Banks are not selling PII’ed a

You know how some banks have a service which tells you how you spend your money? With graphs, 20% on power, 15% on food, etc?

That service is provided by a third party, who is given the data anonymized. A unique id number assigned. Yet it's trivial to deanonymize, and that's what happens.

All that is required is one buy with a points card, an airmiles card, and you are forever relinked to your data. It's how points cards make cash on the side, how air miles do. Exact time, date, amount, location of purchase is a great sync method.

If you pay for your phone with any form of traceable payment, they know who you are, your address, etc. From this immense data is gleamed, such as lot value, neighborhood, and so on. Companies can even get current location and geofence you, being alerted if you move in/out of a certain location.

Mobile phone companies sell this data/service via an easy api. Companies relink a phone from the app level via IMEI and number, which is sold to aggregators along with phone data (contacts, etc). The telco api links to real identity.

Once linked, forever linked.

Most people love free apps, and give up messages/sms, contacts, and more to save a dollar on an app. From this immense relationship data is gleamed, including likely employer and social circke.

Even if you are careful with your app permissions, certainly many acquaintances of yours aren't, so you get linked to their social circle, often with contact name/address.

This is just the simple stuff.

Source: I've dealt with these companies.

>Banks are not selling PII’ed account balance data to shady aggregators.

But is Plaid?

And banks do sell account balance data, they also sell credit and debit transaction history

> None of it is accurate and almost all of it is modeled from sparse, low quality training sets. Banks are not selling PII’ed account balance data to shady aggregators.

Part of the problem though is that much of this data is persistent, across order-of-human-lifetime.

How often does your employer salary history have to be obtained to be useful? Maybe once every 10 years?

I have zero faith that in jurisdictions without national laws prohibiting it (and laws that prevent usage of extra-national data) that's not happening.

> Banks are not selling PII’ed account balance data to shady aggregators.

Banks might not be directly selling the transaction history, but they report the customer transaction history to Equifax and similar credit scoring agencies. Equifax certainly does onsell that to shady credit companies, which has happened to me twice with letters in both cases stating in the footprint in a very small font size and in a very pale hue of grey «provided by Equifax».

Maybe they are using garbage data, but at least for the credit checks, he was running them on-demand at $0.75 a pop. He also mentioned browser fingerprint databases that he has purchased. Half of his job seemed to be processing and importing different databases that he had purchased.

I use an app called PayTM for online payments. It shows me notifications that I have rent pending on a flat which i rent when I have NEVER used it to pay rent ever. It also shows me that I have pending electricity bills. It also picks up and shows me data on how much credit card payment is due when I have never used it to pay credit card bills.

All of this information can come only through cooperation between banks, credit reporting companies, utilities etc.

Any ideas on how I can make my metrics tank predictions for I stop being marketed to so aggressively?

Don't give them ideas. Given the thing's we've been seeing, you just know some nepo-CEO somewhere will read this and think it is A) their idea, and B) brilliant.

Pretty much every analytics product does this now. Amplitude, Statsig, Posthog, etc.

Not saying it’s a good thing but assume that most websites are recording your session at this point.

An intern at my company built a proof-of-concept of this within a month, under a mistaken direction to build "analytics tools". When the intern presented this to the team, everyone was horrified and we never brought it up again after the intern left.

You mean the free product Microsoft Clarity that everyone uses?

time to make plugins that send fake mouse data, and have that draw nothing but hyper-realistic phalli.

Are surveillance cameras in shops any different?

We had one of these, Hotjar I think. To their (smallest possible) credit, there's 0 legible text in the replays, you basically only see the rough UI outlines and everything else is redacted. Wouldn't be surprised if it featured a keylogger though.

I asked our data team what the fuck they need this level of tracking for, and they said "wasn't us, it was marketing that requested it".

So I ask many of the marketing people, and they just say "oh we thought it could be useful!" Without actually clarifying the "how" or "why".

I removed that shit with a quickness after that, and no one's complained so far (duh)

I love the GDPR if nothing else because it scares the - excuse the vulgarity and ableism - retarded decision makers into not doing idiotic shit like this. For any kind of bullshit like this I just bring up GDPR as a shield these days and none of it goes through

While out hiking one day, I started thinking about buying a small ladder for the kitchen. When I got home that evening, I started seeing ads for ladders even though I had not searched for ladders, spoke to anyone about ladders, or even texted anyone about them. It was just a thought I had while hiking. Was it a coincidence or something else?

Finally figured it out a day later when reviewing my hike on the Fitbit app. At the end of my hike I forgot to shutoff route tracking. On my way home, I had stopped by Walmart to grab a few things and while there, looked at their ladders. I could see on the app the path I took through the store, including when I stopped for a few minutes in front of the ladders. That was enough data to trigger ads for ladders for the next couple of days.

We leak data about ourselves constantly without realizing how much we're doing it or where it ends up going. Lots of it is also circumstantial and makes me wonder what erroneous ideas some of these databases might have accumulated over the years and who gets to see that "information". What happens if you walk through a part of town where there's an activist rally for "We Love Kitten Torture" going on? Do you forever get tagged in a bunch of databases as an animal torturer?

Ever heard of the national public data breach?

It's basically same as classic approach of correlating salaries with ZIP codes, just with more parameters. Which sort of works statistically, because there are correlations - but is nothing more than a hallucination at individual visitor scale.

I live in a high rise in a major US metro (not NYC). A building across the way installed a new HVAC handler that whines at a relatively high pitch (think industrial shop vac) 24/7. One of my favorite parts of fall is being able to have the windows open and have lovely fresh air, but I can hardly hear myself think. And we're a good 100m away from the thing!

This is to say nothing of the traffic noise or garbage trucks or whatnot--but a building appliance? I thought surely that must be regulated, or at least controllable. It's unreal the lack of attention people pay to it.

fwiw I refuse to work on such things, as in sure many others in HN do. It probably doesn't make a difference, but I can sleep better at night at least

Many people fear that a corrupt or authoritarian regime might misuse data to cause harm. However, the reality is that such regimes tend to carry out harmful actions regardless of the data they collect. Data can make their efforts more efficient, but the real danger lies in the regime's intent, not necessarily the data itself.

People in Texas facing murder charges for traveling to other states to get an abortion.

People facing criminal charges for helping people in Texas learn about what options for managing their own reproductive health and bodies.

Targeted advertising dragging people down rabbit holes into extremism

I'm sick of needing to spend weeks researching which couch or mattress to buy because corporations will happily sell me a terrible couch for $3,000 that only cost them $50 to make. It'll fall apart in a year or two, conveniently after the warranty expires, but hey, their profits are going up so who cares about the buyer?

I'm sick of events like the Boar's Head listeria outbreak killing 10 people happening with regularity now. Last year it was eye drops causing blindness. The companies don't care beyond the lawsuits they'll face, who cares if people die as long as their profits go up?

I'm sick of oil companies lying about the environmental harms they cause. Their profits are going up, so why should they care about climate change or the tainted groundwater their fracking causes?

I'm sick of seeing ads and billboards for corporations everywhere I go. I'm sick of being tracked because corporations can make x% more money with my data than they can without it. Installing uBlock Origin is easy, but we now have facial recognition systems with physical cameras in the real world. Can't do anything about those unless I just never leave my home.

I'm sick of people defending this behavior by asking "what tangible harm have you experienced?". The tangible harm is that I'm fucking tired. I'm tired of living in a society that requires expending so much mental energy just to exist.

I should be able to just trust (within reason, of course) that a $1,000 mattress will work for X years without needing to research whether the company is decent or known to be awful. I should be able to buy chocolate from the grocery store without needing to research whether the corporation (or any of its 24 parents and subsidiaries) used slave labor to produce it. I shouldn't need to worry about bottled water being stolen from aquifers by corporations that will simply move on after destroying the communities that depend on that water.

I vote, because it's all I can do, but that accomplishes nothing because we're stuck in a two-party system that won't let me vote for a candidate far enough left to actually fix things. Instead we continue to maintain the status quo, because corporations have more money and political power than civilians.

I'm well aware that this reads like an overdramatic manifesto. I'm just sick of everything feeling like it's getting worse all the time, and it seems pretty causally linked to the rise of corporations. Is it too much to ask that I be able to live without them invading _every single aspect of my life_? I don't think it is, but I think we're too far gone at this point for it to ever change.

> similar tangible harm caused by lack of regulation on data collection?

There’s a spike in teenager suicides, girls in particular. The phenomenon is well researched, it correlates with popularity of social media among teenagers. I believe that’s causation not just correlation, because social media didn’t became popular everywhere at once, they did gradually for different countries/languages, the teenager suicides spike follows.

Restricting data collection will fix that by dismantling the business model. Will be harder for tech companies to convert screen time into profits. Will even flip the motivation developing addictive apps: the more time users will spend there the more bandwidth they consume i.e. profits will turn into costs. Which is good for most people, except employees and stock owners of social media companies.

P.S. Personally, I prefer more radical approach: total ban of advertisements on the internets. Many cities did it for billboards, I don’t see why we shouldn’t do the same online.

Identity theft

>they just can't perfect the technology to determine if someone is a child

Oh they do. It's a very valuable demo and doubtlessly they worked day and night for years to perfect it. They want to shape the malleable minds of lifetime consumers. They have, with great success, for nearly a century.

> government officials can’t cite common knowledge

Government officials can cite whatever they want, including stuff they pulled out of their ass, as long as they have the votes.

High-quality studies also lay out a methodology for evaluating, assessing, and ultimately characterizing the issue, so that the impact of policy changes can be properly assessed. Even showing that well-known investigatory methods function adequately for a given problem is of value.

Put another way, "you can't control what you can't measure" (or in this case, characterize more generally).

Why would you voluntary use technologies that violates your privacy?

> Election year.

This FTC has been extremely active and assertive since 2021, for which I'm thankful. People only pay attention in election years.

Good question. All encryption happens in the browser. I may release the code but it's really just Go Age WASM with a KV backend.

What's suspicious?

> health and identity related 'features'

But it's easy enough to just opt out of all that. I don't use fitness or health wearables. I don't have my DNA or ancestry analyzed. I don't use online/telehealth services. Hell I don't even visit the doctor very often. I don't trust healthcare at all because it's very easy for them to use "scare" marketing to get people to pay for all kinds of stuff that (a) they don't need and (b) has very little real benefit and (c) that in most cases is for conditions that common sense and a little self-discipline can avoid.

You're free to think that doctors and health organizations operate on some higher plane of morality but the truth is they are businesses and need to compete for customers just like any other business does.

This should be the top rated comment. This [1] is the tactic that is used by government agencies to actively work around protections afforded by the Constitution of the United States.

[1] https://www.washingtonpost.com/outlook/2021/04/26/constituti...

Exactly, there is no difference. In fact in some ways it is worse because the government can say with a straight face they aren't collecting your data and monitoring you... they just pay someone else for that service.

Actually, much of the commercially collected evidence is not strong in court if it is admissible in court at all. One can simply reject it claiming that it is a mis-association, but only if there isn't further objective data that conclusively ties one to the collection. In practice, usually the government finds evidence that is more directly incriminating, and the the commercial evidence is then secondary to the case.

This exactly.

I’m glad I’m not the only one who thinks like this.