I asked this same thing in another comment here, but since you mention working in this space, I ask you directly. Where do the brokers obtain their data from? If it's easy for them to obtain, would those who buy it from brokers not be able to simply get it from its respective sources? I'm genuinely curious about how this dynamic works.
Because none of it is really unknown? People know about it and don't care. Hell, even people on this forum that should know better and care that don't, or think when they hear about stuff like this it's FB pixel or google analytics stuff. The simple fact is with a few basic pieces of information on somebody, there's almost nothing that is sacred or not for sale. People mistakenly believe they're protected by adblockers and stuff, or by avoiding social media, but the simple fact is that it is unavoidable while simply existing and the 1000x comment is from my POV the scale of it is astounding and growing every year and people really don't have a good understanding of the subtle and not subtle ways it can affect you, or when told, don't care/dismiss it. So I don't really feel anymore like explaining it. If more people understood, I'd also stand to profit quite a bit from it, so that's where my frustrated tone is coming from.
I'm pretty sure it was over when we switched to debit/credit cards. Everywhere you go, how much you buy, all that stuff has been sold for quite a while now.
cash is tracked as well, it's been over for a long time.
each bill has a serial # and it gets scanned going in and out of the bank. Yes, it's still marginally easier to launder cash but if you just take it out of the ATM and spend it at a store it'll get tracked accurately
I don't think this is as accurate as you are making out. Wawa (a connivence store in the Philly area) isn't tracking each $10 that goes in and out of the register. It could float all over the city before hitting a bank, and even then banks typically track serial numbers for large demonizations and we when there's a suspicion of illegal activity. Happy to learn more about this if I have it wrong.
How would one find out what data brokers knew from their cash purchases?
Do banks sell this information? This bill was pulled from this ATM in Georgia by one Claudius McMoneyhands, and then deposited by one CashMoneyBusiness LLC in South Carolina three weeks later
Seems like there could still be intermediaries and a lack of what you actually bought with it at least?
Legitimate question: At this point, what could a loyalty card possibly measure that isn't already measured on a bigger scale?
The cc/bank provider already gets an itemized bill, and they get it for everywhere you shop as opposed to a single store (so a superset of this data is already collected). This is in some (most?) cases already shared with stores, and even if it isn't, what can a store do with it the bank/cc provider can't do worse.
No, it was before this, with phone lines and wiretapping because forcibly allowed by law. As soon as we said "okay, you're allowed to record stuff if it's for a good purpose", it was over.
My favorite example is the story about a data broker who, the day after 9/11 happened went from the name "Muhammad" to a list of ~1K people which included 1 out of 4 of the 9/11 terrorists.
> the subtle and not subtle ways it can affect you
In Manufacturing Consent they measured column inches in the NYT-- IIRC it was something like measuring the total that support the relevant U.S. administration's official position on given policy vs. inches that went against the gov't position. In any case, they were measuring column inches.
What were you measuring to come to your conclusion?
I'm aware that using adblockers and avoiding social media doesn't entirely prevent tracking, shadow profiles, and such, but surely it makes things more difficult for these companies, no? Or would you say that there's practically no difference between making an effort to preserve one's privacy and just giving up entirely?
I could give you some great horror stories, but honestly I don't see the benefit in either potentially harming former coworkers of mine that still work at those places or ending myself in some sort of career/legal trouble for something people generally don't care about (other than a few points on HN).
If you were caught demoing something both horrific and internal you would risk serious damage to your career, and ultimately will have zero impact on the industry as there's just too much data out there and too much money wrapped up in it.
Plus, most people working with the data don't bother to look at it. The places I've internally demo'd massive privacy risks were shocked because they didn't realize what their own data was capable of. Most people are just writing jobs that run and shuffle data around from one place to another never really asking "what is this data?" Even among data scientists I'm routinely surprised (so maybe I shouldn't be surprised) how frequently data scientist never do any real error analysis by looking at what the model got wrong and trying to understand why.
Among the additional information Kochava collects and sells are non-anonymized individual home addresses, phone numbers, email addresses, gender, age, ethnicity, yearly income, “economic stability,” marital status, education level, political affiliation and “interests and behaviors,” compiling and selling dossiers on individuals marketed as offering a “360-degree perspective,” the FTC said.
...
According to the FTC, Kochava’s data can identify women who visit reproductive clinics by name and address along with, for example, when they visit particular buildings, their names, email and home addresses, number of children, race and app usage.
...
Kochava marketing materials tell customers it offers “rich geo data spanning billions of devices globally” and that its location data feed “delivers raw latitude/longitude data with volumes around 94B+ geo-transactions per month, 125 million monthly active users, and 35 million daily active users, on average observing more than 90 daily transactions per device.”
...
The complaint also alleges that the company has lax procedures for determining who it is selling data to, saying purchasers are allowed to use a generic personal email address, label an alleged company as “self” and explain they plan to use the data for “business.”
I was on a team of about 25 involved in pitching a particularly large deal to a public sector client (think US state/local governments). The audience was about 50 people from different departments and agencies throughout the state and our pitch team consisted of about 6-8 very big shots + me the computer nerd. During our prep and rehearsals a "look book" was distributed which consisted of write ups on each person expected to be in the audience. It was very detailed with a career and education history of each person, a personality analysis, where their interests/passions lie both at work and personally, and what topics and key points set them off. The deck was very professional and not something thrown together, i was impressed but a little taken aback too.