Research on The Trade-off Between Free Services and Personal Data

New report: "The Tradeoff Fallacy: How marketers are misrepresenting American consumers and opening them up to exploitation."

New Annenberg survey results indicate that marketers are misrepresenting a large majority of Americans by claiming that Americas give out information about themselves as a tradeoff for benefits they receive. To the contrary, the survey reveals most Americans do not believe that 'data for discounts' is a square deal.

The findings also suggest, in contrast to other academics' claims, that Americans' willingness to provide personal information to marketers cannot be explained by the public's poor knowledge of the ins and outs of digital commerce. In fact, people who know more about ways marketers can use their personal information are more likely rather than less likely to accept discounts in exchange for data when presented with a real-life scenario.

Our findings, instead, support a new explanation: a majority of Americans are resigned to giving up their data­ -- and that is why many appear to be engaging in tradeoffs. Resignation occurs when a person believes an undesirable outcome is inevitable and feels powerless to stop it. Rather than feeling able to make choices, Americans believe it is futile to manage what companies can learn about them. Our study reveals that more than half do not want to lose control over their information but also believe this loss of control has already happened.

By misrepresenting the American people and championing the tradeoff argument, marketers give policymakers false justifications for allowing the collection and use of all kinds of consumer data often in ways that the public find objectionable. Moreover, the futility we found, combined with a broad public fear about what companies can do with the data, portends serious difficulties not just for individuals but also -- over time -- for the institution of consumer commerce.

Some news articles.

Posted on June 17, 2015 at 6:44 AM • 42 Comments

Comments

Bob S.June 17, 2015 6:56 AM

I haven't resigned and don't intend to. WE need to hold the line on this battle. The "study" suggests resistance is futile. I don't think so.

Dig in boys. We can win this one.

EricJune 17, 2015 7:13 AM

Who says anyone needs facebook? I have gotten by just fine without it up until now, and I see no reason to change.

Gmail is trickier - esp if you use android, but you aren't required to receive most of your mail through the gmail account.

Clive RobinsonJune 17, 2015 7:29 AM

@ Bob S., Dan Hill,

There is an alternative "behaviour" that some of us follow that was highlighted many many years ago at the end of the film "War Games" which is "Don't Play".

Which is what I now do with the likes of Giigle and FacePalm, I don't use their services, but I aslo don't ask for "paid for" service replacments, as it's become clear that those companies can not be trusted despite any good intentions they might have due to the likes of the politicos in the pockets of various agencies etc.

Further we have seen that the likes of paid services like Mobile Broadband, the operators are now tagging your packets, and even if you pay extra they still provide others with tracability. So throwing money at the problem provably does not work.

Thus the only sensible solution is finding ways to not play and thus starving the business model till it's unworkable, or likewise poisoning it so the data becomes worthless.

@ ALL,

The real issue is this,

By misrepresenting the American people and championing the tradeoff argument, marketers give policymakers false justifications for allowing the collection and use of all kinds of consumer data often in ways that the public find objectionable.

The problem is the politicos are not that stupid, they don't believe what they are told, only "what they are PAID to listen too".

The nonsense the marketers push out is not for the politicos it's a smoke screen for the public. In general the public are that stupid, as they don't have an incentive to think critically, thus if you keep telling people they "are not part of the majority" a large number will shift their views towards what they are being told is the majority position, in order that the don't feel they are "some weird radical"...

It's just another part of "playing a rigged game", the solution is as always "don't play, or don't play by their rules".

WinterJune 17, 2015 7:31 AM

"New Annenberg survey results indicate that marketers are misrepresenting a large majority of Americans "

Marketers lying?

Unbelievable! Shocking!

AndrewJune 17, 2015 8:12 AM

Question: what is the design of lastpass system if they asked users to change their master passwords?
If all other passwords were encrypted with a key derived from the master password they are still safe if the communication was secured.
But it looks like they stored the master password hash, which seems to be a bad design since they could access people's data (passwords).

FilJune 17, 2015 8:29 AM

To maintain some semblance of control over my data, I take the only course of action I see available. I don't generate the data in the first place outside of rate situations. This unfortunately means I participate in online commerce less as I do not trust my personal info won't be sold to third party marketers and I especially don't trust the Feds won't get a bulk grab of the info on a regular basis, as was stated by Snowden in regards to Amazon purchases and browsing history.

TomJune 17, 2015 8:34 AM

@Eric "Gmail is trickier". Yes, and more than you suggest.

I pay Rackspace for email service but since nearly everyone else uses Gmail, Google owns nearly all my emails.

copynotmoveJune 17, 2015 9:05 AM

"Thus the only sensible solution is finding ways to not play and thus starving the business model till it's unworkable, or likewise poisoning it so the data becomes worthless."

Yes, esp. to the latter. Spam the trackers and marketers. I wish someone influential would pick up on this so it can occur at a scale large enough to make a difference. If companies won't pay for targeted ads, tracker-derived market research, etc., maybe the abuses of consumer privacy will stop. It could work against the NSA, too.

MeJune 17, 2015 9:34 AM

@Andrew

Yes, you can encrypt data at rest, and this will help, but only if the data is at rest.

Presumably, LastPass would like to be used, and likely be available for use every moment of every day. This requires that the data be 'open' which means that it would be very cumbersome to have it encrypted at the same time. Having the salted hashes open with the salts available is, as far as I know, the best way to handle 'open' password (verification) databases.

The actual passwords to various sites etc. are likely still locked in encrypted databases that unlock with the individual master passwords, but there is not really a good way to keep those under lock and key, while still allowing quick access to them.

rgaffJune 17, 2015 9:47 AM

@Bob S.

The study doesn't suggest that resistance actually is futile, only that a large swath of people believe it is so. The fact is, it's not futile at all, but believing it is and therefore resigning and doing nothing can be a self-fulling prophecy... and THAT's why much of the message around us is pumping up the futility argument, to try to lull us into letting it happen.

@Dan Hill

Oh, you mean like https://protonmail.ch/ ? It will be interesting to see if it takes off or flounders, won't it.

@ copynotmove

spamming with false data would be fine if it doesn't take a lot of extra time that I don't want to waste.

@all

You'd be surprised what HOSTILE responses I get from some store cashiers when I turn down their offers of free discount tracking membership cards.... It's like my giving up that "discount" is an affront to their senses, like they're feeling guilty they aren't doing the same, so react in hostile ways when someone reminds them...

Others seem surprised and shocked, and if they seem friendly enough with no scowl on their face, I may point out that this so-called "discount" is getting reimbursed from somewhere, the store is NOT eating it, some mass information collection company is effectively paying me for it. And if it's adding up to a few dollars every visit to the store, then maybe my private information really is worth that much, because if it's worth that much to them then maybe it should be worth that much to me too! A few seem pleasantly surprised to think about it that way.

GeorgeLJune 17, 2015 10:26 AM

@ Clive Robinson, Bob S.
"I don't use their services, but I aslo don't ask for "paid for" service replacments, as it's become clear that those companies can not be trusted despite any good intentions they might have due to the likes of the politicos in the pockets of various agencies etc."

"Don't play" isn't good enough nowadays. These services are now so widespread they achieve the blanket surveillance effect of indirect tracking. As long as you are on a buddy's contact list, which he uploaded to big data social, you are being tracked without ever using that service.

rgaffJune 17, 2015 10:33 AM

@ GeorgeL

"'Don't play' isn't good enough nowadays."

So do you have a better alternative? Each person can only do what each person can do.... and groups of people can only do what groups can do...

GerogeLJune 17, 2015 10:50 AM

@ rgaff
"So do you have a better alternative?"

Not really. I was hoping that he does or can prove it wrong. Personally, I use big data social. I'm not technically proficient enough to avoid using them while carrying on my daily activities.

BradJune 17, 2015 11:16 AM

@Andrew

"Me" is not being very clear in his response to you. No idea what he is saying "yes" to. Let me be clear. Lastpass cannot access your encrypted data. That is unless they do something malicious with their javascript, browser extensions, etc. If they are doing what they say they are, they simply cannot access it. Yes they store a hash of the master password. That's fine because all that's used for is to authenticate you so you can download the binary blob and manage your account. It cannot be used to decrypt anything. To do that you need the master password in order to derive the encryption key. The key and the hash of the master password are two completely different things. You cannot derive the key from the hash. The cryptographic hash of the master password gives you nothing in that regard because it's a cryptographic hash and by definition (should be) irreversible back to the master password (which you need to derive the key). All of the crypto operations happen client side on your device.

Then why are they asking people to change their passwords? Out of an abundance of caution. So the attacker has your master password hash. IF they can crack it (and this is a big if because it's a decent number of rounds of hashing and they have to do this crack per user because everything is salted) because you used a weak password THEN they have your master password. This would mean they can come back at any time and both login as you and download your data and decrypt it (even if this were to happen Lastpass would require an email code as a 2nd factor when logging in from a new IP). To be on the safe side, as long as the intrusion was actually remediated and everyone changes their master password there is no more risk to them at all, even if it was a small risk to begin with.

MultiModeJune 17, 2015 12:19 PM

The survey questions used in the study are loaded and clearly influenced the responses people gave. The headline that other's are "misrepresenting" public opinion is a very ballsy statement when the researchers are cooking results like this.

Example: "91% disagree (77% of them strongly) that “If companies give me a discount, it is a fair exchange for them to collect information about me without my knowing.”

1.)Are we surprised that 91% of people think that some bad thing being done to them without their knowledge is disagreeable?
2.)"is without my knowing" really a fair characterization of the data collection reality? Do companies not tell you they are collecting information?


Example 2: "we conducted a representative national cell phone and wire line phone survey of 1,506 Americans age 18 and older who use the internet or email “at least occasionally.”"

Is 1506 people who respond to phone surveys a sufficiently sized and truly random sampling to "representative" of the views of American consumers? (I would be less concerned by the size of the sampling if the questions did'nt seem to lead respondents on).

rgaffJune 17, 2015 12:22 PM

@ GerogeL

Yeah. Well I'm still on big data for some things, while I experiment and/or look for good alternatives... It's not an instant thing, it's a process that takes time.

Anon6June 17, 2015 1:04 PM

@MultiMode

Do you really think true "privacy warriors" (like the majority of people reading this blog) are really going to tell some "anonymous" (bah!) phone survey what they really think of the exchange of personal data for discounts and convenience?

As others have mentioned above, the release of survey results noting that Americans are willing to exchange personal data for those discounts and conveniences is just brainwashing the undecided public into just giving in, and letting it happen to them. I would really like to see more articles letting folks know that they can fight back, or "Not Play" the game.

But people have become accustomed to their freebies, and don't want to lose them, so they'll continue to give in, and just sign on the dotted line.

Yes, I am willing to pay more, and make trips to the ATM, so I can stay off lists, and use cash to prevent a purchasing trail from being compiled on my credit card. (And, after so many news reports of data breaches at the big retailers, I don't trust many of them with my credit card number anyway)

MultiModeJune 17, 2015 2:58 PM

@Anon6

Everyones entitled an opinion privacy. A lot of the prior commenters seem to be accepting the premise of the research because its compatible with their world view. Even if we think the flashy headline here is accurate, we should ask if the research actually supports the claim.

I would encourage you to read the linked to research paper and decide for yourself whether the researchers captured an accurate and honest assessment of public sentiment concerning the service/privacy trade off.

If this were an opinion piece posted on somebody's blog I would have nothing to say, but this is PHD research making strong allegations that marketers are "misrepresenting" public sentiment. The implicit underlying claim is that the researchers claims are more accurate the the marketing fluff.

The supporting evidence to these claims are pretty shaky. I'm admit-tingly more concerned by the wording of their questions than the potential for nonresponse bias to change the findings.

CallMeLateForSupperJune 17, 2015 3:06 PM

I second Clive's "don't play". Anyone who poo-poos it out of hand either clearly does not understand it or is one of the "resigned"[1].

I am a person who answers "But you can't DO that!" with "Look... this is me doing it." (Also, telling me I *shouldn't* do something is a sure-fire way to get me to consider doing it.) A poster above described umpleasant interactions with incredulous sales persons; I had similar experiences several times, most recently with a clerk who snarked, "You don't like saving money?!" when I declined to sign up[2] for a customer loyalty card. "Of course I do", I replied. "When I don't like a store's price, I spend my money elsewhere."

A while back, in a post here, I treated those "loyalty tag" thingies with some derision. Clive responded with the observation (nudge-nudge; wink-wink) that they can be useful: simply trade yours for someone else's. The utility struck me at once (I have a devious streak), and so I floated the idea to a certain circle of my friends who gather together at regular intervals. Recently I heard that "trading CLs" (Customer Loyalties) has become very popular.

--------------------------------------------
[1] Per the subject document, "Resignation occurs when a person
believes an undesirable outcome is inevitable and feels powerless to stop it."

[2] "Sign up"??? Why isn't it "sign *down*"? Or "sign under"? (I have a sneaking suspicion that George Carlin posed similar - if not the same - questions long ago.)

CallMeLateForSupperJune 17, 2015 3:23 PM

@MultiMode
"The implicit underlying[sic] claim is that the researchers[sic] claims are more accurate the the[sic] marketing fluff."

No-no-no. The paper clearly states its claims.

"Accuracy" does not apply to marketers' claims here, so there is no basis for comparason.

tyrJune 17, 2015 3:34 PM

@Anon6

One thing that isn't overly apparent is how this effects
children. If you grow up in a sea of this stuff how are
you supposed to be able to consider an alternative ?
You've never seen or heard of one, your parents go along
with it even if they disagree. Bernays understood this
and knew he could convince women to smoke quite easily
even though his target was women who had not smoked a
cigarette and did not know anyone who ever had. All it
takes is the appearance to lull the average folk into
compliance. "All your friends are on Facebook, why aren't
you ?"

If you turn off your anti tracking and visit a child
website you'll find at least double the tracking cookies
and advert measuring systems. This is not a coincidence
and it's not a revenue stream to hover over a K-12 kid
like a cloud of vultures. Couple this with the mealy
mouthed Protect the Children loonies, who are afraid
to let a child ever be alone and you can clearly see
the new Orwellian future on the horizon. Nobody seems
to care and nobody wants to talk about it. Society is
all about trust and the paranoid loner model may be
stylish but it won't pave a road or deliver water to
your faucet. In the olde dayes everyone on the Net
was encouraged to save bandwidth, now the whole Net
is full of bandwidth hogging crap building dossiers
for institutions that would prefer to be invisible.

I don't have a definitive answer but we have to be
proactive about forcing institutions and culture to
be trustable ot there won't be a future worth living
in. So start somewhere on your own behalf. Pick
any of the invisibles and force them to become the
future you want to live in.

The future is something you make it isn't just what
happens to you.

BoppingAroundJune 17, 2015 4:32 PM

rgaff,
> You'd be surprised what HOSTILE responses I get from some store cashiers when I turn
> down their offers of free discount tracking membership cards...

Could those have an order to 'serve N tracking cards this day', failing to achieve which would lead to a loss of some percent of their salary?

JustinJune 17, 2015 4:50 PM

There are groups like CASPIAN that have been around for a while fighting this. (Giving up privacy for discounts or free stuff.) In practice you have to use cash if you value your privacy.

For me, it's not so much the data that violates my privacy, but the correlations they make with it, the conclusions they draw from it, the intrusive marketing on the internet it enables, when my online and offline shopping is correlated.

Another benefit to cash is that you aren't going to be spending it if it's not in your wallet. That's definitely not what the marketers want.

copynotmoveJune 18, 2015 9:12 AM

"spamming with false data would be fine if it doesn't take a lot of extra time that I don't want to waste."

Convenience is the carrot.

rgaffJune 18, 2015 11:03 AM

@ BoppingAround

I hadn't thought of that, because it looked to me like close to 100% of shoppers already had the cards and used them. One idea I had is they just couldn't fathom what a stupid person would turn down free money!

BoppingAroundJune 18, 2015 11:09 AM

Justin,
Interesting link, particularly this part: http://www.nocards.org/faq/faq_04.shtml
I was mildly amused when they mentioned performing rain dances.

rgaff,
> One idea I had is they just couldn't fathom what a stupid person would turn down free money!

Responding with hostility seems quite strange to me. Surprise, amazement fit in better. OTOH, we aren't that much of a rational species.

gordoJune 18, 2015 11:49 AM

If asked if I have a loyalty card to scan at checkout, I say no. If asked if I'd like to sign up for one, I say no. Many times, whether asked if I'd like to sign up for a loyalty card or not, the store clerk just gives me the discount anyway. It's anecdotal, but it seems to be happening more often.

A friend once gave me one of his loyalty cards so that I could earn him some extra points. I said okay. I carried that card around for years until it finally fell apart. He happened to be vegetarian, which I am not.

gordoJune 18, 2015 11:58 AM

...the loyalty card was for a grocery store. I never asked if he got coupons for meat or poultry discounts.

rgaffJune 18, 2015 2:41 PM

@ gordo

Where do you live? I haven't gotten any discounts anyway around here! (just teasing, don't tell me)

@ BoppingAround

Yeah, the hostility is puzzling... that's why I started to wonder about more sinister explanations for those, than the simple surprise/amazement.

I'll admit surprise/amazement is actually more common than hostility though. And if they're nice enough, I start educating. And then some get even more amazed in another way... People just don't think about why they're getting "free stuff" or "discounts"... They're just used to grabbing it, even if it's pennies. It's designed to feel like finding free money on the ground, not selling something that belongs to you (your privacy).

Usually it's something like:

(friendly cashier talks amicably about various things while checking out, then at the end)
cashier: do you have a SuperDuperWhizStore discount card?
me: no thank you. (smile)
cashier: (looking surprised) would you like to sign up for SuperDuperWhizStore discounts?
me: no thank you.
(cashier looks amazed)
me: if you think about it, if hundreds of data collection companies are willing to pay me $5 to know what I bought today, maybe my personal information is actually that valuable, so I'd like to keep it...
cashier: (confused) but nobody's paying you anything, it's a discount...
me: well you didn't think the store was just eating the discount, right? some big data collection company is paying the store to give me that discount, so effectively they're paying me for my private information, through the store discount program.
cashier: (far away look on face) oh....

And I usually leave it at that, let them mull over that crazy encounter with the madman that didn't want free money for a few days, etc...

If I just get coldness or indifference right up front, then I never give explanations anymore though, as that's probably when I more often get the hostility...

BoppingAroundJune 18, 2015 4:49 PM

[re: getting discounts] rgaff,
US might qualify. Heard similar stories about cashiers swiping their own 'reward' cards for clients or something like that.

rgaffJune 18, 2015 5:52 PM

@BoppingAround

I live in the US. I've seen one swipe a courtesy card for me before, but I haven't noticed it in many many years, I was starting to wonder if there was a general policy change or crackdown, until @gordo said something.

KennyJune 19, 2015 8:00 PM

From a financial point of view, the biggest rip off is really about how *much* money the service provider are making from our personal data. IOW, the users are getting "underpaid" because the services aren't really worth as much as they're "charging", I mean how much they're making. The users don't really know just how much money is being made off the use of their data.

What's needed is a way to monetize the users personal data and basically sell it to the service providers, perhaps in a granular way. If it can be determined for example, that Facebook or Twitter makes 5 cents for every tweet, then maybe a system could be devised where the user would only provide their personal data in return for some of that money in return. Say, .5 cents for the use of their age and gender, 2 cents for 3 months of shopping data, etc.

Another way of looking at it would be profit sharing. Think of a social network with the same services as Facebook that sent a money to it's users every month. OF course their are potential pitfalls, namely that given a financial incentive, users may drastically alter their usage of a service. IAC, I think that someone is going to figure this out and it could be a game changer.

rgaffJune 20, 2015 11:39 AM

@ Kenny

"2 cents for 3 months of shopping data, etc."

What the heck... my local grocery store is already willing to PAY me $5 or $10 dollars for the data from a single shopping trip!!! (those discount membership rewards cards, yep, that's it)

tzJune 21, 2015 7:22 PM

It is worse.

How can I pay $X per year and NOT get tracked. Google sells me (though I have lots of blocking).

Google has no way of paying $X to block ALL ads, not track, yet give proportionate fees to those who have adsense.

I'm using Google because it is the biggest and most obvious. At home, I've added DNS based ad-blocking on my OpenWRT router because I'm tired of the trash and tracking.

I can and would pay extra for a clean internet experience. But I can't get one.

I'm a liarJune 21, 2015 9:54 PM

867-5309 - gets an account discount that is shared around the US for almost every store using telephone numbers.

I lie on most accounts. Twitter, Facebook, even some accounts with financial connections. I block about 14K ad networks - including facebook and twitter. The internet is fast again if you do that.

Picked up a loyalty card - lied on the application. Wrong name, wrong address, wrong phone. The card has been working for years. Every year or so, I swap the card with a different friend as a "privacy enhancement."

I do not give out useful email addresses, just numbered email aliases with "spam" in the name. Spammers have been trained to remove "spam" from email addresses, so by having "spam" as part of the email address - oddly - I don't get **ANY**, ZERO, NADA, spam to those addresses. It is weird.

If you don't want to use big data, centralized solutions, you don't have to. There are many solutions that you can run yourself with just a tiny bit of effort. https://github.com/sovereign/sovereign is one example with federated replacements for twitter, facebook, google-reader, and about 10 other "big data" options.

I've been toying with the idea of only sending a standard message to people who elect to use gmail, yahoomail, outlook.com, and other centralized email providers stating that I disagree with their choice due to privacy considerations and will only communicate with them using gpg encrypted email. Clearly an anti-social stance and I think 95% of my contacts will stop - including most of my family.

Jenny JunoJune 22, 2015 9:36 AM

(1) In the last couple of years there has been a lot of doubt whether loyalty cards are useful to the stores themselves. That is an idea that I've long suspected (and hoped) - once you get to a baseline level of simple marketing all that profiling provides marginal utility at best, and maybe even negative utility given the costs involved because people are not static creatures.

Here's one example of such thinking, there are plenty more where this case from (i.e. google):

http://www.foodnavigator-usa.com/Manufacturers/Supermarket-loyalty-cards-are-not-delivering-says-TABS-Group

(2) Furthermore, loyalty cards only create the illusion of saving money - the stores jack the prices up just so they can have special card-only sales that are back to normal pricing. But if you don't buy a product that is on sale, you end up paying the crazy inflated price. Better to shop at a store that does not have a loyalty-card inflated pricing in the first place.

(3) As for the fact that because everybody else uses gmail/hotmail/yahoomail you are still being profiled - use per-contact email addresses. A domain is $9/yr and email hosting roughly another $20/yr. With a little effort, you can hand out a unique email address to every single person you correspond with - I tend to incorporate their name, for example when talking to Bob I use onlybob@mymail.com and when talking to Jane I use onlyjane@mymail.com. That breaks when you send emails to multiple recipients, but it is still a major improvement over the common case of one address to uniquely identify you.

Nick PJune 22, 2015 11:43 AM

re loyalty cards

@ rgaff

"What the heck... my local grocery store is already willing to PAY me $5 or $10 dollars for the data from a single shopping trip!!! (those discount membership rewards cards, yep, that's it)"

That's probably not the case. Almost all of them inflate prices then discount them. Comparing company by company, they charge just under or just over the going rate on "member-discounted" items. The price discrimination it allows on coupons saves them money.

@ Jenny Juno

Interesting piece. Not sure where I am on the debate far as if it works. One of our local stores, Kroger, got to around $90 billion using a combo of deals and service. The Kroger cards' dataminers are pretty good at targeted deals. They're also good at discriminating with them. I can tell by comparing what I get vs what others get. They combine that with the deals for everyone and confusing ads the author mentions to create the illusion of a free for all of good deals. They also con customers by making "regular price" higher than going rate to inflate the savings numbers on their receipts. All this works based on what other shoppers tell me about why they shop there. Place is so busy this year that I've shopped at other places just to move around more easily. lol...

So, I think that debate might benefit if people stop thinking about rewards cards as the deal by themselves. Companies, too, if any of them were doing that (Tesco?). They have to look at the big picture: company's differentiators plus a rewards program that supplements it. Do they have more success with that combo or without that combo?

Nick PJune 22, 2015 1:18 PM

re the study

I found page 4 to be the most interesting. It shows what I suspected: most Americans don't understand the tradeoffs, their value, and especially alternatives. Basic to human agreements are that the person is capable of knowing what they're agreeing to and consented to it. These people only had consent and some in a coercive way. So, more than the prior survey, this argues clearly that marketer's premise is false given most people didn't know about tradeoffs.

The researchers were clever on p 13-14 where they showed important inferences. I think, like with metadata discussions, there's benefit to focusing on specific types of revelations that might bother people. We already know people are conscious about what can be inferred about politics, relationships, medical conditions, and so on. I think future studies should focus more on this. Factoring in what matters to Americans, the amount of people accepting any tradeoff might be *much* lower. We already saw a drop to "around 20%" but I suspect that's not the real bottom.

re recommendations of study

Naming and shaming is a decent approach. Many consumers use scorecards from organizations such as Consumer Reports to inform their purchasing decisions. There's privacy scorecards in existence. Refining this approach for various sectors and services would certainly help for people putting in effort.

The journalist recommendation is a good idea but will mostly fail. The reason is that mainstream media dominates media discussions. Their customers are mostly advertisers which often push privacy-defeating services. The conflict of interest will negatively impact the reporting. Non-mainstream media organizations or those with consumer focus are best sources for the recommended reporting. Independent journalists, even radio personalities, could also make plenty of headway.

The third recommendation is essentially the European approach. There's been problems implementing their framework but it's overall a good idea. Won't work in and of itself without above two recommendations. Might not even need it if market responds to above with better tradeoffs. The rise of privacy-focused companies show this is possible.

rgaffJune 22, 2015 3:20 PM

You all have a good point about jacking up the price for discounts... interesting discussion!

Clive RobinsonJune 22, 2015 4:35 PM

@ rgaff,

You all have a good point about jacking up the price for discounts...

In theory --only-- some European countries have laws and regulations to stop this sort of behaviour.

However the laws and regulations are by no means "all encompasing" but worse they are very rarely applied, so unfortunatly the practice continues.

In the UK due to the two "financial crises" with the enforced austerity on the salaried and waged and gutting of savings etc by "quantitative easing" there had been quite a bit of "belt tightening".

The first businesses to get hit were those with "leisure and pleasure" activities as people stoped spending on nights out in pubs, clubs, restaurants and holidays in hotels and abroad.

Initially "take aways" and "supermarkets" did well and they price hiked either to profiteer or in limited cases to reduce excessive demand. But as the UK Gov made things worse even these businesses started to suffer, and many familes have become reliant on charity "food banks" just to get a minimal meal a day, even though they are earning the same income as they did prior to enforced austerity.

The supermarkets thus saw a major "survival crisis" hit them for the first time in living memory and the price cuts were for a time real.

However the super markets have passed the cuts back to the suppliers and food standards dropped significantly as UK producers hit the wall and have gone out of business and foreign virtualy uncontrolable companies moved in to replace them. Thus we have had the "Donkey Burger" chrisis and other unknowns such as eight year old frozen fish thawed, rehydrated and sold as fresh. Along with "junk stuffing" with foods being adultarated with nutritionally questionable ingredients to "bulk them out". And quite a few other nasties (such as live stock fed on excrement from other live stock, and over use of drugs way beyond the minimum safe time before slaughter).

However supermarket "offers" are rarely on anything other than "named brands" and these are almost always offset by inflated prices on "own brand" and "basics brands".

However if you are prepared to check nutritional content on lables in four or more different stores and normalise by the prices you can then gain some benifit. Though the "low cost" stores still pull various tricks. One in the UK that originates from the EU does not sell fruit by weight but by the number of pieces in a bag. Although the prices look better the fruit is usually significantly smaller weighing maybe two thirds of that in stores that price by weight, thus you pay between a fifth and a quater more.

These stores thus rely on the fact that by far the majority of shoppers only have time to visit one supermarket and thus don't "shop around" and profit accordingly.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.