If you think data such as described here can’t be used to further segregate risk factors used in underwriting fees and eligibility for healthcare insurance, think again. Just wait till they factor in your genetic profile from commercial ancestry databases! Only the robustly healthy with proven genes, eating and exercise habits will be insurable at acceptable rates. One solution?...National Health Insurance with one large actuarial pool of all Americans.
49
Sift’s Google form says this:
“The form Data Subject Rights Process is no longer accepting responses. Try contacting the owner of the form if you think this is a mistake.”
Nice.
26
Welcome, Brave New World.
Secret accusers, silent identifiers, invisible prosecutors.
29
Act like a criminal (or a librarian) to protect your privacy. Pay cash. Don’t join loyalty clubs. Do I think Walgreens is selling and sharing my prescription data when they reward me points for each refill?—yup. Do I think Amazon sells my purchase and browsing history?—yes. Why do I get Facebook ads right after I browse the web? Very little is private now; it’s too late and it’s the Wild West—a lawless free-for-all.
40
One word for this, capital C Creepy. Privacy has become obsolete.
16
You forgot lexisnexis. They will also give you your information .
11
I have glaucoma and treated for it at a specialist university hospital ,as part of my signing up the clinic scanned my palm print
to add to my insurance and health record , I thought as blind folks attend this clinic that saves time for them ,I then thought where else does my palm print go to..it's the new world we live in.
11
I am fortunately an EU citizen as well. I wonder if these companies are familiar with the data privacy regulations. Definitely will be forwarding this article to the EU regulator responsible for this to start gathering data on them.
18
Thank you for this information. Now, how can we stop it?
20
If my government collects data about me, I have at least some ability to contact my congress critter and maybe vote for its opponent in the next election. But when it comes to private industry capturing my data, I don't even have the option of "refusing to do business with them" because I don't know who they are and I have no idea whether they are capturing my data or not.
If I could possibly eschew the internet, cell phones, credit cards, bank accounts and the ownership of a car and a house, I might be able to avoid some of this invasion of my privacy. But it appears that we are all sucked in no matter what we do to protect our privacy.
I'm sure that some data gathering engine has no problem connecting my silly screen name to the real me, and has me pegged as some sort of weird basement dwelling malcontent. If my "ad choices" feed is any indication, they think I am a Black, Lesbian, Jewish, Republican, from Mexico, unable to get a green card. Keep 'em baffled I guess.
23
I was going to write a comment but realized that it would be put into a file on me. Sigh. No comment.
61
Looks like Sift's Google Form linked to in the article has been taken down.
8
So does this mean, when I submit a comment to your or another publication or express an opinion ( or even “like” something on social media), that Big Brother is watching me? Dystopia, here we come.
5
Not here we come, it is already here.
10
Very helpful information, and I applaud the work and commitment to write, edit, and produce it. What I can't understand is how the Times can present this without a full disclosure of its conflicting interest? Shouldn't any article on recording, storing and analyzing customer/consumer activity detail how every Times subscriber's activity is recorded? From selecting "interests" (I will not), articles read, % complete, time spent in app & web access, "et cetera, collata condi semper?" The dramatic difference between reading a printed copy of the New York Times and logging into a paid subscription confounds and suggests ethical standards applied to others do not apply to it's own excellent and critically important work. Why does this, in America, seem to echo an official "... It's not torture" then "....we don't torture" followed up with an ex post facto "In any case, any legal recourse is forever barred?" An extreme analogy, perhaps, but one everyone should recognize. I read the demure passive statements sometimes included in privacy stories and I understand the reluctance to implement ethical standards that I'm guessing the most popular TV news network would likely deride, yet every missed opportunity to disclose erodes trust, increases cynicism, and confounds this reader. Undisclosed truth is a weakness begging exploitation.
32
Endorse MarshaPembroke's recommendation of "Surveillance Capitalism" by Shoshana Zuboff!! Also mightily impressed with Edward Snowden's new book "Permanent Record"-- his life up to, during, and after his massive release of the US intelligence Establishment's massive secret surveillance data.
BTW, watch out for inaccurate coverage where critic says that Snowden "took refuge in Russia" No such thing! He was changing planes in Moscow on a carefully planned route that would take him to a South American country that had offered him asylum. Instead, the US cancelled his passport, so he was stuck in the airport waiting room for weeks until Russia agreed to admit him to their country. where he lives today.
8
The article didn't mention that all your Google personal data is available for download. I did it recently and got half a gigabyte of everything I did with them over the last several years. I haven't read it all and I don't know what else they know about me.
I suppose the FBI and other agencies can access all this stuff, but what about the average amateur hacker?
7
Remember that Facebook recently agreed to pay $5 billion (!!) to the US gov to resolve an investigation into its privacy violations? Why pay all this money to stop the gov from looking into your business if there is nothing to hide? And why did the government agree to the settlement and thought it was a win?
12
I work with enterprise identities and access control for a large multinational based in Europe. One of our technology vendors is offering what I call "security sausage" as one of their upgraded features, the ability to do more analysis on publicly available data to determine individual risk and authenticity. For example determining whether you would need step-up authentication or some kind of manager approval to access a resource. Or even let you log in without a password. It assigns risk scores, wth the possibility of being dynamic and picking up your latest behaviour.
We (legal, cybersec, business) decided it was too creepy and have made a policy to avoid similar products in the future. You just don't know what data gets used to generate the score. There are other ways to achieve safe access. This is in line with one of the GDPR rules, "privacy by design".
Taking GDPR seriously as a business is hard (and frustrating sometimes - some parts of GDPR conflict with itself), but I'm a big believer in the society we become once it's embedded in our ways of working. Give it another few years to really land, and a few court cases, to determine the boundaries.
Unlike the Russian and Chinese data protection laws (also headaches of mine), GDPR actually tries to be on the side of the citizen. The California law will be good for the US.
20
What if they hold something incriminating? We brushed off Snowden because we'd only be held accountable to the findings of mass surveillance if we're involved in terrorist activities, which most of us are not. Now, however, we're conceivably accountable to every data point collected in whatever kind of way the market requires.
It is totally irresponsible to allow the economic practice of surveillance capitalism to continue now that it's been called out and articulated so well. And it's a real drag to think that, really, we've been investing in this architecture for quite some time. Hashtag, we're all doomed...
11
This is why we need to recognize our data as a property right. Only one 2020 presidential candidate recognizes this:
https://www.yang2020.com/policies/data-property-right/
#GoogleAndrewYang #YouTubeAndrewYang
23
Regarding the California Consumer Privacy Act, while it does grant rights to California “consumers” (residents), there is a decent chance that many companies will not bother trying to distinguish CA residents from others and will fulfill access and other requests from non-California residents. The law also has a right to request deletion, but that particular right has some very broad exceptions allowing them to decline to delete. Another right will be to not have your information “sold” to third parties (as selling is defined in the law). Any covered company selling personal information will have to have a “Do not sell my personal information” link and functionality on their home page. And there will be huge class action exposure for breaches of certain sensitive data ($100-$750 per violation). The law was hastily drafted and is an absolute mess for companies to figure out how to interpret, but it should move the needle forward (painfully) on privacy.
7
This answer to this issue, as it is to many issues, is government regulation. Every single company that plans to retain or sell my data should be required to ask me, in a pop-up window, whether I agree to that happening, and allow me to select "no." Furthermore, companies that compile data on us should be required to contact us periodically with a copy of all of the data they have and to ask, with compliance, whether we would like them to delete that data.
This is one of many reasons I plan to vote for Elizabeth Warren, if indeed she gets onto the ballot. She is smart enough to see the need for this kind of thing and to work toward establishing such regulation.
29
This whole article is also a new attack line for social engineers looking to steal your identity.
And I would suggest that we should be asking who is looking into any of this, regulating any of this. But with actual physical bridges falling down across America, the gov doesn't seem that interested in doing its job, particularly elected officials.
Several years ago, I encountered some shady business practices of a local contractor and contacted both my city and my States Attorney Office to lodge a complaint. You would have thought I was asking for the moon given the level of irritation I encountered in both cases about the process of making a complaint. They certainly didn't have any means of looking up whether there had been any other complaints against this company.
No wonder Trump-supporters like his wrecking-ball approach to politics-as-usual. Serving the public or even just the public good seems to be the last thing on these people's/agencies minds.
5
If a company requires you to opt-in to use their services, what are you supposed to do? We're hooked on the convenience of online ordering, easy returns, wave-and-pay systems, how-to videos, myriad blogs and podcasts. Many of these businesses depend on data mining and "partnerships" to feed their bottom lines (looking at you, NYT).
I'm not sure if GDRP regulations require companies to allow you to use their services even if you opt-out. But without that choice, most of us will just carry on and hope they all — like Google! — intend to do no evil. (Sarcasm intended)
15
Thus proving the superiority of capitalism and the free market. Unlike China, our government need not mandate a social credit score be created and maintained. Corporations have done it as a service.
6
One of the principles of data protection in the EU is that the data subject - you - are to be informed if automated decision making or AI is processing data and making determinations about credit, risk, etc.
3
sounds like a mini alphabet soup agency type snooping. im sure they will only use it for the good of humanity, though it kinda seems like it could be a way of discrimination.
too bad america doesnt have a federal law, making the fine print of these sites (i.e. FB, APPLE, GOOGLE etc), easy too read, and understand. maybe folks wouldnt go to certain sites that collect all this info?
thank you for the reporting of this, as its the first im hearing of it.
4
I really appreciate the consumer advocate’s honesty- we’re all lucky to have someone like that fighting on our behalf!!!
4
Data are lethal. Personal data secuirty is not about "privacy". A breach of "privacy" might bring job loss, divorce, embarrassment. Most of us experience these and move on.
For slices of the U.S. population, a data breach can be a life-and-death matter. If an abuse victim's new address becomes known to the abuser, the victim does suffer "embarrassment". S/he may be beaten or murdered. If an undercover police officer's name becomes known, s/he may be murdered. These risks are not academic: hundreds of thousands of domestic violence "protective" orders are issued each year.
Personal data will not be properly secured until corporate officers and and government officials - that gather personal data - are subject to criminal penalties (i.e., prison terms) and fines (not paid by tax-payers or share-holders) when hacks occur.
Now, there are no penalties beyond - at most - job loss for those, whose negligence puts lives at risk.
Until folks are imprisoned for failure to protect personal data, there is no incentive (a) to minimize data gathering and retention and (b) to be dligent in safeguarding personal data.
"Privacy" has no place in any discussion of personal data security. Those, who use "privacy" in this context, misdirect the discussion. Data are lethal.
3
Is California the only state that actually strives to protect the interests and well-being of the common people?
3
@scrumble You're in error. Were Californian officials dedicated to protecting the well-being of residents, it would be absolutely prohibited: (a) to build homes on other than "flat" land (i.e., not on the sides of canyons); (b) to build homes in forested areas; (c) to build any structure that did not meet Japanese earthquake-resistance standards.
Further, were Californian officials "on the ball", they would long ago have required all utilities to take steps to prevent explosions (e.g., San Bruno, gas pipe) and power lines (Paradise, wildfire).
3
I worked for one of the big 3 credit agencies as a naive PM. The data that they amassed to sell to retailers was astounding. I learned three things: never fill out sweepstakes forms, cancel all your retail catalog subscriptions (unless needed) and cash is king. I used Lexis/Nexus in my non-profit days 20 years ago and it's nothing like it was then. It's a lot concerning!
15
the congress must act and pass law to protect consumers' privacy. All these internet giants are like big brother. If you google something, they will send you pop-up ad or junk email right way.
5
A bit off topic, but Andrew Yang is the ONLY Presidential candidate talking about these privacy and data acquisition issues, and how to both contain and police them, assure our privacy, and get paid for the data that we're sharing. The three older candidates have no clue about this new world we're in or how to deal with it. A vote for them will ensure an even more delayed response to these issues.
12
For many years Amazon seemed to have me internally listed as an "A plus" customer. I could ask to return things and _regularly_ Amazon would say "we will credit you and just keep the item." Bizarre. Then in the last two years I dont get any of that treatment from Amazon. Nothing has changed on my side. This article makes one wonder what may have changed on my secret consumer score. Honestly I dont care one way or the other but something changed.
8
Since the same thing happened to me, i think it more likely that amazon decided to limit it’s nice behavior (to even A spenders) and stop the great customer service. Alas.
3
how can it possibly be legal for companies to collect hold and sell my data without my permission???
3
It’s not that it is legal, it’s Because it’s not ILLEGAL!
7
"Fill out a Google form"? Yeah right. To first approximation they're lying sacks. What else is new. The wonder is that any companies trust the accuracy of the material that they provide.
1
This is one of the reasons I don't pay bills through apps, and products that can only be ordered through apps are products I can live without. I simply don't trust apps not to be collecting and sharing my personal information.
3
I had no idea that we all seem to be having a secret "consumer score" in the line of credit score. In autocratic China its the Govt who collects all sorts of private data while in USA it's the private companies who do almost the same. It seems our data and privacy laws are slow to catch up with technological development in corporate sector. Sometimes, collusion of state Govt and/or politicians with such business interests would make it even slower.
1
Shortly after the birth of my child I had several items to return to Babies R Us (part of the Toys R US) brand, now out of business.
These items were gifts with gift receipts, yes I could not process the return without handing over my driver's license. This made no sense to me since I had not purchased the items in the first place. I went around and around with the customer service person because I wanted to understand why they "needed" my driver's license to process a return for items I didn't actually purchase and when I had the gift receipts. I never got an explanation that made any sense and I walked out of the store without returning the items. I hadn't paid for them so I wasn't out any money, I wasn't comfortable with their request. I donated the unneeded items and I never went back or shopped at Babies R Us or Toys R Us after that experience.
We don't have much power, but we can say no when given the opportunity to say no. It is similar to the radiation scanners in every airport. Remember when people said to opt out for pat downs and for a while people did and then they didn't anymore because it was too much bother. Well, if everyone had opted out for a week or two the system would have changed but people are too afraid in most situations to say no to "authority" even if that authority is a clerk. I still opt out every time I fly.
36
The google form for Sift no longer seems to be working. They now require a direct email.
4
So now the companies have all the information on us AND now our driver's license photo. What a deal.
14
Does anyone think big brother hasn't arrived and it's not the government?
8
That’s the only thing George Orwell got wrong.
3
We should be paid for this data.
9
So only two out of the 10 people that requested data, had data. I think I'll NOT ask for my info. If they don't know about me yet, I'm not inclined to tell them I exist along with my ip address from my email. If they do know, how is knowing what they know about me going to help me? The government won't let me stop them or let me tell them to erase it.
6
what about Facebook?
2
Two pieces today from the NYT (the revenge porn & this one) nailing down the fact that NOTHING YOU DO IS PRIVATE! You use a credit card, you post comments, you take photos on your phone. Nothing. It’s all accessible either by virtue of the fact you let it out there or it was hacked.
I have no idea why anyone on these comments is shocked. What to avoid most of this? Unplug. Entirely.
Not for me, but don’t say no one told you.
8
That’s not really a good answer to the question of why isn’t this illegal.
Try it
Question: Why isn’t using my data without my permission illegal?
Answer : Because we told you.
They probably also got permission at some point. Some long , complicated privacy statement that you answered very quickly “yes” just to get on with your life. I wonder why we have privacy statements and not just simply “privacy”?
Why do I have to give permission for all this data to be used? Why do they need data so badly? It’s probably a lengthy answer, but
Probably like this article shows there is a lot of fraud online.
2
Andrew Yang proposes that we get a piece of the profit from our data.
Sounds good. We need the Federal government to stand up to corporate data mining and we should get money from Facebook, Google, Amazon, and anyone else profiting from us.
8
Yet another reason to pay cash whenever possible/feasible.
3
On the advice of an attorney, I used the site, BeenVerified.com to try to track down a relative. Since this person had a criminal record, the information provided from public records was somewhat useful. However, when I did a search of myself, I found multiple inaccurate email addresses attributed to my identity and most confusingly, a photo of man unknown to me. When I called customer service to say that this photo of a man could not possibly be me, they said there was nothing they could do about it! All they do is aggregate info from public records, and in some public or internet record out there, this man's name and photo is inexplicably and inextricably matched as being me. I'm at a loss about how to untangle this, and any suggestions would be welcome.
17
Something to keep in mind which I've tried to educate my extended family with younger kids about...
When I was 5, I had a Nintendo.
When my Generation Z cousins turned 5, they received iPads.
This new generation has Facebooks and other social media which is collecting their data constantly. Companies will have targeted data about millions of people who they've been monitoring since they were children. Pictures, e-mails, texts, etc... being saved to cloud servers (it's not like they even have to target your personal device anymore!).
If the Federal Government doesn't take action to codify an individuals personal data as their own, or require compensation for personal data sold by companies, then I think Generation Z is going to end up with their whole generation and every aspect of their lives as a product being sold and monitored.
12
Soon the government will be TOLD by Facebook who arrest , then the circuit will be complete.
I believe Warren is the only one discussing this. And this is part of the reason WS is afraid of her. If I wouldn’t be so darned concerned about climate change this would be my number 1 priority over healthcare.
8
The author needs to lay out a case why I should spend time getting this data. I grew up in a small where every store and every police officer knew about me. This data just seems to be the same on a national scale. We already get info on credit ratings. Do I really care that a multinational firm does not think I would be a good customer and won’t inundate my mailboxes with ads? The fact that someone out in the country does not like me is something I can endure.
1
I hope anyone who is concerned with the idea of a company surreptitiously compiling data on their online and real-life personal history doesn’t also have a Facebook account...
7
Imagine a giant spreadsheet with 250 millions rows, each representing and American person.
Each row has more than 10,000 columns, column each representing aggregated datapoint a from all the myriad of sources included those mentioned in this article.
All this is necessary so armies of robots can waste endless electricity to best determine how to place targeted ads on everything we gaze.
Oh, and it’s going to get even worse my friends. Apple is about to flip the switch on it’s new U1 chip essentially putting object tracking radars on every phone in the world. Sure, that’ll be great for tracking your car keys and your children on occasion but I’d bet you those 10,000 columns are going to end up being 10 million columns as every possible intent in your life is packed up and archived for eternity. For the greater consumer good, you see.
Remember all this is being done to support arbitrary private corporations. This data is not being collected for the public good. It’s being collected and traded by callous companies run by callous individuals.
Let’s just outlaw the practice and put these callous individuals behinds bars, away from impressionable children.
If it’s hard on private companies and stockholders, honestly who cares? America’s capitalism was built on slavery so it’s not exactly like any of its apologists are particularly relevant at this point.
16
Make the movie, please.
2
They argue it IS for the public good.
It keeps prices down, it creates personalized experiences, it provides free content , etc....
and everyone believes it .
I tried to reach out to all of the companies listed.
I have only heard back from two.
Zeta told me they needed to send me a confirmation email. That has never arrived.
And Retail Equation told me they would only send me my information if I supplied a "transaction ID number," adding: "This number will be between 9-11 numbers and ending in 3 letters. You will find this on your warned or declined receipt."
10
"I was alarmed to see my Airbnb messages and Yelp orders in the hands of a company I’d never heard of before, he responded by saying that Sift doesn’t sell or share any of the data it has with third parties" - duh-oh!?!?!? - 'Sift' is the baseline example of a third party
6
The privacy war is over. We lost.
13
Ten people requested their data and they only had files on two? Sounds to me like this is more of an opportunity to build their record of the number of people they can track, i.e submit a request and they now know about you. This likely isn’t about transparency.
2
This is one of the most useful and insightful reads I've had on NYT in a long time. TY Kashmir Hill! Requesting a copy of my data today.
6
we need some new laws. yesterday. this is basically a shadow version of the Chinese Citizen score.
(I'm sure this comment will go in my file and be used against me at some point).
11
Except instead of the “Big Brother” government it’s free enterprise, capitalist corporations, so it’s totally ok, American as apple pie.
1
Not too long ago, I downloaded an app game. I was so into playing it that I started buying extra lives. These were, admittedly, unusual purchases for me and I was contacted by my credit card company, asking whether they were legitimately mine. At the time I thought they had an astute fraud detection algorithm, but now I'm wondering if they contracted with an outside company that analyzes my activities.
I didn't recognize a single company mentioned in this article. How does one even know what's going on behind the scenes?
3
@Kate
I believe that major card companies do have their own tracking systems, ones which do pickup on purchases made which are very different from your usual purchases or not in the areas you normally habituate. Once I had no idea a card was missing until they called. And once I bought something from a sham outfit, and they reimbursed me even tho' it WAS my fault.
But I am very curious about this - especially with that Air B&B link. "Bad" ratings, it would seem, could be wedged into some files forever and you would never have a clue.
2
I just tried this using Zeta. I must upload a picture of my passport number or driver's license, which they ASSURE me they will destroy after using. How can I be sure. Thanks for letting us know about all this data gathering.
543
Simply modify the number with an image editor before sending.
23
@Meighan Corbett
If companies like Zeta gathered information about me without my knowledge in the first place, why would I ever think they could be trusted to destroy my personal information that could REALLY cause havoc if it ever got into the wrong hands?
Since they seem to have so much of your information Ms. Corbett, perhaps they should send YOU a document with your personal information so you could review and verify.
116
@Waste , face recognition software makes ID numbers irrelevant.
17
This writer doesn't get it and neither does anyone else who uses anything on the internet and expects "privacy." The idea of "privacy" is naive, silly even. You don't want your data used then don't use the internet. Simple. Most people don't care.
3
@Marvin -- Agreed! I really don't care at all. I feel sorry for the person (if there is one) who has to parse all of my Amazon orders and gift-giving. Just another distraction from the real threat out there.
Just sent my requests!
I would love to see a follow-up story featuring people who have managed to erase their presence from databases such as the ones mentioned in this article. They must exist, right?
4
First, let's admit that the 4th Amendment is dead. Unreasonable searches without cause went away with the first airport scanners, and this is the latest attack on our privacy at the hands of a do-nothing Congress that should have enacted privacy laws decades ago.
Now with the coming of quantum computers that will be able to hack any password and process larger volumes of data faster, we need to pressure lawmakers to take action to protect what privacy we have left. Otherwise, we're all standing around naked.
9
The 4th Amendment only applies to the government. It has no bearing on private, for profit corporations that require you to read (ha!) and sign a release that is dozens or hundreds of pages of small font legalese intentionally worded to confuse and obfuscate the fact that you’re allowing them to collect and sell your information just so they will allow you to use a product you may or may not have paid for. Remember, if you’re not paying for a service or good, you are the profitable part of that company.
5
As far as I understand these scores are not for a person, these are for a transactions. These are needed to prevent online fraud and make internet a safe place.
Without these safeguards in place, internet would be a wild place where fraudsters can target innocent victims like you and me.
2
I couldn't give a hoot! If I want something I buy it and the seller is always acceptable to taking my money!
2
@CK Until they use incorrect info against you in a job interview or purchase of a home...or applying for credit in general or refuse your product return then you’ll give a hoot.
11
Yes there’s no reason to stay awake worrying about it but the risk that some bad data could mistakenly be used to deny you service is real and for some people that could cause them problems with no clear way of solving them.
Some years ago when I had been denied credit due to a low credit score I called the credit reporting companies and found out that they still had some bad marks against me from more than 10 years prior. The law states that anything over 7 years be removed but they didn’t actually remove it until I called them. If I didn’t know who to call, and that 7 year law didn’t exist I might have had trouble getting a mortgage. More credit reports are easily accessible.
These data aggregation companies should be similarly transparent so that if someone has a problem due to a mistake they can rectify it easily.
2
Anymore, I try to pay in cash, I also give out fake info when dealing with retail entities, fake phone number, fake email addresses, fake physical address. I don't do surveys. I don't play games online. I don't engage in online tests. What to do however, when your hospital and your records are hacked? Increasingly, it takes ever more time to protect your privacy. I'm all for returning to a state of Luddite-ism to stop the rolling snowball from turning into an avalanche.
9
While visiting the NYTs site the waiting pinwheel icon is very often spinning, in fact more than any other website I have to wait to regain control of my computer. Sometimes when I hit delete and esc together the pinwheel goes away.
Anyway, without definitive proof I think the Times is working me for all its worth. I have deleted all cookies and then gone back to only the Times for my normal morning reading and found close to a dozen items tracking me and I'm sick of it.
I should add that even when one shuts down tracking and other invasive actions by apparently nearly every site one visits all the spy ware is still operational.
We need some laws and we need them ten years ago.
When things are, or get, too absurd I shut the site down.
This is my computer, how can it be that the law allows commercial interest to hijack it?
9
Anyone notice that Amazon is collecting/analyzing your voice/speech patterns? No Alexa in this house, but I called regarding my Amazon credit card and the automated recording announced my call would be recorded in order to identify me in the future -EEEK!
7
@Al King, in my experience all credit card companies play the warning about your call being recorded “for training purposes.” They don’t say who or what is being trained, though. Charles Schwab gives clients the option to use their voice as a password (you are prompted to record the statement, “At Charles Schwab, my course is my password.”). I had the impression that this was a pretty safe mode of identification.
1
Wait a minute! These so-called information-providing sites NOW ask for copies of government-issued identification in order to get the information they have essentially stolen from me? That is outrageous and no thanks!
But how do I say NO?
I would guess that fewer than half the ordinary large corporations I deal with on a routine basis record correct information, e.g. my name is commonly switched around; my address contains a NE in the middle of it signifying Northeast which some artificial dummy or real live dummy usually adjusts to their format and interprets as Nebraska. Bills are wrong, service is not discontinued or started on time. I use chat, phonecalls, emails randomly in vain and hysterical attempts to get some redress.
The company/provider/failed supplier can't handle that and yet another company wants to aggregate all of it into a source of information which I do not condone?
How do we say 'stop' to all of this that is already out-of-control?
7
One of the many bad things about storing this data is that so much of the data is wrong about the person. For instance, my father-in-law had no interest in learning how to use a computer, so I had to do everything for him when he needed info, or needed a plane or bus ticket.
Now he is deceased but the companies he dealt with are still following me around. (I'm looking at you, Greyhound.) Lots of information out there about me says I'm a 91-year-old man who likes to take a bus to spend the winter on the Gulf Coast each year.
35
I want to retrieve my report but am loathe to give these companies even more information in the form of my driver's license. This article has made me more inclined to use cash instead of card, though with omnipresent cameras and advances in facial recognition software, who knows how helpful that will be.
4
oh my oh my. So without any laws in place, we might not be able to even find out what data is being collected where? Tempted to move to the EU. As a web developer, the EU privacy laws are a pain but at least you get clarity as to what is being held and can fight incorrect information. We have no protection! The EU's law is way past where we should be but we need to be on that path!
4
The question is of course, armed with this information, what can I do about it?
6
What's the point of getting this data? I get it, I'm being tracked, to a degree that is rather astonishing. But short of abstaining from the digital world, there isn't much if anything I can do about it. While I'm not thrilled about it, I'm also not convinced I need to be that worried. IMHO, the best thing we can all do to combat this is to ignore internet advertising, and be smarter consumers. I never click on an internet ad and I don't really understand why anyone does. If you need to buy something, do your research, read reviews, go to a store to check it out in person, etc. If you decide to buy it on-line, for price or convenience, fine. But there is literally no reason to let advertising affect your buying decisions.
5
Great article. Thank you.
2
The title claims the author got her “score” and we can too, but that’s as misleading as the rest of this surveillance industry. She never got her score or any of the analytics that were used, only the raw data. If you’re going to title the story that way, please deliver what’s promised.
31
Ok, but is the technology being used to root out fraud on these own companies' platforms?
Take, for example, this Vice article about fraudulent Airbnb listings: https://www.vice.com/en_us/article/43k7z3/nationwide-fake-host-scam-on-airbnb
It's fine to try to stop fraudulent customer practices, but I'd be angry at Airbnb not using the same technology to PROTECT customers.
2
With the exception of Zeta, confirmation of identity isn't required to make these requests. What's to stop anyone from picking up intel on others?
Relatedly, how much more do these companies know about political candidates than the general public?
2
Collecting data is part of the consent to participate in the age of technology - google, FB, credit cards, online bank transactions, free email accounts, public library borrowings, EZ pass transactions or other state authorized toll systems, plate and license numbers in private and public parking lots, court records, school records, tax records except Trump, addresses past and present, health records, public utility bills and meter readings, real estate pictures on map reading systems like GPS, store security cameras in stores and parking lots, public transportation ridership cards, and noted here - credit cards from banks, stores, airlines, etc. We will never be able to avoid being tracked, identified, classified, analyzed, hacked, disinformed, targeted, but wait, coming to an election near you - your absentee ballot will be expunged and destroyed or compromised based on your party affiliation.
4
So we could check up on those who are checking up on us? So company upon company upon company is offering to check for us? I really suspect any and all of them will track us. They are not the way to go.
So if I comment on a blog, my comments get transferred to a company like Sift? And they’re linked with my ID via the email address I used to sign up with? Is that how it works? And does the blog host get paid for the access?
I really really wish the so-called privacy policies told you *exactly* how your data were used, not just this vague “sharing with 3rd parties” stuff. And I’d love an article that connected the dots in the whole system so I could really understand what’s going on.
5
All data about individuals that is harvested and sold to others for money, should be sold only if we say so! And we should all be paid for each use. This entire industry amounts to theft. Facebook just had a fine of about half a million dollars in the UK for the Cambridge Analytica facial recognition scandal, and stealing and using the photos of 87,000,000 people cost Facebook (in fines) under one penny per person! These companies treat every individual with contempt and make all of us mistrustful of each other, when it is their stealth work in the background that is crooked. Congress needs to get up to speed and try to slam the lid on Pandora's box--if it is not already impossibly late to do so. As Pogo (an old cartoon strip character) used to say, "We have met the enemy, and he is us."
6
The surveillance state of 1984 has not only arrived, it's been surpassed.
We've reached the point where anyone can find out practically anything about anyone else for a price.
The question now is, what does that mean for our future?
I would suggest that absolutely nothing good will come of it.
12
ALERT: In a related matter, Google is moving to buy FitBit, which collects exercise, weight, and heart data and more. We don't know if Fitbit already sells those data, but we can be certain that once Google owns Fitbit, they will both use and sell data without our knowledge or consent. That's their modus operandi. Such data are very valuable to the healthcare and insurance industries and others.
There are alternative trackers to FitBit with which you can protect your data.
7
If Charle Foster Kane had access to this type of data about himself, he could have stored it in his great, big, winding rosebud of a cloud. I, on the other hand, have no interest in going down the rabbit hole to secure data such as my four year old, online chat with a mattress purveyor. I will stick to my credit report and leave this exercise to those fascinated by their own behavior.
Between this article and the one about clothing being a source of insult to the earth, I'm considering opting out of our consumer culture totally.
2
@bethannm
How?
2
Exactly.
@Riley2 It's not hard, though it's not 100% opting out. It's called bartering, and there's a thriving, online barter culture.
1
I filled out Zeta's form for information but the submit button never became active. Despite reloading the page and filling out the form multiple times, the submit button remained dimmed out.
6
I actually used tapmydata.com to send my own data rights requests to organisations. Problem is most companies resist giving back any data, as Marsha said require you to give up copies of your passport or ID. Grrrr.
What was good with Tapmydata is that I didn't have to give up any personal data to use the app, and had a handy place to keep all my requests. Worth looking into for any budding privacy folk :)
1
Thank you EUROPE! That's the only place on the planet right now that is trying to rein some of the insanity generated by US Internet-capitalism.
9
At least China is explicit about this sort of thing. Yikes.
Whatever became of the right to be let alone?
7
It's well and good for the New York Times to be reporting on these matters, but how often does it look into the journalistic mirror?
I use ad blockers because without them I would never open this website. I refuse to look at, or hear ads. I've never watched commercial television or listened to radio. I feel cleaner this way. But then the Times has pop ups beseeching me to turn the blockers off so that they can make more money from me. Conflict of Interest perhaps? Nothing is free in life, and those who would rather watch ads than pay up front for something are deluding themselves, and perpetuating a shadow economy that preys on us all. And someday, when you appear in court for violation of public assembly laws, (you were talking to a friend), it will come out that once, in a late night tweet, you expressed admiration for Karl Marx's beard, you will question in your mind whether it was worth it just for 10% on your next Uber ride.
8
Excellent article. Thank you!
1
How, specifically, does one do a Lexis/nexis search?
4
I find it interesting and suspicious that AirBnB purports to use this type of secretly-gathered data for the purposes of preventing fraud, while ignoring blatant fraud that is staring them in the face. Read the Vice article published on 10/31 (that I can't link to here) on AirBnB fraud to feel good and angry. Clearly AirBnB is getting your info for other purposes.
3
This is why I dislike Republicans because they kow tow to business. I'm an independent who believes Elizabeth Warren has done the best thing for the American consumer by championing the Consumer Financial Protection Bureau. Now let's get this guy Mulvaney out of it. He kowtows to Republicans' worst instincts.
8
Perhaps we need an anti-privacy movement?
You know, tell everyone everything. Your deepest fears. Your biggest regrets. All your personal failings. And everything in between. Just flood the internet and data aggregators with every iota of personal information you have.
Then again, we don't need to that do we? Because we already live in that world.
For the record my deepest regret is that I didn't go to see my mother in hospice when she was dying. It was my biggest betrayal, and it's something I can never fix, undue, of forgive myself for having done. Now, all of you know it too.
Since my phone is constantly listening in on me and everyone else, then it's manufacturer and my service provider already know this, so why not everyone else?
Frankly, I find this whole massive data collection thing as scary as it is utterly pathetic.
Even Orwell could not have predicted this level of invasion into one's very soul.
2
Tried to get info from Zeta Global, but never received confirmation email back -- now they have my driver's license!!
1
Seems like a perfect issue for "John-Oliver-ization"!
Editor’s note: This comment has been anonymized in accordance with applicable law(s).
10
@Steve, I’d like to see John Oliver’s social media file. Does he have a dark alter ego posting weirdness out there? Or, conversely, one that is posting Positivity messages sans cynicism and profanity? The man is a puzzle.
What would it cost me to get my info from Sift or one of the companies mentioned in this article? Seems like useful and relevant info, to me.
Who would want to dive into this kafkaesque nightmare? It’s like worrying about that the google maps photo of your house taken years ago might reveal something scary about you.
2
It would be interesting to know what the NYTimes collects about its consumers and visitors.
6
I wonder how many comments on the NYT site articles are recorded for 'posterity.'
9
WOW!
Does this mean that every NYT comment I ever wrote or will write is being gathered and stored on one of these obscure companies?
Even if the answer is no, what these companies are doing is creepy and sneaky to say the least.
Thanks for the heads up NYT!!! Very much appreciated.
7
What about our comments on NYTimes articles? Do those go anywhere???
Please let us know....
8
Is the NYTimes selling all of our comments on its news stories to some company like those featured in this article?
8
How about a follow up article on what data the NYT (and other newspapers, perhaps) collects and stores about its subscribers? Our comments? Our links to products featured - like Wirecutter, and any other personal data. I’m curious.
39
@Nancy Thank you for your comment. We hear your concern. The Times's publisher A. G. Sulzberger addressed some of these issues here: https://nyti.ms/32dOGV2
I hope this helps. Thanks again for the comment. And thank you for reading.
7
@Aidan Gardiner
Thanks for the link. The article states:
"Like virtually every business on the internet, we collect, use and share data about readers. We make money by using that data to sell advertisements and subscriptions, often working with other companies like Google and Facebook..."
what does "working with" mean? What information do you pass or sell to Facebook on users who are not Facebook members?
Thanks!
18
@Aidan Gardiner I have made the considered decision not to have anything to do with facebook. I have never had an account with facebook or any of its affiliates for very explicit reasons. They are number one on the list of companies I don't want to know I exist. If you are giving them information about me without my consent, this is a serious problem. You hereby are directed to cease doing so immediately.
8
Of course, we do have the option of going to a bank or atm and picking up cash, walking into a retail situation, and purchasing an item with that cash.
Also, it might help to pay careful attention to any place you make purchases that they are a recognized firm, that you pay promply for ordered goods/services, and avoid those companies known for more customer tracking than usual (airbnb, uber).
2
We already know that the Trump campaign, for example, uses this kind of data for micro-targeting its pitch.
How long before this data is used to suppress or round up its enemies?
You might say that is unnecessarily alarmist or paranoid, but that is exactly what the Nazi Party did, minus the high tech.
This is why data protection and privacy laws are as strong as they are in Europe. It happened to them, folks. In this dangerous time for our country, more articles should recall the history behind European privacy law.
8
Companies will continue to run roughshod over consumers as long as consumers keep consuming. Complaining will do nothing. Only collective ACTION will serve.
3
What this article reveals is what it means to live on this planet in the year 2019. Privacy, once a cherished element of human life, is no longer possible. The commonplace village, neighborhood gossip, the individual stationed behind a window curtain surveying the street scene has been usurped by global search engines that may one day be able to calculate how many pieces of toilet paper you use on a daily basis. It amounts to this. There are those out there able to find out everything they can about you as an individual. And if they're determined to do it they will.
3
I would have no problem with companies collecting this information provided they were required by law to send every consumer a copy of every bit of information they collect. Just cc me.
5
If this information is out there, we need to have it publicly available as we are deciding on who to vote for next November.
3
Until Americans realize that the convenience that comes with automation and having the machines remember orders, etc., carries the high price of complete lack of privacy, this will continue. I know this will sound out there, but if we are ever able to create androids that look like humans, we've certainly given them a rich and powerful database of human behavior with which to be programmed.
3
Why would I care? I have nothing to hide. They’ll be very bored and unimpressed that I’m not contributing to the economy enough by only buying what I need and buyng mostly second hand. Don’t we all have more important things to worry about? Like climate change?
2
Yes there’s no reason to stay awake worrying about it but the risk that some bad data could mistakenly be used to deny you service is real and for some people that could cause them problems with no clear way of solving them.
Some years ago when I had been denied credit due to a low credit score I called the credit reporting companies and found out that they still had some bad marks against me from more than 10 years prior. The law states that anything over 7 years be removed but they didn’t actually remove it until I called them. If I didn’t know who to call, and that 7 year law didn’t exist I might have had trouble getting a mortgage. More credit reports are easily accessible.
These data aggregation companies should be similarly transparent so that if someone has a problem due to a mistake they can rectify it easily.
8
@Julia Longpre Whenever someone says ‘I have nothing to hide’, I must remind them the definition of ‘nothing to hide’ is not resting with THEIR interpretation of the phrase.
‘Absence of mallice’ doesn’t cut it.
4
@Julia Longpre Not caring about data privacy because you have nothing to hide is like not caring about free speech because you have nothing to say.
8
This is motivation to use cash at least part of the time...
3
It was an interesting article and good to know such thing (consumer score) exist and can be obtained. Good one.
1
These companies are in business to make money. Just like any other company. Self- regulation is anathema to profit. I'm going to check my info, but I don't expect these companies to regulate themselves. In a capitalist system, that's not their job. Duh.
6
My motto has been, is, and will be, "No commercial transactions via Internet!". Admittedly, this is unfortunately not always possible.
What good are the personal ratings for? Once I looked up my creditworthiness from three big rating agencies. It was high, and I proudly sent it to my bank. Their response was, "Keep quiet. When, and if, you would need to borrow money, we shall do all the credit-checking work".
2
If our consumer data has value, why don’t the companies that collect it from us and sell it without our permission have to pay us for it? There oughta be a law...
12
The "land of the free" should at least adopt the rules they have in the EU to protect our privacy.
12
This is truly terrifying.
What really concerns me is how this information might be shared with potential employers. Sift's assurance that this info isn't share specifically does nothing to allay my fears that it's available to anyone with enough money or clout, including the government.
6
@Clyde If this is what terrifies you, you're not paying attention.
Thank you for the informative article.
I have long felt that what we need is some enterprising programmer to build an app to flood the "big data" aggregators.
The app would go to hundreds of random internet sites each night so that the big data companies would be flooded with reams of unintelligible data about us.
10
Absolutely ! I try to provide bad info on surveys, tag animals and items for faces on Facebook etc. Programming code to do this, a sort of reverse spam, would be much more efficient !
3
Thank you for this really important and useful article. Kudos to the author.
Despite my misgivings on a whole host of fronts -- especially your political reporting -- articles like this in NYT is the reason why I continue to subscribe.
12
So, companies hire other companies to gather all this info on me to determine whether or not they want my business? I've got news for them: anyone who doesn't want my money doesn't get it. Are you reading, all you Manhattan stores that don't take cash for a cup of coffee or an ice cream cone? I haven't bought anything at Best Buy in years because of their lousy return policies.
5
If you're a private person, this data-gathering is appalling.
So, these incredibly valuable, yet opaque companies want to sell my data to other companies to predict how trustworthy I am and what they can tempt me to buy or do?
Well, give it your best shot, data-miners. I'm an adult with critical thinking capabilities and I have an ad-blocker. I'm honest, trustworthy, kind, intelligent and normal.
Don't you think I can see you coming from a mile away?
11
Of course the focus in articles like this is always on the amount of data being collected that we don't know about, and the havoc that is sometimes caused by a bad algorithm or an algorithm working with bad data. But we should also keep in mind that sometimes (maybe most of the time) the algorithm works FOR us.
A few years back, I was contacted by the IRS, asking whether I had filed my return and requested a refund (I had not) - their algorithm had spotted something fishy. A few months later, Visa contacted me by phone to ask if I had applied for a new credit card (I had not). A few months ago, I was contacted via email by an on-line merchant I do business with frequently to ask if the new delivery address added to my account legit (it was not). Last month, a text message from American Express asked if i had just placed a $35 order with Uber Eats (I had not).
In each case, a "fraud alert" algorithm had spotted something and raised a red flag. There were some minor hassles involved in getting things fixed, but no major damage was done, thanks to the algorithm.
29
@Gary R Yes, but in each case you cite, YOU we’re the responsible party to make ultimate determination of the legitimacy (or not) of actions in your name. That is NOT the gist of the article.
I have no problem with Chase running their algorithms on any card activity under my name. I would, however, have a problem with have mined data, however accurate or not, being fed to some entity to make a non-explanable determination about me.
21
Great article, revealing yet new creepiness in our daily lives on the Internet. But I'm left with absolutely no interest in asking for any of this data - it would only make me feel even creepier! Am I going to look for errors and ask that they be corrected, a la credit reports? Would I request that certain data be updated to reflect something new in my life? No, of course not, it would be an insane task and for what purpose? As Ms Hill said, there's no way to really know how that information is being used. All in all, I'm left feeling creepy and, yes, stopping all data collection would really be a kick! The Internet would undoubtedly grind to a halt, Google would have nothing to do, and I'd probably still feel creepy because of all the other, usual stuff.
7
I wonder how much data these companies sell to the government.
3
@Lisa Elliott Or, worse....being accesed through a backdoor. Like him or not, Snowdon did some level of good.
1
I'm not a digital native, so when I read "easy ways to de-activate blah-blah-blah" I get a few paragraphs in and decide it isn't worth it. I no longer click on links from these articles unless they are NYT, because I do know, even with removing cookies, I am inviting spam which will be "removed in 10 business days," (assuming there is a link to remove it and I have a magnifying glass with which to see it) which given the state of business here, means about 3-4 weeks.
Maybe when enough millennials are in Congress, something will be done. Unfortunately, it may be another generation before they replace the judges in the court system. By then there will be other issues.
10
@Mike S.
The millennials I know don't seem to be concerned about privacy, perhaps because thanks to their photos and other information being continually posted in their parents' FB pages they grew up without it.
4
The "June report" is thoroughly researched, laying out a detailed case that the Federal Trade Commission needs to begin to enforce existing law and request further consumer protections from Congress.
The authors might have gotten further by cc'ing congressional chairs of committees, all federal prosecutors and every state attorney general in the country.
They could have also sent the report to the Federal Communications Commission on the chance that retailers using these surveillance services are engaged in wire fraud.
Keeping a communication like this report specific to only the FTC and its commissioners allows the agency to be dilatory.
4
I am 56 and long term unemployed. I really need a job but declined an opportunity to “video interview” by UnitedHealthcare with a creepy computer AI system—not a human on the other side. Because I know Optum makes its money selling data, I ignored the invitation. I immediately knew how much data I’d be giving away by participating in a vile exercise like that, and have no idea what they would do with that data now or in the future, but it’s not hard to imagine.
19
AI job interviews? I have never heard of this before and would be very interested in an article on the topic.
@beth: OMG! Thanks for the info!
2
I seriously doubt that these companies have "decided to honor the laws’ transparency requirements even for those of us who are not lucky enough to live in Europe or the Golden State" out of the goodness of their hearts. I bet the only reason they're going to comply with the CCPA is because of the amount of business they do in California, not goodness.
2
What happens to the data they require as proof of identity?
They need it, right, but I’m sure it gets added to your file
10
Copy??
I should be paid for my data..it is , after all, my data.
8
Just another reason why we need Elizabeth Warren’s brains in a position of authority. If she can’t be the nominee, she should be the VP.
30
@Rockaway Pete Better yet, as head of an agency with decision making authority.
2
Just yesterday I listened to a radio program called Le Show by Harry Shearer on which he rebroadcasted an interview with an Harvard business school author named Shoshana Zuboff, author of The Age of Surveillance Capitalism
https://harryshearer.com/le-shows/november-03-2019/#t=04:00
It was frightening to hear all the data that is being collected on us all the time 24/7.
All in an effort to predict your behavior, now and in the future. Download it to listen in the car or subway and learn and know you have no privacy at all.....
12
I was returning something to Costco. I love Costco for many reasons. I love their return policy, they return most items without question.
The gentleman that ahead of me was returning used towels. The customer service employee returned the towels without question, but at the end of the transaction, the employee told the man that he would be loosing his Costco membership because he returned over 50% of the items that he had purchased.
I agree with Costco's policy. If a customer is so unhappy with Costco, they need to find another store.
That is GOOD data!
51
People should be more concerned about their medicay-related data is shared. PBMs aren't held to pharmacy standards and HIPAA is antiquated.
Pay more attention when you call the pharmacy, your doctor's office, labs, insurance companies. Same with banks, cell phone companies, utilities. For identification verification, how many times have they spoken out my address or phone number in full and asked me if it was correct? Rather than waiting for me to give it to them. Security questions such as your mother's maiden name are also a joke. Easy to obtain.
The algorithms used for targeting advertisements supposedly based on all this data are usually off base. Most of this data mining shares what most people post online via social media anyway.
Check out privacyrights.org for meaningful data breaches and privacy rights infirmation.
9
Many people seem to be suggesting 20th century solutions - like laws and regulation - for a 21st century problem. The reality is that the information gathering that is now taking place in this country is too big to stop. Witness the fact that Facebook will not ban false political ads simply because they physically cannot enough workers to do the verification work. Data collection companies will always get around whatever legal solution we come up with much, much faster than we will be able to detect that they have done so. And they will not care if they get caught. They will drag it all out in legal proceedings, pay whatever measly (to them) fine is handed out, lay a bit lower, and keep it up. The article itself provides proof of this, with one of the cited companies saying they will give you the file they have, then dragging their feet to do so, hoping you'll go away, and then never bother to follow their own policy. What more evidence do you need? As Alvin Toeffler presciently wrote in "Future Shock," technology will always advance at a much faster rate than we have the ability to evaluate it. In this game, we will forever be playing catch-up - and losing.
11
So, to find out what information has been amassed about us, we have to send them a copy of our driver's license?!
Thus, giving them even more information. Just wait until one of these companies gets hacked.
Cannot believe that the consumer advocate doesn't care that they know what she ordered on a certain day or exactly what her Yelp review said. That level of detail is scary. No one should be able to assemble that.
It's time to make the default of all websites opt-out. Only if someone agrees to be tracked and data-mined can that be done. Then, to put a value on privacy (which is actually priceless), any company accessing the data or using it any way should have to PAY the person at least a dollar per use. Both changes would soon put an end to wholesale data mining.
All this amounts to Surveillance Capitalism, a frightening new incarnation for capitalism. Highly recommend the book The Age of Surveillance Capitalism by Shoshana Zuboff. There have also been several book reviews and interviews with the author in popular magazines and newspapers (see The Guardian, e.g.) that will quickly bring you up to speed on all this.
835
@Marsha Pembroke
Very important book.
14
@Marsha Pembroke
I completely agree with your criticisms and I especially agree that opt-out should always be the default status.
However, your implicitly limiting your criticism to the private sector is not only unwarranted, it avoids acknowledging and addressing the most intense privacy invasion that occurs today.
The US government police have obtained secret court orders from secret courts that require entities like Google and many others to pass on 100% of our activity to the police in real time 24/7. And those entities are required to conceal from the public that they are complying with the secret court orders.
Surveillance capitalism is, indeed, very scary. But it pales in comparison to the dangers of the police state.
39
@Marsha Pembroke Your drivers license record is public information, so providing it to identify oneself is is, practically speaking, more annoyance than invasion. Nevertheless, the idea that we should have to identify ourselves in that way to a company which we have no relation with, is much more than an annoyance.
24
You should also consider checking into your LexisNexis file. It’s astounding the information they collect about you, from medical to insurance claims to driving record, credit files, criminal records, known associates and names of people who have used your social security number. I had rented a house with another person who moved out after 3 months and he was listed as a “known associate”. I didn’t know him from Adam. The rub is when the information they collect is wrong. I was in a situation where I was repeatedly turned down for jobs I was perfectly qualified for. If I hadn’t interviewed with a friend who asked me about a criminal charge that I had no knowledge of and had never committed I would have never known about it and never been able to get it removed. And that removal process would be the subject of another story. I’m currently having the same issue in a beef with my cable company and having inaccurate information removed from a credit file is a Herculean task. Most people just give up. I’ve met many people who are ok with data collection because they feel they don’t do anything wrong but if they looked a little more closely at these data aggregators they would be horrified.
754
@Paul Henson My husband had a similar experience when we were trying to rent our first apartment. We kept getting denied, and not until an employee of a leasing office leaked to us (we weren't technically supposed to know) that there was an eviction on his record that did not actually happen. Once we knew about it we spent about 6 months going through various court systems to have it removed, which was a pain, but at least we knew about it.
It seems unfathomable that something could cause your life to many headaches and that you're the last to know about it. What kind of sense does that make?
237
@Paul Henson, everyone has the right to a free credit report, annually, from the major credit agencies. It’s a good idea to check those every year or two, and keep on top of your rating. I have found incorrect information a few times, and have had it removed. It was not a “Herculean task” to do so. If you dispute a report of an outstanding debt, it is up to the business who reported it to prove that you owe it. In my case they were not able to prove that I owed it because I didn’t, and it dropped off my record.
12
@Passion for Peaches The eviction I referred to in my earlier email did NOT show up on any credit reports, nor would any of the criminal charges Paul Henson was talking about.
While it is important to monitor your credit report, it does not contain anywhere near the full amount of information that companies have on you. It doesn't even have your score, much less how they calculate it.
And also, while I'm glad that you had an easy time removing the errors, some are harder to correct and prove than others. Ask anyone who has ever had their identity stolen how easy it is to get your records corrected.
85
I find this info extremely inspirational. I have worked in retail and insurance all my life, and the amount of customer fraud out there is paramount. It makes one sad and hopeless about humanity to deal with thousands of citizen-crooks faking broken electronics, staging fake auto accidents, and requesting medical procedures their brother is actually in need of. The societal pivot away from faith and into complete secularism of body and soul is to blame, IMHO. As such, these companies keeping tabs on crooked consumers are a must.
44
@Misha
Faith in religion is no guarantee of morality and, in fact, is a guarantee of immoral treatment of those who do not fit the often brutally unforgiving standards of the favored in-group.
Your mistaken belief that people were more honest when they subscribed to archaic mythology means instead that women, the LGBTQ community, and others who were not white, heterosexual, and male were denied basic rights to exist as they were, choose their lives without prejudice, and control their destinies. They were and still are treated incredibly immorally by religious practitioners but somehow this is okay if fraud is prevented? Religious practitioners themselves were and are still found guilty of all kinds of crime. The most moral people I’ve known are atheists and the most immoral have been Christian.
Morality can be based on concepts of secular civility and the Golden Rule which is found in not only all religions but in many, many non-religious stories and texts which can be taught to children without subscribing to the archaic mythologies of sexist, homophobic desert-dwelling tribes of the Iron Age. Morality is a secular value that can be taught without “the fear of god”. Being a moral person without the need for an imaginary god waiting to punish wrongdoers is the sign of an adult and humanity is finally on the brink of growing up.
344
@Misha
How strange that you find it "inspirational" that companies track not only "crooked consumers" but all of us in such an invasive manner. I've actually worked in fraud prevention for many years so I'm quite familiar with the issues. Still I am not comfortable with this level of tracking on anyone.
As far as trying to sort out the good guys from the bad guys. I'll just say I agree with everything @left coast finch wrote.
107
@Misha : No one would have to fake needing a medical procedure to procure coverage for an uncovered sibling if we simply had universal health care.
Also, since when is participation in organized religion a guarantee of morality. The religious and the non-religious seem to cheat and steal at about equal levels.
119
This is scary. I already have no social media presence and have repeatedly requested that my data be removed from the major online databases. A google search of my name reveals nearly nothing save a photo of me at a public fundraising event ten years ago which is fine (the organization was highly worthwhile and I was looking my best). Now this and another commenter’s suggestion that we look into Lexus Nexus files (would the NYTimes also review and inform us about that company’s modus operandi?) means the battle for anonymity is never over. Thank you for keeping us informed!
237
@left coast finch, that you have made this post means you have a social media presence.
26
@left coast finch
I concur - thank you NYT for keeping us informed.
This article is yet another reason why I continue my paid subscription to the New York Times.
Such a stellar, incredible and outstanding news source!!!
45
@left coast finch I've done searches on Lexis before. Lexis specifically combs through public records, so you'll mostly see things like property records, court records and voter registration records. The "known associates" are people it guesses are or were your neighbors from property records or people who it thinks might be related to you. My impression is that it's geared toward lawyers, journalists, researchers etc. because it's a subscription service.
There are other sites that let you see someone's public records, for a fee -- mylife.com provides a snippet of info but asks you to pay for more, for example. THAT site creeps me out because it "rates" each person.
15
Protecting privacy will not be accomplished unless the real source of the problem is addressed.
Every time we interact with some company or government, data about us is generated. Some of that data is recorded. We expect, indeed we usually want, the entity we interact with to record, retain, and subsequently refer to that data in order to effectively and efficiently accomplish our objectives in subsequent interaction with that entity.
But we do not expect, and we usually do not want, the data from our interaction with an entity to be passed on to other entities. That passing on of the data is the problem. This article is about companies whose very business is based entirely on passing on that data. It accomplishes next to nothing to require that they reveal to us the data that others passed on to them and that they then have passed on to still others.
To protect privacy, we must attack it violation at the source. We must prevent the original passing on of the data. The Amazons, Verizons, BestBuys, etc that we interact with must not be allowed to pass on the information about us that they gain from those interactions.
Companies like Facebook and Google also pass on data about us from our interactions with them. But rather than physically transfering the data, they effectively act as agents of other entities to receive and use our data on behalf of those other entities. Facebook sells others access to us by using our data on the others' behalf.
224
@Errol I agree with your point. Just wondering what your thoughts are on (1) Facebook / Google being agents of this information, and (2) the argument that the amalgam of this data, say my information from Seamless and my information from Yelp, are used together for machine learning to prevent identity theft, much the same way you mentioned single companies using this data to provide value.
@Michelle
1) I object to targeted advertising and do everything I can to avoid it (I opt out when possible and find that actually does also yield a bonus to me of less advertising to me overall). I think media intermediaries like Google and Facebook should be prohibited from selling targeted advertising. That would eliminate most of the incentive those despicable companies have to spy on us so intensely.
2) As taxpayers, we are forced to pay for helping children to learn. That is enough to be forced to support. I do not think we should be forced to support learning by machines, which is what taking our data without our permission is. Besides, I don't think artificial intelligence will be our servant. I think private sector and government entities will trust the machines in preference to us. Any attempt by us mere humans to contradict or dispute the decisions of an AI will be essentially disbelieved and disregarded.
6
@Errol
The corporate world will be very upset with your Jeremiad against machine learning! Any innovation that enables Big Corporate to replace its human workers with less expensive machines raises the profit margin and in turn the stock price, What happens to the fired workers, some with a lifetime of dedication to their employer, is not a factor in the calculation.
4
Thanks for a great reporting on getting one's data from companies that collect information about the online habits of people who use various electronic media without their consent.
Despite using a virtual private network, how does one go about protecting one's online identity? Many of these surrepticious companies cross check and document the electronic identities of the devices used to access the internet, and indirectly able to establish the users' profile, location etc?
4
Interesting, but I’m a bit confused about how this information might be used against me. I know how the credit reporting agencies use similar data to extend or refuse credit. But how is what sounds like useless data going to be used? Disturbing as it might be to find out that someone is tracking my Airbnb, etc., until I know how that might negatively impact my life, I think I’ll stick to worrying about things like freeing children from the concentration camps on our southern border.
11
Another one of those ‘who knew’ articles. Thanks.
At least two things came to mind reading this; hoping someone is tracking how many times I hit the mute button on commercials (and now, the president), and why hasn’t somebody put up a site along the lines of “Just Ask Me”. Just ask if I’m looking for.....a new tv, new pet, new carpeting, etc- or ask me what I think about auto companies putting self-driving cars, trucks on our roadways- about car manufacturers forcing us to buy cars with more and more features we don’t want; a mandatory basic car option?
Spying in the name of....security, fraud protection? Where’s my protection from, them?
10
@Jo Williams
I was going to comment but after reading this eye opener, sorry, I'll pass.
It's called 'market research', and it has been going on for decades. Every credit card company, every bank, every utility and many retailers accumulate customer information and sell it to market research companies. It is precisely this information that we willingly provide to Facebook, and which they have monetized, much to the envy of other advertisers, especially the MSM.
1
@Getagrip
Decades ago it wasn’t so pervasive, voluminous and indexed. Nor as dangerous to the consumer.
4
This article shares my concerns about secret data abuses of consumers of their data. Private businesses should have a mandated ‘fiduciary’ like duty to protect your personal data. We should have codified Federal Law to allow citizens to have free access, object and respond to any data inaccuracies like GDPR type protections in Europe or the California Consumer Protection Act (CCPA).
14
Since we have always tracked all our purchases, no need to ask. As to social media or company complaints, no problem. They give us bad service once or twice and don't want to arouse my ire in the future.
1
Medical risk data collection is an increasing concern. Medicare insurance companies are now "offering to send someone to your home for a health check". No, it is an attempt to grade your risk done by someone who is not a physician. Then data will be "sold" to other firms that tap the elder market and used in negotiating coverage costs upward to make more profit for the for profit providers. Another argument to move to single payer. Evaluate the care offered, not the patient "risk".
102
@poslug I'd never thought of it. I'm getting a lot of voicemail messages (I never answer) from United Healthcare Advantage about the in-home health check. When I phone them with a question about coverage (their CSRs are excellent and local) they push the in-home health check. Now I know why.
24
Thank you for giving me the reason why my insurance company keeps calling me to set up one of their home health visits. I found it strange when they first began contacting me because they can easily see that I have appointments with my PCP a minimum of every 3 months.
When they became persistent, I asked them to stop calling me and told them I'd call if I changed my mind. After a year of peace, they called last week and I ignored their voicemail. The funny thing is that my record of claims is far more informative than any personal visit would ever be!
5
You don't have to live on the internet and social media!
18
@Donna Gray How do you know this comment isn't going into the database, along with your travel plans (I assume buy your airline tickets and make hotel reservations online) and that review of the food processor you returned?
My bank and airline already put me in the hold queue based on my value as a customer, but this is far more alarming.
I avoid social media, but I still give a ton of data to the Internet.
7
Excellent work! That’s why so many of us happily subscribe to the NYT.
I was ready to put in requests for my files until seeing that they require “government issued identification”. That would just add more info and value to their database.
What guarantee is there that a copy of a government ID wouldn’t leak out - none.
141
I had the exact same concern
8
A good - and entertaining - book on this topic is Cathy O’Neil’s “Weapons of Math Destruction “. Highly recommended.
13
You missed the critical element: How much. This story without tht tidbit is pure promotion for the vendors.
4
Thanks for your effort on this. Imagine if the 5 companies you named combined into one database.
3
Even if you get whatever information you seek, it doesn't address the issue of privacy.
18
An incredibly informative, useful — and disturbing — article. Thank you.
20
This reminds me of the outcry over China’s social credit score. So it turns out we have several. Once again we see that America should dial back it’s finger pointing and clean up its own house first. This is an occasion where America First is in order.
72
@Jack Max
That was my first thought also - China's social credit score and where all of this will lead to.
1
Imagine your behavior if the country, state or local governments become totalitarian and the government uses the accumulated data to decide how to deal with you!
43
Shades of Gattica...
6
@Artemis , it's amazing how prescient some predictions made on film and TV from 20 years ago have become.
1
I suspect most of us if we think about this, decide that ignorance is bliss. Otherwise, we simply worry ourselves senseless. Do I want to spend my few remaining years welcoming conflict and worry or do what I can to simply get through this very strange, unrelenting farce? I'll take a pass.
27
@Barry Moyer The problem with taking this stance is that the consent of a few is always represented (by those who benefit, follow the money) as indicating general consent by all, not only for current generations but for all future generations in perpetuity. You are absolutely free to speak for yourself, but you speak only for yourself; these companies have to be made to respect that. "Everyone's OK with it" will be the standard corporate/state response to data harvesting of this kind, facial recognition in violation of the Fourth Amendment, warrantless wiretapping, you name it. When Orwell wrote 1984, it was not meant to be prescriptive.
28
@Livie
At your age you can afford to be blase about it. Everyone faces a serious threat. Perhaps think of your kids and grandkids and what kind of world they're stuck with during their many years left. It kills me to know what mine are going to be dealing with, when they're already dealing with so much of it. And I won't be here to help them or even offer moral support.
While it satisfies our curiosity to know what data is out there about us, is there something we can do to remove personal data or correct false data? Otherwise, what good is having this information?
47
@Ann Knowing is half the battle. If nothing else, it may change your information sharing habits
8
I opt out of collecting my data whenever possible, but it’s not always an option. Knowing what’s out there about you is half the battle, the other more important battle is how to remove or fix erroneous data which this article does not cover.
6
This kind of activity was once called spying.
Connecticut, where I live, is one of eleven "two-party" states, in which every party to a conversation must be made aware if it is recorded. Can these laws be extended to the surreptitious recording of personal data? It seems a natural extension to me.
284
@Brian Stewart:
Thanks for the reminder about "two party consent" states. NH is also on the right side of this issue as well.
And here are the 11 states as of January 2019:
• California
• Connecticut
• Florida
• Hawaii
• Illinois
• Maryland
• Massachusetts
• Montana
• New Hampshire
• Pennsylvania
• Washington
10
@Brian Stewart
I suspect that permission to record your personal data is somewhere in a company's privacy policy. But I don't know for sure, because I've never managed to finish reading one before agreeing to the terms.
21
@Van
You are surely right. We trade away our privacy for whatever small convenience we gain, and the privacy policy constitutes a wall of inconvenience preventing us from even grasping what we are giving up.
But something else that prevents us from grasping what we are giving up is the fact that the portrait of us assembled from the fragments we don't care about is something we never even imagined possible.
It reminds me of the way all the little emissions by billions of actors add up to something we never imagined, which is now threatening society.
5
Thanks for this. I will use it.
2
I don’t see how verification of my identity via passport, drivers license, etc. makes the data these companies have on me more valuable and trustworthy. Won’t do it.
22
These companies are using our data to enrich themselves.
I say sue them for your share of the profits which these companies earn as a result of their trade in your personal information.
If they are going to make money using your personal information they should pay for it.
146
@MIKEinNYC hi, nice logo Mike
3
@MIKEinNYC
I thought about this more and mused about how these companies, which reveal personal data on you for a price, are so different from newspapers which essentially do the same thing. Newspapers find out stuff and put it out there and the make money when you buy the paper, physically or online.
That said, when it comes to newspapers they report information that is in the public domain. No payments as to the subjects reported upon should be necessary. These other avaricious companies mine your personal data and charge fees for disclosing it to companies who also hope to make money on the use of your data.
Sue them for your piece of the profits and promulgate legislation requiring that companies who surreptitiously purloin your information pay you for it.
1
Thanks for this great journalism! I do echo the sentiment in other comments that the default setting about collecting my data should be opt-out! Also, that someone knowing what food I ordered 5 years ago is actually a troubling invasion of privacy.
108
I've no doubt there are people mining my data, but I wonder how much of what they have is accurate and how much is misinformation gathered because I'm doing a research for a book. Given the spam I get, I suspect they don't know me very well. More importantly, I don't care. Or, rather, I care a little but refuse to live my life in a state of fear and paranoia. Having said that, this is a fascinating piece. I just hope my friend who already has a diminished life because of her fear "they" are always tracking doesn't see it.
56
My dad used to tell me : To live happy, live hidden!
if this is not a wake up call to use snail mail and cash all over again and give up some of this wonderful convenience, I do not know what is.
I have this customer , paranoid as ever , huge buyer , pays me on the spot before I ship using postal money orders. bizarre but then again probably out of reach from big data.
So what's the big deal say you if they know what you order and how often. Imagine if your medical insurer gets a wind of 5 Mickey D meals a week. Or if your car insurer discovers that you are buying your own maintenance car parts and that the aftermarket brake parts are not approved by the manufacturer and you get in a fender bender. Or so many other scenarii I can think about that make me rue this brave new world!
125
@Jose Car insurance companies will give you a real deal if you attach a monitor that tracks your speed and location. In addition, your car's air bag system tracks your speed and the last several seconds can be downloaded by the police after an accident...
7
Another reason to never use AirBNB, or Yelp. I have never heard of Coinbase and I don't think I'll check them out.
The practice of deciding whose customer service phone call to answer pre-dates Big Data, especially with respect to credit card companies (don't ask how I know this) but wow, how much more "efficient" is that now. I suspect that many more companies have adopted the practice of "telling" front line staff how to treat you. And since there are cameras trained on them at every moment, they'd better do what the algorithm says... in other words, don't blame them, they are as much victims as we are.
I wonder if returning to cash-based everything as much as possible will help here... alas, somehow I doubt it.
Thanks for a detailed, and scary, substantial piece of journalism.
69
I thought the same thing. Would a pre-paid card make this less traceable? I don’t know, probably not.
5
@The View From Downriver , the real problem is if their system is WRONG. There have been a number of changes I have detected in my interactions with companies. I cannot prove it but the tone has changed.
If you try to mask your online activities, it obviously either causes their customer evaluation systems to fail or make mistakes.
And this is before we ever get to the fact that everyone is carrying a high fidelity camera and microphone around with them ALL OF THE TIME. So what guarantee do we have that these capabilities AREN'T being used?
Journalism like this matters. Most people have no clue exactly how much data they give away for free in the process of buying, communicating, and sharing online.
The real-world consequences of activity you might consider private, or unfair to judge are made real through algorithms that touch all parts of our life.
The NYT should continue to fund journalism like this to demystify the role of data in our lives, and how much we give away with “free services”. People need to understand these issues. Governments are too slow to realize how much control companies have gained through surveillance systems like these that are more powerful than some of the most protested powers the state holds today. Scary stuff.
321
@Fraser Gibbs
This and the gutting of consumer protection laws and fair practices by the current administration is what worries me the most.
For those who don’t care what personal data these and other random companies have in their files - would you care if it was inaccurate or misleading and unfairly targeted you in ways you didn’t realize that discriminated against you?
We need stronger consumer protection laws and they need to give us back some of the control that’s been lost to big tech.
62
@Fraser Gibbs says: "The NYT should continue to fund journalism like this"
How about the NYTimes start to practice what it preaches?
From the NYTimes "privacy" section:
"we gather personal information"
"Collection of personal information is necessary"
"We perform statistical, demographic and marketing analyses of users of the NYT Services"
"We share your personal information with our affiliates"
"We collect information about the computer, mobile device or other device you use to access the NYT Services"
"we gather certain information automatically and store it in log files. This information include IP address, browser type, operating system and other usage information about the use of the NYT Services, including a history of the pages you view."
"We automatically combine this collected log-information with other information we collect about you."
I could keep going but am running out of space.
23