[tony]

> I want a way to legally opt out of other such companies collecting and aggregating private data about me.

Compare a desire to legally opt out (after checking a box, agreeing to a privacy policy you never read, having your data from 10 years ago - with a chain of custody/dispersal that's probably untenable, if not impossible, to map by now - synthesized by a third party) to GDPR's concept of consent:

"The key point is that all consent must be opt-in consent, ie a positive action or indication – there is no such thing as ‘opt-out consent’. Failure to opt out is not consent as it does not involve a clear affirmative act. You may not rely on silence, inactivity, default settings, pre-ticked boxes or your general terms and conditions, or seek to take advantage of inertia, inattention or default bias in any other way. All of these methods also involve ambiguity – and for consent to be valid it must be both unambiguous and affirmative. It must be clear that the individual deliberately and actively chose to consent."

Source: https://ico.org.uk/for-organisations/guide-to-data-protectio...

[reificator]

Yes opt in is obviously better for the end user[0], but don't let perfect be the enemy of good here. We don't have opt out yet.

[0]: Until opt in becomes mandatory for use of critical services like having a bank account or paying your power bill.

[mikekchar]

GDPR also has a concept of "objection". Even if you opt in, you can later "object" which will allow you to remove your consent. Although, in general, I really like GDPR, we've actually had a bit of a problem with this because it's quite unclear what you should do if someone opts in, then objects and then opts in again. For example, we have an opt in for us contacting the customer by email (which we do for marketing purposes). The customer can easily "object" and we'll remove them from the list. However, people frequently want to resubscribe. They thought they didn't want the marketing information and later changed their minds. It's not clear to us if it's legal for us to resubscribe them. I've actually thought that it's better for us to offer a separate service for marketing and get people to subscribe to that service under contract basis just to avoid this problem. That way they can terminate the contract and if they want to resubscribe, it's a new contract. I'm rambling here, but one of the things that really surprised me is that we have this horrible popup asking users to subscribe to our newsletter. I always opposed it because it's super annoying. However we were looking at analytics and it appears that a very large proportion of our customer base only go to the website to sign up to the newsletter (we're unusual in that most of our business comes through our call centre). So the newsletter really is a service that our customers want... It's a weird world ;-)

[harryh]

Equifax tracking is opt-in. It's a term on any loan or credit card you take out.

[soulofmischief]

That's like when websites say I've opted into such and such just by visiting the website. It's a stretch to call something opt-in when it's unavoidable in modern life.

[harryh]

It's not like that at all.

When you take out a loan or credit card you sign a legal document agreeing to all of the various terms. You don't sign anything when visiting a website.

[stanmancan]

I think the important part of the parent post is

     "It's a stretch to call something opt-in when it's unavoidable in modern life."

[tptacek]

Credit cards --- bona fide, revolving-credit credit cards --- are so completely avoidable in modern life that I'm a little mystified as to why people get them at all. I couldn't for most of my adult life (weak credit score) and feel like I've dodged a bullet. I have a (secured) card with a low limit now, just to rent cars, but it's gotten a lot easier to rent cars with debit cards now, too.

Heading off a routine objection to this observation: I've had a family with kids since I was 22, and spent most of the years prior to the Matasano acquisition living, if not paycheck-to-paycheck, at least pretty close to it.

I'll add: I don't know what my credit score is now --- it's probably better than it was, since I've had that dumb car-renting card for 6+ years --- but, knowing that my credit was bad enough that I couldn't get a non-secured card, including from my own bank after the wires for the Matasano acquisition cleared, and knowing that I had at the time a house and a car and all that stuff, and really no trouble ever getting a lease for any place I could afford the rent for, I find myself wondering a lot how much credit scores actually matter. If I'd thought that when I was 22, I'd say, "welp, I just don't have enough life experience to know". But I'm 42 now, and I have a bit of a hard time projecting to a point where I can see a clear reason to give a shit what number Equifax generates for me. Like, maybe I'll care a lot when I'm 62? I kind of doubt it, though.

[pcwalton]

> Credit cards --- bona fide, revolving-credit credit cards --- are so completely avoidable in modern life that I'm a little mystified as to why people get them at all.

Cash back and other rewards. They can add up if planned for properly—they aren't a life-changing amount of money or anything, but they're nice. Effectively, if you aren't using a high-fee card like American Express, you're subsidizing those of us who do use them (much to the chagrin of merchants). It's better to be on the receiving end of that subsidy, not the giving end.

> I find myself wondering a lot how much credit scores actually matter

Here's a well-sourced WaPo article on how credit scores affect mortgage rates: https://www.washingtonpost.com/news/get-there/wp/2016/11/17/...

[_bfhp]

I feel similarly mystified sometimes as I've never needed one. When my mom mentions paying off a CC bill, I think "why not just use debit?" Maybe she'll have to delay purchases or occasionally miss out on something, but it ends up being the same money.

There are also people who are below the income line of paycheck-to-paycheck, people with addictions, people who have jobs or lives with risk of injury and thus medical bills or unpaid leave for recovery, people who have a big family with needs they have to pay or travel for... and I feel people can use CCs because rich people culture pressures them to cling to things and the idea of being "successful" to attract peers and love interests... but that's just my subjective analysis.

[harryh]

You can easily get through modern life without taking out a loan from the financial system. I'm 41 years old and I've never had a home or car loan. I have credit cards, but I easily could have gotten by using debit cards instead.

[soulofmischief]

So your financial history is being tracked and scrutinized. At 41, you might be able to live and die without this being a big problem. In my 20s, I worry about my ability to secure healthcare and other such necessities in my later life based on a social credit score which includes financial credit history I never opted into. Just getting on a lease is enough for a credit pull. It's unavoidable.

[cowpig]

Well, if it worked out for you I guess that settles the debate!

Wait, I think it's _disproof_ that relies on one _counter_ example. I guess it's easy to get confused.

[abawany]

It's not just loans and credit cards - it is also for insurance (home, auto), some utilities, and employment.

[mikeash]

It’s opt in, in the sense that you can refrain from participating in the modern financial system if you want to avoid it.

[harryh]

Yes, if you want people to loan you money at low interest rates you have to agree to the system whereby if you don't pay things back the system will keep track of that and not loan you money at such low rates again.

That seems pretty reasonable.

[mikeash]

That part is indeed reasonable.

What’s less reasonable is that you also have to participate in the system if you want a bank account or electricity or such. Or, heck, you don’t even need that; just have some fraudster open an account with your info and you’re in.

[harryh]

Opening a plain jane checking account won't impact your credit report. Neither will the vast majority of accounts with electric or other utility companies.

If a fraudster does something in your name, you can get things corrected. I agree that this can be more work than it should be, and would support regulations to make dealing with this easier.

[mikeash]

Merely opening an account won’t. But if something goes wrong and they decide you owe money, that will. It’s not a certainty, but by just opening a checking account you are taking on an certain amount of risk that your info will be reported to the credit agency.

You can get your info corrected if you’re the victim of fraud. Can you get it deleted entirely, such that the credit bureau has no record of you, as if you never existed? Or is participation in the system not actually voluntary at all?

[cowpig]

That goal seems reasonable, but it seems you're implying that therefore the credit system is reasonable, which doesn't follow.

[simpss]

GDPR "opt-in" consent definition also says it must be possible to "opt-out" and still receive the service.

If the data is required for providing the service, no consent is needed, but you must be able to clearly show that the data is indeed an absolute requirement to provide the service.

[closeparen]

Someone would probably be willing to write you a loan with opaque credit history, for the right price. But that price would be so high you'd never agree to pay it. (This is not the same as no credit history. No credit history means you have not taken out any loans before. An unknown history with credit, that you decline to reveal, is far worse).

Credit reporting is an immensely valuable institution, and a lot of that value gets passed down to borrowers.

[harryh]

I'm comfortable with the idea that "if you take out a loan, but don't pay us back, we're going to tell other people that you're a bigger credit risk" is an absolute requirement to provide the service.

It's certainly a requirement if you don't want the interest rates on loans to be much higher.

[tptacek]

It wasn't always a requirement! They had other heuristics before they had credit scoring databases, like, "do your parents have an account here", and, "do you have the correct skin color and religious affiliation".

[jki275]

No. Equifax tracks you whether you take out loans or not.

[harryh]

Tracks what? The fact that you exist? That's public record.

[jki275]

They aggregate every piece of information they can get out of every database they can access about you.

[harryh]

That's definitely not true. There is all kinds of information about me out in the world that does not appear in my equifax credit report.

The only thing that's in there outside of financial information is my name and a list of places I have lived.

[jki275]

The fact you don't know about it doesn't mean it doesn't happen.

I have to laugh a little at the naivete of thinking that a credit reporting company shows you everything they know about you on a credit report. They don't even show you everything they show loan companies who pull your report.

[closeparen]

Set standard loan terms according to worst-case credit risk. Offer personalized terms to those who agree to the data collection and processing necessary for personalization.

Subprime loan products already exist. They do typically run your credit, but they don't need to: the fact that you would pay for one says all that needs to be said. They're also typically offered under different branding from a respectable financial institution's loan products for people with good credit. An opt-in requirement for credit reporting only changes these basically cosmetic facts.

Better-than-worst-case credit history is immensely valuable. So valuable that a lender will cut you in on tens of thousands of dollars in savings for sharing it. Of all the things you could need opt-in consent for, it's an easy sell. Everyone would buy it. We'd be in the same position.

[soulofmischief]

As reificator says, the idea is making headway. Politics require compromise. Ideally it would be opt-in, with strict regulations and severe penalties still in place.