back to article 'Tesco probably knows more about me than GCHQ': Infosec boffins on surveillance capitalism

Privacy of medical data and the machinations of surveillance capitalism were under the spotlight at a Cambridge University symposium last week. Much of the day-long event, marking the 20th anniversary of think tank the Foundation for Information Policy Research (FIPR), was spent debating state-backed surveillance in its many …

  1. Roj Blake Silver badge

    Tesco Does Not Know More About Me

    I nearly always use cash when buying groceries, and I don't have any supermarket "loyalty" cards.

    1. werdsmith Silver badge

      Re: Tesco Does Not Know More About Me

      Tesco would know more about me than GCHQ because they are more interested in me than GCHQ.

      Tesco want me to give them my money. GCHQ get my money anyway.

      1. Smooth Newt Silver badge
        Meh

        Re: Tesco Does Not Know More About Me

        Tesco would know more about me than GCHQ because they are more interested in me than GCHQ.

        You have no idea how much GCHQ know, or do not know about you. Perhaps they know at least as much as Tesco as they can bulk purchase data from the same commercial sources as supermarkets do, and then add their drag-net surveillance to that. "Know" is also a very loose term, in this case it is about data pertaining to you spread across databases rather than, e.g. collated information in a written document.

        1. werdsmith Silver badge

          Re: Tesco Does Not Know More About Me

          @smooth newt

          You have no idea how much GCHQ know, or do not know about you.

          Yeah I know. I was being flippant.

        2. Adam 52 Silver badge

          Re: Tesco Does Not Know More About Me

          "at least as much as Tesco as they can bulk purchase data from the same commercial sources as supermarkets do, and then add their drag-net surveillance to that"

          Well they can order Tesco to provide everything they know, and then add everything your bank knows and then add everything your ISP knows and then add everything your doctor knows.

          So I think GCHQ certainly do know more than Tesco.

        3. eionmac

          Re: Tesco Does Not Know More About Me

          "Know" in the Biblical sense?

      2. Anonymous Coward
        Anonymous Coward

        Re: Tesco Does Not Know More About Me

        A few (cough) years back I did a bit of work at GCHQ.

        They know more than you do.

        1. Anonymous Coward
          Anonymous Coward

          Re: Tesco Does Not Know More About Me

          I see people have many theories on how Tesco could track you even without phone/clubcard etc..

          Well I don't shop at Tesco so I can safely say they don't track me.

    2. Anonymous Coward
      Anonymous Coward

      Re: Tesco Does Not Know More About Me

      But I bet they are tracking you via your phone. They will track that phone to the checkout, and then they will know what you've bought. Over time they will build up a picture of your spending habits, and even though they don't know your name, they know "you". Or am I being paranoid.

      1. Commswonk Silver badge

        Re: Tesco Does Not Know More About Me

        But I bet they are tracking you via your phone.

        Not when it's switched of, they aren't. And mine is switched off, because that's the way I live my life, not enslaved to a device. In any case it's a PAYG with no frills whatsoever; anything more than that would serve the needs of others rather than just mine.

        Anyway, as it happens cellphone coverage in our nearest Tesco is utterly shit so what's the point in it being on?

        1. Charles 9 Silver badge

          Re: Tesco Does Not Know More About Me

          Then they'll track you by the surveillance cameras. And there's no way to avoid those with drawing the attention of the plods for suspicious behavior.

          1. Swiss Anton

            Re: Tesco Does Not Know More About Me

            "... drawing the attention of the plods for suspicious behavior."

            Walking around with your mobile switched off is suspicious. Why are you trying to evade our tracking

            systems?

            1. Wensleydale Cheese Silver badge

              Re: Tesco Does Not Know More About Me

              "Walking around with your mobile switched off is suspicious. Why are you trying to evade our tracking systems?"

              Battery life.

        2. Doctor Syntax Silver badge

          Re: Tesco Does Not Know More About Me

          "Not when it's switched of, they aren't. And mine is switched off"

          Similar situation here except that the phone's probably switched on but left at home and possibly with a flat battery. In any case it's a fairly ancient one and although it has GPS I can never get it to work properly - it probably wants a data SIM which the PAYGO isn't in order to get maps or something.

    3. Joe Harrison Silver badge

      Re: Tesco Does Not Know More About Me

      Not using a supermarket loyalty card will have serious repercussions. For starters you will not get the coupon to which you are entitled, i.e. 15p off something you were not going to buy.

      I have photos of my friends' cards' barcodes on my phone and I randomly pick one when I'm in the relevant supermarket. Win-win for everyone except the supermarket.

    4. Nick Kew Silver badge

      Re: Tesco Does Not Know More About Me

      Tescos don't know anything about me. But that's just an accident of geography: there's no tesco within range of my food shopping.

      So let's substitute Sainsburys, whose superstore is just a mile up the road. They have plenty of data on me: not just the Visa card I normally use to pay, but also (shock, horror) a nectar card they use to pay for my data.

      Guess what? I'm not bothered by it. I don't believe Sainsburys are going to do anything nastier to me than to stop stocking something or put a price up[1]. They don't have the power to do anything bad. No police force, no legal system, no apparatus of the State. Dammit, not even influence over relative trivia like a credit score! And I don't begrudge them the information they gather: I think the price they pay is fair enough, and I'm just sorry the information doesn't seem to stop them all-too-often losing things I like enough to pay them for!

      Now what GCHQ know about me is much less clear, and that very lack of clarity could be a concern. Their methods of collection are more indirect and therefore likely to be less reliable, which raises concerns over a potential for incorrect data. And the possibility of their data being used by agents of the State with powers to deprive me of life, liberty, or other things of real value, makes their records a whole nother kettle of fish.

      [1] Except in December. Then they play muzak, so I go the extra mile to Lidl instead.

      1. Charles 9 Silver badge

        Re: Tesco Does Not Know More About Me

        So what if the plods co-opt the stores AND then force them to stay mum?

      2. werdsmith Silver badge

        Re: Tesco Does Not Know More About Me

        All those who think Tesco don't know about you, think again.

        I worked for one of these data processing places a few years back and what they know is shocking and it's not limited to who visits their stores or websites.

        I imagine they are even better at it now. I suggest you chuck in a subject access request, or whatever GPDR calls it now.

      3. cantankerous swineherd Silver badge

        Re: Tesco Does Not Know More About Me

        sainsburys will inform the DWP you've been doing your shopping and you'll be sanctioned.

        don't get ill, don't get old.

      4. JohnFen Silver badge

        Re: Tesco Does Not Know More About Me

        It may be (and probably is) different in Europe, but in the US in the vast majority of cases, if a company knows something about you, so does the government.

        1. Sir Runcible Spoon Silver badge

          Re: Tesco Does Not Know More About Me

          I usually give all the clubcard points to the person behind me at the till. Track that :)

      5. Doctor Syntax Silver badge

        Re: Tesco Does Not Know More About Me

        "Then they play muzak, so I go the extra mile to Lidl instead."

        Upvoted for the Lidl reference: no music, no ads, no burbling DJs. Peace and quiet.

    5. This post has been deleted by its author

    6. Anonymous Coward
      Anonymous Coward

      Re: Tesco Does Not Know More About Me

      I nearly always use cash when buying groceries, and I don't have any supermarket "loyalty" cards.

      Same. I withdraw cash on payday and use it for almost all purchases during the month that follows. Since my wife had her card skimmed a couple of times, and two attempts on my card, I decided cash is the way to go.

      I also don't have loyalty cards, but that's more to do with keeping my wallet buldgw to a minimum.

  2. iron Silver badge

    "getting people off Facebook isn't a terribly good idea because not being able to volunteer a social media profile can make someone the subject of suspicion in countries such as the US"

    So the correct thing to do is reinforce that behaviour? No, the correct thing is to encourage these morons to stop thinking of Facebook as something everyone should and does use.

    * I do have a vested interest here as someone who has never had a FB account.

    1. AndrueC Silver badge
      Facepalm

      I don't have, never have had nor do I want a Facebook account. If that makes me appear to the authorities to be suspicious then I'd suggest that the authorities are not fit for purpose.

      1. Doctor Syntax Silver badge

        " I'd suggest that the authorities are not fit for purpose."

        We're pretty sure they aren't anyway.

    2. Roger Greenwood

      These are my facebook details and if you don't like them then I have others. (Groucho Marx 1933)

      1. nzdev

        The fake name / DoB approach only works if you use a dedicated email for FB. If you use your FB email for anything else there's a good chance a third-party will upload your real details using the Custom Audience API.

    3. Anonymous Coward
      Anonymous Coward

      That makes no sense except this part which is worth acting on, now that we have GDPR:

      'Journalist Wendy Grossman pointed out that data downloads from Facebook ONLY include information that people have given directly.'...

      So just to be clear, in the 'Facebook Download Data' option: 1. There's no Shadow-Profile info! 2. No data on Offline-Tracking of Users! 3. No clues about FB info blended with data from 3rd-party data brokers... 4. No Online or Offline FB tracking revelations regarding Non-Users! 5. Medical / Patient data?

      1. nzdev

        Re: That makes no sense except this part which is worth acting on, now that we have GDPR:

        This isn't entirely true; the data download now includes a list entitled

        “Advertisers who’ve uploaded a contact list with your information. Advertisers who run ads using a contact list they’ve uploaded which includes contact info that you’ve shared with them or with one of their data partners”

        The scary thing is, when I looked at this list prior to deleting my account, it included my bank.

        1. Anonymous Coward
          Anonymous Coward

          'The scary thing is'

          .....“Advertisers who’ve uploaded a contact list with your information.'.....

          That's a very small part of Shadow Profile scraping that has only recently been disclosed (2017 in our area). It has barely any of the true high-value user info (User 'Likes' / Real Address / Phone, Job / School info etc). However, the truly scary part is, Facebook is assembling this info anyway. How? As you hinted at, they're taking Telco CRM data and pairing it with email / phone / address as a match to every possible Facebook user account...

          In my household that kind of personal info never ever existed on there - ever! Facebook didn't have it! So what's going on here? My guess: Facebook are extrapolating users who are friends / family in the general area and backing out of it, the likely 'secondary' or real email / phone / physical address used by that same user using highly-accurate Telco user databases.

          Scary! We since closed our Facebook accounts. Instagram was never used. Can't escape WhatsApp. Its needed for a new job (first time registered). But its on a throw away SIM on a dedicated phone. All personal contacts are on secondary phone that only uses Signal. But its ridiculous you have to go to these lengths!

          1. Anonymous Coward
            Anonymous Coward

            Re: 'The scary thing is'

            "As you hinted at, they're taking Telco CRM data and pairing it with email / phone / address as a match to every possible Facebook user account..."

            That tallies with the offers of a 50% top up when I next put funds onto my PAYG phone, but only if I do that reload at a train station ticket machine.

    4. Anonymous Coward
      Anonymous Coward

      I don't know why people keep exaggerating the importance of Facebook. For a reasonable definition of "use", only about half the UK population uses Facebook.

      It's unclear how "use" should be defined. There are two big classes of not-quite-users I can think of: there are people who had an account and once used it in the intended fashion but haven't done anything with it in ages; and there are bogus accounts under a false name with no personal information attached which are perhaps used quite frequently but not in the intended fashion, not as "social media". (An example would be creating a temporary account to access a particular service or discussion group. I've done that a few times.)

      1. JohnFen Silver badge

        "There are two big classes of not-quite-users I can think of"

        You missed two -- one is people who have friends or relatives that have FB accounts and mention you or post pictures including you. The other is anyone who uses the web and does not block Facebook's trackers.

    5. werdsmith Silver badge

      "getting people off Facebook isn't a terribly good idea because not being able to volunteer a social media profile can make someone the subject of suspicion in countries such as the US"

      Yes, there are some governments who fear people who think.

    6. nematoad Silver badge
      Mushroom

      "... not being able to volunteer a social media profile can make someone the subject of suspicion in countries such as the US."

      It's a good job then that I have absolutely no intention of visiting the USA. Alternatively they might try the only "social media" account I have ever had and checkout Friends-reunited. Good luck with that!

    7. LDS Silver badge

      "not being able to volunteer a social media profile can make someone the subject of suspicion"

      Is only me who finds it really worrying and truly scaring? Or is this just how FB spin doctors are working in the dark to avoid to lose many users guinea pigs?

      "Mandatory" Facebook? It looks "the Circle" could actually be a prophetic book of Doom....

      1. JohnFen Silver badge

        Re: "not being able to volunteer a social media profile can make someone the subject of suspicion"

        " It looks "the Circle" could actually be a prophetic book of Doom...."

        The Circle is Zuckerberg's wet dream and the ultimate goal of Facebook.

    8. Zog_but_not_the_first Silver badge
      Devil

      @iron

      "getting people off Facebook isn't a terribly good idea because not being able to volunteer a social media profile can make someone the subject of suspicion in countries such as the US"

      That this is insanity is obvious. Has anyone run into problems from not having an account?

      1. Bernard M. Orwell Silver badge

        Re: @iron

        "That this is insanity is obvious. Has anyone run into problems from not having an account?"

        If you're travelling to the US regularly, and you don't have an account, I'd be wary of pissing someone off who knows you or working for a company that has a less than stellar reputation. There's always the chance that someone will create a facebook profile in your name, with a smattering of details and pictures, and then link it to all sorts of anti-US or extremist sites etc.

        It might be hard to convince the morons in the US that not having a social media profile is not a crime, but I bet it'd be way harder to convince them that all those twitter, facebook and linked-in connections aren't really you.

        Whilst I am a facebook user, regularly, (seeded with misinformation and carefully curated to avoid brain-cell losing nonsense), I have created various other accounts on various other platforms to prevent someone hijacking my identity on them.

        I find it most irritating that I have to do that, but better safe than sorry?

        1. Anonymous Coward
          Anonymous Coward

          'The scary thing is'

          .....“Advertisers who’ve uploaded a contact list with your information.'.....

          There is no way to UNDO this process or Delete your real address/name from Facebook. You can block Ad targeting related to Telco / Bank CRM uploads. But you cannot stop Facebook from churning the info and storing yet even more DERIVED Shadow-Profile data from it. Data that you or me will never see.

          None of that is in the Download-Data option. In other words you cannot stop Zuk from having your real address, real phone, real active email. He will get it eventually from the unholy alliance of CRM database uploads, user volunteered posts & pm's, 'ugly-truth' related derived data, plus Experian data brokers etc.

          You can't fake this game unless you're a Scammer using fake info when interacting with financial firms. All of this juicy data goes to credit reference agencies. Facebook said its halting 3rd Party advertisers access to Experian etc. Zuk didn't say they're going to stop trading this data themselves, because they're not.

          That's why Max Schrems / NOYB is going to be so important to shining a light on these 'dark' data 'cockroach-like' practices. Zuckerberg gets to star as King-roach obviously, using the work of the Stasi as a useful instruction bible. Whatever he's got planned next should scare everybody, as he's not retiring!

          And yes the bad 90's Bullock movie 'The Net' is now reality. People's real-world profile will get tangled up with someone else's faked or real digital personas. Even just transiting through US airports. So what now? Avoid US, go elsewhere. That's I do! But how long till UK/Auz et al start doing the same thing?

    9. HieronymusBloggs Silver badge

      "I do have a vested interest here as someone who has never had a FB account."

      Same here. I expect the Facebook employees who downvoted your post will react similarly to mine.

    10. Mark 85 Silver badge

      Facebook as ID or character reference....

      She argued that getting people off Facebook isn't a terribly good idea because not being able to volunteer a social media profile can make someone the subject of suspicion in countries such as the US.

      This says quite a lot about the mentality of people and governments in general. FB isn't a form of ID or character reference that I'm aware of (or at least is shouldn't be). If someone regards my not having nor ever visiting FB as suspicious than who has the real problem? I'm suspecting that certain agencies have staff are getting lazy as FB is just such easy pickings. I'm still awaiting the 1984 type of "5 minute hate" sessions that are mandatory.

  3. Anonymous Coward
    Anonymous Coward

    I recall a case a few years ago where the Home Office was aware that a large number of Poles had come into the country, but had lost track of where they were. The solution was to ask Tesco for data about volume of sales for Polish food products. Locations of stores where sales of these had gone up gave a reasonable indication of where those people had gone to.

    1. Anonymous Coward
      Anonymous Coward

      <citation please>

    2. Elmer Phud Silver badge

      Poles apart

      Round here Tesco does Polish stuff but there are also several Polish shops that give far better service.

      Demographics have always been collected by Tesco, as the local Jewish population got older and moved out (or up) there was an influx of Asian families and Tesco suddenly had decent rice at a decent price. For a while, though, if you wanted Scotch Bonnet chillies you'd have to go either west to Tesco Neasden or east to Tesco Tottenham.

  4. Salestard

    They does

    Some years back had the dubious pleasure of sitting through a presentation by Tesco Clubcard - they were a major customer of my company, managed within my sales team. Usual account manager was on hols, so my boss went and dragged me along.

    Part of the way through, chap from said evil empire asks for a volunteer clubcard number. Just the number. My boss duly obliged.

    Clubcard member number entered into system right in front of everyone.

    Tesco bod duly reels off the following information about her - Name. Age. Gender. Address. Usual store, and a few other completely innocuous bits.

    Pause.

    Then details the age and gender of her two kids, age of husband, husband's probably occupation, favourite foods, usual payday, preferred brands, ABC marketing category, political persuasion, level of education, and a load of other information

    He also said he could tell if she was trying for a third child (no, I don't know either), her menstrual cycle (obvious), and would then know if/when she was pregnant.

    It alarmed me just how much personal information you give away from your shopping habits. The deeply troubling bit was the barely restrained glee that Tescos exhibited at having this kind of data at their disposal, to flog you even more tat from the Buy N Large empire.

    Even more worrying - this was seven years ago. Can any of us honestly expect that data to have remained uncompromised in that time?

    1. Anonymous Coward
      Anonymous Coward

      Re: They does

      Trying for a child would be the purchase of folic acid I would assume. Not surprised at other info though I'm not sure how they would get political persuasion unless they look at store location and elected officials and cross checked that with sales.

      1. Anonymous Coward
        Joke

        Re: They does

        " I'm not sure how they would get political persuasion"

        Olives & Daily Mail = Conservative

        Chips and Daily Mirror = Labour

        Fags, Lager and Union Jack merchandise = UKIP

        Organic and "Super-foods" = Green

        Excessive time trying to find something = LibDem?

        1. Anonymous Coward
          Anonymous Coward

          Re: They does

          The one example I was quoted some years ago was Croissants from Waitrose = turn out target for ****

          And yes that specific and yes that's a real quote from the party in question but use case was encouraging only probable supporters to vote during turn out campaigns.

          Pre GDPR and some years ago.

        2. Dodgy Geezer Silver badge

          Re: They does

          Blue food colouring and sticky gold stars - EU Remainers

          Shortbread and whisky - SNP

          Whiskey, Guinness and potatoes - DUP....

      2. Salestard

        Re: They does

        I think this was assumptive data based on marketing category (ABC1 type), location, and god knows what else cross referenced back to your constituency.

        Thus, a middle aged woman with two kids and husband living in Guildford who fills up her Audi A6 once a week is likely to a different political outlook from a young woman with one child living in Tower Hamlets is likely to be different to the retired woman living in Taunton... (For example)

        Quite what Tesco needed that kind of data for is a another matter entirely...

      3. Joe Harrison Silver badge

        Re: They does

        not sure how they would get political persuasion

        There must be more people like me who haven't got a political persuasion (because they're all equally crap) or do have but it changes from day to day (depending on what stupid thing Party X did yesterday.)

        It could be quite handy if I were to ask Tesco what my political persuasion actually was, if I had a card.

      4. Whitter
        Coat

        not sure how they would get political persuasion

        Maybe just "Do you buy the Daily Mail" ?

      5. Roj Blake Silver badge

        Re: not sure how they would get political persuasion

        If you buy a newspaper there, that would be a reasonable indicator.

      6. Anonymous Coward
        Anonymous Coward

        Re: They does

        "Trying for a child would be the purchase of folic acid I would assume. "

        And here was me wondering why after so many posts no one ever considered the purchasing of pregnancy tests and ovulation guides to be a pretty decent sign.

      7. Bernard M. Orwell Silver badge

        Re: They does

        "I'm not sure how they would get political persuasion "

        Believe it or not, the products you buy can provide indicators of your probable political persuasion. Do you buy sustainable products or frozen ready meals? Cheap alcohol or expensive spirits? Certain newspapers or magazines? All of this and more can puff up that all-important profile...

        Here's one of many studies on that very subject examining the purchase of GMO products and political preferences.

        www.mdpi.com/2071-1050/3/9/1555/pdf

    2. AndrueC Silver badge
      Facepalm

      Re: They does

      A couple of years ago amongst my latest vouchers from Tesco was one for babies nappies. Given that I've been living the bachelor life my entire adult life I'm not sure what that says about their data gathering abilities.

      1. Eclectic Man

        Re: They does

        Had you suddenly stopped buying condoms 9 months previously?

    3. teknopaul Bronze badge

      Re: They does

      Quite hard to hide the fact that you are pregnant for seven years.

    4. David Nash Silver badge

      Re: They does

      Most of this is guessed/inferred, not actually known. Payday? Unless they are looking at my bank account there's no way they would know that. No, I don't have a Tesco bank account but I do have their credit card, the timing of spending and billing of which is entirely unrelated to when I get paid, as is my shopping.

      Occupation/husband's occupation? Not sure how my supermarket shop could give this away, unless you buy a specific magazine for that occupation (how many of those are there?)

      My guess is that Tesco and the others have a lot of semi-accurate and some completely inaccurate information about people.

      1. JohnFen Silver badge

        Re: They does

        "My guess is that Tesco and the others have a lot of semi-accurate and some completely inaccurate information about people."

        Tesco probably does what most other slurpy companies do: they combine the data they directly connect with data from other commercial sources such as credit reporting agencies, etc. This is what Big Data is all about. You shouldn't think that what a company learns directly from you is the only stuff the company knows. It isn't.

        1. Anonymous Coward
          Anonymous Coward

          Re: They does

          "This is what Big Data is all about. You shouldn't think that what a company learns directly from you is the only stuff the company knows. It isn't."

          The truth is that it's all up for sale, probably including your browsing history as seen by your ISP.

      2. Adam 52 Silver badge

        Re: They does

        "Occupation/husband's occupation? Not sure how my supermarket shop could give this away, unless you buy a specific magazine for that occupation (how many of those are there?)"

        Like JohnFen says, they buy that bit in. From somewhere like here:

        http://www.experian.co.uk/marketing-services/solutions/targeting/consumer-data.html

  5. Eclectic Man

    Design of systems

    According to the good Dr. Levy "We need to design systems that fail in predictable and safe ways. "

    Not really a surprise, but some way of actually doing it would be nice. Computer systems with literally millions of lines of code running on processors with literally millions of transistors are virtually impossible to analyse in detail to see how they will fail (and 'prove' in some way that they will fail safely and gracefully).

    I wonder whether he'll be telling us all how he thinks it can be done in the next few years.

    Re: Tesco - they only know that I do not shop with them, unless they've hacked into the Sainsbury's Nectar Points system, in which case I am undone!

    1. Anonymous Coward
      Anonymous Coward

      Re: Design of systems

      "Sainsbury's Nectar Points system"

      But shared with plenty of others:

      https://en.wikipedia.org/wiki/Nectar_loyalty_card#Members

  6. Harry Stottle

    The Real Threat is State Seizure of Corporate Surveillance Data

    I made the same point about the Tesco's hold on your personal data in my "Datastophe" blog back in 2007. But I also made the point that it is nowhere near as sensitive (or valuable) as the Data (then, recently) "mislaid" by the HMRC (see same blog)

    I didn't make the point then which I do nowadays. Governments are - universally - the biggest bullies in the playground. The only reason we need to tolerate them at all is that, when they work remotely like they're supposed to, they help protect us from the other, lesser, bullies.

    But increasingly, they are a) hoovering up increasing volumes of our personal data, either illegally, or only legally after a hasty adjustment to their laws and b) increasing abusing that data against the citizenry either to suppress dissidence or to exert social control.

    The excess hoovering now routinely includes their self appointed "right" to demand our private data from the likes of Tescos (or ISPs, or Banks etc etc) and THAT is the principle reason we should now object to "corporate surveillance"; the mandatory right of the State to add it to their own ballooning collection.

    Ultimately, of course the only credible protection against State abuse is going to be solving the problem of Accountability Theatre. I'm hopeful that may be closer than you might think...

    1. steelpillow Silver badge
      Holmes

      Re: The Real Threat is State Seizure of Corporate Surveillance Data

      Not really

      "the only credible protection against State abuse"

      is democracy and transparency.

      The UK government has a modicum of both and is broadly improving over time.

      Frankly I'd rather see my data in their hands than in those of the dot-coms. Just how much democracy and transparency do those dirty little moneygrubbers aspire to?

      1. David Nash Silver badge

        Re: The Real Threat is State Seizure of Corporate Surveillance Data

        "Frankly I'd rather see my data in their hands than in those of the dot-coms. Just how much democracy and transparency do those dirty little moneygrubbers aspire to?"

        But the point has been made several times that the dot-coms don't have the power nor the ulterior motives of governments in this regard. They just want your money, as has always been the case, even Arkwright's corner store knew plenty about his customers and their habits, but again, only to sell them stuff.

        1. JohnFen Silver badge

          Re: The Real Threat is State Seizure of Corporate Surveillance Data

          "But the point has been made several times that the dot-coms don't have the power nor the ulterior motives of governments in this regard."

          It has, but I find that point to be entirely unpersuasive.

          1. Anonymous Coward
            Anonymous Coward

            Re: The Real Threat is State Seizure of Corporate Surveillance Data

            "But the point has been made several times that the dot-coms don't have the power nor the ulterior motives of governments in this regard."

            "It has, but I find that point to be entirely unpersuasive."

            Have a look at what debt collectors in connection with Telcos and ISPs are up to.

            They are deliberately manufacturing debt and then using analytics to identify low spots in your life when you are likely to cough up.

            1. Bernard M. Orwell Silver badge

              Re: The Real Threat is State Seizure of Corporate Surveillance Data

              "They are deliberately manufacturing debt and then using analytics to identify low spots in your life when you are likely to cough up."

              Interesting. Got any links or citations?

      2. Anonymous Coward
        Anonymous Coward

        Re: The Real Threat is State Seizure of Corporate Surveillance Data

        > Frankly I'd rather see my data in [the government's] hands

        You know that in Germany, a country that worships efficiency, that is forbidden by the constitution? Could you possibly guess why?

  7. Anonymous Coward
    Anonymous Coward

    "Tesco probably knows more about me than GCHQ"

    But of course if you become of interest to GCHQ, I'd imagine that they can probably get hold of any extant Tesco data without too much trouble.

    1. Hans Neeson-Bumpsadese Silver badge

      Re: "Tesco probably knows more about me than GCHQ"

      But of course if you become of interest to GCHQ, I'd imagine that they can probably get hold of any extant Tesco data without too much trouble.

      Almost certainly - every little helps.

    2. Multivac

      Re: "Tesco probably knows more about me than GCHQ"

      Yeah, and any bank account info, like every time you use your cash card to withdraw cash from the hole in the wall outside Tesco's! So now they know when you go to Tesco they can check the CCTV to watch you and monitor the till to see what you buy. You should get a ClubCard to make life easier for them, they'll appreciate it when they're giving you the rubber glove treatment, an extra squirt of KY can make all the difference!

    3. Anonymous Coward
      Anonymous Coward

      Re: "Tesco probably knows more about me than GCHQ"

      If GCHQ request data from Tesco I wonder how much they'd actually get. If it's anything like my grocery delivery, half of it would be substituted with a load of guff bearing little relation to what was asked for.

  8. spold Bronze badge

    Of course law enforcement and GCHQ can obtain all your Tesco card data, and share it with the US.

    If you have been buying backpacks, pressure cookers, and burner phones recently that trip to Disneyland might not be as much fun as you hoped...

    You have purchased so many cans of beans recently you are obviously a terrorist planning a methane explosion...

    1. rmason Silver badge

      @Spold

      Oddly enough this was being discussed yesterday. I can't find links other than the s*n so here's some outfit I've never heard of:

      https://www.standardrepublic.com/politics/politics-police-and-mi5-shall-be-alerted-to-suspicious-purchases-like-vans-and-chemical-substances-extra-rapidly-below-plan-to-go-away-no-protected-areas-for-terrorism/

      Sajid confirming Mi5 et al will be alerted to "suspicious purchases, like vans".

      Vans. Suspicious purchases. Almost like they don't live in the real world, isn't it?

      Good luck to all those tradespeople who need both a van *and* some sort of hazardous chemical! It's watchlist time.

  9. SVV Silver badge

    "From personalised ads to personalised warfare?"

    And the difference is?

    I know corporate land has been giddy with data slurping and analysis for years now, with a rather careless attitude to privacy and security, but have they really not yet woken up to the fact that any bad consequences for their customers constitute a real and serious threat to their own existence? It'll be the Facebook-only-worse scandals that will harm them, far more than regulation such as GDPR. They are going to have to be the ones that will have to decide to clean up the masses of toxic data before they get poisoned by it, but they won't until either they or a competitor are the first to croak because of it.

  10. Potemkine! Silver badge
    Black Helicopters

    If TESCO knows, then NSA knows and by proxy GCHQ knows also

    1. Fat_Tony

      'Tesco probably knows more about me than GCHQ': Infosec boffins on surveillance capitalism

      "If TESCO knows, then NSA knows and by proxy GCHQ knows also"

      and so too will other agencies such as the Welsh Ambulance Service, Scottish Food Safety Agency, Morpeth Otter Preservation League, etc thanks to the Investigatory Powers Act too

  11. MJI Silver badge

    Loyalty cards

    Hopefully Tesco will see I have stopped buying tractor juice and will drop the price to the same as Sainsburys.

    With Tesco and Nectar.

    Very simple

    If I do not want them to know what I buy I don't use it.

    I suppose it may be embarrasing for ready meal buyers, or caged egg buyers, or people who buy really rubbish lager (I mean US not the cheap French stuff). But I buy non embarrassing things so don't care.

    But I get decent discounts and once had £90 off Nectar from a huge Ebuyer purchase.

    Just think, how can MJI buys beef mince off the butchers counter be used for anything but special offers for more beef mince off butchers counter?

  12. Anonymous Coward
    Anonymous Coward

    Tesco / Big Brother?

    A few years back I moved house and neglected to tell Tesco since I rarely shopped there.

    About 6 months afterwards I used my clubcard in a store near my new place for the first time and all of a sudden I started to get my Clubcard statements to my new address. I hadn't left a forwarding address with my old place, or set up any fancy redirects with the Post Office...

    there was probably a perfectly reasonable explanation but it was a bit freaky.

  13. Anonymous Coward
    Anonymous Coward

    We are all crims in the eyes Americas government

    > She argued that getting people off Facebook isn't a terribly good idea

    > because not being able to volunteer a social media profile can make

    > someone the subject of suspicion in countries such as the US.

    Land of the free?

  14. HolySchmoley

    "The growing use of IT technologies"

    Information Technology Technologies?

    You could've saved 12 letters and a space.

  15. GrumpyKiwi Silver badge
    Flame

    Tesco Drones on

    Ah yes, it was only last year that Tesco send one of their drones armed with Hellfire missiles to attack the house of David Parker who had betrayed his loyalty card and shopped at the Waitrose instead.

    And who can forget all those times the Tesco SWAT teams have smashed in the doors of people's houses at 3:00am to conduct a search for non-Tesco branded marmalade?

    When GCHQ screws up it means 'collateral damage', full-body cavity searches and/or ineptly run police raids. Tesco's screw ups mean that maybe the wrong products are placed by the checkout. You are forced by law to contribute to the costs of running GCHQ. You can chose whether to shop at Tesco's or elsewhere without any consequence whatsoever.

    One of these is not in any way equivalent to the other.

    1. Roj Blake Silver badge

      Re: Tesco Drones on

      According to the documentary series Time Trumpet, it could happen:

      https://www.youtube.com/watch?v=lfSi0D7KESk

  16. Snowy
    Mushroom

    Utter garbage!

    <quote>She argued that getting people off Facebook isn't a terribly good idea because not being able to volunteer a social media profile can make someone the subject of suspicion in countries such as the US.</quote>

    Seeing that most people do not have a Facebook account, I find the idea of not being able to volunteer a social media profile can make someone the subject of suspicion in countries such as the US to be utter garbage.

    1. Charles 9 Silver badge

      Re: Utter garbage!

      Are you sure about that? Some places I go, most people DO have Facebook accounts because they don't have mailboxes, have inconsistent signals, and have strong social pressure to stay in touch. No Facebook? You might as well be walking on the Sun.

    2. Tannin

      Re: Utter garbage!

      Since when did the fact that an idea is utter garbage make the slightest difference to an American in an airport with a gun and a uniform?

    3. rmason Silver badge

      Re: Utter garbage!

      @Snowy

      Most people you know don't have facebook.

      That's not representative of the population. *Most* people have facebook.

      It's not utter garbage, TSA can and do demand your social media info to check your profiles/posts. Telling them you don't have any, immediately makes you more suspect, not less so.

  17. Mystic Megabyte Silver badge
    Stop

    How Tesco rips you off

    On a rack of identically packaged nuts, all the same "organic" brown colour. One pack is £1.99 or, according to the sign, "Any two for £3". But when you get to the checkout and get charged £3.98 you discover that "Any two" actually means "Any two of the same sort of nut."

    Fecking scammers! Avoid Tesco if at all possible.

    P.S. Also identical SD cards priced at £18 in Tesco are available for £12 elsewhere

  18. Anonymous Coward
    Trollface

    'Tesco probably knows more about me than GCHQ'

    Maybe.. but I very doubt that Tesco are going to send arm thugs around to your house in the middle of the night for wrong think, or the ownership of a right-wing pug.

  19. Anonymous Coward
    Anonymous Coward

    "She argued that getting people off Facebook isn't a terribly good idea"

    "[...] because not being able to volunteer a social media profile can make someone the subject of suspicion in countries such as the US."

    Right.

    "This makes leaving Facebook problematic for mainstream consumers."

    I see, thank you for your valuable insight Ms Grossman.

    In other news, I told the doctor my left foot hurts when I stand up. He told me not to stand up.

  20. EnviableOne Bronze badge

    What TESCO Know

    Tesco are a huge conglomerate, They have operations in much of the world, and investments in many

    Theses are some of the brands you may know:

    Bookers

    Londis

    Dudgens

    Dunhumby

    Onestop

    Dillons

    Day & Nite

    Budgens

    Londis

    Euro Shopper

    Premier Stores

    outside of this they have fingures in many pies and access to insurance, finance and telcoms data, they have holdings in fuel and ventures with Esso. at one point in the 1990s 48p in every £1 spent on the UK Highstreet was spent at TESCO, they still hold 27% of the UK Grocery Market giving them an effective monopoly

    FYI(Sainsbury and ASDA have approximatley 16% each and Morrisons has 10%, ALDI, Co-Op, Waitrose and lidl all have about 5%)

  21. Dodgy Geezer Silver badge

    Tesco knows...

    ..."Tesco probably knows more about me than GCHQ," as one delegate put it....

    Then perhaps we should convert the Doughnut into a hyper-store for Cheltenham, and have highly cleared Tesco employees intercepting and breaking North Korean codes...?

    As an aside, people might wish to note that SIS (US equivalent - CIA) looks after human spying on other countries, while GCHQ (US equivalent - NSA) looks after the interception and decipherment of telecommunications.

    The Security Service (who don't like to be known by their initials) are meant to address other countries attempts to run their equivalent of the SIS. But since the Cold War finished, they have decided to pretend that anyone unhappy with the government MUST be in the pay of the Russians, or some other Axis of Evil place.... Much like the AVH, the Stasi, the KGB, the NKVD....

  22. Tom Paine Silver badge

    They don't make Sir Humphreys like they used to

    But Ian Levy, technical director of the National Cyber Security centre, the defensive arm of GCHQ, argued that there have been hundreds of SMB vulnerabilities and hacks over the years, and the Eternal Blue exploit abused by WannaCry was just another.

    (my emphasis)

    What a lame bit of fallacious rhetorical logic.The issue with ETERNALBLUE wasn't the vuln it exploited, it was that it was a nicely weaponised reliable exploit for multiple target OS versions.I roll my eyes a bit at the knee-jerk "Western military-surveillance state leaks cyber-weapon that destroys the world" hype from the usual sort of suspects, but there IS a scandal there. It's not that TAO exists, or have exploits and frameworks and whatnot, it's that they got socialed. (And possibly externally hacked as well, IDK)

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019