Slashdot Mirror
Have a Wi-Fi-Enabled Phone? Stores Are Tracking You
jfruh writes "Call it Google Analytics for physical storefronts: if you've got a phone with wi-fi, stores can detect your MAC address and track your comings and goings, determining which aisles you go to and whether you're a repeat customer. The creator of one of the most popular tracking software packages says that the addresses are hashed and not personally identifiable, but it might make you think twice about leaving your phone on when you head to the mall."
To turn off the wifi
Most smart phones allow you to turn off wifi.
I keep mine off most of the time unless I need it that also includes GPS and Bluetolth
Change your MAC address to a pseudo-random one every time you go out of your main home or work environment. It's possible on android and iOS devices.
The store gives me free internet access. I don't turn my wifi off in the parking lot.
GENERATION 27: The first time you see this, copy it into your sig on any forum and add 1 to the generation.
Avoid places where this kind of garbage is known to be in use. Turning off the wifi means you have to sacrifice some of the functionality of your phone just to not be tracked. Similarly, the op-out is crap as well. Why should I have to opt out? And what's wrong with the door sensors that have been in use for years to figure out conversion ratios?
Not that I've gone into a mall recently, but seeing any of the stores using this system would be the best way to make sure I never come back.
"So after all this, you make my case for me. To end this stalemate, you must die..."
If stores can track my preferences and how I interact with them, doesn't that just mean that they'll be able to better tailor their store to suit me? Isn't that a GOOD thing for me? I'm a bit confused as to why I'd think twice.
Who taped a phone to a blind wombat on PCP?
That's what my track would look like. I just wander all around the store, grabbing stuff as it catches my eye, contemplating items I'll never purchase, backtracking and crisscrossing the store at random.
Most phones turn wifi off when idle to save power. All the time the wifi is powered down they can't track it.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
Isn't a hashed MAC address going to be the same every time? Seems like it would be easy to match the phone to a person if they made a couple credit card purchases on separate trips into a store.
Some people say it's time to turn off wifi.
Not me. I can't wait to hack the o/s to absolutely fuck with this as hard as I can. I hope the phone's drivers support messing with signal and power level.
I've done it with wardriving, I've done it with my laptop before connecting to any type of wireless point. I've even done it with wireless on my desktop, spoofing a specific authorized mac address of a piece of hardware I no longer own so I didn't have to log in to my access point and add it to the authorized list.
I'll sniff for MAC addresses, I'll fake them, spoof them, build in a list of different hardware vendors. You'll see the same person in two different isles. You'll see 5000 people enter the store as I cycle through and sequential addresses as fast as I can for five minutes.
The analytics person is going to have so much fun. 0xdeadbeefbabe all over the place.
Sure, they'll filter me out. Or notice me as one oddball. But soonr or later those stats are going to get mass corrupted because it's my radio and I can broadcast anything I want as long as it's in FCC regs.
To whoever it is that'll be debugging that... i'm 20% sorry in advance, and 80% amused at the thought of the hair pulling this is going to cause.
They will track your movements with facial recognition cameras.
Insurance company will know how much butter, beer and beef you are buying.
Your car will track your driving habits and your TV will track your entertainment.
They will know when you are happy, sad, indifferent or lonely and will provide a product or service that will hit the spot.
Just relax. They have your best interest firmly in mind
-badford
FFS Minority Report depicted a dystopian nightmare. Though for some I guess it's panty-soaking world-of-tomorrow for sleazy advertisers.
I personally dread the day some movie poster addresses me by name. "Helo mister AC! We've determined by our invasive data mining that you saw insipid chick flic XYZ! You'll love the sequel!! Blink twice to purchase tickets now!"
...on the internet you've got a giant tracking clip punched through your ear as you contentedly moo your way through Amazon.
I can't be the only person who disables the wifi radio when i'm not at home or work or in a meeting where it is available and needed. It is part of my battery saving techniques. I also disable cell data - always.
There are apps that make this automatic stuff easy - Locate and .... well, i can't think of the other one.
After all, would you walk around with the wifi enabled on your laptop?
Why do wifi devices broadcast anything when they are not in range of a known SSID? That seems a bit pointless to me.
Bluetooth tracking like this is very common, because Bluetooth needs to constantly announce its existence so that paired devices know that they must respond. Wifi access points need to broadcast for almost the same reason. But why do regular non-AP non-peer-mode wifi devices broadcast anything? They ought to be silent until they find something to speak to.
Finally! A year of moderation! Ready for 2019?
Maybe I'll write an app that will flood the airwaves with ping packets, using a random MAC in every ping... Then I can vary the Tx power of each ping, so that their signal strength reading will be out of whack too. So they'll get thousands of unique hits, with signal strength readings all over the map.... (My last project was reading/writing these broadcast packets, so I know how to spoof everything in the packet... evil grin...)
...until some one starts spoofing multiple devices just to mess with their data? It would serious mess up their day to see 128 devices in the store but only see 5 people on the cameras.
\would buy that app.
Dear aunt, let's set so double the killer delete select all
Any smartphone can see all the MAC addresses of all phones and access points around it, bluetooth or WiFi (if enabled of course). With GPS positioning on most of those devices and a Giant Corporate Big Brother aggregating the results, all of us are reporting on our proximity to each other.
We all know that Google's wifi geolocation stuff works this way - by tracking which fixed wifi base stations are in range and correlating with a GPS fix. People forget that Google can also identify other phones within range of your phone, and they know which Google accounts are attached to those devices.
Google really does know who is sitting next to you on the train or in the coffee shop, who your jogging partner is, and which whore you visit when your wife leaves your general vicinity.
I bet they do some amazing automated profiling. This guy is a garbage man and works with these people, that guy likes to sit in coffee shops and this woman is usually also present, she's not his wife, so lets advertise couples vacations and cheater sites, this other woman visits a preschool every day and is probably a parent, let's suggest other parents from the same preschool as her Google+ friend...
Cisco's acquisition of ThinkSmart Technologies was all about leveraging WiFi for customer analytics. http://www.cisco.com/web/about/ac49/ac0/ac1/ac259/thinksmart.html
It's more than just tracking who goes in and out of a store- it's about dwell time, product placement and spot marketing.
Never trust anyone who takes pride in being called a 'geek'....
How are they getting the MAC address of my WiFi interface? I thought that an unassociated WiFi station would listen for beacons of access points (scanning). When an upper layer sees an access point that policy says the device should connect to, it will try to associate with it. Until then, what packets is my device sending out?
If I were running my own access point, I would be transmitting beacons. It my device was configured to connect to any open acces point, then it would connect when it found one.
In the absence of these two device policies, what would be causing my device to transmit packets?
Presumably they are looking for the initial broadcast packet that starts the handshake to establish a wifi connection with a base station. Seems like you could mess with these guys if your phone had an app to dynamically change the MAC address on every handshake, you could also speed up the rate of such handshake initiations. Wander the aisles for a half hour and the store's now got a million bogus entries in their tracking database.
When information is power, privacy is freedom.
I find WiFi sucks the life out of my phone batteries, it is only ever on when I am specifically using it. Do others really leave it on all the time?
That you have WiFi turned on. I leave mine turned off. In fact I only ever turn it on if I want to use a WiFi network. Otherwise 4G service is widespread enough I don't have to do so unless I'm in steel frame buildings.
So imagine my surprise when I saw at Macy's last night - they have in store WiFi! The evil in my wants to war drive it and see what else I can access.
Not that it matters, but it doesn't work that way... (My full time job involved researching proximity algorithms)... Using Wifi as proximity, you can tell that say these 5 particular people are in a room, but you have zero idea the spatial relation of each of these 5 people to each other, without the aid of other sensors. Wifi or bluetooth will not give you spatial relationships in any meaningful manner.
For example, if my signal strength to the AP is 80%, and your's is 80%, that does not mean we are next to each other. We can be on opposite sides of the AP, or we can be at some other arbitrary location, where each of us has a different obstacle blocking the direct line of site to the AP, reducing the signal strength by differing amounts. Plus we have no idea what the transmit power is on each device.
You may be able to get a reasonable guesstimate of proximity to the AP, but not spatial orientation to the AP. (ie, you are within 20 ft of the AP, but you don't know in which direction), and certainly not between each peer. The phone will not be able to give you proximity information to another phone using wifi, because the stock chipset on Android and iOS does not give you access to read these beacon packets from arbitrary un-connected devices. I've been able to get it to work in the lab, but only when I use specific hardware/chipsets, with special drivers/firmware.
So all I'm saying is that people are making this to be a bigger deal than it is.
if tracking were only ever used for advertising, i would not have any problem with it. my concern about tracking is that people with the power to fuck my life over will get a hold of it and use the data irresponsibly. sorry, but i just don't see how "walked down aisle 3 five times on Sunday" can contribute to that.
when i see people who are deathly afraid of advertising, i wonder why. there's an old saying among door-to-door salesmen that you hit the houses with signs reading "no solicitors," exactly because the occupants are easily influenced; after all, that's why they put the sign up.
with two exceptions, i research my purchases meticulously before making them. the exceptions are a limited amount of impulse buys (for example, i know they put the candy bars exactly in that spot to maximize sales, but i don't care; i knew that i'd be buying the damned candy bar before i entered the store) and... actually that's about it. the other exception involves my hobbies, but it's not like i ever go to a fountain pen or book store without a budget anyway. i just let myself enjoy the experience more than other places.
i'm fairly confident that i am mostly resistant to advertising. in fact, i can identify the ubiquitous re-use of phrases and images that are "proven" by marketing psychologists to influence people and it's just mildly nauseating. now maybe this is the dunning-kruger effect, but looking around my home, i don't see much stuff that i regret buying, so i'm either making good decisions or i am completely brainwashed. i suspect the former.
"They were pure niggers." – Noam Chomsky
Turn off "location" and other "always want the network" apps that you don't need. Put your mail in "on demand" rather than "periodically polling" mode. Set your phone so the only thing it's routinely monitoring for over the air are incoming phone calls and texts.
At this point your WiFi will be a waste of battery when you aren't actually using your phone.
Now you can turn off your WiFi and save your battery.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
... so it's probably already happened.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
If there is more than one AP within range, which is quite often the case, I can currently see 7 of them, then it would be possible to figure out whether you are next to each other or opposite sides of the AP.
Actually, you don't even need to turn off wifi. Just set your phone to not automatically join any public wifi. Wireless clients, including the phone, compiles a list of access points you can join using the ESSID broadcast from the access point. In other words, the access points just dumbly advertise their presence and don't know who are looking until your device tries to join.
I once had a signature.
There are laptops WiFi detectors that give you approximate direction and strength.
While strength != distance, if I'm "x dB" today and "x dB" tomorrow and so on for 10 days, on most of those days I'm probably in about the same spot. Unless of course I'm a /. reader, in which case I'm mucking around with my WiFi settings just to muddy the data.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
... and they have been for some time. Huge market they don't want to know about.
You don't think they already have receivers sniffing the IMEIs of AMPS/CDMA/whatever phones as they're moving around? What about Bluetooth devices? This is just another method.
For many years my only cell phones were prepaid by-the-minute "emergency" phones. They stayed in the car glove box and were turned off all the time unless I needed to make an outgoing call or needed to be reachable away from home. I charged them up every week or two.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
It's not as easy as you think. I spent a long time researching this, and I had a Mathematics PHd on staff helping me. I was able to get granularity down to about 15-20ft, when I saw about 20 access points. But 15-20 ft is still pretty big if you are trying to get spatial orientation between people...
And even then, even when I saw 20+ AP, I was still able to find points inside our building where I got matching signal-strength profiles from the APs as another location pretty far away. Remember, proximity detections is not the same as location tracking. I can get unique profiles from contiguous location blocks, but I can't guarantee the same for non-contiguous blocks.
All they need are two or more access points and they can triangulate by signal strength.
triangulating by signal strength is not that accurate. Especially if you don't know what the Tx power was. I've gotten about 20ft accuracy in practice with many APs in range. Good enough to know you are in the frozen foods section of the grocery store, but not good enough to know who is standing next to whom at the frozen foods section.
Tasker.... My wifi is turned off unless I am at a location that I want it on. If you own an android phone and dont use tasker, you deserve to be tracked.
Do not look at laser with remaining good eye.
This is for my N900 and increases battery life to 3+ days at low usage.
http://talk.maemo.org/showthread.php?t=45053
Presumably, Droid and Apple with their 100,000 fart apps have something similar.
triangulating by signal strength is not that accurate.
You can't triangulate with signal strength. Triangulation involves angles. You can trilaterate (which involves distances). But none of the serious players are doing super-fancy signal-strength trilateration anyway. They're either doing fancier stuff, or have decided it's enough to know which department of the department store you're in.
Each time you go to the checkout, the software can associate your phone's ID with (say) 20-30 payments happening in that vicinity.
After the second time you've been through the checkout, they will know who you are.
It's not as easy as you think. I spent a long time researching this, and I had a Mathematics PHd on staff helping me. I was able to get granularity down to about 15-20ft, when I saw about 20 access points. But 15-20 ft is still pretty big if you are trying to get spatial orientation between people...
And even then, even when I saw 20+ AP, I was still able to find points inside our building where I got matching signal-strength profiles from the APs as another location pretty far away. Remember, proximity detections is not the same as location tracking. I can get unique profiles from contiguous location blocks, but I can't guarantee the same for non-contiguous blocks.
A Cisco MSE will get your location down to around 3 - 5 meters, with 4 or 5 nearby AP's
http://www.cisco.com/en/US/products/ps9742/products_tech_note09186a00809d1529.shtml
How else will they know when I take a dump in aisle 4?
That makes up for me stalking their aisles for products and then buying them online for cheaper.
3g/HSPA+/4G sucks more out of your phone than Wifi.
True.
It goes something like: ... with GPS using 10x lower power than C/GPU.
1. C/GPU
2. Screen + backlight
3. Calls or sending/receiving data
4. Camera
5. Vibrate
6. Screen no backlight
7. GPS continuously receiving
When idling, your smartphone is using maybe 2 orders of magnitude less power than eg browsing. Since smartphones are idling a lot of the time, these numbers become significant.
8. Automatic checking whether anyone's messaged you on FB/Twitter is a significant battery killer. I don't have figures for this but it at least halves battery life.
Apart from that, from highest to lowest:
9. 3G
10. BT
11. Wifi
12. 2G
So 3G + BT + Wifi consumes roughly 3x just 2G.
So your battery may last 3x longer with just 2G active when idling.
http://wiki.maemo.org/N900_Hardware_Power_Consumption#Some_preliminary_numbers_using_the_battery_monitor_chip.
I have a 4G unlimited plan, I have no need for wifi. So mine is off.
How does tracking work? Google is able to pinpoint my address to within 10 meters. Yet I don't use any Android device with GPS and don't own any mobile phones. I do have an old iPhone 3GS that was used for a week, but I don't recall sending any information to Google... unless the Maps app I used in iOS 5 sent google my location information. I thought Apple had that information?!?
We had someone vandalize one of our cars. Long story short, it was my sons X girlfriend. See lives about 60 miles away but at 3:20am, I saw her iPhone attach to my access point. I knew it was hers because I've seen it in the logs from when she was welcome in the house. That time in my logs matched the time frame a neighbor saw someone running through our yard. It never actually made it to a court but she admitted it when questioned by the police.
I live in a pretty rural area and you have to be much closer to my house than to anything else in the public right of way to get my signal. I've thought of and have done some research about scanning and looking for devices in the area just like the article describes. I have an open wi-fi AP that goes no where now but logs and I don't actively probe yet.
Obviously, the best solution is don't shop at malls. The clothes are ugly and unfashionable at best - unless you like that "hey everybody, I'm a low-level manager at a company you'll never hear of" GAP look - and expensive. I have no idea what else you would buy at a mall besides clothes... (I'm an army surplus and pay-by-the-pound guy myself).
Who keeps their wi-fi on all the time? Runs the battery down. I just turn mine off/on when I need it.
I use an app called SmartWiFi on my phone. It determines where I am by known cell towers and their cell IDs. When I leave my driveway, my WiFi turns off automatically until I reach a known destination that I've previously visited and connected to WiFi before. As soon as the phone encounters known cell IDs, the WiFi turns back on automatically. Aside from saving battery by not having my phone constantly searching for a WiFi signal, this would render these store's tracking abilities to be useless on me. Win, win.
Wifi on or off doesn't really matter. Having wifi set to auto connect does matter. A wifi system will constantly probe for WAPs and this broadcasts not only your MAC but also the name of the APs to which it is looking and in some cases your devices name (iPads for instance have you assign a name to your pad).
Frankly, anyone that has a little knowledge can track your coming and going by watching for your probe. More specifically they can document it and map the pattern.
"Hello favored customer!"
Yes, I'm aware of that solution. 3-5 meters isn't that much more fine grained than 15-20ft.
The difference being, I was talking about only using signal strength, and more importantly, using an unmanaged network. Cisco's solution requires a managed network, and it uses more than just signal strength. It also does time-of-flight. I've used those solutions too, but those also require special drivers on the client side. In the end, it still doesn't gain you much for the extra effort. 3-5 meters is still about 10-15ft
This is fine for determining what department of the store you are in, but it won't tell you what specific product you are looking at, or who is standing immediately next to you.
That type of tracking is very different.. They geo-tagged the MAC address of the AP (which is what they are doing when they drive their car around). The client software then looks at which AP has the highest signal strength, then they use the GPS location of that AP as your location. I haven't looked in a while, but the maps API used to expose an API where you sent the MAC address, and it returned the GPS coordinates of that AP. I played with it once, and changed the least significant bit on the MAC of my AP, and it said my location was in New Jersey somewhere. So now I know where the person that bought the router that was next to mine on the production line...
The type of tracking I was referring to earlier, was dealing with AP's that were not necessarily geo-tagged, since I was dealing with trying to build something on top of public (or private) infrastructure that wasn't managed by the parties involved. So for example, a proper solution involved deploying a number of AP's in a specific location, in a specific pattern, etc, with the each AP geo-tagged. The solution I was dealing with, was trying to figure out proximity and rough location tracking (think of the game Marco Polo), where you don't know the location of any of the APs around you, as they are not yours.
Stores have used all kinds of methods to find out how people behave in shops. This time it's wifi. They know your name anyway because who pays with cash these days? Do you also object to people who run small shops knowing your preferences because they serve you time and time again? I think this privacy paranoia is often way overblown.
-- Cheers!
I work for a large international shopping centre company.
You do not know the half of it.
We can determine how many people looked up a certain product while in a certain store, we can see foot traffic in areas - and we now sell advertising space with the rate determined by the mobile heatmaps.
Further - if you check into any social media service - we then can associate that MAC address with your social media accounts. We keep that info forever.
"Well Bob, we've determined the spending habits of the demographic stupid-people-who-leave-their-wifi-enabled-and-set-to-auto-connect-to-any-public-hotspot."
That line of thinking may actually occur at some point in the process, although, I doubt it is the intended effect. I was employed up until last year by a big box office supplies retailer (see: electronics fumbling and ink rape zone), and the culture of preying on the ignorant or uninformed was extremely prolific throughout my experience at several locations. After listening carefully to field and senior management I determined they never deviated far from corporate speak (even district managers). It was, however, quite perceivable and prevalent at the level of store manager downwards albeit with exceptions.
Another thing is that the stores keep a solid set of metrics from entrance and exit, via camera (at the doors only) data correlated with POS data. Return on visit and sales conversion being highly critical metrics. The WI-FI AP's, or rather the intranet nodes at corporate, couldn't even handle all of our floor models at times because of the increase in clients due to cumulative expanded selection throughout all stores. Funny thing is the explanation I got from tier 3 support was that it was a subnetting issue, DHCP pool was running out, hence you wouldn't get knocked off but couldn't join anew. But if you were attempting to connect to the AP your MAC still showed up (layer 2 not being the issue), this I remember distinctly.
Aside from all that, I have trouble imagining having very accurate aisle by aisle data with a single access point that most of these stores have, but I've never used anything more than very basic AP survey tools, nor did I RTFA.
I work for a major retail chain, and we currently do this manually. We have people with maps following customers through the store, marking their path and dwell time in different spots. We use this to see what areas are hotspots, and which are cold, and to develop improvements in how we present our wares. The explicit end goal is to make the store utilize its space more efficiently, which cuts down on rent, lowering the prices of our products.
In what way is improving peoples' lives by making things they need cheaper evil?
This automated tracking system would in the long run make the quality of lives even better, as we would be able to provide even better bang for peoples' bucks. I'm going to look into it.
You're carrying around a radio beacon, and you expect the store to not notice this fact and use it to gather statistics?
Really, if facial recognition software were cheap and ubiquitous would you really expect stores to not use it? This is just a quick and dirty substitute.
Not that it matters, but it doesn't work that way... (My full time job involved researching proximity algorithms)... Using Wifi as proximity, you can tell that say these 5 particular people are in a room, but you have zero idea the spatial relation of each of these 5 people to each other, without the aid of other sensors. Wifi or bluetooth will not give you spatial relationships in any meaningful manner.
Are you that crappy at your job? They use more than one radio (usually SDR so they can simultaneously track BT and GSM), and stores are pre calibrated to map coverage and propagation.
Who logs in to gdm? Not I, said the duck.
This guy is a garbage man and works with these people, that guy likes to sit in coffee shops and this woman is usually also present, she's not his wife, so lets advertise couples vacations and cheater sites, this other woman visits a preschool every day and is probably a parent, let's suggest other parents from the same preschool as her Google+ friend...
This is a geek fantasy. Let me tell you (and I'm talking anonymously so have no need to lie) I do not cheat on my wife but I get those kinds of ads all the time. I also get lots of viagra ads etc. when I'm young and can count the number of times I haven't been able to perform on one hand.
No one cares about targeted advertising - it's too much effort and too hard to get right. The reality of how advertising is working is that they use a scattergun approach. The only ones who care about targeted advertising are the ones trying to sell it to gullible businessmen as the solution to all their sales woes. It's not turtles all the way down, it's scams.
Doesn't your phone broadcast its identity all the time anyway to the cell phone network? That happens even if your Wifi is turned off, or even if your phone doesn't even have Wifi. So what is the point of tracking the Wifi?
The Tao of math: The numbers you can count are not the real numbers.
Your phone will still occasionally be sending packets to see if a known access point/SSID will reply. This is so access points with "hidden" SSIDs will still be found. Most devices just do this and there is no option to disable it, apart from disabling wifi completely. This is enough to see if someone with wifi enabled on their device is hanging around.
Even more disturbing, if an access point with the correct SSID replies with no encryption, a lot of devices will automatically try to attach to that AP. By mimicking the identification protocol the device asks to use, you can even get it to attach to your rogue access point; just tell it it's credentials are accepted and it will merrily use your AP without any user interaction.
I was promised a flying car. Where is my flying car?
When I was young I used to have mod points, just like you. But then I took an arrow to the knee.
I was promised a flying car. Where is my flying car?
Yes, companies have been tracking via GSM for years...
http://www.theregister.co.uk/2008/05/20/tracking_phones/
They could do horrible things to your wifi traffic. You can do horrible things to their Internet traffic. This is a double edged blade. In the end it's just a bunch of APs that determine how far away you are from the AP by using the signal strength negotiation part of the WiFi protocol and log your MAC and a timestamp. Put enough of these APs in your store and you can get a rough idea where a customer is standing at a certain time within a few feet accuracy. All they need to do is pick up one search for a known AP from your device and they can lure it into constant negotiation for as long as you are within reach of their APs. Providing WiFi to customers is only profitable enough if you're going to be actually using your device in their establishment and will be buying food, beverages and such from them. In a DIY store the risk versus profit ratio is way too bad for them to do such a thing.
I was promised a flying car. Where is my flying car?
I have a app for my blackberry that turns wifi on and off depending at what mobile towers (even groups) i am within range of.
Does it become more refined if you have multiple APs, though? If my phone is at 60% signal strength of AP#1 and changes to 90% signal strength at AP#2, that seems like it could give you enough information to piece together a reasonable estimate of location.
They claim that it is not personally identifiable, yet they also claim that they can determine if you are a repeat customer. These two statements are diametrically opposed.
If they can tell that you are a repeat customer, you must be personally, or at the very least uniquely, identifiable!
> the AP ... the AP ... the AP ... the AP ... the AP
You had a job researching the topic, and you never considered a situation where there's more than one AP? The state of "research" seems to have gone desperately downhill in recent years.
Also FatPhil on SoylentNews, id 863
Those who are not in the master class are slaves of the system, we are no more then property to the system that runs the wheelwork of our civilization.
We are tracked just like animals being led to their slauter.
They do it to us, so I see jnothing wrong with us tracking (and trading with others) the details of how often the store network pings the device, how often, a list of the ports they check, etc. etc.
Then of course we can trade that information with other parties.
You should have a look at the website of the company actually selling the turnkey technology that is prepackaged on multiple brands of retail-oriented wi-fi routers.
Notable is that the information doesn't just stay in the store, it is collected and aggregated by the company's cloud service. Conceivably they could track your movements to and between any location using this service, with no advertising or warning of it's presence at all. It can be another Google Analytics, where the service represents itself as provided for free to stores to help market to your customers, but it is actually part of a larger data gathering campaign.
There is privacy-regulation-scale potential here, they can collect metrics that a particular user went into the mall, walked by Radio Shack, went into Bed Bath and Beyond for about 15 minutes (tap your phone here to pay...), went back into Radio Shack. Then they came back to the mall a week later, after going to the library, the mall across town, the coffee shop, in this motel in another town town, and in a hotel in Hawaii. They paid for wi-fi service in the coffee shop and in the hotel, so BTW, here is who they actually are.
All this analytics could be easily rendered useless by a small device that simply churns out about a dozen or so MAC addresses, and broadcasts them in a short-range burst fashion. Something about the size of a disposable lighter, or easily kept on a key chain. Now, when you go into a store, it looks (to the analytic software) like a dozen people came in, looked at the same stuff as you, and left. Take that, you software-probe-wielding . . . people!
If it were to cycle through the addresses, turning some on and off at random intervals, you could easily obfuscate the pool you're using, making it even more difficult to pick your actual MAC address out! Turn off your own WiFi, and you're just polluted the pool enough to make for a really nightmarish situation that should discourage people from trying such a futile effort.
Now, make them available to highschoolers/mall-rats inexpensively as some sort of fad fashion accessory that can be clipped to their belt, and traded easily.
Ok, now I'm being silly. They'd have to make it Hello Kitty or Pokémon to make it really work, and that would be . . . Brilliant?
I'd like my cut if anyone ever makes these! Heh heh heh heh...
Have you actually done wireless research? No? Then STFU. I've tracked BT and WiFi simultaneously. Tracking GSM is pointless becuase you will only be in range of a single tower. If you actually read my previous posts, I was talking about using wifi only, because the original poster was talking about wifi only. And yes, I've done configurations where equipment is deployed strategically/and purposely. But that's not what I was talking about in this thread because I was talking about just the use of wifi in a public place with non-managed equipment, because the original poster was talking about Google doing tracking at abritrary locations where the equipment was not necessarily deployed for the purposes of tracking.
Reasonable, perhaps, but still not precise. You have to figure out why the signal went from 60% to 90% at another AP. Did you simply turn around, so that the signal from one AP is now going through your body? Did you just place your phone in your pocket, or your purse, etc? There are lots of things that can cause signal fluctuations. Did the signal reflect off a surface that it was not able to before? When the number of AP's goes up, it can increase granularity to a point, but I've never seen anyone able to reliably get granularity below 15ft. I've seen solutions that touted
But like I said earlier. Rough estimation is fine for most intents and purposes. I was talking to the argument about using these technologies to determine who you were "with", which requires much more fine grain location tracking. For example one thing that comes up in location tracking is orientation. However, orientation of the device does not imply orientation of the user. So how does the app know if two people are facing each other, or away from each other? You could try to rely on orientation of the phone, but you don't know if the user put the phone in their pocket face forwards, face backwards, or if it's actually in a bag situated sideways, etc.Now when you start adding other sensors into the mix (which is what I was talking about earlier), it is more feasible to do, but that's the original argument I was making... That you need to rely on more than just simple wifi beacon packet sniffing.
> the AP ... the AP ... the AP ... the AP ... the AP
You had a job researching the topic, and you never considered a situation where there's more than one AP? The state of "research" seems to have gone desperately downhill in recent years.
Where did I say I only looked at situations with a single AP?
Are you that crappy at your job? They use more than one radio (usually SDR so they can simultaneously track BT and GSM), and stores are pre calibrated to map coverage and propagation.
In case you didn't read the original article, the technology in question only looks at wifi beacon packets, it doesn't track anything else from the device. That's why I used the specific research examples that I did. In fact, if you actually read my arguments, I was saying you needed to have other sensor inputs to make the results more accurate.
Also, there is a difference between location tracking and spatial relationship. Two people can be in the frozen food section and satisfy location tracking, but you'll need spatial orientatation/relationship information to know which product you are specifically looking at. In terms of the original poster, he was worried about apps figuring out who you were "with". You need spatial orientation there too, to differentiate between someone sitting at the same table as you vs someone sitting at the table next to you, etc.
Much ado about nothing. If you can turn the wi-fi off, turn it off. If not, turn the phone off. This whole discussion about privacy violation, profiteering, etc. is a waste of bandwidth. Instead, do something worthwhile with your time. Like I'm doing right now. :-/
Yes, I'm aware of that solution. 3-5 meters isn't that much more fine grained than 15-20ft.
Right, but my point is that this technology is available off-the-shelf, no need to hire a PhD to do it, for $25K in equipment, a single-floor store can track their customers.
The difference being, I was talking about only using signal strength, and more importantly, using an unmanaged network.
How would you track customer smart phones without some sort of overall network management? How else would you get the nodes signal strength and other metrics in real time so you can locate the device? If you're talking about geolocation on the client side, that's completely different than what this article is talking about.
Cisco's solution requires a managed network, and it uses more than just signal strength. It also does time-of-flight. I've used those solutions too, but those also require special drivers on the client side. In the end, it still doesn't gain you much for the extra effort. 3-5 meters is still about 10-15ft
No drivers on the client side are necessary - we were seeing 2 - 3 meter positioning for normal cell phones in a large open area with 4 Wifi nodes available, with 3 - 5m in a more typical office environment with 4 - 5 nodes.
End the end we went with ceiling mounted people-counter cameras since it gave us more useful data at a lower cost.
sentence got cut off... I was saying that I've seen solutions that touted sub 15ft accuracy, but when I tested those solutions, they almost all made the same assumptions. They assumed the device being tracked would be in hand. The algorithms usually fell apart when you placed the device in your pocket, in your purse, etc. Especially if the device transitioned from being in pocket/purse/bag to being in hand and back while in motion.
And to add further. There is a difference between active tracking and passive tracking. The technology this article is referring to, relies on passive beacon packets from the mobile device. On Android, for example, it passively scans every 30 seconds. That effects the granularity/resolution of your location tracking because the filters that you have to employ to clean up the data are negatively effected by smaller data sets. To get finer grained location data, you need lots more data points. And I mean orders of magnitude more data points then whatever you can get from a passive beacon.
Think of it this way... Imagine yourself walking into a store with me, with your eyes closed. Now only blink once every 30 seconds, even if you knew our precise location every time you blinked, do you have enough information to know what I was doing in the store, what sections actually appealed to me, and what products I got? You may know that I was in the meats section, but you wouldn't know if I was just passing through, if I paused. If I paused you don't know why I paused, maybe because somebody's cart was blocking me. Your eyes may have been closed when I grabbed the frozen pizza, because that section was near the produce section, which is where you blinked, but I was able to get to the frozen pizzas and grab a pizza, and walk back to the produce section because I forgot to get some grapes, before you blinked again.
Most of the research I was doing was centered on user-intent. I mentioned this research, becuase the original poster was talking about similar scenarios with regards to how Google might use the information. Determining user-intent is vastly more complicated then simply location tracking, especially with the coarse grained tracking afforded by a passive scan. My original argument was that to do the types of scenarios the original poster was talking about, requires much more then just beacon packet sniffing, which is what Euclid is doing.
When you puff yourself up and say that you've researched the field, and then completely fail to mention the single most important thing, then the implication is that either your research didn't cover such essentials or that you're crap at communicating what your research was in.
So we now know it was the latter, thanks for clarifying.
Also FatPhil on SoylentNews, id 863
does anyone really cares about this? lol
How would you track customer smart phones without some sort of overall network management? How else would you get the nodes signal strength and other metrics in real time so you can locate the device? If you're talking about geolocation on the client side, that's completely different than what this article is talking about.
I was tackling a slightly different problem, so yes I was trying to do things client side.
we were seeing 2 - 3 meter positioning for normal cell phones in a large open area with 4 Wifi nodes available, with 3 - 5m in a more typical office environment with 4 - 5 nodes.
This is inline pretty much with what I was getting. 15-20ft being 4-6m.
The reason I was talking about unmanaged networks, was because the original poster was talking about Google aggregating information from arbitrary locations to make determinations on the user. If a department store wants to implement a system to track it's users in a store, they can do that pretty well for what their needs are. I was talking about Google trying to aggregate location data from places where equipment was not necessarily deployed with tracking in mind. For example, starbucks could probably give 2 sh!ts where you were in the cafe. If google got a hold of the data of you while at starbucks, they would be in the same position I was referring to.. They have signal strength readings of various APs that they have no idea where they were deployed, how they were deployed, etc. That's a different scenario then if Starbucks were to deploy a purpose-built location tracking system, and then forward the information to Google.
By the way, I tested some server side commercial solutions, but I ran into some interesting scenarios, but maybe it's because the environments I was dealing with have less constrained environments. For example, in our own workspace each office space is not identical, nor is there any pattern to the layouts, as it's the employees choice on the layout. That means we ran into problems even with the commercial solutions, based on how the device was placed. Some people placed the phone on the desk next to keyboard. Some placed it in pocket. Some placed it in jacket pocket. Some placed it behind their monitor out of the way of their work area. Some put it in their flipper cabinet. Due to all this, we were never able to reliably get accuracy below 15ft. Depending on the problem you are trying to solve, that is probably good enough.
But one scenario I tested, involved a restaurant. Even with granularity down to 6ft... That wasn't good enough to differentiate someone sitting at the same table as you from someone sitting at the table next to you, because sometimes the person sitting in the chair in the next table over, is actually closer to you then the person sitting across from you at your own table.
First of all, I mentioned using more than one AP in several posts, it probably wasn't in this particular chain. Also, the original problem I was stating, was talking about the problems of trying to interpret signal flux, which is going to be a problem regardless how many APs you have. That's why I never mentioned it in the first post, because it was irrelevant, the problem would still be apparent regardless.
It's not like I was trying to give you guys a dissertation on my research. I was simply shedding some light on a few select scenarios to show how such concerns the original poster had were overblown. I didn't feel it was necessary to go into great details, as I was trying to be simplistic in my explanations, because it's easier for an audience not in the field to understand such concepts in simplistic terms/examples, rather then getting into nitty gritty details.
Also, I wasn't puffing myself up. I only casually mentioned my research, so that my examples would hold more weight then some random person that makes a suggestion. My approach to this thread was more like a Q and A session, where people made suggestions/hypothesis and I responded with how that worked out in research. That was my intent. It was not to come on here like an arrogant prick and tell people how everything works.
You will also have to turn off bluetooth.
http://gpsobsessed.com/bluetooth-the-latest-vehicle-tracking-innovation/index.html
I think you are going about it wrong then. Set up multiple APs or a single AP and multiple receivers. For a simple example think of four APs located in the corners of a square room. Want to get really fancy? Measure the time of flight of a single to all the receivers. The more APs the more accurate. To allow for interference put an AP point at the center and us that as a reference. Not perfect but without time of flight you might get pretty good numbers. With time of flight you could get pretty accurate.
I actually really want this. It would be great if somehow I could get my location in a store down to a foot or so. Where do I find the drill bits? A map pops up and shows you exactly where on the isle it is and points to it when you get near. You see creepy I see convenient. When I pay with a credit card they already know I was there. What I really want is for my freaking bank ATM to know that I do not speak Spanish!.
See my blog http://ilovecookes.blogspot.com/ for light hearted technical information.
If anyone is familiar with Serenity/Firefly you should know what a "crybaby" is. The probes that scatter and transmit false beacons and allow at least a chance to escape.... How hard would it be to create a device that generates hundreds of different WIFI MAC attempts continuously? Just walk around while that thing is singing from your pocket.... Freedom through obscurity.... lol
Just a question... So what if the store owner see that "A6-DB-C9-9D-58-4B" is in store? As a matter of fact... he/she has been here 3 times this week! In the Shampoo section of all places. Maybe he/she has dandruff? Who is " A6-DB-C9-9D-58-4B" any ways? Who cares? I just hope he/she can sort out that scalp issue....
A MAC address is 6 hex values: AA:BB:CC:DD:EE:FF. Not sure where you are getting your info there.
Those 6 hex values aren't completely random. The first three numbers are vendor specific.
So by looking at "AA:BB:CC" you immediately guess who the vendor is, (C0:CB:38 is Broadcom, 5C:26:0A is Intel).
Also, most constructor don't assign the last 3 completely randomly but use incremental number.
By looking within which range the last 3 falls, you can also guess which range of product this is.
So a MAC address CAN INDEED be used to infer the wifi chipset in the phone.
See a MAC address in a range that Apple typically use for iPhones? well you know that the user has an iPhone in his pocket. You might even pin-point it down to the latest iteration.
Fire up the hipster advertising mode.
See a MAC address from broadcom, a mid-range or budget wifi chipset? Probably a poor student with a netbook enjoying the stores free WiFi.
Good idea to advertise special offers on ramen packages.
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
I feel SUPER uncomfortable about the tracking!
Those Cheap Mobile Phones with WiFi is now steal my information.
It should be banned.
WiFi isn't necessary to track your phone. This company can do it using the cell tower communications. As long as your phone is on, it can be tracked. http://www.pathintelligence.com/about/