Customer Tracking at Ralphs Grocery Store

To comply with California’s new data privacy law, companies that collect information on consumers and users are forced to be more transparent about it. Sometimes the results are creepy. Here’s an article about Ralphs, a California supermarket chain owned by Kroger:

…the form proceeds to state that, as part of signing up for a rewards card, Ralphs “may collect” information such as “your level of education, type of employment, information about your health and information about insurance coverage you might carry.”

It says Ralphs may pry into “financial and payment information like your bank account, credit and debit card numbers, and your credit history.”

Wait, it gets even better.

Ralphs says it’s gathering “behavioral information” such as “your purchase and transaction histories” and “geolocation data,” which could mean the specific Ralphs aisles you browse or could mean the places you go when not shopping for groceries, thanks to the tracking capability of your smartphone.

Ralphs also reserves the right to go after “information about what you do online” and says it will make “inferences” about your interests “based on analysis of other information we have collected.”

Other information? This can include files from “consumer research firms” ­—read: professional data brokers ­—and “public databases,” such as property records and bankruptcy filings.

The reaction from John Votava, a Ralphs spokesman:

“I can understand why it raises eyebrows,” he said. We may need to change the wording on the form.”

That’s the company’s solution. Don’t spy on people less, just change the wording so they don’t realize it.

More consumer protection laws will be required.

Tags: , , , , ,

Posted on January 29, 2020 at 6:20 AM32 Comments

Comments

Alejandro January 29, 2020 8:02 AM

It’s bad when one Mega-IT corp spies on all of us, but now it’s getting down to the local grocery store targeting us like we are major criminals, terrorists and spies all in the name of corporate profit.

Congress has been bought off completely and will never provide any relief under the current system, Republican, Democrat or other.

A few states, like California, are trying. More effort is needed at the state and local level. For example, some cities are passing laws their own police department cannot track the citizenry with facial ID.

Which leads to the entire LE industry which is falling over itself to grab all the same data the corporations are sucking up, irregardless of any legal or Constitutional isses.

National LE policy: “We’ll do it until the Supreme Court says we can’t.”

Money is the grease that makes it all work so smoothly and secretively.

The biggest problem of all is the vast majority of people, many who should know better, simply don’t care about any of this because the internet is so fun, convenient and easy.

Even those who want change have very little horsepower behind their concerns, and indeed are easily written off as tin foil hatters. Like the cranks who hang out here.

What will it take to get people mad as hell about this? Willing to make demands? March in the streets?

I simply don’t know.

Footnote: And yes, Ralph’s will simply bury their surveillance machinery in obtuse legalese and carry on…like the rest.

jeff January 29, 2020 8:15 AM

Exactly. I once tested a software product that turned out to be 70 times slower than a competitor (1000 times in certain cases). The software folks wanted to fix it. The marketing department just wanted to know “what’s our story?” If they could spin it they didn’t care how bad the product was.

Jason January 29, 2020 8:41 AM

I’m curious how they access that level of data just by a customer getting a rewards card.
They must be pulling from a second source to fill it out, and it shows once again that cell phones are the problem.

Which is why I bought a Faraday bag.

MikeA January 29, 2020 9:34 AM

@Jason:

That Faraday bag will probably make your battery life even shorter than usual, as it tries desperately to maintain contact with Borg-Central.

“Airplane Mode” may not turn off Bluetooth, and turning the whole phone off (if you can. I mean actually can) sort of defeats half the purpose (e.g. partner remembering one more item for the list, since you are at Ralph’s anyway).

Of course, removable batteries (which also defeat the purpose) will soon be seen as cute relics of a day when we worried about embedded energy and sustainability.

wiredog January 29, 2020 9:40 AM

Giant and Safeway have apps they want you to use, which presumably track all sorts of useful information. And they’re tied to the gasoline discounts. Fun stuff.

Chelloveck January 29, 2020 9:47 AM

Why do you see “This product contains chemicals known to the State of California to cause cancer…” warnings on practically everything sold in California? Because there are penalties for not posting the warning where it’s needed, but no penalties for posting it where it’s not needed. So to cover your ass legally it’s better to slap the warning on everything regardless of its contents. You won’t get in trouble if you claim everything causes cancer. You might get in trouble if you pick and choose where to post it and are wrong (or a vendor changes their product without notice…)

Ralphs’ privacy policy may be something similar. Claim the right to use data in every possible way and you can’t be sued for misuse. Limit the scope of your privacy policy and you risk being sued for something not explicitly covered. If no one ever reads the policy anyway then there’s no harm in claiming all rights. The spokesperson’s comment could simply be, “Okay, if people are going to read this we’ll take a PR hit. Weighing the cost of a possible lawsuit versus the cost of bad press, maybe it’s better to actually examine what we do and write the policy accordingly instead of trying to make the broadest policy possible.”

Never attribute to malice that which can be adequately explained by legal CYA.

metaschima January 29, 2020 10:09 AM

“We may need to change the wording on the form.” Lol, you mean obfuscate it, because it’s entirely accurate as it stands, this is probably what most companies actually do, not to mention the gov’t.

Tim January 29, 2020 11:01 AM

I never run into grocery store rewards programs until I moved to California. My Vons card isn’t tied to any personal information as I’ve never been asked for any. They simply gave me a card. I don’t have a Ralphs card but I stop in on occasion. When you tell them you don’t have a card the grocery clerk scans their own and you get the discounts anyways. But I’ve noticed when someone asks for a rewards card Ralphs does the same as Vons – they just give you a card.

I have noticed some people use phone numbers so I assume they are the ones filling out these silly forms and giving their information away. But it’s not required to get the “discounts”. You have a choice and frequently people are more than happy to give up their privacy for 5 cents off canned Spaghettios.

Peter A. January 29, 2020 11:41 AM

Cal&USA are years behind. You still use these stupid plastic cards that make your wallet thick as a volume of Encyclopedia Britannica?? Over here, EVERY store chain has its own APP!

I got sick of every clerk in most stores asking me ‘do you have [our] app?’ I am tempted to shout: FSCKING NO!

JonKnowsNothing January 29, 2020 11:56 AM

@Tim
re:

But it’s not required to get the “discounts”. You have a choice and frequently people are more than happy to give up their privacy for 5 cents off canned Spaghettios.

Actually it is required.

Many stores, like Vons (USA) have tiered discounts. These only matter to people on limited funds. If you are WASP-Elite, it won’t matter to you, and you can toss any amount of Spaghettios in your cart and head to the self-checkout where computers now replace people.

If, however, you are on limited funds you will notice several versions of tiered pricing:

  • weekly sales discounts campaigns: 20 cents off Spaghettios
  • smartphone digital discounts if you scan the discount tag with your QR reader on your phone: 40 cents off Spaghettios
  • generic discounts for giving up your phone number: 5% off total price if everything in the cart full of Spaghettios
  • generic bonus discounts for not shopping elsewhere: 10 cents off per gallon of fuel for every $100 spent on Spaghettios
  • discount food bins for dented cans and sell-by-date meats: 30%-50%-75% off each item of dented can Spaghettios
  • direct targeted ads to your smartphone if you use their APP: An extra 15% off Spaghettios

Vons is not unique in this strategy, it’s done at every major and minor retail store. All of whom are hoping you are a WASP-Elite not paying attention.

Each store employs Bluetooth(or similar) networks that correlate each aisle and your location in the aisle and track your progress around the store (preferred pathing see Euler). They use the RFID network to monitor every item you pick up, if it goes in the cart and at what point you abandon the item before you hit the checkout.

Additionally, many stores use contract or supplier provided stockers and product placement plans. These folks may add their own tracking systems within their aisles. Computer generated product placement plans provide maximum opportunity for you to find what they want you to buy, track if you stop and shop, or walk on by.

ht tps://en.wikipedia.org/wiki/Leonhard_Euler
ht tps://en.wikipedia.org/wiki/Seven_Bridges_of_K%C3%B6nigsberg
ht tps://en.wikipedia.org/wiki/Graph_theory
ht tps://en.wikipedia.org/wiki/Graph_theory#Route_problems
(a listing of common pathing problems)

(urls fractured to prevent autorun)

JonKnowsNothing January 29, 2020 12:09 PM

@Peter A.

re:

Cal&USA are years behind. You still use these stupid plastic cards that make your wallet thick as a volume of Encyclopedia Britannica?? Over here, EVERY store chain has its own APP!
I got sick of every clerk in most stores asking me ‘do you have [our] app?’ I am tempted to shout: FSCKING NO!

re: card
That’s the reason they use a phone number. It’s what people remember. You don’t need the physical card.

re: employee questions
I’m sure you understand that the clerk has No Choice in asking you this? They are required to do so by the company.

The same as asking if you will use the self-checkout computer system that is designed solely to eliminate the few humans still employed there. There almost no direct employees now as they use contractors on Gig-Economy Shape-Up On-Call Zero-Hours work.

They probably don’t care if you do or don’t but if they don’t ask, they don’t work. They are trying to hold on to their precarious positions to make a few more rent payments and feed their families.

Peter A. January 29, 2020 12:59 PM

@JonKnowsNothing:

I know that clerks do what they are told to. That’s one of the reasons why I refrain myself from shouting, but the temptation is there.

Re: automatic checkout – human checkout clerks are doomed. Human cab drivers are doomed (on a much longer timescale). Many other professions are doomed as well. Automation will trump. Only a small number of such positions will be retained for high-profile use (think VIP stores, VIP limos etc. – or maybe even not). Is it good or bad, anyone has own opinion.

Phaete January 29, 2020 1:04 PM

When perception beats reality, the wording is everything.
Companies stockvalues are based on their assets plus a large chunk of percieved value.
With the right spin you can double or halve your worth.
And we’ve been doing it for centuries; Jesus didn’t get ‘murdered’ for our sins, he ‘died’ for our sins, as the phrasing goes.
Sounds a lot better, totally different implications.

Truth is, or at least my version of it, reality and perception are so connected and intertwined that they can become each other.
They are also each others ‘antidote’, with perception you can battle reality and with reality you can battle perception.

Brumpy bat January 29, 2020 1:46 PM

Remember all the science fiction stories promising autmation would relieve us from labor and we would not have to work?

Yeah. Not working out that way.

JonKnowsNothing January 29, 2020 2:41 PM

@Brumpy bat

re:

Remember all the science fiction stories promising autmation would relieve us from labor and we would not have to work?
Yeah. Not working out that way.

Sci Fi stories fall into 2 basic categories: utopias or dystopias.

In utopian versions: poverty, sickness, even death is eliminated and maximum human creativity is realized.

In dystropian versions: poverty, sickness, death are maximized with any benefits deriving to just a few.

We sometimes have a choice, sometimes not so much.

What can be projected is this: The value of human work is going down.

Someone once pointed out that the enormous poverty in places like India is not due to the lack of work. There is a lot of work, it just pays very little.

This is the format for the future human work force regardless of area of expertise.

Doctors are going to be GoogleMD-AIs using statistical “evidenced based” medical average results regardless of whether you fall into or out of the average. If your situation is not in the middle of the bell curve, even now, you can hardly find treatments.

Education will be filtered and tailored more to resemble the restrictions on knowledge and who can possess it, of past times. Disliked aspects will disappear along with “cursive writing”.

It’s not just a few things, it’s all things.

There is just a huge fly in the ointment: the global human population will be on some sort of government support system without means to escape. All around the globe governments are currently tightening qualifications or eliminating support roles and programs. This is marketed as Austerity and Self-Accountability and other handy-dandy names.

When these concepts fail to produce the required wealth to live sans-social support and sans-corporate support, this is going to hurt. If you are not in the “few”, it’s gonna be a shock. Of course, we all plan to be “among the few”; the reality is “we are not in the club and we are not invited”.

You can see the process happening today, imagine what it will be like when 7.7 billion people no longer have work that is valued.

Sometimes we have a choice: most of the time we don’t make one.

Best quote about Davos 2020:

Billionaires telling millionaires how the middle class should live.

TRX January 29, 2020 5:15 PM

people are more than happy to give up their privacy for 5 cents off canned Spaghettios.

Shelf prices on the Kroger in my town are the “kroger card” prices. If you don’t have the little key-tag for them to swipe, the prices are a bit higher.

Thirty freakin’ percent higher.

Which is why I left a cart full of groceries on the belt and walked out, and I’ve never been back.

[and before people start babbling about “they have to post the real price, not the card price”; the laws vary from state to state]

TRX January 29, 2020 5:21 PM

I got sick of every clerk in most stores asking me ‘do you have [our] app?’

“Will it run on my 2007 flip-phone?”

[as long as Verizon keeps supporting 3G, I’ll keep using it…]

Electron 007 January 29, 2020 5:42 PM

Ralphs also reserves the right to go after “information about what you do online” and says it will make “inferences” about your interests “based on analysis of other information we have collected.”

AFAIK, there’s free wifi in the store. It seems to be connected to a Google account with automatic login, very convenient, but yes, somewhat intrusive.

There is always some “liability” associated with offering free wifi anywhere, but it does generally attract customers who come to the store and spend money.

Aside from monitoring for “inappropriate” use of the internet, the store is understandably interested in what people are browsing online and what they can offer in the store to compete with that.

Jesse Thompson January 29, 2020 6:36 PM

@Electron 007

the store is understandably interested in what people are browsing online and what they can offer in the store to compete with that.

This is 2020. They will see that you are browsing “competitor” through TLS.

JonKnowsNothing January 30, 2020 12:25 AM

re: free wifi

Many grocery and department stores and the ubiquitous McDonalds have Store Provided Free Wifi and/or Starbucks Free Wifi or similar. Some of these have range out to the parking lot and of course the drive thru.

The store, *$, ISPs and the full panoply of LEOs are all sniffing those tins of Spaghettios in your cart.

After you checkout, they can sniff Spaghettios by RFID on a drive by or fly over.

There are some interesting “through the wall” devices too. One device can detect water leaks through the standard California wood frame 2×4 construction. It comes with several modes, the fun one being the full color map display. It wont detect much from an tin of Spaghettios as the tin shrouds the water signature, but if you boil water to cook your own, Bob’s Your Uncle.

There must be an APP somewhere for Spaghettio detection…

Bob January 30, 2020 12:50 AM

How about legislation that fines companies when they are breached where the fine grows exponentially based on the number of data points they collected on their users?

This should encourage them to either invest in securing the data, or reduce the amount of data collected.

Jon January 30, 2020 2:10 AM

I happen to have a Ralph’s card. It was given to me by a cashier one day, and as far as I know, has no information attached to it at all.

It does get me discounts in the store, but not at the gas pump (attempting to redeem ‘fuel points’ gets rejected).

Of course, I pay for my groceries using my credit card, so they could easily correlate a few things with that – but, as I see it, technically they’re not allowed to because I never signed up for the card – they just gave me one one day.

Their lawyers, I imagine, would cheerfully argue that my using the card implied consent to their sign-up verbiage – even though I was never shown, given the opportunity to read, nor signed any of it. I also imagine their lawyers are better than mine, so I would lose if I tried to go this way.

Ah well. If anyone’s interested, I purchase a fair amount of Sierra Nevada beer. J.

Clive Robinson January 30, 2020 7:41 AM

@ Jon,

If anyone’s interested, I purchase a fair amount of Sierra Nevada beer.

Is that kept next to the nachos and nappies/diapers?

Bobo the clown January 30, 2020 10:53 AM

Why fill out the form with real information? They don’t cancel the cards if you lie about anything on the form. Mine has zero real information. But yeah they can track the purchases I make with it.

Electron 007 January 30, 2020 4:11 PM

@Jesse Thompson

@Electron 007

the store is understandably interested in what people are browsing online and what they can offer in the store to compete with that.

This is 2020. They will see that you are browsing “competitor” through TLS.

That is an overly simplistic representation of what store managers can actually see of your browsing. All online shopping sites use third-party cookies these days, whether such practice are adequately disclosed or not.

https://cookie-script.com/all-you-need-to-know-about-third-party-cookies.html

If a brick-and-mortar store offers “free” in-store wifi access through an automatic login from your Google account, they surely have access to the “relevant” information from your browsing history in order to target their ads most effectively at you when you are using their in-store wifi with the same Google account from with which you log in to online shopping sites.

Just as they work so hard to resist technological advances, ban guns and disable IPv6, they publish articles all over the internet on “how to” enable 3rd-party cookies, all in the name of rampant corporate consumerism.

JonKnowsNothing January 30, 2020 6:45 PM

@Bobo the clown
re:

Why fill out the form with real information? They don’t cancel the cards if you lie about anything on the form. Mine has zero real information. But yeah they can track the purchases I make with it.

I do not think you will find anonymity though. While a grocery store isn’t a palace of high-tech wizardry, the programs that harvest your information are likely to be “user friendly” and if not user friendly, the folks doing the harvesting will no doubt have a quid pro quo for the access.

We know the ISP insert unique identifiers in the data stream and it takes less than one might think to figure out who you are in RL and where you live.

A while back before the latest in the Great Google MD and Medical Harvesting feast, a subset of scanned medical records from the UK (then part of the EU) were passed upstream. Since the UK (then) had a comprehensive free medical system there was a lot of data worth a Load of GoogleBucks sitting in doctors paper files all over the country. These files were mandated to be scanned and uploaded into a secured (?) system.

From that stash of secured system some data was passed over for analysis as the payoff. The data was supposed to be anonymous but it took a Not Long before it wasn’t. (* I don’t remember the name of the company doing the de-anonymization that they promised not to do.)

It turns out if you like Spagettios and drink Sierra Nevada beer and your purchases are at Store Location 12345 they will pretty much find you. The more you buy or even visit, the more they can stock up on your behavior and as a wise person once said:

The apple doesn’t fall far from the tree.

A few stop sign-stop light FaceIDs as you enter or leave the area and/or License Plate Reader cross reference queries will peg you down to your socks.

Just consider: How DID the Turkish Security Services track, photo, data-harvest and expose the dude wearing the dead guy’s clothing as he waltzed around town deliberately getting picked up in any scan he could find in an attempt to prove the dead guy wasn’t dead? It’s all down to the socks.

Me January 31, 2020 9:45 AM

@Phaete

“With the right spin you can double or halve your worth.”

If you’re a real estate mogul you might do them both at the same time! (Sorry, too political?)

Quentin P Smith III January 31, 2020 10:00 AM

@JonKnowsNothing

The UK is still in the EU at the time of your posting The UK has not changed its ‘comprehensive free medical system’ either

Clive Robinson January 31, 2020 12:46 PM

@ Quentin P Smith III, JonKnowsNothing,

The UK has not changed its ‘comprehensive free medical system’ either

Actually it has from the time point @JonKnowsNothing gave of,

    These files were mandated to be scanned and uploaded into a secured (?) system

That was started under Tony Blair PM (Lab), since then we’ve had several more PM’s

Gordon Brown (Lab).
David Cameron (Con).
Theresa May (Con).
Boris Johnson (Con).

I’ll let you work out the number of decades and years since the Blair “No 10” Clique started the worlds largest ICT project (which also failed) for the NHS Spine.

What went on in the way of soft fraud would put the US MIC to shame.

Anyway the NHS has changed quite a lot, including requiring people to fill in pink forms at Hospital Accident and Emergancy Departments giving proof of ID and Nationality befor the even get to see a nurse let alone a doctor so they can be charged. Then there is the privatisation of wards for health insurance company exclusive use, just ask about “hotel services” and how you get priority on elective surgury. Oh and many other hospital services such as Pharmacy taken over by US owned “Boots” which means prescriptions now have to be paid for and Medical imaging again making money from the health insurance company patients that get priority… The list of changes is quite long, and yes lots of people pay in oh so many ways.

JonKnowsNothing February 1, 2020 4:21 PM

@froggieshampoo
re:

Not having a smartphone helps a lot…

Yes and No

Yes: it makes it harder generically for tracking. Limiting usage or cartage of a smartphone is one of the numerous recommendations made about minimizing your tracking footprint.

No: unfortunately for those who do not have a smartphone or have limited the apps by not installing them and the exposures by turning OFF all the things labeled as OFF (but aren’t truly OFF), nearly everyone around you has one.

Nearly every store, street intersection, and parking lot has faceID and car tracking (that infotainment system, satellite radio, satellite 911, Real Time Maps etc) and some have sound tracking too. The video camera apps like Amazon RING is tracking all the neighborhood along with the interior of the house.

Reducing the footprint is not a bad strategy but it’s not anonymity.

Some stores have converted to No Cash (where the famous American Greenback Dollar is worthless), so anything you buy has to go through some sort of card, even a Gift Card has track-backs. There are some locales making No Cash stores illegal, mandating that the currency of the nation be honored, while others only provide no-cash-back-plastic-cards in lieu of fiat paper.

I suppose the least tracked may be Off Grid folks, but being Off Grid might be like a red striped zebra. One video/RING camera located in a tree pointing in the proper direction and Bob’s Your Uncle.

ht tps://en.wikipedia.org/wiki/Fiat_money
ht tps://en.wikipedia.org/wiki/Off-the-grid
(url fractured to prevent auto run)

Tim February 2, 2020 5:46 PM

Protip: the card keeps working even if you never activate it.

Just ask if you can take one home for a school project.

Or that you rather “activate it online” or “need some time to fill it out” or something.

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.