[2035-05-17] New post, "Pizza for privacy"

_posts/blog/2025-05-17-pizza-for-privacy.md

@@ -0,0 +1,262 @@
+---
+title: Pizza for privacy
+category: blog
+layout: post
+---
+
+We recently received a suspicious letter though our door from something called 'The Origin Panel'. It described the details of an exclusive new research project, of which our household had been selected as special members! Wow, how exciting!
+
+The letter immediately set off alarm bells for me and my partner. The project is being run by the ISBA (Incorporated Society of British Advertisers), and its stated aim is "to make advertising more relevant to you". This indicates that they want to collect data to target ads, and indeed this is the basis of the project, to allow us to "anonymously share \[our\] media habits". The letter is also filled with language designed to make the project sound legitimate and incentivize signups. "exciting new research project", "scientific sample", "invitation only". There is also a stated £100 available if you complete signup and installation (!) in four weeks.
+
+This sounds terrible and awful and various other synonyms. Obviously we weren't going to sign up, but it begged to be looked into more. This post is the results of my investigation.
+
+# # Who is behind the curtain?
+
+The Origin Panel, henceforth referred to as Big Brother, provided a helpful link for us to get started: [www.theoriginpanel.uk](www.theoriginpanel.uk). The first question I had was "who is behind this?". Navigating to the About Us section of their website, we can find out that this operation is being run by a company called [Kantar](https://www.kantar.com/). They are a branding and advertising consultancy of the usual ilk, running this on behalf of the ISBA, as mentioned in their letter. This doesn't tell us much about who is actually behind it all, but I think you can probably already guess at the culprits. They provide this helpful description of their stated goals:
+
+> \[Big Brother\] is ISBA’s advertiser backed programme, designed to create a blueprint for cross media measurement. It is part of a global initiative to capture the value of advertising in a constantly changing consumer environment.
+>
+> \[Big Brother\] is designed to address the needs of advertisers, who need to understand and plan campaigns across digital and broadcast platforms. They point out the lack of either a standardised approach to video and display measurement or a common measurement approach across media, particularly across digital platforms and between digital platforms and broadcaster TV.
+>
+> ISBA has been working with the WFA (World Federation of Advertisers) to convene advertisers, online platforms, and broadcasters to discuss a common global approach.
+
+Sorting through the corporate waffle, this seems to part of a scheme to standardise tracking across both internet and traditional (broadcast) mediums to create a unified approach. Why anyone would want to help in this endeavour is beyond me.
+
+After more poking around the website, I found what I was looking for. [This page](https://www.theoriginpanel.uk/OnlinePublishers) reveals the entities who get the collected data. Get your last guesses in now! And ... drumroll please ... it is ... Meta/Google/Amazon/TikTok. Keyser Soze and all that.
+
+This page also contains "\[the\] approved list of websites, platforms or applications that our meters collect “Internet Data” from". So let's get into that.
+
+# # What are you signing up for?
+
+There have been various mentions so far of "installations" and "meters". So what would I actually have to do to get that sweet £100 bonus?
+
+Watching through [the User Guides](https://www.theoriginpanel.uk/UserGuidePublic), there are two different types of meters that will be installed in your home when you sign up, one for each TV in your home, and one that plugs directly into the back of your router (!) that looks suspiciously like a Raspberry Pi in a case.
+
+## ## The TV meter
+
+The TV meters are a small touchscreen display that goes below the TV (and corresponding remote control).
+
+<figure>
+<img src="/assets/images/origin-panel/whoispresent.png"/>
+<figcaption>Not disturbing at all!</figcaption>
+</figure>
+
+Every time you watch TV, you have to indicate your presence. They also emphasise that you have to do it even if you just walk into a room where the TV is on.
+
+<figure>
+<img src="/assets/images/origin-panel/helloSARAH.png"/>
+<figcaption>Normal human greeting</figcaption>
+</figure>
+
+But don't worry, everyone gets a little avatar on the screen. You can even set up extra ones for guests! But only if they are strictly male or female. I guess non-binary people can't participate. Lucky for some!
+
+<figure>
+<img src="/assets/images/origin-panel/removeallfemaleguests.png"/>
+<figcaption>A handy button for when you banish all women from your house</figcaption>
+</figure>
+
+The device is constantly recording sound to identify which channel is being watched. I guess this works by detecting certain frequencies, but when Google and Amazon are involved, who knows.
+
+## ## The router meter
+
+This is definitely not a Raspberry Pi that you plug into the router. 
+
+<figure>
+<img src="/assets/images/origin-panel/rpi.png"/>
+<figcaption>Definitely not</figcaption>
+</figure>
+
+It monitors your internet usage of a bunch of different sites, including but not limited to:
+
+- Amazon Music
+- Amazon Prime
+- AppleTVPlus
+- Audible
+- BBC
+- BBC Sounds
+- DAZN
+- Discovery
+- Disney+
+- Facebook/Instagram
+- Google
+- Hayu
+- Lionsgate+
+- Netflix
+- NowTV
+- Paramount+
+- SkyGo
+- SkyMedia
+- SkyNews
+- Sound Cloud
+- Spotify
+- STV
+- TikTok
+- Twitch
+- UKTV
+- Viaplay
+- YouTube Music
+- ...
+- Full list here
+
+They really try to emphasise that it will only monitor traffic from the sites they are interested in, but it must be processing all of your outgoing traffic to achieve this. Also, does it really matter if they are tracking everything that you Google search anyway?
+
+There is a strange, almost urgent note in the [online meter PDF](https://www.theoriginpanel.uk/uploads/documents/UserGuides/Online%20meter%20guide%20v5.pdf):
+
+> It’s essential that we preserve your privacy and anonymity so please don’t share your participation on the [Big Brother] with anyone you don’t know. You should also avoid mentioning your participation on the panel with anyone on social media, in or outside your circle of family and close friends
+
+Surely, _surely_, if my data was being properly encrypted and anonymised, there would be no need for me to keep my participation a secret? There would be no way for the data to be connected back to me. Right guys? Right??
+
+They also show their full router name and WiFi password in the video, while they talk about all the precautions they have taken with your data.
+
+## ## Mobile app and software
+
+There is also an app to download, which seems like it will pop-up every time you open your phone to ask who is using it. Looks like there is also some intrusive software to download directly onto you PC/laptop too, just so they don't miss anything!
+
+Here is some information from their [Privacy Policy](https://www.theoriginpanel.uk/uploads/documents/OriginPrivacyPolicy.pdf)[^1] on the information that they collect:
+
+> Kantar will collect the following types of information from the approved list of websites, platforms or applications you visit: 
+>
+> - Information about the website, platform or applications you use such as:
+>   - How long you visit the for;
+>   - How often you visit;
+>   - How you navigate through the website, platform or application;
+>   - The advertisements you see.
+> - Information about the device you use such as:
+>   - The device model and name;
+>   - Operating system;
+>   - MAC address;
+>   - IP address;
+>   - Other unique online identifiers such as Ad ID (Advertising Identifier).
+
+Even more worryingly, the privacy policy indicates that your "pseudonymised" information will be directly shared with the companies involved:
+
+> For some websites and apps, it is not possible to identify the
+> advertisements that you have seen through the Focal Meter and so we rely
+> on data from the online publishers themselves
+>
+> ...
+>
+> Kantar will share encrypted unique identifiers with the online publishers
+> (such as your email address or social media handle) or your device (such
+> as a mobile advertising ID or other unique device identifier associated
+> with the device you use) in a matching process. The online publisher will
+> use this identifier to provide us data that includes your online activity and
+> advertisements that have been shown to you on your device(s) (including
+> time stamps of when such content was shown to you) and share this
+> information with Kantar. In some instances we may also receive back
+> demographic information such as age bracket, sex and approximate
+> location (such as region or city) which is used for verification purposes.
+
+<figure>
+<img src="/assets/images/origin-panel/baby.png"/>
+<figcaption>Oh, and don't forget to notify us if you have a newborn baby!</figcaption>
+</figure>
+
+Now, it is obviously a terrible idea to sign up for this. You make it so easy for these companies to build up an advertising profile on you, and to develop newer, more intrusive technologies to get to the rest of us. You might be thinking "doesn't my ISP have all this information any way?". And you are (partially) right, your ISP can see all the sites you visit and the requests you make. But this process is evidently much more intrusive and insidious, with multiple devices and pieces of software collecting all the data they can. If they could get all this from your ISP, why would they need to install these devices?
+
+You would be giving up all of your online privacy, for nothing. Well, not nothing, but we'll get into that next.
+
+# # What do you get in return?
+
+So, what is the incentive here? Apart from the £100 signup bonus, what do they give you in return for your privacy?
+
+There is a page on their site that details the ["Reward Scheme"](https://www.theoriginpanel.uk/RewardSchemePublic) (uh oh).
+
+Basically, in return for hoovering up all of your data you will collect points, which can then be redeemed at a specific list of shops. I couldn't find information on exactly where the points can be redeemed, nor any information about how many points you get each month. The [Terms & Conditions](https://www.theoriginpanel.uk/uploads/documents/Origin-TCs_v2-Legal-Entity-Update.pdf) say that 1000 points = £1, so it will likely take a while to get anything meaningful. One example they give in their promotional video is a pizza.
+
+<figure>
+<img src="/assets/images/origin-panel/pizza.png"/>
+<figcaption>Tastes like freedom</figcaption>
+</figure>
+
+They also say that there are monthly and quarterly prize draws, of up to £1000.
+
+<figure>
+<img src="/assets/images/origin-panel/spend.png"/>
+<figcaption>"Spend" your points</figcaption>
+</figure>
+
+So what do you get in return? Not a whole lot. Just some lousy vouchers that can only be spent at specific retailers under strict conditions, and entry into a lottery.
+
+Don't worry though, you can be a good citizen and sacrifice your precious points to a "Kantar-approved charity"!
+
+<figure>
+<img src="/assets/images/origin-panel/charity.png"/>
+<figcaption>Not sure what the local food bank is going to do with Kantar points</figcaption>
+</figure>
+
+# # Does anyone actually sign up?
+
+So surely nobody actually signs up for this? You would think, but humans never cease to amaze.
+
+Looking at the [Big Brother's TrustPilot page](https://uk.trustpilot.com/review/theoriginpanel.uk), we can see a promising 2.2 average.
+
+The reviews can be sorted into three categories:
+
+1. People like me, complaining after having received the letter and done a little bit of research. These account for most of the 1 stars.
+2. Fake 5 star reviews. There is a lot of similar language being used throughout the 5 star reviews here. I have not done a proper analysis, but it definitely smells when all the 5 star reviews sound so similar. Looking forward to earning some rewards now!
+3. Real experiences. There does seem to be people who actually signed up, with both "good" and bad experiences.
+
+<img src="/assets/images/origin-panel/andy.png"/>
+
+<figure>
+<img src="/assets/images/origin-panel/customer.png"/>
+<figcaption>I am so glad "customer" likes their Pizza Hut salad</figcaption>
+</figure>
+
+<img src="/assets/images/origin-panel/lisa.png"/>
+
+<figure>
+<img src="/assets/images/origin-panel/pizzaforprivacy.png"/>
+<figcaption>Hey, that's the name of this post!</figcaption>
+</figure>
+
+There are many reviews of people complaining about terrible customer service, and not being able to access their rewards or remove the software. For those who do seem to be enjoying it are content with \~£10 a month in vouchers. More than I expected, but still about 25 orders of magnitude away from the price of your privacy.
+
+Either that, or pure financial exploitation:
+
+<figure>
+<img src="/assets/images/origin-panel/struggle.png"/>
+<figcaption>Struggling financially</figcaption>
+</figure>
+
+# # Bloody hell
+
+The last thing I did was take a look at their [FAQs page](https://www.theoriginpanel.uk/FAQPublic), and things somehow got even worse.
+
+Q: **What if we go on holiday?**
+> It is highly recommended that you inform our support team in advance if you are planning to go away. You can do this by calling or emailing us with your holiday dates.  In order to check that the meters we send to panellists are functioning properly, we monitor TV viewing and Internet usage levels on a daily basis. If we are given notice that you will be away from the home, we will take your absence into account when monitoring usage.
+
+A: **Please tell us every time your house is going to be empty for a while.**
+
+Q: **Do you keep my children's information?**
+> In compliance with the Terms and Conditions of your panel membership, we do not release any TV or Web usage data connected to household members who are under the age of 16 for any analysis. No internet data is collected from such members, and the TV data we collect from those under the age of 16 is only used for quality control purposes within Kantar.
+
+A: **Yes, yes we do.**
+
+Q: **How long does the program last?**
+> The [Big Brother] program is an on-going project with no specific end date.
+
+A: **FOREVER.**
+
+Q: **Do you sell my data to advertisers?**
+> No, we do not pass on any details to advertisers or marketers. We may use third party service providers to assist in our administration of [Big Brother].
+
+A: **No, we give it to them for free.**
+
+Q: **Are you reading my children's messages?**
+> Our software is designed to only register when it detects audio and to communicate that back to our servers along with the source of that sound. We absolutely cannot read instant messages, emails or any other personal communications.
+
+A: **No! We are just listening to their conversations!**
+
+# # Conclusion
+It is frankly staggering that this exists. It baffles me that anyone would come up with such a scheme, let alone actually implement it! Advertising is a leech on our society, and the erosion of personal privacies and rights is something that we need to fight at every turn. Schemes like this should heavily regulated, if not outright illegal.
+
+I cannot really blame the people getting £10 a month in vouchers, they are not the problem here. Inflation is high and money is hard to come by. The problem is the whole system, trying to squeeze out as much money as possible by monitoring everything we ever do or say, so they can sell it back to us. 
+
+(If there is anyone out there who has received one of these letters and is smarter (and braver) than me, I would love to see a proper teardown of these devices and a deep-dive into what is actually being tracked. Please, please, please write a big blog post about it.)
+
+In conclusion, DO NOT SIGN UP FOR THIS. It is a massive invasion of your personal privacy, for little to nothing in return. If the product is free, YOU are the product. There is no such thing as free pizza.
+
+<hr>
+[^1]: Surprised they have one!