| HN Mirror

Y	Hacker News new \| ask \| show \| jobs


	by 4oh9do 1455 days ago
	One thing I never really understood is the incongruity between online tracking and real-world tracking, the latter of which we would call stalking. If you followed around the owner or employee of a tracking...err "advertising analytics"...company, and recorded everywhere they went, and everyone they met and interacted with, including writing down all of the purchases they made when they go to a store, and then you sold the notebook you kept of all this, would you be in any legal trouble? What if you followed around their spouses and children too? Would the employees of the advertising company be creeped out by this? And yet they do it virtually to millions of others.

3 comments

rgbrenner 1455 days ago

No, you wouldnt be in legal trouble. I have news for you: When you're grocery shopping, there are cameras watching you: how long you spend looking at an item (which tells them if it's a regular purchase, or something you're considering), the path you take through the store, etc. They use this info to increase the amount of your purchase. The layout of a store is not random.

And then when you get to the register, they know you. Not just from your loyalty number, but from your credit card (even if you're not a member). They use this to create a history of your purchases and create a demographic profile of you.

They use this profile to determine what to stock in the store, what to put on sale, etc. For example, sometimes they'll stock an item with poor sales, because the customers that buy it make larger purchases (keeping these customers loyal to the store). They'll also use this info to advertise to you, send you flyers and coupons in the mail, for example.

They'll combine this with your credit card purchase history to create a more detailed profile... because Visa (et al) sell your purchase history to analytics firms that sell this data to companies like your grocery store.

Similarly, analytics firms already know who you're related to, and can match up purchases from other members of your household.

My point is: You dont think about even the stuff above, because it's hidden from your view and you arent familiar with what they're doing. Just like many people dont think about what Facebook is doing with their data. You phrase your questions like a hypothetical, but it already exists.

johnny53169 1455 days ago

> They'll also use this info to advertise to you, send you flyers and coupons in the mail, for example.

It would be good to say which country you are talking about, in Europe this has never happened to me outside of online stores or with loyalty cards (which is why they give those cards in the first place).

lrvick 1455 days ago

They are certainly talking about the US. I know this nightmare all too well.

mhaberl 1455 days ago

> I have news for you: When you're grocery shopping, there are cameras watching you

Well, it is not the same - cameras are maybe watching "a person" inside that store, not John Doe inside the store, the car, the toilet and the bedroom..

4oh9do 1455 days ago

Those things aren't particularly news to me.

My question is more along the lines of, it seems to me that it's OK (in the sense of being tolerated by the public and legal) when corporations engage in this kind of behavior, but would it be OK if individuals engaged in this kind of behavior against employees of these corporations?

nerdponx 1455 days ago

Imagine if you got free groceries, as long as you allowed someone to constantly monitor you. I bet a bunch of people would still do it.

lrvick 1455 days ago

This is sadly accurate, and why I only use cash and cash-purchased pre-paid Visa gift cards IRL.

eftychis 1455 days ago

They are tracking you in their store, not your own backyard.

chopin 1455 days ago

I am not sure whether this is the case in Europe. This can get you in GDPR trouble pretty quickly.

johnchristopher 1455 days ago

> Not just from your loyalty number, but from your credit card (even if you're not a member). They use this to create a history of your purchases and create a demographic profile of you.

I believe GDPR would forbid this but there maybe (in Europe) something like "we consider logs of payments made in a store a legitimate interest", idk.

edit: an ongoing story I suppose:

- Instead of only processing the payment, the German payment service “giropay” (formerly “paydirekt”) keeps the information about each individual item purchased in online shops. This may lead to the processing of sensitive, personal data. https://edri.org/our-work/giropay-knows-what-you-bought-last...

> I have news for you: When you're grocery shopping, there are cameras watching you:

I don't think so. CCTV's goal is security. Not even employees can be filmed for a different purpose:

- The DPC received a complaint stating that a supermarket had instructed athird party to remove a CCTV hard-drive. The hard drive contained CCTVfootage of the complainant's image from the store where the complainantworked as store manager. The complaint statedthat no member of thesupermarket staff accompanied this third-party contractor during theremoval. The complainant alleged that the supermarket viewed had threeweeks of CCTV footage. The footage contained the complainant’s image andthe supermarket used this CCTV footage to ground a disciplinary hearingagainst the complainant. The complaint further stated that at no point hadthe complainant been consulted in relation to the removal, viewing orprocessing of the footage. The key issue before the DPC was consideration of whether the supermarkethad acted in accordance with the requirements of the applicable law when it processed the CCTV footage which contained images of the complainant,specifically Section 2A(1)(d) of the Acts which provide that a data controllershall not process personal data unless “the processing is necessary for thepurposes of the legitimate interests pursued by the data controller or by athird party or parties to whom the data are disclosed, except where theprocessing is unwarranted in any particular case by reason of prejudice to thefundamental rights and freedoms or legitimate interests of the data subject.”.The DPC determined that the use of CCTV in employment situations shouldonly be used for stated valid purposes, such as security. It should not be usedfor employee monitoring, and policies should be in place to ensureproportionality and transparency in the workplace. However, the DPCconsidered that, when the supermarket viewed the CCTV footage for theperiod, it did so in the pursuit of its own legitimate interests and in thisinstance found there was no contravention of the Act. https://www.ejtn.eu/PageFiles/17861/Deciphering_Legitimate_I...

I'd say the same applies to credit/debit card number. They can only process the data to fulfill the purpose of paying for the goods, not add a legitimate interest to profile the customer.

denton-scratch 1455 days ago

> "we consider logs of payments made in a store a legitimate interest"

That sounds like the kind of get-out I'd expect from a US company, or any other company with no significant assets under GDPR jurisdiction. The GDPR defines "legitimate interest", and that isn't one of them.

femto 1455 days ago

There's no incongruity, as it is happening in the real-world.

https://www.theguardian.com/technology/2022/jun/15/bunnings-...

4oh9do 1455 days ago

I guess the incongruity is then more along the lines of corporations being allowed to engage in stalking, but not persons, despite the fact that corporations are legally persons.

HPsquared 1455 days ago

Track one person and it's creepy. A million people and it's a successful business venture.

charcircuit 1455 days ago

>real-world tracking, the latter of which we would call stalking.

No we wouldn't. Let's take a very similar business which existed before the internet, credit reporting agencies. Do credit reporting agents constantly follow you around and watch you in order to build a profile about you? No, that isn't how it works and no the vast majority of people are not creeped out by the existence of credit reporting agencies. Consumers benefit from the profile credit reporting agencies make on them because it allows them to get better deals when they need to take out a loan. Consumers also benefit from the profile ad companies make on them because they are able to see more relevant ads which means that they can find new products, services, communities, etc that they may be interested in rather than seeing stuff they don't engage with.

lrvick 1455 days ago

Just because you are fine with being stalked and sold by private corporations does not mean everyone else is and should be more or less forced to endure it.

charcircuit 1455 days ago

No one is following you around. It's more like you keep sending letters to advertising companies. You are going to them, they aren't coming to you. If you go to Hacker News there is no way for them to follow you here.

You aren't being sold to private cooperations. Facts about the universe which relate to you are being collected. If you learn George Washington was born in 1732 on Wikipedia do you think Wikipedia sold you George Washington? These are just facts that exist in the corpus of knowledge about the world and the people who live on it.

lrvick 1455 days ago

Is it okay that one can pay data giants to put false social media posts in front of millions of select people that have been heavily profiled to be statistically more likely to believe such postings and change their voting behavior as a result?

Is it okay that the DMV makes millions yearly bulk selling demographics, home addresses, and emails to political candidates and adtech companies?

Is it okay that the payment processing service used by your pharmacy and grocery store sells purchasing data to insurance companies? Surely they will never use this data to raise your rates, right?

Is okay for third parties like cell phone providers and credit card companies to collect information about who goes to the abortion clinic and sell that information to people that might wish to see them face murder charges in a death penalty state?

Will they do similar if gay marriage is targeted again?

Is it okay that Apple gave the CCP access to their Chinese servers allowing them to more easily track down and imprison/kill Uyghur muslims?

What about for journalists covering war crimes? Should they just accept that they will be tracked everywhere and killed for doing their job?

It takes someone incredibly privileged to be dismissive of the serious risks mass data collection represents to the vulnerable. Just remember the location, browsing, and purchasing data you give up casually today can be used to target you later when political landscapes change.

Those of us who are privileged have an absolute obligation to pursue and normalize data privacy for those whose lives depend on it.

charcircuit 1455 days ago

>Is it okay that one can pay data giants to put false social media posts in front of millions of select people that have been heavily profiled to be statistically more likely to believe such postings and change their voting behavior as a result?

Yes, I believe it is okay for people to talk with other people about political issues to strengthen or change their opinion. It's a good strategy to focus on talking to people who are most likely to convert to avoid wasting your time with people who firmly hold the opposite opinion.

>Is it okay that the DMV makes millions yearly bulk selling demographics, home addresses, and emails to political candidates and adtech companies?

Yes, it allows my tax dollars to be spent on other things.

>Is it okay that the payment processing service used by your pharmacy and grocery store sells purchasing data to insurance companies? Surely they will never use this data to raise your rates, right?

Yes, if people who buy bananas and live alone are more likely to slip and fall then I see it as fine for an insurance company to raise the rate. Typically the more data an insurance company has, the more accurate they can predict the probability of a payout. If someone is trying to hide data that causes an insurance agency to underestimate this probability I would consider that as fraud.

>Is okay for third parties like cell phone providers and credit card companies to collect information about who goes to the abortion clinic and sell that information to people that might wish to see them face murder charges in a death penalty state?

Yes. I think it would be unethical not to report a serious crime. Are people really going to surprised pikachu face when they are caught for doing a crime.

>Will they do similar if gay marriage is targeted again?

I don't understand how that applies.

>Is it okay that Apple gave the CCP access to their Chinese servers allowing them to more easily track down and imprison/kill Uyghur muslims?

Yes, it's okay to help a government enforce their laws.

>What about for journalists covering war crimes? Should they just accept that they will be tracked everywhere and killed for doing their job?

I don't know enough on how their job works to answer.

>Just remember the location, browsing, and purchasing data you give up casually today can be used to target you later when political landscapes change.

Where I live new laws can't retroactively punish for actions done before the law passed.

>Those of us who are privileged have an absolute obligation to pursue and normalize data privacy for those whose lives depend on it.

I believe all information should be free and I believe criminals should be unable to escape punishment.

lrvick 1454 days ago

You seem to be seriously saying you trust all governments and corporations to always penalize, imprison, and murder the correct people and we should give them as much data as possible to make them efficient in doing so.

I honestly can not tell if you are a troll or a psychopath.