This is after forcing login to a store account:

At least they don’t hide in their ToS that:

“l agree to let Walmart monitor my use of Walmart WiFi, including to:

  • Determine my presence in Walmart stores
  • Associate information about me with my Walmart account
  • Improve products and services
  • Gather market insights about my in-store purchases and activities”

But that’s not enough, they need to monitor your internet activity further too.


For further reading, some greatest hits (the section headers on Wiki’s Criticism of Walmart):

  • Local communities
  • Allegations of predatory pricing and supplier issues
  • Labor relations
  • Poorly run and understaffed stores
  • No AEDs in stores (automated external defibrillators)
  • Imports and globalization
  • Product selection
  • Taxes
  • Animal welfare
  • Midtown Walmart
  • Opioids settlement
  • Trailblazing Braille Taser@lemmy.dbzer0.com
    link
    fedilink
    English
    arrow-up
    15
    arrow-down
    7
    ·
    edit-2
    3 months ago

    Would you say the same thing if they intercepted HTTPS connections? Or blocked popular DNS (edit: DNS over HTTPS/TLS) resolvers and required you to use the one advertised in DHCP?

    I think if you’re going to provide WiFi, just do it and stop spying on me.

    The reason they want this is probably so they can tie your Walmart account to your position inside the store. And see which other sites you visit to find a better price, etc.

    • IsThisAnAI@lemmy.world
      link
      fedilink
      English
      arrow-up
      17
      arrow-down
      7
      ·
      3 months ago

      Yes. Their public network. I have no expectations of any privacy on a public network. This is privacy 101.

      • Trailblazing Braille Taser@lemmy.dbzer0.com
        link
        fedilink
        English
        arrow-up
        10
        arrow-down
        6
        ·
        edit-2
        3 months ago

        You’re conflating the individual practice of having a pessimistic threat model with a corporation’s entitlement to behave badly.

        Of course I assume the worst from Walmart or any other public network — I just think they should have some class and provide a public good to their customers without creepy privacy invasion. Somehow they manage to provide free water in fountains without requiring me to scan my driver’s license.

        If they published a white paper explaining the Differential Privacy properties of their customer analysis tech, I might revise my opinion.

        • IsThisAnAI@lemmy.world
          link
          fedilink
          English
          arrow-up
          7
          arrow-down
          9
          ·
          edit-2
          3 months ago

          They aren’t invading the privacy here. They are preventing a malicious actor from running an attack via VPN and ssh tunneling in addition to IP address, device, etc. At worst they are associating IP with browsing at competing stores. Preventing the VPN was likely required by a lawyer and auditor and a risky attack vector for a billion dollar company.

          If Walmart was breaking https and inserting man in the middle games it would be in their policy. Other commentators went off into fantasy land edge cases where traffic is being decrypted. And it still doesn’t change my expectation of privacy on a public hotspot.

          • intensely_human@lemm.ee
            link
            fedilink
            English
            arrow-up
            4
            ·
            3 months ago

            Are you okay with this for every hop on all your routes? I mean I’m sure very few of them are publicly-owned servers.

          • Trailblazing Braille Taser@lemmy.dbzer0.com
            link
            fedilink
            English
            arrow-up
            7
            arrow-down
            3
            ·
            3 months ago

            They aren’t invading the privacy here.

            Yes they are, they’re forcing you to disable Private Relay.

            They are preventing a malicious actor from running an attack via VPN and ssh tunneling in addition to IP address, device, etc.

            This makes no sense. I could walk outside the store and do any of those things on my 5G connection. Private Relay does not enable these attacks and blocking it doesn’t prevent them.

            At worst they are associating IP with browsing at competing stores.

            Wut? They are the ones assigning IP addresses. Not sure what you mean.

            At worst, they’re using your IP address to join your walmart.com session cookie with complete time series data on your store position, data from store cameras, etc. to build a creepy profile without consent.

            Preventing the VPN was likely required by a lawyer and auditor and a risky attack vector for a billion dollar company.

            It’s not a problem for Starbucks. As long as the public facing network is separate from the internal store network, e.g. with a VLAN, what is the concern?

            If Walmart was breaking https and inserting man in the middle games it would be in their policy.

            Regardless, it would be shitty behavior.

            If they were cracking crypto schemes and were decrypting your traffic, it’s entirely possible this violates a “hacking” law in the US.

            Other commentators went off into fantasy land edge cases where traffic is being decrypted. And it still doesn’t change my expectation of privacy on a public hotspot.

            It was a hypothetical to explore the extent of your “their house, their rules” viewpoint.

          • FooBarrington@lemmy.world
            link
            fedilink
            English
            arrow-up
            3
            ·
            3 months ago

            They aren’t invading the privacy here. They are preventing a malicious actor from running an attack via VPN and ssh tunneling in addition to IP address, device, etc. At worst they are associating IP with browsing at competing stores. Preventing the VPN was likely required by a lawyer and auditor and a risky attack vector for a billion dollar company.

            Then why do their ToS say they use this data for advertising purposes? If they really need to be able to track you to prevent malicious actors, they can do so without using the data for advertising.