←back to thread

Everyone knows your location: tracking myself down through in-app ads

(timsh.org)
1957 points apokryptein | 3 comments | 02 Feb 25 17:07 UTC | HN request time: 0.784s | source
Show context
inahga ◴[02 Feb 25 17:31 UTC] No.42910118[source]
There are quite a few interesting tracking flows out there.

My rent is paid through a company called Bilt.

I discovered that when I shop at Walgreens now, Bilt sends me an email containing the full receipt of what I bought like so:

    > Hey [inahga],
    >
    > You shopped at Walgreens on 12/1/24 and earned Bilt Points with your
    > Neighborhood Pharmacy benefit.
    >
    > Items eligible for rewards
    > TOSTITOS HINT OF LIME RSTC 11OZ
    > $3.50
    > 
    > +3 pts
    > TOSTITOS RSTC 12OZ
    > $3.50
    >
    > +3 pts
    > Other items*
    > EXCLUDED ITEMS
    > $0.07
    >
    > *May include rewards-ineligible items and/or prescriptions.
Ostensibly (hopefully) it would exclude sensitive items, plan B, condoms, etc...

I'm curious how this data flows from Walgreens to my rent company, but maybe I'd rather not know and just use cash/certified check from now on.

replies(19): >>42910141 #>>42910150 #>>42910255 #>>42910258 #>>42910275 #>>42910307 #>>42910604 #>>42911346 #>>42911365 #>>42911455 #>>42911597 #>>42911711 #>>42911897 #>>42911933 #>>42913328 #>>42914952 #>>42915737 #>>42922787 #>>42928562 #
curiousthought ◴[02 Feb 25 17:48 UTC] No.42910258[source]
This is called Level 3 data, and any merchant can choose to provide it for a reduction in the transaction fees they pay.

Here's a small comment thread from a few months back: https://news.ycombinator.com/item?id=41213632

replies(5): >>42910579 #>>42910666 #>>42910909 #>>42910955 #>>42911765 #
anon7000 ◴[02 Feb 25 18:41 UTC] No.42910666[source]
It’s honestly crazy that we allow companies to sell our data — and even financially incentivize companies to share our data like this.
replies(2): >>42911018 #>>42911512 #
kortilla ◴[02 Feb 25 19:27 UTC] No.42911018[source]
The problem is that to you it seems like your data but to Walgreens they see it as theirs. They generated it with their point of sale system.

The data is about a transaction that you made, but they generated all of it.

Until we have agreement as a society about what “my data” means, this kind of stuff is going to run rampant.

replies(3): >>42911120 #>>42912284 #>>42913057 #
1. iamacyborg ◴[02 Feb 25 22:01 UTC] No.42912284[source]
This is fairly easily answered through legislation like the GDPR which classes this data as personal data if it’s associated with an identified or identifiable person.
replies(1): >>42912378 #
2. kortilla ◴[02 Feb 25 22:12 UTC] No.42912378[source]
A legislative body writing something down doesn’t mean society has agreed to it.

If someone journals and writes down everyone they met with locations and dates, they will laugh you out of the room if you tell them they are violating GDPR.

This also leads to stupid shit like people not being sure if they can point a camera at their driveway to catch vehicle break-ins.

Finally, classifying something as “personal data” because it’s about me still doesn’t make it “my data”.

Health data in the US is strictly regulated, very personal, but is definitely not mine. I cannot remove things from it or prevent it from being shared between healthcare institutions.

replies(1): >>42914035 #
3. ericjmorey ◴[03 Feb 25 01:49 UTC] No.42914035[source]
You seem not to know much of anything about the laws regarding personal information in the US or Europe.