←back to thread

Everyone knows your location: tracking myself down through in-app ads

(timsh.org)
1957 points apokryptein | 6 comments | 02 Feb 25 17:07 UTC | HN request time: 1.117s | source | bottom
Show context
inahga ◴[02 Feb 25 17:31 UTC] No.42910118[source]
There are quite a few interesting tracking flows out there.

My rent is paid through a company called Bilt.

I discovered that when I shop at Walgreens now, Bilt sends me an email containing the full receipt of what I bought like so:

    > Hey [inahga],
    >
    > You shopped at Walgreens on 12/1/24 and earned Bilt Points with your
    > Neighborhood Pharmacy benefit.
    >
    > Items eligible for rewards
    > TOSTITOS HINT OF LIME RSTC 11OZ
    > $3.50
    > 
    > +3 pts
    > TOSTITOS RSTC 12OZ
    > $3.50
    >
    > +3 pts
    > Other items*
    > EXCLUDED ITEMS
    > $0.07
    >
    > *May include rewards-ineligible items and/or prescriptions.
Ostensibly (hopefully) it would exclude sensitive items, plan B, condoms, etc...

I'm curious how this data flows from Walgreens to my rent company, but maybe I'd rather not know and just use cash/certified check from now on.

replies(19): >>42910141 #>>42910150 #>>42910255 #>>42910258 #>>42910275 #>>42910307 #>>42910604 #>>42911346 #>>42911365 #>>42911455 #>>42911597 #>>42911711 #>>42911897 #>>42911933 #>>42913328 #>>42914952 #>>42915737 #>>42922787 #>>42928562 #
andrewfromx ◴[02 Feb 25 17:33 UTC] No.42910141[source]
"Bilt Members can earn points on Walgreens purchases made using any card linked to their Bilt account."

https://support.biltrewards.com/hc/en-us/articles/2901187842...

There's that FSA/HSA benefit section at the bottom which explicitly states that Bilt receives item-level data:

https://www.biltrewards.com/terms/walgreens

replies(1): >>42910223 #
gruez ◴[02 Feb 25 17:43 UTC] No.42910223[source]
That just sounds like a standard cross-merchant loyalty program? I don't think there are many examples in the US, but once you realize it's a loyalty program you really shouldn't be surprised that they're tracking your purchase history. That's basically the entire premise.
replies(2): >>42910281 #>>42911059 #
mistrial9 ◴[02 Feb 25 17:51 UTC] No.42910281[source]
> it's a loyalty program

calling something loyalty does not make it "loyalty" ..

replies(2): >>42910370 #>>42910622 #
dietr1ch ◴[02 Feb 25 18:35 UTC] No.42910622[source]
So called loyalty programs should be illegal on multiple fronts,

- Privacy: There's obvious tracking of purchasing trends. This derails into selling user data to everyone that makes people increasingly easy to track.

- Customer-dependent pricing / Price-discrimination: This is awful for economy, in econ 101 you learn that business want to charge each customer as much as they are willing to pay, but this differentiated pricing is just getting their hands into everyone's pockets.The free market principles rely on perfect knowledge, and every step made to make pricing harder is an attack against self market regulation.

Price discrimination is illegal even in Lobby-land, https://www.law.cornell.edu/uscode/text/15/13

replies(1): >>42911010 #
barrkel ◴[02 Feb 25 19:26 UTC] No.42911010[source]
Price discrimination is not a priori bad. A fixed price with enough margin to support the business may be too high for price sensitive consumers. If you can charge more to less price sensitive consumers, you can, at the margin, make a little bit on these price sensitive consumers, and overall everyone is better off - more consumers are satisfied and their marginal willingness to consume a unit of the thing being sold is more equalized.
replies(3): >>42911069 #>>42911363 #>>42911999 #
1. jkaplowitz ◴[02 Feb 25 19:33 UTC] No.42911069[source]
There are ways to adequately approximate that kind of price discrimination without detailed tracking though, like giving discounts to students, seniors, and people receiving various kinds of welfare benefit upon showing proof of status.

Yeah it isn’t as accurate as the privacy-invasive kind of tracking, since students and seniors can be wealthy and eligibility for welfare benefits doesn’t always consider assets or gifts from well-off family. But it’s accurate enough to give the economy most of the same benefit without the privacy downside.

I do think it’s fine for people to opt in to more tracking as a separate consent choice beyond merely participating in a loyalty program, for example to get more personalized and therefore more useful offers, but not as a condition of participation to merely receive at least standard offers and accumulate points. That’s how they generally work in Germany.

replies(1): >>42911265 #
2. gruez ◴[02 Feb 25 19:59 UTC] No.42911265[source]
>I do think it’s fine for people to opt in to more tracking as a separate consent choice beyond merely participating in a loyalty program, for example to get more personalized and therefore more useful offers, but not as a condition of participation to merely receive at least standard offers and accumulate points. That’s how they generally work in Germany.

Sounds like that'll push retailers to switch from a system where they give points/discounts to everyone, to one where points/discounts are "targeted", which of course requires opting into tracking. Like I said before, the whole premise of loyalty programs is that you're being tracked in exchange for rewards. You really can't expect to have your cake (discounts) and eat it too (not being tracked).

replies(2): >>42911717 #>>42912227 #
3. mistrial9 ◴[02 Feb 25 20:53 UTC] No.42911717[source]
search term "green stamps" (edit)https://en.wikipedia.org/wiki/S&H_Green_Stamps

my grandmother collected green stamps from the grocery store, which she saved for food discounts.. I don't think that there was any customer ID involved at all..

honestly, describing pervasive tracking of purchasing associated with govt ID as "normal" is .. its a sickness and parts of it are illegal now. It is not required or "normal" at all, from this view

4. jkaplowitz ◴[02 Feb 25 21:53 UTC] No.42912227[source]
> Sounds like that'll push retailers to switch from a system where they give points/discounts to everyone, to one where points/discounts are "targeted", which of course requires opting into tracking. Like I said before, the whole premise of loyalty programs is that you're being tracked in exchange for rewards. You really can't expect to have your cake (discounts) and eat it too (not being tracked).

As I said, in Germany you can indeed have your cake and eat it too in this regard, if you’re okay with the offers you receive being less targeted and therefore less appealing.

My understanding is that GDPR requires them to offer the option to decline the personalized targeting without being blocked from participation overall, and this is probably the same anywhere in the EU. But I don’t have personal experience with this in other EU countries and could be misunderstanding.

replies(1): >>42912376 #
5. gruez ◴[02 Feb 25 22:11 UTC] No.42912376{3}[source]
>As I said, in Germany you can indeed have your cake and eat it too in this regard, if you’re okay with the offers you receive being less targeted and therefore less appealing.

The "cake" in this case refers to the offers you had before GDPR came into effect and/or regulators started enforcing it. They might give opt-out people some token offers to appease regulators, but I doubt it'll be anywhere close to the offers they had before.

replies(1): >>42912655 #
6. jkaplowitz ◴[02 Feb 25 22:46 UTC] No.42912655{4}[source]
> They might give opt-out people some token offers to appease regulators

It’s not an opt-out situation. As per GDPR requirements, these programs have a specific opt-in prompt for personalized targeting, separate from the one which is for generally collecting and redeeming points as a member, and it’s not pre-chosen by default.

I think one can assume that many people will decline to opt in, especially in a culturally privacy-focused country like modern Germany and since not opting in is far behaviorally common than explicitly opting out, but also that many others will knowingly consent in exchange for the benefits. So I think they would generally want to give decent offers to both categories of people, since the non-consent group is large enough to matter. Of course the personalized ones would be better, otherwise nobody would want to give that consent.

Myself, I’ve consented to some but not all of the personalized targeting and information sharing from the loyalty programs I participate in here, after reading the descriptions of the requested consents in detail and making a conscious choice. In at least one case I converted a no to a yes after thinking about it longer. It’s good to have that transparency and control, and not to have the legalese surreptitiously remove your right to sue the store should that become necessary as is common in the US (forced arbitration is generally illegal here in B2C agreements).

As for the rest of your most recent comment, I wouldn’t know; I didn’t ever live in Europe before the GDPR.