Wow, yea, that's a whole other thing. I wonder, though, if Google would now have more info.
For what it's worth Apple would be more likely to know your financial history than Google would. Doesn't Apple require a credit card on file for Apple services and pull credit reports for certain purchases? Maybe not.
Google will need your credit card details for their App Store and the App engine, oh, and their ad services of course.
I don't think Apple can pull credit reports which is why they rely on banks for their financing.
gatorguy said: There would be no way or reason for Google to have the type of information that Experian does. They won't know all your credit cards they won't know your banking information they won't have all your medical data they won't know who your insurers are they won't know what claims you filed.
For what it's worth Apple would be more likely to know your financial history than Google would. Doesn't Apple require a credit card on file for Apple services and pull credit reports for certain purchases? Maybe not.
Google is more likely to be able to combine information (unless you've taken extreme precautions) to know about most everything you've looked for, and a lot of what you've done on the Internet. Now... get Google and Experian together, and...
Wow, yea, that's a whole other thing. I wonder, though, if Google would now have more info.
There would be no way or reason for Google to have the type of information that Experian does. They won't know all your credit cards they won't know your banking information they won't have all your medical data they won't know who your insurers are they won't know what claims you filed.
For what it's worth Apple would be more likely to know your financial history than Google would. Doesn't Apple require a credit card on file for Apple services and pull credit reports for certain purchases? Maybe not.
Google has a ton of credit card transaction data. Very surprised you wouldn't know this. Not just credit cards, but both credit card and debit card records for approx 70% of all U.S. consumers!
The "private, secure and anonymous" claim is quite weak, because the entire purpose is to marry the purchases to users of google services. If you use gmail, for example, or attached your credit card to the play store, google knows exactly who you are, so the anonymous claim is pretty bogus. And while some of their algorithms are public and have been scrutinized, this is not.
As for banking information, there are an estimated 1.2 Billion gmail users, and most people tend to give their banks an email address. So yeah, google knows where you bank and high level info about their users' bank accounts, banking habits, etc. Overdraft notice? oops. Account got flagged for an unusual purchase? oops.
As for medical data, it's probably even worse. You do give your healthcare providers your email/gmail address, right? So even if the only info they send you via email is scheduling, google gets to see not only which medical facilities you use, but which doctors you see, when and how often you see them. That's extremely valuable data, for around a billion users, not just those in the U.S. For the less sophisticated healthcare providers who send more detailed information than scheduling, well I'm sure you get the picture.
Experian may know about your credit score, credit card usage, physical addresses..., but google knows most of that info, plus every word and image you share with your friends via email. Every place you looked up in your Maps app, where you were when you searched, and who you were with at the time.
As for the comparison with Apple services, I can only say that I use a variety of Apple products and services every day and they have absolutely zero information about me or my purchases. It does take extra effort on my part, but it's completely possible because their business model is to sell cool stuff in exchange for money. Apple does not require a credit card to purchase their products, they do
not require an email address or name or anything else. They do not
require a credit card to use the App Store, cash purchases of iTunes gift cards work great -- and they put an absolute limit on your loss in case of any kind of data breach. I don't believe it's possible to use google's services without them knowing (or "statistically knowing") who you are because the services aren't designed for that, and their business model is to know more about you so they can try to influence your purchases. But hey, people here keep wasting their breath telling you this over and over, it's not like you haven't heard it before.
Google has a ton of credit card transaction data. Very surprised you wouldn't know this. Not just credit cards, but both credit card and debit card records for approx 70% of all U.S. consumers!
Which has what to do with a reportedly flawed implementation of differential privacy on Apple's part? I think you forgot to comment on the article.
As for your "surprised you did not know that", the article you mentioned was only a about a month or so old, and I don't think reported elsewhere. It also does NOT claim Google collects credit card numbers either, only provided the transaction history to match to ads presented. and supposedly all anonymised is such a way that "This approach prevents Google from accessing the credit or debit card data for individuals." according to your article. Like with Apple and differential privacy we should not just take Google's word that it "works". The algorithms that safeguard individual records from being accessed by Google should be made available for examination, plain and simple. The EFF is right.
As for medical data, it's probably even worse. You do give your healthcare providers your email/gmail address, right? So even if the only info they send you via email is scheduling, google gets to see not only which medical facilities you use, but which doctors you see, when and how often you see them. That's extremely valuable data, for around a billion users, not just those in the U.S. For the less sophisticated healthcare providers who send more detailed information than scheduling, well I'm sure you get the picture.
But as you are on a fear-mongering adventure this morning let's continue to stay somewhat off-topic for a moment more before getting back to the article itself. Yes, it is certainly possible that an email provider, no matter which one it is, could serreptiouly be reading and recording your mentions of health problems in an email and using it for undisclosed purposes. Completely ruling out that they're doing so would be difficult, minimally requiring outside audits by independent outside firms to verify their stated privacy policies are true, can be proven, and are adequate wouldn't you say? Therefore you should be a little more at ease since Google does make itself available for mandated annual privacy audits, even better that it's by order of the FTC which means they can't shrug them off.
Point Two for why they probably don't do what you say they do: Google is in business for the money, just like every other for-profit company. If Google did in fact intentionally collect information about your gall-bladder problem for inclusion with your profile what would be the motivation? You say it's "very valuable", but how is it valuable for Google if they can't profit from it? Google does not place nor permit targeted ads for health conditions, nor for that matter ads targeting specific religious or ethnic groups, sexual persuasions, or a dozen other categories.They don't even permit 3rd party companies to use Google ads to collect information for themselves in those categories. So if Google can't profit from placing ads addressing your medical conditions what would be the motivation?
Just because a company COULD do something is not evidence they actually do it. As I said earlier you seem to be on a fear-monger mission by stating Google factually does all these nefarious things you offer no evidence of them doing. Yes absolutely true, they could(and so could Apple), but generally there would be some profitable reason motivating them to do so. We know why Experian or Acxiom does it, they're in the business of collecting and selling both personal and aggregated data and for them health information is very valuable particularly if it's an insurer or employer or lender asking for it... But that's not an area Google derives profits from, they rely on ad placements, and medical conditions won't make them ad money.
The actual concern for me (and should be for you too) is who the gatekeeper is for all the transaction data being provided and how do they safeguard it? Google can't collect it on their own. Even your mysterious oft-mentioned but never detailed "extra work" probably can't prevent records of much of what you've purchased (and visited and joined and licensed and financed and...) being collected and available for sale or trade by Experian and others, but we don't know where the now anonymised data Google is getting came from tho it's obviously a source that knows a bit more about your finances than they do. Another thing: Who possesses the other 30% and how is it used or shared? Who else gets transaction data, is it too anonymized, and what do those companies use it for? The article leaves a whole lot of open questions unrelated to Google.
So serious question since you seem pretty well-informed on the subject: Do you know who collected it, who is providing it and where they got it from? Any idea where they store it and who has access to it? In the wake of the recent massive privacy breach affecting nearly half of all Americans (and you might be one eve if you don't live in the US) I think that might be a good thing to look into.
Wow, yea, that's a whole other thing. I wonder, though, if Google would now have more info.
There would be no way or reason for Google to have the type of information that Experian does. They won't know all your credit cards they won't know your banking information they won't have all your medical data they won't know who your insurers are they won't know what claims you filed.
For what it's worth Apple would be more likely to know your financial history than Google would. Doesn't Apple require a credit card on file for Apple services and pull credit reports for certain purchases? Maybe not.
It does take extra effort on my part, but it's completely possible because their business model is to sell cool stuff in exchange for money. Apple does not require a credit card to purchase their products, they do
not require an email address or name or anything else. They do not
require a credit card to use the App Store, cash purchases of iTunes gift cards work great -- and they put an absolute limit on your loss in case of any kind of data breach.
You seem to think Apple and Google are different in this regard. I use gift cards too for my son's Android purchases. Google Play cards are available in nearly every grocery store and pharmacy, even many convenience stores. Like you've stated with Apple, zero need to have a credit card on file with them, nor would I. So no even tho you thought otherwise they don't know my credit card numbers anymore than Apple does yours.
You also say Apple does not require an email address to access Apple services. How so? Perhaps I'm not understanding what is absolutely required but AFAIK you still need an Apple ID to sign in for Apple services, which in turn requires:
A valid email address to use as your Apple ID username.
The once-mandatory requirement for a valid credit card on file in order to have access to Apple service was dropped relatively recently (maybe 2013 or so?) but many folks would not know that, particularly if they are long-time users. In any event Apple requires a valid email address to use for linking their services to "you" as far as I can tell, plus a backup email address in case of security concerns. Google requires a valid email address for linking their services to "you", and a backup email address for use with security related concerns.. Sure sounds like the same thing to me. Apple can "identify" you just as reliably (or not) as Google can. For instance in my particular case I maintain a faked "Google ID" email address with an imaginary name for use with Google services, backed up for security purposes to an otherwise unused email address under another fake name using double-forwarding to my secured business email account for those times when I would prefer not to share my real Google ID. Until I have reason to believe otherwise those times are pretty rare. On top of that my main email provider is NOT GMail in the first place, tho I'm becoming increasingly aware that the one I do rely on may be collecting and sharing personal information with outside 3rd parties, which if turns out to be true makes them far worse for my privacy than GMail and likely soon to be dismissed as a provider. EDIT: Came across a tutorial explaining how to set up an Apple ID without a credit card on file for those not familiar with the process http://www.idownloadblog.com/2014/08/05/how-to-create-apple-id-without-credit-card/
But I'll grant you that Google does know what apps I download and may use it for targeted ads if I don't opt out... but so does Apple who also uses "what they know" about your App Store visits and downloads to target ads tailored for you based on your profile. Yes Apple monetizing their users (aka "you are the product") but on a far smaller scale as they're just not as dependent on ads as Google obviously. Different revenue models that are both highly successful to the joy of their investors.
BTW what is Apple's limit to your losses, and is it any different than Google's? You've apparently know having looked into it and and I have not.
So now with all that out of the way, what is your opinion of the study this AI article reported which is what we should be discussing in this thread? Do you think Apple should be more forthcoming about the code they are using for their DP project, allow outside verification of its effectiveness and perhaps taking advice on how to improve it if it turns out to be lacking?
Wow, yea, that's a whole other thing. I wonder, though, if Google would now have more info.
For what it's worth Apple would be more likely to know your financial history than Google would. Doesn't Apple require a credit card on file for Apple services and pull credit reports for certain purchases? Maybe not.
Google will need your credit card details for their App Store and the App engine, oh, and their ad services of course.
No they don't. A fake ID and gift cards works as well as it does with the App Store. No credit card required. Not even your real name or real email address. Your name is not nearly as important as your anonymized profile indicating the likelihood of being prompted by an ad. You're connected to Google by an advertising ID number not your name and address. Just like with Apple you can reset that identifier whenever the you desire and start from scratch. OR opt out altogether if you wish. OR set up a fake Google ID. Google does not "know all" despite what Eric Schmidt or Blah64 might imply (for different purposes of course).
Google has a ton of credit card transaction data. Very surprised you wouldn't know this. Not just credit cards, but both credit card and debit card records for approx 70% of all U.S. consumers!
Which has what to do with a reportedly flawed implementation of differential privacy on Apple's part? I think you forgot to comment on the article.
As for your "surprised you did not know that", the article you mentioned was only a about a month or so old, and I don't think reported elsewhere. It also does NOT claim Google collects credit card numbers either, only provided the transaction history to match to ads presented. and supposedly all anonymised is such a way that "This approach prevents Google from accessing the credit or debit card data for individuals." according to your article. Like with Apple and differential privacy we should not just take Google's word that it "works". The algorithms that safeguard individual records from being accessed by Google should be made available for examination, plain and simple. The EFF is right.
So at least we agree on something. I think we probably agree on several things, but when a company like google gets credit and debit card usage reports for 70% of US consumers, they need to come clean on what/who/how. The point of what they're doing is to marry ad views to individually-identified credit/debit card purchases, at which point there's no way that's anonymous. They know, with extremely high statistical likelihood, who most of their their users are, based on email content, social graphs, data from other sources, and very sophisticated algorithms. It's likely that with some effort they're able to keep that data anonymous from *other* companies they do business with, but I can't see how it's anonymous to themselves. The very nature of what they're doing means tying ad views to individuals. I don't have any specific inside information on this, and it's a relatively new development, so I hope more info will be forthcoming soon.
I will say this though, I talk with a lot of "regular" people about this stuff, and many people just shrug their shoulders about google collecting data based on the content of their emails, which I find bizarre, but I'm accustomed to it now. However, when I've mentioned this new credit/debit card records info, I've been getting much more surprised and angry reactions. Perhaps people will just continue to bend over on this as well over time, but it's also possible that CC purchase records might strike people differently. Companies will push the envelope until the average person screams "STOP!", and apparently we haven't reached that point yet.
As for differential privacy, I totally agree that Apple should be more forthcoming with their methods and numbers as well, but I also agree with your assessment that both companies are just testing the waters and we'll know a lot more over time.
Google has a ton of credit card transaction data. Very surprised you wouldn't know this. Not just credit cards, but both credit card and debit card records for approx 70% of all U.S. consumers!
Which has what to do with a reportedly flawed implementation of differential privacy on Apple's part? I think you forgot to comment on the article.
As for your "surprised you did not know that", the article you mentioned was only a about a month or so old, and I don't think reported elsewhere. It also does NOT claim Google collects credit card numbers either, only provided the transaction history to match to ads presented. and supposedly all anonymised is such a way that "This approach prevents Google from accessing the credit or debit card data for individuals." according to your article. Like with Apple and differential privacy we should not just take Google's word that it "works". The algorithms that safeguard individual records from being accessed by Google should be made available for examination, plain and simple. The EFF is right.
So at least we agree on something. I think we probably agree on several things, but when a company like google gets credit and debit card usage reports for 70% of US consumers, they need to come clean on what/who/how. The point of what they're doing is to marry ad views to individually-identified credit/debit card purchases, at which point there's no way that's anonymous.
I did some digging for you on some of he marketing sites. Google isn't trying to be secretive about this, holding a conference where it was announced back in March. So as it turns out there supposedly is no "marrying" of individual consumer transactions with a specific on-line ad that they might have viewed, assuming of course that Google is being honest about the way it is designed,... and the EFF is 100% correct in asking for verification to make sure they are being forthright.
"Google says it has 70 percent coverage of credit and debit card transactions in the US. This is through data licensing agreements with major credit card companies. All of the data is anonymous and operates only at the aggregate level.
"There are two levels to Google’s in-store sales measurement. The more basic level will report on the in-store sales impact of AdWords campaigns without any back-end integration on the part of the advertiser. Google does this by comparing store visits using smartphone data with credit card transactions in the aggregate. In this way the company can determine whether, during some conversion window, online ads generated an incremental sales lift (in addition to visits).
Those that have customer loyalty and email data (ie cashier asks for your email address or you use a store loyalty card which includes that information and more anyway) can “import store transactions directly into AdWords” and get much more detail about the ad impact on product level sales in stores. This is similar to the Facebook methodology and also involves hashed data matched on the back end. Google stressed that all of this was being done in a privacy-compliant way."
FWIW I'm not all that comfortable with it, tho it seems it's not actually tracking identifiable people nor revealing specifically-connected purchases by individuals. Biggest surprise for me was to discover Facebook has been doing this for some time.
As for medical data, it's probably even worse. You do give your healthcare providers your email/gmail address, right? So even if the only info they send you via email is scheduling, google gets to see not only which medical facilities you use, but which doctors you see, when and how often you see them. That's extremely valuable data, for around a billion users, not just those in the U.S. For the less sophisticated healthcare providers who send more detailed information than scheduling, well I'm sure you get the picture.
But as you are on a fear-mongering adventure this morning let's continue to stay somewhat off-topic for a moment more before getting back to the article itself. Yes, it is certainly possible that an email provider, no matter which one it is, could serreptiouly be reading and recording your mentions of health problems in an email and using it for undisclosed purposes. Completely ruling out that they're doing so would be difficult, minimally requiring outside audits by independent outside firms to verify their stated privacy policies are true, can be proven, and are adequate wouldn't you say? Therefore you should be a little more at ease since Google does make itself available for mandated annual privacy audits, even better that it's by order of the FTC which means they can't shrug them off.
Point Two for why they probably don't do what you say they do: Google is in business for the money, just like every other for-profit company. If Google did in fact intentionally collect information about your gall-bladder problem for inclusion with your profile what would be the motivation? You say it's "very valuable", but how is it valuable for Google if they can't profit from it? Google does not place nor permit targeted ads for health conditions, nor for that matter ads targeting specific religious or ethnic groups, sexual persuasions, or a dozen other categories.They don't even permit 3rd party companies to use Google ads to collect information for themselves in those categories. So if Google can't profit from placing ads addressing your medical conditions what would be the motivation?
Just because a company COULD do something is not evidence they actually do it. As I said earlier you seem to be on a fear-monger mission by stating Google factually does all these nefarious things you offer no evidence of them doing. Yes absolutely true, they could(and so could Apple), but generally there would be some profitable reason motivating them to do so. We know why Experian or Acxiom does it, they're in the business of collecting and selling both personal and aggregated data and for them health information is very valuable particularly if it's an insurer or employer or lender asking for it... But that's not an area Google derives profits from, they rely on ad placements, and medical conditions won't make them ad money.
The actual concern for me (and should be for you too) is who the gatekeeper is for all the transaction data being provided and how do they safeguard it? Google can't collect it on their own. Even your mysterious oft-mentioned but never detailed "extra work" probably can't prevent records of much of what you've purchased (and visited and joined and licensed and financed and...) being collected and available for sale or trade by Experian and others, but we don't know where the now anonymised data Google is getting came from tho it's obviously a source that knows a bit more about your finances than they do. Another thing: Who possesses the other 30% and how is it used or shared? Who else gets transaction data, is it too anonymized, and what do those companies use it for? The article leaves a whole lot of open questions unrelated to Google.
So serious question since you seem pretty well-informed on the subject: Do you know who collected it, who is providing it and where they got it from? Any idea where they store it and who has access to it? In the wake of the recent massive privacy breach affecting nearly half of all Americans (and you might be one eve if you don't live in the US) I think that might be a good thing to look into.
Sure, google does not permit "targeted ads for health conditions" (and the other special categories). That does not mean that data isn't gathered (it is), and it doesn't mean it cannot be used in conjunction with other data to create more detailed composite profiles of their subjects, er, users. And yes, this gives google a great advantage in being able to target other types of ads, so there is profit motive. There's a great saying in our industry: just because you can't imagine it, doesn't mean it isn't possible.
The thing is, if you dig into how machine learning algorithms work, you'll come to understand that the relationships between input data and the resulting desired outputs are often not possible to map in ways that the devs can even understand, let alone "normal" people. ML is both amazing and scary as hell.
You are mostly correct with your mantra of: - just because a company COULD do something is not evidence that they actually do it.
However, we can also add corollaries: - if there isn't proof one way or another, let's follow the most likely path - if a company walks like a duck, talks like a duck, and acts like a duck, it probably swims in the nearby water. that's as close as I'm going to come to giving you "proof", but even without me saying more, logic and past behavior should be enough to drive one closer to the correct conclusion. There's a lot of shit happening behind the scenes that you don't know about, and it's really odd that you seem to take google's side over and over in what are *at* *best* neutral, there's-no-way-to-know situations.
I *also* despise companies like Acxiom, and what Experian and their ilk have become. But unlike your missives would lead one to believe you think, that in no way excuses google for their complete and utter thirst for personal, behavioral, actionable data about every single person on the planet. According to Princeton research, all of the top 5 trackers (on the top 1 million web sites) belong to google, as well as 12 of the top 20. They /dominate/ online, and they very likely are also buying data from companies like Acxiom and Experian (though I don't remember offhand if google is known to do this - facebook DOES buy this data). From my own firsthand experience, it's relatively easy for a dedicated (tech savvy) person to block virtually all facebook tracking. It's damn near impossible to block google's tracking.
Your last point here is a good one, and no, I don't know (yet) who is providing the CC/DB data, and google has thus far been very cagey about it. Why?! Are they afraid of consumer pushback? Hell, the average person seems willing to bend over and take whatever google gives them as long as they have a convenient email service, etc., so why bother being cagey? Perhaps what they're doing here finally crosses a line that they think consumers will care about? I don't have any info on this yet. I do hope they open up.
There would be no way or reason for Google to have the type of information that Experian does. They won't know all your credit cards they won't know your banking information they won't have all your medical data they won't know who your insurers are they won't know what claims you filed.
For what it's worth Apple would be more likely to know your financial history than Google would. Doesn't Apple require a credit card on file for Apple services and pull credit reports for certain purchases? Maybe not.
It does take extra effort on my part, but it's completely possible because their business model is to sell cool stuff in exchange for money. Apple does not require a credit card to purchase their products, they do
not require an email address or name or anything else. They do not
require a credit card to use the App Store, cash purchases of iTunes gift cards work great -- and they put an absolute limit on your loss in case of any kind of data breach.
You seem to think Apple and Google are different in this regard. I use gift cards too for my son's Android purchases. Google Play cards are available in nearly every grocery store and pharmacy, even many convenience stores. Like you've stated with Apple, zero need to have a credit card on file with them, nor would I. So no even tho you thought otherwise they don't know my credit card numbers anymore than Apple does yours.
Okay, good info. Frankly I feel a bit remiss for not knowing that offhand, but I steer clear of any google/android products personally and I haven't taken much interest in play store stuff. I'll need to read up on that.
You qualified by saying that you do this for your son's purchases, but what about your own? Did you tie your own CC to your account? Doesn't matter much if you use the device from your home and/or home network via wifi. That alone will identify you to most tracking companies.
In any case, the actual point was that most of google's services are designed around data collection. You've listed *one* that can be bypassed, but I doubt there are many others. For example, if one uses gmail with any regularity at all, then it's a near-certainty that google knows exactly who you are, online and offline. Same with most android devices. I don't use any of Apple's services that would give them that kind of data, and yet I use their products all the time -- just on my own terms. The only Apple services I use are the iTunes store and the App store, but I never use them from the same IP address twice, and I control my mobile apps' network access through a very tight external firewall. By their very nature, people don't really have that option with the vast majority of google's services, including "services" that don't require an account or even knowledge that you're using them. For example, search. Or google analytics. Or all the hosted stuff like jquery that google conveniently makes available to web devs for "free", in order to gather data on virtually every page that anyone visits on the web.
The very nature of the companies' businesses make them very different from a data collection standpoint. It's clear and factual, so it's odd that you fight this point all the time.
You also say Apple does not require an email address to access Apple services. How so? Perhaps I'm not understanding what is absolutely required but AFAIK you still need an Apple ID to sign in for Apple services, which in turn requires:
A valid email address to use as your Apple ID username.
Sorry, I should have said "real" email address. I made the iTunes account so many years ago that I probably made a fake one that I don't even remember. All of the above are easily done with fake info, so apparently for store purchases that's similar to Play.
But these days google even demands a real phone number to create a gmail. I've heard that requirement may be possible to bypass, but I haven't explored. If you know how offhand, I'd be interested in giving it a try, just for experimentation purposes.
As for the below, even back when Apple said they required a valid credit card it was possible to create an account without one. The process was a little cumbersome, but I did so many years ago.
As for "identifying" me via an email, nope. Fake emails, remember? I don't use them, and I don't forward them. The problem with attempting to fake emails with google is that unless you know how to ensure that you don't create them from known IP addresses or ever access them from your home, you are very likely personally identified, with a high statistical likelihood. Doesn't matter if you have 2 or 200 alternative emails, or whether you live alone or with a family of 6 with mixed network traffic. That's how good google and other profiling companies have become. None of them are as good as google, but ML is getting better and better and people generally aren't careful with their data.
The fact that you're using a non-gmail provider for your base email is good, but as you've learned, not necessarily great. If you are indeed ready to dismiss them, I recommend ProtonMail or Tutanota, but you'll want to experiment to see how they work for your own personal use cases. I'm curious about which email provider you're talking about and how you've come to be aware of their sharing. Perhaps PM if you don't want it in the public forum?
The once-mandatory requirement for a valid credit card on file in order to have access to Apple service was dropped relatively recently (maybe 2013 or so?) but many folks would not know that, particularly if they are long-time users. In any event Apple requires a valid email address to use for linking their services to "you" as far as I can tell, plus a backup email address in case of security concerns. Google requires a valid email address for linking their services to "you", and a backup email address for use with security related concerns.. Sure sounds like the same thing to me. Apple can "identify" you just as reliably (or not) as Google can. For instance in my particular case I maintain a faked "Google ID" email address with an imaginary name for use with Google services, backed up for security purposes to an otherwise unused email address under another fake name using double-forwarding to my secured business email account for those times when I would prefer not to share my real Google ID. Until I have reason to believe otherwise those times are pretty rare. On top of that my main email provider is NOT GMail in the first place, tho I'm becoming increasingly aware that the one I do rely on may be collecting and sharing personal information with outside 3rd parties, which if turns out to be true makes them far worse for my privacy than GMail and likely soon to be dismissed as a provider. EDIT: Came across a tutorial explaining how to set up an Apple ID without a credit card on file for those not familiar with the process http://www.idownloadblog.com/2014/08/05/how-to-create-apple-id-without-credit-card/
But I'll grant you that Google does know what apps I download and may use it for targeted ads if I don't opt out... but so does Apple who also uses "what they know" about your App Store visits and downloads to target ads tailored for you based on your profile. Yes Apple monetizing their users (aka "you are the product") but on a far smaller scale as they're just not as dependent on ads as Google obviously. Different revenue models that are both highly successful to the joy of their investors.
To elaborate on the above, Apple doesn't see *any* of my internet traffic except when I specifically allow it, which is limited to rare visits to iTune and App Stores, and exceedingly rare OS updates. No iCloud, etc. I only use wifi (no cell data), wifi is available the vast majority of places I hang out, and I'm in control of what goes in and out of my devices. This does limit my use of some apps, but none that are important to me. So nope, they (nor any 3rd party apps) don't show me ads, nor are they able to even attempt to identify me through IP address or other means -- as far as I can tell.
As for your opting out of google's targeted ads, I hope you know that's a joke, right? All you're opting out of is the last part of the chain, which is seeing the ads. At that point, who cares? The data gathering and behavioral profiling still happens.
BTW what is Apple's limit to your losses, and is it any different than Google's? You've apparently know having looked into it and and I have not.
So now with all that out of the way, what is your opinion of the study this AI article reported which is what we should be discussing in this thread? Do you think Apple should be more forthcoming about the code they are using for their DP project, allow outside verification of its effectiveness and perhaps taking advice on how to improve it if it turns out to be lacking?
The limit is simply that if I buy a $15 iTunes card and add it to the account, the maximum amount that could ever possibly under the worst case scenario be taken from me is $15. A very hard limit. It sounds like one could do something similar with Play if desired.
To reiterate on the last part, yes of course. But as you said about both companies, they are just getting their feet wet. Let's judge both of them once their DP systems start gaining some traction.
<blockquote>But these days google even demands a real phone number to create a
gmail. I've heard that requirement may be possible to bypass, but I
haven't explored. If you know how offhand, I'd be interested in giving
it a try, just for experimentation purposes.</blockquote>
Not sure why I bothered to ask this, I see/remember now that there are all kinds of tutorials, and I remember that most of them are either sketchy, require one number initially to create many accounts, rely on getting unique IPs, etc. None worked well when I last tried, but I wasn't being particularly diligent at the time. I may go back and revisit at some point.
Comments
I don't think Apple can pull credit reports which is why they rely on banks for their financing.
https://www.washingtonpost.com/news/the-switch/wp/2017/07/30/googles-new-program-to-track-shoppers-sparks-a-federal-privacy-complaint
The "private, secure and anonymous" claim is quite weak, because the entire purpose is to marry the purchases to users of google services. If you use gmail, for example, or attached your credit card to the play store, google knows exactly who you are, so the anonymous claim is pretty bogus. And while some of their algorithms are public and have been scrutinized, this is not.
As for banking information, there are an estimated 1.2 Billion gmail users, and most people tend to give their banks an email address. So yeah, google knows where you bank and high level info about their users' bank accounts, banking habits, etc. Overdraft notice? oops. Account got flagged for an unusual purchase? oops.
As for medical data, it's probably even worse. You do give your healthcare providers your email/gmail address, right? So even if the only info they send you via email is scheduling, google gets to see not only which medical facilities you use, but which doctors you see, when and how often you see them. That's extremely valuable data, for around a billion users, not just those in the U.S. For the less sophisticated healthcare providers who send more detailed information than scheduling, well I'm sure you get the picture.
Experian may know about your credit score, credit card usage, physical addresses..., but google knows most of that info, plus every word and image you share with your friends via email. Every place you looked up in your Maps app, where you were when you searched, and who you were with at the time.
As for the comparison with Apple services, I can only say that I use a variety of Apple products and services every day and they have absolutely zero information about me or my purchases. It does take extra effort on my part, but it's completely possible because their business model is to sell cool stuff in exchange for money. Apple does not require a credit card to purchase their products, they do not require an email address or name or anything else. They do not require a credit card to use the App Store, cash purchases of iTunes gift cards work great -- and they put an absolute limit on your loss in case of any kind of data breach. I don't believe it's possible to use google's services without them knowing (or "statistically knowing") who you are because the services aren't designed for that, and their business model is to know more about you so they can try to influence your purchases. But hey, people here keep wasting their breath telling you this over and over, it's not like you haven't heard it before.
As for your "surprised you did not know that", the article you mentioned was only a about a month or so old, and I don't think reported elsewhere. It also does NOT claim Google collects credit card numbers either, only provided the transaction history to match to ads presented. and supposedly all anonymised is such a way that "This approach prevents Google from accessing the credit or debit card data for individuals." according to your article. Like with Apple and differential privacy we should not just take Google's word that it "works". The algorithms that safeguard individual records from being accessed by Google should be made available for examination, plain and simple. The EFF is right.
Point Two for why they probably don't do what you say they do: Google is in business for the money, just like every other for-profit company. If Google did in fact intentionally collect information about your gall-bladder problem for inclusion with your profile what would be the motivation? You say it's "very valuable", but how is it valuable for Google if they can't profit from it? Google does not place nor permit targeted ads for health conditions, nor for that matter ads targeting specific religious or ethnic groups, sexual persuasions, or a dozen other categories.They don't even permit 3rd party companies to use Google ads to collect information for themselves in those categories. So if Google can't profit from placing ads addressing your medical conditions what would be the motivation?
Just because a company COULD do something is not evidence they actually do it. As I said earlier you seem to be on a fear-monger mission by stating Google factually does all these nefarious things you offer no evidence of them doing. Yes absolutely true, they could (and so could Apple), but generally there would be some profitable reason motivating them to do so. We know why Experian or Acxiom does it, they're in the business of collecting and selling both personal and aggregated data and for them health information is very valuable particularly if it's an insurer or employer or lender asking for it...
But that's not an area Google derives profits from, they rely on ad placements, and medical conditions won't make them ad money.
The actual concern for me (and should be for you too) is who the gatekeeper is for all the transaction data being provided and how do they safeguard it? Google can't collect it on their own. Even your mysterious oft-mentioned but never detailed "extra work" probably can't prevent records of much of what you've purchased (and visited and joined and licensed and financed and...) being collected and available for sale or trade by Experian and others, but we don't know where the now anonymised data Google is getting came from tho it's obviously a source that knows a bit more about your finances than they do. Another thing: Who possesses the other 30% and how is it used or shared? Who else gets transaction data, is it too anonymized, and what do those companies use it for? The article leaves a whole lot of open questions unrelated to Google.
So serious question since you seem pretty well-informed on the subject: Do you know who collected it, who is providing it and where they got it from? Any idea where they store it and who has access to it? In the wake of the recent massive privacy breach affecting nearly half of all Americans (and you might be one eve if you don't live in the US) I think that might be a good thing to look into.
You seem to think Apple and Google are different in this regard. I use gift cards too for my son's Android purchases. Google Play cards are available in nearly every grocery store and pharmacy, even many convenience stores. Like you've stated with Apple, zero need to have a credit card on file with them, nor would I. So no even tho you thought otherwise they don't know my credit card numbers anymore than Apple does yours.
You also say Apple does not require an email address to access Apple services. How so? Perhaps I'm not understanding what is absolutely required but AFAIK you still need an Apple ID to sign in for Apple services, which in turn requires:
The once-mandatory requirement for a valid credit card on file in order to have access to Apple service was dropped relatively recently (maybe 2013 or so?) but many folks would not know that, particularly if they are long-time users. In any event Apple requires a valid email address to use for linking their services to "you" as far as I can tell, plus a backup email address in case of security concerns. Google requires a valid email address for linking their services to "you", and a backup email address for use with security related concerns.. Sure sounds like the same thing to me. Apple can "identify" you just as reliably (or not) as Google can. For instance in my particular case I maintain a faked "Google ID" email address with an imaginary name for use with Google services, backed up for security purposes to an otherwise unused email address under another fake name using double-forwarding to my secured business email account for those times when I would prefer not to share my real Google ID. Until I have reason to believe otherwise those times are pretty rare. On top of that my main email provider is NOT GMail in the first place, tho I'm becoming increasingly aware that the one I do rely on may be collecting and sharing personal information with outside 3rd parties, which if turns out to be true makes them far worse for my privacy than GMail and likely soon to be dismissed as a provider.
EDIT: Came across a tutorial explaining how to set up an Apple ID without a credit card on file for those not familiar with the process
http://www.idownloadblog.com/2014/08/05/how-to-create-apple-id-without-credit-card/
But I'll grant you that Google does know what apps I download and may use it for targeted ads if I don't opt out... but so does Apple who also uses "what they know" about your App Store visits and downloads to target ads tailored for you based on your profile. Yes Apple monetizing their users (aka "you are the product") but on a far smaller scale as they're just not as dependent on ads as Google obviously. Different revenue models that are both highly successful to the joy of their investors.
BTW what is Apple's limit to your losses, and is it any different than Google's? You've apparently know having looked into it and and I have not.
So now with all that out of the way, what is your opinion of the study this AI article reported which is what we should be discussing in this thread? Do you think Apple should be more forthcoming about the code they are using for their DP project, allow outside verification of its effectiveness and perhaps taking advice on how to improve it if it turns out to be lacking?
I will say this though, I talk with a lot of "regular" people about this stuff, and many people just shrug their shoulders about google collecting data based on the content of their emails, which I find bizarre, but I'm accustomed to it now. However, when I've mentioned this new credit/debit card records info, I've been getting much more surprised and angry reactions. Perhaps people will just continue to bend over on this as well over time, but it's also possible that CC purchase records might strike people differently. Companies will push the envelope until the average person screams "STOP!", and apparently we haven't reached that point yet.
As for differential privacy, I totally agree that Apple should be more forthcoming with their methods and numbers as well, but I also agree with your assessment that both companies are just testing the waters and we'll know a lot more over time.
and the EFF is 100% correct in asking for verification to make sure they are being forthright.
"Google says it has 70 percent coverage of credit and debit card transactions in the US. This is through data licensing agreements with major credit card companies. All of the data is anonymous and operates only at the aggregate level.
"There are two levels to Google’s in-store sales measurement. The more basic level will report on the in-store sales impact of AdWords campaigns without any back-end integration on the part of the advertiser. Google does this by comparing store visits using smartphone data with credit card transactions in the aggregate. In this way the company can determine whether, during some conversion window, online ads generated an incremental sales lift (in addition to visits).
Those that have customer loyalty and email data (ie cashier asks for your email address or you use a store loyalty card which includes that information and more anyway) can “import store transactions directly into AdWords” and get much more detail about the ad impact on product level sales in stores. This is similar to the Facebook methodology and also involves hashed data matched on the back end. Google stressed that all of this was being done in a privacy-compliant way."
FWIW I'm not all that comfortable with it, tho it seems it's not actually tracking identifiable people nor revealing specifically-connected purchases by individuals. Biggest surprise for me was to discover Facebook has been doing this for some time.
The thing is, if you dig into how machine learning algorithms work, you'll come to understand that the relationships between input data and the resulting desired outputs are often not possible to map in ways that the devs can even understand, let alone "normal" people. ML is both amazing and scary as hell.
You are mostly correct with your mantra of:
- just because a company COULD do something is not evidence that they actually do it.
However, we can also add corollaries:
- if there isn't proof one way or another, let's follow the most likely path
- if a company walks like a duck, talks like a duck, and acts like a duck, it probably swims in the nearby water. that's as close as I'm going to come to giving you "proof", but even without me saying more, logic and past behavior should be enough to drive one closer to the correct conclusion. There's a lot of shit happening behind the scenes that you don't know about, and it's really odd that you seem to take google's side over and over in what are *at* *best* neutral, there's-no-way-to-know situations.
I *also* despise companies like Acxiom, and what Experian and their ilk have become. But unlike your missives would lead one to believe you think, that in no way excuses google for their complete and utter thirst for personal, behavioral, actionable data about every single person on the planet. According to Princeton research, all of the top 5 trackers (on the top 1 million web sites) belong to google, as well as 12 of the top 20. They /dominate/ online, and they very likely are also buying data from companies like Acxiom and Experian (though I don't remember offhand if google is known to do this - facebook DOES buy this data). From my own firsthand experience, it's relatively easy for a dedicated (tech savvy) person to block virtually all facebook tracking. It's damn near impossible to block google's tracking.
Your last point here is a good one, and no, I don't know (yet) who is providing the CC/DB data, and google has thus far been very cagey about it. Why?! Are they afraid of consumer pushback? Hell, the average person seems willing to bend over and take whatever google gives them as long as they have a convenient email service, etc., so why bother being cagey? Perhaps what they're doing here finally crosses a line that they think consumers will care about? I don't have any info on this yet. I do hope they open up.
You qualified by saying that you do this for your son's purchases, but what about your own? Did you tie your own CC to your account? Doesn't matter much if you use the device from your home and/or home network via wifi. That alone will identify you to most tracking companies.
In any case, the actual point was that most of google's services are designed around data collection. You've listed *one* that can be bypassed, but I doubt there are many others. For example, if one uses gmail with any regularity at all, then it's a near-certainty that google knows exactly who you are, online and offline. Same with most android devices. I don't use any of Apple's services that would give them that kind of data, and yet I use their products all the time -- just on my own terms. The only Apple services I use are the iTunes store and the App store, but I never use them from the same IP address twice, and I control my mobile apps' network access through a very tight external firewall. By their very nature, people don't really have that option with the vast majority of google's services, including "services" that don't require an account or even knowledge that you're using them. For example, search. Or google analytics. Or all the hosted stuff like jquery that google conveniently makes available to web devs for "free", in order to gather data on virtually every page that anyone visits on the web.
The very nature of the companies' businesses make them very different from a data collection standpoint. It's clear and factual, so it's odd that you fight this point all the time.
Sorry, I should have said "real" email address. I made the iTunes account so many years ago that I probably made a fake one that I don't even remember. All of the above are easily done with fake info, so apparently for store purchases that's similar to Play.
But these days google even demands a real phone number to create a gmail. I've heard that requirement may be possible to bypass, but I haven't explored. If you know how offhand, I'd be interested in giving it a try, just for experimentation purposes.
As for the below, even back when Apple said they required a valid credit card it was possible to create an account without one. The process was a little cumbersome, but I did so many years ago.
As for "identifying" me via an email, nope. Fake emails, remember? I don't use them, and I don't forward them. The problem with attempting to fake emails with google is that unless you know how to ensure that you don't create them from known IP addresses or ever access them from your home, you are very likely personally identified, with a high statistical likelihood. Doesn't matter if you have 2 or 200 alternative emails, or whether you live alone or with a family of 6 with mixed network traffic. That's how good google and other profiling companies have become. None of them are as good as google, but ML is getting better and better and people generally aren't careful with their data.
The fact that you're using a non-gmail provider for your base email is good, but as you've learned, not necessarily great. If you are indeed ready to dismiss them, I recommend ProtonMail or Tutanota, but you'll want to experiment to see how they work for your own personal use cases. I'm curious about which email provider you're talking about and how you've come to be aware of their sharing. Perhaps PM if you don't want it in the public forum?
To elaborate on the above, Apple doesn't see *any* of my internet traffic except when I specifically allow it, which is limited to rare visits to iTune and App Stores, and exceedingly rare OS updates. No iCloud, etc. I only use wifi (no cell data), wifi is available the vast majority of places I hang out, and I'm in control of what goes in and out of my devices. This does limit my use of some apps, but none that are important to me. So nope, they (nor any 3rd party apps) don't show me ads, nor are they able to even attempt to identify me through IP address or other means -- as far as I can tell.
As for your opting out of google's targeted ads, I hope you know that's a joke, right? All you're opting out of is the last part of the chain, which is seeing the ads. At that point, who cares? The data gathering and behavioral profiling still happens.
The limit is simply that if I buy a $15 iTunes card and add it to the account, the maximum amount that could ever possibly under the worst case scenario be taken from me is $15. A very hard limit. It sounds like one could do something similar with Play if desired.
To reiterate on the last part, yes of course. But as you said about both companies, they are just getting their feet wet. Let's judge both of them once their DP systems start gaining some traction.
Not sure why I bothered to ask this, I see/remember now that there are all kinds of tutorials, and I remember that most of them are either sketchy, require one number initially to create many accounts, rely on getting unique IPs, etc. None worked well when I last tried, but I wasn't being particularly diligent at the time. I may go back and revisit at some point.