Google Wallet: the End of Anonymous Shopping 253
jfruhlinger writes "Google today announced Google Wallet, an NFC-based payment system that will allow people to pay for purchases just by waving their phone across a reader. It's the beginning of a future where commercial transactions are 'frictionless' and convenient — but it's a future where every transaction can be tracked and data-mined, as Dan Tynan points out. Stores can user information about your Doritos purchases to rearrange their wares; Google could push coupons via its new Google Offers service; your health insurance company might be interested in your sodium intake."
Hyperbole (Score:5, Funny)
C'mon, Google Wallet is the end of anonymous shopping? No, if you don't want to be tracked by Google Wallet, just don't use Google Wallet. If you want to stay anonymous, use cash.
And wear a hat.
And gloves.
And a fake mustache.
Re:Hyperbole (Score:5, Insightful)
Also, credit cards, debit cards and checks claim prior art.
Re: (Score:3, Insightful)
I was going to mod you Underrated, but instead I'd just like to say that whoever wrote the article is dumb as shit. And not that high grade shit.
Re: (Score:2)
Except that it required cooperation with your financial institution to get at this data, and if you use separate financial insitutions (not unusual), it's hard to correlate all that data into one complete profile.
With Google Wallet, you'll just literally Google the information out in one go. And querying one big entity with information on all of us is much easier than having to gather from multiple companies and reconstruct the trail from there.
Ditt
Re: (Score:2)
Except, well... Google doesn't just give up your information as freely as you think. It's no different than a credit card company. If you don't like it, continue to use your Visa instead of Google.
It's not like I can Google "nschubach bought ? on Tuesday" and get a full report. What are you thinking?
Re:Hyperbole (Score:5, Interesting)
It's not like I can Google "nschubach bought ? on Tuesday" and get a full report.
Why don't you try that query yourself? I did. Congratulations with your purchase [rx8club.com] of '04 Silver RX8 - G/T Package - 6 Spd. MT in June 2004. It was probably nice weather then in Schaumburg, IL. Is there anything else you'd like to announce to the whole world? Google doesn't need to do a thing here, other than to collect what people willingly reveal about themselves.
With regard to my own username, it is short and common (as in RFC 783). Besides, I don't reuse usernames. The only way one can associate my posts across multiple sites is by writing style.
Re: (Score:2)
Re: (Score:3)
We're called "Europeans".
Re: (Score:2)
Yeah, it was a fun car to have for the time I did... and I don't live in Schaumburg anymore. So that's terribly relevant information for someone trying to sell me something when I live two states away now. ;)
Re:Hyperbole (Score:4, Insightful)
I don't live in Schaumburg anymore. So that's terribly relevant information for someone trying to sell me something when I live two states away now. ;)
That would be only marginally true. You are interested in these cars, and you even had one - so this bit of information is quite valuable, especially if it can be datamined without the expense of owning dealerships and keeping records.
And that would be completely untrue with regard to protecting your anonymity - if, for example, the government is after you. The IP address is history; probably nobody can figure out who it was given to 7 years ago. However Schaumburg is a small town (about 75,000?) - how many cars of this make and model were sold to residents there? Probably not more than a few; and these records stay forever.
I'm probably not sufficiently paranoid to worry too much about such things (and obviously neither are you) - but from purely technical point of view a lot of information was leaked, and that information can be exploited by anyone who cares. This is something to be concerned about if you discuss your ownership of expensive cars, firearms, or other stuff that is in high demand. You don't want to reveal ownership and location at the same time.
Re: (Score:2)
"an undeserved air of smug superiority combined with rampant paranoia" is a "writing style".
That is true. But I do my best to vary the style :-) Besides, wearing the mask of "rampant paranoia" mixes me with the rest of the Internet crowd :-)
Re: (Score:2)
Right. Google doesn't give away this information - it has value. They sell it.
For example, how much do you think their recent survey of all the wireless routers in the world is worth to wireless router manufacturers? To know what routers are being used in more affluent zip codes as opposed to poorer districts? Also, based on signal strength the Google data probably has an 80-90% correlation of router MAC address to street address, and you can get all sorts of demographic data from a street address. I h
Re:Hyperbole (Score:5, Informative)
Fuck that, they'll just go to Experian.
Experian? Who are they? Yeah, if you don't know about Experian, you don't understand privacy today.
See, Experian is, to the public, a credit rating agency. So they just so happen to collect all your credit card data, loan information, and so forth. Fancy that!
But it gets better.
See, they also collect all that loyalty card data that you believe is so difficult to acquire... among *many* other things. They then correlate the data up, package it, and sell it to whomever wants it. Traditionally this has been direct mail marketers, among other things.
And the breadth of the metrics available? Astounding. People who purchase that data know if your fucking car lease is about to expire or not.
So trust me when I say, Google Wallet is nothing. The privacy horse ran out of the barn a long long time ago.
Re: (Score:2)
And hey, it gets better: ever heard of Hitwise? Also by Experian. Internet tracking. Their own tagline is "the leading online competitive intelligence service". The amount of data that flows through Experian is huge, and I can only imagine how it can be correlated together.
I was this close to working for those guys, and then I wised up and pulled out of the interview process.
Re: (Score:2, Interesting)
I did work for Experian for over a decade in the division responsible for all those credit card offers you get in the mail. The amount of data Experian has on over 300 million people contained in their File One database is staggering. They can and do aggregate mountains of personal financial information from every conceivable source that is used to calculate thousands of different behavioral "attributes" and credit scores at the behest of banks, credit unions, insurance companies, collection agencies, gov
Re: (Score:3)
No it didn't.
The stores track all the information right now. Your names, what you buy. Every piece of data they can. So if you are not using cash, they already have that information.
They only need to go to financial institutions if they want your bank information.
This is also in conjunction with a financial institution, just like you CC/DC.
How hard to you really think it is to correlate the data currently?
If you are marketing to a large demographic, you need to contact maybe a dozen chain.
If you are looking
Re: (Score:2)
The stores already sell the data to aggregators. The raw scan data plus loyalty card information. Every single item that is scanned at a checkout station.
The stores make some money from this, but the aggregators make a lot more for analysis and packaging it all up. No manufacturer in their right mind isn't buying this information because they have to know who is buying what. It guides product development decisions and what to do with current products.
Google would be in the unique position of being both
Re: (Score:2)
Re: (Score:2)
but it's a present where every transaction can be tracked and data-mined
FTFY.
Also, discount cards were specifically created for this data mining. Rebates also get your info. Credit Card cash back is to induce you to use credit cards instead of cash so they get their fees and can track you more.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Oh yes it is!
I don't have to show an ID or give my person information out to get a disposable pay as you go phone.
This could be great for anonymous shopping, provided you use a pay as you go phone.
I'm betting your Google Wallet will have to be associated with a google account, you know in case of fraud (or some other excuse.) The website describes associating it with a credit card or charging it with a prepay card so there'll be some communication to the internet going on behind the scene leaking all sorts of juicy information back to Google.
Re: (Score:3)
Cash....until they stop printing and accepting that, I'll be happily anonymous in my purchases.
If on the rare occasion of using a customer card to get a discount...well, that one says I'm a 98 year old hispanic lady named Chang, that is from Sweden.
I'm sure the shopping habits associated with that account are kinda looking skewed....
Re: (Score:2)
except google could also get the info.
can't avoid the banks getting it (aside from not using credit cards) but I don't need to let google in on it as well.
imagine what they could grock if chrome is your browser of choice.. as soon as you use your phone @ home on wifi - there's a possibilty they could tie your surfing habits to your shopping habits.
privacy concerns aside - what's the advantage of waving your phone over the sensor vs. swiping your card through the POS machine?
Re: (Score:2)
The health insurance companies are NOT struggling, FAR from it.
They aren't needy, they are greedy!
Re:Hyperbole (Score:4, Insightful)
Fine until everyone requires some tracked form of payment. Try using cash to buy an airline ticket, for example. See you when you get out.
Re:Hyperbole (Score:4, Informative)
Um, OK. [ehow.com]
Re: (Score:2)
Re: (Score:2)
eHow will have an article on almost anything you Google search on because it's a site for click whoring.
Re: (Score:2)
Try using cash to buy an airline ticket, for example. See you when you get out.
What do you mean "try" using cash? Southwest Airlines [southwest.com] lists it as one of their accepted forms of payment:
Cash: Southwest Airlines accepts cash for payment of purchase at all airport ticket counter locations.
Don't let pesky little things like facts get in the way of a stupid post, though.
Re:Hyperbole (Score:5, Funny)
BitCoins! I have no idea what they have to do with the current discussion, just throwing it out there.
Re: (Score:2)
Bitcoins are more worthless than paper.
Not anonymous (Score:2)
What do you mean "try" using cash? Southwest Airlines lists it as one of their accepted forms of payment:
Likely to be followed by a nice groping... err, "enhanced" patdown by your friendly neighborhood TSA bouncers. Maybe you like to pay to get felt up?
That's one instance where you'll have to present ID anyway so there is really little point in using cash in a futile attempt to be anonymous.
Re: (Score:2)
Don't let pesky little things like facts get in the way of a stupid post, though.
http://www.freerepublic.com/focus/f-news/2222236/posts [freerepublic.com]
Re: (Score:2)
Re: (Score:2)
Ship yourself via overnight air.
Re: (Score:2)
um try again. You needed to have an ID to fly sometime in the mid 90's. ( I can't remember when but I was always asked for my license while traveling in 1995/6)
Re: (Score:2)
Try using cash to buy an airline ticket
No doubt! I was stuck flying back on a redeye from Mexico city. When I pulled out cash to upgrade to first class I had that sudden feeling you get when you pull out $50, in 1's 10's and 5's, in a convenience store on the south side. Lets just say it was the only time I ever felt the temperature drop in Mexico.
Re: (Score:2)
And don't use those store discount cards.*
*Better yet: I came across one in some junk at an estate sale of a deceased person. That was about 10 years ago. The card is still valid.
Re: (Score:2)
Analysis of shopping patterns might lead to better service, like, maybe, *maybe* they won't run out of tonic water so often in the summer. Maybe.
I don't even think *maybe* since they can already tell how much tonic water they go through without having to know the names of the people who bought it. They don't need your name to tell that you bought hot dogs, mustard and buns for this weekend since they can track each check out. This allows them all the purchasing relationships they need. Even without buying things at the same time there will still be a relationship of x amount of toothpaste = y amount of toothbrushes over a given time. Less obviou
Re: (Score:2)
But, I have a mustache. Does that mean I have to shave it off just to wear a fake one?
Re: (Score:2)
Do you think the powers that be care about some Mom/Pop Vietnamese grocery store?
How the hell is this different from credit cards? (Score:5, Insightful)
Re: (Score:2)
Has slashdot/online/other media ever let facts get in the way of a nice headline?
That credit cards collect the same information is completely irrelevant to the article - because that fact is simply discarded.
Re: (Score:3, Insightful)
Well, you see, when it comes to patents, people are offended that adding but it's online or but with a computer or but in the cloud makes something qualify as a new idea.
When it comes to things that could involve gathering data, adding but now Google is doing it makes it new and outrageous.
Re: (Score:3, Interesting)
No confirmation step (Score:3)
What puzzles me is that there is no confirmation step required in these contactless payment systems.
When I buy stuff with my chip-based debit or credit card, I'm asked to enter a PIN. Else, I have to physically swipe the card to ensure there is no ambiguity as to whether or not I meant to pay with my card of choice.
With a contactless system, I could be wanting to pay with my credit card, but if I accidentally held my cell phone too close to the reader, it would debit the amount from my phone instead of my c
Re: (Score:2)
You can do this, right now, with most CC and DC cards.see: PayPass.
Re: (Score:2)
Actually the wallet app has to be unlocked by pin before use.
also, the NFC antenna is off when the screen is dark.
trade-off in not having personal spending records (Score:2)
Similar to weather you log into Google or not. You get more efficient searches when you log in.
Re: (Score:2)
Only in that banks don't serve you web ads. This helps Google get even better informed about what you thus tailor ads to your psyche.
Because, please, the purpose of stalking and data-mining the hell out of you is not just to sell you wonderful goods that will make your life better but to learn the marketing tricks that better fool you into getting what you don't really need.
Re:How the hell is this different from credit card (Score:5, Insightful)
This kind of system offers significantly better security than CCs.
If the system is designed well the stores you visit will never see your financial information (and never have an opportunity to lose it). Encrypt the account information on the phone with a psuedo-random number that is generated every 60s (along the lines of SecureID), send the encrypted data to the store, the store forwards that encrypted string, along with the amount of purchase to the payment server, the server responds back with a simple 'approve/deny' response. This also applies to card skimmers, if someone skims your account details, they're valid for 60s or less.
The system can also be password protected, or even biometricly protected if you really wanted to make things easy; which is better than I've heard of CCs being able to do.
Re: (Score:2)
It's not. The payment will still go through your credit/debit card account, unless you sign up for a Google pre-paid account, which is just another debit account anyway. (And is only 'google' in name - google won't be handling your money.)
Google is just providing a new way to access that means of payment, in a hopefully convenient and secure way. I say hopefully, because this thing is beta, with as yet unknown bugs and problems still to be worked out.
Different then a credit card... how? (Score:2)
Re: (Score:2)
Agreed, shopping stopped being anonymous when people started using credit cards. My main concern with this system is security. Android phones have been rushed to market, and many are infrequently updated. Smartphones in general, and Android in particular are ripe for malware exploits. I don't even trust it with a credit card for Marketplace purchases, let alone for anything else money related.
Re: (Score:3)
Well, a credit card terminal just gets a total from the register. TFA is assuming that Google will demand and require that all cash registers tell the Google Wallet terminal every single item being purchased! And in case they're wrong, watch how easily it is to back peddle! "You're right, they don't examine what's being bought....yet." It's a classic move, but stick with what works I say.
FTA is absolutely mentally retarded. Lets take a quote. "The store, for example, could aggregate that informatio
Huh? (Score:2)
What anonymous shopping? You can be traced with enough effort using cash, let alone the ease of tracking the vast majority of people using credit cards, debit cards or checks for purchases. What a fucking stupid headline and summary.
BitCoin (Score:2, Informative)
Re: (Score:2)
Yeah if don't want to be able to purchase things from 99.9% of stores out there.
Re: (Score:3)
I'm not a futurist, and there are certainly threats to BitCoin from other established internet exchangers, but I think it's got potential
It got no potential, and for one very simple reason: common people today can't earn this "currency." It is very difficult to generate bitcoins - so difficult that it is impractical, unless you invest into a GPU farm. Of course you can buy bitcoins, but why would anyone do that?
The inability to earn bitcoins creates an ever-growing chasm between early adopters (and inv
Re: (Score:2)
This guy is an intermediary, sure, but a good portion of Amazon's product is now handled through 3rd parties too, so it's really not a big deal.
Sorry, but no. Those other "3rd parties" you mention almost always have Amazon stock, fulfill and ship the order so it is nothing like buying through some random dude.
I'm not a futurist, and there are certainly threats to BitCoin from other established internet exchangers, but I think it's got potential, especially for anyone who'd like to see the internet really achieve its true potential as a free medium.
Sure if you want to deal with a current that will have limited amounts of people accepting it and has a miniscule supply.
Re: (Score:2)
No, not really. The major difference is that credit cards had the backing of financial institutions.
Re: (Score:3)
Re: (Score:3)
I wrote Smart Card software in 95 that did this same thing in Zambia.
IN fact, it was initially written so the merchant could put money on and off the card. So they could pay their employees. Of course that means the bank is out of the loop, so we removed that feature pretty quickly.
FTFY... (Score:2)
... your health insurance company might be interested in your sodium intake.
s/be interested in/change your premium based on/
FTFY.
Nothing else does that! (Score:2)
Thank God they can't do that with credit cards!
Re: (Score:2)
Re: (Score:2)
Yes, but if you happen to use a supermarket discount card they DO have what you bought and they do data mine that information
Rogue group announces alternative to Google wallet (Score:2)
Re: (Score:2)
Google is just using paypass. This is not Google proprietary monetary transaction system any more then any Credit Card.
The next generation of spam-attack (Score:2)
It's final: "New" isn't necessarily "better" (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Why? why is this different the use CC? Paypass? It's not.
Go back to cash if you want, but your paranoia is unfounded and based on incorrect information.
Sure (Score:2)
And Google Buzz was the end of Facebook.
Make me more relevant ads (Score:2)
Shit Slashdot, OK, I guess I'll explain... (Score:3)
How is this different from credit cards?
Simple:
A traditional credit card has raised digits and other information on the card itself -- It is not very secure. When you hand your credit card over to the waiter/waitress they can easily snap a pic with their camera phone and sell that data for $2 (wholesale) online.
A magnetic strip bearing credit card has the above insecurities, plus a convenient stripe that can be used to input the information into a computer -- Fake "clone" cards can be created that have the same magnetic signature as your card, and actually, the mag stripe lessens security by giving the clerk a false sense that the card is legit. The clerks don't care anyhow, it's not their money -- As a test I actually use a cloned card printed with the name "Sir Thievey Thiefterson III" and always sign my name as: "This card is Stolen" on all receipts; It's been four years, and still only eight times has my ID been asked for -- at which time I tip the cashier and use my real card.
A near field credit card works via RFID. RFID is not secure. It has no concept of a secret internal state and a challenge response system to authenticate that single (and only that single) transaction. It simply responds to query, any query, with your card info. Once again, we're putting the insecure data that's printed on the outside of the card into a more conveniently readable format, but this time it can also easily be scanned by malicious persons from several hundred feet away by using a Pringles can to shape their antenna's emissions.
None of these data exchange formats have the concept of a secret internal state and a challenge response system to authenticate that single (and only that single) transaction. It takes a computation capable device to provide public key encryption. We solved the problem a long time ago with public / private key pairs -- Google Wallet is a technology that finally uses the solution to the problem of identity theft via "public" card information dissemination. The device and/or application containing the private key (the key itself, even) can itself be locked/unlocked with a pass-phrase.
Note that this is not absolutely secure -- nothing is -- however, it is leaps and bounds more secure than the current dumb "hey here's a plain-text number to get my money" credit card system.
As for traceability -- It's no more traceable than the credit card system, true. It could be made more private by using something in the vein of Bitcoin (there I said it), since it has over a hundred unique account tokens for a given wallet. However, you would need an intermediary to process the transactions on your behalf, and trust them with your identity -- I'm looking at you Google.
In short: The Current Bullshit CC system is Broken as Hell! This is a step in the right direction, get on board or have your identity stolen like a dumbass.
P.S. In 2001 my wallet was stolen from my locker while I was clearing a jam from a trash compactor. I canceled my cards & entire bank account, got new checks & cards, and STILL was fraudulently charged $557.00 via the old canceled bank card three weeks later -- Wells Fargo doesn't care if I followed their security guidelines to the letter and have written proof of such -- they don't care if their agents were the ones that fucked up and didn't take the stolen card off of my name, and it ended up linked to my new account: It's not their money, they don't care (I still "owe" them this money since I refuse to pay for others' mistakes, also, credit reporting companies don't care either).
P.P.S. Cash is still the most secure, but carrying a lot of it is arguably not (Yes, I have been robbed at gunpoint after cashing a large check -- if I had digitally transferred the funds, I would not have lost the money).
Your's truly,
A FOSS Hacker that grew up in the ghettos of H-Town.
Re: (Score:2)
" but this time it can also easily be scanned by malicious persons from several hundred feet away by using a Pringles can to shape their antenna's emissions."
no, it can not. FOr a test, why don't you make said cantenna(trivial) and get information from Pay Pass swipes? It's the EXACT SAME THING.
And your wells Fargo story stinks to high heaven.
As someone who was in the sane situation, including getting charged after the fact. It took me exactly 1 10 minute phone call.
Even if true, there are some pretty trivi
Re: (Score:3)
You must have done something to piss someone off. While it sounds like this was an ATM card where limits don't apply - or at least didn't until recently - I have never heard of anyone losing out on lost or stolen cards.
Of course, mostly that is dealing with credit cards, not debit/ATM cards where it is in the bank's interest to push as much liability onto you as possible. With credit cards it is always the merchant that loses out.
This is something to keep in mind. With a credit card there are four agents
The summary has it backwards (Score:2)
cash not purely anonymous (Score:2)
America, welcome to the rest of the world. (Score:2)
Re: (Score:2)
Maybe, but likely by charging to the phone bill via SMS or some other archaic method... not really the same.
In the off chance someone wants facts (Score:5, Informative)
http://www.google.com/wallet/how-it-works-security.html [google.com]
Cash does not make you anonymous (Score:2)
If you live in a city, you are on camera anyway.
You are traceable - how many people with your "taste" in clothes and your fine figure live in your area?
Re: (Score:2)
Thanks to the efforts of Levy Strauss and Ray Kroc, quite a few.
Frictionless payment you say? (Score:2)
That definitely is bad news for stripper & escort girl afficionados :)
Creating a data commons? (Score:2)
Is this information really necessarily private, or is it private just because we worry that it leaves us somehow more vulnerable? Have any of us really thought through what "vulnerable" might mean?
Some alternative thinking: Our data, ourselves [boston.com] at The Boston Globe.
Anonymity is obsolete (Score:2)
"Computer, report location of Cmdr Riker"
The future is privacy through access control, law and mutually assured harassment. Once you can easily tell who exactly Googled you, they will be a lot more respectful.
Another story about Google posted by Timothy (Score:2)
Another hysterical headline. Can we please stop doing this? I vote Timothy is no longer allowed to post Google stories--clearly Google killed his puppy or something and he simply can't get past it.
Devil's Avocado (Score:2)
(Ok Devil's advocate here, just for fun.)
Who cares?
Let's look at each of your best attempts at a scary consequence.
"Stores can use information about your Doritos purchases to rearrange their wares" - sounds good to me, helping to make sure the shelf hasn't run out of what I want. Why be so protective of information which is expressed so publicly anyway whenever you shop?
"Google could push coupons via its new Google Offers service" - coupons are an annoying way to create artificial loyalty, but I do
It could enable price comparisons for consumers (Score:2)
Google wallet could also be a good thing for the consumer. It would mean that all items bought this way will have their prices tracked and stored in google. This will mean that users should be able to run price comparisons over all stores that are compatible with this tech - this means you can work out before you go grocey shopping - which store will offer you the best price for your weekly shopping list.
For Grid's Sake! (Score:3)
There's a bigger issue at stake here, but I haven't seen anyone else mention it yet.
Have you heard of Michael's? The nationwide craft store? Thieves managed to swap out 90 separate credit card readers without anybody knowing, in Michael's stores around the country. They've been snarfing credit card data for quite a while.
With NFC, the thieves will have a field day! They don't even need to swap out readers; just stick your sniffer's antenna somewhere close enough to read the NFC transaction. What do you want to bet that passive receiving can be done from a couple of feet away? Then they just sniff the transaction and away they go.
What's that you say? Secure communication? Hahahaha.
There isn't a major credit card system in existence in the world today that hasn't been hacked at one time or other, and most of those "bugs" just got whitewashed over, not really fixed. Hell, it didn't take long at all to hack the "unique, secure" id from RFID tags and clone them.
The probability that somebody will find a serious vulnerability in the system is close to 1. Combine that with reading from a distance, and it will be a free-for-all.
This is such an outrageously bad idea, I can hardly sit still and not yell at people about it. I have already berated one software company for planning to support NFC in its apps.
Re: (Score:2)
STores are already storing user information.
My industry keeps every transaction logged you have made with us for 10 years and we have been doing it for the last 20-30 years.
While it helps with purchasing (stock refilling), and inventory management, the real purpose is so that when the customer walks up to us and says. Remember that "thing" I bought for this" job" "3 years" ago, I need another one. We can look it up.
I did it yesterday for a guy. He wanted the exact same thing he just used. When did he bu
Re: (Score:2)
2 glaring errors in the summary: "NFC-base" should be "NFC-based" and "Stores can user information" should be "Stores can use information"
Actually, I was rather hoping that the Stores would can the user information.
Re: (Score:2)
What you need to do is keep up a steady flow of completely boring transactions for 'them' to track, and keep all the interesting stuff anonymous.
What sort of interesting things are you doing with your money, anyway? ;)
Re: (Score:3)
You are. Either that or your a "them", which might be worse ;)
Re: (Score:2)
She's one of their agents actually.
Re: (Score:2)
"Stores can user information about your Doritos purchases to..."
I'm starting to think you all do this on purposes.
They cleaned it up some. The original submission was texted: "OMG /. peeps!! stores kin useur info bout ur doritos buyin..."