📆 November 16, 2020 | ⏱️ 9 minutes read | 🏷️ computing

Avoiding Consumer Surveillance

The Age of Surveillance

We live in the age of surveillance capitalism. Intimate data about us is collected, bought and sold for profit and social control. Intermediaries like banks, payment companies, credit card companies and governments have unprecedented access into our private lives through our purchases. This level of surveillance is tyrannical. Mass surveillance is dangerous to the health of democracy and must be stopped. Big Brother should not know what we buy. In this post, I’m going to talk about how we avoid consumer surveillance. In a future post, I’ll talk about anonymous online shopping and some promising software projects that could be a more permanent remedy to consumer surveillance. Ultimately, there is going to have to be political action to curtail surveillance, not just new technology. But until there is increased awareness of mass surveillance and real political action against it occurs, all we can hope to do is avoid the surveillance. So here’s how you do that.

Always Pay Cash

This is the golden rule. To avoid surveillance, you should always pay in cash. Never use a credit or debit card. Never use Google Pay, Apple Pay, Cash App, Samsung Pay, Paypal, Circle Pay, Venmo, Square Cash, Zelle, Facebook Messenger, or any other payment app. Reject online shopping unless you can remain anonymous. Don’t shop at Amazon, Ebay, or other online marketplaces that require you to identify yourself. Is always paying in cash inconvenient? Maybe. That depends on how reliant you are on online shopping. Is it possible? Definitely. Is it worth it? Absolutely. Paying cash even once helps resist surveillance. Even though Big Brother would love to see a cashless society where all your purchases are fully transparent, we aren’t in that dystopian nightmare yet. If a merchant refuses to accept your cash, then find another merchant that will take cash. You’ll be anonymous and you’ll create economic pressure against a cashless society. If the story ended there, I’d just end this post now. But it’s not that easy.

Avoid Disloyalty Programs

Paying in cash is necessary but not sufficient for anonymous purchases. Just because you pay in cash doesn’t mean you’re anonymous. Retailers have come up with clever ways to trick you into deanonymizing yourself even when you pay cash. They’re called loyalty programs. Here’s how their dirty scheme works: An “operator” asks you if you’re already signed up for the rewards program. If you say no, they ask you if you want to sign up. If you agree, then they begin asking you for personally identifying information about yourself like your name, address, and phone number. Things they have absolutely no business knowing that are irrelevant to the transaction you’re performing. Once you cough up your information, they give you a rewards card, otherwise known as a points card, advantage card, or club card. On all your future purchases, you use your loyalty card and earn “points” which gives you future discounts and deals. The catch is they link all your purchases with your identity and then sell that data to data brokers. I call them disloyalty cards because you’re being disloyal to your fellow citizens by tacitly approving of consumer surveillance. Disloyalty programs are only loyal to Big Brother. Every time you use them, you make it harder for other people to reject them. You’re voting for surveillance with your money. Others that don’t submit themselves to the unjust surveillance may have to pay fees of up to 10% for not being signed up. See Sam’s Club.

Even if the disloyalty program doesn’t require you to give any personal information to sign up, it can still be used to link your purchases together. When your “buyer profile” gets sold and combined with other data, it’s trivially easy to deanonymize your purchases. Let’s say you sign up for a disloyalty card that doesn’t require giving your personal information. The items purchased and time and date of purchase are all linked on your disloyalty card. Useless information on its own. But then the supermarket you buy from sells your “buyer profile” to Goolag who compares your location history from your phone to the disloyalty card data. The supermarket has 3,000 customers that use a disloyalty card, but only 1 customer has a location history that matches the times and dates that the card made purchases. That’s you. And just like that, your purchases are deanonymized. But you’re clever. You turn your phone off before you go to the store. Doesn’t matter. Goolag correlates the time at which your phone turns off with the time of the purchases. You’re deanonymized again. Let’s say you don’t even have a mobile phone. Doesn’t matter. You drive a car to the supermarket. A private automatic license plate reader company records your license plate number as you drive to the store and sells that data to Goolag. Goolag correlates your driving times with the card purchase times and now all your purchases going back years are deanonymized. So you walk to the supermarket with your disloyalty card instead of driving. That won’t help you either. AI-powered facial recognition cameras all over the supermarket identify you and the times you’re there. The company that makes those cameras sells that data to Goolag. Goolag correlates the times again and your purchases are deanonymized. So you go to a different supermarket with a different disloyalty card. You don’t have a phone. You walk there. There are no surveillance cameras inside. How could you possibly be deanonymized now? Your bandwidth usage on your home network is low while you’re gone at the store. Your ISP sells this data to Goolag who correlates it with your card and you’re deanonymized again.

Just pay a little extra to avoid the disloyalty card. Refusing disloyalty cards also protects the anonymity of others. If you use a disloyalty card, then you might shrink the anonymity set of others not using a card. Whether others have consumer privacy is not your choice to make. You won’t get the discount but so what? At least everything you buy won’t be in a searchable database.

Don’t Identify Yourself to Merchants

Some places of business won’t offer you a disloyalty card, but they will ask for personally identifiable information (PII) like your name and phone number. The crux of the problem with consumer surveillance is identifying yourself to the merchant. Never identify yourself. Yes, disloyalty cards identify you. All payment methods besides cash identify you. But also giving any information about yourself that gets put into a computer system identifies you. If the merchant demands you identify yourself during a purchase where you would not otherwise be identified, then don’t do it.

However, it makes more sense to use a credit or debit card for airline tickets and car rentals because they demand ID anyway. I would still recommend paying cash that way your bank and credit card company don’t automatically see that you rented a car, the make and model, where and when you rented it and how much it costed. Sure you’re already identifying yourself to the rental company. Your purchase is already being recorded in a database, but you can still minimize the number of databases it’s stored in by paying cash. At least all your identified purchases won’t be in a single centralized database that’s easy to get at. They’ll have to be aggregated by data brokers first. So I’m going to reiterate the golden rule: always pay cash.

Resisting Intrusive Surveillance

Despite always paying cash and never explicitly identifying yourself, big retailers can still identify you through more intrusive means of surveillance. I’ve already hinted at this in talking about disloyalty programs.

Facial Recognition Technology

Surveillance cameras combined with facial recognition technology can uniquely identify you and the items you buy. The best way to combat this is to find smaller stores that don’t have surveillance cameras. It’s also not a bad idea to let the store owner or management know you choose their store over big retailers because they offer more privacy. If that’s not practical for you, then be sure to wear a mask in the big retailers and a hat that covers your face from overhead cameras. One of the few good things that has come from Covid-19 is that it’s now socially acceptable to wear masks inside stores. Wearing a mask simultaneously makes you harder to identify by facial recognition technology and prevents the spread of Coronavirus.

There are other ways you can be deanonymized through video surveillance besides facial recognition, but there’s not much you can do about them. For that reason, I’m not going to cover them. Just know that they exist and that they have to be addressed through political action, not personal choices.

Wi-Fi Location Tracking

The other way that big retailers have become more invasive is through Wi-Fi location tracking of your smartphone. Your phone emits Wi-Fi signals to determine which wireless networks are available nearby. The person operating the retailer’s Wi-Fi network can use those signals to track your movements within the store. It’s profitable to collect your movement data, so you should assume that retailers are doing it. Your phone also has a MAC address which can uniquely identify you, especially if your phone doesn’t randomize it. Other wireless protocols that you leave activated on your phone might also be able to be misused by the retailer to track your movements. To avoid location tracking altogether, you can fully power down your phone before you enter the store. If that isn’t good enough for you, another option is placing your phone inside a Faraday bag. Be sure to test it out before you use it though.

Anonymous Online Shopping

We have grown accustomed to the luxury of having whatever we want show up at our doorstep with the click of a button. It’s hard to say no when you’ve gotten so used to it. For those who really don’t want to give up online shopping, I’m going to write a guide on how to anonymously buy and sell goods online. There’s a few different methods for 100% anonymous online shopping. Some of them get very involved, so I’m going to save all the details for another post. See ya next time!