Posts tagged ‘privacy’


Zuckerberg was either wilfully ignorant or lied during his testimony about ad data collection

17.04.2018

Either Mark Zuckerberg is woefully ignorant of what happens at his company or he lied during his testimony to US lawmakers last week.
   As reported by Chris Griffith in the Murdoch Press, Zuckerberg said, ‘Anyone can turn off and opt out of any data collection for ads, whether they use our services or not.’
   Actually, you can’t. As proven many times on this blog.
   If you’d like to read that earlier post, here it is.
   This is still going on in 2018, and confirmed by others.
   I can’t speak for shadow profiles because I am a Facebook user.
   Summary: Facebook will ignore opt-outs done on its own site and at industry sites, and compile ad preferences on you. Been saying it, and proving it, for years.

Tags: , , , , , , , , , , , ,
Posted in business, internet, technology, USA | No Comments »


Cambridge Analytica is merely Facebook’s ‘smaller, less ambitious sibling’

14.04.2018

Beyond all that had gone on with AIQ and Cambridge Analytica, a lot more has come out about Facebook’s practices, things that I always suspected they do, for why else would they collect data on you even after you opted out?
   Now, Sam Biddle at The Intercept has written a piece that demonstrates that whatever Cambridge Analytica did, Facebook itself does far, far more, and not just to 87 million people, but all of its users (that’s either 2,000 million if you believe Facebook’s figures, or around half that if you believe my theories), using its FBLearner Flow program.
   Biddle writes (link in original):

This isn’t Facebook showing you Chevy ads because you’ve been reading about Ford all week — old hat in the online marketing world — rather Facebook using facts of your life to predict that in the near future, you’re going to get sick of your car. Facebook’s name for this service: “loyalty prediction.”
   Spiritually, Facebook’s artificial intelligence advertising has a lot in common with political consultancy Cambridge Analytica’s controversial “psychographic” profiling of voters, which uses mundane consumer demographics (what you’re interested in, where you live) to predict political action. But unlike Cambridge Analytica and its peers, who must content themselves with whatever data they can extract from Facebook’s public interfaces, Facebook is sitting on the motherlode, with unfettered access to staggering databases of behavior and preferences. A 2016 ProPublica report found some 29,000 different criteria for each individual Facebook user …
   … Cambridge Analytica begins to resemble Facebook’s smaller, less ambitious sibling.

   As I’ve said many times, I’ve no problem with Facebook making money, or even using AI for that matter, as long as it does so honestly, and I would hope that people would take as a given that we expect that it does so ethically. If a user (like me) has opted out of ad preferences because I took the time many years ago to check my settings, and return to the page regularly to make sure Facebook hasn’t altered them (as it often does), then I expect them to be respected (my investigations show that they aren’t). Sure, show me ads to pay the bills, but not ones that are tied to preferences that you collect that I gave you no permission to collect. As far as I know, the ad networks we work with respect these rules if readers had opted out at aboutads.info and the EU equivalent.
   Regulating Facebook mightn’t be that bad an idea if there’s no punishment to these guys essentially breaking basic consumer laws (as I know them to be here) as well as the codes of conduct they sign up to with industry bodies in their country. As I said of Google in 2011: if the other 60-plus members of the Network Advertising Initiative can create cookies that respect the rules, why can’t Google? Here we are again, except the main player breaking the rules is Facebook, and the data they have on us is far more precise than some Google cookies.
   Coming back to Biddle’s story, he sums up the company as a ‘data wholesaler, period.’ The 29,000 criteria per user claim is very easy to believe for those of us who have popped into Facebook ad preferences and found thousands of items collected about us, even after opting out. We also know that the Facebook data download shows an entirely different set of preferences, which means either the ad preference page is lying or the download is lying. In either case, those preferences are being used, manipulated and sold.
   Transparency can help Facebook through this crisis, yet all we saw from CEO Mark Zuckerberg was more obfuscation and feigned ignorance at the Senate and Congress. This exchange last week between Rep. Anna Eshoo of Palo Alto and Zuckerberg was a good example:

   Eshoo: It was. Are you willing to change your business model in the interest of protecting individual privacy?
   Zuckerberg: Congresswoman, we have made and are continuing to make changes to reduce the amount of data …
   Eshoo: No, are you willing to change your business model in the interest of protecting individual privacy?
   Zuckerberg: Congresswoman, I’m not sure what that means.

   In other words, they want to preserve their business model and keep things exactly as they are, even if they are probably in violation of a 2011 US FTC decree.
   The BBC World Service News had carried the hearings but, as far as I know, little made it on to the nightly TV here.
   This is either down to the natural news cycle: when Christopher Wylie blew the whistle on Cambridge Analytica in The Observer, it was major news, and subsequent follow-ups haven’t piqued the news editors’ interest in the same way. Or, the media were only outraged as it connected to Trump and Brexit, and now that we know it’s exponentially more widespread, it doesn’t matter as much.
   There’s still hope that the social network can be a force for good, if Zuckerberg and co. are actually sincere about it. If Facebook has this technology, why employ it for evil? That may sound a naïve question, but if you genuinely were there to better humankind (and not rate your female Harvard classmates on their looks) and you were sitting on a motherlode of user data, wouldn’t you ensure that the platform were used to create greater harmony between people rather than sow discord and spur murder? Wouldn’t you refrain from bragging that you have the ability to influence elections? The fact that Facebook doesn’t, and continues to see us as units to be milked in the matrix, should worry us a great deal more than an 87 million-user data breach.

Tags: , , , , , , , , , , , , , , ,
Posted in business, internet, marketing, media, politics, technology, UK, USA | No Comments »


Turned alcohol ads off in Facebook? Did you honestly think they’d respect that?

10.04.2018

Steve Wozniak has quit Facebook, and apparently was surprised at the advertising preferences that the company had built up on him. Like me, Woz had been deleting the ad preferences and advertisers one at a time. Now, if Woz is surprised, then it shows you how serious it is. As I noted in my last post, Facebook even lies about those: on the public ad preferences page it might show none, in the big Facebook data dump it shows some. I believe it might even lie to advertisers about our activity.
   Here’s something else I can tell you first-hand. When you see ads on Instagram, a Facebook subsidiary, they claim that the preferences are controlled within Facebook.
   Inside the ad preferences, all alcohol ads are turned off. Guess what appeared in my Instagram? An ad for Heineken.
   Unless Heineken has launched a non-alcoholic beer under that brand, then Facebook has lied once again.



Facebook’s ad preferences mean nothing. I saw a beer ad in Instagram, then checked my Facebook ad preferences, which Instagram claims control what ads I see. That’s a load of old bollocks (i.e. business as usual at Facebook Inc.).

   And remember, throughout all of this, I had already opted out of ad customization on another Facebook page, so there’s no reason for Facebook to compile anything on me. Yet, regardless of that setting, it will compile and compile. It will even repopulate, with thousands of preferences, freshly deleted pages.
   Now we know that there’s a possibility, if you weren’t clued up about your privacy settings, that these preferences were sold to others. The latest revelation is that CubeYou had sold user data also gathered under the guise of ‘academic research’. Remember, Facebook knew about the Cambridge Analytica leak in 2015 and sought to bury the story. The new CubeYou story proves that that was not isolated. But then, if you go back through what I have been writing in this blog for a good part of this decade, you really wouldn’t be surprised about any of this. In fact, you can probably make an educated guess and say that this was normal practice at Facebook: have money, will sell. Even President Duterte of the Philippines benefited from these practices, with 1·2 million Filipinos’ data harvested, and the list goes on. In New Zealand, Facebook has said that up to 63,714 Kiwis’ profiles were harvested. And now, it appears there’s even a link with US businessman Peter Thiel, who gained New Zealand residency after spending less than 1 per cent of the time required here, and whose companies, as defence contractors, have received millions of dollars of New Zealand taxpayer funds.
   Thanks to Facebook, governments have a lot on us, something Edward Snowden has been saying for years. The difference in the 2000s and 2010s is, thanks to digital narcissism, we’re the ones willingly providing this information, while Facebook milks it for all it’s worth, before its enriched CEO pretends to play victim, and his people try to use legal means to shut down the negative media stories.

PS., April 14: If you thought the above was isolated, you’d be quite wrong:

Tags: , , , , , , , , ,
Posted in business, internet, marketing, media, New Zealand, politics, technology, USA | 1 Comment »


Facebook’s ad preferences’ page and user archive tell totally different stories about their tracking

28.03.2018

I decided there’d be no harm getting that Facebook archive since I was no longer using it. And while I didn’t see phone logs as Dylan McKay did (I only had the app for about a month or so in 2012), what I did find was entirely in line with the privacy breaches I had been accusing Facebook of for years.
   It relates to the Facebook ad preferences. In December 2016, I filed a complaint with the US Better Business Bureau over the fact that Facebook continued to compile data on your advertising preferences even after you opted out. During 2016, Facebook repopulated all my preferences not once, but multiple times, and I found a direct link between one of the advertisements it displayed in my feed and the recompiled preferences. This was the “smoking gun” the BBB asked me to find, though I never heard back from them.
   As of 2018, knowing that Facebook will not respect your opt-outs, just as Google failed to do in 2011 (and potentially for two years before that), I visited the ad preferences’ page (here’s the link to yours, if you use Facebook and are logged in) regularly to keep it empty. What the download showed was very damning: Facebook has preferences compiled on me that do not appear on its ad preferences’ page.
   Below are two screen shots, one of Facebook’s ad preferences’ page, and what is recorded in the archive. This is a direct violation of not only what the BBB says is one of its principles, it is a violation of the code advertisers subscribe to in industry bodies like the Network Advertising Initiative.



Above: Facebook’s own advertising preferences’ page, yet its user archive records something entirely different.

   The archive is also interesting in claiming what ads I have supposedly interacted with. The ad preferences’ page says I have only clicked on an ad from my Alma Mater, St Mark’s Church School. The download says otherwise, recording clicks but not describing which device. However, I can categorically state that the downloaded record is 100 per cent false. I have not only never clicked on those ads (in either Facebook or on Instagram), I have not heard of some of these organizations. It is tempting, therefore, to conclude that if this is Facebook’s record of my activity, then it is misrepresenting click activity to advertisers, which I regard as extremely dishonest. We already know Facebook lies about users that ads can reach. Even if you don’t take my word for it, then you must ask yourself why the Facebook page and the Facebook download tell two very different stories. Which is right?



It’s the same story when it comes to which advertisers I have interacted with. The second list, in the user archive, is 100 per cent false. Has Facebook lied to advertisers over click activity?

   This is not the end of it. As to which advertisers have my contact information, the ad preferences’ page say none. The download, however, says Spotify (which I have never used or downloaded), Shutterstock (whose site I have been on) and Emirates (and I am on their email list, but separately from Facebook). Again, why the two different records? And why has Facebook passed on this information to three advertisers without my consent?



Once again, when it comes to who has my contact information, Facebook tells me one story on an easily accessible page, and another one inside my user data archive. Which is true?

   While most people will be less shocked by these revelations—I realize most are quite happy for Google et al to track them around the place and feed them content to confirm their own biases—it is still a violation of trust and the principles that Facebook itself has signed up to.
   It’s another case of ‘I told you so’: something that I suspected, found some evidence for, and found even more evidence for today.
   Like the malware scanner, the subject of my blog post in 2016 and Louise Matsakis’s exposé in Wired last month, Facebook needs to come clean on why it compiles data on users who have used its own settings to opt out, why it lies to users over what those preferences are, and why it may lie to advertisers about user click activity.
   We know the answer is money. As I said in December 2016, I have no problem with Facebook making money. I just ask, as I do with any venture, that it does so honestly. Right now, even with all the data it has on us, it appears Facebook can’t even do that right.

Tags: , , , , , , , ,
Posted in business, internet, marketing, technology, USA | 2 Comments »


Business as usual at Facebook: Mark Zuckerberg comes forth, tells us nothing we didn’t already know

22.03.2018

Yesterday, Mark Zuckerberg came out and made a statement on Facebook that had no apology (though he gave a personal one later on CNN) and, at a time when people demanded transparency, he continued with opaqueness.
   First, he told us nothing we didn’t already know about the Cambridge Analytica scandal.
   Secondly, he avoided the most pressing points.
   No mention that Facebook had covered this up for two years. No explanation of why he failed to answer journalists about this for two years. No explanation on why Facebook tried to gag the story in The Observer by threatening legal action. No mention that it had failed, by law, to report a data breach that it knew about.
   From the clips I saw on CNN, Zuckerberg claims he wants to restrict access to developers, and he still doesn’t know if there are other Cambridge Analyticas out there. Nothing about Facebook gathering more and more data on you and using it improperly themselves, which has actually been an ongoing issue. From the clips online provided by CNN, it wasn’t a hard-hitting interview, with the journalist going very easy on the milliardaire in what amounted to a puff piece. I really hope there was more meat than what we were shown, given how much ammo there is.
   The site has countless more failings, including its bots and its bugs, but I’ve mentioned them before.
   I’m unimpressed and for once, the market agreed, with shares dipping 2·7 per cent after Zuckerberg’s first comments in the wake of the scandal.
   However, CNN Money thinks Cambridge Analytica is an anomaly, even when Facebook’s own boss says they are still to ‘make sure’ whether there are other firms out there in the same boat. ‘We’re going to go now and investigate every app that has access to a large amount of information.’ In other words, it hasn’t been done, and yet Facebook knew about this since 2015.
   In other words, the world is seeing what I and others have talked about for years: Facebook is irresponsible, it does nothing till it’s embarrassed into it, and it collects a lot of data on you even after you’ve opted out of certain features on their site.
   Not a lot has changed since 2009, when he gave this interview with the BBC. Say one thing, do another.

Tags: , , , , , , , , , , , , , , , ,
Posted in business, internet, media, politics, technology, TV, UK, USA | No Comments »


Has Facebook stopped forcing its “malware scanner” on to users after being busted by Wired?

10.03.2018

Since Louise Matsakis’s story on Facebook’s malware scanner came out in Wired, the number of hits to my pieces about my experience has dwindled.
   This can mean one of two things: (a) Wired’s getting the hits, which I don’t mind, considering they are the only tech media who had the cohones to talk about it; (b) Facebook, after being busted by the mainstream media, has stopped falsely accusing its users of having malware on their systems.
   Certainly on Twitter, although Twitter has broken its search function recently, far fewer Tweets with Facebook malware appear in a search.
   Of the two, (b) is more likely, because in previous circumstances, Facebook has only backed down after being embarrassed by the media, or after they receive a threat that could land them in an embarrassing situation.
   That includes the times it kicked off drag queens and kings, only to have them fight back with the media’s help; or leave porn and kiddie porn up, till they’re threatened with reports to the authorities.
   Otherwise, they ignore you—as they have done with users who have complained about the malware scanner for four years.
   It’s not unlike Google, who only stopped hacking Iphones in 2012 after The Wall Street Journal busted them for doing so, or only changed their cookie policies to be in line with their own claims after I busted them in 2011 to the Network Advertising Initiative for lying.
   These firms do have too much power because the law means nothing to them, but embarrassment in the court of public opinion does.
   After Louise’s article came out, Bloomberg did a story on it, as did one independent media outlet.
   So while a very small part of me isn’t thrilled that my hits on this blog have dropped, I’m actually far more pleased to know far fewer people are being lied to by Facebook about having malware on their systems. I’m also happy that tens of thousands, maybe even millions, aren’t wasting their time downloading and running a fake scanner which sends their private data to Facebook.
   It’s also interesting how quickly Facebook switched off their fake-warning system, within days of Louise’s article.
   It wasn’t as quick as Google switching off their Iphone privacy circumventing after the WSJ (same day) but the speed at which Facebook ceased telling people they have malware does suggest that those warnings were, as I said all along, fake. Louise asked the right questions and none of Facebook’s answers made sense.
   Facebook has plenty more misdeeds, and, in time, I am sure the tech media will get to them.
   It may find that despite its wealth, on a lot of things it actually needs to play by the very rules it claims to follow. And that means no more forced downloads of software that send your private data to them.

Tags: , , , , , , , , , ,
Posted in business, culture, internet, media, publishing, technology, USA | 3 Comments »


Wired’s Louise Matsakis did what no other journalist could: break the story on Facebook’s forced malware scans

24.02.2018

With how widespread Facebook’s false malware accusations were—Facebook itself claims millions were “helped” by them in a three-month period—it was surprising how no one in the tech press covered the story. I never understood why not, since it was one of many misdeeds that made Facebook such a basket case of a website. You’d think that after doing everything from experimenting on its users to intruding on users’ privacy with tracking preferences even after opting out, this would have been a story that followed suit. Peak Facebook has been and gone, so it amazed me that no journalist had ever covered this. Until now.
   Like Sarah Lacy at Pando, who took the principled stand to write about Über’s problems when no one else in the tech media was willing to, it appears to be a case of ‘You can trust a woman to get it right when no man has the guts,’ in this case social media and security writer for Wired, Louise Matsakis. I did provide Louise with a couple of quotes in her story, as did respondents in the US and Germany; she interviewed people on four continents. Facebook’s official responses read like the usual lies we’ve all heard before, going on the record with Louise with such straw-people arguments. Thank goodness for Louise’s and Wired’s reputations for getting past the usual wall of silence, and it demonstrates again how dishonest Facebook is.
   I highly recommend Louise’s article here—and please do check it out as she is the first journalist to write about something that has been deceiving Facebook users for four years.
   As some of you know, the latest development with Facebook’s fake malware warnings, and the accompanying forced downloads, is that Mac users were getting hit in a big way over the last fortnight. Except the downloads were Windows-only. Basically, Mac users were locked out of their Facebook accounts. We also know that these warnings have nothing to do with malware, as other people can sign on to the same “infected” machines without any issue (and I had asked a few of these Mac users to do just that—they confirmed I was right).
   Facebook has been blocking the means by which we can get around the forced downloads. Till April 2016, you could delete your cookies and get back in. You could also go and use a Linux or Mac PC. But steadily, Facebook has closed each avenue, leaving users with fewer and fewer options but to download their software. Louise notes, ‘Facebook tells users when they agree to conduct the scan that the data collected in the process will be used “to improve security on and off Facebook,” which is vague. The company did not immediately respond to a followup request for comment about how exactly it uses the data it collects from conducting malware checks.’ But we know data are being sent to Facebook without our consent.
   Facebook also told Louise that a Mac user might have been prompted to download a Windows program because of how malware spoofs different devices—now, since we all know these computers aren’t infected, we know that that’s a lie. Then a spokesman told Louise that Facebook didn’t collect enough information to know whether you really were infected. But, as she rightly asks, if they didn’t collect that info, why would they force you to download their software? And just what precedent is that setting, since scammers use the very same phishing techniques? Facebook seems to be normalizing this behaviour. I think they got themselves even deeper in the shit by their attempts at obfuscation.
   Facebook also doesn’t answer why many users can simply wait three days for their account to come right instead of downloading their software. Which brings me back to the database issues I discovered in 2014.
   Louise even interviewed ESET, which is one of the providers of the software, only to get a hackneyed response—which is better than what the rest of us managed, because the antivirus companies all are chatty on Twitter till you bring this topic up. Then they clam up. Again, thank goodness for the fourth estate and a journalist with an instinct for a great story.
   So please do give Louise some thanks for writing such an excellent piece by visiting her article, or send her a note via Twitter, to @lmatsakis. To think this all began one night in January 2016 …

Tags: , , , , , , , , , , , , , , , ,
Posted in internet, media, publishing, technology, USA | 2 Comments »


Kylie Jenner Tweets, Snapchat’s value down US$1,300 million

23.02.2018

All it takes is a single Tweet from Kylie Jenner—and Snapchat’s value drops 6 per cent, or US$1,300 million. (Hat tip to Sarah Lacy of Pando.)

   Speaking for myself (which won’t affect Snap’s valuation at all), I could never get it to run. It said it needed Google Services, something which I don’t have and don’t want. Who wants Google tracking them all day long—while using up your own phone’s battery power?
   As Sarah points out in a Tweet, this is why ‘you don’t build a $30b co off one generation’s fads’. Twitter should heed this make their experience better rather than have double standards, keeping one particular user on because they know they’re getting attention. (On that note, why is Twitter search so broken today?)

Tags: , , , , , , , , , ,
Posted in business, culture, internet, technology, USA | No Comments »


Why you shouldn’t sign up for Facebook’s two-factor authentication

14.02.2018

I know, you’re stick of reading my reporting on my experiences with Facebook et al, let alone what someone else is going through. But here’s a word of warning from Gabriel Lewis, who signed up to Facebook’s two-factor authentication. Note: he never opted in to SMS notifications, and he doesn’t have the Facebook app. He’s not alone.
   Once again, just because Facebook might prompt you to do something doesn’t mean you should. I was suckered in once,* not going to happen again.

* Facebook’s fake malware warnings are now happening to a big number of Mac users, who aren’t infected. This will simply unravel more and more.

Tags: , , , , , , , ,
Posted in internet, technology, USA | No Comments »


Disloyalty programme, loyalty conduct

27.01.2018

P.P.P.PS.: Lumino’s head office has taken this case very, very seriously, and has been following up on Ezidebit and Goody. I’m actually really impressed—enough to add the two words to the title. They get that I’ve never put my cellphone number on an any app in the past, and they, too, know that the timing of the scam calls is suspicious. I’ve had a promise that they’ll follow up.—JY

I signed up to the Lumino Dental Plan yesterday (Friday). Big mistake. Lesson worth repeating: listen to your gut.
   Some days, the pleasant side of me kicks in and I give people the benefit of the doubt. I read the T&Cs while I was still there but it started getting unreasonable with my standing at the counter while they’re trying to deal with their other patients. ‘Don’t be such a wanker, Jack,’ I thought. ‘So their agreement wasn’t drafted by a professional lawyer. You’ve used Lumino before and the dentist last year was great, and this hygienist was excellent. Let the office manager’s sales’ technique win the day, it’s no big deal.’
   Naturally, she really wanted me to sign and made it quite clear that that was the result she wanted.
   But it was a big deal. I spent an hour last night writing the below to the companies involved. They gave five different emails so I contacted them all.

Ladies and Gentlemen:
After due consideration, I do not wish to enter into this Dental Plan, and exercise my right under the Consumer Guarantees Act to cancel it. I have been advised by Lumino the Dentists the Terrace that the cooling-off period for this sale is the standard five (working) days and I will be refunded in full.
   I was asked by the practice this afternoon to email you with my reasons should I cancel. As all the above addresses have been given to me in one communication alone, I am taking the liberty of writing to you all.
   First, I do not feel I had sufficient time to absorb the Ezidebit agreement today (Friday the 26th), especially on a tiny tablet screen, under what I felt was an expectation that I would sign before I departed.
   If I recall correctly, the tablet app links to Lumino’s terms and conditions and these are different to the ones in the DLE brochure introducing the plan. I was not made aware of the DLE’s terms and conditions initially and was led to believe that the only ones were on the tablet.
   As I advised Lumino while at the practice today, I had serious concerns about the Ezidebit agreement’s poor drafting and its reference to non-existent legislation. I was assured that should I sign, I would not suffer any loss because (a) that the cooling-off period for direct sales applied; and (b) that all Lumino customers who have cancelled to date have been refunded in full.
   Among my concerns: I have never heard of the Contracts Privacy Act (neither has my partner, who has legal training), and there is confusion about whether I will be charged administration and transaction fees (Lumino says I won’t, Ezidebit’s T&Cs say I will). I also see there are SMS fees, although I was told at the practice that my cellphone would not be used and was led to believe that its request in the app was a formality. There is no specificity on any of these fees, other than for a failed payment. Generally, the Ezidebit agreement appears to be a copy-and-paste job, its constituent parts drafted by two lawyers who hated each other, and assembled by a third who hated them both.
   Neither party has come forth with information about the handling of my private information.
   Going to Ezidebit’s parent company, Global Payments, didn’t help, since the US firm’s website says there would be information on its cookie usage on its terms of use page—but there isn’t. I never went further.
   Now that I have had a chance to sit down and review the documentation in your email, I have to conclude that with two businesses telling me different things—and the American one not even sure of what it has on its own website, let alone what laws exist in New Zealand—I have no trust in this arrangement.
   The principle might be sound enough but the execution leaves much to be desired.
   I will be happy to meet the full cost of my hygienist’s session today once I am satisfied that the refund has taken place. I respectfully request that I be refunded in full as soon as practicable, including any fees that may or may not have applied. As no privacy policy was given, I must also request that all personal details held by Ezidebit (in New Zealand and Australia, since both companies are named in the agreement) or its parent Global Payments on me, including my name, email, Visa account information and cellphone number, be deleted immediately after the refund is made. I trust that any intermediaries or contractors who got them during today’s transactions will remove them as well.

Thank you,

Yours sincerely,

Jack Yan

   A company called Goody was involved, and sent me the email asking for programme confirmation. I wrote to them separately. I’m not sure what their relationship is since the only T&Cs ever presented to me were for Lumino and Ezidebit. Goody could be an innocent third-party service provider, who also now has my personal information. I’ve asked them to delete it and take me off any programme of theirs, too. I had a peek through their terms and conditions and privacy policy, and both appeared up to snuff.
   Tonight, Lumino sent me a survey form asking me what I thought of their service. Read on if you want to find out what happened earlier today (I’ll italicize it).

The care was excellent and I do not want that mixed up with the very harsh words I have for the Lumino Dental Plan. You have already been emailed about my choice to end my participation forthwith and to pay full price for my visit once I get confirmation that I have been refunded in full including any unspecified charges. In summary, US-owned Ezidebit whom you have partnered with looks like the dodgiest company around. I do not share my private cellphone number as a matter of practice but felt compelled to do so on your app on the assurance of your staffer that it would actually not be used. I put it into your tablet and within 24 hours I have a scam caller—yours is the only “unknown” company that has this number—not any more, it seems! The American company had no privacy policy and, as I pointed out at the time of signing, cited non-existent legislation in the T&Cs you gave me. You evidently have no idea how seriously I take my privacy and I feel disappointed, distressed and let down by this whole experience. I really should have listened to my gut and walked away at the practice, instead of spending an hour writing last night’s email and even more time to update you on the scam calls I now get. I have heard of loyalty programmes but your Dental Plan is the first time I have come across a disloyalty programme.

   I feel very let down, and it’s been a lesson for me—but also for any business that decides to lend its good reputation to something highly questionable. It pays to do your due diligence, and that includes going through the customer sign-up process yourself to spot what holes there are. It’s become pretty obvious that this didn’t happen.

PS.: The scam caller on my cell came from +64 4 488-7021. Feel free to look it up for yourselves.—JY

P.PS.: The Lumino practice sent me an invoice for the hygienist’s session for another $153. No apology at all. Instead, ‘once this account is settled we will process your dental plan cancellation.’ Really?

Good morning:

I am deeply disappointed you have chosen to do it this way when I asked for the Plan to be cancelled first, as is my right—and which is something you plainly stated I could do. I don’t even get an apology or explanation for all the shortcomings in the Plan or the inconvenience caused, which is indeed surprising, or some assurance that my personal details were not sold. Given the scam calls on both my cell and land lines since providing you with my number on your app, I am sadly forced to conclude that they were.
   Let me clarify our respective positions under New Zealand law.
   Here’s where I stand:

  • I have a right to cancel this Plan. You’ve said so and I know so. I’ve exercised this right as of Friday night.
  • You do not have a right to make the refund of the Plan conditional on my settling the account.
  • I have an obligation to settle your account independent of the Plan’s cancellation.
  •    Here’s where you stand:

  • You’ve done dental work on me which you should rightly be paid for.
  • You’ve had a written offer from me to settle this account already.
  • You’re in an extremely strong position to make sure I settle the account without making settlement conditional on the Plan’s cancellation.
  • Your doing so violates New Zealand consumer law.
  •    Unlike you, I can make this conditional on your cancelling the Plan, in part because I have no way of finding out whether you’ve taken my $299 or not.
       It appears from your email that you already have.
       Logically you could refund the difference between $299 and the invoice amount, which would be taking some responsibility for this mess.
       I cannot see why I need to be out of pocket for $452 at any time. I am sure you can see how this is grossly unfair.
       This seems like a delaying tactic to make sure the five days go by.
       I now respectfully ask you cancel the Plan immediately and refund the difference, which seems the easiest solution.

    Sincerely,

    Jack

    The matter is now before the support team in Auckland. Hopefully they can sort this without my contacting their CEO (which seems like the next logical step).—JY

    P.P.PS.: The practice manager on the Terrace has received the above and responded far more professionally, asking me to leave it with her and she’ll sort it out. She assures me my details have not been sold—not that I doubted Lumino but I still have very massive doubts about Ezidebit and Global Payments. She’s also offered me 5 per cent off on future treatments out of goodwill, which is a very promising solution. Lumino’s support line in Auckland was also very friendly and logged it into their system.—JY

    P.P.P.PS.: Lumino has remained on the case and tracked down Ezidebit’s privacy policy, which I had never seen till today. And I believe we have our smoking gun. Ezidebit’s claims that they have not heard of this happening before suddenly fall flat. In cl. 3.1:

    When we share your information with third parties whom we partner with to provide our services (for example, providers of software or any other electronic applications which have been integrated with Ezidebit to enable us to process payments for users of that software or application), those third parties may use that personal information to provide marketing communications and targeted advertising to you.

    In cl. 3.2:

    We may disclose your personal information to our related companies or to third parties located outside of New Zealand, including:
    • The United States;
    • Australia;
    • Philippines;
    • The United Kingdom; and
    • Hong Kong.

    That latter clause explains the scam call on Monday, January 29 then, which was on my cell and asked for me by name. The caller had a Philippine accent and claimed she was calling from Hong Kong.—JY

    Tags: , , , , , , , , , , , ,
    Posted in business, marketing, New Zealand, USA | No Comments »