Comment by moksly
6 years ago
Privacy often guides my tech choices, I do have a Facebook account for events but I don’t use their apps and I only log in when I’m invited to something. I try to use DDG though it’s almost impossible to avoid google in my language. And so on, but one area I can’t avoid is banks, and I’ve been wondering why they are sneaking past the privacy talks.
I’m Danish and we’re rather digitized. I mean, I have a national ID that can authenticate me anywhere that support it that runs in a mobile app. I use it for things like banking. Anyway, we also have a range of financial apps. Two are particularly interesting in terms of privacy. One of them is called mobilepay, and mainly handles transactions between small shops or when you need to send/request money between friends. As such it knows who my closest friends are more accurately than Facebook ever did, because I never Facebook chatted with people I see every day, I do however go to various events with them where we manage the bill with mobilepay. And since mobile pay isn’t just linked to a contact, but an actual phone number they have that too.
That’s not really the part that worries me though. It’s the way they track my purchases. Mobilepay lets you do electronic receipts, meaning they can read what you buy. It’s voluntary so you could opt out of it, but we have another app called Spir which helps you budget and organise your private economy by accessing your accounts through bank APIs. Spir can also see what you purchase, so even if you’re not opting into it, banks tack everything we buy unless we’re using cash. I’m not sure if this has to do with our national payment-card called Dankortet (kind of a mixed credit/debit card, but not exactly) or it’s just how modern transactions work. However that information is much more accurate than my search history.
I have anxiety, I also recently had a hemorrhoid, I’m fairly certain google might think I have cancer. My bank knows that’s wrong though, because they know I bought hemorrhoid medicine at the pharmacy.
You can always shoot a couple of GDPR data requests...
And you can use cash for sensitive purchases.
>And you can use cash for sensitive purchases.
This isn't always a viable option.
For example, in Sweden, we have stores that are kontantfri (cash-free) and it's projected that almost all of Sweden will be cash-free by 2023[0] to 2025[1]. (Sorry the links are in Swedish but you should be able to use <your chosen provider here> to translate them to your language.)
Given that the nordics tend to trend together, I imagine that Denmark is relatively along the same path to being cash-free, as well.
I think a better (but more complicated) alternative would be to use two different SIMs for separating those apps from an every-day number; however, that comes with the problem of carrying a second phone. Dual-SIM would just present a surface to tie the two numbers together but so would the two phones being in the same area (in proximity of each other) almost all of the time.
In other words, I don't really know how to solve this problem because it depends on everyone else not jumping on the bandwagon; however, to your suggestion, cash will not be a viable option for any purchases - much less, sensitive ones - in the very near future.
[0] - https://computersweden.idg.se/2.2683/1.690197/kontanter-slut...
[1] - https://www.compricer.se/nyheter/artikel/24-mars-2023--da-ar...
Could you buy pre-paid credit cards with cash? then use a different one each month/week/day depending on your level of concern?
2 replies →
As GDPR Data Requests go, the following "GDPR Nightmare Letter" has impressed me since it came out 2 years ago:
https://www.linkedin.com/pulse/nightmare-letter-subject-acce...
Of course this is an overkill, but it gives a good starting point - feel free to reduce it to serve your needs.
From some discussions about this letter I gather that it can be easily dismissed by court because it reeks of "bad faith" and not a legitimate concern.
2 replies →