CHOICE membership

Anonymous Data: Not as Private as You Think

Here’s a frankly terrifying investigation from The New York Times that reveals the way ‘anonymous’ location data collected by many apps is privacy nightmare.

In addition to what is revealed here, I’d like to add that you shouldn’t presume this data is covered by a privacy policy. Many apps state the privacy policy doesn’t apply to ‘anonymous’ data. But is that data really anonymous?


Enough ‘anonymous’ data and you can de-anonymise it. This has been demonstrated with publicly available data from the Australian Bureau of Statistics, and with public health data!

The ABS has of course responded with the standard ‘nothing to see here’.

From the research paper’s abstract:

Our attacks are a practical illustration of the (informal) fundamental law of information recovery which states that “overly accurate estimates of too many statistics completely destroys privacy”

So if you have enough ‘anonymised’ data you can de-anonymise it. Surprise?

I think I have stated this elsewhere, but in the US location data is available under a ‘geofence’ warrant.

Basically, we know a criminal was in this area at around this time - we demand that Google provide the details of everyone in that area at that time.

I suspect a warrant is not required for reverse location searches in most countries - including Australia.

Of course, your phone is not the only tracking device - modern cars come with tracking built-in.


Perhaps it is. Regardless anyone who has paid at a merchant that uses Square as it’s service provider might need to look further.

I’ve noted several local merchants only offer this option. If you require a receipt it is either emailed or sent via SMS to your mobile. I was made aware of the SMS option the first time around and did not have sufficient cash to pay direct. Some retailers using Square do not offer printed receipts as an option. Perhaps you need to ask explicitly for a hand written one?

Not surprisingly, I made a purchase from a retailer today that offered up a standard EFTPOS terminal. Visa card used and pin entered. All good until I was informed the receipt would be sent by SMS. How did they know that? The service was provided by Square. Obviously not hard to do.

I’m now also wondering how much and what information you need to exchange before making any payment that is not a cash sale.


I’ve wondered the same thing, and thanks for providing the link to the privacy policy. I couldn’t find it when I looked for it.
Of course some information must be shared and stored to process a financial transaction, but there is no reason to have to automatically agree to receive advertising from their partners or surveys. When will the regulators catch up with public sentiment?


Square needs to comply with all Australian financial and privacy legislative requirements when operating in Australia. They are also required to report suspicious activity to the relevant agencies, no different to banks and other financial providers (e,g. credit card providers).

Square does collect information, especially from the Square account holders (the merchant) but it appears that little is collected of the customer…unless say detailed customer details are manually entered in Square. A tap and go (paywave) transaction without an issued invoice is unlikely to generate any more collected info than any other retailer.

Square privacy policy is here…

There are many retailers which offer digital receipts to a printed one (Bunnings is possibly a well known example). Digital receipts have the same legal status as printed ones, but possibly less likely to be lost or fade over time. I suspect that inthe future, more and more retailers will move towards digital receipts to reduce costs and also save paper waste.

It is also worth noting that Square merchant fees are higher (about 1%) than that afforded by the banks, and if one processes more than about $3000-3500+ per month using Square, the bank issued EFTPOS machines become more cost effective. Square market is possibly more towards very small business with low turnovers, rather than larger small, medium to large businesses.

BTW, we are exploring using Square for a small business we will be running later next year and have been weighing up the pros and cons from a merchant viewpoint. There are also other providers which compete with Square and traditional bank EFTPOS entering the Australian market place. On a positive note, these other providers provide competition to the traditional bank run system.

Maybe a comparison of emerging technologies with traditional ones could be a test for Choice…to evaluate these from a consumer perspective.

I think the only way to be anonymous is to disconnect from the net and don’t have a phone. Not something anyone wants to do, anymore. This doesnt mean you cant continue to strive for privacy and avoidance of scams/spam and the like. Your VPN will not protect you from government prying.


Square has different online privacy policies, depending on whether you are an account holder, sign up for their app or do not sign up to either. That listed link appears to be the version for “Account Holders” only.

True, there was never any intent to suggest otherwise. Of course many enterprises that are overseas based and supplying services within Australia may interpret what they need to do to comply differently to our expectations.

If I have a gripe, it is merchants not always identifying up front they are using Square as their merchant provider, and secondly that you are not offered an option other than for a digital receipt. Perhaps at law consumers can still insist regardless?

That other merchants offer digital receipts DOES NOT make the practice of only offering digital receipts acceptable.

The process of digital receipts may be convenient. Some of the Square merchants seem to prefer using SMS and linking your CC to your mobile number. It is convenient in some ways? However the discussion in the Square privacy policy regarding turning off GPS location for customers who pay through a Square terminal and have not signed up has me wondering just what Square is saying?

The silent majority likely go with the flow, until?

1 Like

In some ways we have accepted this practice for online shopping (and possibly phone shopping), where generally digital (email) invoicing occurs. Shift of bricks and mortar retailers to digital is possibly sign of the times and following the standard practice for these other purchase methods.

Also many service industries also digital invoices and payment receipts…these are generated through automated billing systems. Even group certificates any payroll has moved electronic.

The challenge is if one can’t receive digital invoices/receipts…and where the good old manually written invoices/receipts can be used.

I bought a $175 DeLonghi coffee grinder at JB HiFi recently. The salesperson said “We will send the receipt to your mobile phone, so what’s your number?”
I replied “I want the receipt printed out here and now thanks, and will not be providing you with my mobile phone number”
Salesman said “If you want a printed receipt - then line up at the check-out counter”, and walked off in a huff.
Not impressed with this sort of attitude
I certainly hope this is not a sign of things to come in the future.


I will second that.


I’ve always understood there was a need to be able to prove goods you had in your possession - shopping were legally your property.

At least there was a solution. How did he expect you to get out the door past the bag bouncer?


Good question Mark, as I hadn’t thought of that.
I suppose I would have had to show the “bag bouncer” my phone screen with the receipt on it.
The amount of money retailers would save by not giving paper receipts, would be minimal in my view, in the grand scheme of things.


Some of the cost of electronic receipting is passed onto the consumer so saving the company producing the receipt long term some great cost. Electricity, transmission costs, storage costs and similar are almost all externalised for the businesses. Then no ink cost and no paper cost and the savings roll on for the business. I think it is easy to see why business want to do this, and how it in some ways uses the consumer costs to increase profits separate from the sale of the item. Then the sales and customer data is mined for a price further enhancing that profit taking.


On the other hand, there are some businesses who will try to avoid claims if you cannot produce a proof of purchase receipt, unlike the truely ethical ones like Weber.

The Weber iGrill digital remote read thermometer I bought last Xmas Eve in Nambour had developed problems with one of the two probes and the power switch, and we could not find the tax invoice invioce after searching our home.

After I emailed Weber today, a lady requested a photo of the power switch and the receipt, and I sent her a photo and advised we could not find the receipt but could provide the relevant entry on my credit card, which I did.

She advised that that what I provided was fine and it will be taken care of, in stark contrasy to the :“businesses” who will try anything to avoid their responsibilities in the absence of a receipt, and even with one.

P. S.
My mobile went belly-up today so I would not have been able to receive any text messages and I thought about going to JB HiFi to replace it but I will reconsider that strategy.


… and live in the woods, living entirely off the land with enough tree cover to obscure any overhead visibility and always dressed in a ghillie suit … and even if one lived as the Lykov family did for example (and one still does), there’s still those pesky geologists :wink: (anonymous and private are merely concepts these days … extinct in the wild).


Regardless of the up and downsides of electronic receipts, let’s look at anonymous payment data. Both the Square privacy policy for account holders and non-account holders have the following line.

We may allow third-party service providers to deliver content and advertisements in connection with our Services and to provide anonymous site metrics and other analytics services.

So these analytics services could include say shopping patterns. And because it’s “anonymous” Square’s policy allows them to sell it to anyone. Yet if an advertiser connects it to the location data at the top of this thread, suddenly they have someone’s full details, location history and purchase patterns. All without a users consent.

This is a serious issue. This type of pseudo-anonymous information collecting should be banned


Indeed - but not only has the horse already bolted, but it has been in the wild for decades, bred, and is now out of control … and that I believe is the optimistic view. There are laws, treaties and agreements in place to deal with all sorts of privacy related issues, but essentially they only work where governments and corporations (and people) care or even know about them - there is little in the way of auditing or mandatory disclosure; I’d suggest serious breaches only every become known where the weight of publicly available evidence makes it unavoidable by the entity involved - otherwise what is collected, how much, to what extent, by who and where it is shared is essentially invisible and undetected.

Which is to say, it is a serious issue in that people should be aware of it, and aware that it is too late to do anything meaningful about it …


It can’t be banned - how else would these companies be able to monetise our personal information?

This is something that started in a range of forms several decades ago (and in fact is referenced in Back to the Future). I refuse to buy clothing that has external indicators of brand, because I am not some company’s walking advertisement.

The current trend of collecting personal data to on-sell is simply further confusing ‘customer’ and ‘product’.


I agree with your point that it only works when people are aware of it. But that’s exactly why organisations like Choice exist. Sure it’s optimistic to see a solution, but I genuinely believe it can happen one day if we don’t give up.

An early measure would be to legislate something like location data must always be considered not anonymous. This would mean companies would need to include information on where your location data goes in their privacy policy. No big economic implications, but it at least means consumers have a chance to see who is abusing their data and who isn’t


No offence intended, but if I was a sales person and a customer said that to me I might be put off a bit, not that a salesperson should disrespect a customer regardless. They are human and react like humans. It seems you put your back up if that is an exact quote of your reply to the question rather than replying like ‘I would prefer a receipt now please’; with that tone you might have gotten a more pleasant response.