Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Have a Wi-Fi-Enabled Phone? Stores Are Tracking You

Soulskill posted about a year ago | from the my-decoy-phone-will-fool-them-all dept.

Privacy 323

jfruh writes "Call it Google Analytics for physical storefronts: if you've got a phone with wi-fi, stores can detect your MAC address and track your comings and goings, determining which aisles you go to and whether you're a repeat customer. The creator of one of the most popular tracking software packages says that the addresses are hashed and not personally identifiable, but it might make you think twice about leaving your phone on when you head to the mall."

Sorry! There are no comments related to the filter you selected.

first (5, Informative)

Anonymous Coward | about a year ago | (#42662849)

To turn off the wifi

just don't automatically join public wifi (5, Informative)

pikine (771084) | about a year and a half ago | (#42663497)

Actually, you don't even need to turn off wifi. Just set your phone to not automatically join any public wifi. Wireless clients, including the phone, compiles a list of access points you can join using the ESSID broadcast from the access point. In other words, the access points just dumbly advertise their presence and don't know who are looking until your device tries to join.

Re:just don't automatically join public wifi (1)

Anonymous Coward | about a year and a half ago | (#42663763)

I remember seeing a few companies that can pinpoint a wifi device without it being connected to an access point. Think reverse war driving...

Re:first (2)

Cammi (1956130) | about a year and a half ago | (#42663549)

Exactly this. And the fact that with Wifi, you use up your battery quicker.

Re:first (1)

Anonymous Coward | about a year and a half ago | (#42663589)

You should really be doing that anyways, if you're not using WiFi, you're still wasting electricity having it broadcasting to the world. Smartphone battery life is bad enough without wasting any on wifi when you're not needing it.

Turn off wifi (5, Insightful)

Anonymous Coward | about a year ago | (#42662867)

Most smart phones allow you to turn off wifi.
I keep mine off most of the time unless I need it that also includes GPS and Bluetolth

Re:Turn off wifi (-1, Redundant)

desdinova 216 (2000908) | about a year ago | (#42662961)

if I had mod points (law of irony says I will get some tomorrow) +5insightful

Re:Turn off wifi (0, Troll)

Anonymous Coward | about a year and a half ago | (#42663195)

-5 douchebag for trying to vote by proxy

Re:Turn off wifi (1, Redundant)

dririan (1131339) | about a year and a half ago | (#42663389)

From signature:

I'm not that concerned with Karma, I post when I think I have something to add

How does the equivalent of "mod parent up" add to the discussion? The parent is at +5, but I doubt people just blindly follow what some random person says it should be modded to.

Re:Turn off wifi (4, Funny)

JustOK (667959) | about a year and a half ago | (#42663411)

From signature:

I'm not that concerned with Karma, I post when I think I have something to add

How does the equivalent of "mod parent up" add to the discussion? The parent is at +5, but I doubt people just blindly follow what some random person says it should be modded to.

So true. mod this up!

Re:Turn off wifi (3, Funny)

Falkentyne (760418) | about a year and a half ago | (#42663769)

Mod child up! Won't someone think of the children?

Re:Turn off wifi (2)

slashgordo. (2772763) | about a year ago | (#42662967)

Of course marketing guys are going to be more creative in tracking you. I automatically turn off my WiFi when I hit the road. I use a car dock with my Droid, and I use a simple app that detects when I put it in the car dock. It will turn off WiFi, and turn on Bluetooth. When I remove it from the car dock, I could either restore the previous WiFi setting, or leave it off. I generally leave it off unless I'm going somewhere I trust the WiFi, like home or the office.

Re:Turn off wifi (5, Informative)

Spiridios (2406474) | about a year and a half ago | (#42663241)

Of course marketing guys are going to be more creative in tracking you. I automatically turn off my WiFi when I hit the road. I use a car dock with my Droid, and I use a simple app that detects when I put it in the car dock. It will turn off WiFi, and turn on Bluetooth. When I remove it from the car dock, I could either restore the previous WiFi setting, or leave it off. I generally leave it off unless I'm going somewhere I trust the WiFi, like home or the office.

Android has a nifty little program called Llama [google.com] that I use for pretty much the same thing. Get home, WiFi on, leave the house, WiFi off. The tool has other benefits too, like going into silent mode when home at night so random emails don't wake me. But thanks to Llama, I usually don't have to mess with my WiFi settings unless I'm in a strange place that I know has free WiFi and I want to leech off of it instead of my data connection.

Re:Turn off wifi (1)

Anonymous Coward | about a year and a half ago | (#42663663)

Which is why you just pass a law that requires them to have all tracking be opt-in and that they permit people to use without opting in to it. Combine that with stiff fines when they violate it and there you go.

The problem with marketers is that they outright don't care what you're feelings are on the matter, they're too focused on figuring out how to get a cavity search on your data.

Re:Turn off wifi (2)

skitchen8 (1832190) | about a year ago | (#42663107)

Yeah I don't really see the big deal. WiFi serves to kill your battery if you're not using it anyway, why would you leave it on all the time?

Re:Turn off wifi (1)

micheas (231635) | about a year and a half ago | (#42663277)

Because wifi kills the battery much slower than 4G? If you have a large number of hotspots that you have access to you can get better battery life than using 4G constantly. (At least I do.)

Don't use 4G constantly (3, Informative)

davidwr (791652) | about a year and a half ago | (#42663403)

Turn off "location" and other "always want the network" apps that you don't need. Put your mail in "on demand" rather than "periodically polling" mode. Set your phone so the only thing it's routinely monitoring for over the air are incoming phone calls and texts.

At this point your WiFi will be a waste of battery when you aren't actually using your phone.

Now you can turn off your WiFi and save your battery.

Re:Don't use 4G constantly (4, Funny)

Jafafa Hots (580169) | about a year and a half ago | (#42663543)

Me, I leave my cell phone at home.
First, I never have a problem with the battery running out during a call...
Plus I never have calls come in at inconvenient times.
Also, I don't have to remember to shut it off in movie theaters and doctor's offices.

These advantages are so great, I'm thinking of inventing a cell phone that can't be taken from your home. Maybe use some kind of tether.

I used to do this, sort of (1)

davidwr (791652) | about a year and a half ago | (#42663709)

For many years my only cell phones were prepaid by-the-minute "emergency" phones. They stayed in the car glove box and were turned off all the time unless I needed to make an outgoing call or needed to be reachable away from home. I charged them up every week or two.

Re: Turn off wifi (1)

skitchen8 (1832190) | about a year and a half ago | (#42663643)

Guess I've never really thought about it but on WiFi the 4G icon is still on, and it must at minimum maintain CDMA connection to receive calls and texts. So as far as I know the cellular connection is always active, and I am fairly sure that having one radio turned on rather than two saves battery, especially when being in my pocket my phone uses very little data. IANAE though, I've never tested it just kind of assumed it works.

Re:Turn off wifi (1)

JonBoy47 (2813759) | about a year and a half ago | (#42663325)

Yeah, Android has piss-poor power management, so turning it off actually helps your cause...

Re:Turn off wifi (1)

thetoadwarrior (1268702) | about a year and a half ago | (#42663235)

Get a decent phone and it doesn't matter because it won't kill the battery. I leave wifi on because I use it so much (even the bus has it) and I don't care if a store tracks me. Given all the other ways they can and do monitor you with that's the best one, imo.

Change your MAC address (5, Interesting)

Anonymous Coward | about a year ago | (#42662877)

Change your MAC address to a pseudo-random one every time you go out of your main home or work environment. It's possible on android and iOS devices.

Re:Change your MAC address (3, Insightful)

Jane Q. Public (1010737) | about a year and a half ago | (#42663673)

"Change your MAC address to a pseudo-random one every time you go out of your main home or work environment. It's possible on android and iOS devices."

This would be of absolutely no help with an in-store tracking system. They don't care what your MAC address IS, they just use it to track you in the store.

And despite what the software vendors claim: a tracking system that assigns a MAC address to you walking down an aisle *IS* personally identifiable... as long as you are in the store.

Re:Change your MAC address (0)

Anonymous Coward | about a year and a half ago | (#42663845)

Umm, "identifying repeat customers" is in TFSummary. The only way they can identify that is with the same MAC address.

Never mind that they don't see your MAC unless you actually join the network, so it doesn't make a damned bit of difference if your WiFi is on or off if you're not joining everything that broadcasts. The point is that being "a new customer" every time you showed up would be differnet than being targeted as a return customer, particularly if they identify you at the register and can do things like print off coupons relavant to places where you frequently are in the store / where you frequently stop.

Let's Make a Deal? (1)

balsy2001 (941953) | about a year ago | (#42662901)

The store gives me free internet access. I don't turn my wifi off in the parking lot.

Re:Let's Make a Deal? (1)

binarylarry (1338699) | about a year and a half ago | (#42663767)

Yes but thing of the horrible things the store could do with this information.

They're know what you like to buy when you're in the store! They could send you all kinds of terrible coupons and special targeted deals on things you buy all the time. The horror!

It's like 1984 only more like 1994! Great shopping deals will be the downfall of humanity!

Don't Just Turn Off Wifi (4, Insightful)

FSWKU (551325) | about a year ago | (#42662905)

Avoid places where this kind of garbage is known to be in use. Turning off the wifi means you have to sacrifice some of the functionality of your phone just to not be tracked. Similarly, the op-out is crap as well. Why should I have to opt out? And what's wrong with the door sensors that have been in use for years to figure out conversion ratios?

Not that I've gone into a mall recently, but seeing any of the stores using this system would be the best way to make sure I never come back.

Re:Don't Just Turn Off Wifi (0)

Anonymous Coward | about a year ago | (#42662965)

Or the easiest solution that has no possible detriment: don't even care.

Why the hell should I give a damn that a store has a VERY vague indication of where my phone's MAC address is inside it, with no way to tie a name or any other identifying information to it?

Re:Don't Just Turn Off Wifi (0)

Anonymous Coward | about a year and a half ago | (#42663259)

unless you're only using cash and don't use the store's club card I could easily assign your unique identity to a given MAC in less than a half dozen store visits,

Re:Don't Just Turn Off Wifi (4, Insightful)

LordSnooty (853791) | about a year ago | (#42663041)

You're wandering around shouting "i am this address, do you have service" so you can't be surprised if some recipients note that down.

Re:Don't Just Turn Off Wifi (1)

Anonymous Coward | about a year ago | (#42663059)

Giving up a small percentage of my phones abilities (read: faster downloads) so my MAC isn't blasted to every nearby station is probably the easiest thing to combat this...

"You can either learn to wear shoes, or spend your life carpeting the world..."

Stop complaining about stores (those business owners aren't operating a store front because they like seeing you everyday) trying to maximize their profits, and take some responsibility for your own privacy!

Re:Don't Just Turn Off Wifi (1)

Dogtanian (588974) | about a year and a half ago | (#42663627)

Stop complaining about stores (those business owners aren't operating a store front because they like seeing you everyday) trying to maximize their profits, and take some responsibility for your own privacy!

We can do both. The fact that we should be looking after our privacy doesn't let the stores off the hook or excuse them from criticism of their behaviour. Nor does the fact that they're only in it for the money (duh)- that explains why they're doing it, it doesn't excuse it.

And to pre-empt another argument I can see coming from someone; no, the fact that we're free to shop or not shop at a particular shop *doesn't* change the fact that we're still entitled to criticise them as much as we like for that behaviour. (This one's a close relative of the flawed "don't like it, don't buy it" [slashdot.org] argument dismissal.)

Re:Don't Just Turn Off Wifi (0)

Anonymous Coward | about a year and a half ago | (#42663759)

That's true, but they don't disclose that they're doing it either. Nor are they getting people to opt in in any honest way. I remember when those club cards first rolled out and they were presented as a discount card. Well, surprise, surprise, very quickly the "regular" price jumped by a similar amount to the club card discount and the amount of money they claim you save is absolutely ridiculous.

If they're hiding this sort of information from the public, I don't think it's right to suggest that people are consenting to it.

In other words, just because they can do something, doesn't mean that they should do something and in this case, because it's not visible to the customer, the customer has no means of opting out.

Re:Don't Just Turn Off Wifi (0)

Anonymous Coward | about a year and a half ago | (#42663137)

Well, my only need for wi-fi is for apps that are too big to download over the air, otherwise my wi-fi is always off.

Why does this matter? (1)

Anonymous Coward | about a year ago | (#42662911)

If stores can track my preferences and how I interact with them, doesn't that just mean that they'll be able to better tailor their store to suit me? Isn't that a GOOD thing for me? I'm a bit confused as to why I'd think twice.

Re:Why does this matter? (2)

kestasjk (933987) | about a year ago | (#42662969)

I would have thought they'd already be doing this with credit card details since forever anyway, and getting much more informative data to mine as a result.

Re:Why does this matter? (1)

amorsen (7485) | about a year ago | (#42663071)

I would have thought they'd already be doing this with credit card details since forever anyway, and getting much more informative data to mine as a result.

Most credit card companies do not allow merchants to hang on to credit card details except for subscriptions.

Re:Why does this matter? (1)

Anonymous Coward | about a year and a half ago | (#42663435)

Yeah, maybe that's why stores push those loyalty cards so much. If you pay with C.C. and also use the loyalty card, they can associate you to your purchases via the Loyalty card in their data base. They don't need to store any credit card info at all but they still get the advantages of storing person vs buys information.

Re:Why does this matter? (0)

Anonymous Coward | about a year ago | (#42663093)

I don't think they do it with your normal credit card but obviously if you have a discount card they do.

But, I think this just applies to Google specifically getting more of 'your' info to sell.

Re:Why does this matter? (4, Insightful)

Anonymous Coward | about a year ago | (#42662973)

No, that's not what it means at all. It means they'll be able to better tailor their store to profit off of you. Generally, that's not a good thing for you.

Re:Why does this matter? (4, Interesting)

Jah-Wren Ryel (80510) | about a year ago | (#42663055)

No, that's not what it means at all. It means they'll be able to better tailor their store to profit off of you. Generally, that's not a good thing for you.

That is worth repeating. All of this "personalization" stuff is not about making your shopping experience better, it is about maximizing the amount of money you spend. Any benefit to you is purely incidental.

Re:Why does this matter? (0)

Anonymous Coward | about a year and a half ago | (#42663169)

Doesn't work for me. If I want something to buy, I seek it out. If someone serves me an ad, I always ignore it. If it's the product I happen to want, I still ignore the ad and buy it elsewhere not from the advertiser.

Re:Why does this matter? (0)

Anonymous Coward | about a year and a half ago | (#42663333)

If it's the product I happen to want, I still ignore the ad and buy it elsewhere not from the advertiser.

Cool. So if I have something that I think you will buy, I just target you with all my competitor's ads and then you'll buy the product from me. Woohoo!

Re:Why does this matter? (0)

Anonymous Coward | about a year ago | (#42663083)

Stores profit off of me by selling me things that I am willing and able to pay for--meaning, I want them and choose to buy them.

Re:Why does this matter? (1)

retchdog (1319261) | about a year and a half ago | (#42663163)

if it's bad for the store to "profit off of you," what are you doing there in the first place?

Re:Why does this matter? (0)

Anonymous Coward | about a year ago | (#42662983)

You're not being paranoid enough. Stores will pick up on what's considered atypical behavior. Many of us have atypical behavior. We don't want the DHS or anyone else to grab the data later and decide that our unusual behavior is grounds for extraordinary rendition, even if we've done nothing wrong.

Re:Why does this matter? (1)

Anonymous Coward | about a year ago | (#42662991)

Yes they *could* do that. Or if they knew that you just came from one of their higher priced stores to a lower priced one ( ie Banana republic to Old Navy), they could jack the prices up just for you, guessing you would still find them lower than the store you were just at.

Re:Why does this matter? (5, Interesting)

calzones (890942) | about a year and a half ago | (#42663189)

The trouble starts when all mac address's activity gets logged into big data and stays there.
Then later on, your mac address gets cross-referenced with your real name and phone number and personally identifying data some day (because, for example, you may frequent Starbucks or locations that feature free wifi).

Suddenly, without anyone really trying, your every movement throughout the day just became trackable and they know how to reach you.

Okay, nice joke. (1)

jtownatpunk.net (245670) | about a year ago | (#42662925)

Who taped a phone to a blind wombat on PCP?

That's what my track would look like. I just wander all around the store, grabbing stuff as it catches my eye, contemplating items I'll never purchase, backtracking and crisscrossing the store at random.

Re:Okay, nice joke. (0)

Anonymous Coward | about a year ago | (#42663021)

i had a friend who suffers from schizophrenia, and this is exactly how he shops. last time i agreed to take him to walmart it turned into a 2 hour adventure buy a video game and a 12 pack of soda.

Re:Okay, nice joke. (0)

Anonymous Coward | about a year and a half ago | (#42663141)

Are you my wife?

Defeated by power saving (2)

AmiMoJo (196126) | about a year ago | (#42662941)

Most phones turn wifi off when idle to save power. All the time the wifi is powered down they can't track it.

Re:Defeated by power saving (1)

Brian Feldman (350) | about a year and a half ago | (#42663287)

I don't think my phone is ever "Idle" when I have the "Sync" setting turned on and Gmail accounts set up.

Why would it matter if it were hashed? (0)

Anonymous Coward | about a year ago | (#42662945)

Isn't a hashed MAC address going to be the same every time? Seems like it would be easy to match the phone to a person if they made a couple credit card purchases on separate trips into a store.

Re:Why would it matter if it were hashed? (3, Insightful)

amorsen (7485) | about a year ago | (#42663043)

Isn't a hashed MAC address going to be the same every time? Seems like it would be easy to match the phone to a person if they made a couple credit card purchases on separate trips into a store.

Correct, hashing does not do anything useful here except keep up the pretence. Well it prevents multiple-vendor networks from combining logs from different vendors, but I bet all monitoring devices from a single vendor use the same hash.

Re:Why would it matter if it were hashed? (1)

dririan (1131339) | about a year and a half ago | (#42663309)

Well it prevents multiple-vendor networks from combining logs from different vendors, but I bet all monitoring devices from a single vendor use the same hash.

I honestly wouldn't be surprised if it was just some standard hash (like SHA-1) with no salt or anything so that even multiple vendors' equipment would produce the same hash. People that collect personal data would go to extremes, even *gasp* using standards, to enable the data to be shared more widely.

(Not to be a pedant, but it's "pretense" by the way.)

Re:Why would it matter if it were hashed? (1)

amorsen (7485) | about a year and a half ago | (#42663829)

(Not to be a pedant, but it's "pretense" by the way.)

British vs. American English. I try to stick with British, but I am not always successful.

Oxford Dictionaries entry for pretence [oxforddictionaries.com]

I can't wait to screw with this (2, Funny)

Anonymous Coward | about a year ago | (#42662955)

Some people say it's time to turn off wifi.

Not me. I can't wait to hack the o/s to absolutely fuck with this as hard as I can. I hope the phone's drivers support messing with signal and power level.

I've done it with wardriving, I've done it with my laptop before connecting to any type of wireless point. I've even done it with wireless on my desktop, spoofing a specific authorized mac address of a piece of hardware I no longer own so I didn't have to log in to my access point and add it to the authorized list.

I'll sniff for MAC addresses, I'll fake them, spoof them, build in a list of different hardware vendors. You'll see the same person in two different isles. You'll see 5000 people enter the store as I cycle through and sequential addresses as fast as I can for five minutes.

The analytics person is going to have so much fun. 0xdeadbeefbabe all over the place.

Sure, they'll filter me out. Or notice me as one oddball. But soonr or later those stats are going to get mass corrupted because it's my radio and I can broadcast anything I want as long as it's in FCC regs.

To whoever it is that'll be debugging that... i'm 20% sorry in advance, and 80% amused at the thought of the hair pulling this is going to cause.

Re:I can't wait to screw with this (1)

PlusFiveTroll (754249) | about a year and a half ago | (#42663143)

Make a simple device that sets a new MAC every minute (or whatever their poll time is) and plug it in at the store somewhere unnoticeable. Fill up there their database with crap.

Gas points (3, Insightful)

badford (874035) | about a year ago | (#42662971)

They will track your movements with facial recognition cameras.

Insurance company will know how much butter, beer and beef you are buying.

Your car will track your driving habits and your TV will track your entertainment.

They will know when you are happy, sad, indifferent or lonely and will provide a product or service that will hit the spot.

Just relax. They have your best interest firmly in mind

Re:Gas points (0)

Anonymous Coward | about a year and a half ago | (#42663429)

Your car will track your driving habits

We're already there with OnStar(TM). The insurance companies are in that game as well.

If it's there, some scumbag marketer will abuse it (0)

Anonymous Coward | about a year ago | (#42662989)

FFS Minority Report depicted a dystopian nightmare. Though for some I guess it's panty-soaking world-of-tomorrow for sleazy advertisers.

I personally dread the day some movie poster addresses me by name. "Helo mister AC! We've determined by our invasive data mining that you saw insipid chick flic XYZ! You'll love the sequel!! Blink twice to purchase tickets now!"

Meanwhile... (0)

Anonymous Coward | about a year ago | (#42662993)

...on the internet you've got a giant tracking clip punched through your ear as you contentedly moo your way through Amazon.

Turn off wifi automatically (0)

Anonymous Coward | about a year ago | (#42663001)

I can't be the only person who disables the wifi radio when i'm not at home or work or in a meeting where it is available and needed. It is part of my battery saving techniques. I also disable cell data - always.

There are apps that make this automatic stuff easy - Locate and .... well, i can't think of the other one.

After all, would you walk around with the wifi enabled on your laptop?

Do wifi devices broadcast always? (1)

amorsen (7485) | about a year ago | (#42663003)

Why do wifi devices broadcast anything when they are not in range of a known SSID? That seems a bit pointless to me.

Bluetooth tracking like this is very common, because Bluetooth needs to constantly announce its existence so that paired devices know that they must respond. Wifi access points need to broadcast for almost the same reason. But why do regular non-AP non-peer-mode wifi devices broadcast anything? They ought to be silent until they find something to speak to.

Re:Do wifi devices broadcast always? (0)

Anonymous Coward | about a year and a half ago | (#42663361)

Why do wifi devices broadcast anything when they are not in range of a known SSID? That seems a bit pointless to me.

It is very convenient for wifi clients to try to connect periodically (how else do you automatically connect to non-broadcast SSID networks?).

It is handy to try & connect to unencrypted wifi networks automatically, so you get a message that wifi is available.

Corrupt their data (1)

_avs_007 (459738) | about a year ago | (#42663015)

Maybe I'll write an app that will flood the airwaves with ping packets, using a random MAC in every ping... Then I can vary the Tx power of each ping, so that their signal strength reading will be out of whack too. So they'll get thousands of unique hits, with signal strength readings all over the map.... (My last project was reading/writing these broadcast packets, so I know how to spoof everything in the packet... evil grin...)

How long... (1)

NIK282000 (737852) | about a year ago | (#42663017)

...until some one starts spoofing multiple devices just to mess with their data? It would serious mess up their day to see 128 devices in the store but only see 5 people on the cameras.
 
\would buy that app.

You posted this more than 30 minutes ago ... (1)

davidwr (791652) | about a year and a half ago | (#42663437)

... so it's probably already happened.

Here's what's really scary... (5, Insightful)

neiras (723124) | about a year ago | (#42663035)

Any smartphone can see all the MAC addresses of all phones and access points around it, bluetooth or WiFi (if enabled of course). With GPS positioning on most of those devices and a Giant Corporate Big Brother aggregating the results, all of us are reporting on our proximity to each other.

We all know that Google's wifi geolocation stuff works this way - by tracking which fixed wifi base stations are in range and correlating with a GPS fix. People forget that Google can also identify other phones within range of your phone, and they know which Google accounts are attached to those devices.

Google really does know who is sitting next to you on the train or in the coffee shop, who your jogging partner is, and which whore you visit when your wife leaves your general vicinity.

I bet they do some amazing automated profiling. This guy is a garbage man and works with these people, that guy likes to sit in coffee shops and this woman is usually also present, she's not his wife, so lets advertise couples vacations and cheater sites, this other woman visits a preschool every day and is probably a parent, let's suggest other parents from the same preschool as her Google+ friend...

Re:Here's what's really scary... (3, Informative)

Jah-Wren Ryel (80510) | about a year and a half ago | (#42663331)

We all know that Google's wifi geolocation stuff works this way - by tracking which fixed wifi base stations are in range and correlating with a GPS fix. People forget that Google can also identify other phones within range of your phone, and they know which Google accounts are attached to those devices.

While that is certainly a possibility, I doubt that it is currently happening because it requires putting the wifi nic into monitor mode in order to sniff for wifi packets from nodes that are not associated with the same access point or ad-hoc network. The vast majority of wifi nics can not transmit when in monitor mode - thus making it useless for normal networking, which would tend to tip people off pretty quickly that something wasn't kosher.

If you have documented evidence of google using monitor mode on people's phones, bring it on. That is the kind of thing that needs to be widely publicized if it is happening.

Re:Here's what's really scary... (2)

jonbryce (703250) | about a year and a half ago | (#42663423)

Supposing I visit some tax-dodging coffee shop. My phone picks up the free wifi there, and reports its location back to Google. Lots of other people who are there enjoying their tax-free coffee flavoured drink have phones which also pick up the free wifi and report the location back to Google. Google therefore knows who is in the coffee shop at the same time as me without my phone picking up other phones directly.

Re:Here's what's really scary... (1)

_avs_007 (459738) | about a year and a half ago | (#42663567)

You're talking about being connected to a hotspot. Euclid is talking about detecting your MAC when you *are not connected* to any network, by monitoring beacon packets.

Re:Here's what's really scary... (2)

neiras (723124) | about a year and a half ago | (#42663501)

While that is certainly a possibility, I doubt that it is currently happening because it requires putting the wifi nic into monitor mode in order to sniff for wifi packets from nodes that are not associated with the same access point or ad-hoc network.

No reason at all why this couldn't be done. It's a single command on most Linux systems with a wireless card.

The vast majority of wifi nics can not transmit when in monitor mode - thus making it useless for normal networking, which would tend to tip people off pretty quickly that something wasn't kosher.

So do it while the wifi connection is not in active use and the phone is idle in your pocket. Extra credit for enabling wifi without showing an activity indicator. No reason this couldn't be done, either. Quick bursts at idle when phone is not in active use.

If you have documented evidence of google using monitor mode on people's phones, bring it on. That is the kind of thing that needs to be widely publicized if it is happening.

I have no such evidence, but I'll be damned if I'm not going to investigate now. I'm guessing that the Google Location Services TOS that every Android phone presents at setup time might be an interesting re-read.

Re:Here's what's really scary... (1)

_avs_007 (459738) | about a year and a half ago | (#42663647)

No reason at all why this couldn't be done. It's a single command on most Linux systems with a wireless card.

True, it's a single command. However, that command only works if the the chipset supports that feature, and if the driver supports going into that mode. Neither of these are true on all the phones I've tested.

Re:Here's what's really scary... not really... (4, Interesting)

_avs_007 (459738) | about a year and a half ago | (#42663345)

Not that it matters, but it doesn't work that way... (My full time job involved researching proximity algorithms)... Using Wifi as proximity, you can tell that say these 5 particular people are in a room, but you have zero idea the spatial relation of each of these 5 people to each other, without the aid of other sensors. Wifi or bluetooth will not give you spatial relationships in any meaningful manner.

For example, if my signal strength to the AP is 80%, and your's is 80%, that does not mean we are next to each other. We can be on opposite sides of the AP, or we can be at some other arbitrary location, where each of us has a different obstacle blocking the direct line of site to the AP, reducing the signal strength by differing amounts. Plus we have no idea what the transmit power is on each device.

You may be able to get a reasonable guesstimate of proximity to the AP, but not spatial orientation to the AP. (ie, you are within 20 ft of the AP, but you don't know in which direction), and certainly not between each peer. The phone will not be able to give you proximity information to another phone using wifi, because the stock chipset on Android and iOS does not give you access to read these beacon packets from arbitrary un-connected devices. I've been able to get it to work in the lab, but only when I use specific hardware/chipsets, with special drivers/firmware.

So all I'm saying is that people are making this to be a bigger deal than it is.

Re:Here's what's really scary... (2)

neiras (723124) | about a year and a half ago | (#42663405)

Not that it matters, but it doesn't work that way... (My full time job involved researching proximity algorithms)... Using Wifi as proximity, you can tell that say these 5 particular people are in a room, but you have zero idea the spatial relation of each of these 5 people to each other, without the aid of other sensors. Wifi or bluetooth will not give you spatial relationships in any meaningful manner.

The problem is that this is all happening over a long period of time, with a constant location fix. So you're right that a one-time scan of nearby devices is pretty much useless - but looking at who was near me every time I go to my favourite Starbucks over the course of a year will give you a pretty good idea of who is actually there with me.

Spatial relationships in a room less to Google than knowing who is part of my life, and who to suggest I might want to make part of my life.

Re:Here's what's really scary... (1)

_avs_007 (459738) | about a year and a half ago | (#42663531)

but looking at who was near me every time I go to my favourite Starbucks over the course of a year will give you a pretty good idea of who is actually there with me.

Not really. I go to the gym everyday at the same time, and I see the same people there everyday... That is a coincidence that we have similar schedules... I am not in a relationship with any of those people I see regularly.

I have a set routine of what I do at the gym, as do most of the regulars I see regularly. For example, I may start on one side of the gym, and work my way to the other, and someone else may start at the opposite end, and work their way forward. It is entirely possible for both of us to maintain the same signal strength to the AP the entire time in relation to each other, simply because we are on opposite sides. There's no way to draw any conclusions from this data, other than we're both inside. You can try to write an app to figure out that we were standing next to each other the entire time, but that is a VERY complex problem to solve, and you aren't going to solve it by simply monitoring beacon packets.

Re:Here's what's really scary... (1)

neiras (723124) | about a year and a half ago | (#42663689)

Not really. I go to the gym everyday at the same time, and I see the same people there everyday... That is a coincidence that we have similar schedules... I am not in a relationship with any of those people I see regularly.

...and that's easily guessed by the fact that there is a large group of people showing up at the same place on a fixed schedule. Pretty simple to write a "group activity" recognizer. And there's a gym at that address. Okay, fitness class. Now we can sort people for "fitness activity" by their attendance. Great, now we have list of people ranked by how serious they are about their personal fitness. Let's advertise supplements to the top 30%, personal training to the middle 30%, and fitness DVDs and McDonalds to the lower ranks.

And what the hell, let's suggest these people to each other on Google+. And advertise a great deal at the fitness club across town, because competition is good, right?

Voila, instant advertising targeting. And that's what Google and others are after.

Your position inside the gym means jack shit. It's all about using proximity data and location data over time to make really, really spookily accurate guesses about people.

Re:Here's what's really scary... not really... (1)

jonbryce (703250) | about a year and a half ago | (#42663453)

If there is more than one AP within range, which is quite often the case, I can currently see 7 of them, then it would be possible to figure out whether you are next to each other or opposite sides of the AP.

Re:Here's what's really scary... not really... (1)

_avs_007 (459738) | about a year and a half ago | (#42663771)

It's not as easy as you think. I spent a long time researching this, and I had a Mathematics PHd on staff helping me. I was able to get granularity down to about 15-20ft, when I saw about 20 access points. But 15-20 ft is still pretty big if you are trying to get spatial orientation between people...

And even then, even when I saw 20+ AP, I was still able to find points inside our building where I got matching signal-strength profiles from the APs as another location pretty far away. Remember, proximity detections is not the same as location tracking. I can get unique profiles from contiguous location blocks, but I can't guarantee the same for non-contiguous blocks.

Direction + strength are available (1)

davidwr (791652) | about a year and a half ago | (#42663527)

There are laptops WiFi detectors that give you approximate direction and strength.

While strength != distance, if I'm "x dB" today and "x dB" tomorrow and so on for 10 days, on most of those days I'm probably in about the same spot. Unless of course I'm a /. reader, in which case I'm mucking around with my WiFi settings just to muddy the data.

Re:Direction + strength are available (1)

_avs_007 (459738) | about a year and a half ago | (#42663835)

While strength != distance, if I'm "x dB" today and "x dB" tomorrow and so on for 10 days, on most of those days I'm probably in about the same spot.

That's not true at all. I've only found that to be true if I'm testing inside a faraday cage inside a controlled lab. Your signal strength will vary depending on what is between you and the AP, so if the people around you are different everyday, your readings will be varied. Even if those were constrained, your signal strength will vary depending on humidity and signal population density. You can probably get a nice average, if I monitor the data for 10 days. But if you are only inside starbucks for 10 minutes/day to grab a coffee, that is not enough time to build out something like that.

Re:Here's what's really scary... not really... (1)

LurkerXXX (667952) | about a year and a half ago | (#42663773)

All they need are two or more access points and they can triangulate by signal strength.

Re:Here's what's really scary... (0)

Anonymous Coward | about a year and a half ago | (#42663415)

Why are you limiting this to Google? All major companies (especially the one fruity company) are doing the same thing. However with such verticle intergration on other platforms, they also can reliably attach Facebook and twitter accounts (Android uses a fb/twitter app and is separate from the OS), your music/movie watching, address, credit card, location (even if location services are off), etc.

Re:Here's what's really scary... (1)

neiras (723124) | about a year and a half ago | (#42663511)

Why are you limiting this to Google?/quote>

I'm not. They're just an easy example.

Cisco/ThinkSmart (2)

sigipickl (595932) | about a year ago | (#42663051)

Cisco's acquisition of ThinkSmart Technologies was all about leveraging WiFi for customer analytics. http://www.cisco.com/web/about/ac49/ac0/ac1/ac259/thinksmart.html [cisco.com]

It's more than just tracking who goes in and out of a store- it's about dwell time, product placement and spot marketing.

How are they getting the MAC address? (1)

camh (32881) | about a year ago | (#42663099)

How are they getting the MAC address of my WiFi interface? I thought that an unassociated WiFi station would listen for beacons of access points (scanning). When an upper layer sees an access point that policy says the device should connect to, it will try to associate with it. Until then, what packets is my device sending out?
If I were running my own access point, I would be transmitting beacons. It my device was configured to connect to any open acces point, then it would connect when it found one.
In the absence of these two device policies, what would be causing my device to transmit packets?

Re:How are they getting the MAC address? (1)

amorsen (7485) | about a year and a half ago | (#42663283)

Indeed, this really confuses me as well.

If I am connected to a wireless network they can track me, but I rarely bring my home wireless router shopping with me. Do unassociated devices really send out "hey there!"-packets from time to time, and if so, why do they do that and how can I make them stop?

I had a play around with airodump-ng for a few minutes, but I only detected one unassociated device and that one seemed to be attempting to associate to a nearby SSID.

Re:How are they getting the MAC address? (2)

_avs_007 (459738) | about a year and a half ago | (#42663613)

They are looking at the beacon packets your device is sending out when it does a scan of the network. Most OS's will do a periodic passive scan to look for networks.

I Smell a DOS prank (5, Interesting)

Jah-Wren Ryel (80510) | about a year ago | (#42663117)

Presumably they are looking for the initial broadcast packet that starts the handshake to establish a wifi connection with a base station. Seems like you could mess with these guys if your phone had an app to dynamically change the MAC address on every handshake, you could also speed up the rate of such handshake initiations. Wander the aisles for a half hour and the store's now got a million bogus entries in their tracking database.

Re:I Smell a DOS prank (0)

Anonymous Coward | about a year and a half ago | (#42663659)

How do they track your MAC address if you're not connecting to their network?

People really leave WiFi on? (1)

bloodhawk (813939) | about a year ago | (#42663123)

I find WiFi sucks the life out of my phone batteries, it is only ever on when I am specifically using it. Do others really leave it on all the time?

Re:People really leave WiFi on? (-1)

Anonymous Coward | about a year and a half ago | (#42663445)

Consider that 90 percent of smartphone users are stupid, half of them not knowing how to turn off wifi, and the other half too lazy to do so... yes, they leave it on

Re:People really leave WiFi on? (1)

DeeEff (2370332) | about a year and a half ago | (#42663505)

3g/HSPA+/4G sucks more out of your phone than Wifi. Access Point scanning is trivial to your battery life, so if you're always at home or near an access point you can use, you would save battery life by keeping wifi on.

Also, GPS doesn't turn on unless requested by a process (not service). So leaving GPS on all the time does not affect your battery whatsoever, unless you like to open Maps all day with GPS off.

I believe this assumes (1)

kilodelta (843627) | about a year and a half ago | (#42663135)

That you have WiFi turned on. I leave mine turned off. In fact I only ever turn it on if I want to use a WiFi network. Otherwise 4G service is widespread enough I don't have to do so unless I'm in steel frame buildings.

So imagine my surprise when I saw at Macy's last night - they have in store WiFi! The evil in my wants to war drive it and see what else I can access.

and who cares? (2)

retchdog (1319261) | about a year and a half ago | (#42663369)

if tracking were only ever used for advertising, i would not have any problem with it. my concern about tracking is that people with the power to fuck my life over will get a hold of it and use the data irresponsibly. sorry, but i just don't see how "walked down aisle 3 five times on Sunday" can contribute to that.

when i see people who are deathly afraid of advertising, i wonder why. there's an old saying among door-to-door salesmen that you hit the houses with signs reading "no solicitors," exactly because the occupants are easily influenced; after all, that's why they put the sign up.

with two exceptions, i research my purchases meticulously before making them. the exceptions are a limited amount of impulse buys (for example, i know they put the candy bars exactly in that spot to maximize sales, but i don't care; i knew that i'd be buying the damned candy bar before i entered the store) and... actually that's about it. the other exception involves my hobbies, but it's not like i ever go to a fountain pen or book store without a budget anyway. i just let myself enjoy the experience more than other places.

i'm fairly confident that i am mostly resistant to advertising. in fact, i can identify the ubiquitous re-use of phrases and images that are "proven" by marketing psychologists to influence people and it's just mildly nauseating. now maybe this is the dunning-kruger effect, but looking around my home, i don't see much stuff that i regret buying, so i'm either making good decisions or i am completely brainwashed. i suspect the former.

Mobile carriers are doing this (0)

Anonymous Coward | about a year and a half ago | (#42663569)

... and they have been for some time. Huge market they don't want to know about.

This is just another way (0)

Anonymous Coward | about a year and a half ago | (#42663687)

You don't think they already have receivers sniffing the IMEIs of AMPS/CDMA/whatever phones as they're moving around? What about Bluetooth devices? This is just another method.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?