• Boring@lemmy.ml
    link
    fedilink
    arrow-up
    110
    arrow-down
    1
    ·
    edit-2
    1 year ago

    I created an account while in the store with an email of [email protected] and a basic password and surprisingly didn’t have to verify the email. Then turned on a VPN to my house.

    I plan on just creating a new account every time I go in just to fill up their database with nonsense.

      • ddh@lemmy.sdf.org
        link
        fedilink
        English
        arrow-up
        11
        ·
        1 year ago

        This makes me feel a lot better about ChatGPT garbage corrupting Google search results.

      • Altecheon@ttrpg.network
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        Fun fact: Android developer options has a Disabled Persistent Mac address randomization toggle. Or at least Pixel phones do

    • geekworking@lemmy.world
      link
      fedilink
      arrow-up
      18
      arrow-down
      3
      ·
      edit-2
      1 year ago

      You do realize that they are actually tracking the device itself by the hardware MAC address and other device fingerprints.

      The email is just a bonus to let them legally spam you. Anti-spam laws have an exemption. If there’s a prior business relationship like shopping in their stores, they can put you on their spam list unless you opt out.

      Bogus email only helps for spam but doesn’t do anything about tracking.

      EDIT: For Android when there’s a Captive Portal like the screen shot. devices will use Persistent randomization which while not the hardware MAC will remain the same for the same network where they can track your visits.

      • Dark Arc@social.packetloss.gg
        link
        fedilink
        English
        arrow-up
        32
        arrow-down
        3
        ·
        edit-2
        1 year ago

        Pretty much all modern phones randomize the MAC address everytime they connect to a network unless the user explicitly says not to do that.

        • 𝒍𝒆𝒎𝒂𝒏𝒏@lemmy.one
          link
          fedilink
          arrow-up
          6
          ·
          edit-2
          1 year ago

          randomize the MAC address everytime they connect to a network

          +1, had issues using Android devices for presence detection because of this very useful privacy feature. Even on your home network, the MAC address and device hostname get randomized, unless disabled in the settings

          Edit: typo

        • geekworking@lemmy.world
          link
          fedilink
          arrow-up
          5
          arrow-down
          1
          ·
          1 year ago

          When there’s a Captive Portal like the screenshot, many devices use a random but persistent mac for that network avoid reauthorization after any network drop. This will make your access to the specific network trackable.

          • Boring@lemmy.ml
            link
            fedilink
            arrow-up
            2
            ·
            1 year ago

            But can’t you go manually forget the network in your device network options to circumvent this?

          • Dark Arc@social.packetloss.gg
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 year ago

            I’d assume after a certain amount of time or after moving far enough away from the network it “forgets” the last randomized MAC address?

            It doesn’t really make sense to store these things long term.

      • Boring@lemmy.ml
        link
        fedilink
        arrow-up
        5
        ·
        1 year ago

        GrapheneOS let’s me do a per-connection randomized MAC.

        I’m sure they do collect a lot more about my device, but there’s not much I can do about it short of wrapping my phone in tin foil.

        • wreckedcarzz@lemmy.world
          link
          fedilink
          English
          arrow-up
          3
          ·
          1 year ago

          Don’t forget to disable wifi and bluetooth before approaching the store, as those give off unique identifiers too.

    • Zastyion345@lemmy.ml
      link
      fedilink
      arrow-up
      11
      ·
      edit-2
      1 year ago

      Don’t forget to spoof your MAC address so they cant see who is making the fake accounts ;D

      • TheGoldenGod@lemmy.world
        link
        fedilink
        arrow-up
        23
        ·
        1 year ago

        Exactly, a damn good reason to avoid the Wi-Fi in stores altogether. So many wifi access points are super weak in security and super sketchy.

        I try sticking to my home where I can manage it like a nervous hawk.

      • Nahvi@lemmy.world
        link
        fedilink
        English
        arrow-up
        3
        ·
        1 year ago

        This is a fantastic read.

        I remember febreeze coming out and being like, that would be cool but you can’t trust ads and it sounds like total BS. I knew they added a scent, but I had not idea about the subtle social manipulation that they used to shift people’s habits.

        Speaking of habits, this is the first time I have heard about all the science involved in studying and breaking them.

        Thank you for that link. Definitely going to save it.

        • theneverfox@pawb.social
          link
          fedilink
          English
          arrow-up
          2
          ·
          1 year ago

          Not really. With https luckily being the default, at most they could get the sites you were going to (I don’t think dnss is dead, but it’s been very slow to grow unfortunately).

          They could probably see if you’re checking Amazon or Google, but wouldn’t be able to see what you’re looking at exactly. Theoretically they could use cameras and or triangulation to see what you’re in front of when you use the Internet, but a VPN would still show traffic so they’d know you’re looking up something.

          The big thing this would do is act like a loyalty card… They give you some amount of benefit in exchange for tracking your purchases in ever higher detail. Mostly it’s just like that, except they’d also be able to see how long you are in the store, and ideally they can link it to your purchases so they can infer more about it

          FWIW, I wouldn’t only consider giving them a disposable email

  • squiblet@kbin.social
    link
    fedilink
    arrow-up
    48
    ·
    1 year ago

    At least they’re telling you. There’s also a lot of hidden surveillance in stores - they’ve done it with Bluetooth and cameras for some time. Things like monitoring how long you look at products and evaluating your reactions to displays.

    • rynzcycle@kbin.social
      link
      fedilink
      arrow-up
      55
      ·
      1 year ago

      That’s why I always introduce a good bit of entropy to my shopping patterns:

      -Enter and go straight to produce
      -Spend 20 minutes examining eggplants
      -Walk up and down 5 aisles pausing exactly the square of the aisle number in seconds.
      -Grab a box of tampons
      -Grab what I need as quickly as possible
      -Return tampons
      -Checkout and leave

      Somewhere a marketing team is spending hours trying to figure out how to improve the conversion rates for tampons and eggplants for customers in my demo.

      • circuscritic@lemmy.ca
        link
        fedilink
        arrow-up
        14
        ·
        1 year ago

        Don’t forget to flick and knock on various fruits and vegetables. Randomize how many flicks/knocks per item, and throw in a few on produce items that normally don’t get that kind of test e.g. grapes or potatoes.

          • korok@possumpat.io
            link
            fedilink
            arrow-up
            4
            ·
            1 year ago

            Melons and squashes (inc. pumpkins).

            I believe the idea is to allow you to roughly evaluate the density of the produce, to avoid e.g. mushy grainy watermelon or weird squashes that don’t have their expected hollowness.

  • Zerush@lemmy.ml
    link
    fedilink
    arrow-up
    40
    ·
    1 year ago

    In the EU they already had a complaint, because it violates GDPR, but in any case I would never use a public WiFi without a VPN, and even less in places with these conditions, there is also free WiFi in some Rstaurants (even in most McDonalds), public Libraries and others. Fuck surveillance advertising

    • Socsa@sh.itjust.works
      link
      fedilink
      arrow-up
      9
      ·
      1 year ago

      There’s just no reason to unless you are really skimping on phone data. Random wifi hotspots are one of the most dangerous things for an average joe in terms of infosec.

    • justcoding_de
      link
      fedilink
      arrow-up
      5
      ·
      1 year ago

      Agreed. My iPhone connects to my home VPN via Wireguard as soon as I leave my home WiFi. Has the added benefit of pihole ad filtering everywhere.

        • justcoding_de
          link
          fedilink
          arrow-up
          4
          ·
          1 year ago

          Obviously the first ad links in google don’t work any more, which drives the wife crazy ;-) Also nowadays more and more websites complain about me using an adblocker.

          But technically, not really any problems at all.

        • lud@lemm.ee
          link
          fedilink
          arrow-up
          4
          ·
          1 year ago

          I used to before but my family was extremely bothered that they couldn’t click on ad links. If I remember correctly, it’s pretty easy to set up if you want to just try it.

        • Darkassassin07@lemmy.ca
          link
          fedilink
          English
          arrow-up
          3
          ·
          1 year ago

          In the 6 years I’ve ran mine, I’ve not had any issues and I run a blocklist with over 1 million domains on it.

          If I was to run into something that’s blocked that I do want loaded, I can just open the pihole interface and either whitelist the blocked domain or disable blocking for a short time, each with just a couple clicks.

        • justcoding_de
          link
          fedilink
          arrow-up
          2
          ·
          1 year ago

          Yup. What are they gonna do that every other portscanning bad actor isn’t doing 24/7 already?

          Also, how would they distinguish between my private VPN and that of a commercial provider?

    • OfficerBribe@lemm.ee
      link
      fedilink
      arrow-up
      4
      arrow-down
      1
      ·
      1 year ago

      They seem to explain pretty well how your data will be used, why would this violate GDPR?

      • Aio@beehaw.org
        link
        fedilink
        arrow-up
        6
        ·
        1 year ago

        I might be wrong but i think it is because they don’t give you the option to opt out and use the wifi.

        • OfficerBribe@lemm.ee
          link
          fedilink
          arrow-up
          2
          ·
          1 year ago

          Should they? I would simply not connect to their Wi-Fi and move on, it’s not like they are obligated to provide you internet.

    • Resolved3874@lemdro.id
      link
      fedilink
      English
      arrow-up
      3
      ·
      1 year ago

      Went to a Walmart the other day and my phone automatically connected to a wifi that was apparently hosted by my cell carrier. Immediately turned on my VPN because wtf. I disconnected at first then realized I didn’t have any service at all which was probably why it existed. Thankfully didn’t need to log in but that’s why I have Firefox relay.

    • XTornado@lemmy.ml
      link
      fedilink
      arrow-up
      3
      ·
      edit-2
      1 year ago

      I have seen it on Europe… maybe there was some way to circumvent it hidden away, not sure. But you could type a random email and that’s it, like they don’t send anything to confirm the email or anything once you submit you have access to internet.

          • Cort@lemmy.world
            link
            fedilink
            arrow-up
            3
            ·
            1 year ago

            UK gdpr not withstanding, the question asked was: where in Europe. UK remains a part of Europe post brexit.

          • Astigma@feddit.uk
            link
            fedilink
            English
            arrow-up
            2
            ·
            1 year ago

            The provisions of the EU GDPR have been incorporated directly into UK law as the UK GDPR. It’s ok to not know this stuff but it only takes like 10 seconds to google before you comment about something you don’t know.

      • Zerush@lemmy.ml
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        AFAIK it does not exist in Europe, but I meant that these conditions in the EU would not be tolerated. Maybe because of this there isn’t a Walmart in the EU, there are a lot of Malls from other companies and none of these use this practices in their restaurants, mostly with free WiFi for their visitors. Offering free WiFi is already enough of a benefit for them, because it attracts customers, they do not need to intrude on their privacy with an obvious attempt to spam them and make money with their data.

  • Polar@lemmy.ca
    link
    fedilink
    arrow-up
    38
    arrow-down
    1
    ·
    1 year ago

    Why would anyone interested in privacy connect to any public WiFi? That’s crazy.

    • thanevim@kbin.social
      link
      fedilink
      arrow-up
      16
      ·
      1 year ago

      When you need service, but data is blocked by all the steel in the ceiling/roof. I’ve used it, but with my VPN active. I wonder if they’re now going to try to block VPN services?

  • onlinepersona
    link
    fedilink
    English
    arrow-up
    32
    ·
    1 year ago

    More like “we were doing this before, but now we have to tell you we are doing it”.

  • Deleted@kbin.social
    link
    fedilink
    arrow-up
    37
    arrow-down
    10
    ·
    1 year ago

    Why are all you mother fuckers shopping at Walmart. They are a welfare corporation offloading their costs to tax payers because despite making tons of money they pay shit and skirt employee benefits laws by keeping worker hours low and give new employees info on how to get financial aid such as food stamps.

    • eee@lemm.ee
      link
      fedilink
      arrow-up
      42
      arrow-down
      5
      ·
      edit-2
      1 year ago

      This is the most privileged thing you could say.

      “Hey, why isn’t everyone eating sustainably sourced GMO-free, organic, locally-grown food all the time?”

      Spoiler alert: it costs more

      • whofearsthenight@lemm.ee
        link
        fedilink
        English
        arrow-up
        15
        ·
        1 year ago

        Yeah, this is the thing. Does literally anyone want to go to Walmart? No. Is it the place I can afford? Increasingly, still no. Not sure I can even afford to walk past whatever the good version of a Whole Foods is today, though.

      • mushroom@sh.itjust.works
        link
        fedilink
        arrow-up
        2
        ·
        1 year ago

        Haha exactly. People shop at Walmart because they work at target and don’t make enough money to shop at Whole Foods.

    • Psythik@lemm.ee
      link
      fedilink
      arrow-up
      16
      arrow-down
      1
      ·
      1 year ago

      Cause WinCo doesn’t always have what I need, but most importantly:

      I’m poor.

    • Pigeon@beehaw.org
      link
      fedilink
      arrow-up
      9
      arrow-down
      1
      ·
      1 year ago

      A lot of people in rural areas find themselves in situations like being 10 minutes from a walmart and an hour from any other option. So then anything besides walmart costs gas and time, on top of the product cost difference to begin with.

      Nobody wants to drive extra after 8 hours of shitty minimum wage work and/or taking care of children.

      Not like other grocery stores are any good for workers, either.

    • nathris@lemmy.ca
      link
      fedilink
      arrow-up
      5
      arrow-down
      2
      ·
      1 year ago

      Because all of the other retailers do the same shit only with higher prices. Here in Canada they don’t pay their employees any less than the competition, yet their prices are 30-40% cheaper on average.

      That extra 40% doesn’t result in better working conditions for the employees, it goes directly to the shareholders and bonuses for the C-suite.

      I respect the hell out of Walmart because they actually keep their price increases tied to inflation and aren’t out there trying to sell a loaf of poverty white bread for $5 or a pack of 4 chicken breasts for $37.

      • settinmoon@lemmy.ml
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        I got some insight from a friend who works at a major supplier for these retail stores in Canada. He said how they manage prices is that when they anticipate a rise in cost they’ll jack the price all the way to a future projected target instead of following the current inflationary rate so that they won’t need to constantly quote their customers different prices. They don’t care because they know it will get passed downstream.

  • LibsEatPoop [any]@hexbear.net
    link
    fedilink
    English
    arrow-up
    26
    ·
    1 year ago

    For the email, you can use an email alias service like Addy or SimpleLogin. They’re both open-source and offer free tiers. I never give out my real email to anyone now except actual contacts.

    After that, I think a VPN would probably still work to disguise what you’re doing from Walmart, but I’m not a 100% certain on that so I won’t link any.

    But yeah, definitely use email alias wherever you can.

      • dependencyInjection@sh.itjust.works
        link
        fedilink
        arrow-up
        6
        ·
        1 year ago

        I do.

        I use SimpleLogin and ProtonMail.

        Some sites have I’ll actually know you’re using SimpleLogin though and just say no, but they’re few and far between.

        You could also use your own domain if you have one or buy a cheap one.

        Then you can create as many as you like and just kill them as and when you need.

        SimpleLogin has plugins for all browsers and phones so it’s not too difficult to create new addresses.

      • Klystron@sh.itjust.works
        link
        fedilink
        arrow-up
        2
        ·
        1 year ago

        I do it with everything. The only people who have my real email address are my family. Everything else is a masked email. It’s especially nice because if I start getting spam on one email I can immediately tell which site sold my info and I never use that site again.

      • Illiterate Domine@infosec.pub
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        I do and it works great! I mostly did this to limit the blast radius of breaches, but aliases also provide an easy way to send those kinds of things to both me and my spouse.

  • CleoTheWizard@beehaw.org
    link
    fedilink
    English
    arrow-up
    25
    ·
    1 year ago

    Walmart, the biggest grocery retailer in the entire United States, uses face tracking in the majority of their stores in several sections, and we’re concerned about their Wi-Fi?

    The Wi-Fi seems like such a minor problem compared to them collecting massive amounts of data off of something you aren’t consenting to explicitly.

    Like you walk into their stores and they can know: How often you visit, what items you buy, what payment method you use most often, what items you looked at and what aisles you visit, who you bring with you, what your kids look like, what disabilities you may have, size of your household, and whatever else they want. There’s basically no respect for any privacy in their stores.

    The US is a privacy nightmare in competition with China. Most of the US doesn’t have any option over their privacy. You just don’t get it here.

    • trippingonthewire@lemmy.mlOP
      link
      fedilink
      arrow-up
      11
      ·
      edit-2
      1 year ago

      It’s even worse as an associate. They make us sign up for some social media I never use, download apps on our phones, and make us give them our handprints for a machine to take out our tills. And we’re getting face scanned by cameras all day. Dystopian nightmare and it makes me feel ashamed to have accepted the job here.

      I use GOS and therefore believe that I have some level of protection on the WiFi level based off of that, and I have their apps on a separate profile but it’s getting tougher on privacy here at Walmart.

      Edit: That’s also why I have no pictures of me in my socials and deleted my Facebook, Instagram, and twitter, so they shouldn’t have too many ways to market to me aside through my debit and credit cards possibly.

      • Steve@communick.news
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        Revoke the data privileges of the app on your phone. That will effectively neuter it, while you can show them it’s there.

        • trippingonthewire@lemmy.mlOP
          link
          fedilink
          arrow-up
          2
          ·
          1 year ago

          I have all of their apps on a separate profile. One app I do sadly need data for to check my schedule and look up prices of things.

  • XTornado@lemmy.ml
    link
    fedilink
    arrow-up
    22
    ·
    1 year ago

    Not sure about this Walmart case but most you can write any email like random letters [email protected] or not even the Gmail part as long as it’s a valid looking mail and then works like you don’t even have to confirm the email or anything.

    • Psythik@lemm.ee
      link
      fedilink
      arrow-up
      8
      ·
      1 year ago

      Cause I get shit service in Walmart and don’t really have any other option if I need to look something up while shopping.

      • ManosTheHandsOfFate@lemmy.world
        link
        fedilink
        arrow-up
        2
        ·
        1 year ago

        I live near a shopping area with a bunch of stores. It has zero cell coverage from any provider. Apparently there’s been some NIMBY resistance to putting up towers in nearby neighborhoods.

    • trippingonthewire@lemmy.mlOP
      link
      fedilink
      arrow-up
      6
      arrow-down
      5
      ·
      edit-2
      1 year ago

      Fair, but even using your normal router without a VPN isn’t good imo. Even if it’s not as bad as public. And VPNs are usually an extreme measure. If I was using public WiFi, and doing stuff on my bank account, then yes, VPN all the way, but I usually don’t feel that I need it.

      • neosheo@beehaw.org
        link
        fedilink
        English
        arrow-up
        3
        ·
        1 year ago

        Why is the vpn necessary when you have https to the bank? Just to hide you’re ip from the bank?

        • derpgon
          link
          fedilink
          arrow-up
          1
          ·
          1 year ago

          I always wonder why those VPN absolutists aren’t happy with your regular HTTPS. Sure, maybe HTTP is safer with the VPN, but it just hides your real IP from the target website.

          • noodlejetski@lemm.ee
            link
            fedilink
            arrow-up
            2
            ·
            1 year ago

            it also hides the websites you visit from your ISP, who often likes to profile you based on your browsing habits.

              • noodlejetski@lemm.ee
                link
                fedilink
                arrow-up
                1
                ·
                edit-2
                1 year ago

                in that case, it hides the websites you visit from:

                1. the ISP providing the network, and
                2. the business who offers the public WiFi,
                  both of them probably being very eager to profile your browsing habits (as seen on the image in the post).
            • fuzzzerd
              link
              fedilink
              arrow-up
              1
              ·
              1 year ago

              It shifts from the isp to the VPN provider, who isn’t doing that profiling yet.

          • neosheo@beehaw.org
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 year ago

            Well im just saying thats what https is for but there’s nothing wrong with extra security

            • trippingonthewire@lemmy.mlOP
              link
              fedilink
              arrow-up
              1
              ·
              edit-2
              1 year ago

              So if https is all that’s needed, why do VPNs recommend using them at public locations? Just false advertising? I click on my bank app and it always wants a password and I guess I don’t know enough about network engineering. I’m interested in Android Development but don’t know much about WiFi I guess.

              • neosheo@beehaw.org
                link
                fedilink
                English
                arrow-up
                1
                ·
                1 year ago

                Marketing mostly. The vpn makes an encrypted tunnel that you’re traffic goes thru. If using https and vpn there are 2 layers of encryption. It’s not false advertising bc an extra layer doesn’t hurt. Now if your sending password over http it would help but you shouldnt be using a site that sends passwords over plaintext. I would say vpn is mostly to either hide your ip from websites or to hide internet activity from your isp

                • trippingonthewire@lemmy.mlOP
                  link
                  fedilink
                  arrow-up
                  1
                  ·
                  edit-2
                  1 year ago

                  So more for privacy than security, so it would make sense to use a VPN depending on your threat model I suppose, or how much you care.