Slashdot Mirror
Have a Wi-Fi-Enabled Phone? Stores Are Tracking You
jfruh writes "Call it Google Analytics for physical storefronts: if you've got a phone with wi-fi, stores can detect your MAC address and track your comings and goings, determining which aisles you go to and whether you're a repeat customer. The creator of one of the most popular tracking software packages says that the addresses are hashed and not personally identifiable, but it might make you think twice about leaving your phone on when you head to the mall."
To turn off the wifi
Most smart phones allow you to turn off wifi.
I keep mine off most of the time unless I need it that also includes GPS and Bluetolth
Change your MAC address to a pseudo-random one every time you go out of your main home or work environment. It's possible on android and iOS devices.
Avoid places where this kind of garbage is known to be in use. Turning off the wifi means you have to sacrifice some of the functionality of your phone just to not be tracked. Similarly, the op-out is crap as well. Why should I have to opt out? And what's wrong with the door sensors that have been in use for years to figure out conversion ratios?
Not that I've gone into a mall recently, but seeing any of the stores using this system would be the best way to make sure I never come back.
"So after all this, you make my case for me. To end this stalemate, you must die..."
They will track your movements with facial recognition cameras.
Insurance company will know how much butter, beer and beef you are buying.
Your car will track your driving habits and your TV will track your entertainment.
They will know when you are happy, sad, indifferent or lonely and will provide a product or service that will hit the spot.
Just relax. They have your best interest firmly in mind
-badford
No, that's not what it means at all. It means they'll be able to better tailor their store to profit off of you. Generally, that's not a good thing for you.
Any smartphone can see all the MAC addresses of all phones and access points around it, bluetooth or WiFi (if enabled of course). With GPS positioning on most of those devices and a Giant Corporate Big Brother aggregating the results, all of us are reporting on our proximity to each other.
We all know that Google's wifi geolocation stuff works this way - by tracking which fixed wifi base stations are in range and correlating with a GPS fix. People forget that Google can also identify other phones within range of your phone, and they know which Google accounts are attached to those devices.
Google really does know who is sitting next to you on the train or in the coffee shop, who your jogging partner is, and which whore you visit when your wife leaves your general vicinity.
I bet they do some amazing automated profiling. This guy is a garbage man and works with these people, that guy likes to sit in coffee shops and this woman is usually also present, she's not his wife, so lets advertise couples vacations and cheater sites, this other woman visits a preschool every day and is probably a parent, let's suggest other parents from the same preschool as her Google+ friend...
Isn't a hashed MAC address going to be the same every time? Seems like it would be easy to match the phone to a person if they made a couple credit card purchases on separate trips into a store.
Correct, hashing does not do anything useful here except keep up the pretence. Well it prevents multiple-vendor networks from combining logs from different vendors, but I bet all monitoring devices from a single vendor use the same hash.
Finally! A year of moderation! Ready for 2019?
No, that's not what it means at all. It means they'll be able to better tailor their store to profit off of you. Generally, that's not a good thing for you.
That is worth repeating. All of this "personalization" stuff is not about making your shopping experience better, it is about maximizing the amount of money you spend. Any benefit to you is purely incidental.
When information is power, privacy is freedom.
Presumably they are looking for the initial broadcast packet that starts the handshake to establish a wifi connection with a base station. Seems like you could mess with these guys if your phone had an app to dynamically change the MAC address on every handshake, you could also speed up the rate of such handshake initiations. Wander the aisles for a half hour and the store's now got a million bogus entries in their tracking database.
When information is power, privacy is freedom.
The trouble starts when all mac address's activity gets logged into big data and stays there.
Then later on, your mac address gets cross-referenced with your real name and phone number and personally identifying data some day (because, for example, you may frequent Starbucks or locations that feature free wifi).
Suddenly, without anyone really trying, your every movement throughout the day just became trackable and they know how to reach you.
Asking people to think is like asking them to buy you a new car
Not that it matters, but it doesn't work that way... (My full time job involved researching proximity algorithms)... Using Wifi as proximity, you can tell that say these 5 particular people are in a room, but you have zero idea the spatial relation of each of these 5 people to each other, without the aid of other sensors. Wifi or bluetooth will not give you spatial relationships in any meaningful manner.
For example, if my signal strength to the AP is 80%, and your's is 80%, that does not mean we are next to each other. We can be on opposite sides of the AP, or we can be at some other arbitrary location, where each of us has a different obstacle blocking the direct line of site to the AP, reducing the signal strength by differing amounts. Plus we have no idea what the transmit power is on each device.
You may be able to get a reasonable guesstimate of proximity to the AP, but not spatial orientation to the AP. (ie, you are within 20 ft of the AP, but you don't know in which direction), and certainly not between each peer. The phone will not be able to give you proximity information to another phone using wifi, because the stock chipset on Android and iOS does not give you access to read these beacon packets from arbitrary un-connected devices. I've been able to get it to work in the lab, but only when I use specific hardware/chipsets, with special drivers/firmware.
So all I'm saying is that people are making this to be a bigger deal than it is.
Turn off "location" and other "always want the network" apps that you don't need. Put your mail in "on demand" rather than "periodically polling" mode. Set your phone so the only thing it's routinely monitoring for over the air are incoming phone calls and texts.
At this point your WiFi will be a waste of battery when you aren't actually using your phone.
Now you can turn off your WiFi and save your battery.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Actually, you don't even need to turn off wifi. Just set your phone to not automatically join any public wifi. Wireless clients, including the phone, compiles a list of access points you can join using the ESSID broadcast from the access point. In other words, the access points just dumbly advertise their presence and don't know who are looking until your device tries to join.
I once had a signature.
Your phone will still occasionally be sending packets to see if a known access point/SSID will reply. This is so access points with "hidden" SSIDs will still be found. Most devices just do this and there is no option to disable it, apart from disabling wifi completely. This is enough to see if someone with wifi enabled on their device is hanging around.
Even more disturbing, if an access point with the correct SSID replies with no encryption, a lot of devices will automatically try to attach to that AP. By mimicking the identification protocol the device asks to use, you can even get it to attach to your rogue access point; just tell it it's credentials are accepted and it will merrily use your AP without any user interaction.
I was promised a flying car. Where is my flying car?