Credit cards and suppliers and registration and user identities and general info

I agree with you although I thought that vendors had to have your permission to store card details.

Maybe they do, but how many actually do, or make it obvious that by supplying a CC number in order to complete an order you are actually agreeing that they can keep that data?

Many years ago I bought an iPad for a now deceased friend who had had a somewhat debilitating stroke which affected muscular control as well as initially some mental tiredness - he had been sold on the idea by friend who demonstrated hers - I got him one but was appalled that I could not even register it to give access to download material without giving Apple a CC number that formed part + parcel of the registration - I asked around for how I could set my friends machine such that an inadvertent movement of a finger would not cost him dear - answer there came none + I delayed giving him the iPad - fate intervened and it was passed to his executor. Ever since my opinion of Apple has been in the high negativity area with my belief that users of such walled gardens deserve all they get lumbered with.

Only if they so choose and the cardholder agrees to their doing so, which can be useful for regular monthly payments or, for example, council tax.

Unless I was paying via Sagepay, WorldPay or Paypal, I assume the card number is at risk on the IT system of the seller, and their expenditure on security and IT.

Hence, I tend to "lose" my credit card at intervals of 12 to 18 months - and get a new card/account number, despite the inconvenience on the few recurring payments etc. (I hardly ever use a debit card).

I agree, but Apple is by no means the only firm/organisation to be doing that kind of thing. I have over the last year or so been recommending a music notation system, called Musescore. Unfortunately the situation re Musescore is not at all clear, as there are two web sites - one is a MS.org site, and the other is a MS.com site. Apparently both are supported by a music firm called Ultimate Guitar and the .com site might be more commercial. Both sites have similar look and feel. The .org site offers the Musescore program - and apparently the intention is that that will always be free to download and free to use. The .com site does have downloadable scores, many of the created by amateurs who may have written music and given permission for those scores to be downloaded by other "members". There is also an iOS app for Musescore which runs on iPads. It is claimed by some that downloading such scores is easy - provided that there is no commercial or copyright concern. However it is now quite hard to see how this could happen for new users, as the pages I've seen mention a trial version which can only be accessed by registering, and there are suspicions that in order to have a trial version that a credit card number has to be supplied. There is also mention of a free version, but whether this is free or not I don't know, as I've never found a page which shows what accounts are available. I can't personally verify this precisely as I'm already a member, and I don't mind the payments which I've so far incurrred.

The particular point here is that if an organisation offers "free" or "trial" membership surely it should not ask for CC details until such time as a real charge against the free/trial member is actually incurred, as this potentially puts the end user at risk.

Additionally, for most people there are several risks - typically (a) divulging email addresses (b) divulging other details, such as physical location and other addresses (c) divulging ethnic group or other personal information (d) divulging details of social class, education, wealth and salary etc - some of which may be based on real data, and some inferred from other "known" data, such as the postcode, and finally (e) specific details of bank accounts and credit cards used for paying for services. Data under (a),(b) and (e) are likely to be required in order to make a purchase and and effective delivery of physical objects. Data under (a) and e) will probably be required for data downloads, such as streaming services, CD downloads etc.

I mentioned the GDPR at the start of this thread, but I'm not sure that it does address the issues suggested in the previous paragraph. It does annoyingly slow down delivery of many web pages which have to be acknowledged because of a pop-up query, and it may allow users to find out some incredibly interesting things, such as who produced the web site, which web sites communicate with each other etc. - and which most of us have absolutely no interest in whatsoever.

If I order a washing machine from a firm such as John Lewis I don't necessarily need to know the factory it was produced in, who was on the shift when "my" washing machine rolled off the line, who supplied the motor and the pump etc., which packing services were used, and which delivery firm and delivery teams delivered it to my house. The assumption is that I have a contract with John Lewis to supply a particular machine - possibly a well known brand - and that customers have some faith in the supplier and in the manufacturer. There is generally no need for end users to have knowledge of all the complete supply chain.

For some other goods and services - for example agriculture - particularly involving livestock - there is usually much more data collected in the supply chain - but again generally by the time food arrives in shops, most customers are not going to be interested - though in the event of problems, public health officials will be interested.

Frankly, life is too short to worry about this. You can have every regulation in the world. GDPR...(agreed pointless exercise as was/is the cookie law). But at the end of the day, you have absolutely no idea...none...zilch of what happens to your credit card details once you've completed your transaction online. So you simply either accept that that is the fact and stop fretting or go back to high street shopping and use cash. Any other course is pointless.

Why single out Apple ? Downloads are usually paid for and so why wouldn't they ask for a CC number ?

I find it's not worth the hassle. The times I've had my card details compromised (and always simply resolved after a quick telephone call) is minimal. The fag of having to go back and access all the subscription services with the new card details is too painful to even contemplate.

Why does it put the end user at risk ? All the free trials I have partaken have quite clearly upfront said that the subscription kicks in unless cancelled. What happened to the concept of personal responsibility ?

Do you have ANY evidence of any site asking for (b) (c) or (d)? I have never been asked for those pieces of information. I'm guessing that when the census form comes you will put it straight into the rubbish as being too intrusive ?

What have you been smoking ? Where on earth do you get this last sentence from? I can't even begin to conceive how you've conjured it up? I'm sorry, Dave, usually you make a lot of sense but I'm struggling on this thread. Really am. Teacups. Storm.

try rereading my post - you presumably have never had to handle a situation where a friend could be severely harmed - it was the difficulty of gaining any service including the use of the paid for device

OK - so you've never had a credit card compromised, or money stolen from your bank account. I have - several times - and that was before the Internet really kicked off.
Oh - just in case you think this is trivial - imagine going to a country, then finding you couldn't get any cash out of an ATM, and you couldn't buy anything on a credit card, and then wondered how you were ever going to get back to the country you started from. You are also on your own, and have only very limited number of personal contacts you know who could help you nearby. Actually you do manage to do that- get a flight back home - because you (thankfully) have other cards, and some cash, but when you get back you discover that several £000s (thousands) have been taken out of your bank account.

This did happen to me, though in fact at the time I was travelling between the UK and Sweden, and the details of my CC were taken in England. Eventually I did retrieve all the money, but it was very inconvenient, and I might have been totally stranded - up s*** creek without a paddle.

So you say - "don't worry" - and yes, to an extent I agree - and that was precisely the point I was trying to make about JL and the washing machine. Much of what we do is based on trust, and a belief that some companies are going to play fair, and that some products are going to be good. We don't normally ask to see every inspection certificate for the washing machines coming out of a factory, nor details of what statistical sampling methods have been used by the manufacturer. The assumption is that if we buy from a reputable supplier and we buy a what is generally agreed to be a good model (perhaps reviewed in Which) that things will work OK. So why on earth do we need the GDPR to require web sites to provide so many details which a typical end user is never going to want or know about, yet AFAIK it doesn't seem to address matters of real concern to consumers, such as "are my credit card details really safe with this organisation", and "will the company keep my credit card details for more than 1 month", and where will the company keep the details of my credit cards or other personal data? You think these are not important?

Then why don't you follow Jeremy Clarkson's example and stick details of all your cards and bank accounts up on a public web site and see what happens?

OK - we're not actually discussing doing that, but in the case of some organisations their security might be such that you might just as well do that.

I rather think Anastasius holds to the Panglossian view of today's version of capitalism, Dave.