Part of the difference is scope and purpose. I'm ok with Amazon using my purchase, and product viewing data, to recommend products I might like to purchase. I'm even ok with them using aggregated data to determine where to invest in white-labled products, fix UX issues, or find fraud rings.
What I'm not ok with, is them selling my data, combining it with cellphone data, netflix viewing data, creditcard data, magazine subscriptions, email subscriptions, and many others, and building personal profiles that governments, political organizations, and commercial enterprises I don't have a direct relationship with to abuse.
I don't think it is a slippery-slope from from the more narrow, single-firm use case to the broad-profile-being abused. GDPR and similar regulation is one way we can get there. We are going to need probably another generation of people and laws to figure out the right regulatory norms and frameworks, but it seems like a tractable problem.
Amazon doesn't sell your data. You can't have a legitimate discussion about this on HN because no one does their research and so just make outrageously incorrect claims like that.
Netflix, apple, etc don't sell data. There is no such thing as building a 'personal profile' by combining data from all these different sources. Data is licensed in aggregate, and typically anything under 1,000 user ids can't be used. Unless your bringing in data yourself, you can't build profiles on individuals.
I 100% agree that we need major privacy regulation, but the first step in that is putting in effort to actually understand and discuss the facts.
> Data is licensed in aggregate, and typically anything under 1,000 user ids can't be used.
You are correct that the reputable companies I used in my strawman apply practices like this. But it is certainly not the case that this is universal. I've worked professionally with all sorts of a data brokers (for anti-abuse/fraud purposes) and there are many who deal with non-anonymized datasets, especially if we are talking about firms that evolved out the direct-marketing space. Further, there are many ways to make use of semi-anonymized data that while, not strictly joining private information, are able to perform profile appends and data imputation in ways that allow for inferences many would consider privacy violations regardless of the fact the technical construction methods don't directly access specific profiles and are at some level stochastic.
But all that was besides my point, which was perhaps lost with a bad example. HN readers can be both FOR increased use of customer data for acute purposes and AGAINST broader abuses of such data without being hypocritical. There is a relevant distinction to be drawn.
Apologies I always forget that I only have experience with the big guys and haven’t seen what the smaller vendors are doing. I’ve made that mistake before so definitely a blind spot for me.
I do think that what smaller players is doing is the thing people thing of as obviously immoral, but those practices get pinned on everyone else.
Respectfully this is wholesale incorrect. It is trivial for a practiced data guy working in the discovery space to build a cia worthy dossier on someone solely by buying data and building appropriate data models. I am not making an outrageous unresearched claim. I am staying what I know to be true, having worked in the space.
Credit card providers most certainly sell your data. Data brokers have detailed profiles on everyone. They don't anonymize anything when their whole business is selling names and addresses of hyper-specific demographics.
Source? You can read my comment history - I’ve worked extensively in this exact industry. I literally built bespoke audience segments directly with visa and oracle, which have strict rules including the number of people in an audience and the type of purchase/retailers included. It’s not hyper-targeted, unless you consider something like “everyone who bought a flight flying through LAX in the past 3 months using their Visa card” as such. That segment is probably around 1MM ids, which gets scaled up with machine learning to 5MM similar people (the minimum size for any visa audience segment). 5MM people is about 35MM IDs (cookies, device ids, etc).
They 100% do not sell names, addresses, or any personally identifiable information because that’s super illegal.
What I'm not ok with, is them selling my data, combining it with cellphone data, netflix viewing data, creditcard data, magazine subscriptions, email subscriptions, and many others, and building personal profiles that governments, political organizations, and commercial enterprises I don't have a direct relationship with to abuse.
I don't think it is a slippery-slope from from the more narrow, single-firm use case to the broad-profile-being abused. GDPR and similar regulation is one way we can get there. We are going to need probably another generation of people and laws to figure out the right regulatory norms and frameworks, but it seems like a tractable problem.