myprotegeai
7 hours ago
A company recently demoed to me that they have the ability to see the work history, credit report, and bank balance of a visitor that visits a site with some tracking code, in under 500ms. They use this information for a product that qualifies leads for sales teams, so the sales team knows who is a waste of time to go after and who isn't.
Creeps me the fuck out, and the owners seem to have no ethical qualms about buying, selling, and using this data.
ruined
an hour ago
free startup idea: trolley-solver-as-a-service.
integrate something like this with license plate data, property records, person recognition, and realtime location. when a self-driving automobile detects that it's out of control and unable to avoid imminent liability, it can make a cost-benefit analysis of each prospective casualty by querying an API that provides an avoidance score for each consumer and property in the vicinity. based on this score the client automobile will be able to identify a route of least liability. consumers may be encouraged to integrate with these services by assigning unidentified things a score of zero.
next_xibalba
6 hours ago
None of it is accurate and almost all of it is modeled from sparse, low quality training sets. Banks are not selling PII’ed account balance data to shady aggregators.
To me, the more interesting and outrageous story is how many aggregators are able to sell garbage data so successfully.
hammock
6 hours ago
>Banks are not selling PII’ed account balance data to shady aggregators.
But is Plaid?
And banks do sell account balance data, they also sell credit and debit transaction history
Seattle3503
3 hours ago
> But is Plaid?
Or any of those budgeting apps that integrate with your bank account.
prasadjoglekar
2 hours ago
That's probably the signal. But as one of the parent posters said, the # of folks who use such budgeting apps is quite small. For advertising, small samples are useless, so this data has to be modeled to the full US population.
For that, this very biased training set. And almost always the independent variables used for modeling are 7-10 standard demographics.
dml2135
6 hours ago
Seems like Plaid would be f’d six ways til Sunday if it got out that they were selling consumer data to 3rd parties, no? A huge part of their business model is based on trust and doing that would completely burn it.
hammock
5 hours ago
dml2135
4 hours ago
Sorry, maybe “third party” isn’t the correct term. Let me try to lay out my point a bit more clearly:
Plaid’s business model is — Company A needs a consumer’s data from Bank B. Plaid takes the consumer’s banking credentials, gets the data, and sells it to Company A.
At no point in this process does Plaid go and sell this data to another unrelated Company C. The lawsuit cited was about Plaid not sufficiently explaining its position between Company A and Bank B to the consumer. It was not about Plaid going and selling the data to the highest bidder.
mystified5016
4 hours ago
Pretty much no corporation in the last 40 years has suffered the consequences of their actions. Boeing has killed how many people and it's taking an act of Congress to even start talking about some consequences later, maybe.
gruez
2 hours ago
>Pretty much no corporation in the last 40 years has suffered the consequences of their actions.
There's hundreds of regulatory actions taken by governments per year. That's "consequence" by definition.
brewdad
an hour ago
Fines of a few percent of the revenues generated aren’t enough of a deterrent.
hedvig23
5 hours ago
That logic suffices as truth to you?
ethbr1
5 hours ago
> None of it is accurate and almost all of it is modeled from sparse, low quality training sets. Banks are not selling PII’ed account balance data to shady aggregators.
Part of the problem though is that much of this data is persistent, across order-of-human-lifetime.
How often does your employer salary history have to be obtained to be useful? Maybe once every 10 years?
I have zero faith that in jurisdictions without national laws prohibiting it (and laws that prevent usage of extra-national data) that's not happening.
bbarnett
32 minutes ago
Banks are not selling PII’ed a
You know how some banks have a service which tells you how you spend your money? With graphs, 20% on power, 15% on food, etc?
That service is provided by a third party, who is given the data anonymized. A unique id number assigned. Yet it's trivial to deanonymize, and that's what happens.
All that is required is one buy with a points card, an airmiles card, and you are forever relinked to your data. It's how points cards make cash on the side, how air miles do. Exact time, date, amount, location of purchase is a great sync method.
If you pay for your phone with any form of traceable payment, they know who you are, your address, etc. From this immense data is gleamed, such as lot value, neighborhood, and so on. Companies can even get current location and geofence you, being alerted if you move in/out of a certain location.
Mobile phone companies sell this data/service via an easy api. Companies relink a phone from the app level via IMEI and number, which is sold to aggregators along with phone data (contacts, etc). The telco api links to real identity.
Once linked, forever linked.
Most people love free apps, and give up messages/sms, contacts, and more to save a dollar on an app. From this immense relationship data is gleamed, including likely employer and social circke.
Even if you are careful with your app permissions, certainly many acquaintances of yours aren't, so you get linked to their social circle, often with contact name/address.
This is just the simple stuff.
Source: I've dealt with these companies.
myprotegeai
6 hours ago
Maybe they are using garbage data, but at least for the credit checks, he was running them on-demand at $0.75 a pop. He also mentioned browser fingerprint databases that he has purchased. Half of his job seemed to be processing and importing different databases that he had purchased.
vundercind
6 hours ago
The first time I saw a session replay of all the mouse movements and input of a user on their own fucking computer that some marketing website-spyware had recorded was the moment I decided the Internet was a mistake.
mason55
6 hours ago
Pretty much every analytics product does this now. Amplitude, Statsig, Posthog, etc.
Not saying it’s a good thing but assume that most websites are recording your session at this point.
jerlam
5 hours ago
An intern at my company built a proof-of-concept of this within a month, under a mistaken direction to build "analytics tools". When the intern presented this to the team, everyone was horrified and we never brought it up again after the intern left.
rexarex
6 hours ago
You mean the free product Microsoft Clarity that everyone uses?
vundercind
6 hours ago
Nah, it was some smallish company’s SAAS thingy. This was maybe 2015.
a13n
6 hours ago
fullstory
vundercind
5 hours ago
It was already common then, I gather—the ex-developer-product-owner guy who showed it to me (in the course of doing something else) didn’t seem to think it was remarkable, just an assumed capability. I don’t recall the name of the product, but it’d record all the input and page content for an entire session, you could watch it play back like a video. Exactly like standing over someone’s shoulder while they used their computer. Creepy as fuck, but some genius renamed “spyware” to “telemetry” and that was enough to get every developer on board because we’re super insecure and will jump at the chance to pretend we’re building Mars rovers or something else real while we make yet another “app” the world doesn’t need (I suppose that’s why that label was so successful at changing attitudes, anyway)
jonhohle
5 hours ago
Isn’t this how heatmaps were generated as far back as the late 2000s?
vundercind
5 hours ago
Click-mapping came earlier, and there may have been a few places mouse-movement and cross-page-load session tracking some sessions, but I don’t think it was a “just turn it on and leave it on” thing for even most large sites. And a lot of early heat maps came from user studies, which is the right way to do that.
[edit] also, that just happened to be the first time I’d seen a single session represented that way, rather than aggregates. Again, it wasn’t some brand-new thing then, it’d been around long enough to have multiple companies offering it as a service, not just an internal tool at a couple giants.
m463
4 hours ago
What if it was your daughter?
22 years old, height proportional to weight, poor decision making skills.
What about your son?
I've seen this offered to young kids paying rent:
"Flex lets you pay rent on a schedule that works better for your monthly budget and frees up your cash flow."
"Help you pay rent on time. Improve your cash flow. Build your credit history."
riahi
28 minutes ago
This sounds like they are somehow identifying the user and querying theworknumber.
You can get a ton from a worknumber query.
zoltrix303
an hour ago
I had a similar experience once where a vendor demoed their tracking tech for advertising. This was in France (before GDPR) and they had partnered with many apps (Weather apps and such) to access user locations. I don't remember the size of their target but it was a big chunk of the French population. They showed a map of Paris showing the day of a particular user from leaving their home, which route they took, how long they stood in front of which store and how long the spend inside others etc. My boss at the time found the whole thing very exciting...
Mountain_Skies
an hour ago
While out hiking one day, I started thinking about buying a small ladder for the kitchen. When I got home that evening, I started seeing ads for ladders even though I had not searched for ladders, spoke to anyone about ladders, or even texted anyone about them. It was just a thought I had while hiking. Was it a coincidence or something else?
Finally figured it out a day later when reviewing my hike on the Fitbit app. At the end of my hike I forgot to shutoff route tracking. On my way home, I had stopped by Walmart to grab a few things and while there, looked at their ladders. I could see on the app the path I took through the store, including when I stopped for a few minutes in front of the ladders. That was enough data to trigger ads for ladders for the next couple of days.
We leak data about ourselves constantly without realizing how much we're doing it or where it ends up going. Lots of it is also circumstantial and makes me wonder what erroneous ideas some of these databases might have accumulated over the years and who gets to see that "information". What happens if you walk through a part of town where there's an activist rally for "We Love Kitten Torture" going on? Do you forever get tagged in a bunch of databases as an animal torturer?
anjel
7 hours ago
Soon to be combined with palantir face recognition tech. No need to chip your citizenry!
luckylion
7 hours ago
"A visitor" as in "any visitor"? Or rather "a visitor", i.e. a specific one, about whom they already possess all this data and it's just a look up?
The latter I absolutely believe. The former I'd file under sci-fi marketing tales that anyone with some amount of knowledge about web technologies wouldn't fall for.
tonetegeatinst
5 hours ago
What data broker would even sell this data?
A4ET8a8uTh0
7 hours ago
Wait.. physical site like a store or a web site? Not that either would make it that much better than the other, but you got me really curious.
nipponese
6 hours ago
Name the company please.
ranger_danger
6 hours ago
Nothing like this exists for data on the general public and it would be illegal anyways. Either one of you is not aware of what that product actually isn't, or are being intentionally deceitful and spreading FUD.
bitnasty
6 hours ago
Ever heard of the national public data breach?
advisedwang
5 hours ago
https://support.microsoft.com/en-us/topic/national-public-da... does not mention work history, credit reports, or bank balances.
mixmastamyk
3 hours ago
The Experian breaches did. ADP sells recurring payroll as well. Shouldn’t be too hard to cross reference.
whycombinater
7 hours ago
Just beat them to death.
Jury nullification.
Or vote, or whatever the site rules permit, good luck with that.
bofadeez
7 hours ago
Sounds like vaporware. Might be possible for a negligibly small % of visitors. And even then cold outreach is not very effective.
drdaeman
4 hours ago
It's basically same as classic approach of correlating salaries with ZIP codes, just with more parameters. Which sort of works statistically, because there are correlations - but is nothing more than a hallucination at individual visitor scale.