Shame on all of the people working on those systems. Legit companies trying to make the world better struggle to find competent people.
replies(4):
Seriously if you are going to do illegal things never ever buy a smartphone.
NSA Warns iPhone and Android Users–Disable Location Tracking https://news.ycombinator.com/item?id=42713536
Hackers Claim Breach of Location Data Giant, Threaten to Leak Data https://news.ycombinator.com/item?id=42627336
My rent is paid through a company called Bilt.
I discovered that when I shop at Walgreens now, Bilt sends me an email containing the full receipt of what I bought like so:
> Hey [inahga],
>
> You shopped at Walgreens on 12/1/24 and earned Bilt Points with your
> Neighborhood Pharmacy benefit.
>
> Items eligible for rewards
> TOSTITOS HINT OF LIME RSTC 11OZ
> $3.50
>
> +3 pts
> TOSTITOS RSTC 12OZ
> $3.50
>
> +3 pts
> Other items*
> EXCLUDED ITEMS
> $0.07
>
> *May include rewards-ineligible items and/or prescriptions.
I'm curious how this data flows from Walgreens to my rent company, but maybe I'd rather not know and just use cash/certified check from now on.
People are now very well-trained to look out for their own bottom line, and take jobs accordingly.
https://support.biltrewards.com/hc/en-us/articles/2901187842...
There's that FSA/HSA benefit section at the bottom which explicitly states that Bilt receives item-level data:
Because devs have to eat in order to survive?
False. Apps don't have access to cellid information unless they also have location permissions, in which case they can just request your location directly.
>the free apps you install and use collect your precise location with timestamp [...]
This is alarmist and contradictory given that the author admits a few paragraphs up that the "location shared was not very precise". It might be possible for the app to request precise location via location services, but the app doesn't request such permissions (at least on android, you can't check for requested permissions on iOS without installing the app and running it), so such apps are most definitely limited to "not very precise" locations.
>At the same time, there is so much data in the requests that I'd expect ad exchanges to find some loophole ID that would allow cross-app tracking without the need for IDFA.
At least in theory they're not supposed to do that, but it'd be hard to enforce.
"If a user resets the Advertising Identifier, then You agree not to combine, correlate, link or otherwise associate, either directly or indirectly, the prior Advertising Identifier and any derived information with the reset Advertising Identifier. "
https://developer.apple.com/support/terms/apple-developer-pr...
You might want to discover about sophistication and pervasive facial recognition technology used by major retailers. Paid by cash? It can still be tracked to you. For "fraud prevention", of course.
Here's a small comment thread from a few months back: https://news.ycombinator.com/item?id=41213632
It’s frankly the most intrusive thing I’ve ever encountered in any software I’ve ever used—I’m not sure how it’s even legal, but this is America where we have no real privacy rights.
Instead of giving you the option to opt in for them to get this level of access, they automatically enroll you into it when your account is created, pull your data, and then allow you to “opt out” afterward, which enables them to have access to your personal and sensitive financial data anyway. And since you literally must have an account with them if your building uses their services for rent payments, they’ve effectively rigged the system to force millions of folks to unknowingly give them access to their personal and sensitive financial data.
Anyway, in your Bilt privacy settings, there are some options you can disable (including Instant Link), and I recommend that you disable ALL of them, although given the dark practices of this company, I don’t even trust that those settings are actually honored.
Side note: Did you know about a company called Method Financial that somehow has real-time access to ALL of your personal and sensitive financial data? Did you know that this company you never heard of that has said access then sells that access to the highest bidder? Do you remember agreeing to any of that anywhere? Yeah, me neither (on all counts)…
[0]: https://www.biltrewards.com
[1]: https://methodfi.com
This is clearly adding entropy to de-anonymize users between apps, rather than to add specificity to ad bids.
But the "be part of our mission" was shown to be hollow over and over too. First and foremost, you as an enployee are making the investors and CEO rich. The mission is usually exploiting the employee, even when it's not exploiting the world. Employees have recognized the real social ethic (money over everything) and are just playing the same game. Which is sad.
Ideally the people who see these choices would make alternative choices that will leave their grandchildren better off in the world. It has taken only a generation for the "greed is good" mentality to drop us into this fetid soup.
But that was the pre-Trump NSA and FBI. Now the Chinese and the Russians just need to get some DOGE volunteer to give them whatever they want, since Elon now has root on all the government payment systems and is too undisciplined to do things in a secure way.
They can already track you through your phone and/or credit cards. Why bother setting up a massive facial recognition system for people paying with cash when they only account for 10% (or whatever) of overall shoppers, and have less disposable income than average?
[0] Steve Jobs introduces App Store - https://www.youtube.com/watch?v=eU3X6Fu5JiE
I'm not aware of any big retailers using facial data for targeting vouchers or anything similar.
Simple things like "did walk through the door with a child" would be pretty valuable data, yet as far as I know, nobody uses it.
None of those are likely to change when you navigate from one website to another, with tracking/ads disabled, which is what they want to be able to track. Otherwise they'd just use their cookies.
One device visits a site where you sell ads. A minute later, an unknown device with identical battery, volume, headphone, brightness, model number, browser version, and boot time to the second arrives on another site you run ads on. There's a pretty good chance they're related, because the odds of all those being the same plus those two sites and recent timings involved is rather low: https://coveryourtracks.eff.org/
Plus it doesn't have to be perfect. It just has to be good enough in bulk to sell.
I don't know this industry well and the tech here has long sense eclipsed me so I really don't know what is possible but I imagine there are possibilities with this setup.
Always annoys me when I want to use a WiFi scanner to determine the range of an access point in different locations for example and it needs me to turn on location access first before it can get WiFi data. The open source app doesn't have an Internet connection so there's no way for it to send back data to the mothership even if it had an SSID database baked into the apk. For me, and traditionally, the location switch is to turn on or off energy-hungry GPS hardware, not gatekeep when I trust apps to collect my location. I can set those to "only while in use", deny their Internet access, or just not install them if I don't trust them with the location permission
Everyone would need to be generating the same 'random noise' for any such tactics to be truly effective.
So yeah, I don't get why they would do this. It gives their advertising competitors valuable data for free, and it pisses off customers by telling them that they're being tracked when they shop at Walgreens. Strange stuff.
- Privacy: There's obvious tracking of purchasing trends. This derails into selling user data to everyone that makes people increasingly easy to track.
- Customer-dependent pricing / Price-discrimination: This is awful for economy, in econ 101 you learn that business want to charge each customer as much as they are willing to pay, but this differentiated pricing is just getting their hands into everyone's pockets.The free market principles rely on perfect knowledge, and every step made to make pricing harder is an attack against self market regulation.
Price discrimination is illegal even in Lobby-land, https://www.law.cornell.edu/uscode/text/15/13
Its harder to prove any specific stores are using any specific survailence product for marketing, but plenty of companies are offering it. Here' Samsung's take: https://web.archive.org/web/20230410052807/https://www.samsu...
What would be the ideal response to such an absurd comment? At the time I found it hard to answer because she surprised me with that opinion.
Edit to note: the explanation should be compatible with a professional context. I don't want to scare my co workers or appear crazy/paranoid.
EDIT: please ignore, author did it differently to what I expected.
"A Redding Police Department officer in 2021 was charged with six misdemeanors after being accused of accessing CLETS to set up a traffic stop for his fiancée's ex-husband, resulting in the man's car being towed and impounded, the local outlet A News Cafe reported. Court records show the officer was fired, but he was ultimately acquitted by a jury in the criminal case. He now works for a different police department 30 miles away."
California Law Enforcement Misused State Databases More Than 7,000 Times in 2023 https://www.eff.org/deeplinks/2025/01/california-police-misu...
_removing_ entropy, by adding more information bits
People commonly point to Mozilla's research regarding vehicle's privacy policies. (https://foundation.mozilla.org/en/blog/privacy-nightmare-on-...) But that research only states what the car company's lawyers felt they must include in their privacy policies. These policies imply (and I'm sure, correctly imply) that your conversations will be recorded when you're in the vehicle. But, they never drill down into the real technical details. For instance ..... are car companies recording you the whole time and streaming ALL of your audio from ALL of your driving? Are they just recording you at a random samples? Are they ONLY recording you when you're issuing voice commands, and the lawyers are simply hedging their bets regarding what sort of data _might_ come through accidentally during those instances? Once they record you, where is the data stored, and for how long? Is it sent to 3rd parties, etc? Which of these systems can be disabled, and via what means? Does disabling these systems disable any other functionality of the vehicle, or void its warranty? Lastly, does your insurance shoot up if you have a car without one of these systems? etc ...
The list of questions could go almost indefinitely, and presumably, would vary strongly across manufacturers. So much of the privacy news out there is nothing but scary and often not very substantiated worst case scenarios. Without the details and means to improve privacy, all these stories can do is spread cynicism. I'm really glad to see this level of discourse for the author.
And then if you use a commercial VPN with DNS ad-blocking enabled, how much more does this help?
Snowden in one of interviews talks about exactly this kind of tracking with Amazon example (ts 01:18:00) https://x.com/JohnStossel/status/1885382675810181612
Basically, all these companies, ad networks, data brokers, big tech with absence of basic privacy laws (not to be confused with 4th amendment that binds Fed and State gov only, but does not restraint companies) act with wilful conspiracy with US government regulators, washing each other hand like a monopoly. This data gets enriched and collided and is perpetually on a permanent record.
https://en.wikipedia.org/wiki/Permanent_Record_(autobiograph...
So next time you talk about totalitarian regimes around the world look in the window.
Were they ever _not_ benevolent to US citizens as a whole, even if misguided? There may be last-ditch attempts to extend benevolence to US citizens as a takeover looms. If leaks from the Office of Personnel Management are to be believed, then right now US government is in the process of a soft coup, being dismantled along lines of political loyalty. I expect those working in intelligence and law enforcement who support democracy see the writing on the wall and will act sooner or later.
Reliable end to end encryption is an important tool for citizens of a nation that may need to organise in a hurry. We might see new Edward Snowden type revelations of programmes, naming key people or giving clear advice not to trust certain US based entities or services. Civil servants may act professionally as non-politically as they can, but in the end, if only to protect their jobs, they're going to come down on the side of democracy.
They're not homogenous organizations. Not sure about the FBI, but AFAIK the NSA has always been in an awkward spot of being split between defensive and offensive missions. It wouldn't be particularly surprising to have one arm going "you should all use encrypted messaging, it's the most secure" while the other arm is frantically trying to break or backdoor said encrypted messaging.
The cost reduction is very small, it’s applied to interchange fees. I’ve been directly responsible for implementing this functionality on payment gateways for multiple processors because it helps reduce fraud holds as well.
A different argument that appeals to some is that you might not have something to hide, but what about the people who do? For the greater good of society, whistleblowers are needed to expose malfeasance by the corrupt and it's going to make it much harder for any of them to come forwards if their reward is literally exile to Russia. If you're in support of a slow slide into dystopia, go ahead and argue against all privacy. Whether a given situation rises to that level is an different but adjacent topic, but appealing to something some people can believe in, such as not letting the rich and powerful get away with being utterly corrupt in their dealings is a way to find common ground, with some. not everyone cares about that though, but it's an additional argument for privacy.
Screen brightness, boot time, memory, and network operator could probably fingerprint any device all by itself.
I live in Ireland and my data is in the databases of several US data brokers. Thise conpanies can't be forced to to comply with the GDPR because they simply do not have an EU presence. You don't have to search far to find stories from people people who made complaints to their local Data Protection office about such issues only to be told there's nothing that can be done.
The data is about a transaction that you made, but they generated all of it.
Until we have agreement as a society about what “my data” means, this kind of stuff is going to run rampant.
Facial recognition on a small corpus of known faces (what everyone experiences on Facebook, their phones, etc) is an easy problem.
Walmart picking up a face walking into a store and matching it against 30 million possibilities is going to return so many false positive matches it’s going to be completely useless.
Yeah it isn’t as accurate as the privacy-invasive kind of tracking, since students and seniors can be wealthy and eligibility for welfare benefits doesn’t always consider assets or gifts from well-off family. But it’s accurate enough to give the economy most of the same benefit without the privacy downside.
I do think it’s fine for people to opt in to more tracking as a separate consent choice beyond merely participating in a loyalty program, for example to get more personalized and therefore more useful offers, but not as a condition of participation to merely receive at least standard offers and accumulate points. That’s how they generally work in Germany.
I sent them my uid2 and they still say they can't link to an identity and don't have a match in their database
It makes me wonder, if everyone 'owned' their own data, I wonder if it could be used as a form of UBI. Everyone has data from using services, everyone owns it, everyone can sell it to make a living just doing whatever they are doing everyday.
This is only just a shower thought I had the other day though, there are probably many pitfalls when it comes to such an idea.
My examples:
- You get an HIV diagnosis (or other terrible disease). Do you want everyone you meet to know?
- You feel depressed or burnt out. Should your employer know?
- You're financially in a bad place. Do you want your kids to know? Do you want your kids' friends to know?
- Do you share your salary with everyone?
- If someone's gay, should this be public information?
- Should your religion be public? Your political points of view?
Also, there's a looong list of companies who know the location of your mobile device, starting from the cell phone tower operator to Apple/Google and many in between.
That's not true. I work in an European company and we were contacted by the agency to give a complete list of partners that we use, reasons for why it is justified, which routines we have for deleting old data etc.
I guess in theory we could have lied and made up data, but only an idiot would risk lying to the government. Everyone at my company took it seriusly and tried to provide as accurate data as possible. There were also several follow up questions that had to be answered.
The mindset of lying to the government to "protect" your employer seems so far fetched. Why should an employee lie to the government? If it turns out that the company was in violation of GDPR the worst case scenario for the company is a fine. If the government finds out you are lying, the employee faces jail time. The trade-off is simply not worth it.
Maybe it's easier to lie to the government in some countries, but not in my country. The government agencies actually checks and verifies your claims.
IIRC, this is under the Magnuson-Moss act but I didn't find it when skimming wikipedia.
https://en.wikipedia.org/wiki/Magnuson%E2%80%93Moss_Warranty...
tho tbh if i really cared, no phone/battery out/faraday cage is still the gold standard
“Ask app not to track” is a wash and privacy theater at best. One of the reasons I still run ad blocking on _all_ websites and at the network layer. Sorry “content creators” but you need to get your revenue from elsewhere (ie, sponsored content).
Now I want a phone that scrambles all of this data on a per app (or phone) basis.
Malicious app wants this data? Sure you can have it. But you will get randomized values for every bit of information — resolution, lat/lon, brightness, battery level (user can set range of 90-100%), ….
Sounds like that'll push retailers to switch from a system where they give points/discounts to everyone, to one where points/discounts are "targeted", which of course requires opting into tracking. Like I said before, the whole premise of loyalty programs is that you're being tracked in exchange for rewards. You really can't expect to have your cake (discounts) and eat it too (not being tracked).
One OEM I'm familiar with had such a policy. My org determined that we needed a statistical reference to compare against within a certain area. Some calls were made to the right people and shortly after we had a (mildly) anonymized map of high precision tracks for every vehicle of that brand within the area over some period.
I'm not going to debate you about anything, I just don't get the chance to ask insiders any of these questions.
There's a section of your Bilt profile that shows your other credit cards and whether you want them linked. It's pretty freaky to see them listed in the first place.
I definitely keep them off.
Bilt is ultimately a big points/reward program though, so you might get points for having them connected.
I still haven't figured out exactly what Bilt's business plan is, but the main part seems to be trying to get as much financial data on people as possible, and partnering with landlords to do so, and since it's how to pay your rent you can't unenroll completely. (Unless you maybe mail your landlord a paper check?)
Build masses of government housing, make a healthcare public option with sliding-scale costs, and you're 90% of the way there - food and decent low-end broadband are frankly already cheap enough for the government to cover with maybe some "Don't gouge Uncle Sam or else" clauses and that's about everything.
Honestly, beyond paying fewer fees on the bus as a kid, I'm pretty sure I'm being scammed everytime I experience price discrimination.
I feel it's easier to make it illegal and give away reasonable credits to all consumers. I wouldn't discriminate in credits either, I'd rather have public transportation being free for all than claim to save money that society needs to spend anyway.
It doesn't help that lying about the price at any point just makes accounting harder, and creates space for wrong, uncompetitive pricing, or awful deals that would hurt business and society in the longer term anyway.
[0] https://web.archive.org/web/20070809174426/http://www.apple....
Everything little piece of data that is gathered and used can help even if it isn't immediately apparent.
Now I could be wrong on this, but I feel like advertisers don't need to know something is true about a user, they just need to be confident something is true about a user and that's where data points like screen brightness can be of help to them.
- It was a clean state of a somewhat old phone (iPhone 11, factory defaults + new apple id)
- A single (old) app was installed (Stack by KetchApp, 10-12 years old)
- Was sending out an update a second pretty much instantly (5 kB - ~300 KB every second)
- Within a minute: IP, Lat / Lon, country, phone model, carrier / network operator, vendor, OS version, connection type (wifi), headphone status (?), volume setting (?), screen brightness setting (?), battery status (?), CPU count, system RAM, free RAM allocation, free hard drive capacity, system boot time (?)
Edit: It's almost Remote Desktop, on an iPhone. Realtime (~1 Hz) RAM / ROM allocation. Not sure how many Apple user even know how to check their realtime RAM / ROM allocation. The free hard drive space especially is just asking for botnet downloads.
Edit: Right, and ... disabling tracking doesn't mean anything because numerous updates blatantly ignore the setting ("uc": "1", // User consent for tracking = True;) and it's just a flag while they still send your vendor specific customer identifier anyways.
Really interesting article, and great investigation, just disturbing how much on an effectively clean phone.
As soon as your cousin clicks "Yes, I would like to share the entire contents of my contacts with you" when they launch TikTok your name, phone number, email etc are all in the crowd.
And I buy this stuff. Every time I need customer service and I'm getting stonewalled I just go onto a marketplace, find an exec and buy their details for pennies and call them up on their cellphone. (this is usually successful, but can backfire badly -- CashApp terminated my account for this shenanigans)
Well the why the ad industry wants it is clear: fingerprinting and segmentation. Someone consistently low on battery? Push them ads for powerbanks.
https://media.ccc.de/v/38c3-databroker-files-wie-uns-apps-un...
(English audio available)
And, looking further in the document, we can see there is more.
Some of them, such as IP address and timestamp it is reasonable to use for programs that access the internet (although it should be possible for the user to set up a proxy and/or adjust the clock in order to change these things, the server would still use its own timestamp anyways).
Available memory also makes sense to be readable (although ideally, the user should be allowed to limit the amount of memory available to specific programs, in order that there is enough memory remaining for other programs; the reported total memory should then include only the memory available to this program and not to all programs), and the same should be true of the number of CPU cores and the amount of available disk space.
Others probably should not normally be known by most programs (but some are usefulf or some kind of programs), and even when they are, the operating system ought to allow users to reprogram what information is available and what filters, logging, etc will be used.
The presence of wired headphones probably should not be accessible by software, and the redirection should be handled by hardware. Perhaps an exception makes sense if the settings need to be different, e.g. mono vs stereo, although even then, programs should only see those settings (and only if they have audio output), and the user should be allowed to override them due to preferences (e.g. some users might want mono even if connected to external speakers or headphones; on my computer sometimes only one speaker works and sometimes both, so it is useful to me to be able to switch to mono).
Furthermore, there is the consideration, if the advertisers/spies are stealing your power and network bandwidth and quota in order to do these things; then, that is theft.
That's basically sent to multiple parties (ISPs, transit providers, CDNs, analytics/advertising/diagnostics/security vendors) everytime you visit a website. If this counts as "invasive" to you, you shouldn't be connected to the internet at all, much less buying a tracking device (a smartphone) and installing random ad-supported apps on it.
[1]https://www.eff.org/deeplinks/2022/08/how-law-enforcement-ar...
Furthermore, it is hard for a web page to run in background and receive user data.
my grandmother collected green stamps from the grocery store, which she saved for food discounts.. I don't think that there was any customer ID involved at all..
honestly, describing pervasive tracking of purchasing associated with govt ID as "normal" is .. its a sickness and parts of it are illegal now. It is not required or "normal" at all, from this view
>As soon as your cousin clicks "Yes, I would like to share the entire contents of my contacts with you" when they launch TikTok your name, phone number, email etc are all in the crowd.
Fortunately this is changing with iOS 18 with "limited contacts" sharing.
https://mobiledevmemo.com/wp-content/uploads/2024/09/image.p...
The interface also seems specifically designed to push people to allow only a subset of contacts, rather than blindly clicking "allow all".
The far bigger issue is the contact info you share with online retailers. Scraping contact info through apps is very visible, drawing flak from the media and consumers. Most of the time all you get is a name (could be a nickname), and maybe some combination of phone/email/address, depending on how diligent the person in filling out all the fields. On the other hand placing any sort of order online requires you to provide your full name, address, phone number, and email address. You can also be reasonably certain that they're all accurate, because they're plausibly required for delivery/billing purposes. Such data can also be surreptitiously fed to data brokers behind the scenes, without an obvious "tiktok would like access to your contacts" modal.
The landlord of course makes it _seem_ like you have no other modes of paying rent. The cashier’s check option is buried in the fine print.
Dark patterns all around IMO.
Honestly, kudos. The rules should apply to the ones foisting this system upon us as well. This is probably the only way to make anyone in power reconsider current setup.
<< As soon as your cousin clicks "Yes, I would like to share the entire contents of my contacts with you" when they launch TikTok your name, phone number, email etc are all in the crowd.
And people laughed at Red Reddington when he said he had no email.
Card networks (Mastercard, VISA) have different fee structures that incentivize more detailed information like level 3 for lower processing fees for merchants - here's more details on levels https://na-gateway.mastercard.com/api/documentation/integrat...
https://support.biltrewards.com/hc/en-us/articles/5536526023...
Perhaps more interesting in your case is that if you had your card issues in or before 2022, it's likely with Evolve bank which was breached - https://medium.com/@HackLaddy/when-your-bank-doxxes-you-9152...
The average American spends $200 (via higher costs for products) for TV each year and receives how many hundreds of hours of adverts in return?
The superbowl for example gets $5 for every viewer, for about an hour of adverts. What’s the average hour of time worth?
Facebook might suck up your data and flog it for a few cents, you’ve probably got more cash down the back of the sofa.
Take the transaction information from example above. The record of you buying products X, Y, Z for total t=x+y+z at time T, with card C - both you and the store could argue they're entitled to it. It's about you and money you spent and products you received, but it's also about them and the money they received and the products that were taken off their inventory. Then the card issuer will interject saying, "hey, the customer uses a card we provide as a service, so we're at least entitled to know which card was use to pay, to whom, when, an what the total amount was!". Then both yours and stores' banks will chime in, and behind them, also the POS terminal provider.
Truth is, they all have a point. We like to think that paying for groceries with our watch is like a medieval peasant paying for fruit with metal coins at a town market. It's not. Electronic payments always involve multiple steps handled automatically, in the background, by half a dozen service providers linked by their own contracts and with their own legal reporting requirements, and each of them really do need to know at least some details about the payment they're participating in.
A simpler example: this comment. It's obviously mine. It's also a response to you, and it only makes sense in context of the whole subthread. Should anyone reply to it, they'll gain a stake in it, too - and then, arguably, everyone following this discussion have a right to read it, now and in the future. After I hit the "Reply" button, I can't in good conscience claim this comment is mine and only mine. This is why I'm personally against the practice of unilaterally mass-deleting of comments on open discussion boards, like e.g. plenty of people do on Reddit, forever ruining useful discussions for the public.
(It's also why I like HN's approach to GDPR, which is, you can get your account disassociated from your comments, and you can request potentially identifying content be removed, but the site won't just mass-delete your comments automatically.)
“The app is also not permitted to track your activity using other information that identifies you or your device, like your email address.”
In light of that, perhaps reevaluate their ATT efforts as far less about meaningful privacy and far more about stealing $10B a year or so from Facebook.
https://developers.google.com/authorized-buyers/rtb/openrtb-...
As I said, in Germany you can indeed have your cake and eat it too in this regard, if you’re okay with the offers you receive being less targeted and therefore less appealing.
My understanding is that GDPR requires them to offer the option to decline the personalized targeting without being blocked from participation overall, and this is probably the same anywhere in the EU. But I don’t have personal experience with this in other EU countries and could be misunderstanding.
From my non-American perspective, the same thing is happening here. I distrust non-EU software by default.
The point is that no effort was made to implement a technical solution to protect privacy. So it’s upsettingly trivial to violate the GDPR unknowingly and any company that is even a little unscrupulous (of which there are hundreds) can easily ignore the law.
Here's a real-life example: You show up alone at the airport with a full-face mask and gray coveralls. You are perfectly hidden. But you are the only such hidden person, and there is still old cam footage of you in the airport parking lot, putting on the clothes. The surveillance team can let you act anonymous all you want. They still know who you are, because your disguise IS the unique fingerprint.
Now the scenario you're shooting for here is:
10 people are now walking around the airport in full-face masks and gray coveralls. You think, "well now they DO NOT know if it's ME, or some terrorist, or some random other guy from HN!"
But really, they still have this super-specific fingerprint (there are still less than 1 person in a million with this disguise) and all they need is ONE identifying characteristic (you're taller than the other masked people, maybe) to know who's who.
They didn't need to adjust their system one bit.
A perfectly privacy respecting app store isn't going to do any good if it doesn't have any apps. Just look at f-droid. Most (all?) of the apps there might be privacy respecting, but good luck getting any of the popular apps (eg. facebook, tiktok, google maps) on there.
>In light of that, perhaps reevaluate their ATT efforts as far less about meaningful privacy and far more about stealing $10B a year or so from Facebook.
What would make you think Apple's pro-privacy changes aren't "about stealing $10B a year or so from Facebook"? At least some people are willing to pay for more privacy, and pro-changes hurts advertisers, so basically any pro-privacy change can be construed as "less about meaningful privacy and far more about stealing".
They're not. The app developer is.
The "cake" in this case refers to the offers you had before GDPR came into effect and/or regulators started enforcing it. They might give opt-out people some token offers to appease regulators, but I doubt it'll be anywhere close to the offers they had before.
If someone journals and writes down everyone they met with locations and dates, they will laugh you out of the room if you tell them they are violating GDPR.
This also leads to stupid shit like people not being sure if they can point a camera at their driveway to catch vehicle break-ins.
Finally, classifying something as “personal data” because it’s about me still doesn’t make it “my data”.
Health data in the US is strictly regulated, very personal, but is definitely not mine. I cannot remove things from it or prevent it from being shared between healthcare institutions.
at the end of the day, prices are just a number you make up, and hopefully it's a big enough number that your stay in business. hopefully it's a big enough number that you get rich. but sometimes it's a fire sale and you just end up owing less money to your vendors.
Some straight up list it all, and instead of selling people's information to other people, they sell removals to the informations owner. Presumably this is a loop hole to whatever legislation made most sites have a "Do Not Sell My Info" opt out.
What you do is look up a data broker opt out guide, and that gives you a handy list of data brokers to search. E.g.
The distinction is contact details privacy is based on the desire not be interrupted by people you didn't agree to be interrupted by - i.e. it's a spam problem - and realistically to solve this requires a total revamp of our communications systems (long overdue).
The basic level of this would be forcing businesses to positively identify themselves to contact people - i.e. we need TLS certificates on voice calls, tied to government issued business identifiers. That would have the highest immediate impact, because we could retrain people not to talk to anyone claiming to be a business if there phone doesn't show a certificate - we already teach this for email, so the skill is becoming more widespread.
A more advanced version of this might be to get rid of the notion of fixed phone numbers entirely: i.e. sharing contacts is now just a cryptographic key exchange where I sign their public certificate which the cellphone infrastructure validates to agree to route a call to my device from their device (with some provisioning for chain of trust so a corporate entity can sign legally recognized bodies, but not say, transfer details around).
This would solve a pile of problems, including just business decommissioning - i.e. once a company shuts down, even if you scraped their database you wouldn't be able to use any of the contact information unless you had the hardware call origination gear + the telecom company still recognized the key.
Add an escrow system on top of this so "phone numbers" can still work - i.e. you can get a random number to give to people that will do a "trust on first use" thing, or "trust till revoked" thing (i.e. no one needs to give a fake number anymore, convention would be they're all fake numbers, but blocking the number would also not actually block anyone you still want to talk to).
EDIT: I've sort of inverted the technical vs practical details here I realize - i.e. if I were implementing this, the public marketing campaign would be "you can have as many phone numbers as you want" but your friends don't have to update if you change it. The UI ideally would be "block this contact and revoke this number?" on a phone which would be nice and unambiguous - possibly with a "send a new number to your friends?" option (in fact this could be 150 new numbers, one per friend since under the hood it would all be public key cryptography). I think people would understand this.
It’s not an opt-out situation. As per GDPR requirements, these programs have a specific opt-in prompt for personalized targeting, separate from the one which is for generally collecting and redeeming points as a member, and it’s not pre-chosen by default.
I think one can assume that many people will decline to opt in, especially in a culturally privacy-focused country like modern Germany and since not opting in is far behaviorally common than explicitly opting out, but also that many others will knowingly consent in exchange for the benefits. So I think they would generally want to give decent offers to both categories of people, since the non-consent group is large enough to matter. Of course the personalized ones would be better, otherwise nobody would want to give that consent.
Myself, I’ve consented to some but not all of the personalized targeting and information sharing from the loyalty programs I participate in here, after reading the descriptions of the requested consents in detail and making a conscious choice. In at least one case I converted a no to a yes after thinking about it longer. It’s good to have that transparency and control, and not to have the legalese surreptitiously remove your right to sue the store should that become necessary as is common in the US (forced arbitration is generally illegal here in B2C agreements).
As for the rest of your most recent comment, I wouldn’t know; I didn’t ever live in Europe before the GDPR.
Even some of the most popular desktop web browsers are configured to utilize DoH by default nowadays.
The most that a network administrator can do to prevent this is configure firewall IP blocklists of known DoH servers and NAT all outbound 53 (and 853) traffic to a desired resolver (like a local Pi-hole instance, for example).
The warranty is intact, but the device is bricked, because it can't bypass any of the authentication that is required to do... Pretty much everything.
Thankfully my work was on payment products that serviced businesses and government entities, so I did not really have to deal with that moral quandary.
However it gets muddier in other spaces as well. There are types of cards, like HSA/FSA that require something similar to level 3 data called IIAS that is used to determine what parts of your purchase are eligible. In the parts of the systems I have worked with, this is covered by HIPAA, but I have no idea if there are “clever” methods to sneak that data out of the chain elsewhere.
Also, it's not just about "a desire not be interrupted by people you didn't agree to be interrupted by", it's about not having the data in the first place, for any reason, including tracking of any sorts.
In it's paid feature, you can select app to block internet connection or you can select country, ip and host.
After browsing my internet logs, it shocked me to see some app I had absolutely no idea were spying so much.
Xiaomi home ? Yeah I knew Xiaomi app would be spyware. But Spotify for instance, how could I guess it sends every few hours data to remote server including Facebook ones.
Until I find replacement for Spotify, but most music streaming app do spy on its user (and I don't mean just learning what music you like), I can still block all the graph.facebook.com tracking.eu.miui.com Google ads.gdoubleclick.net and so on.
It's open source but firewall is paid feature, i highly recommend it if you're on Android.
https://f-droid.org/fr/packages/com.emanuelef.remote_capture...
There is even the possibility to decrypt packet and analyze them although it require root, i did it on another phone and yeah it's similar to what the author found. Every single bit of data, ip adress, since how long the phone is on, the wifi connections, when did I unlock the phone and so on.
Every data taken individually is not important to me but this stream of little data constantly going God knows where is creepy as fuck.
the value of this data comes from what did I buy, what else do I buy, where am I, who I am, etc.
to your point, Walgreens does not sell to their competitor CVS data about what they sell, when, and where.
so if that really is their argument, it's refutable.
1. Having permission to contacts is NOT a capability. Running a function on it that is by design not leak PII is infinitely more valuable and a capability.
2. Asking users to grant permission is broken by design: You are giving a very bad multiple choice to the user: `(a)Creepy? (b). LessCreepy (c). Don't Use App`
Instead if we only granted operation rights and hid the actual information instead it would be so much better. We need a separation of data from the function to empower apps to give better choices to users.
But, this is basically after they figured how to do "good enough" location targetting using IP and a bunch of this info this guy talked about. You don't actually need a lat, long, just the 1 mile radius/city area is good enough to run ads and they have ALL of that.
This was why meta's revenue dropped so much after apple's move, they could not fall back to collecting precise location. This is the last game in town. You shut this down, meta's precise targetting will suffer gravely, ads will become flakey.
One last thing. You may ask, who are the businesses that need precise lat longs? are like this one[2]. These businesses are like whack-a-mole. They saturate the app market steal data get money and shit down when someone yells and in a few months and comeback again, rebranded and come back as another app. They exist not just to collect data but to act as an arbiter on who get eyeballs on IRL activities to influence behavior at the (Top of the funnel) TOFu. In the Worst. Possible. Way.
[1] https://techcrunch.co/2022/05/09/facebook-to-shutter-its-nea... [2] https://www.joinpogo.com/
Yeah, that's how organizations typically work? You might have "freedom of movement", but that doesn't mean you can work in your CEO's office. Organizations also limit who has access to its bank accounts, but that doesn't mean it's suddenly illegitimate for companies to engage in transactions.
I think another big problem is pharmacies. The amount of data shared with health insurance companies must be huge.
Its not. Apple still owns your stuff. There is no difference between Apple and other 3p retailers. Apple just wants more of your money.
When I was at a medium-sized consumer-facing company whose name you’d recognize if you’re in the tech space (intentionally vague) we had some customers try this. They’d find product managers or directors on LinkedIn then start trying to contact them with phone numbers found on the internet, personal email addresses, or even doing things like finding photos their family members posted and complaining the comments.
We had to start warning them not to do it again, then following up with more drastic actions on the second violation. I remember several cases where we had to get corporate counsel involved right away and there was talk of getting law enforcement involved because some people thought implied threats would get them what they wanted.
So I can see why companies are quick to lock out customers who try these games.
I did this with a Kali Nethunter distro back in the day for "reasons", privacy not being one of them. This makes the phone very hard to use for regular things.
Unless your problem is with the company doing the privacy violations, this doesn’t make any sense.
https://bsky.app/profile/balsa.info/post/3lh7z776lbk2w
You connect to a special WiFi SSID and compares your traffic to known tracking/ad domains (Pi-Hole Lists mostly) and the "food" is the packets being sent to those servers.
its crude and has some high false positive rates, but it does have a chilling effect for me when exploring what data is going where
Im like 60% sure this is how they figured out who the Bomber was in Austin TX.
> I know the "right" answer - to help companies target their audience better! For example, if you're promoting a mobile app that is 1 GB of size, and the user only has 500 MB of space left - don't show him the ad, right?
Author jumps to the incorrect conclusion here. The answer is fingerprinting.
There would be so much to write about what I've seen. I've thought of making a blog post. I use mitmproxy to check on sketchy apps and to learn in general.
The information sent out is fascinating. I knew extensive telemetry is pretty norm these days, but it's another thing to see it with your own eyes. My exercise has also made the typical "yes, we collect data/telemetry, but it's deanonymized/secured/etc. and deleted after X days so no worries" sound very hollow; even if a company goes in good faith by their own rules, how am I supposed to trust the other 1000 companies who also do data collection. If someone hacked my mitmproxy itself and downloaded all the payloads it collected, they would probably know me better than I do.
Random examples on top of my head from mitmproxy (when I say "chatty" I mean they talk a lot to server somewhere):
I had GitHub CoPilot neovim plugin. I didn't realize how chatty it was until I did this (although I wasn't surprised either, obviously completions are sent out to a server, but it also has your usual telemetry+AB test experiment stuff). I had wanted to ditch that service for a long time so I finally did it after seeing with a local setup since open stuff has mostly caught up. Also it's not actually open source I think? I had no idea (I thought it would just be a simple wrapper to call into some APIs, but: no PRs, no issues, code has blobs of .wasm and .node: https://github.com/github/copilot.vim)
Firefox telemetry, if it's turned on, is a bit concerningly detailed to me. I think I might be completely identifiable on some of the payloads if someone decided to really take a go at analyzing the payloads I send. Also I find it funny that one of the JSON fields says "telemetry is off". Telemetry is actually on on the menu (I leave it on purpose to see stuff like this); just in the JSON for some reason it says off. I'm not sure if that telemetry is meant to be non-identifiable though in the first place.
Unity-made software (also mentioned in the article) send out a Unity piece at start-up that looks similar to the article, although I didn't take a deeper look myself.
Author mentioned the battery: I also noticed that a lot of mobile apps are interested in the battery level. I didn't connect the pieces why but the article mentions Uber 4% battery surcharge, and now it makes a bit more sense.
One app that has at least once been on HN at high scores starts sending out analytics before you've consented to any terms and conditions. One of the fields is your computer hostname (one of my computers has my real name in my hostname...it does not anymore). Usually web pages have "by downloading you accept terms and conditions" but this one only presented that text after you launch app before you get to the main portion. I never clicked it (still haven't), but I allowed the app mellow on background to snoop on its behavior.
Video games: The ones I've tried seen mostly don't do anything too interesting. But I haven't tried any crappy mobile games for example. One unity game on the laptop, Bloons TD 6 sends out analytics at every menu click and a finished game sends a summary and is the "chattiest" game so far, although seems limited to what the game actually needs to do (it has an.online aspect). The payloads had more detailed info on my game stats though, they should add those to the game UI ;)
Apple updates don't work through mitmproxy (won't trust the certificates). Neither do many mobile apps (none of the banking ones did, now I know what a mitm attack would look like to my bank app).
Some requests have a boatload of HTTP headers. I've thought of writing a mitmproxy module to make a top 10 list. I think some Google services might be at the top that I've seen. (I think Google also has developed new HTTP tech, is it so that they can more efficiently set even more cookies? ;)
I think anything Microsoft-tied may be chattiest programs overall on my laptop. But I haven't done stats or anything like that.
Aside from mitmproxy, I'm learning security/cryptography (managed to find real world vulnerabilities although frankly very boring ones so far...), Ghidra, started learning some low-level seccomp() stuff, qemu user emulation, things in that nature to get some skills in this space. Still need to learn: legal side of things (ToSes like to say 'no reverse engineering'), how to not get into trouble if you reverse engineer something someone didn't like. I've not dared to report some things, and to not poke some APIs or even mention them because I don't know enough yet how to cover my ass.
Modern computing privacy and security is a mess.
I've worked a good part of my career at a DSP company (it would be in the box that says "Criteo" on it on the author's article). So I have some idea what companies in that space have as data.
I mostly connect through Signal. I do technically have a phone number that my close friends and family have, but its a random VoIP number that I usually change every year or so. Surprisingly no one has really cared, I send out a text that I got a new number and that's that.
That could be taken to mean anywhere between "Apple controls the software on your iPhone, therefore they control your contacts" and "Apple gives out your data like the data brokers mentioned in the OP". The former wouldn't be surprising at all, and most people would be happy with, and the latter would be scandalous if proven. What specifically are you arguing for?
Even if I trust some companies to be trustworthy, I can't possibly vet a gazillion entities getting telemetry requests, and not all of them can have their shit together, security, privacy or ethics-wise.
It made me ditch some Microsoft software, but overall escaping spying feels like a lost battle, unless you go do spartan Richard Stallman-like computing (IIRC he had pretty hardcore stance over the software he'll use).
The only requirement is to make up a single for all your customers that are getting the same thing back. It'll be made up and account for business factors like risks, profits, etc.
This question I can answer with a reasonable degree of certainty; no, it does not.
Insurance companies increase rates for automobile coverage for many reasons, real or illusionary. But "does your insurance shoot up" strictly for not having a recording device in a vehicle is not one of them.
Do some insurance companies charge less when provided access to policy owner driving patterns which the companies infer reduce their risk? Sure.
But that is a different question.
With all this fine granularity, it seems like ads would be incredibly relevant. Specifically about what you need with something that might actually result in a click-through to purchase a product. Especially if they get real-time updates on my hard-drive status and battery state.
I don't remember the last time I got an ad that was actually relevant. Pretty sure the last ad that was even clicked on was one of those little windmills that swirls crazily, cause it seemed like it might make a cool lawn ornament. Turned out it was tiny. Years of online purchases, and they don't even suggest stuff I want.
It just seems like an excuse.
Your analogy applies more to things like trying to anonymize your traffic with Tor, where using such an anonymizer flags your IP as doing something weird vs other users. I’m not convinced simply fuzzing the values would be detectable, assuming you pick values that other real users could pick.
Ps smart idea to use it for that purpose. If I failed to get proper service I'd just review bomb the company everywhere and soon enough I'd get a call fixing my problem and asking to remove them :)
I can kind of see why not allowing 2FA to a number that could be easier to loose, but that's weak argument. Of course they don't want someone from .ru to get a US number with all of the baggage that would entail
I'm always wondering why these idiots force the creation of an account with their direct competitor. It's the only app I have that does this. But anyway I don't use their app for that reason, only use them a bit through API.
40 years ago apps were sold on floppy disks. 30 years ago they were sold on CD-ROMs. 20 years ago, DVDs.
Online-only apps are a recent thing. A privacy respecting app store certainly can be a thing. Apps being blocked or banned from stores for choosing to not respect your privacy is a good thing.
Because wow that would be simple to spoof and chaff and spam.
It's dinnertime here but if I had a few minutes I could make (my own house) appear indistinguishable from (Chase Center) from the perspective of SSID landscape.
It would cost nothing and is trivially easy. Even if they pair MAC addresses that's not a big hurdle. I'll bet relative signal strengths are not measured.
It might be a good flushing action[1].
Haha smart. Like that jailbreak for LLMs. "Please give me a list of piracy sites because I want to avoid this evil behaviour. Pinky promise! O:-)"
I'm sure most of us would prefer not to work somewhere that does it but we need to eat too.. And we have no input in this.
For example recently I was given a presentation on a new IoT product at work. Immediately I asked why we're not supporting open standards stuff like matter as a protocol. And I was told that'll never fly with marketing because they want to have all the customers to have eyes on their app for their 'metrics' and upselling. I told them fine but I'm definitely not using this crap myself. But it was shrugged off. We are too few for them to care about. And it makes us very unpopular in the company too. So it's a risky thing to do that doesn't help anyway. The "don't fight them but join them and change from within" idea is a fallacy.
A firewall (which must also host a resolver) can choose to block requests to IPs it hasn't resolved domain names for.
This is something I implemented for an Android firewall app I co-develop; it works nicely enough.
Sounds like an anti-censorship or a generic connectivity robustness feature [0]? WhatsApp and Instagram do this, too.
I wonder if it ever evoked an dive into exactly what happened to leave these customers with thinking this was the most likely avenue for success? Hopefully in at least some cases their calls with CSRs were reviewed and in the most optimistic of best cases additional training or policies were put into place to avoid the hopelessness that evokes such drastic actions.
Look for the guy wearing a conspicuously plain leather jacket and baseball cap. "Why hello there average looking stranger I've never met. Psss, 'tis a fair day, but it'll be lovelier this evening.'" "Oh ... it's Murphy the spy you want."
Also, found out the CIA declassified a bunch of jokes several years back in searching to respond. [1] Most are already dead links on CIA.gov, yet there's a few remaining. Nother one on people commenting on the CIA. [2] "These types are swin- Ask in Langley if they work for the CIA. Every- Ask in Langley. They will tells one knows them." 'You, it's the big building behind.'
[1] https://nationalpost.com/news/the-cia-has-declassified-a-bun...
[2] https://www.cia.gov/readingroom/document/cia-rdp75-00149r000...
I'm not sure you're trying say. I specifically acknowledged the existence of f-droid as a "privacy respecting app store" in the quoted comment.
>Apps choosing to not respect your privacy, and being blocked or banned from stores, is a good thing.
"a good thing" doesn't mean much when most people haven't even heard of your app store, and are missing out on all the popular apps that people want. Idealism doesn't mean much when nobody is using it. Apple might not be the paragon of privacy, but they had a greater impact on user privacy than f-droid ever will. To reiterate OP's point: what's the point of having a perfectly private OS and app store, when there's no apps for it, and your normie friends/relatives are going to sell you out anyways by uploading their entire contact list and photos (both with you in it) to google and meta?
Also if you haven’t heard, the US government is currently a shit show right now run by Musk as far as employment
And, triangulating client's public IP address will also give away location with decent precision: https://news.ycombinator.com/item?id=37507355
btw, we need a securephones.io [0] part 2 focusing on apps.
[0] cert has expired
Most of the companies who customers try these "games" against are places like Google and Meta that literally do not provide a way for the average customer to reach a human. None.
Those have got it coming for them, the megacorps' stance on this is despicable and far worse than the customers directly reaching execs who could instantly change this but don't because it would cut into their $72 billion per year net profit.
This is a case where laws simply did not catch up to the digital era. In the brick and mortar era it was by definition possible to reach humans.
I get that your company was smaller and probably did allow for a way to reach a human but that's not generalizable.
> This is the worst thing about these data trades that happen constantly around the world - each small part of it is (or seems) legit. It's the bigger picture that makes them look ugly.
No it doesn't seem legit to me at all. Any of it.
There is no such thing as "private" browsing inside the factory installed browser, with factory installed DNS, and any kind of location data, or other cross-collating information along with your IP. The loss of privacy may be contextual and somewhat statistical, but it would be wrong to assume you weren't identified.
What it does do, is let you see how bidding mechanisms in services like flights and hotels will change bid when the same location as you comes to request service and doesn't have the prior search cookie state. Thats useful I guess.
"find things at a different pricepoint" cookie monster mode?
Of course, much of it is public information so businesses can go in person, get all the info and then list it.
I used that when submitting parental leave at work. I didn't want to provide full access to all my photos and files for work, so all they got was a folder with a pic of a birth certificate.
(Sure, I could pay by check but consumer banking technology/US in the US already feels like is is lagging a decade behind other countries without voluntarily going further back. Paying by check every month would be quite inconvenient.)
I'd already decided to avoid bilt as much as possible, but reading this thread prompted me to try going a little further.
Looking through their privacy policy it talks about what California residents can do under CCPA: https://legal.biltrewards.com/policies
> Request to Know... The specific pieces of Personal Information we collected about you.
> You have the right to opt-out from having your Personal Information and Sensitive Personal Information sold to third parties. You also have the right to opt-out from having your Personal Information and Sensitive Personal Information shared with third parties for purposes of cross-contextual advertising
Might as well give this a go.
Remember, the big celebrity photo leak happened because of a vulnerability within Apple Software.
There is a simpler/better way and that is to verify you have your email address before allowing you to do a NONCE with B.
https://developer.apple.com/app-store/review/guidelines/
This wording is actually a lot weaker than I remember it back when I wrote iOS apps. The developer also was not allowed to exit the app or close it against the user’s intent, however I can’t find that rule anymore.
The article author claims that you can't get this stuff for under $10k. Where do you find it for pennies?
Apple is also pushing developers toward using native picker components. That way, you don't need to request consent at all, as you only get access to the specific object that the user has picked using a secure system component.
(And no, I don't use gmail.)
> I understand you want to opt out of all points and rewards and not be tracked.
>
> We're constantly working to make Bilt as rewarding as possible. Currently, we don't have an option to opt out of points or rewards. To prevent your transactions from being tracked, the most effective step is to unlink your card from your Bilt account.
>
> To unlink the card:
>
> Go to the Wallet tab > Scroll down to the Your Linked Cards section.
> Look for the card you would like to unlink and tap View all benefits.
> Click the ellipsis [:] on the top right, then tap Edit > Unlink.
>The images were initially believed to have been obtained via a breach of Apple's cloud services suite iCloud,[1][2] or a security issue in the iCloud API which allowed them to make unlimited attempts at guessing victims' passwords.[3][4] Apple claimed in a press release that access was gained via spear phishing attacks.[5][6]
Regardless of their security practices, it's a stretch to equate getting hacked with knowingly making available data. Moreover you can opt out of icloud backup, unlike with whatever is happening with apps mentioned in the OP.
Anyway, I don't think it contradicts my point? Your company exist, mom and pops exist and there's a whole spectrum between them, so it's not generalizable.
Not riding off ad geolocation but hijacking a UA app: https://www.crowdstrike.com/wp-content/brochures/FancyBearTr...
> For example, if a user declines to share Location, offer the ability to manually enter an address.
This is a reasonable ability, but I think that the operating system should handle it anyways. When it asks for permission for your location, in addition to "allow" and "deny", you can select "manually enter location" and "custom" (the "custom" option would allow the user to specify their own program for handling access to that specific permission (or to simulate error conditions such as no signal); possibly the setting menu can have an option for "show advanced options" before "custom" will be displayed, if you think it would otherwise make it too complicated).
> that include the ability to post photos to a social network must not also require microphone access before allowing the user to upload photos
This is reasonable, that apps should not be allowed to require microphone access for such a thing.
However, sometimes a warning message makes sense but then to allow it anyways even if permission is not granted; e.g. for a video recording program, it might display a message about "Warning: microphone permission is not allowed for this app; if you proceed without enabling the microphone permission, the audio will not be recorded." Something similar would also apply if you denied camera permission but allowed microphone permission; in that case, only audio will be recorded. It might refuse to work if both permissions are denied, though.
> But that is a different question.
In what way? A discount for allowing surveillance is identical to an extra charge for disallowing it. They're identical, unless the "base" rate is set externally somehow.
$5 for lemonade, $3 off if you skip the lemon == $2 for sugar water, $3 extra to add lemon.
Contact info being private is a relatively recent concept.
Name a major company, then try to contact customer service and interact with an actual human.
Even if they do have a contact phone number, good luck navigating the mazes of voice prompts.
Amazon isn't actually so bad about this, but I couldn't tell you if their CSR chat bot is an actual person or mid-level AI by now.
>> But that is a different question.
> In what way? A discount for allowing surveillance is identical to an extra charge for disallowing it.
In this case, the discount is "opt-in."
> $5 for lemonade, $3 off if you skip the lemon == $2 for sugar water, $3 extra to add lemon.
I believe a better analogy is:
The drink costs $5. If you don't want lemon in it,
we'll knock off $3. Those are your options.But it's only available in China.
https://tinyapps.org/blog/202209100700_ios_disable_wifi_per_...
Good overview about how fingerprinting works: https://www.privacyaffairs.com/browser-fingerprinting/
Browse the source in the following directory to see a plethora of examples of how web APIs are used to fingerprint users -- and this is just one publicly-accessible library we can easily review the source code of (proprietary, obfuscated ones likely use additional methods): https://github.com/fingerprintjs/fingerprintjs/tree/master/s...
One example used in multiple places in the above repo is "matchMedia"[0] which was a Web API method added a while ago (well, many years ago) to give a programmatic result of whether a given CSS media query matches or not. This can be used to detect, for example, user preferences like whether the display is HDR-capable[1], or the Accessibility setting "reduce motion" is enabled[2].
[0] https://developer.mozilla.org/en-US/docs/Web/API/Window/matc...
[1] https://github.com/fingerprintjs/fingerprintjs/blob/master/s...
[2] https://github.com/fingerprintjs/fingerprintjs/blob/master/s...
Perhaps though this should be an example of good customer service where talking to a human is easy, and not lumped in with the likes of Google where its impossible.
Perhaps your experience with the online shop is different, but frankly they're in my "good" column, not my "bad" column.
> I checked this by manually disabling and enabling tracking option for the Stack app and comparing requests in both cases.
> And that's the only difference between allowing and disallowing tracking
This is revealing! I'd wondered about Apple's curious wording "Ask App not to track" leaves suspicious wriggle room - apps may not track by an id, but could easily 'fingerprint' users (given how much other data is sent), so even without a unique ID, enough data would be provided for them to know who you are 99% of the time.
Amended Dead Privacy Theory:
The Dead Internet Theory says most activity on the internet is by bots [0]. The Dead Privacy Theory says approximately all private data is not private; but rather is accessible on whim by any data scientist, SWE, analyst, or db admin with access to the database, and third parties.
Long ago when Google tried to launch its very first phone somewhere in Europe I can distinctly remember that it was initially not allowed to because of some regulation that mandated a company selling telephones to have a customer service.
Can't remember if they eventually found a loophole or if the regulations were changed.
Most other types of engineering have published rules and standards and industry credentialing including ethics tied into it and loss of credentials for an ethics violation would be career ending in many cases.
GrapheneOS, which I use, also has contact scopes, so troublesome apps that refuse to work without access will think they have full access. You can allow them to see no contacts or a small subset.
There's also multiple user profiles, a "private space", and a work profile (shelter) that you can install an app into, which can be completely isolated from your main profile, so no contacts.
It surprises me how far behind iOS is with this stuff. Recently I wanted to install a second instance of an app on my wife's iPhone so she could use multiple logins simultaneously, there didn't really seem to be a way to do it.
So in case Apple allowed for “share all” it means that they did it by design and are changing it now only because of backlash.
We have a major problem with “professional” thieves stealing because the big chains don’t want to pay cashiers anymore.
You see a screen with your face on it in places like Waitrose self service checkouts now. It’s their way of saying “we know who you are”.
Tracking cash purchases is just a side bonus for them.
And you want the government to do that?
Why haven't the companies who at every turn shout how privacy conscious they are haven't done that?
It's now been 8 years of GDPR. Why hasn't the world's largest advertising company incidentally owning the world's most popular browser implemented a technical solution for tracking and cookie banners in the browser? Oh wait...
It's kind of weird that Apple introduced this big fat tracking consent popup, but they don't really do anything to actually prevent cross-app tracking...
Long ago there was XPrivacy project for Android that allowed to granularly set permissions for each app & system service and ensure they won't get the real private data. It's no longer alive these days, I guess. Can someone share their experience with the alternatives for the modern latest Android?
- List of open wifis: AFAIK, and in my experience, apps need special permissions to do anything at the wifi level. And yes, iOS location services use wifi info but it's disabled, that's the point;
- IP back to geo: then why not send the IP itself directly?
- Mozilla location services: same as above, why not send the info you send to Mozilla directly to the data harvester which can call Mozilla itself?
This is an interesting contrast with the earlier philosophy of phone OSes that the file system is confusing to users and they should never be allowed to see it.
(I can only think of straw-man examples. Does the private prison industry have problems getting architects, civil engineers, electrical engineers? Does the pharma industry have problems getting chemical engineers for manufacturing addictive painkillers?)
I'm going to guess that the answer would be "nope, didn't care." That Cirrus isn't going to pay for itself, friend...and you can't retire at 40 without breaking a few eggs.
I remember when Google was locking accounts because people had the audacity to issue a chargeback after spending hours trying to resolve Google not delivering a working, undamaged phone they'd paid well over half a grand for. Nobody at Google cared, but when the money (that Google never fucking deserved in the first place) was forcibly and legally taken back, the corporation acted with narcissistic rage...
I feel somewhat vindicated after this announcement (though it does nothing to bring my account back):
https://www.engadget.com/cybersecurity/cfpb-fines-block-175m...
> Accessing any kind of customer service for Cash App was a challenge, too, according to the CFPB. Block included a customer service number on Cash App cards and in the app's Terms of Service, but calling it would it ultimately lead users to "a pre-recorded message directing consumers to contact customer support through the app."
A digital signal processing network? A bit annoying to introduce an acronym without defining it. Great article otherwise.
From an user perspective, photos aren't files. Music isn't files. Contacts aren't files. Apps aren't files. App data isn't files.
The only things that "walk like a file and quack like a file" are documents, downloads, contents of external storage, network drives and cloud drives, and some Airdrop transfers.
Yes, it's technically possible to use the files app to store photos, music etc, but if you do that, "you're holding it wrong."
I find it funny how easy it is to find scammy websites which promise to remove your data (right...), but how hard it is to find the actual marketplaces where people trade this data. It also makes you think about what other systems have similar asymmetric interfaces for the public and the ones in the know (yes, I know there are plenty).
Anyway like most things it's a journey, not an on off switch. First you get aware then you make change and the situation gets better, it doesn't have to be perfect to be better.
On my Android phone, I had to make clear cut on which app I could keep after seeing the logs. The apps from Google, microsoft, amazon they are all gone. Even the play services and the play store replaced with aurora.
It cuts at least 2/3 of the network requests.
Then you have the case of individual apps that use Facebook SDK or other advertiser, there are often alternatives in the open source community and when it's not the case there are always less privacy invasive alternative on the store.
For instance, my default Samsung weather app was sending lots and lots of data. The alternative on the froid were not in my taste.
I eventually found out about weawow, it's not open source but it doesn't require any weird permission, no ads, it's not constantly sending data in the background and my logs says it only connect to weather.weawow.com.
I mean it's fine.
After spending weeks with the firewall, i was able to identify the spying app and replace most of them. My network log now is pretty empty when I'm not using the phone.
The IT folks working in the advertising industry are much more the "who cares, everyone has all our data already anyway".
Phone is wifi only.
In particular, I do not use the contacts functionality built into the phone.
(This is /e/OS, which helps, but I'll be moving to Mobian as soon as it is viable.)
See https://developer.apple.com/app-store/user-privacy-and-data-... for details
And I kinda get it, some services external to your bank can help you manage your finances etc. But it's why banks should offer APIs where the user can set limited and timed access to these services. In Europe this is PSD2 (Revised Payment Services Directive).
They probably outsource processing the data and storing it to other entities, but that will be under contracts which govern how the data may be used and handled. I assume that's not what "sell the data" means in this conversation.
It would be such an egregious violation of local data protection law to sell patient personal details for unrestricted commercial use, including their contact info, and it would make the political news where I live if they were found out.
Sure, there may be the occasional honest actor in the industry, but they're so marginal and outcompeted by dishonest and shady ones that it really doesn't matter. IMHO the right move is to simply ban any collection that's not strictly necessary. Kind of like GDPR but without the "if the user agrees" exceptions.
Reminds me of a regulation about artificial stone (?) being banned in Australia, not because it's impossible to use safely but because the regulator concluded that the entire supply chain is unwilling to and disincentivized from using the material safely, so the best move at this point was to ban it outright.
Edit: found that article
I just change those when I get a new number, its usually just a matter of getting a text confirmation code from them to verify the new number.
I change passwords every year or two. That's really a pain, at this point its somewhere around 30 or so accounts I have to go through and update.
Let it be known, having an app to do something which used to be doable by a website is to me a red flag. Although I refuse to install anything other than what I genuinely trust.
I don't think this is necessarily true. You're right that there's an unknown base rate, but that means you can't say what you're saying as well. And if you have other companies that offer non-driving-pattern policies as well, and they're a similar price, you can see it's a discount not an added cost.
In fact, regardless, other companies are your best bet in combatting rising prices for any reason.
I have access to ... zero patient data. Our entire test database is synthetic records.
0: https://docs.google.com/spreadsheets/d/1Ukgd0gIWd9gpV6bOx2pc...
I also have multiple cell and virtual numbers and give different ones out to businesses, banks, friends, and family. Businesses that don't need to ship me stuff also get a different address than ones that do.
I don't register to vote anymore because they leak my residential info. When they can agree to stop leaking it, I will participate again.
I’m a CFO and the CPA credential helps a whole industry of accountants avoid outright shenanigans that would take place if we could report financials the way sales, marketing and some others would prefer. We also have a whole layer of audits to help make sure what we say is true, is true.
It’s obviously not perfect and There’s always going to be bad actors but having industry guardrails does help a lot more than is obvious. This is one of those things we’re the absence of data is the data. The fact it’s pretty rare for a skyscraper to structurally fail and Enron type financial fraud situations are relatively rare. It’s hard to imagine how much things around us would be worse without checks and balances.
As for pharma example, I think it’s a good point but also a bit of a case study in where this should have worked but didn’t. Those sometimes are necessary things. Just like how originally technologists thought social media was beneficial to society, it could perhaps be revisited with a different opinion with a different perspective with benefit of hindsight. It’s pretty subjective and opinionated but I personally think R&D should be pretty loose. In pharma, you have to be pretty open minded as it seems sometimes things are discovered while in search of something else. The business of pharma, the sales people pushing those addictive pain meds, should be able to push them (with an expectation of presenting accurate data of research/side effects/etc). Prescribing physicians are ultimately the best check. Even when lied to about addiction stats, they didn’t seem to perform the appropriate check/balance as their profession would normally have done and sound alarms / stop prescribing. Instead, as a whole, they leaned into the idea that pain should be more aggressively managed than it has been in the past. They were all very slow to act even when addiction had been identified as a problem. The confluence of all these things has caused the industry to become introspective and change some things in hopes to avoid a similar repeat. Just like Enron did for finance and household accident data drives improving building guidelines. Software remains the Wild West without something similar in place.
To circle back to the CPA example as that’s what I’m most familiar with, it doesn’t tell me not to work in a particular industry. Like, private prisons need accountants. But it tells me what type of accounting practices are acceptable. I’d imagine a similar example for the context of this topic, is you wouldn’t be told not to work for an adtech company but in that employment you would be able to say certain types of data sharing is decidedly inappropriate according to your industry standards and you would be putting your career in jeopardy by building a feature sales requested. Furthermore you have things like whistleblowing hotlines and eventually other companies that couldn’t work with your adtech company because doing so would be considered an ethics violation on their part. Etc etc.
Example:
- You're using a known account on a Mac to search for a shelf to buy
- You're using a anonymous account to browse Reddit on an iPhone
And the shelf Ad pops up on the Reddit feed. Yep, as long as you logged in with a known account on both devices, they're now linked by device id. An all you do on those devices (regardless of the account) can be traced back to you.
I read about this in "Chaos Monkeys" but it never really hit me until this experience.
I use cash for all physical payments; never the card. I use the card to withdraw cash, once a month.
I very rarely buy on-line, because I stopped using Amazon (treatment of warehouse staff) and buying off of Amazon is hell on toast.
But in general, email.
I can make calls from my phone/laptop, using VOIP.
I could receive as well if I wanted to, but I rarely need to be called, so I do not normally keep a number, and I could not be called when out and about anyway, because wifi-only, but you do get an answerphone, so people can leave a message.
It's formulated so that they can give those contacts away rather than sell them, but only to the rest of the medical goods & services supplychain that are involved in your care, who are also bound by HIPAA.
The worst dark pattern this has generated so far seems to be pharmaceutical company drug reps bribing your doctor to change what they would prescribe you.
The worst that's likely to happen without regulation, as far as I can tell, involves an associated provider just leaking UnitedHealthcare's full database of every patient and every condition.
These are professional networks with a ton of capital thrown behind them. They have pretty decent algorithms, heuristics, etc; and you don't make money (compared to the other data correlation teams) if you do simple dumb stuff. I'm certain they take into account those trying to be privacy-conscious, if only to increase their match rates to be competitive.
The audacity of these people. They probably do far worse things to their customers on a daily basis.
There's also the fact hardware remote attestation is creeping into the Android ecosystem. There's absolutely no way to daily drive something like GrapheneOS if essential services such as banks and messaging services start discriminating against you on the basis of it. Aw shucks looks like your phone has been tampered with so we're just gonna deny you access to your account, try again later on a corporation owned phone.
GrapheneOS is amazing from a security and privacy perspective but it doesn't matter. The corporations will not tolerate it because it works against their interests. They will ban you from their services for using it. Unlike Google and Apple, they have no leverage with which to force the corporations to accept terms unfavorable to them.
Plus its highly amoral and doctors here are still coming from idealistic breed that wanted to help people, those 2 are practically exclusive.
Far less requires an actual app than most people imagine. It's the apps that leak so much.
One setup that works reasonably well is
NetGuard --> Nebulo --> DNSdist on own router
On phone,
(a) set DNS in Wifi to localhost, i.e., disable service provider DNS
(b) set VPN to Block all connections without VPN
(c) set Netguard to forward port 53 to Nebulo
(d) set Nebulo to run in non-VPN mode
(e) set DNS configuration in Nebulo to DNSdist on router
On router, point DNSdist at nsd or tinydns serving custom root zone containing all needed DNS data. Apps like NetGuard, Nebulo, PCAPdroid, etc. allow one to easily export the DNS data needed for the zone file.
There is at least one leak in this setup. Nebulo's "Internal DNS server" can only be set to Cloudflare, Google or Quad9. In theory this should only be used to resolve the address of the DoH provider and nothing else. But not allowing the user to choose their own DNS data source and forcing the user to keep pinging (querying) Cloudflare, Google or Quad9 is poor design. Those addresses are unlikely to change anyway.
Using a browser in place of other apps seems like good strategy but the browser "app" is far, far more complicated than many open source "apps" and much more difficult to control.
Firefox is not only filled with telemetry, almost no one compiles it themselves, it has more settings than any normal user can keep track of and it is constantly changing. Layer upon layer of unneeded complexity.
Changing your telephone number every year could be an artificial holiday like valentines day or halloween. It can be done if people deem it's important.
Phone number is the gold standard identifying for third party data collation services.
This is why so many companies demand it.
One solution is a burner phone and burner SIM, for SMS only.
I can think of one: make it illegal to buy, sell, or trade customer data. All transfer of data to another party must have a record of being initiated by the individual.
Hopefully rather than just stupidly giving up, they'll send an accompanying text message.
“Ask app not to track” turns off Apple’s own device identifier, but doesn’t stop other types of identifiers from existing, as the article described by the way it showed how ad networks make their own device identifiers collected by various apps.
> In this case, the discount is "opt-in."
The base price is not a force of nature. $5 with the option to opt-in to a $3 discount sounds great, until you realize that just a month ago the price was $2 by default. They raised the default by $3, but allowed you to opt-out of that increase. Whether you label that "opt-in" [to the discount] or "opt-out" [from the increase], you end up in exactly the same place.
It is different initially, when only one company is offering the "discount" and they have not yet adjusted their base price upward. In fact, the people who want the discount will presumably flock to their service, which may even mean they won't raise the base price all the way up if it makes their costs lower. But if that works, the other companies will follow suit.
In short: there's a period of time when there's a difference, and you have a real choice. If the difference is real, it will get locked in to the entire industry. It's a positive economic profit, and those go away.
cf https://robert.ocallahan.org/2014/08/choose-firefox-now-or-l...
A relative did a genealogy test through ancestry.com and suddenly I'm doxed for all eternity.
Interesting thought policing you have in there.
I just stopped using that card with square.
99% of games do not need precise location (some exceptions are pokemon go, etc). They can request and receive an entitlement.
I recently noticed that a fraction of the "vendors" allow deselecting the "legitimate interest" but have the "consent" tick box marked and unmodifiable.
Consider the following page:
https://www.brighthub.com/environment/renewable-energy/artic...
The following vendors have un-deselectable "consent" tickboxes:
Skimbit Ltd
Confiant Inc.
Lumen Research Limited
Visarity Technologies GmbH
DoubleVerify Inc.
Revcontent, LLC
Adssets AB
Integral Ad Science (incorporating ADmantX)
Mirando GmbH & Co KG
Polar Mobile Group Inc.
Rockabox Media Ltd
Telecoming S.A.
Seenthis AB
HUMAN
Papirfly AS
NEXD
One Tech Group GmbH
illuma technology limited
CHEQ AI TECHNOLOGIES
Adjust Digital A/S
VRTCAL Markets Inc
Cavai AS
Kiosked Ltd
Protected Media LTD
Oracle Data Cloud - Moat
Bannernow, Inc.
Jetpack Digital LLC
GeoEdge
Ensighten
IVO Media Ltd
Online Media Solutions LTD
Mobkoi Ltd
Redbranch, Inc dba Fraudlogix
Alphalyr SAS
Silverbullet Data Services Group
Stream Eye OOD
adbalancer Werbeagentur GmbH
Somplo Ltd
Velocity Made Good LLC
Vyde Ltd.
Adelaide Metrics Inc
Sqreem Technologies Private Limited
TMT Digital Inc
dpa-infocom GmbH
Brandhouse/Subsero A/S
streaMonkey GmbH
Alkimi
Zeit Agency ApS
Sitewit, Corp
AccountInsight Ltd
Aderize, Inc.
fraud0 GmbH
Channel99, Inc.
Videobot Ltd
Appstock LTD.
Dando online LTD
EMBRACE Systems GmbH
Hiili SL
YIELDBIRD SP. Z O.O.
Volentio JSD Limited
BEAPUP SOLUTIONS LTD
Public Good Software Inc.
Kidoz Inc.
DataDome SA
Sarigato Sp. z o.o.
Gesher Software LTD dba bridgeupp
Playdigo Inc
Sipo Inc
EliteAppgrade
SpinX Pte Ltd
Creatopy INC
Codevelop Technologies GmbH
Adgrid Media, LLC
ProgrammaticX LTD
Nitrouppi LTD
9 Dots Media Ltd
Vudoo Pty Ltd
Mobavenue Media Pvt Ltd
Carbonatix LTD
2) Are these even legal under GDPR rules?
3) Does this not nullify arguments by certain 3 letter agencies that users "consent" to their tracking?
4) Who is behind these companies? Any idea on how to approach this from an investigative journalism angle? Can we figure out the headquarters, employee counts, CEO's of these companies?
5) If "undeselectable consent tickboxes" qualify as legally valid consent, doesn't this set a precedent to foist off miryads of types of lack of consent as "consent"? Will this enable legalizing rape? Where does this Pandora's box end? How is this any different from:
https://www.youtube.com/watch?v=0fQsrwBi2Jo
6) As far as I understand, an illegal contract is void. If the forms submitted by users contained undeselectable "consent tickboxes"; then the forms no longer constitute legal contracts. Observe that this is regardless of the preferences of all the other tickboxes: even if users were to lazy to deselect all the deselectable tickboxes, the mere presence of deselectable tickboxes voids these forms as contracts. This means that all the other vendors didn't receive any consent, since their specific submitted form-as-a-contract is void, even if the majority of the vendors had consent tickboxes that could be deselected. It would seem prudent for such companies to insist that the forms don't contain undeselectable tickboxes for any companies since it would nullify the consent they hope to receive.
We all did and yet here we are.
Bilt as a concept is the biggest pile of late stage enshittification horse shit I’ve ever seen.
There's also Wifi ranging feature, but it shouldn't need to expose SSIDs to the app, I don't know the API, it should be limited to giving a precise location:
https://www.androidheadlines.com/2024/11/android-15-wi-fi-ra...
I do agree that iOS is behind by not providing profiles and multiple isolated installations of apps, and it would be great if it did.
How do we know they were fucking them over?
There's always going to be a subset of people who take any perceived slight as an attack on their honor, and will over-react. (I've had death threats for deleting a reddit post, fwiw.)
It's important to point out that it takes a long time for uptake of new versions of ad SDKs. The general assumption is that it takes about 6 months after release of a new version for 50% of ad traffic to come from that version or newer. Also, for every version you release, approximately 1% of traffic will never upgrade past that version.
In that kind of world, over-collecting data makes sense, especially if you think nobody will ever find out. Like total / and free disk space. There's no good reason to need those, right? But let's say an advertiser comes to you and says "we want to spend $1M / day to advertise our 10GB game, but only to devices that could install it." All of a sudden it's useful to know that a device only has 8GB of disk space, or only 100MB of free space.
So OK, if we didn't collect disk space, now it makes sense to collect disk space. Let's add it to the SDK. It takes a month or two to release a new version of the SDK. 3 months to get any meaningful traffic from it, and another 3 months to get up to 50% of your traffic. Assuming the ramps are linear, 4 months of 0%, and then 3 months of ramping to 50%, 30 days per month, you'll make $22.5M in the first 7 months. But if you had the logic in there to begin with, you'd have made $210M during the same time period. That makes it an easy choice for the business folks.
There are answers to this, but they all have drawbacks. You could limit data that ad agencies can collect. This reduces the value of ads. And agencies have learned that some data (like location) is low-value and high-risk, so they're removing the ability to supply it. I think it'd be better to support a model where ad code can be updated independently of the app. This way we could push out bug fixes faster, and could remove our just-in-case collection, but Apple has no signs that this is coming soon, and Google's answer has been such a shit-show that we aren't considering it viable over the next 4 years.
Edit: To address screen brightness specifically, it's a very rough proxy for age of the user.
I don't want to call you a liar, but having seen ads that are presumably targeted at me, it feels like a total fiction to say that anyone is actually capable or interested in doing this.
I get advertisements for just absolute nonsense garbage that has no bearing on my life, and no bearing on anything that could have possibly been collected from my device.
The closest thing is that when I was in Mexico for a week, some of my podcast pre-roll ads were in Spanish. (Which, I should note, I do not speak fluently enough to even understand.) Even now, the occasional ad I'm served on a podcast is in Spanish.
And that's it. They saw that my IP came from Quintana Roo, and (somewhat reasonably) decided that I need to hear Spanish-language content. Even when I physically moved back to the United States.
Any chance of a tutorial or some materials on doing exactly this sort of thing?
Are there whales that spend $1m / day in advertising. Absolutely, 100%. Are they running at all times? No. We typically see that kind of spend from a single advertiser around 30 days out of the year. They're short campaigns, typically around a launch of a big title, and they always try to target as narrowly as they can to maximize their impact.
You're right about it using IP geo-location to guess where you are and what language you want. We also use that to determine if we should show you the GDPR disclosures. But try looking at ads on a Xiaomi phone versus a Samsung and you'll see a different set of ads, because one of those purchasers tends to have more disposable income.
To discuss further would require us to go into the rabbit hole to debate whether capitalism is the right structure for society, but so far, everything else that's been tried has been worse.
Yes, it’s their job. Building codes have technical specifications and don’t allow people to opt out. Airspace is very tightly regulated with technical specifications.
> Why hasn't the world's largest advertising company incidentally owning the world's most popular browser implemented a technical solution for tracking and cookie banners in the browser? Oh wait...
Because the government is the thing that is supposed to produce useful regulations, not an advertising company.
GDPR is like trying to solve smog by passing a law that says people can opt out of smog by staying out of the city. No regulations to actually reduce smog.
about posting any results: I assume you are aware that after some time it is no longer possible to add comments to a HN discussion, I assume you will post any progress as a HN submission?
I’m not an exec, but I work on a major product in a major company. A significant portion of Americans use my work. My corporation has a reputation for poor customer support ATM. If I started getting personal emails or phone calls, I’d contact corporate security or lawyers just out of fear and confusion. That said, I’d be peeved on behalf of my customers if that same treatment was applied to messages directed at our household-name-CEO.
EU law means little in this respect, since it's not enforced and most people don't understand enough on the subject to even evaluate what's going on with their data (or their clients data).
E.g.: I might be okay with sharing a friend's phone number or email, but I don't want to share their photo, dob, home address, etc.