Google Wallet: the End of Anonymous Shopping

jfruhlinger writes "Google today announced Google Wallet, an NFC-based payment system that will allow people to pay for purchases just by waving their phone across a reader. It's the beginning of a future where commercial transactions are 'frictionless' and convenient — but it's a future where every transaction can be tracked and data-mined, as Dan Tynan points out. Stores can user information about your Doritos purchases to rearrange their wares; Google could push coupons via its new Google Offers service; your health insurance company might be interested in your sodium intake."

Hyperbole

[Sonny+Yatsen]

C'mon, Google Wallet is the end of anonymous shopping? No, if you don't want to be tracked by Google Wallet, just don't use Google Wallet. If you want to stay anonymous, use cash.

And wear a hat.
And gloves.
And a fake mustache.

Re:Hyperbole

[pushing-robot]

Also, credit cards, debit cards and checks claim prior art.

Re:Hyperbole

[Intron]

Fine until everyone requires some tracked form of payment. Try using cash to buy an airline ticket, for example. See you when you get out.

Re:Hyperbole

[somersault]

I was going to mod you Underrated, but instead I'd just like to say that whoever wrote the article is dumb as shit. And not that high grade shit.

Re:Hyperbole

[pushing-robot]

Um, OK.

Re:Hyperbole

[Stunning+Tard]

BitCoins! I have no idea what they have to do with the current discussion, just throwing it out there.

Re:Hyperbole

Fuck that, they'll just go to Experian.

Experian? Who are they? Yeah, if you don't know about Experian, you don't understand privacy today.

See, Experian is, to the public, a credit rating agency. So they just so happen to collect all your credit card data, loan information, and so forth. Fancy that!

But it gets better.

See, they also collect all that loyalty card data that you believe is so difficult to acquire... among *many* other things. They then correlate the data up, package it, and sell it to whomever wants it. Traditionally this has been direct mail marketers, among other things.

And the breadth of the metrics available? Astounding. People who purchase that data know if your fucking car lease is about to expire or not.

So trust me when I say, Google Wallet is nothing. The privacy horse ran out of the barn a long long time ago.

Re:Hyperbole

[tftp]

It's not like I can Google "nschubach bought ? on Tuesday" and get a full report.

Why don't you try that query yourself? I did. Congratulations with your purchase of '04 Silver RX8 - G/T Package - 6 Spd. MT in June 2004. It was probably nice weather then in Schaumburg, IL. Is there anything else you'd like to announce to the whole world? Google doesn't need to do a thing here, other than to collect what people willingly reveal about themselves.

With regard to my own username, it is short and common (as in RFC 783). Besides, I don't reuse usernames. The only way one can associate my posts across multiple sites is by writing style.

Re:Hyperbole

[geekoid]

No it didn't.
The stores track all the information right now. Your names, what you buy. Every piece of data they can. So if you are not using cash, they already have that information.

They only need to go to financial institutions if they want your bank information.

This is also in conjunction with a financial institution, just like you CC/DC.

How hard to you really think it is to correlate the data currently?

If you are marketing to a large demographic, you need to contact maybe a dozen chain.
If you are looking for a specific person? same thing.
There will be some outliers, but they wont' really be relevant.

If it's to issue out a court order, then the process is already in place to make it trivial.
You've taken a days work and turned it into 4 hours work.

What you, and I, and everyone need t do is constantly put pressure on our Representatives to get basic protection.

Re:Hyperbole

[icebraining]

We're called "Europeans".

Re:Hyperbole

[tftp]

I don't live in Schaumburg anymore. So that's terribly relevant information for someone trying to sell me something when I live two states away now. ;)

That would be only marginally true. You are interested in these cars, and you even had one - so this bit of information is quite valuable, especially if it can be datamined without the expense of owning dealerships and keeping records.

And that would be completely untrue with regard to protecting your anonymity - if, for example, the government is after you. The IP address is history; probably nobody can figure out who it was given to 7 years ago. However Schaumburg is a small town (about 75,000?) - how many cars of this make and model were sold to residents there? Probably not more than a few; and these records stay forever.

I'm probably not sufficiently paranoid to worry too much about such things (and obviously neither are you) - but from purely technical point of view a lot of information was leaked, and that information can be exploited by anyone who cares. This is something to be concerned about if you discuss your ownership of expensive cars, firearms, or other stuff that is in high demand. You don't want to reveal ownership and location at the same time.

Re:Hyperbole

[cayenne8]

I'll just stick with the old tried and true method.

Cash....until they stop printing and accepting that, I'll be happily anonymous in my purchases.

If on the rare occasion of using a customer card to get a discount...well, that one says I'm a 98 year old hispanic lady named Chang, that is from Sweden.

I'm sure the shopping habits associated with that account are kinda looking skewed....

Re:Hyperbole

I did work for Experian for over a decade in the division responsible for all those credit card offers you get in the mail. The amount of data Experian has on over 300 million people contained in their File One database is staggering. They can and do aggregate mountains of personal financial information from every conceivable source that is used to calculate thousands of different behavioral "attributes" and credit scores at the behest of banks, credit unions, insurance companies, collection agencies, government agencies, and so forth. It's their primary revenue generator that brings in billions every year. Experian was scarily nonchalant about the security of all this data too, with much of it floating around in easily steal able, unencrypted csv and flat files that are regularly sent overseas where much of the database manipulation work has been offshored.

This article and is about 15 years behind the times and Google Wallet is amateur-ville in comparison with what's already out there.

How the hell is this different from credit cards?

[Kuukai]

Aside from being run by Google?

BitCoin

[Scottingham]

There's always BitCoin.....

Re:BitCoin

[betterunixthanunix]

...or a digital cash system that is backed by something. You know, if we are going to use computers to issue payments at stores, we might as well use a digital cash protocol, and if we are going to continue relying on banks and large corporations to underwrite these transactions, then we should use a digital cash system that is backed by $country's currency. You go to the bank, pay them dollars for digital cash tokens, and then use your phone to make the payments. Bitcoin's effort to revolutionize the global economic system is not really relevant here, we just need a method of payment using computers that does not allow people to raid our bank accounts or steal our identities.

Re:BitCoin

[geekoid]

I wrote Smart Card software in 95 that did this same thing in Zambia.

IN fact, it was initially written so the merchant could put money on and off the card. So they could pay their employees. Of course that means the bank is out of the loop, so we removed that feature pretty quickly.

Re:BitCoin

[tftp]

I'm not a futurist, and there are certainly threats to BitCoin from other established internet exchangers, but I think it's got potential

It got no potential, and for one very simple reason: common people today can't earn this "currency." It is very difficult to generate bitcoins - so difficult that it is impractical, unless you invest into a GPU farm. Of course you can buy bitcoins, but why would anyone do that?

The inability to earn bitcoins creates an ever-growing chasm between early adopters (and inventors, who minted mountains of bitcoins in the early days of the project) and today's people who need to task their computer to work for days, weeks or months (wasting energy that costs real money) to generate one bitcoin.

The numbers of early adopters are fixed - that phase has already happened, and by definition there were only few players. The numbers of the late refuseniks are growing, and ultimately the whole population of the planet (modulo the first group) will be in their ranks.

The refuseniks are justifying their refusal to use bitcoins by a very simple fact that the coin has variable exchange value to different groups of people. Early adopters got it for free. Late adopters need 100 kWh to generate one.

This is not the case with gold or most of other currencies. The miner had to work $n hours to mine $m grams of gold. The baker had to work $k hours to buy $m grams of gold from the miner. The ratio $k/$n is the difference in risk and hardships and all that that forms the difference between occupations. The baker can become a miner if he thinks the grass is greener there, and the other way around (if the miner breaks a leg and can't do the mining job anymore.) But the late user of bitcoins can't go back in time and become a bitcoin miner.

This factor alone will be sufficient to create a backlash against bitcoins, and that backlash will be serious enough to kill the idea. At this point, though, bitcoins are simply ignored as a raw deal, a pyramid scheme that they are.

Re:How the hell is this different from credit card

[blueg3]

Well, you see, when it comes to patents, people are offended that adding but it's online or but with a computer or but in the cloud makes something qualify as a new idea.

When it comes to things that could involve gathering data, adding but now Google is doing it makes it new and outrageous.

Rogue group announces alternative to Google wallet

[billlava]

Certain renegade elements of the consumer sector are considering switching to alternate methods of payment in retaliation against Google's proprietary monetary transaction system. "Basically the plan is to exchange small rectangular pieces of green paper in exchange for all debts, public and private," said one proponent of this new monetary system. When asked how his purchasing history would be tracked, indexed, and made available to advertisers in order to better serve him, he responded, "That's kind of the point."

More on this story, and new developments that indicate water may be wetter than once thought, at 11.

Re:How the hell is this different from credit card

[DogDude]

It costs the merchant more. It won't be implemented widely in the US, considering that Google's fees are higher than American Express.

Shit Slashdot, OK, I guess I'll explain...

[VortexCortex]

How is this different from credit cards?

Simple:
A traditional credit card has raised digits and other information on the card itself -- It is not very secure. When you hand your credit card over to the waiter/waitress they can easily snap a pic with their camera phone and sell that data for $2 (wholesale) online.

A magnetic strip bearing credit card has the above insecurities, plus a convenient stripe that can be used to input the information into a computer -- Fake "clone" cards can be created that have the same magnetic signature as your card, and actually, the mag stripe lessens security by giving the clerk a false sense that the card is legit. The clerks don't care anyhow, it's not their money -- As a test I actually use a cloned card printed with the name "Sir Thievey Thiefterson III" and always sign my name as: "This card is Stolen" on all receipts; It's been four years, and still only eight times has my ID been asked for -- at which time I tip the cashier and use my real card.

A near field credit card works via RFID. RFID is not secure. It has no concept of a secret internal state and a challenge response system to authenticate that single (and only that single) transaction. It simply responds to query, any query, with your card info. Once again, we're putting the insecure data that's printed on the outside of the card into a more conveniently readable format, but this time it can also easily be scanned by malicious persons from several hundred feet away by using a Pringles can to shape their antenna's emissions.

None of these data exchange formats have the concept of a secret internal state and a challenge response system to authenticate that single (and only that single) transaction. It takes a computation capable device to provide public key encryption. We solved the problem a long time ago with public / private key pairs -- Google Wallet is a technology that finally uses the solution to the problem of identity theft via "public" card information dissemination. The device and/or application containing the private key (the key itself, even) can itself be locked/unlocked with a pass-phrase.

Note that this is not absolutely secure -- nothing is -- however, it is leaps and bounds more secure than the current dumb "hey here's a plain-text number to get my money" credit card system.

As for traceability -- It's no more traceable than the credit card system, true. It could be made more private by using something in the vein of Bitcoin (there I said it), since it has over a hundred unique account tokens for a given wallet. However, you would need an intermediary to process the transactions on your behalf, and trust them with your identity -- I'm looking at you Google.

In short: The Current Bullshit CC system is Broken as Hell! This is a step in the right direction, get on board or have your identity stolen like a dumbass.

P.S. In 2001 my wallet was stolen from my locker while I was clearing a jam from a trash compactor. I canceled my cards & entire bank account, got new checks & cards, and STILL was fraudulently charged $557.00 via the old canceled bank card three weeks later -- Wells Fargo doesn't care if I followed their security guidelines to the letter and have written proof of such -- they don't care if their agents were the ones that fucked up and didn't take the stolen card off of my name, and it ended up linked to my new account: It's not their money, they don't care (I still "owe" them this money since I refuse to pay for others' mistakes, also, credit reporting companies don't care either).

P.P.S. Cash is still the most secure, but carrying a lot of it is arguably not (Yes, I have been robbed at gunpoint after cashing a large check -- if I had digitally transferred the funds, I would not have lost the money).

Your's truly,
A FOSS Hacker that grew up in the ghettos of H-Town.

Re:Shit Slashdot, OK, I guess I'll explain...

[cdrguru]

You must have done something to piss someone off. While it sounds like this was an ATM card where limits don't apply - or at least didn't until recently - I have never heard of anyone losing out on lost or stolen cards.

Of course, mostly that is dealing with credit cards, not debit/ATM cards where it is in the bank's interest to push as much liability onto you as possible. With credit cards it is always the merchant that loses out.

This is something to keep in mind. With a credit card there are four agents involved - the card holder, the person using the number to steal, the merchant and the credit card company. Nobody ever loses except the merchant. With a debit card there are only three agents: the bank, the cardholder and the thief. Of course the thief never loses but it is absolutely in the bank's interest to put all of the problems onto the cardholder. Which they do as much as possible every time.

So if you buy a meal in a resturant with a credit card and the number is sold (which it will, sooner or later) the merchant that takes it loses. It is a minor inconvenience to you the cardholder. But if you use a debit card they can get every time in your account, overdraft it and keep on taking. The bank will push it all back on you saying you were careless or somehow else at fault.

So remind me again why anyone would ever use a debit card?

No confirmation step

[zhiwenchong]

What puzzles me is that there is no confirmation step required in these contactless payment systems.
When I buy stuff with my chip-based debit or credit card, I'm asked to enter a PIN. Else, I have to physically swipe the card to ensure there is no ambiguity as to whether or not I meant to pay with my card of choice.

With a contactless system, I could be wanting to pay with my credit card, but if I accidentally held my cell phone too close to the reader, it would debit the amount from my phone instead of my card. Why can't there be a screen that pops-up on the phone that says "Touch button to confirm payment"? This seems to me to be a major design flaw.

Re:It's final: "New" isn't necessarily "better"

[CaseCrash]

Don't wait, switch to cash. They won't be able to track you as easily (not that you probably matter or that they care) and also it'll mean you can't get into debt. Credit is the devil. Never had a credit card, never will. Can't afford it, don't buy it. It's worked great for me for years.

Re:My girlfriend thinks I'm paranoid

[Archangel+Michael]

You are. Either that or your a "them", which might be worse ;)

Re:How the hell is this different from credit card

[MozeeToby]

This kind of system offers significantly better security than CCs.

If the system is designed well the stores you visit will never see your financial information (and never have an opportunity to lose it). Encrypt the account information on the phone with a psuedo-random number that is generated every 60s (along the lines of SecureID), send the encrypted data to the store, the store forwards that encrypted string, along with the amount of purchase to the payment server, the server responds back with a simple 'approve/deny' response. This also applies to card skimmers, if someone skims your account details, they're valid for 60s or less.

The system can also be password protected, or even biometricly protected if you really wanted to make things easy; which is better than I've heard of CCs being able to do.

Re:Different then a credit card... how?

[canajin56]

Well, a credit card terminal just gets a total from the register. TFA is assuming that Google will demand and require that all cash registers tell the Google Wallet terminal every single item being purchased! And in case they're wrong, watch how easily it is to back peddle! "You're right, they don't examine what's being bought....yet." It's a classic move, but stick with what works I say.

FTA is absolutely mentally retarded. Lets take a quote. "The store, for example, could aggregate that information to determine that a lot of people are buying Modelo and Doritos at the same time, and may display them closer together inside the store. Or it may determine the demand for Modelo and Doritos spikes after 11 pm and institute variable pricing, charging more for it in the wee hours than it does in the afternoon." Does this retard think that if you pay cash, the cashier is obligated to sell "under the table" and not use the cash register? Cash registers already record what's being bought. And big shock here, but CASH registers are used even for CASH purchases. What total and complete idiot wrote this pile of garbage?

In the off chance someone wants facts

[geekoid]

http://www.google.com/wallet/how-it-works-security.html

For Grid's Sake!

[Jane+Q.+Public]

Sheesh, people. Stop worrying about about all the silly little things. If you don't want your grocery store collecting information on you, use fake information when you sign up for your card like I do! Problem solved.

There's a bigger issue at stake here, but I haven't seen anyone else mention it yet.

Have you heard of Michael's? The nationwide craft store? Thieves managed to swap out 90 separate credit card readers without anybody knowing, in Michael's stores around the country. They've been snarfing credit card data for quite a while.

With NFC, the thieves will have a field day! They don't even need to swap out readers; just stick your sniffer's antenna somewhere close enough to read the NFC transaction. What do you want to bet that passive receiving can be done from a couple of feet away? Then they just sniff the transaction and away they go.

What's that you say? Secure communication? Hahahaha.

There isn't a major credit card system in existence in the world today that hasn't been hacked at one time or other, and most of those "bugs" just got whitewashed over, not really fixed. Hell, it didn't take long at all to hack the "unique, secure" id from RFID tags and clone them.

The probability that somebody will find a serious vulnerability in the system is close to 1. Combine that with reading from a distance, and it will be a free-for-all.

This is such an outrageously bad idea, I can hardly sit still and not yell at people about it. I have already berated one software company for planning to support NFC in its apps.