Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Think about all the data you're giving up on yourself in exchange, and how that is being rebundled and sold.


Literally zero more than if you're already paying with a credit card.

Your credit card already identifies you by name, and your precise location is known because you're at the restaurant by definition.


Wrong. When you pay with a credit card it gives your name and amount. Activate a QR code and you're giving up your IP address at the bare minimum, it becomes possible to calculate how long you've been in the restaurant and who knows what else based on the cookies that come back or pdf telemetry. Every day there are stories here on HN about how people's data can be exfiltrated from their phones, but somehow you think this could never happen in a restaurant?


> you're giving up your IP address at the bare minimum

Your phone's dynamic IP. Which is a redundant, and much weaker, identification than your payment info.

> it becomes possible to calculate how long you've been in the restaurant

Also doable by the staff.. using their eyes. And most restaurants will use some form of system anyway to track the orders and payments, because that information is vital to running a functioning restaurant.


Conventional observation by restaurant staff isn't bundled and resold by data brokers. I find it astonishing that a reader of HN would be unaware of commercial data collection and resale practices.


You don't seem to understand.

Your credit card transaction is bundled and sold. Because it has value in establishing a consumer profile for marketing.

The fact that you visited some restaurant PDF or webpage from a dynamic IP address is not.

Like the parent commenter said, any information about how long the table is being occupied comes from the POS and reservation system. But that data is for the restaurant -- there's no market in selling it, though it absolutely has value to the restaurant for its business decisions. But your phone isn't being used for that part.

Data collection is certainly a thing. But it happens in specific ways for specific purposes.

Using a credit card tied to your identity, but then worrying about revealing your phone's IP address while ordering, doesn't make any sense.


No, it's you that don't seem to understand. I'm well aware that paying with your credit generates information which is repackaged and sold. But following a QR code to a webpage potentially opens your phone up to cookies, tracking pixels, and all sorts of other things, depending on what permissions you give it or what exploits can be leveraged. All the major fast food vendors have their own apps now, for example. One hopes they don't exfiltrate unrelated data from the phone, but it's not a certainty and it's even less of a certainty if individual restaurants start encouraging their customers to install a generic 'my tasty meal' app.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: