Out of a reflex of distrust, I refuse to participate in any kind of loyalty program of the outlet of the large retail store around the corner.
I tell myself that by refusing to join the loyalty program (which basically comes down to scanning an anonymous loyalty card every time I make a purchase), I prevent them from adding my correlations (what products I buy, in what combos, at what time) to their data.
But since I normally pay by card, I guess they can (and do) already do that with my bank account information?
If I would pay with cash, they can still see those correlations per purchase, but they can’t track my purchases over time?
Yes they can and, unfortunately, even if you start paying by cash you’ll still be tracked to a certain extent. It is extremely difficult to avoid any kind of purchase tracking because everyone from the private company that manages the lot you park in before going inside, to the retailer, to your bank, to the smart screens in the store, to your fucking smart phone (whether by GPS or wifi network identification) is working together to identify and track you.
It’s really fucking hard to go incognito theae days.
How much do you think de-googled GrapheneOS with FLOSS-only apps would help?
For the phone component - immensely… when I vaguely said that “your phone tracks you” most of what I’m talking about is Google/Facebook/Reddit/TikTok/Mobile Ad Networks doing it… I don’t believe carriers tend to engage in that bullshit very often (though AT&T has been caught a few times) due to laws around being a communications carrier… it’s mostly the social media folks.
If you’re walking around with a cellphone turned on with a SIM plugged in or Wi-Fi or Bluetooth turned on (even if not connected to anything), stores still have ways to track you. They won’t get your purchase info, but they’d know when you got there, how long you stayed, and maybe where in the store you went (if it’s big enough for multiple access points).
Meanwhile, I’ve just accepted that they’ll track me, and I’m fine if they give me a cut. Cashback and such to pay me for my data.
It’d be nice if I got paid for all the ads I see on the internet and outside.
IPhone/android randomize their MAC addresses now to prevent this kind of long term tracking.
Stores will see you walking the store anonymously and be able to create a general customer heatmap, but since this virtual MAC rotates, they won’t be able to correlate this to you indivdually long term.
I believe phones broadcast a sort of fingerprint when searching for wifi and/or Bluetooth connections. No MAC address needed!
The MAC is generally the fingerprint. Looks like Apple handles this when searching as well:
https://support.apple.com/guide/security/wi-fi-privacy-secb9cb3140c/web
I haven’t heard of anything else besides MAC being broadcast during the searching phase. Can you give an example or technical term?
Phones routinely look for specific SSIDs by their names. Imagine you’re strolling through a mall while your appearance changes every 2 seconds, but you keep yelling out the names of 5 other peoole. People will not know who you are really, but they will be able to follow you around because they will know that it’s you who yells those 5 names no matter what you look like.
Whenever wifi is enabled, your device is sending out probe request frames, which includes your list of preferred networks/networks you’ve connected to before.
That, and things like Apple Pay randomize the card number when you pay. It’s why my local grocery store refused to switch to contactless payments for so long. They finally gave in and are piloting it on some stores now.
How does that work for broadcasts from your device, designed to prompt beacons from dorman aps you might have joined before? Once you join it provides a random mac, but before then?
They use randomized MACs there too.
You can set MACs to not randomize for specific WiFi, but by default it’s on and random.
AI can identify individuals by gait now
I think paying in cash cuts down on trackin massively. Can you still be tracked? Yes. But are most stores going through the effort? I don’t think so. Depends on the store too, I guess.
Maybe my tin foil hat is getting rusty, but to me it just feels like they’ll just move on to the next dude who payed by card instead.
“can we have your address for warrantee purposes”?
I always answer “no thank you”. It’s polite for the worker yet direct. I’ve never once had someone insist
The latest version of this I’ve seen is fucking fast fashion of all things asking for your phone number to send invoices to, as part of their “digital sustainability initiative”. If they really gave a shit they’d set fire to everything the company owned.
Does that mean that anonymous loyalty cards don’t really add any extra tracking capabilities?
Then what is the benefit for retailers? That some people don’t use those cards and are thus paying too much?
Most people give their real full name, phone number and email for any loyalty card wothout batting an eye, plus even with anonymized data it’s useful to the owners to track correlation of purchases, time, location. Definitively what you said too, we all make mistakes (some more than others), every needless complication of a system is a disadvantage to the customer.
Loyalty cards are more for getting the customer in the door, right? Usage patterns come second if I understand the model correctly.
Other way around. Loyalty cards have always been about getting that sweet sweet data about customer habits.
To the point where Target could figure out when someone was pregnant based on what they purchased.
I’m guessing you’re talking about debit cards. From the Canadian Government: yes.
In detail:
Payment terminals can also be built to feed into a retailer’s “customer relationship management” database so that a retailer can track your purchases and tie those to other information about you, such as your email address, if you have given it to them. Financial institutions and payment card network operators could also profile you based on your purchase information.
This purchase information could potentially be shared and linked with information held by loyalty card companies, data brokers, or marketers.
If it’s possible, then it’s a revenue stream, so I assume it’d be done.
The American Prospect has some really good recent articles about this. We’ve entered a new age of personal pricing. Companies have so much data on us that the price that I see when I visit a website is no longer necessarily the price that you see.
https://prospect.org/economy/2024-06-04-one-person-one-price/
It’s absolutely possible. It would depend on the store but I’m guessing a store that has a loyalty program is interested enough in analyzing customer data that they would use your credit card as a unique identifier of you as a customer, especially for transactions where there wasn’t a loyalty number entered.
Depends on the store.
Your non chain store that has a loyalty program, probably doesn’t have the interest or capital to pay some third party to manage the data collection and analysis to try to direct market things to you.
Worked at a co-op grocery store for a while. The “owners” could use their owner number to keep track of their purchases to count towards their patronage refund amount and it also allowed some limited ability to look at full transaction information to deal with misrings, returns without recipts, etc. in the decade that I worked there, there was no effort or interest (even though the people running the coop at the highest level were definitely “business goober” types) to try to use the info for direct marketing or to sell to a data broker.
I didn’t know if debit cards do, but I think credit cards do, which is why they can offer rewards.
It probably depends on the store. I habitually pay via physical money, because in the event of a cyberattack I can still use it.
Wouldn’t this be illegal under GDPR as you didn’t consent?
You do consent often enough.
At least in Germany, there are at least two companies (Schufa and Experian) who will analyze your account data/money transfers to calculate a score.
Technically, this is legal because they claim to have a legitimate interest in the data and you do have to tick a checkbox.
In terms of physical POS, I’ve never ticked any boxes in that process.
They use the loyalty card, because you accept the t and c of it when you use it
Yes, a good bit of stores do. I pay in cash generally, and I don’t tie my email to my bank account. The nice thing with paying cash is you have a better idea of how much money your spending too.
But as some other users mentioned, some stores have these camera’s in the parking lot that track your license plate. Generally park in a way that it cant see it when you enter or leave.
