Slashdot Mirror
A Data Scientist Visits The Magic Kingdom, Sans Privacy
An anonymous reader writes "MailChimp Chief Data Scientist [John Foreman] is at Disney World this weekend wearing his RFID-equipped MagicBand. Here's how he thinks the practice of digitally tracking consumers in the physical world will reach everywhere from theme parks to our homes." Foreman's conclusion (and headline) — shades of Scott McNeally's famous "Get over it" — is "You don't want your privacy." That seems to miss the mark, at least for me: I don't mind parceling out certain kinds of information (like whether I like to buy decaf at Starbucks, or how long the wait is to ride Space Mountain), in contexts of my own choosing, but that's much different from being snooped on by the NSA or other state actors in other contexts.
I do value my privacy and its people like you selling it down the river for a cup of cofffee
It is called Down and Out in the Magic Kingdom. Cory Doctorow already figured it all out.
AnimePapers.org: Anime Wallpapers Handled With Care
Even if you don't care today, others are using data mining techniques to learn from those innocuous facts.
They know that coffee beans are decaffeinated using chemicals that cause cancer, and if they correlate that to an increased risk in cancer, they might increase your health insurance rates. And because people who drink decaf are statistically less alert and therefore more likely to get into car accidents than coffee drinkers, they're going to raise your car insurance rates, too.
Everybody has something to hide, even if the facts don't seem relevant to your well being today.
John
I hereby invite you to move into this transparent glass house. Everyone can see exactly what you do at all times, and there are cameras in every room (including inside the toilet) streaming live to millions of paying customers 24/7. If you don't have anything to hide, you will not mind moving into this house of mine.
But of course, you won't. You will be upset that I would suggest such an absurd thing. And yet you have "nothing to hide".
[From a longer rant about banks (:-)]
Imagine all files and programs on my phone have labels on them. My banking programs has one label that says "The Bank", while another says "David Collier-Brown". The files it creates have the same labels, and no program can read them unless it has both. The banking program will send careful selected information to programs that have just my label on them. This happens to include my printer and email programs, so I can email or print my bank statements and holdings. It can send much more to the bank itself, labelled with both the bank and my name. Let's call these labels (M & B), for me and the bank. When written to files, the labels take the form of public/private key pairs. That allows the program to send encrypted files to the bank over ordinary insecure networks without anyone being able to read them.
Disney has a label, too, and I can share what I like with them. and not with some chap with an evil plot to make use of Dave-and-Disney information
--dave
davecb@spamcop.net
It's when you let yourself be classified as "consumer" -- one who can be made to buy whatever the "producers" want you to buy.
Stop thinking of yourself that way, and you start to see that you have few rights left, and need to fight long and hard to regain some of what you lost. This is different from saying "give up already", for the choice is yours. But the road's going to be long and hard, and the longer you wait to get on it, the longer and harder it will get. So, someday it'll be "fight now or give up forever", yes, and that day might be closer than you'd care to think about.
Sure, Foreman knows something about some tech-related stuff, but in the big picture
Foreman is such a myopic idiot that he doesn't grasp how repugnant being tracked is
for a large number of humans.
Of course anyone who would choose to take children to Disney World instead of
to an experience which involved nature obviously has some skewed priorities, so it
doesn't make sense to expect much from this Foreman character, who frankly in his article
sounds more than a bit like a child in the body of an adult.
I bet the marketeer is some kid that got trained playing Rollercoaster tycoon 3 and now can do that al in a "real"(but fabricated) world.
Fuck the rat. If you want to be a camp follower visiting its shrines, whatever.
The Magic Kingdom is private property. You have no right to privacy there, sans not being filmed while using the bathroom.
And no, you aren't paying to ride the rides or other crap, you're paying to the potential to ride the rides, no guarantees.
The whole point to this alleged research was take a vacation, ride the rides, write about it. Then write the whole thing off on taxes.
The "Get over it" link is broken; extraneous characters at the beginning.
What would you expect someone who works as a data scientist for a company which does mass mailing say? Sure, Mail Chimp isn't a spamming service (through requiring double-opt-in) but a central part of its service is including trackers in e-mail to check if you're opening it.
I'd be more dubious if it was a data scientist from doubleclick, but not necessary much more.
And his problem is with the RFID badge? Is this for real?
Imagine all files and programs on my phone have labels on them.
There are that sort of thing, eg android sandboxes. However the problem is that when an application is installed it asks for access to more things than it rightly needs. End users just install it, without really being aware what the new application can do.
What if "bonus cards" become so prevalent not using them equals a significant added % on top of everything and you simply can't afford it?
What if they become so prevalent that most companies can afford to make them mandatory?
What if you live in a small town and the few stores left all belong to chains that do so?
I completely agree with a lot of the comments. Privacy, Tracking, Spying, Monitoring are BIG SERIOUS problems in the world today (and have been for al long time!) It's important that we fight this to the end and ensure the privacy, security of our lives, data and personal identities.
In the UK we use that sort of technology to tag petty criminals. Nice to know how the mouse views me!
A lot of coffee is decaffeinated by water (Swiss water process).
Check it out, it is actually dihydrogen monoxide, a chemical known for causing thousands of deaths worldwide.
__
Men with no respect for life must never be allowed to control the ultimate instruments of death.
GW Bu
...except for me and my monkey! :)
And what the fuck gives him the right to decide what I value?
Can I go park my car on his driveway and tell him he doesn't value the space?
Fuck you, I do.
Technically I was describing "MAC", mandatory access control. We used to have it, I even sysadmined it, but a three-letter organization seems to have decided no-one would want such a thing...
davecb@spamcop.net
Here's a radical idea...
Rather than the consumer wearing the RFID chip, the consumer instead carries the RFID reader to find out what the merchant is offering.
The consumer doesn't radiate anything, and the merchant radiates the information the consumer might be interested in (or not...).
This puts the control back into the consumer's hands. As it should be.
MailChimp sounds like a company that I'll go out of my way to avoid. Seems that their chief data scientist should have run this by their chief privacy officer before he slapped his companies name on it.
"spied on by the NSA or other state actors..."
Seriously? He must be a whole hell of alot more interesting than the majority of us.
He may not, but i do.
---- Booth was a patriot ----
I went down to Disney just a few weeks ago.. and, to be honest, it would be awesome if the MagicBands actually worked. You have to be 1-2mm away from the reader for the readers to even attempt to get the data off the band.. and most times it just doesn't work and the cast members had to get the numbers from the back of the bands manually. So much for "Magic". Very frustrating. I was envisioning something more seamless.
Neuter Mickey Mouse! That way the rat will get fat and stop screwing around tracking patrons in the theme parks. Here's a simple formula Disney: Make the lines shorter by limiting access or improve the capacity of the rides and then you won't need to track your patrons, leaving them the fuck alone to enjoy their time in your overpriced bullshit!
Harrison's Postulate - "For every action there is an equal and opposite criticism"
I too don't really mind that Starbucks sees that I prefer fizzy drinks and chocolate brownies when I am with my coffee drinking friends. But I don't want them sharing that data with anyone. The best privacy law would be that you have 3 options when dealing with a company. 1 That they only use your data for internal purposes (No "trusted" third parties) 2. That they do with your data as they want. 3. That they destroy your data or at least anything that an information scientist could use to identify you (except for your preference) down to the minimum data required to do business with you. Also the companies could not offer discounts or charge extra depending on your preference. Lastly # 1 is the default option.
So looking at option 3 I would include information rich companies such as CC or phone companies. So with either of them they would be able to record what phone calls you made over the last month, Bill you, give you 30 days to dispute the charges, and then forget anything about you except that you are a customer and owe a certain amount. They wouldn't even be able to see what they billed you 5 months ago let alone who you called. Yes it is nice for the phone company to be able to look at their old records to figure out what they could sell you but that doesn't benefit me. That is stealing information from me. They would still have the information in aggregate so they could see that people 20% more each month and thus they should increase their capacity accordingly.
The same with things like EZPass, the power company, the water company, even the police handing out tickets. The moment I pay the ticket there is no reason for them to specifically remember that I got a parking ticket on the corner of South and Main. They could remember that someone did get a ticket, just not who.
Where you know everything about your customers, down to the amount of money in their pockets. Then you start to put them in strange places, make them pay for toilet when they're sick, raise prices when some rich people are around..
To my understanding the MagicBand has two RFID components. One is long range, battery powered, and is used for tracking a person in the parks. My understanding is they use the data to see where crowds go, what's popular during different times of day on which days, and when there's too much of a crowd, they'll put out distractions to get the crowd to move. The other chip is for short range stuff like room key, purchase transactions, and FastPass. This one can be read by a NFC reader and everything but the serial number is encrypted. Here's the thing, it's a privately owned theme park that can dictate within reason what goes on in their park. Don't like it, don't go and patronize. Simple as that.
I've read on a Disney enthusiast that people up in arms saying they'd be putting foil around their bands and honestly I don't know why they're paying Disney to go to the park if they don't like it. What people need to be up in arms about is the dwindling of our freedoms and the abuses of the law by our (US) government. No, people may get a little grouchy, but they just put up with it and let is slide. A private company with their private property doing something to better their product and people flip a shit when they have a choice to not participate.
There are times when transhumanists cause me to wax seriously nostalgic, for that magical bygone era, when society's answer to potentially extinction-inducing abominations, was to build a large, blazing pile of logs, and place the freak of nature in question, exactly at the center of it.
In most cases of course, when Muslims indulge in this type of behaviour, I consider it as barbaric and uncivilised as anyone else, but for some reason I'm willing to make an exception where transhumanism is concerned. There's just something about human/machine integration, and the erosion of privacy and control of our basic biological functions as a result, that causes me to want to reach for a torch and pitchfork.
Doesn't matter what industry. It's all about that your information, aka your privacy.
It's funny how ya'll say Starbucks is OK while the NSA is NOT OK. You opt-in to Starbucks as a consumer. You opt-in to the US Gov't as a citizen. It either makes me conclude that:
a. how people like consumerism more than participating in gov't as a citizen, /. using it as a forum for propaganda... and it's still data exploitation -- I mean, it's a fact that countries compete too. and if the US gov't has an advantage (aka spying power), well I'm sure there's some jealously involved... You can't deny that, even with all the moral, so called 'right', justifications.
or
b. it goes to shows how many non-US folks are on
We all have agendas like it or not, just that sometimes they are the same..... and sometimes different. /. does have smack talk... it's all still info exploitation.
Is that a dictionary URL?
There is good metadata - corporations wanting to plan factory expansion, public interest, new business models, loyal customers, etc.
There is bad metadata - molding public interest, tagging individuals as miscreants, tracking life altering circumstances. The modern version of ambulance chasing, blood sucking lawyers.
If you situate yourself in the middle of the Bell Curve, you are uninteresting as an individual. Anonymity rides near the peak of the curve. Tagging an individual without their permission, no matter how benign, is evil. There should be laws for people to request their data be erased from private databases.
We went down recently and got the Magic Bands. Disney uses them in five ways:
1. Ticket into the park
2. "Fast pass+" for some rides in the park
3. Purchases (with a pin, if your card is tied in)
4. Room access if staying on resort.
5. Photo pass (photos shot by in park employees)
In most cases, these are actions that for >95% of us would be tied to our credit card transaction. Even the old paper fast passes would have been tied to your park ticket (which is probably tied to your credit card).
The photo pass is one that previously was not tied to your credit card in any way. You would take pictures and get a code, if you never bought the code or tied the code to your online disney account they would not have your picture. But I am sure Disney has plenty of CCD in place and could tie in your entering the park to a picture if they wanted.
I really doubt they are tracking people in the park. Their RFID sensors stink! You have to orient the band just right to get the RFID close to the sensor. You have to hold it still and sometimes swipe two or three times. I doubt they are long range scanning your RFID in the park without your knowledge.
Also, you only get three of the new fast pass+ "experiences" in the park each day. So they really will only see you in three spots. For them, this stuff is probably more useful for load leveling than privacy invasion.
BTW, problems with the system have been all over the place. Disney invested almost a billion in it and they were considering dropping it, but it worked pretty well for us.
So in summary, if you are skeevy about this at Disney World, pay cash or use gift cards to buy your tickets.
"You don't want your privacy."
That is my decision to make, not yours.
If Scott doesn't want his privacy, fine with me, I don't care. But whether or not I want mine is not his call. That's the basic, simple in-your-face fact that everyone in these pro- and contra-privacy discussions seems to be missing.
Assorted stuff I do sometimes: Lemuria.org
I'd like to dig through all the Disney archives. After all, corporations are people too (a la John Kerry) so no secrets right? If corporations think we should all just 'get over it', let them lead the way by giving us open access to their IP, Copywritten materials, etc.
You are exactly correct. Disney can do whatever they want with Disney's property, and tracking people who use their property. Fair enough. I can see the benefits, to both Disney and patrons.
So long as Disney only uses that data for Disney's purposes within the confines of Disney's property, it's all well and good.
The problem is we've been taught by other companies (eg. online advertisers) that our data is not private, and WILL be sold to third parties with absolutely no consent on our part. Can we trust Disney not to do this? We can't really know.
~REZ~ #43301. Who'd fake being me anyway?
You do realize that the MAC subsystem for Linux came from the very organization your claiming 'took it away' from you ... Right?
Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
You guys argue that people who have insurance should pay their premiums in proportion to how likely they are to use it. You consider that the fairest possible payment system. However, if you take that to its logical conclusion, you should only charge people who actually end up using it. So you should go ahead and eliminate insurance altogether, and you have the fairest model possible: only people who get into car accidents pay the costs, only people who get sick pay medical costs, only people who get robbed suffer their losses.
The entire point of insurance is to make the payment unfair in order to diminish the payment by spreading the risk among everyone. You agree to pay something, even though you hope to never have to cash in on the insurance, so that if you do have to cash in, everybody else who doesn't need to cash in subsidizes you, and you pay less.
The proper pricing model for insurance is based on percentage chance of using it. Do you have a 5% chance of using insurance? Then you should pay 5% plus profit margin in premiums.
Does someone who smokes have a higher chance of using insurance, and paying more for medical care? Yes? Ok, charge them more.
Does someone who has genes for issue X -- and lets say that they are active, expressed genes -- have a higher chance of using insurance and paying more for medical care? Yes? Ok, so ...
Now we get into the first set of tricky questions. You can choose to smoke or not. You can't choose your genes. Do we penalize people for some things that they cannot control?
And why did we look at gene X -- there are hundreds of thousands of issues with genes. Potentially, every protein that can fold in more than one shape, or that can be generated in multiple slightly variant sequences could turn out to affect disease -- yet we only have some of them analized. Does it make sense to say "We know you are worse because of X, we don't know about Y, so we're giving you penalty for X, but not giving you a discount for Y"?
And who decides to study X and not Y? Is there a correlation between european genes vs african genes? "Race is only skin deep" is false -- the people who migrated out of africa did get different genes as a result. Should we not give penalties to people who have lost the malaria protection in their blood?
That last question is deliberately loaded, deliberately phrased. If you didn't understand it: The same sickle cell that gives you protection against malaria from mosquitoes also causes anemia from a lack of oxygen in other situations. How do you tell what's the benefit or the penalty?
And I haven't even gotten to the statistical abuse of several "different" issues that actually overlap to the point that you are double- or triple- surcharging for what is really a single issue.
Insurance pricing is not nearly as clear-cut as people want to make it seem.
Simple example: Under the affordable health care act, the stated goal is to get enough young, healthy people signed up to cover the costs of insuring the elderly. So the stated goal is to have younger people overpay -- pay higher than the expected usage costs -- to reduce the costs charged to older people.
Fairness? Charging people less for being healthy? How do you determine healthy? How do you determine fairness? Why do you deliberately overcharge group A to subsidize group B? Why permit this on age? How do you prevent it from being racial in disguise as soon as you look at genes?
This topic was on privacy. So where's the line?
If I want my genes to be private, and out of the insurance company, why not?
If I want my actions to be private, and out of the insurance company, why not?
===
Car insurance companies finally seem to have the right model. You can get a discount if you voluntarily reveal your driving habits, but you don't have to if you don't want to.
Now, all we need is what I understand to be existing conversion law. That data is provided to you only for the purpose of calculating my insurance, and any other use is in violation of the law.
I think the privacy debate misses something: we only have privacy rights inside our own homes. If we want privacy out of our home, we need to sign confidentiality agreements with those who can record or learn information about us or from us. For example, I don't have the right to refuse to be candidly photographed in the street or inside a shop, because it's a public place and the photographer's right to freedom of speech is triumphant over my non-existent right to privacy and they can publish and sell the photo. Somebody could camp out of your home and take photos of you every morning whenever you open the door and post them on Facebook. To enjoy privacy, you have to actively protect it (by staying within your own property with the windows closed), otherwise it's like you give away your privacy to the world. Similarly, we cannot refuse to be tracked in public places if somebody develops technology that could track us wherever we go. We can always refuse to go to places that track us.
Please note that MAC is turned off in SELinux (;-))
Joking aside, the NSA helped write the specs of secure systems, and certified a number, including Multics (B2) and Trusted Solaris (B1 workstation), both of which I used. That they've now decided that confidentiality is a bad idea doesn't mean they didn't care about it, back when it was their own government that was the main customer.
Imagine the fun of being a politician in a country where your security service spies on you. Imagine if the security service is headed by a inveterate collector of dossiers named J. Edgar Hoover. Disney and the Bank are pikers compared the the problems the US has!
--dave
davecb@spamcop.net