Unfortunately, credit card companies/banks/etc have been selling purchasing histories, to pretty much all comers, for years.
It'd be really nice if we could stop that instead of caring about the particular people they sell it to.
IE It's not "better" when they sell it to someone who isn't Google, and I honestly could't give a crap about the complaint, which mostly deals with antitrust.
Visa is working to prevent people from using cash in stores [0]. Currently, they are merely giving merchants an incentive to change, but in the future they may use their immense lobbying power to get preferential legislation enacted.
Once cash is gone:
1. your purchases will be available to any company willing to pay for it, and
2. Visa will get a de facto "tax" on all transactions (through 1-2% merchant fees)
NB that handling cash isn't free either. You have to pay someone to count it, secure it, and steal it (you are arguably not intentionally paying people to steal cash, but shrinkage is certainly a cost of doing business in cash).
I've seen estimates that the cost of handling cash is actually higher than the interchange fees that Visa charges. This generally counts things like armored truck services, time spent counting cash (probably multiple times), time spent delivering cash, dealing with registers, etc.
Well, there is a third even better option, don't charge insane fees to finance ridiculous gimmick programs that for the vast majority of people never have >=1 RoI.
Interchange fees for CC are capped at 0.3% and 0.2% for debit in the EU. No 20 cards in every wallet, black pink yellow variations, no "yes VISA but not MasterCard" sillyness. Honestly even the cap of 0.3% is still far too high.
> I see a place that won’t take Amex, but no visa or mc?
Lots of places won't take AmEx or Discover (some of the highest fees in the business.)
CostCo currently only takes Visa (no MC.) Sam's used to only take Discover. It's rare, but it happens. In this case it's also only for "credit" purchases, "debit" is ok for any card, but the fees are way less for "debit" than "credit".
the bigger issue is that once cash is gone your purchasing history is available to government and nothing there is protected from prying eyes. plus a cashless society is far easier to control as purchases can be blocked at anytime as a goods or services can be declared illegal.
so while Visa is the threat in the forefront we need to be very wary about any attempt to push towards a cash less society until privacy is guaranteed from even government agencies
Any data hoarding and/or selling of this kind by anyone—credit card companies, loyalty cards, ISPs, Google, Amazon, creepy phone-wifi location spying in stores, anyone and anything like this—is de facto spying for the government. As has been discussed many times, keeping oneself clean of this spying (nearly impossible, but for the sake of argument) isn't enough because others' data leaks yours.
Anyone against government access to this stuff ought to be for strict limits/prohibitions on its collection by any entity. It's toxic and should be eliminated.
There is an entire industry of data aggregators and consumer profilers that has existed for decades, long before the internet landed on the scene. These players have been funneling data and providing search services to the three letter orgs in exchange for freedom from any legal encumbrance. There is no way to stop this from happening. They are the main reason why the US has such weak data protection laws in the first place.
Well, the way to stop it would be to outlaw it. More difficult and niche/low-visibility issues have been fought and won, over time. Not impossible, though not easy, and you'd be up against a maybe-unprecedented number of lobbying dollars.
In the days when we had interest rates it was possible to make money on transactions by taking the money one day and paying the invoice on the next day. Overnight the money would earn interest. This would be profit to cover the transaction. So a bank could make money moving cheques around for people, taking two weeks to clear back in the days when everything was manual.
So with electronic payment there is no human inspecting signatures and doing data entry. So why the merchant fees?
In a free market a competitor that just makes money on interest should be winning here.
AFAICT, interest rates are too low (near zero) for banks to make a profit on interest margins alone.
You could have a non-profit do the interchange, like the Interac network in Canada, but that would be difficult to coordinate without consolidating all the banks. (Canada has, like, only half a dozen.)
Actually this is solved in the eurozone with that payment method, name forgotten... It is a fundamental bit of what the Euro is about being able to transfer money without the fees.
Convenience. Handling cash is risky and expensive. You have to pay someone to count it, take it to the bank, where it has to be counted again, etc. That is time that has a cost. There is risk of loss or theft. That can be insured but there is a cost for that too. If you have to have an armored courier transport it, that has a cost.
Bottom line, the merchant fees are probably not much more than, and in some cases less than the costs of handling cash.
Only if the payment app ties directly to a bank account, rather than a card. I don't see any movement in that direction in the US, so the card networks would still be getting their cut.
I foresee a Wallmart/Amazon race between banks and online wallets in the future (each trying to become the other first). Paypal nearly got there a while back. They were actually paying more interest on your Paypal balance than banks were paying on your savings, since they didn't need all the infrastructure involved in being a bank. Not sure what happened to kill that.
Maybe this is how bitcoin (or one of the digital currencies) becomes mainstream, because it has to be used for embarrassing purchases, not just illegal ones.
I wish they'd lobby this harder overseas. I moved to Europe 10 months ago and one of my biggest qualms with seemingly almost every single vendor here is that they only take cash and in the rare cases they also take card, they only take some cards (sometimes Visa, sometimes Maestro, sometimes MasterCard, etc).
I would give up my purchasing history to everyone in the world if it meant I could use a single card to actually pay for 80% of things on a day-to-day basis. Cash sucks.
Europe? You need to be more specific than that. I find it hard to believe what you say and I live in eastern europe (Romania). I don't have any problem paying with cards here. It's an actual european law that asks the merchants to accept credit cards.
Sorry for being vague; just left it "europe" since I've moved around a bit since getting here.
I'm currently in Croatia, where it seems only restaurants and some grocery stores frequently take cards; I paid for an invoice at a local bank (Raiffeisenbank) yesterday that only took cash, which I thought was hilariously ironic.
For what it's worth, my stay in Iceland (3 months) was absolutely fantastic when it came to taking card payments.
On the other hand, the Netherlands (Amsterdam, 3 months) often only took Maestro-only (or sometimes Visa-only) in the cases where vendors even took cards.
Likewise in England (Sheffield, 3 months) many vendors only took cash, and were mightily confused by American cards (especially one requiring pin + signature).
I also had a brief stay in Italy (Naples, 1 week) where I found one restaurant that took any kind of card; everywhere else was cash-only.
This has been my experience. I didn't realize how commonplace card transactions actually were in America until I realized how rare they were in the places I've lived since.
I hate paying with cash because it's several extra mental steps to withdraw $X / maintain $X on hand / track expenditures / count up payments + check change / etc. It's so much easier and faster to use a card, so I hope Visa (or whomever, I don't have a preference as long as it's a card) lobbies for more widespread acceptance worldwide.
If that requires killing off cash, I wouldn't have a problem with that!
> Likewise in England (Sheffield, 3 months) many vendors only took cash, and were mightily confused by American cards (especially one requiring pin + signature).
Do you remember where? I live in Sheffield, and I'm having a hard time thinking of anywhere I would have an issue paying by card.
Had an incredible opportunity to do a road trip through Romania (including way off beaten path) with some elders that escaped during communism. Both my visa and sometimes American express worked in many areas albeit I prefer to use cash when I can and find myself trying to use cash more often every day.
Depending on where you are, you might just need to use another type of card.
Many parts of Europe have payment systems that are independent of VISA and MasterCard, but provide similar (but safer and more convenient) functionality, including the German-speaking countries.
I've made very clear when i speak for Google and when I don't, and i pretty much never do (except on some licensing issues).
If you want official statements from me, go elsewhere.
If you want HN to be a place of real discussion and debate,
it's stupid to try to tie people to their companies. I think very different from my company on quite a lot of issues, and i happily point that at too.
To your point, however, I didn't hand wave away anything. I said the real issue is "people can get this data". Are you really so naive as to believe this isn't being done by every damn company that can get the data?
Saying the real issue is that "Google" got this data, is, IMHO, missing the boat. I don't want Facebook to have it eithre! So to me, like I said, i don't give a shit about that part. You are more than welcome to have a different opinion!
I also worked in DC long enough that a random PR release by an organization devoted to lobbying on certain issues just doesn't bug me or make me care. Quite literally. So I said that.
They are more than welcome to file whatever complaints they want, and i hope they get some sort of response.
While i tend to disagree strongly with his views, i'm much more in favor of folks like ocdtrekkie filing complaints with whatever specific feelings they have on an issue, because at least i don't believe that's being driven by PR
(I know it may be shocking to learn that,in attempts to get funding, etc, non-profits do large coordinated PR campaigns the same way politicians submit bills they know will never pass so they can go home and talk abut it at a stump speech. Much like everyone else, they must stay relevant to be useful.).
I think the disclaimer would have been appropriate here just for transparency sake. As an employee and likely a shareholder, presumably people will be worried you have an ulterior motive in trying to get people to think of Google in a positive light.
I don't think it's so much about thing people to their companies but more about being transparent so people can form their own opinions. If people just accuse you of hiding that information it details the conversation anyway.
Just my opinion. I also work for Google and am pretty sure they also recommend being transparent when commenting on things related to the company although I admit it's been a while since I read the guidelines.
"I think the disclaimer would have been appropriate here just for transparency sake."
I'm very strongly against disclaimers for my personal opinions on random discussion forums , and will continue not to do so right up until i'm forced to (at which point, i'll probably just stop contributing). When I write or post articles in a public news setting or something, or get paid to write them, i'll be happy to.
When i'm just writing crap on HN, sorry, but no.
"presumably people will be worried you have an ulterior motive in trying to get people to think of Google in a positive light."
Which, again, should and does contribute literally nothing to a real discussion, much in the same way knowing a guy owns a 50 million dollar house does not make their opinions or viewpoints, or arguments, less valid on NIMBYism. Engage on the merits.
"but more about being transparent so people can form their own opinions".
People should not form opinions based on who other people work for, when they aren't speaking for their companies.
This is precisely a type of bias we should be seeking to prevent. It adds no value to an intellectual discussion. It just gives a mechanism for smug self satisfaction by saying "hey, i don't have to care if he has a good point, he works for X so i can just pretend it's not a real argument"
"I also work for Google and am pretty sure they also recommend being transparent when commenting on things related to the company although I admit it's been a while since I read the guidelines.'
I'm very very very familiar with the guidelines google issues.
> People should not form opinions based on who other people work for, when they aren't speaking for their companies. This is precisely a type of bias we should be seeking to prevent. It adds no value to an intellectual discussion. It just gives a mechanism for smug self satisfaction by saying "hey, i don't have to care if he has a good point, he works for X so i can just pretend it's not a real argument"
The irony is that by not disclosing the company you work for, you actually make it worse. If you disclose any conflicts of interest, then people will be less likely to accuse you of having an ulterior motive. I suppose it's a philosophical choice of living like how you want the world to be or how it is now and who am I to tell you how to live your life!
Origin comment said they didn't want data to be sold to anyone. I interpreted that to be including Google (and their other comments back it up).
While I agree that because of Google's intimate symbiosis with internet, it's nice to have transparency from employees when they protect Google, I don't think the Original Comment was protecting Google.
They were arguing that instead of being upset that Google can now get your data, in addition to [$OTHERCORP, ...], privacy advocates should be upset that any corp is getting the data.
> They were arguing that instead of being upset that Google can now get your data, in addition to [$OTHERCORP, ...], privacy advocates should be upset that any corp is getting the data.
Indeed when I said defending I didn't mean they were saying Google is right but rather moving the discussion away from having bad PR for Google, which is like defending the name of the company (even if it's justified). I admit that my vocabulary is rather limited so perhaps that is not the right word to use but hopefully you get my point.
If you want HN to be a place of real discussion and debate, it's stupid to try to tie people to their companies.
When the company is Google (or of a similar scale) -- and that company claims to care about privacy (but sometimes engages in practices that suggest otherwise) -- then clearly that association is quite relevant. (Its not a huge oversight, but really, if you had put a standard disclaimer at the end of your comment it would have come off a lot more nicely).
But calling people "stupid" for pointing out that this association matters (when it obviously does) is just... "Google-y", I guess.
"But calling people "stupid" for pointing out that this association matters (when it obviously does) is just... "Google-y", I guess.
"
You have not given any reason the association actually matters here[1], nor engaged the argument on the merits
Instead, you did precisely what i said would happen - character assassination for no reason. You also assert i called people stupid, which is also clearly false, I instead expressed that the notion that tying people to their companies would do anything useful is stupid.
[[1] It doesn't. You can engage the arguments on the merits whether it had my name or anyone else's. In fact, you'll see i didn't even express an argument past "it sucks they can sell info", and that i didn't give a shit about the complaint itself because it suggests that it's okay to sell it to certain people, when i feel it's not okay to sell it to anyone. I haven't actually seen anyone cogently disagree with this, and it's 100000000% irrelevant to where i work.
> IE It's not "better" when they sell it to someone who isn't Google
It obviously is, because these other someones don't have the same amount of information on you. It seems not unlikely to me (and probably others) that your difficulty in appreciating this point is employment related, even if you are arguing in good faith and are not consciously aware of it.
I don't disagree with you that the correct fix is to prohibit the sale of this information in general.
You also assert i called people stupid, which is also clearly false,
Sorry, but saying "it's stupid to do X" really is basically the same as saying... "people who do X are stupid". Or at least "they are, in that context, being stupid".
Either way, you said what you said -- and presumably you meant what you said -- so there's no point in trying to wiggle away from it.
That's not the problem. The problem is that ones opinions regarding the entity responsible for issuing their paycheck are inherently less valuable, and this context is important for others reading.
You might think you are completely objective and unbiased, as do most others, and maybe you are. But, most people are fooling themselves a little. Nobody will admit to themselves, let alone others, that they work for someone evil.
So really, if you want a place of real discussion and debate, it's important to tie people to their companies in cases where they are participating in discussions about these companies.
"he problem is that ones opinions regarding the entity responsible for issuing their paycheck are inherently less valuable"
No, they aren't, and it's horrendously biased to say that.
"So really, if you want a place of real discussion and debate, it's important to tie people to their companies in cases where they are participating in discussions about these companies.
"
No, it isn't, precisely because your premise is wrong. It's not just wrong, it's startlingly bad to me.
If your default position is "people's opinions are less valuable because they work for X", you really aren't going to do a good job of seeing multiple perspectives.
But given what you've written here, maybe you don't want to?
Eventually you'll find that making an issue of this, is a mistake. I was inclined to favor Google in this case, since TFA was published in the AMZN-CIA Post, but your unsavory contributions to this thread (not your original comment, but rather the clueless hole-digging that followed) have mostly changed my mind.
>I was inclined to favor Google... but your comments have changed my mind
That doesn't even make sense. The op made no argument for or against google in any of this thread, and has only tried to clarify that. Defending yourself against the Google hating bandwagon is clueless hole digging? Did you even read any of the op's comments?
You'll want to quote the entire statement, since what you've selectively quoted changes the meaning drastically.
People are less objective about an entity who is paying them. There is nothing controversial about this. I'm surprised someone like you would even convince themselves otherwise.
Eventually you just get the gist for who around here works at Google. ;) cromwellian, who responded to one of my comments here, is also a Googler.
Arguably, DannyBee is correct that the real issue is that credit card companies are allowed to sell this data at all. But perhaps the danger of this practice is especially highlighted by the fact that Google is now one of the buyers.
I put my disclaimer in my profile and I usually make it obvious from my comment I work for Google, but I really tire of putting a disclaimer in each and every message, it gets tedious after a while.
Perhaps HN should implement some kind of badget/sigfile/etc extension for this purpose.
But I'll also note that in my response, I didn't comment on whether or not what Google was going is a good thing, or even going about it in the right way, I merely commented that the information being speculated on is inaccurate and that there was a crypto-conference presentation that gave some details of what Google is doing that contradict what some of the commenters imply.
I actually understand the skepticism and I think it is related to the secrecy of the mechanism and if a peer reviewed paper were published, it might do much more to alleviate fears.
And I also upvoted your comment because I thought it was valuable and noteworthy. :) I really wasn't meaning to be critical to you in my response here.
HN seems kind of hesitant to add additional profile tools beyond the usual. I'm not sure if that's part of it's charm or a detriment. I think having a sig line on every comment might be tedious, and FWIW, I don't think it should be obligatory to attach your employer to every comment on every post on HN. There's a lot that's simply not remotely relevant.
I don't think there's a lot of benefit to this. People would still debate whether or not they needed to disclose. Some people believe that if their posts are their personal views, they don't need to disclose. People might be more likely to use throwaway accounts for personal opinions or posts on unrelated topics. Since HN doesn't mandate any of this be provided (or accurate), it becomes useless. I usually don't disclose my employer on my profile... but I don't work at a startup or major tech company and no companies discussed here have any sort of relationship with mine.
I think people should disclose they work for a company they are defending the position of online. But I don't see a way to force that issue in an environment that permits anon accounts.
I dunno, either people are there companies or they aren't.
I am not my company, and a lot of people elsewhere aren't either. I don't think who we work for is really relevant at all unless they are trying to make offical statements.
Either engage on the merits or don't. "Ignore this guy, he works for X" is not a useful line of argumentation.
The only thing putting company names next to things would create, IMHO, is an echo chamber.
(This is very different than journalists being paid to write specific articles or funded to do specific research, or even people paid quite specifically to astroturf)
If we believe it's some magical generalized conflict of interest, why stop at company names.
In any article about NIMBYism, should we require people post whjether they rent/own/own a home > 2 million/whatever.
etc
IMHO it's completely irrelevant to the merits of their argument. The merits don't change one way or the other.
It seems the only usefulness would be able to filter/confirm biases. At that point, why bother having a discussion.
One highlight point to me, is that as an employee posting on an identifiable account, you have two options: Convey the same view as your employer, or remain silent lest you risk being fired. (No matter how much a company claims this isn't the case, it pretty much is, particularly revolving around talk about that employer specifically.) I doubt there exists a public post where a Googler says they think Google should be broken up Ma Bell style, or where they state that Google's attitude on privacy is broken and wrong; anyone who said such would no longer be a Googler. And of course, since you're surrounded 8+ hours a day by people who generally find your employer and it's practices agreeable, you've got a natural bias anyways.
Therefore, the participation of employees adds a lean in their favor, and disclosure, if it doesn't neutralize it, at least flags it so people are aware.
Mind you, knowing you're a Googler, I did upvote your original comment, because I thought it was accurate and had value. And I do see the concern about people being dismissive of others based on their employers, particularly in comments not directly related to the topic being discussed. (Imagine trying to comment here with "Uber, Inc." after your name.)
"Convey the same view as your employer, or remain silent lest you risk being fired. (No matter how much a company claims this isn't the case, it pretty much is, particularly revolving around talk about that employer specifically.) I doubt there exists a public post where a Googler says they think Google should be broken up Ma Bell style, or where they state that Google's attitude on privacy is broken and wrong"
You are wrong on both points, FWIW :)
But it's definitely true at other companies.
" And I do see the concern about people being dismissive of others based on their employers, particularly in comments not directly related to the topic being discussed."
Given another person just literally said to me "the opinion is less valuable because you work for X", i'm much more worried about this attitude than i am the one where people are biased towards their companies.
Most people in tech are not true believers. Most probably like their companies. But that doesn't mean they agree with what their companies do all the time.
Especially in a company the size of, say, Google, it's pretty, IMHO, silly to think that among 150k of those people, there is no dissent, or not even a lot of dissent, all the time.
Yeah, first and foremost, it bothers me that this data can be sold at all in a user-identifiable way. (Presumably for Google to be able to link it to accounts, name and address are included in the data.)
Perhaps this offers the opportunity for a product, in the short term: Is anyone offering credit cards which promise not to sell your purchase history? I'd be game for that.
It looks to me like a form of homomorphic encryption where both the aggregate consumer transactions (people bought X at merchant M), and the aggregate Google ad information (people saw ad for X at merchant M) are encrypted and the set intersection is computed on the ciphertext revealing only the aggregate number of purchases, not the individuals.
Now granted, there could be a security hole in this scheme as with any crypto-protocol, so it does need peer review, but the design, as stated in that YouTube presentation, is not to reveal to Google personal purchasing information, nor reveal to merchants, personal profile information. No personal financial data or purchasing information is supposedly transmitted.
The problem with this kind of technology is that it is really difficult to explain to the public, and easily demagogued.
Assuming the encryption works as advertised, these schemes still allow more de-anonymization than you'd think. If you can compute very specific set intersections you can then get the set size low enough to reveal personal information with 100% certainty. (The set of people that bought X at M and Y at N and saw ad A at P and ad B at Q on a particular day might contain one person)
I do not know of any work in homomorphic encryption that claims to provide privacy guarantees in the face of side-channels from other sources (in this case, the side-channels could be phone location information for brick-and-mortar purchases, or web browsing activity timestamps for online purchases). It's not surprising that such work is hard to find, since merely computing correct query results breaks most reasonably privacy guarantees.
The closest thing I know of that is workable is differential privacy, which (in laymans terms) introduces enough noise to make sure that overly-specific queries return random (but representative) garbage. Apple says they use differential privacy to train models on data that's stored on iPhones without actually giving themselves access to that data. Cool stuff.
My question is... how is that supposed to work? How do they turn "person A's credit card account" and "person A's Google account" into something comparable. To say "X customers saw the ad and then purchased it", you've gotta be able to be able to confirm that the same person is on both sides of the dataset, which is a pretty hard problem even without it allegedly not sharing the info on one side with Google.
I guess this complaint from this article is asking the FTC to get more information on this process, or get Google to explain how it works, or something.
You can use geography, I assume this is meant to measure ROAS.
I've worked on a similar problem, and some very large retailers we worked with wanted to measure ROAS. They turned off all adspend in a certain large metropolitan area, while we turned on in that area. Measuring the sales lift/drop, gave an idea of the platform's effectiveness.
Any other demographic data point could also be used, not just geo. You don't necessarily need to link people directly.
I don't know in this case, but there are several identifiers that both parties might have (phone number, email address, billing address, name). In the industry, you can sometimes get "anonymized" data that is keyed by a hash of these identifiers, then you can hash your own identifiers and join to deanonymize. This isn't how it works in this case, but I know other companies do this.
>> IE It's not "better" when they sell it to someone who isn't Google
It's better in the sense that those companies can probably do much less with purchase histories than Google as they have less total information on me (whereas Google has email, web history, photos, etc. if I allow them).
It'd be really nice if we could stop that instead of caring about the particular people they sell it to.
IE It's not "better" when they sell it to someone who isn't Google, and I honestly could't give a crap about the complaint, which mostly deals with antitrust.