Some interesting potential uses of personal information if you sign and accept t&c using the new stern android/ios app.

https://sternpinball.com/privacy-policy/?utm_source=Klaviyo&utm_medium=email&utm_campaign=Email%20%231

A shortlist of favorites:

Internet or other electronic network activity information – this may include browsing history, search history, and information regarding an individual’s interaction with an internet website, application, or advertisement.

Additional categories of personal information described in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)) – this may include signature, physical characteristics or description, state identification card number, insurance policy card number, and other financial information, medical information, and health insurance information.

My brother in law sells the very systems(hardware and software) that track your advertising id (along with your Mac address, Bluetooth address, iemi, etc). If you are interested, I can demonstrate some of these tools for you.

Look to the automakers and reporting to insurance companies for how this has turned out. No chance stern would do anything like collect your phone gps data, speed, location and sell it to a broker or aggregator that results in higher rates (not to mention profiting off of your data).

https://www.nytimes.com/2024/03/11/technology/carmakers-driver-tracking-insurance.html

Before this became public knowledge we have been using LexisNexis to see potential employee driving habits for quite a while now (among many other things)... and it isn't just the automakers reporting this data, they are the first to be caught with their pants down.

Are they in the wrong? No. They have no obligation to tell you this goes to credit reporting agencies and data aggregators like LexisNexis. The end user gave permission for that data to be shared with third parties.

But hey, be dismissive of something insidious working it's way into pinball (and to every other area of life).

It's not a website - check my first post, it is an iOS and Android application.

Also, accessing a website on your phone is precisely how you authorize scraping of data. Visit defcon and expand your mind.

Pearls before swine and all.

Was obviously meant to shed light on a problem, currently present in other areas of life, but making it's way into pinball now.

But the simplest thing, which is the very tip of what is available, is to jump on to LexisNexis here:

https://consumer.risk.lexisnexis.com/request

The above is what you have available to you as a consumer. There are powerful risk management tools most of the public is unaware (and has no means to access and no ability pull/delete or otherwise take ownership of the data from).

And for those that do not have a subscription to the times:

https://www.eff.org/deeplinks/2024/03/how-figure-out-what-your-car-knows-about-you-and-opt-out-sharing-when-you-can

It's a single example (and a true cargument) but your data is valuable - tracking pixels, cookies, and tags ... we give up information that in turn is brokered for a profit.

What would be reassuring is if stern explicitly stated in their policy that they would not broker your private information and would only disclose to law enforcement if necessary. Instead, they include all of the same information in t&c/privacy policy (because it is probably boilerplate language) that allowed the major auto manufacturers to sell data which was weaponized against drivers by auto insurance companies.

Is stern specifically going to do this? I wouldn't think so.

I just thought most would read through the privacy policy and permissions you agree to and have a similar reaction of surprise... not ambivalence.

Well, you missed that this was not about the web based insider connect (which still has t&c / privacy policy) and was about ios and android apps. You doubled down that there is nothing to see here.

The above supports the allegory used (though maybe meanspirited so sorry for that, really I could've simply said it different).

So, let me break the allegory down since it was misconstrued. Pearls = knowledge or something of value, swine = persons that disregard or dismiss, as if to trample underfoot without regard (I assumed most have heard of this allegory).

It isn't calling you swine. It is, however, stating the obvious - you know better and what I have to say, or what security/privacy experts have to say does not matter.

https://www.nytimes.com/interactive/2019/06/14/opinion/bluetooth-wireless-tracking-privacy.html

Sorry for a potential paywall again. This isn't some far fetched conspiracy, my relative makes a living from selling both hardware and software (as well as the advertising space) that powers the above. It is in use, we all have an advertising profile built and our information is powering profits that we only marginally benefit from.

TikTok violated Google's policy before and collected (and linked) the unique MAC address of devices with advertising ID and other personally identifying data. Nobody cared (or knew?) until COPA was enacted.

Amazon specifically lays out the following for developers: "When available, you must use the Advertising ID over any other ID. Do not use other unique identifiers (e.g. Android ID, MAC address, IMEI, IP address) or analysis techniques such as “fingerprinting” to build user profiles for advertising purposes or to show users interest-based ads."

So, learning and storing people's mac addresses (and other unique hardware identifiers)? Yes, they do it.

You don't have to be connected to a Wi-Fi network either. Without going into depth, your wifi is on, your unique MAC is broadcast to the world as part of probe requests initiated by your device when scanning for available Wi-Fi networks (something some phones and OS let you turn off but really, who does, especially if you didnt even know this was possible).

See flipper zero for fun with all the invisible bits and bytes flying around your head.

So, as a direct contradiction to your statement, hardware addresses are unique and unless turned off, they broadcast (MAC for wifi, Bluetooth address, and IEMI for cell). Companies take this data and "data analytics" makes meaningful use of it.

Again, if you want to truly understand and learn the level of every day tracking (and our lack of privacy) Defcon is a good source. EFF is a good source. However, you can read about it from some of the biggest sources like Amazon or Google - they all create products and try to regulate use of these personally identifiable bits of information.

The cargument I gave is a contemporary example where less than transparent things were occuring in the background that were not explicitly permitted or prohibited.

Selling/Sharing Personal Information

"Stern does not sell your personal information and does not share your personal information for cross-contextual behavioral advertising purposes."

It can be read as they won't sell it, ever. It may also be read that they won't sell it for cross-contextual behavioral advertising. A period or semicolon after "data" would leave no wiggle room.

It is also mentioned they may share collected information under Merger, Sale, or Other Asset Transfers heading. Any of the aforementioned negate the above if they really meant they won't sell your data, period.

Again, is it likely? No. Do they have the ability to maneuver and share data with third parties, yes.

Am I reading really far into this and assuming the worst from a private corporation? Yes. See the tiktok example above (no different than Stern's app being installed with similar privacy policy language and a complete lack of respect for said language).

Again, sorry for being rude before, I really didn't mean to be, but I am just trying to help inform, it is relevant and important. Especially when there are measures you can take to gain as much control back as possible.

https://defcon.org/
https://eff.org
https://cdt.org/area-of-focus/privacy-data/
https://fpf.org/cornerstone-issues/
https://www.worldprivacyforum.org/

Not conspiracy, just expand your scope a little and learn (plus defcon goes into the nitty gritty of how all these things actually work).

https://www.ftc.gov/policy/advocacy-research/tech-at-ftc/2023/03/lurking-beneath-surface-hidden-impacts-pixel-tracking

From the nefarious to greedy corporations (along with maybe less than competent mean-wells that don't understand how this technology works - see the recent firebase issue with google) granular detail can be learned about you through the simple web browser.

This isn't fanciful or science fiction. Some stuff we agree to by way of commission, some ommision and other aspects you seriously have no control or recourse.

These are real world examples. service A subcontracts to service B (a third party) - A says they won't share or sell anything other than to share with B to improve services. B on the other hand never had you agree to anything, it is the end user's responsinility to contact B and read their privacy policy.

Also, look to Google for their example how they don't sell your data but monetize from it (and most reading how rtb/AdSense/admob work would agree it is selling your private data):
https://www.eff.org/deeplinks/2020/03/google-says-it-doesnt-sell-your-data-heres-how-company-shares-monetizes-and

There is a class action suit for the above practice right now. https://www.sfchronicle.com/news/article/Google-sued-for-selling-user-data-despite-claims-16157167.php

https://www.cpmlegal.com/media/news/15082__1_%202021-05-05%20Class%20Action%20Complaint.pdf

Read more how this all works:
https://themarkup.org/the-breakdown/2021/09/02/what-does-it-actually-mean-when-a-company-says-we-do-not-sell-your-data

Yeah, you have to pay for access to the NYT. I still subscribe for the news that's fit to print.

VPN / wireguard is only a small part of the solution. If you never learned about the technique of fingerprinting, all your VPN does is obfuscate your IP address and (hopefully) ensure https connections through and through. A VPN does not block the functionality of cookies, pixels, and tags.

Here is a very basic facts and myths of VPNs:
https://www.howtogeek.com/753661/vpn-myths-debunked-what-vpns-can-and-cannot-do/

None of the links provided are nefarious and all are reputable. If you had an issue, it is common practice for some services to block known subnets associated with VPNs. Our organization blocks all associated major players from access (like Nord and IPVanish).

So, I'm trying to help others do what you advocate - use your brain. This is beyond "big brother" - this is your privacy, your data and your loss.

This thread will stay right here. The moderators feel it is relevant to pinball since it is growing increasingly interconnected. When is more knowledge ever a bad thing? Ignorance is not bliss.

You should read through some news articles and form your own opinion.

There was controversy brave is a scam. I do not think so but draw your own conclusions. Another alternative is FOSS browser.

the websites here can send you along a path to help minimize how much companies take advantage and profit from you. Minimize, not eliminate.

See the class action against Google. Also, reference the European efforts now to eliminate RTB from the EU as violation of GDPR and how, even under current structure, data brokers can violate the spirit of GDPR without running foul of the letter.

These privacy concerns are not conflated together, they are all deeply interdependent. I'm not sure what else can enlighten you to that - take the effort to actually understand this.

You go into Nordstrom's, the Bluetooth beacon can determine location of your device(s) within centimeters. You do not need to connect to it. I see the hardware address, it goes in the database. I see how long you spent at the jewelry counter, i see when you left the store, I see when you hit another beacon in Best Buy. You visited CPU-monkey comparing processors, the cookie and pixel tracking used on your phone (mind you, pixels cannot be turned off and they can pull quite a staggering bit of identifying data... they often appear in emails) now links the cookie, Bluetooth address, and the pixel from your Zales account and the last promo email they sent (not a cookie, something you cannot delete). This "fingerprint" is not hard to form and it sold in one form or another directly or given access to as a fee for a platform (which Google does with rtb).

The broker service sees you are shopping for more expensive things. Access to serve you adds is sold. Now, you get an offer from Affirm or Capital One to open a new line of credit. Instead of paying cash, you take the Affirm route and pay 3.99% interest to spread a payment over years instead of just paying everything right then.

It seems convoluted because it is. Just because data is stored locally does not mean it is not shared (and brokered) without your consent or control. You really should at least read about browser fingerprinting. Here is a quick, accessible read: https://www.techradar.com/features/browser-fingerprinting-explained

Anyone can see (virtually or in real time) if they have a uniquely identifiable browser fingerprint (along with ways to close the privacy gap):
https://coveryourtracks.eff.org/

This is operating system agnostic. You can read for yourself directly from Google, Apple, Amazon and the like exactly how developers can implement tracking. You can also read from the FTC directly each example I have brought up and why this is a major issue in the USA and abroad (since you didn't trust the NY Times or other reliable sources). Here is another example:

https://www.ftc.gov/news-events/news/press-releases/2024/01/ftc-order-prohibits-data-broker-x-mode-social-outlogic-selling-sensitive-location-data?ref=lite.verity.news

https://www.ftc.gov/business-guidance/blog/2024/01/what-goes-shadows-ftc-action-against-data-broker-sheds-light-unfair-deceptive-sale-consumer-location

Stern has a privacy policy. They will share with a third party, they have no actual control what that third party does. It has happened in the past and it can happen in the present, said third party can do what they want.

We have no clue what various SDKs stern or its 3rd party is leveraging (including the licensing agreements Stern agrees to in order to develop and implement)... none of it is transparent.

All available information is gobbled up. This is not big brother, it is big data. It is all relevant and valuable to someone.