Is data a small price to pay for convenience?

I see the question of “why care about privacy” more discussed than other important questions

This goes in the first place to data collection points that I found hard to completely prevent. And not for things like Apple or Google which one can find alternatives to.

Location tracking is unavoidable without full airplane mode, which defeats the whole point of caery

And contactless payments are a saver in many situations. And could be safer to carry your phone only instead of cash when travelling.

Do you think the convenience is something worth giving up privacy for?

I think it’s something that each person has to decide for themselves. I’m not for going full-snowden mode for everyone since everyone has different needs. I just think people maybe don’t really understand the amount of data collection that happens. If people were aware of exactly how much data is collected and what happens to it afterwards, they could make informed decisions about their own personal privacy. As it stands now, I think people mostly just see the convenience without really having the information to make these decisions.

Personally, I like to keep my phone in airplane mode for privacy reasons but also so I don’t get interrupted when I’m out. I like to pay for things in cash whenever I can but I also like to use Apple Pay sometimes. That’s just what works for me.

Depending on your area, you may be able to find a decent amount of wifi, which would allow to avoid turning off airplane mode and still be able to connect to a network. Test it out. You may have to try a diff vpn providers. Ive had more luck with mullvad.

Also see if its something you can handle. Instead of using Google Maps on the road, do some research from home to plan out your route.

As for payment, cash is the way to go. Ive not had much success with prepaid cards. Virtual cards when your purchase already includes personal info.

Dont do all this at once. These are big changes so take it one at a time

Definitely, public wifi is everywhere where I live so it’s not too bad for me. I believe Google maps works offline, haven’t tested it out though.

Contactless payments with a phone is just a godsent feature. The boost in security, speed and convenience is insane.

And it’s the thing I still don’t get. How is that different than contactless payment with a card? I have to take my phone, unlock it, use some app, or I can take my card and put it to the terminal. It’s the same thing.

I use cash a lot (comparing to most people these days), and it also doesn’t make much difference to me, when it comes to convenience. But that one depends on country (currency and banknotes used)

I think that people, especially people whose interest in digital privacy and security is new make the mistake of thinking they need to go invisible. You can’t do that (realistically), and even if you wanted that, you couldn’t do it.

It’s apparent that this is likely how you currently feel based on your post:

Your phone connecting to cell towers when you don’t use airplane mode means that it’s hopeless and that there’s no use in pursuing privacy and security? I completely disagree.

I think that for most regular people, they first need to take care of basic security. That means securing their accounts, using a password manager, using strong 2FA methods. Your first goal shouldn’t be to become anonymous, it should be to make sure that a service you signed up for 11 years ago having a data breach doesn’t completely destroy your digital life. Much more reasonable, isn’t it?

Then, you want to cover the next thing - use devices which are up-to-date and not end-of-life. Don’t use a computer that still runs Windows 7. Don’t use a phone that hasn’t received firmware updates for 2.5 years. Are you doing that to become a ghost? No, you’re doing that so that you’re not susceptible to widely-known public vulnerabilities.

Once you’ve taken care of basic security, you can start looking towards privacy and what that means to you. This is where most people lose it, get overwhelmed and quit. You use Facebook, you use Instagram. Is all hope lost? Are you forever doomed because those services collect data on you? Is privacy dead? No. If you want to keep using those services, keep using them. Be aware of what that means, and deal with the fact that what you do within those services is not private. Does that mean that since you decide to use those services, you don’t want other aspects of your life to be private?

Say you’re using Google Drive for your work or school notes, does that mean that because you do that, it’s over? Not everything is equal - there are probably other notes that you would rather keep separate, and you should find a solution that keeps what you want to keep private… private.

Just because you want to use a system that allows you to make contactless payments doesn’t mean that you can’t and shouldn’t keep some things to yourself.

By using a phone for contactless payments I don’t have to carry my wallet or a card and worry about losing my card or a wallet accidentally or just getting robbed. I even can make 10 contactless payments without connecting to the internet.

It’s not the same thing because a robber on anyone else can do the same too. Just get a hold of your card and spend the money. Meanwhile, with a phone, they will have to unlock it and authenticate.

You will have to carry cash and if someone steals it from you then you can forget that cash. Then you need to give that cash to the cashier and she needs to put it in a cash register and give you your change then you have to take your cash and put it in your pocket or wallet.

Plus I get all of the benefits from my credit card which is 180 days of insurance on the stuff that I buy, I can build up a good credit score, etc.

Absolute privacy is impossible, unless you literally go ‘off the grid’. Whether it’s the government, banks, your healthcare provider and so on, there are a lot of compromises to be made and it all depends on your threat model. I think 99% of PG users aren’t ‘interesting enough’ to warrant an extreme threat model.

I personally cannot live without Uber or Google Maps, at least until a viable alternative exists, and that’s not really an issue because my threat model is simple and is only based on minimizing data collection as much as possible. In this example, it includes turning things like location history off.

The main difference is that when you use app instead of card, merchant won’t see your card number (Primary Account Number, PAN) nor other cardholder data (Obviously greatly simplifying). It is because Apple Pay, Google Pay etc. tokenise your number, and do not disclose it to the merchant (the entity that accepts your payment). So is it safer? Is it more private? The answer is… it depends. On the one hand you do not disclose your cardholder data to everyone, but on the other hand, you give it to one, specific entity. So basically, as most of these days - who you trust more. It depends on your threat model.

PS I highly recommend you check how different is the payment processing done by Apple and how it looks like in Google case. The intent is the same (to process a payment), but how it’s done, is significantly different.

For the better or worse?

Assuming you are referring to a mobile payment operator, it is worth noting that in the case of Apple Pay, cardholder data is never stored on the iPhone nor transmitted to Apple servers.

FfkfayuVsAAxHaR1584×1792 145 KB

Yep, that’s exactly what I’m referring to. Thanks!

I think the data we pay is an extremely great price to pay for the convenience we get. Literally. Companies like Google or Facebook made a fortune off of people’s data. That should tell you how valuable it really is. If you discovered a gold mine in your basement, would you give it all away in exchange for a few discount coupons at the grocery store? Of course not. Even if it didn’t have any value to you (because of lack of knowledge, equipment, etc) you would still want to get a fair price based on what is worth.

This is spot on. People don’t know and/or care about this because they are content with what they get in return. But if you found out that you are getting paid half of what you could be getting, would you just shrug your shoulders and let it be?

Free stuff is great and all, but when something is too good to be true, it probably is. Why does Facebook need to know the pattern of dust spots in my phone camera? Why does Facebook need to know the specific pattern generated by the gyroscope in my phone while I hold it? Why is Google scrupulously logging my every step, even when I’m not using it? Why does Google need to secretly implement hidden microphones on home security device? Are those things really necessary?

I think the better question is how much data buys that much convenience? How do you even measure it? And what happens when that data is misused? Do we just let it slide in the name of convenience? Same as we do with bank bailouts? If the mailman gets caught going through your mail he gets to lose his job and maybe even go to prison. But when Google does the same, for their own profit, nobody bats an eye.

Let me just mention that you do not need Google Pay to pay with your phone on Android, there many banks that offer their own payment options via NFC without the use of Google Pay.

Some quick complementary observations:

1. What I pay for something today will be different (usually higher) tomorrow.

2. The price I pay and the price You pay is different from the (much higher) price We pay.

Most conversations about privacy revolve around the immediate effects on personal well-being. It’s normal because firstly, it’s what we can control, and secondly, because it’s more obvious. The problem is when the effects are slow/laggy, complex, and with a great inertial impact. Maybe like climate change? Many aspects of the observations I made are explained in an article on “enshittification” if you are curious and haven’t yet read it.

It’s not the same thing because a robber on anyone else can do the same too. Just get a hold of your card and spend the money. Meanwhile, with a phone, they will have to unlock it and authenticate.

Do muggers really target cards? You get so little value out of them, even when contactless payments are enabled. Aside from this, when you go to make a payment with the card (if the victim hasn’t already called the bank to cancel the card), the transaction is logged, along with your location, and there are likely CCTV cameras around in any place with point-of-sale devices. It’s dangerous business.

Edit: What I do is keep one card on me with less than $10 on it, and that is the only one I enable for contactless payments. I top it up when I need to pay for something, if the business does not take cash.

Mug is the obvious case to take some remediation as a victim - you “just” block your card. Although, mostly this is not the case.

When you lose your card, the thief takes not only your money on the card/account, but also your identity. And this is much more dangerous and much more common (and numbers are raising). Unless this is just a simple, not so bright mugger that goes straight to the shop and buys himself something cute. Which will get him nice and easy, straight to the court. But the bad guys (real bad guys) are smart.

With mobile payment some of this risk goes away, as the card is not as “easily visible and reachable “. I mean, of course, there are other risks like enhancing NFC’s signal and redirect payment or something like this, but actually identity theft in this example is harder.

you “just” block your card.

I neglected to mention that some banks are not available for contact on weekends, or in the evening, so it may take some time for you to cancel your card. If you were a smart mugger, you’d do your mugging on Friday night.

When you lose your card, the thief takes not only your money on the card/account, but also your identity.

Most identity fraud scams are more complicated than this. They collect billing statements by going through your mail and searching for plenty of other information they can use when applying for services like loans.

It’s usually more clandestine; you don’t want your victim to know you’re frauding them so you have more time to get away with it. I doubt many identity fraudsters would be mugging their marks for their credit card.

Now, something that hasn’t been mentioned in this thread yet is card skimming. This is a lot harder to prevent with physical cards. It’s much harder to skim your cellphone/payment service, if not impossible, however it’s done. If you’re worried about someone scanning cards in a crowd, you need only turn NFC off—though you don’t even have to do that for most cellphones, because the card is only unlocked when you go to pay.

If you’ve got a credit card, you might want to start carrying a Faraday bag around to prevent that.

It’s also worth noting that Apple Pay, Google Pay and Samsung Pay are not your only options for point-of-sale cellphone payments. Some banks also offer payment services with their cellphone app.

Yeah, I absolutely agree with you that identity theft is much more sophisticated. I just wanted to show that the data itself on the card is problem, not only the money it “contains”. I think I didn’t show it clear enough, so that is my bad, and I’m sorry for that one.

This is very interesting. Are you referring to the US or UK, or which country? Because AFAIK for example in Poland (and I guess in whole EU) it is mandatory for banks to provide 24/7 call-centre in case this kind of events especially (I think this is connected with the AML laws and anti fraudulent laws). So I’m kinda curious right now how it looks like somewhere else. If you have some details about that one, I would much appreciate that.

100% agree. Enhancing and intercepting the NFC connection is one way to do it, but it’s not skimming per se. And it is much harder. I mean, as per risk based approach I hate saying “there is (no) possibility to do X”. There will always be a risk that somebody will come up with an idea of stealing data, including card data from the phone. Yet, this is still much safer, and ultimately “private” to use card within mobile, than physical card. From this point we just have to ask ourselves a question - is sharing my data with this provider is bothering me?

Exactly, as well as card brands are providing it as well (e.g. Visa+).