Most active commenters

    ←back to thread

    The surveilled society: Who is watching you and how

    (www.rnz.co.nz)
    199 points billybuckwheat | 31 comments | 11 Aug 24 00:20 UTC | HN request time: 1.532s | source | bottom
    1. hammock ◴[11 Aug 24 02:07 UTC] No.41213541[source]
    Add the credit card readers/POS tablets at stores, Starbucks, etc to that list, which mostly have tiny cell phone cameras built into them now (whether you knew it or not)
    replies(5): >>41213632 #>>41213701 #>>41213789 #>>41213833 #>>41214603 #
    2. curiousthought ◴[11 Aug 24 02:33 UTC] No.41213632[source]
    I think people would be alarmed if they knew the amount of detail that credit card readers can collect (Level 3 data).
    replies(2): >>41214559 #>>41226561 #
    3. blackeyeblitzar ◴[11 Aug 24 02:52 UTC] No.41213701[source]
    This is news to me, although now that you mention it I do recall seeing a lens like thing on some of them. What are those for - I assumed it was for some payment method I am not using and therefore wouldn’t have to think about.
    4. eddyg ◴[11 Aug 24 03:21 UTC] No.41213789[source]
    As far as I know, these are used for scanning various types of coupon codes and vouchers.
    replies(2): >>41213814 #>>41214181 #
    5. 01HNNWZ0MV43FF ◴[11 Aug 24 03:32 UTC] No.41213814[source]
    Mere software difference
    replies(1): >>41213832 #
    6. metadat ◴[11 Aug 24 03:38 UTC] No.41213832{3}[source]
    How else should it be implemented?
    replies(1): >>41214168 #
    7. gaadd33 ◴[11 Aug 24 03:38 UTC] No.41213833[source]
    Does that mean I can request all the pictures of myself checking out at Starbucks under the GDPR/CCPA? Has anyone done that yet? If not, any idea why not?
    replies(2): >>41213860 #>>41214574 #
    8. deafpolygon ◴[11 Aug 24 03:47 UTC] No.41213860[source]
    No, because no one really 'knows' it's being collected/not yet deployed at scale.
    replies(1): >>41213978 #
    9. zx8080 ◴[11 Aug 24 04:25 UTC] No.41213978{3}[source]
    Until some DB leak happens.
    10. vermilingua ◴[11 Aug 24 05:30 UTC] No.41214168{4}[source]
    NFC. We have NFC tags embedded in single use tickets for travel and events, the cost is marginal and most of the uses relevant to card readers could reuse cards.
    11. zzo38computer ◴[11 Aug 24 05:35 UTC] No.41214181[source]
    Add a physical shutter to cover the camera when it is not in use. (In addition to avoiding spying, such a cover can also sometimes avoid the camera being dirty that it would not work when you are trying to scan something.)
    replies(1): >>41214588 #
    12. mdp2021 ◴[11 Aug 24 07:36 UTC] No.41214559[source]
    > the amount of detail that credit card readers can collect (Level 3 data)

    Please expand.

    replies(2): >>41215267 #>>41219713 #
    13. Nextgrid ◴[11 Aug 24 07:40 UTC] No.41214574[source]
    No, because ignoring the GDPR under all kinds of technicalities is standard practice: https://noyb.eu/en/microsofts-xandr-grants-gdpr-rights-rate-...
    replies(2): >>41215101 #>>41215910 #
    14. Nextgrid ◴[11 Aug 24 07:42 UTC] No.41214588{3}[source]
    That's an extra moving part that will break, get jammed, or will trap dirt/particles between the cover and lens and effectively sand off the lens over time.

    The solution is proper, enforced anti-spyware and anti-stalking legislation (so not the GDPR), not hardware band-aids that are trivially bypassed.

    replies(1): >>41214594 #
    15. katzinsky ◴[11 Aug 24 07:44 UTC] No.41214594{4}[source]
    The real solution is a better software culture that looks like GNU/FOSS. Such a culture would generate laws like that if a problem persisted but likely wouldn't need them.
    replies(1): >>41216111 #
    16. onion2k ◴[11 Aug 24 07:45 UTC] No.41214603[source]
    90% of the images would be up someone's nose, so why bother? It'd be far simpler to sync the terminal transaction data to the shop's CCTV data.
    replies(1): >>41216171 #
    17. abc123abc123 ◴[11 Aug 24 09:54 UTC] No.41215101{3}[source]
    There are two types of ignoring that's been very common with the american and swedish companies I've battled with.

    1. Protection against law suits. We reserve the right to not delete any information you have, since if there's a law suit we would need that as proof.

    2. Freedom of speech. We are a publisher, so by removing your personal information, our right to free speech is threatened and since this is a foundational legal principle, it overrides any GDPR laws.

    replies(1): >>41215747 #
    18. mnahkies ◴[11 Aug 24 10:40 UTC] No.41215267{3}[source]
    AFAIK level 3 data is essentially receipt line item level data.

    I'd actually find it pretty cool to get access to my own level 3 data for smarter budgeting/analysis (eg: automatic tracking of food stocks, separation of spend on luxury foods from basics etc), but I've not found a way to get access as an individual yet

    replies(1): >>41216158 #
    19. jboggan ◴[11 Aug 24 12:37 UTC] No.41215747{4}[source]
    Could you expound on the first point in greater detail
    replies(1): >>41225017 #
    20. amarcheschi ◴[11 Aug 24 13:17 UTC] No.41215910{3}[source]
    Adding to this, I tried to do the same thing and after providing uuid2 they said "we don't know where it is, but if it exists we will delete it" or something like that, which of course is ridiculous because you can f-ing access the database and access the unique identifier. I'm gonna do it again in some time and try to file another gdpr complaint as soon as they tell "me nooo we can't do that silly ahah"
    21. mvdwoord ◴[11 Aug 24 13:45 UTC] No.41216111{5}[source]
    The solution is cash.
    22. com ◴[11 Aug 24 13:54 UTC] No.41216158{4}[source]
    Merchants seldom submit L3 data with transactions for stupid legacy tech reasons. The card schemes encourage them to do so with bips off scheme fees for doing so, but it’s a minority of transactions I think with even L2 data.
    replies(1): >>41216223 #
    23. com ◴[11 Aug 24 13:56 UTC] No.41216171[source]
    Anybody know how unique the blood vessels in our nose are? I smell (intended) a lucrative tracking business model!
    replies(1): >>41216844 #
    24. hammock ◴[11 Aug 24 14:02 UTC] No.41216223{5}[source]
    The merchants usually don’t (to the data brokers at least), that is correct. But backdoored firmware on the POS could send it anywhere, no?
    25. doubled112 ◴[11 Aug 24 15:25 UTC] No.41216844{3}[source]
    Nasalprinting?!?

    And I thought burning my fingerprints off was going to be painful.

    replies(1): >>41218751 #
    26. mewpmewp2 ◴[11 Aug 24 19:34 UTC] No.41218751{4}[source]
    Thing is, everyone will have to do it or you will be known as this one guy who burned off their nose vessels.
    replies(1): >>41227195 #
    27. curiousthought ◴[11 Aug 24 22:21 UTC] No.41219713{3}[source]
    Traditionally we think of the information collected as:

    8/11/2024 | Amazon.com | $50

    But Level 3 data includes each individual line item:

    8/11/2024 | Amazon.com | $50 | 1 Very Embarrassing item | some additional fields

    This appears in all sorts of interesting ways, and is not restricted to B2B/B2G transactions as they state so prominently. Anyone can sign up if they have a certain number of transactions per year and save quite a bit on credit card processing fees for providing the data.

    I can't find the article but there was a tire company that provided a branded credit card, and they had risk profiles for their customers. The riskiest went to some specific bar, and the least risky were buying snow removal tools. (Please forgive my memory if I have the details incorrect).

    edit: Found it https://archive.md/gyde0

    "Martin’s measurements were so precise that he could tell you the “riskiest” drinking establishment in Canada — Sharx Pool Bar in Montreal, where 47 percent of the patrons who used their Canadian Tire card missed four payments over 12 months. He could also tell you the “safest” products — premium birdseed and a device called a “snow roof rake” that homeowners use to remove high-up snowdrifts so they don’t fall on pedestrians."

    Additionally if you try to buy large amounts of visa gift cards it can be problematic. This is one way they catch manufactured spend.

    At the end of the day, some merchants are providing every single detail of your transactions down to the line item and all that information is being tagged to you.

    replies(1): >>41221850 #
    28. mdp2021 ◴[12 Aug 24 07:01 UTC] No.41221850{4}[source]
    Thank you. One note about the «Very Embarrassing item»: all purchases (in context) are private.

    But: if the "purchased item" column is filled in the database of the credit card expenses, it means that the shop receiving the payment has transmitted the information. This is an unrequired deliberate action... The credit card company could just receive "Card ...1234 to pay 20u to Acme Inc. shop". That the shop transmit further information to the credit card company is a further action that should be made transparent to the card owner.

    29. whaleofatw2022 ◴[12 Aug 24 14:47 UTC] No.41225017{5}[source]
    I can give one perspective...

    I worked in the communications part of a lender. We couldn't delete anyone's texts or other correspondence for a number of years due to compliance requirements.

    30. JohnFen ◴[12 Aug 24 16:49 UTC] No.41226561[source]
    Yes, it was learning about this level of data collection that made me stop using my credit card for routine purchases and go back to using cash instead.
    31. doubled112 ◴[12 Aug 24 17:41 UTC] No.41227195{5}[source]
    You’re right. Are we doing this at the same time? Or who is going first?

    The other more inclusive “we”, not just you and I.