The 600+ Companies PayPal Shares Your Data With (schneier.com) 48
AmiMoJo shares a report from Schneier on Security: One of the effects of GDPR -- the new EU General Data Protection Regulation -- is that we're all going to be learning a lot more about who collects our data and what they do with it. Consider PayPal, that just released a list of over 600 companies they share customer data with. Here's a good visualization of that data. Is 600 companies unusual? Is it more than average? Less? We'll soon know.
Looks alarmist (Score:1)
This looks alarmist, but really the only surprising thing is how many companies they partner with under marketing is almost the same number as they partner with for anti-fraud.
Despite that, one legal link.
Not that shocking (Score:5, Informative)
What we see there in some cases that "shared data" also includes data collected by embedded crap from 3rd parties such as FaceBook (which pretty much every site has these days). "Advertising ID and device ID to segment user groups based on app behaviour, encrypted e-mail address associated with PayPal users (without indicating account relationship), IP Address, Anonymous ID generated by cookies, pixel tags or similar technologies embedded in webpages, ads and emails delivered to users. Mobile advertiser ID, IP Address and other metadata via Facebook SDK in mobile apps." Yeah, just about what we expected, and it's good that they actually include this sort of stuff on the list.
Here's an odd entry: Carrenza Limited (UK) | To hose a marketing database | Name, address, email address, business name, domain name, account status, account preferences, type and nature of the PayPal services offered or used, and relevant transaction information. I just wish that wasn't a typo...
Nothing to do with outsourcing (Score:5, Informative)
e.g. pull one from the list at random: Global Data Consortium.
"To verify identity and carry out checks for the prevention and detection of crime including fraud and/or money laundering; research and testing as to appropriateness of new products"
There's the cover (fraud prevention) and the catchall "research and testing" which covers any reason at all.
GDC sell data, they buy it from "Data Partners" and resell it. They phrase it real nice here:
"We invest in our data partners, establishing deep relationships with them and providing them with technology to make their information available on our platform. We give them access to a broader market through our MARKETING AND DISTRIBUTION programs, PAYING FAIR ROYALTIES that reflect the value of their services."
i.e. they are a data broker that pays Paypal royalties for selling your data to others. A conduit rather than an endpoint. And Paypal use the catchall phrase to cover bulk sales of all data.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Comment removed (Score:5, Interesting)
Let's stop calling it "sharing" (Score:4, Insightful)
"Sharing" is a friendly gesture and a positive thing. This is neither friendly nor positive -- it's an act of pure greed. What these companies are doing is selling your personal data, not "sharing" it.
Re:Let's stop calling it "sharing" (Score:4, Interesting)
Re: (Score:1)
My point was that using the term "sharing" instead of "selling" is a deliberate attempt to disguise their actual behavior and intent. I find that despicable. Don't you?
Re: (Score:3)
Re: (Score:2)
Re: (Score:2)
This is considered personal information, and under GDPR PayPal has to disclose it.
Re: (Score:2)
It's interesting because we can potentially build up a map of these business relationships and see how they abuse our data to profile us, and because it will make tracking down the source of leaks easier. When one of these companies gets hit with a leak we can see all the upstream victims who shared data with them.
It's also a handy map of easy pickings for hackers looking to nab some PayPal data. Most of these companies that work is outsourced to have crap security.
Re: (Score:2)
Re: (Score:2)
There are 600 companies, each of whom can have a tasty snack of your data. Each of these companies has only the strictest security. I'm sure NO one could do proxy queries, because all 600 have the best security ever!
No, there can't be a nearly exponential number of hack possibilities with 600 partners. No factorial representation of port open across so many different jurisdictions.
I'm just positive it's as tight as a drum. Has to be, eh?
So everybody (Score:1)
They give literally everything to everyone for every reason. Mostly the reason seems to be money, there are a lot of data brokers on that list.
This "To verify identity and carry out checks for the prevention and detection of crime including fraud and/or money laundering. RESEARCH AND TESTING as to appropriateness of new products"
Research and testing is literally any cover reason for getting the data.
The list of companies are largely data brokers, some for marketing some for intelligence gathering, some gove
Re: (Score:2)
>> Nobody forces you to use PayPal.
You've never used Ebay, it seems
(Others also similar)
Also, often, when you pay per credit card, you automatically are using paypal without even noticing, and boom, your purchase, address, and private data is gone.
Re: (Score:1)
You've never used Ebay, it seems
Argument still stands. Nobody forces you to buy (or sell) on Ebay. Paypal isn't unavoidable. Even credit cards aren't (a whole lot more difficult to avoid but still)
Re: (Score:3)
That's not an argument - it's fantasy.
Nobody forces you to buy food.
Nobody forces you to seek medical treatments.
So you aren't forced to use money. You will not live but then nobody forces you to stay alive.
Nobody forces you not to kill or do other illegal actions, it will have consequences but the choice isn't forced upon you.
(Skipped some steps in the reductio ad absurdum (sp?) argument, the rest is left as homework for the reader)
Re:PayPal not such a concern (Score:4, Insightful)
Re: (Score:2)
eBay no longer forces you to use PayPal.
Yes, they do.
Try any other payment method and see where it takes you...
Now we know (Score:2)
Now we know where these online data aggregators get their information from. They have startling amounts of information about people. It makes stalking a breeze. Before, you'd have to go to the local court and attempt to social engineer a clerk. Now it's just a Google query.
I had a PayPal account briefly, (Score:2, Insightful)
back when they first started. They were such assholes that I've only used them once or twice since. And even then, it was only their credit card processing service that I used, and only because I really, really wanted to donate money and that was the only way to do it. In the meantime there have been lots of musical artists, software authors, etc. that I wanted to give some money to - but not badly enough to suck it up and support a company that I'd like to see die. As for making purchases, if PayPal is the
LinkedIn Data Sharing (Score:1)
LinkedIn recently started sharing their "private" data with public records databases such as Intelius. (https://en.wikipedia.org/wiki/Intelius)
Selling your dignity (Score:1)
Re: (Score:2)
I don't have much respect for people who sell their dignity for a few seconds of convenience. If you use PayPal, or Amazon or Google or Facebook or Apple, you're a sucker, plain and simple.
Or visa... or mastercard... or discovery... or American express... or shop at any store online... or visit any website... or have an ISP... or have a mobile phone provider... or have a bank account... or...
The problem is, it's not just one or two stores. It's not just one or two institutions. They're ALL collecting data on you. They're ALL sharing information about you. You don't use Google or Facebook... do you think that means they don't have copious data about you? They do.
You could limit who you do
Re: (Score:1)