List is blocking legitimate url:api.punchh.com

[luisvxyz]

As discussed on NextDNS Issue #260.

The list is blocking the login url for blazepizza.com

[welcome[bot]]

Hello! Thank you for opening your first issue in this repo. It’s people like you who make these host files better!

[StevenBlack]

Thanks Luis @luisv5z.

Ping @jawz101 — can you look at this? Presently 13 punchh.com domains are blocked which indicates to me, punchh.com is unclean.

Luiz @luisv5z it's possible that Blaze Pizza has made some unfortunate choices. I'm letting the folks at AdAway continue to decide.

[luisvxyz]

@StevenBlack Got it, thanks for checking it out!

[jawz101]

geez. Even going to their website they have a cookie consent box w/ an opt-out checkbox saying "So Not Sell My Personal Information"

I wish I had access to their developer documentation to see what they mean by

Reveal the Anonymous Get to really know your customers, generating insights from every channel, in-store or online

Punchh Acquire Supercharge your customer acquisition by optimizing omnichannel marketing and analytics. Easily and cost-effectively turn anonymous consumers into customers – and customers into brand loyalists.

If this does any location or proximity tracking, asks for phone/contacts/sensors/text/etc. permissions that would be my concern. You can't use language like that without sounding like you're identifying people who may not want to be identified.

[jawz101]

Yeah, I'm going to stand firm that someone can whitelist this if they want it. Looking at their privacy policy and the CEO's past experience with location-based stuff, I'm really not interested in allowing it. These are the sorts of removals that make me lose the reason why I blocked them in the first place.

[dnmTX]

@jawz101 just FYI:

"So Not Sell My Personal Information"

This only applies to California residents,everyone else is under the knife.

[jawz101]

If someone has can tell me that their apps don't have proximity, read cell info or location permissions, clipboard or sensor access I'd remove it. sensor & clipboard permissions on Android cannot be controlled by the end user w/o something like XPrivacyLUA so I really don't have any way to prove they don't do something I cannot see.

[StevenBlack]

Good call, @jawz101. Thank you, as always, for taking the time to review this. Thanks for the comment, Dan @dnmTX.

There you have it, Luis @luisv5z.

Closing.

[liamengland1]

https://www.fastcasual.com/news/blaze-fast-fired-pizza-partners-with-punchh-for-mobile-app-launch/

[StevenBlack]

Thanks LE @llacb47.

I think I can safely say, people who want to be tracked and sold by a pizza chain aren't typical of the people we serve, here 😄.

[luisvxyz]

@StevenBlack @jawz101 Guys, thank you so much for this. 🙌🏽

I guess, the more you know...

[jawz101]

Well, I'm not one to dismiss them. Like if all of the marketing is user initiated (Sign up for rewards points!) I'd feel like it's up to the user.

If they were tracking your location, using bluetooth proximity to throw coupons at you when you're near some place, requesting calendar, clipboard, microphone permission, etc. Or if they sell your data to others. How do I get that 3rd party twice-removed to delete my data that they got from the first person? Stuff like that creeps me out and once I see a worse-case scenario I assume everyone does it.

for instance, I had a Smoothie King loyalty app that had bluetooth beacon service code in it once I looked at the app. It connected to a few random domains including something to do with this Sensoro company. https://github.com/Sensoro/SDK-Android To have an app that has you scan a QR code when I want to collect points, I have no idea why it needs Bluetooth Eddystone sorts of features. Maybe it wants to sell me stuff when I walk by a store.

I'd allow them if I knew how their stuff works. Privacy policies are usually pretty vague on specifics.