←back to thread

Everyone knows your location: tracking myself down through in-app ads

(timsh.org)
1957 points apokryptein | 1 comments | 02 Feb 25 17:07 UTC | HN request time: 0s | source
Show context
inahga ◴[02 Feb 25 17:31 UTC] No.42910118[source]
There are quite a few interesting tracking flows out there.

My rent is paid through a company called Bilt.

I discovered that when I shop at Walgreens now, Bilt sends me an email containing the full receipt of what I bought like so:

    > Hey [inahga],
    >
    > You shopped at Walgreens on 12/1/24 and earned Bilt Points with your
    > Neighborhood Pharmacy benefit.
    >
    > Items eligible for rewards
    > TOSTITOS HINT OF LIME RSTC 11OZ
    > $3.50
    > 
    > +3 pts
    > TOSTITOS RSTC 12OZ
    > $3.50
    >
    > +3 pts
    > Other items*
    > EXCLUDED ITEMS
    > $0.07
    >
    > *May include rewards-ineligible items and/or prescriptions.
Ostensibly (hopefully) it would exclude sensitive items, plan B, condoms, etc...

I'm curious how this data flows from Walgreens to my rent company, but maybe I'd rather not know and just use cash/certified check from now on.

replies(19): >>42910141 #>>42910150 #>>42910255 #>>42910258 #>>42910275 #>>42910307 #>>42910604 #>>42911346 #>>42911365 #>>42911455 #>>42911597 #>>42911711 #>>42911897 #>>42911933 #>>42913328 #>>42914952 #>>42915737 #>>42922787 #>>42928562 #
curiousthought ◴[02 Feb 25 17:48 UTC] No.42910258[source]
This is called Level 3 data, and any merchant can choose to provide it for a reduction in the transaction fees they pay.

Here's a small comment thread from a few months back: https://news.ycombinator.com/item?id=41213632

replies(5): >>42910579 #>>42910666 #>>42910909 #>>42910955 #>>42911765 #
anon7000 ◴[02 Feb 25 18:41 UTC] No.42910666[source]
It’s honestly crazy that we allow companies to sell our data — and even financially incentivize companies to share our data like this.
replies(2): >>42911018 #>>42911512 #
kortilla ◴[02 Feb 25 19:27 UTC] No.42911018[source]
The problem is that to you it seems like your data but to Walgreens they see it as theirs. They generated it with their point of sale system.

The data is about a transaction that you made, but they generated all of it.

Until we have agreement as a society about what “my data” means, this kind of stuff is going to run rampant.

replies(3): >>42911120 #>>42912284 #>>42913057 #
robotnikman ◴[02 Feb 25 19:39 UTC] No.42911120[source]
>what “my data” means

It makes me wonder, if everyone 'owned' their own data, I wonder if it could be used as a form of UBI. Everyone has data from using services, everyone owns it, everyone can sell it to make a living just doing whatever they are doing everyday.

This is only just a shower thought I had the other day though, there are probably many pitfalls when it comes to such an idea.

replies(9): >>42911175 #>>42911358 #>>42911705 #>>42911789 #>>42911797 #>>42911946 #>>42911947 #>>42914993 #>>42918625 #
1. TeMPOraL ◴[02 Feb 25 21:19 UTC] No.42911947[source]
IDK, I think almost all interesting data has no obvious single owner, because it gets created as a side effect of an interaction between two or more parties.

Take the transaction information from example above. The record of you buying products X, Y, Z for total t=x+y+z at time T, with card C - both you and the store could argue they're entitled to it. It's about you and money you spent and products you received, but it's also about them and the money they received and the products that were taken off their inventory. Then the card issuer will interject saying, "hey, the customer uses a card we provide as a service, so we're at least entitled to know which card was use to pay, to whom, when, an what the total amount was!". Then both yours and stores' banks will chime in, and behind them, also the POS terminal provider.

Truth is, they all have a point. We like to think that paying for groceries with our watch is like a medieval peasant paying for fruit with metal coins at a town market. It's not. Electronic payments always involve multiple steps handled automatically, in the background, by half a dozen service providers linked by their own contracts and with their own legal reporting requirements, and each of them really do need to know at least some details about the payment they're participating in.

A simpler example: this comment. It's obviously mine. It's also a response to you, and it only makes sense in context of the whole subthread. Should anyone reply to it, they'll gain a stake in it, too - and then, arguably, everyone following this discussion have a right to read it, now and in the future. After I hit the "Reply" button, I can't in good conscience claim this comment is mine and only mine. This is why I'm personally against the practice of unilaterally mass-deleting of comments on open discussion boards, like e.g. plenty of people do on Reddit, forever ruining useful discussions for the public.

(It's also why I like HN's approach to GDPR, which is, you can get your account disassociated from your comments, and you can request potentially identifying content be removed, but the site won't just mass-delete your comments automatically.)