On the one hand, we have threads about how browsers are fingerprintable and some app is using telemetry and endless discussions on theoretical zero-knowledge protocols and the importance of cryptography and Snowden saying this and that that get voted up to the top.
On the other hand, something like this comes up which is basically another step along the "no-one accepts cash" funnel and so now everything you ever buy with metadata is part of the borg. Like, you've literally deliberately introduced an MiTM.
I don't get this blind spot. Paying with cash is literally the easiest thing I do to reduce my data trail.
Paying with your phone is actually more secure than the old mag-swipe method. Your phone will tokenize your credit card information, which makes it significantly harder to track credit card usage across various merchants.
Of course it isn't as private as cash, but it is a step forward from mag-swipe.
There are multiple attack vectors. One of them is "why did I just get another charge from that place we visited last June". Another being "oops, we plugged our pin into a skimmer", etc.
Agree that letting Visa/MC/whomever know everything about your transactions is a choice...
Otoh if they pay you 3ish % for it, you might decide you're more than happy to.
I have half a mind to make a debit card that lets you whitelist merchants. You use the same card everywhere, but unless the merchant is in the whitelist, the charge fails. Also, you can set limits and rules.
Basically like privacy.com, but why use a new card per merchant?
hackers need not apply. I'm sure retailers will happily sell your transaction data to a third party aggregator, and that transaction data is more fine grained than what Visa gets to know about you (spending at Walmart vs specifically buying diapers).
So now Apple gets to know what Visa knows. Still, for the time being, they don't seem to know individual items. And many here seem to think Apple is more trustworthy than random anonymous data broker.
Though at least in the EU the mag-swipe method was phased out and replaced with a chip based method years ago. (A chip with secure module, requiring PIN if you pay for more then a small amount, or otherwise unusual.)
And as far as I know that method is still more secure then Apple pay and similar.
Apple Pay only tokenizes card information once when the card is added to the Apple Wallet on a device, not for every transaction. This means that usage for an on-device tokenized card can still be tracked until the card is removed and re-added.
I believe while the token is generated once, each transaction is signed with a unique signature (I believe that's the term) that only the payment processor can decipher. The merchant doesn't get any stable/identifiable information that can be used to track you across purchases/sessions/stores.
No, the merchant still does get a stable identifier with every payment (the "device account number").
More recently, an additional identifier uniquely identifying the underlying card has also been added [1]. That one persists even across multiple devices and token deletions.
A signature doesn't hide information, it only tells you that it hasn't been modified. All the information that's being signed is by definition already in the payload given to the merchant.
If it's actually encrypting information (not just signing it), then that's another thing entirely, but signatures don't hide data.
Good point about a signature not hiding the data. I got my terminology mixed up. I thought it was encoding it in a way so that only the payment processor could see.
But that's not necessarily the case either, as somebody else brought up the fact that identifiers ARE in fact passed to the merchant.
Are you possibly mixing this up with the Apple Card "request new card number" feature? In general, creating a new token requires deleting and re-adding a card.
> Paying with cash is literally the easiest thing I do to reduce my data trail.
Sure, if you prioritize anonymity in your transactions over convenience cash is much better.
OTOH, contactless pay with your phone is so much better than handing your card to a random server to make an imprint or whatever - and more secure/privacy maintaining than using the card itself if done right.
Cashless businesses were appearing in NYC pre-pandemic until the city passed a law against them to preserve access for unbanked consumers. This law was criticized as it greatly increased the cost of starting a small business. Then the pandemic happened and cash usage declined further.
Most people dont care enough, even on here I would assume, to be bothered by their data being out there and honestly same for me. Cash is annoying to handle a lot less sanitary than just holding your phone next to the merchants.
There's apparently a lack of consensus which isn't surprising since I'm conflicted personally by these issues all the time: the tech itself is really cool, the practical effects and side effects often are not.
And Apple Pay is much harder to trace (except for Apple and your bank I guess?) than just using a plastic static card.
I can't count the amount of times I've lost or been robbed physical bills. Never once have money siphoned out of my online bank. I don't use cash anymore, I'm all digital, and still use a VPN to watch porn.
Turns out different people have different threat models. My threat model includes my neighbour, my ISP (to a certain extent), my employer (again, to a certain extent), private companies like Google or Facebook, burglars, thieves, and scammers.
It doesn't include the NSA, the government, the NSO group, banks, or North Korean government-sponsored hackers. If you think you can defend yourself against the NSA, lol. Good luck.
Threat model should include banks , credit scores and spending patterns of credit cards is the foundation of credit worthiness in this country .
For example, your credit score is penalized if your have high utilization on your card doesn’t matter if you never default on a payment, Low credit score results in low limits in turn keeps utilization high.
Bank knowing I defaulted on a card as a risk parameter is one thing, them knowing how much I spend every month and likely on what line items is not ideal when they can control a lot of your life.
Bad credit score can mean high interest rates , higher down payments rejected for loans that can have major impact on your life.
It is also likely bank or payment processors can indirectly sell our buying patterns for targeting ads.
Those are highly regulated, regarding which data they can or can not use, and that regulation is (surprisingly?) very consumer friendly. There's more of a risk of a CRA getting hacked and their collected data being sold
The advise I have always given is you must have credit history to apply for any sort of loan. To get a good history apply for a credit card even if you don't need one and use it, but no so much that your utilization is too high that will reduce your score. Merely apply for a loan your credit score goes down just cause you applied!. How is this consumer friendly ?
It would be one thing if Credit Score for a government run central thing, couple of private companies having all your spending data without your consent at all seems major invasion of privacy.
Scoring methodology depends on sharing my private spending data to others, data that I cannot control being resold or have full visibility into its use. CRAs will try to charge you to "freeze" your credit or even see your own data!.
This is extremely anti-consumer, CRA industry did not develop for consumers or their protection, it is merely a tool for businesses to improve their operations.
Imagine if FB had a "social credit" and that is now used every social gathering as an eligibility criteria, and Facebook charged you to see your own data, that is how the current system feels.
Payment digitization is inevitable. The benefits outweighs the costs for 95% of people. The realistic options are payment through dystopian surveillance apparatus payment processors, or payment through bitcoin lightning (or similar).
It's hard to imagine a plausible path to payment digitization without states asserting a) currency controls and b) some degree of visibility on transactions. I think on the latter they'll take a "well if anyone can see it, we should be able to " and "KYC is needed" etc. stance. The only way to avoid anyone seeing it will defeat (a) an not be acceptable to them. This would relegate to same status as any other black market, with better/broader tech.
Most of these paradoxes come from treating the community as if it were a person, which it isn't. It's a statistical cloud of millions of people (and hundreds of thousands of commenters) with a complete spectrum of views. People can contradict themselves, but a statistical cloud can't.
On the one hand, we have threads about how browsers are fingerprintable and some app is using telemetry and endless discussions on theoretical zero-knowledge protocols and the importance of cryptography and Snowden saying this and that that get voted up to the top.
On the other hand, something like this comes up which is basically another step along the "no-one accepts cash" funnel and so now everything you ever buy with metadata is part of the borg. Like, you've literally deliberately introduced an MiTM.
I don't get this blind spot. Paying with cash is literally the easiest thing I do to reduce my data trail.