> Understanding the Products, Services and offers that you, and other AT&T customers with whom you call and text and interact, might enjoy the most. We do not use the content of your texts, emails or calls for marketing or advertising.
> The keyword here is content. They don't use the content of the messages and calls, just the metadata (numbers that communicated, duration, etc). That information alone could be very revealing though.
If it's metadata plus content of your contacts' web searches, etc., then the distinction becomes meaningless.
If you have a phone call with a friend about widgets and then they google for it just after the call, a wise marketer might think they should show you some ads for the same thing just in case.
Just pray your friend doesn't google something illegal or distasteful just after they get off the phone with you.
You can learn so very much about a person and build a highly accurate and surprisingly detailed "profile" of them from just the "metadata" of their calls and text messages [0].
They almost certainly already know where you live and whom you live with, where you work, where you shop for groceries and hang on, where you travel to on vacation, and so on.
For many years now, they've been capturing this "metadata" (at minimum) anyways -- to hand over to the U.S. Government on a daily basis -- so we really shouldn't be surprised that they decided to take advantage of that and use this information in any way that they can.
Personally, for quite a while now, my "default" has been to automatically assume that pretty much ANY data I provide to any company WILL be kept -- forever -- and used in absolutely any way whatsoever they they desire and/or for any purpose, including "sharing" it with any other company to be used in any way and for any purpose (and even if they aren't right now, that can change at any time).
--
As an aside, Gen. Hayden (former DIRCIA/DIRNSA) testified that, "We kill people based on metadata".
--
[0]: Additionally, any "missing pieces" of their profile of you can probably be "filled in", thanks to their access to your (Internet) data that also travels across their network. Of course, I'm sure they would NEVER do anything like that -- nor anything they might ever need "retroactive immunity" for!
Your ISP sells your data, your mobile phone carrier sells your data and the apps on your phone sell your data. But it is anonymized so it is no big deal, right? Well, it is not anonymized enough and they sell just enough data that unscrupulous middle ware advertising companies are buying that data and then identifying user information including home addresses.
I am copying and pasting another comment I made on another thread:
"Companies are now promoting data services to advertisers that allow a company to install a cookie on their website and, by just having a user complete a site visit, match an IP address to a physical mailing address with claimed 90% + accuracy. Don't believe me? Check out this company: https://www.eltoro.com/. One of many companies that have recently popped up offering just such a service."
This is achieved by layering user data from mobile applications and user data from ISPs and mobile carriers. Combined it is enough to do some scary stuff.
Given that most services are unlimited, I would like more apps to maintain 10% randomized utilization.. ATT can try to find my data in the sh*t I use to bring down their network and scum bags in the desert can store my possibly encrypted 100mb/s streams indefinitely.
This is as circumstantial as it gets. I think this is happening, then I saw an ad that confirmed my original thoughts and thus this lofty claim must be true.
Its similar to that Reply-All story where they looked into whether the claim that FB was listening in on people's discussion, and despite there being no physical way for it to happen, people still believed it.
I remember that story and they really failed to make a case. With as many security experts are constantly looking at the big apps like Messenger/Insta, you think someone would notice huge packets of audio data if this was happening.
I think what's much more likely is that machine learning algorithms are so good right now, they're able to determine what people are interesting in based on browsing habits and other metadata. Either that or they're using your location data and tracking what adverts people are physically seeing on signs/billboards.
So you may think your app is listening to you because you get an ad for something you talking about, but you don't realize you talked about it because your brain subconsciously registered a billboard over and over again.
Facebook doesn't have to listen to us for that to be happening though.
Purina Dog Chow purchases "Qualified Leads" from marketers who have lists of people interested in Dog Food.
We have no idea where they get those lists. If you play Candy Crush, and that third party app has Microphone access it could be collecting the data, and selling it to marketing agencies, which then sell the qualified leads to Purina dog chow.
You are still being listened to and your information sold. It just happens on Facebook more than it being Facebook's fault directly.
Indeed we have to remember that when assessing the likelihood of a coincidence, it’s not the odds of any given event, but the odds that none of the many possible events you might recognize occur
I hate that so much. "Complying with your regional laws makes it harder for my business to scale!" As if gigantic jurisdiction spanning global/national firms were desirable things everyone wants. CCPA is a great example. If a company thinks it's hard to deal with California, I'm happy for them not to, and let a local firm pop up that delivers on the terms I want (CCPA compliance).
Americans have been marketed to by American marketing firms and consultants that the GDPR is difficult and costly to implement. As an American that worked in the EU and had to implement GDPR compliant systems there is so much FUD spread about it. A lot of it is company momentum to not implement the easy stuff, ie. "we've never encrypted our data. What if we forget the passwords?!" And the rest is ease of access, "marketing needs access to billing information. We've always been able to use it so why should we have to ask permission?"
I kind of agree, but it seems like we ought to be able to prohibit at least the covert sale of customer data without going full GDPR. Could Americans at least try out a GDPR-lite before going all in on the more extensive provisions?
> Sometimes we enter a wrong search word, or a wrong web address, or maybe the website we want is no longer in service. If this happens, the DNS Error Assist service automatically searches for similar or related terms and presents you some results that may be useful for you. Otherwise, you’ll get a “No results found” error message.
Sprint and Verizon and T-Mobile do this too. Sprint sells your entire app usage too, as all their hardware runs on their proprietary versions of the given OS.
Can anyone find the direct opt-out URLs for those?
I've tried on two laptops and five browsers, but I cannot use Verizon's website, the auth loop spins back and forth forever. I honestly think it is purposefully half broken or half fixed so I cant cancel my account ever.
It's my data. It's clearly valuable. I want my cut. Pay me.
There are a handful of obvious, simple ways to establish and protect personal privacy:
Extend property rights to all personal data. Then "privacy" is treated like every other asset, liability and protecting it is just bookkeeping.
Ban targeted ads. Ban freemium. Effectively eliminates most (non-govt) incentives for aggregating PII.
Require translucent database techniques to encrypt all PII data at rest. (Just like proper password persistence. Store salted hash, not the original value.)
Extra credit: Federal agency for credit ratings. Hellban all the non-govt agencies.
They very well could say that their product teams (internet, tv, cellular, etc) take the data they sell into account when determining prices and thus prices are lower since barely anyone opts-out of selling the data.
We must not rule out the possibility that rogue apps are siphoning data for ad targeting, especially given AT&Ts Privacy Policy: "We do not use the content of your texts, emails or calls for marketing or advertising".
AT&T _could_ choose to violate this policy but I imagine it would open them up to legal risk that they would not want.
Took less than a minute just now to opt out for all of my phone numbers. They don't give you a single yes/no switch to opt out - you have to set each phone number to "no" for each of several services - but all things considered, it was pretty quick.
you shouldn’t have to learn about this by some rando reddit post. when a company adds some new egregious monetization scheme to something that a customer has a reasonable expectation of privacy to there should be a notice to the customer.
Google Fi, as a Google product, has effectively zero customer support, so I don't think an attacker could social engineer their way to a sim swap. /s, only a little.
Verizon's Account Settings page has an evil dark pattern. The link to the Privacy Settings page does not appear in the menu. There is a Privacy Dashboard link which also does not contain a link to the Privacy Settings. I only found the link to Privacy Settings after submitting a request to Verizon to delete the data they have stored about me.
I would switch to a mobile service provider that cared about its customers, if one existed. The options in my area are AT&T, T-Mobile, Verizon, their subsidiaries, and Google.
I'm kind of skeptical of that. Do you specifically mean location metadata (I'm aware that happens), or do you actually mean AT&T sells access to datasets which map semantic content in the call to specific brands and products?
Credit card transaction data has a much higher signal for the same purpose and is just easier to work with.
I opt-ed out from my Comcast ISP after reading this. Next while in my Verizon account I went to my privacy settings on multiple devices, and updated browsers and I had nothing but redirect notices about not being able to connect to the site. I called Verizon, to make my concerns known and was finally sent a link via text, to finally change my settings to Opt-out. Ridiculous. Thank you for your post.
[+] [-] ed312|5 years ago|reply
Just wanted this to be at the top in case anyone is allergic to reddit threads.
Turns out my family was "opted in" even though we never gave any consent for this (and we certainly never would if asked).
To quote the top reddit comment: "Get f*ed at&t"
[+] [-] MetallicCloud|5 years ago|reply
https://www.xfinity.com/privacy/opt-out
[+] [-] barlo|5 years ago|reply
As an aside, they have a terrible UI/UX for this - it's probably on purpose. They could have easily put all of those permissions on a single page.
[+] [-] lopsidedBrain|5 years ago|reply
[+] [-] lights0123|5 years ago|reply
> The keyword here is content. They don't use the content of the messages and calls, just the metadata (numbers that communicated, duration, etc). That information alone could be very revealing though.
https://www.reddit.com/r/privacy/comments/j9hsjz/att_is_sell...
[+] [-] WrtCdEvrydy|5 years ago|reply
[+] [-] ballenf|5 years ago|reply
If you have a phone call with a friend about widgets and then they google for it just after the call, a wise marketer might think they should show you some ads for the same thing just in case.
Just pray your friend doesn't google something illegal or distasteful just after they get off the phone with you.
[+] [-] jlgaddis|5 years ago|reply
They almost certainly already know where you live and whom you live with, where you work, where you shop for groceries and hang on, where you travel to on vacation, and so on.
For many years now, they've been capturing this "metadata" (at minimum) anyways -- to hand over to the U.S. Government on a daily basis -- so we really shouldn't be surprised that they decided to take advantage of that and use this information in any way that they can.
Personally, for quite a while now, my "default" has been to automatically assume that pretty much ANY data I provide to any company WILL be kept -- forever -- and used in absolutely any way whatsoever they they desire and/or for any purpose, including "sharing" it with any other company to be used in any way and for any purpose (and even if they aren't right now, that can change at any time).
--
As an aside, Gen. Hayden (former DIRCIA/DIRNSA) testified that, "We kill people based on metadata".
--
[0]: Additionally, any "missing pieces" of their profile of you can probably be "filled in", thanks to their access to your (Internet) data that also travels across their network. Of course, I'm sure they would NEVER do anything like that -- nor anything they might ever need "retroactive immunity" for!
[+] [-] etempleton|5 years ago|reply
I am copying and pasting another comment I made on another thread:
"Companies are now promoting data services to advertisers that allow a company to install a cookie on their website and, by just having a user complete a site visit, match an IP address to a physical mailing address with claimed 90% + accuracy. Don't believe me? Check out this company: https://www.eltoro.com/. One of many companies that have recently popped up offering just such a service."
This is achieved by layering user data from mobile applications and user data from ISPs and mobile carriers. Combined it is enough to do some scary stuff.
[+] [-] foolmeonce|5 years ago|reply
[+] [-] wyxuan|5 years ago|reply
Its similar to that Reply-All story where they looked into whether the claim that FB was listening in on people's discussion, and despite there being no physical way for it to happen, people still believed it.
[+] [-] djsumdog|5 years ago|reply
I think what's much more likely is that machine learning algorithms are so good right now, they're able to determine what people are interesting in based on browsing habits and other metadata. Either that or they're using your location data and tracking what adverts people are physically seeing on signs/billboards.
So you may think your app is listening to you because you get an ad for something you talking about, but you don't realize you talked about it because your brain subconsciously registered a billboard over and over again.
[+] [-] ghostbrainalpha|5 years ago|reply
Purina Dog Chow purchases "Qualified Leads" from marketers who have lists of people interested in Dog Food.
We have no idea where they get those lists. If you play Candy Crush, and that third party app has Microphone access it could be collecting the data, and selling it to marketing agencies, which then sell the qualified leads to Purina dog chow.
You are still being listened to and your information sold. It just happens on Facebook more than it being Facebook's fault directly.
[+] [-] mxcrossb|5 years ago|reply
[+] [-] pavlov|5 years ago|reply
But, you know, those same laws do a good job of preventing shit like this.
[+] [-] 6gvONxR4sf7o|5 years ago|reply
[+] [-] yardie|5 years ago|reply
[+] [-] throwaway894345|5 years ago|reply
[+] [-] judge2020|5 years ago|reply
> Sometimes we enter a wrong search word, or a wrong web address, or maybe the website we want is no longer in service. If this happens, the DNS Error Assist service automatically searches for similar or related terms and presents you some results that may be useful for you. Otherwise, you’ll get a “No results found” error message.
Ok, I'll try to turn it off.
https://i.judge.sh/early/Rose/qNw1RZCHQB.gif
Nope, it's broken.
[+] [-] altdatathrow|5 years ago|reply
[+] [-] TuringNYC|5 years ago|reply
[+] [-] syspec|5 years ago|reply
[+] [-] specialist|5 years ago|reply
There are a handful of obvious, simple ways to establish and protect personal privacy:
Extend property rights to all personal data. Then "privacy" is treated like every other asset, liability and protecting it is just bookkeeping.
Ban targeted ads. Ban freemium. Effectively eliminates most (non-govt) incentives for aggregating PII.
Require translucent database techniques to encrypt all PII data at rest. (Just like proper password persistence. Store salted hash, not the original value.)
Extra credit: Federal agency for credit ratings. Hellban all the non-govt agencies.
[+] [-] altdatathrow|5 years ago|reply
[+] [-] judge2020|5 years ago|reply
They very well could say that their product teams (internet, tv, cellular, etc) take the data they sell into account when determining prices and thus prices are lower since barely anyone opts-out of selling the data.
[+] [-] aluminussoma|5 years ago|reply
AT&T _could_ choose to violate this policy but I imagine it would open them up to legal risk that they would not want.
[+] [-] muska3|5 years ago|reply
[+] [-] mkskm|5 years ago|reply
[+] [-] BrentOzar|5 years ago|reply
[+] [-] conductr|5 years ago|reply
That’s my experience
[+] [-] rubyfan|5 years ago|reply
[+] [-] malandrew|5 years ago|reply
[+] [-] unknown|5 years ago|reply
[deleted]
[+] [-] dellcybpwr|5 years ago|reply
[+] [-] unknown|5 years ago|reply
[deleted]
[+] [-] osamagirl69|5 years ago|reply
[+] [-] unknown|5 years ago|reply
[deleted]
[+] [-] RandomBacon|5 years ago|reply
[+] [-] toast0|5 years ago|reply
[+] [-] dredmorbius|5 years ago|reply
https://puri.sm/products/librem-awesim/
HN discussion: https://news.ycombinator.com/item?id=24653252
[+] [-] mleonhard|5 years ago|reply
https://myvprepay.verizon.com/prepaid/ui/mobile/index.html#/...
Verizon's Account Settings page has an evil dark pattern. The link to the Privacy Settings page does not appear in the menu. There is a Privacy Dashboard link which also does not contain a link to the Privacy Settings. I only found the link to Privacy Settings after submitting a request to Verizon to delete the data they have stored about me.
I would switch to a mobile service provider that cared about its customers, if one existed. The options in my area are AT&T, T-Mobile, Verizon, their subsidiaries, and Google.
[+] [-] cmbailey|5 years ago|reply
Then "Manage Online Advertising Preferences"
We were opted in by default.
Also (they claim) you can delete previous information collected on you at: https://www.verizon.com/privacy/secure/delete
[+] [-] dbyrd|5 years ago|reply
[+] [-] fractionalhare|5 years ago|reply
Credit card transaction data has a much higher signal for the same purpose and is just easier to work with.
[+] [-] unknown|5 years ago|reply
[deleted]
[+] [-] musicale|5 years ago|reply
Allow Use of Information:[No] Restrict User:[Yes]
[+] [-] Balgair|5 years ago|reply
https://simpleoptout.com/
[+] [-] lilbaine|5 years ago|reply