14 votes

I Got Access to My Secret Consumer Score. Now You Can Get Yours, Too.

12 comments

  1. [6]
    onyxleopard
    Link
    This is highly problematic. Also, hell if I’m going to send a copy of my driver’s license to some sketchy data hoarder just so I can see what they have on my file. The whole reason I’d be curious...

    This is highly problematic. Also, hell if I’m going to send a copy of my driver’s license to some sketchy data hoarder just so I can see what they have on my file. The whole reason I’d be curious about what’s in my file is that I fundamentally don’t trust them. This kind of non-consensual aggregation should be illegal. I imagine in jurisdictions subject to GDPR, it is illegal. This is basically a social credit score system, but instead of being controlled by government, it’s controlled by private entities.

    18 votes
    1. [3]
      Greg
      Link Parent
      Not to say I disagree with you at all in principle, but I can't really think of a good method of making sure my file only goes to me without potentially giving them even more data for...

      Also, hell if I’m going to send a copy of my driver’s license to some sketchy data hoarder just so I can see what they have on my file.

      Not to say I disagree with you at all in principle, but I can't really think of a good method of making sure my file only goes to me without potentially giving them even more data for verification...

      This kind of non-consensual aggregation should be illegal. I imagine in jurisdictions subject to GDPR, it is illegal.

      One of the major issues here is that from a legal point of view it is likely considered consensual. To take the first example I remembered from the article, AirBnB's UK privacy policy says in §4.6 that they can pass data to any number of unspecified third parties for at least 7 distinct and very broad categories of processing.

      GDPR does at least provide some strong and well codified methods of access and recourse, which are a big step forward, but it doesn't do a lot to stop this kind of thing happening in the first place.

      5 votes
      1. [2]
        onyxleopard
        Link Parent
        But can the third parties take that data and link it to my file along with the data they already have from any number of other sources? It’s the aggregation of data linked to my identity that’s...

        AirBnB's UK privacy policy says in §4.6 that they can pass data to any number of unspecified third parties for at least 7 distinct and very broad categories of processing

        But can the third parties take that data and link it to my file along with the data they already have from any number of other sources? It’s the aggregation of data linked to my identity that’s the problem. If I make an account with a service provider like Air BnB, I am consenting for that service to know some things about me. But, if there is some aggregator out there who is sucking up everything from everywhere and links it all together, that’s going too far, IMO. I’d never heard of Sift and I certainly never consented to have them build a profile on me. How could I contest them if they have errors in my profile? How would I even know of their existence if it weren’t for me coming across this news article? At least with the credit agencies like Experian etc., they are known entities and there are clear channels for getting access to my credit report. This other stuff is beyond the pale, IMO.

        5 votes
        1. Greg
          (edited )
          Link Parent
          Again, I broadly agree with you, but unfortunately I don't think GDPR will save us here. There are six defined legal bases for processing data under GDPR, and when it comes to passing the data to...

          Again, I broadly agree with you, but unfortunately I don't think GDPR will save us here.

          There are six defined legal bases for processing data under GDPR, and when it comes to passing the data to Sift AirBnB can make a strong case for user consent (agreement to the privacy policy).

          Once the data is lawfully in Sift's hands, they then have their own "legitimate interest" argument for combining it, in order to search for patterns and provide more reliable signals to their clients (the organisations passing them the data, not the individuals whose data it is). Since there was consent to transfer it to them in the first place, it holds together under the law (to my own best understanding - not a lawyer, but do work with tech lawyers regularly).


          I did a little more digging after typing that up and it looks like Sift's own GDPR policy broadly agrees:

          Legitimate interest is one of the ways companies can process personal data under GDPR. Fraud prevention is one of the defined legitimate interests (see Recital 47), which is what enables Sift to process personal data within its fraud prevention products.

          It does highlight a few of the benefits of GDPR further down, though: assuming that users do somehow find out that Sift exists (chalk up a point for the journalists!), they have a well defined legal right to request their information directly and to opt out of processing.

          3 votes
    2. [2]
      Keegan
      Link Parent
      It makes you think. If this private company can gather all this data, how much does the government that controls it all have?

      It makes you think. If this private company can gather all this data, how much does the government that controls it all have?

      3 votes
      1. onyxleopard
        Link Parent
        The government has a different window into your data. The pernicious thing here is the history of private messages and device identifiers etc. The government knows things that are generally public...

        The government has a different window into your data. The pernicious thing here is the history of private messages and device identifiers etc. The government knows things that are generally public info. These companies (and credit ratings agencies) are collecting info that nobody has any business collecting other than to exploit it for profit.

        12 votes
  2. patience_limited
    Link
    Well, this just confirms something I've been rather paranoid about for a while. I've been hesitant for a long time about leaving negative reviews of any business, under the assumption that data...

    Well, this just confirms something I've been rather paranoid about for a while.

    I've been hesitant for a long time about leaving negative reviews of any business, under the assumption that data aggregators would be able to systematically punish me for doing so, in consequential ways.

    There's a big business that I'd like to do everything in my power to spread accurate negative reviews of. They basically did several thousand dollars worth of damage and fraudulently denied any responsibility for it, in spite of our extra payments to insure against the risk of that damage. As I'd suspected, though, it's not worth fighting through what they could do to us if we complain publicly, take the issue to small claims court, or otherwise undertake that David v. Goliath battle.

    I've already dealt with the near impossibility of getting incorrect information removed from financial rating agency records, and there's literally nothing which can be done to prevent this kind of biased, unbalanced social credit scoring in the absence of legislation.

    9 votes
  3. Gaywallet
    Link
    Has anyone tried to request this data? I'm curious what the process is like.

    Has anyone tried to request this data? I'm curious what the process is like.

    1 vote
  4. [4]
    Kremor
    Link
    Do you have a link that is not behind a paywall, I ran out of free NYT articles.

    Do you have a link that is not behind a paywall, I ran out of free NYT articles.

    1 vote
    1. [3]
      balooga
      Link Parent
      Try a new incognito session or install this Firefox extension.

      Try a new incognito session or install this Firefox extension.

      2 votes
      1. [2]
        emdash
        Link Parent
        You don't even need that! Firefox Reader Mode should work a treat; since the article still exists in the DOM.

        You don't even need that! Firefox Reader Mode should work a treat; since the article still exists in the DOM.

        1. balooga
          Link Parent
          Oh does it? A number of sites have gotten more sophisticated about actually removing content from the DOM when putting up a paywall, so Reader Mode will still truncate the article. But I didn't...

          Oh does it? A number of sites have gotten more sophisticated about actually removing content from the DOM when putting up a paywall, so Reader Mode will still truncate the article. But I didn't check if this one was doing that.

          2 votes