it for this too.

I think this sort of data collection could use some more regulation (in the form of consumer protection). Personally, I prefer to limit info I give to companies, I rarely put real info on those in-store cards, etc

The government using the info without a warrant would clearly be bad. Other non-benign uses I've thought of: supermarkets sharing your shopping habits with health insurance companies, so you get higher rates if you like beer and fried food, or banks checking your buying habits before issuing a home loan, denying the loan because your habit of buying frivolous expensive things makes you too high risk.

So I see that there are possible bad uses of the data. But I don't see us heading in the direction of those bad uses. Hopefully our lawmakers will help protect our privacy while still allowing useful business analytics happen -- there's a balance to be had.

When was the last time you got a job without submitting to a "credit check"? Your very existence could be at risk if the "credit check" pigeon-holes you in the wrong category.

Credit checks are slowly being outlawed in various states and jurisdictions. Watch your social media tracks start to get scraped instead.

Bet you'll think twice before clicking Like on that next web page.

I worked at an investment bank. We used satellite imagery of EU countries to do demand forecasting. You should also know your communication signals aren't protected once they leave sovereign air space (around LEO).

If the government wants your data they can get it. Using cash, which providing some theatric value, won't make you un-traceable (commercial banks track serial numbers through their systems).

Not saying privacy regulation has no use - it does (though this example with Target seems innocuous; be wary of slippery slope fallacy). But you aren't protected against a determined counter-party.

As a Canadian, I was very surprised when I did a coop term in 1997 in Mississippi, at how grocery stores had discount cards. We didn't have them up here at the time.

Because it was only a 5% discount, and I didn't buy much as a starving student anyway, I only used it for certain, specific items, just to mess with their database. So if you mined my data, I appeared to be some guy who ate nothing, drank nothing but milk, and was an inordinately prodigious consumer of toilet paper.

We have them up here in Canuckistan, now, too.

I think I finally understand the etymology of their company name. I'd be willing to bet that insurers are or will use people's buying activity as one input of insurance premiums. With someone's credit card activity they could ascertain massive amounts of information about their lifestyle. Everything from how late they stay out, to how early they get up, to what types of food they eat, and what activities like drinking and smoking they partake in. Heck, Mint could do that for most of its users.

To make this more HN-centric, here's a question:

If you are a developer, and you feel uncomfortable with this sort a tracking, would you work for a company developing or maintaining software or infrastructure that does this sort of customer analysis?

It seems to me that some of the most interesting companies to work for are doing data mining like this. I would guess a large percentage of Hadoop installs are doing analytics on customer data. Are you ethnically opposed to data mining?

This story, along with much of the content produced by Forbes are in violation of Hacker News Guidelines [1].

While these are simply guiding principles, they are an important measure of what is permitted within the community.

[1] http://ycombinator.com/newsguidelines.html "Please submit the original source. If a blog post reports on something they found on another site, submit the latter."

The New York Times article this was taken from was submitted earlier to HN, but only shows up for me when I go directly to news.ycombinator.com. It does not show up the RSS feed on Google Reader.

What determines what HN submissions show up in the RSS fed?

Is it actually legal to track customers by their credit card numbers, or do anything with them other than use them to complete monetary transactions? Should it be?

This will make a great class action suit against Target. After all, when did you give them permission to start tracking your purchases when you use a credit card? We worry about online privacy at Google or other companies this is worse. It is not as if you are using one of those cards at the grocery store where you agree to allow them to track your buying habits.

If it's not illegal, and you're on their private property, then I think there's nothing a lawsuit can do. Get the laws changed.

Why does a high school kid have a credit card? Without that unique identifier, they can't datamine.

Teenagers probably have a bank account. If not a credit card, then it's likely a debit card from a bank.

But really, why not have a credit card? If she's not building debt, I don't see a problem with having one.

In the U.S. it is illegal to offer credit to anyone under the age of 18 as they cannot legally enter into contracts. It would be a huge liability for a credit card company as the contract for credit (and thus right to request repayment) would essentially never be valid, although presumably they could go after the person's legal guardians for payment.

> In the U.S. it is illegal to offer credit to anyone under the age of 18 as they cannot legally enter into contracts

Minors can legally enter into contracts. Those contracts are entirely binding on the non-minor party. The minor is the one that can repudiate the contract before the age of majority to void it, but otherwise, it's a perfectly valid contract. If the minor remains bound past the age of majority, the contract can no longer be voided, either.

There are credit cards marketed directly to teens.

Isn't it possible to use a 'family' card---that is your parents credit line but the card has your name on it?

yes, this is, however the underage person can't be held liable for charges, basically its the parent's card but they authorized the child to use it (its not supposed to count for the child's credit score either but they usually put it on anyways)

But that would solve the issue of tracking issue by giving her a personal card to use?

For what it's worth, I'm a US citizen and I got a credit card a few months before I turned 18; I was just starting college, and they must have used that bit of data to offer me a card.

I'm not disagreeing with having a credit card; I just didn't think anyone would give one to you if you were under 18.

She could have been using a debit card. I got one with my first bank account when I was 15.

yeah me too, you can get a debit card with a visa logo at pretty much any age as far as I can tell

Some parents co-sign for credit cards in their kids' names.

It might not have been a credit card; she may have used a debit card or a store loyalty card they could track her with.

I got my first credit (as in line of credit, not debit/bank card with VISA logo) card at the age of 16.

More common than you think. On the other hand, I was living on my own at the time.

I wonder whether this anecdote (about the manager and the angry father) is actually true.

If the manager did not actually know about the ad campaign, how did the anecdote make its way to the reporter?

It sounds borderline "too juicy to be true". That one anecdote makes the story.

It's hard to draw a line on where privacy gets crossed, but this seems like it. Hard to imagine that Target doesn't lose a customer for life when their pregnancy gets prematurely outed.

Sure, but how many customers for life do they GAIN? That's how they are looking at it, as long as the net result is an increase in business, it's a good strategy.

I'm not saying I am on one side or the other, but every 'targeted' campaign will have some fallout, you just have to make sure it's a small enough number.

Fair point. Normally the downside is just a stamp when the coupon gets pitched. Here it's more. but it's still a cost benefit analysis like anything else.

In cases like these, parents are usually the last to find out...

>So Target got sneakier about sending the coupons.

I love that logic. Woah, our customers are getting creeped out by this. Guess we gotta creep harder.

People get creeped out by more and more things nowdays. I don't want to taunt the "If you don't do anything wrong, you don't have anything to hide" phrase, but the truth is that privacy is an illusion; most privacy one can get comes from that literaly no one cares about this 'private stuff' of the individual - at least not enough to try and learn it.

As the technology gets better, it's becoming increasingly difficult to lie, and to live a fake life. Every thing one does leaves a trace in the physical world, a trace that one can't remove. From air vibrations to people talking to behaviour patterns, the trace is there, and year after year we get better and better at amplifying those signals and extracting information. One can not lie and hope it will remain undiscovered forever. In a healthy society this would be a Good Thing.

Creepy as hell. This is why I pay cash.

They can keep their "redcard" for tracking everyone's data.

(I also have a dozen amazon accounts for different stuff)

For pregnancy and other medical discoveries, I wonder if a case could be made for HIPPA violations.

I just wonder which data-mining-software company paid Forbes to copy this from NYT.

Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact