Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Google Privacy The Almighty Buck Technology News

Google Wallet: the End of Anonymous Shopping 253

jfruhlinger writes "Google today announced Google Wallet, an NFC-based payment system that will allow people to pay for purchases just by waving their phone across a reader. It's the beginning of a future where commercial transactions are 'frictionless' and convenient — but it's a future where every transaction can be tracked and data-mined, as Dan Tynan points out. Stores can user information about your Doritos purchases to rearrange their wares; Google could push coupons via its new Google Offers service; your health insurance company might be interested in your sodium intake."
This discussion has been archived. No new comments can be posted.

Google Wallet: the End of Anonymous Shopping

Comments Filter:
  • Hyperbole (Score:5, Funny)

    by Sonny Yatsen ( 603655 ) * on Thursday May 26, 2011 @04:03PM (#36256140) Journal

    C'mon, Google Wallet is the end of anonymous shopping? No, if you don't want to be tracked by Google Wallet, just don't use Google Wallet. If you want to stay anonymous, use cash.

    And wear a hat.
    And gloves.
    And a fake mustache.

    • Re:Hyperbole (Score:5, Insightful)

      by pushing-robot ( 1037830 ) on Thursday May 26, 2011 @04:07PM (#36256198)

      Also, credit cards, debit cards and checks claim prior art.

      • Re: (Score:3, Insightful)

        by somersault ( 912633 )

        I was going to mod you Underrated, but instead I'd just like to say that whoever wrote the article is dumb as shit. And not that high grade shit.

      • by tlhIngan ( 30335 )

        Also, credit cards, debit cards and checks claim prior art.

        Except that it required cooperation with your financial institution to get at this data, and if you use separate financial insitutions (not unusual), it's hard to correlate all that data into one complete profile.

        With Google Wallet, you'll just literally Google the information out in one go. And querying one big entity with information on all of us is much easier than having to gather from multiple companies and reconstruct the trail from there.

        Ditt

        • Except, well... Google doesn't just give up your information as freely as you think. It's no different than a credit card company. If you don't like it, continue to use your Visa instead of Google.

          It's not like I can Google "nschubach bought ? on Tuesday" and get a full report. What are you thinking?

          • Re:Hyperbole (Score:5, Interesting)

            by tftp ( 111690 ) on Thursday May 26, 2011 @05:04PM (#36256830) Homepage

            It's not like I can Google "nschubach bought ? on Tuesday" and get a full report.

            Why don't you try that query yourself? I did. Congratulations with your purchase [rx8club.com] of '04 Silver RX8 - G/T Package - 6 Spd. MT in June 2004. It was probably nice weather then in Schaumburg, IL. Is there anything else you'd like to announce to the whole world? Google doesn't need to do a thing here, other than to collect what people willingly reveal about themselves.

            With regard to my own username, it is short and common (as in RFC 783). Besides, I don't reuse usernames. The only way one can associate my posts across multiple sites is by writing style.

            • Good to know there are some slashdotters out there who drive manual transmission cars
            • Yeah, it was a fun car to have for the time I did... and I don't live in Schaumburg anymore. So that's terribly relevant information for someone trying to sell me something when I live two states away now. ;)

              • Re:Hyperbole (Score:4, Insightful)

                by tftp ( 111690 ) on Thursday May 26, 2011 @06:36PM (#36257876) Homepage

                I don't live in Schaumburg anymore. So that's terribly relevant information for someone trying to sell me something when I live two states away now. ;)

                That would be only marginally true. You are interested in these cars, and you even had one - so this bit of information is quite valuable, especially if it can be datamined without the expense of owning dealerships and keeping records.

                And that would be completely untrue with regard to protecting your anonymity - if, for example, the government is after you. The IP address is history; probably nobody can figure out who it was given to 7 years ago. However Schaumburg is a small town (about 75,000?) - how many cars of this make and model were sold to residents there? Probably not more than a few; and these records stay forever.

                I'm probably not sufficiently paranoid to worry too much about such things (and obviously neither are you) - but from purely technical point of view a lot of information was leaked, and that information can be exploited by anyone who cares. This is something to be concerned about if you discuss your ownership of expensive cars, firearms, or other stuff that is in high demand. You don't want to reveal ownership and location at the same time.

          • by cdrguru ( 88047 )

            Right. Google doesn't give away this information - it has value. They sell it.

            For example, how much do you think their recent survey of all the wireless routers in the world is worth to wireless router manufacturers? To know what routers are being used in more affluent zip codes as opposed to poorer districts? Also, based on signal strength the Google data probably has an 80-90% correlation of router MAC address to street address, and you can get all sorts of demographic data from a street address. I h

        • Re:Hyperbole (Score:5, Informative)

          by Anonymous Coward on Thursday May 26, 2011 @04:33PM (#36256534)

          Fuck that, they'll just go to Experian.

          Experian? Who are they? Yeah, if you don't know about Experian, you don't understand privacy today.

          See, Experian is, to the public, a credit rating agency. So they just so happen to collect all your credit card data, loan information, and so forth. Fancy that!

          But it gets better.

          See, they also collect all that loyalty card data that you believe is so difficult to acquire... among *many* other things. They then correlate the data up, package it, and sell it to whomever wants it. Traditionally this has been direct mail marketers, among other things.

          And the breadth of the metrics available? Astounding. People who purchase that data know if your fucking car lease is about to expire or not.

          So trust me when I say, Google Wallet is nothing. The privacy horse ran out of the barn a long long time ago.

          • And hey, it gets better: ever heard of Hitwise? Also by Experian. Internet tracking. Their own tagline is "the leading online competitive intelligence service". The amount of data that flows through Experian is huge, and I can only imagine how it can be correlated together.

            I was this close to working for those guys, and then I wised up and pulled out of the interview process.

            • Re: (Score:2, Interesting)

              by Anonymous Coward

              I did work for Experian for over a decade in the division responsible for all those credit card offers you get in the mail. The amount of data Experian has on over 300 million people contained in their File One database is staggering. They can and do aggregate mountains of personal financial information from every conceivable source that is used to calculate thousands of different behavioral "attributes" and credit scores at the behest of banks, credit unions, insurance companies, collection agencies, gov

        • by geekoid ( 135745 )

          No it didn't.
          The stores track all the information right now. Your names, what you buy. Every piece of data they can. So if you are not using cash, they already have that information.

          They only need to go to financial institutions if they want your bank information.

          This is also in conjunction with a financial institution, just like you CC/DC.

          How hard to you really think it is to correlate the data currently?

          If you are marketing to a large demographic, you need to contact maybe a dozen chain.
          If you are looking

          • by cdrguru ( 88047 )

            The stores already sell the data to aggregators. The raw scan data plus loyalty card information. Every single item that is scanned at a checkout station.

            The stores make some money from this, but the aggregators make a lot more for analysis and packaging it all up. No manufacturer in their right mind isn't buying this information because they have to know who is buying what. It guides product development decisions and what to do with current products.

            Google would be in the unique position of being both

      • by drb226 ( 1938360 )
        Also, WalletMakers claim trademark infringement. WalletMakers claims that "wallet" is not a general term for "money-and-identification-holder", and Google's use of the term violates their self-proclaimed, possibly government-supported, monopoly on it.
      • but it's a present where every transaction can be tracked and data-mined

        FTFY.

        Also, discount cards were specifically created for this data mining. Rebates also get your info. Credit Card cash back is to induce you to use credit cards instead of cash so they get their fees and can track you more.

      • by EdZ ( 755139 )
        To to mention the FeliCa system, a NFC payment system used in Japanese phones for the past 6-7 years.
    • Re:Hyperbole (Score:4, Insightful)

      by Intron ( 870560 ) on Thursday May 26, 2011 @04:07PM (#36256206)

      Fine until everyone requires some tracked form of payment. Try using cash to buy an airline ticket, for example. See you when you get out.

      • Re:Hyperbole (Score:4, Informative)

        by pushing-robot ( 1037830 ) on Thursday May 26, 2011 @04:13PM (#36256290)

        Um, OK. [ehow.com]

      • Try using cash to buy an airline ticket, for example. See you when you get out.

        What do you mean "try" using cash? Southwest Airlines [southwest.com] lists it as one of their accepted forms of payment:

        Cash: Southwest Airlines accepts cash for payment of purchase at all airport ticket counter locations.

        Don't let pesky little things like facts get in the way of a stupid post, though.

      • You have to show your ID to buy a ticket, even if you pay with cash. Your name is printed on your ticket. We stopped being able to fly anonymously shortly after 9/11/2001
      • Try using cash to buy an airline ticket

        No doubt! I was stuck flying back on a redeye from Mexico city. When I pulled out cash to upgrade to first class I had that sudden feeling you get when you pull out $50, in 1's 10's and 5's, in a convenience store on the south side. Lets just say it was the only time I ever felt the temperature drop in Mexico.

    • by PPH ( 736903 )

      And don't use those store discount cards.*

      *Better yet: I came across one in some junk at an estate sale of a deceased person. That was about 10 years ago. The card is still valid.

    • But, I have a mustache. Does that mean I have to shave it off just to wear a fake one?

  • by Kuukai ( 865890 ) on Thursday May 26, 2011 @04:05PM (#36256172) Journal
    Aside from being run by Google?
    • Has slashdot/online/other media ever let facts get in the way of a nice headline?

      That credit cards collect the same information is completely irrelevant to the article - because that fact is simply discarded.

    • Re: (Score:3, Insightful)

      by blueg3 ( 192743 )

      Well, you see, when it comes to patents, people are offended that adding but it's online or but with a computer or but in the cloud makes something qualify as a new idea.

      When it comes to things that could involve gathering data, adding but now Google is doing it makes it new and outrageous.

    • Re: (Score:3, Interesting)

      by DogDude ( 805747 )
      It costs the merchant more. It won't be implemented widely in the US, considering that Google's fees are higher than American Express.
    • What puzzles me is that there is no confirmation step required in these contactless payment systems.
      When I buy stuff with my chip-based debit or credit card, I'm asked to enter a PIN. Else, I have to physically swipe the card to ensure there is no ambiguity as to whether or not I meant to pay with my card of choice.

      With a contactless system, I could be wanting to pay with my credit card, but if I accidentally held my cell phone too close to the reader, it would debit the amount from my phone instead of my c

      • by geekoid ( 135745 )

        You can do this, right now, with most CC and DC cards.see: PayPass.

      • by hitmark ( 640295 )

        Actually the wallet app has to be unlocked by pin before use.

        also, the NFC antenna is off when the screen is dark.

    • Which can be used to better manage money and grow wealth.

      Similar to weather you log into Google or not. You get more efficient searches when you log in.
    • Only in that banks don't serve you web ads. This helps Google get even better informed about what you thus tailor ads to your psyche.

      Because, please, the purpose of stalking and data-mining the hell out of you is not just to sell you wonderful goods that will make your life better but to learn the marketing tricks that better fool you into getting what you don't really need.

    • by MozeeToby ( 1163751 ) on Thursday May 26, 2011 @05:23PM (#36257006)

      This kind of system offers significantly better security than CCs.

      If the system is designed well the stores you visit will never see your financial information (and never have an opportunity to lose it). Encrypt the account information on the phone with a psuedo-random number that is generated every 60s (along the lines of SecureID), send the encrypted data to the store, the store forwards that encrypted string, along with the amount of purchase to the payment server, the server responds back with a simple 'approve/deny' response. This also applies to card skimmers, if someone skims your account details, they're valid for 60s or less.

      The system can also be password protected, or even biometricly protected if you really wanted to make things easy; which is better than I've heard of CCs being able to do.

    • by iceaxe ( 18903 )

      It's not. The payment will still go through your credit/debit card account, unless you sign up for a Google pre-paid account, which is just another debit account anyway. (And is only 'google' in name - google won't be handling your money.)

      Google is just providing a new way to access that means of payment, in a hopefully convenient and secure way. I say hopefully, because this thing is beta, with as yet unknown bugs and problems still to be worked out.

  • Other then contact-less reading (which can and is done with smart cards already), how does this allow them to track you any differently then a credit card?
    • by pavon ( 30274 )

      Agreed, shopping stopped being anonymous when people started using credit cards. My main concern with this system is security. Android phones have been rushed to market, and many are infrequently updated. Smartphones in general, and Android in particular are ripe for malware exploits. I don't even trust it with a credit card for Marketplace purchases, let alone for anything else money related.

    • Well, a credit card terminal just gets a total from the register. TFA is assuming that Google will demand and require that all cash registers tell the Google Wallet terminal every single item being purchased! And in case they're wrong, watch how easily it is to back peddle! "You're right, they don't examine what's being bought....yet." It's a classic move, but stick with what works I say.

      FTA is absolutely mentally retarded. Lets take a quote. "The store, for example, could aggregate that informatio

  • What anonymous shopping? You can be traced with enough effort using cash, let alone the ease of tracking the vast majority of people using credit cards, debit cards or checks for purchases. What a fucking stupid headline and summary.

  • BitCoin (Score:2, Informative)

    There's always BitCoin.....
    • Yeah if don't want to be able to purchase things from 99.9% of stores out there.

    • ...or a digital cash system that is backed by something. You know, if we are going to use computers to issue payments at stores, we might as well use a digital cash protocol, and if we are going to continue relying on banks and large corporations to underwrite these transactions, then we should use a digital cash system that is backed by $country's currency. You go to the bank, pay them dollars for digital cash tokens, and then use your phone to make the payments. Bitcoin's effort to revolutionize the gl
      • by geekoid ( 135745 )

        I wrote Smart Card software in 95 that did this same thing in Zambia.

        IN fact, it was initially written so the merchant could put money on and off the card. So they could pay their employees. Of course that means the bank is out of the loop, so we removed that feature pretty quickly.

  • ... your health insurance company might be interested in your sodium intake.

    s/be interested in/change your premium based on/

    FTFY.

  • but it's a future where every transaction can be tracked and data-mined

    Thank God they can't do that with credit cards!

    • Actually they can't, because the cash register only sends the total to the credit card terminal, not a line-by-line rundown. That's why there's a register receipt with every item, and a credit card receipt with the total only. TFA is assuming Google will change this. They're also assuming that cash registers don't already log purchaces, which is completely false. Actually, it's laughable. TFA even says this will cost jobs because, with an android phone checkout, they won't need cashiers! Cus lacking a
      • Yes, but if you happen to use a supermarket discount card they DO have what you bought and they do data mine that information

  • Certain renegade elements of the consumer sector are considering switching to alternate methods of payment in retaliation against Google's proprietary monetary transaction system. "Basically the plan is to exchange small rectangular pieces of green paper in exchange for all debts, public and private," said one proponent of this new monetary system. When asked how his purchasing history would be tracked, indexed, and made available to advertisers in order to better serve him, he responded, "That's kind of
    • by geekoid ( 135745 )

      Google is just using paypass. This is not Google proprietary monetary transaction system any more then any Credit Card.

  • I need to set up a whole lot of billing booths at random places along streets that read "walk past me to make a $1 donation to my personal wellbeing!"
  • I don't know about anybody else, but I've been considering going back to paying cash for most everything for a while now. I read much more like this and I'll be doing it.
    • Don't wait, switch to cash. They won't be able to track you as easily (not that you probably matter or that they care) and also it'll mean you can't get into debt. Credit is the devil. Never had a credit card, never will. Can't afford it, don't buy it. It's worked great for me for years.
      • How do you rent a car or book a hotel room without a credit card? Genuinely curious. I had no CC for a few years after I graduated until I wanted to start traveling and found it almost impossible to do it without a credit card.
    • by geekoid ( 135745 )

      Why? why is this different the use CC? Paypass? It's not.

      Go back to cash if you want, but your paranoia is unfounded and based on incorrect information.

  • by Exitar ( 809068 )

    And Google Buzz was the end of Facebook.

  • If Google wants to track my buying habits then use that info to push ads relevant to me, then by all means do so. I'm Vegan, so I don't need ads on steaks or Burger King. And if they've got some online coupons, then hook a brother up because being Vegan ain't cheap.
  • How is this different from credit cards?

    Simple:
    A traditional credit card has raised digits and other information on the card itself -- It is not very secure. When you hand your credit card over to the waiter/waitress they can easily snap a pic with their camera phone and sell that data for $2 (wholesale) online.

    A magnetic strip bearing credit card has the above insecurities, plus a convenient stripe that can be used to input the information into a computer -- Fake "clone" cards can be created that have the same magnetic signature as your card, and actually, the mag stripe lessens security by giving the clerk a false sense that the card is legit. The clerks don't care anyhow, it's not their money -- As a test I actually use a cloned card printed with the name "Sir Thievey Thiefterson III" and always sign my name as: "This card is Stolen" on all receipts; It's been four years, and still only eight times has my ID been asked for -- at which time I tip the cashier and use my real card.

    A near field credit card works via RFID. RFID is not secure. It has no concept of a secret internal state and a challenge response system to authenticate that single (and only that single) transaction. It simply responds to query, any query, with your card info. Once again, we're putting the insecure data that's printed on the outside of the card into a more conveniently readable format, but this time it can also easily be scanned by malicious persons from several hundred feet away by using a Pringles can to shape their antenna's emissions.

    None of these data exchange formats have the concept of a secret internal state and a challenge response system to authenticate that single (and only that single) transaction. It takes a computation capable device to provide public key encryption. We solved the problem a long time ago with public / private key pairs -- Google Wallet is a technology that finally uses the solution to the problem of identity theft via "public" card information dissemination. The device and/or application containing the private key (the key itself, even) can itself be locked/unlocked with a pass-phrase.

    Note that this is not absolutely secure -- nothing is -- however, it is leaps and bounds more secure than the current dumb "hey here's a plain-text number to get my money" credit card system.

    As for traceability -- It's no more traceable than the credit card system, true. It could be made more private by using something in the vein of Bitcoin (there I said it), since it has over a hundred unique account tokens for a given wallet. However, you would need an intermediary to process the transactions on your behalf, and trust them with your identity -- I'm looking at you Google.

    In short: The Current Bullshit CC system is Broken as Hell! This is a step in the right direction, get on board or have your identity stolen like a dumbass.

    P.S. In 2001 my wallet was stolen from my locker while I was clearing a jam from a trash compactor. I canceled my cards & entire bank account, got new checks & cards, and STILL was fraudulently charged $557.00 via the old canceled bank card three weeks later -- Wells Fargo doesn't care if I followed their security guidelines to the letter and have written proof of such -- they don't care if their agents were the ones that fucked up and didn't take the stolen card off of my name, and it ended up linked to my new account: It's not their money, they don't care (I still "owe" them this money since I refuse to pay for others' mistakes, also, credit reporting companies don't care either).

    P.P.S. Cash is still the most secure, but carrying a lot of it is arguably not (Yes, I have been robbed at gunpoint after cashing a large check -- if I had digitally transferred the funds, I would not have lost the money).

    Your's truly,
    A FOSS Hacker that grew up in the ghettos of H-Town.

    • by geekoid ( 135745 )

      " but this time it can also easily be scanned by malicious persons from several hundred feet away by using a Pringles can to shape their antenna's emissions."

      no, it can not. FOr a test, why don't you make said cantenna(trivial) and get information from Pay Pass swipes? It's the EXACT SAME THING.

      And your wells Fargo story stinks to high heaven.
      As someone who was in the sane situation, including getting charged after the fact. It took me exactly 1 10 minute phone call.

      Even if true, there are some pretty trivi

    • by cdrguru ( 88047 )

      You must have done something to piss someone off. While it sounds like this was an ATM card where limits don't apply - or at least didn't until recently - I have never heard of anyone losing out on lost or stolen cards.

      Of course, mostly that is dealing with credit cards, not debit/ATM cards where it is in the bank's interest to push as much liability onto you as possible. With credit cards it is always the merchant that loses out.

      This is something to keep in mind. With a credit card there are four agents

  • The summary has it backwards: Your health insurance company is interested in your calorie intake and the police are ones interested in your Doritos intake. Nobody cares about the soduim.
  • I remember stories that FBI would record the serial numbers of robbery cash, usually $100s. They they'd wait for the numbers to show up at Reserve Banks which often scan the serial numbers. Then the FBI would home in sub-banks and merchants to identify usage locations.
  • In Switzerland and elsewhere I can already pay for vending machine purchases with my phone. In Hong Kong I can use my Octopus card.
    • Maybe, but likely by charging to the phone bill via SMS or some other archaic method... not really the same.

  • If you live in a city, you are on camera anyway.

    You are traceable - how many people with your "taste" in clothes and your fine figure live in your area?

    • You are traceable - how many people with your "taste" in clothes and your fine figure live in your area?

      Thanks to the efforts of Levy Strauss and Ray Kroc, quite a few.

  • That definitely is bad news for stripper & escort girl afficionados :)

  • Is this information really necessarily private, or is it private just because we worry that it leaves us somehow more vulnerable? Have any of us really thought through what "vulnerable" might mean?

    Some alternative thinking: Our data, ourselves [boston.com] at The Boston Globe.

  • "Computer, report location of Cmdr Riker"

    The future is privacy through access control, law and mutually assured harassment. Once you can easily tell who exactly Googled you, they will be a lot more respectful.

  • Another hysterical headline. Can we please stop doing this? I vote Timothy is no longer allowed to post Google stories--clearly Google killed his puppy or something and he simply can't get past it.

  • (Ok Devil's advocate here, just for fun.)

    Who cares?

    Let's look at each of your best attempts at a scary consequence.

    "Stores can use information about your Doritos purchases to rearrange their wares" - sounds good to me, helping to make sure the shelf hasn't run out of what I want. Why be so protective of information which is expressed so publicly anyway whenever you shop?

    "Google could push coupons via its new Google Offers service" - coupons are an annoying way to create artificial loyalty, but I do

  • Google wallet could also be a good thing for the consumer. It would mean that all items bought this way will have their prices tracked and stored in google. This will mean that users should be able to run price comparisons over all stores that are compatible with this tech - this means you can work out before you go grocey shopping - which store will offer you the best price for your weekly shopping list.

  • by Jane Q. Public ( 1010737 ) on Friday May 27, 2011 @12:37AM (#36259848)
    Sheesh, people. Stop worrying about about all the silly little things. If you don't want your grocery store collecting information on you, use fake information when you sign up for your card like I do! Problem solved.

    There's a bigger issue at stake here, but I haven't seen anyone else mention it yet.

    Have you heard of Michael's? The nationwide craft store? Thieves managed to swap out 90 separate credit card readers without anybody knowing, in Michael's stores around the country. They've been snarfing credit card data for quite a while.

    With NFC, the thieves will have a field day! They don't even need to swap out readers; just stick your sniffer's antenna somewhere close enough to read the NFC transaction. What do you want to bet that passive receiving can be done from a couple of feet away? Then they just sniff the transaction and away they go.

    What's that you say? Secure communication? Hahahaha.

    There isn't a major credit card system in existence in the world today that hasn't been hacked at one time or other, and most of those "bugs" just got whitewashed over, not really fixed. Hell, it didn't take long at all to hack the "unique, secure" id from RFID tags and clone them.

    The probability that somebody will find a serious vulnerability in the system is close to 1. Combine that with reading from a distance, and it will be a free-for-all.

    This is such an outrageously bad idea, I can hardly sit still and not yell at people about it. I have already berated one software company for planning to support NFC in its apps.

A committee takes root and grows, it flowers, wilts and dies, scattering the seed from which other committees will bloom. -- Parkinson

Working...