Out of a reflex of distrust, I refuse to participate in any kind of loyalty program of the outlet of the large retail store around the corner.
I tell myself that by refusing to join the loyalty program (which basically comes down to scanning an anonymous loyalty card every time I make a purchase), I prevent them from adding my correlations (what products I buy, in what combos, at what time) to their data.
But since I normally pay by card, I guess they can (and do) already do that with my bank account information?
If I would pay with cash, they can still see those correlations per purchase, but they can’t track my purchases over time?
Yes they can and, unfortunately, even if you start paying by cash you’ll still be tracked to a certain extent. It is extremely difficult to avoid any kind of purchase tracking because everyone from the private company that manages the lot you park in before going inside, to the retailer, to your bank, to the smart screens in the store, to your fucking smart phone (whether by GPS or wifi network identification) is working together to identify and track you.
It’s really fucking hard to go incognito theae days.
How much do you think de-googled GrapheneOS with FLOSS-only apps would help?
For the phone component - immensely… when I vaguely said that “your phone tracks you” most of what I’m talking about is Google/Facebook/Reddit/TikTok/Mobile Ad Networks doing it… I don’t believe carriers tend to engage in that bullshit very often (though AT&T has been caught a few times) due to laws around being a communications carrier… it’s mostly the social media folks.
I think paying in cash cuts down on trackin massively. Can you still be tracked? Yes. But are most stores going through the effort? I don’t think so. Depends on the store too, I guess.
Maybe my tin foil hat is getting rusty, but to me it just feels like they’ll just move on to the next dude who payed by card instead.
“can we have your address for warrantee purposes”?
I always answer “no thank you”. It’s polite for the worker yet direct. I’ve never once had someone insist
The latest version of this I’ve seen is fucking fast fashion of all things asking for your phone number to send invoices to, as part of their “digital sustainability initiative”. If they really gave a shit they’d set fire to everything the company owned.
Does that mean that anonymous loyalty cards don’t really add any extra tracking capabilities?
Then what is the benefit for retailers? That some people don’t use those cards and are thus paying too much?
Most people give their real full name, phone number and email for any loyalty card wothout batting an eye, plus even with anonymized data it’s useful to the owners to track correlation of purchases, time, location. Definitively what you said too, we all make mistakes (some more than others), every needless complication of a system is a disadvantage to the customer.
Loyalty cards are more for getting the customer in the door, right? Usage patterns come second if I understand the model correctly.
Other way around. Loyalty cards have always been about getting that sweet sweet data about customer habits.
If you’re walking around with a cellphone turned on with a SIM plugged in or Wi-Fi or Bluetooth turned on (even if not connected to anything), stores still have ways to track you. They won’t get your purchase info, but they’d know when you got there, how long you stayed, and maybe where in the store you went (if it’s big enough for multiple access points).
Meanwhile, I’ve just accepted that they’ll track me, and I’m fine if they give me a cut. Cashback and such to pay me for my data.
It’d be nice if I got paid for all the ads I see on the internet and outside.
IPhone/android randomize their MAC addresses now to prevent this kind of long term tracking.
Stores will see you walking the store anonymously and be able to create a general customer heatmap, but since this virtual MAC rotates, they won’t be able to correlate this to you indivdually long term.
I believe phones broadcast a sort of fingerprint when searching for wifi and/or Bluetooth connections. No MAC address needed!
The MAC is generally the fingerprint. Looks like Apple handles this when searching as well:
https://support.apple.com/guide/security/wi-fi-privacy-secb9cb3140c/web
I haven’t heard of anything else besides MAC being broadcast during the searching phase. Can you give an example or technical term?
Phones routinely look for specific SSIDs by their names. Imagine you’re strolling through a mall while your appearance changes every 2 seconds, but you keep yelling out the names of 5 other peoole. People will not know who you are really, but they will be able to follow you around because they will know that it’s you who yells those 5 names no matter what you look like.
Whenever wifi is enabled, your device is sending out probe request frames, which includes your list of preferred networks/networks you’ve connected to before.
That, and things like Apple Pay randomize the card number when you pay. It’s why my local grocery store refused to switch to contactless payments for so long. They finally gave in and are piloting it on some stores now.
How does that work for broadcasts from your device, designed to prompt beacons from dorman aps you might have joined before? Once you join it provides a random mac, but before then?
They use randomized MACs there too.
You can set MACs to not randomize for specific WiFi, but by default it’s on and random.
AI can identify individuals by gait now
To the point where Target could figure out when someone was pregnant based on what they purchased.
I’m guessing you’re talking about debit cards. From the Canadian Government: yes.
In detail:
Payment terminals can also be built to feed into a retailer’s “customer relationship management” database so that a retailer can track your purchases and tie those to other information about you, such as your email address, if you have given it to them. Financial institutions and payment card network operators could also profile you based on your purchase information.
This purchase information could potentially be shared and linked with information held by loyalty card companies, data brokers, or marketers.
If it’s possible, then it’s a revenue stream, so I assume it’d be done.
It’s absolutely possible. It would depend on the store but I’m guessing a store that has a loyalty program is interested enough in analyzing customer data that they would use your credit card as a unique identifier of you as a customer, especially for transactions where there wasn’t a loyalty number entered.
I didn’t know if debit cards do, but I think credit cards do, which is why they can offer rewards.
Wouldn’t this be illegal under GDPR as you didn’t consent?
You do consent often enough.
At least in Germany, there are at least two companies (Schufa and Experian) who will analyze your account data/money transfers to calculate a score.
Technically, this is legal because they claim to have a legitimate interest in the data and you do have to tick a checkbox.
In terms of physical POS, I’ve never ticked any boxes in that process.
It probably depends on the store. I habitually pay via physical money, because in the event of a cyberattack I can still use it.
deleted by creator
Yes, a good bit of stores do. I pay in cash generally, and I don’t tie my email to my bank account. The nice thing with paying cash is you have a better idea of how much money your spending too.
But as some other users mentioned, some stores have these camera’s in the parking lot that track your license plate. Generally park in a way that it cant see it when you enter or leave.