Slashdot Mirror

← Back to Stories (view on slashdot.org)

Londoners Tracked By Advertising Firm's Trash Cans

Posted by timothy on from the time-for-spoofing dept.

schwit1 asks "How can I automatically have my wi-fi turn off when I leave the house unless I specifically turn it back on?" and provides this excerpt from Wired to illustrate why that would be useful: "Hundreds of thousands of pedestrians walking past 12 locations unknowingly had the unique MAC address of their smartphones recorded by Renew London. Data including the "movement, type, direction, and speed of unique devices" was recorded from smartphones that had their Wi-Fi on. First reported by Quartz, the data gathering appears to be a Minority Report-esque proof-of-concept project, demonstrating the possibility for targeted personal advertising. 'It provides an unparalleled insight into the past behavior of unique devices — entry/exit points, dwell times, places of work, places of interest, and affinity to other devices — and should provide a compelling reach data base for predictive analytics (likely places to eat, drink, personal habits etc.),' reads a blog post on the company's site. In tests running between 21-24 May and 2-9 June, over 4 million events were captured, with over 530,000 unique devices captured. Further testing is taking place at sites including Liverpool Street Station." (The name sounds a bit like a government project, but Renew London is actually an advertising / marketing firm.)

10 of 189 comments (clear)

  1. Llama or Tasker by The+MAZZTer · · Score: 4, Informative

    Former is free and can do what you need, latter costs a few bucks but is apparently far more versatile.

    This is for Android, of course.

  2. Re:Cell phones must stop broadcasting MAC addresse by girlintraining · · Score: 4, Informative

    The 802.11 protocol does not require cell phones to broadcast their MAC addresses. Phones do it so that they can discover nearby networks faster, but it is completely optional.

    Except, of course, that it does. In order to associate to an access point, you have to send your MAC address. It's sortof how packet-switched networks operate: It needs a source and destination. What you're talking about is a Probe request, a special type of packet when a station needs to obtain information from another station. This other station is typically an AP, but not necessarily.

    Any connection made over wifi needs to broadcast a probe frame, and these are by definition unencrypted. Any station on the same channel can see them. Thus the only way to prevent broadcasting your MAC address is to disable wifi entirely. It is in no way "optional" for connecting to another wifi network, and many cell phone users want this functionality because auto-connecting to unsecured wifi allows for data transmission without incurring fees from their provider. The iPhone, for example, can receive OTA updates via open wifi, as can Android.

    They aren't doing it solely to "discover nearby networks faster"; It actually saves the user money.

    --
    #fuckbeta #iamslashdot #dicemustdie
  3. Re: Cell phones must stop broadcasting MAC address by dnadoc · · Score: 5, Informative

    What he meant was "The 802.11 protocol does not require cell phones to broadcast their MAC addresses when disconnected from an AP" Sure you need to send the MAC address to connect - he knows that. You don't need to send anything if you don't want to connect. It's not hard to write an app that turns off wifi outside of particular physical area. That addresses the concern they're talking about. They don't care about background data usage on the phone when they're not using it.

  4. Re: possible new app by Anonymous Coward · · Score: 2, Informative

    I use Tasker for this. My profile is set up so that when I'm paired with any of the cell towers near my house it will enable WiFi and try to connect to my home network. Tasker costs $3 and setting up this sort of config shouldn't take more than an hour.

    The app also has a billion other uses. When I'm at work my phone will automatically be silenced, and when I plug in headphones my music player opens and my volume is set properly.

  5. Legit uses? by aggles · · Score: 3, Informative

    Several airports in Europe are using the same non-associating probe technique to figure out if enough security lines are open. By knowing the time from pre to post security location of a MAC address, they can tell how well traffic is flowing. Since people beyond security, on average, spend several Euros per minute, it is better for the airport to minimize the security delay. Good for passengers too.

  6. Re:MAGNET TIME! civil disobedience ftw! by girlintraining · · Score: 3, Informative

    Thus their marketting database is swiftly polluted and becomes much less valuable.

    Cache poisoning is hardly a new thing... the problem is very few people have the money or resources to do it along with the technical expertise and desire. Since so few people do it, this would accomplish next to nothing; In just a few days, several million entries were gathered from these devices. You travelling around might hit .01% of the available contact points. Now, if I could clone a thousand of you and randomly space them about in the target area, maybe it'd be enough to render the data integrity suspect. But I highly doubt that there's a thousand people willing to buy netbooks and engage in such activity in any given geographically bound area that size. I doubt there's even 20 people in these neighborhoods that have the technical expertise to understand and impliment such a tactic.

    --
    #fuckbeta #iamslashdot #dicemustdie
  7. Re:Cell phones must stop broadcasting MAC addresse by Anonymous Coward · · Score: 2, Informative

    Montana now has a day time speed limit (and has since 1999):

    http://en.wikipedia.org/wiki/Speed_limits_in_the_United_States#No_speed_limit

  8. Re: Cell phones must stop broadcasting MAC address by LordNimon · · Score: 4, Informative

    Thank you for understand exactly what I was trying to say. However, it's not necessary to disable wifi completely. Instead, the phone should just not send any probe requests, and it should not automatically connect to an insecure network that it has never seen before.

    --
    And the men who hold high places must be the ones who start
    To mold a new reality... closer to the heart
  9. Re:Cell phones must stop broadcasting MAC addresse by PPH · · Score: 3, Informative

    It listens for the network SSID. Silently, in some cases.

    --
    Have gnu, will travel.
  10. Re:Cell phones must stop broadcasting MAC addresse by petermgreen · · Score: 4, Informative

    Find me a bank or online retailer that allows financial accounting data to be submitted over insecure connections instead of SSL. I can wait.

    It doesn't matter what the bank or retailer gets the data over, it matters what your phone sends it over. All too often people start browsing from an insecure entry point and only later move to a secure part of a site. This allows the MITM to change links or redirects in the insecure part and hence get the user to either enter their authentication details unencrypted or get them to enter them encrypted but to a domain the attacker controls (and therefore has a "legitimate" certificate for).

    Plus ssl isn't as secure as people might like to think, for example apparently there were CAs out there who would still sign certs using md5 after md5 collision attacks became feasible allowing attackers to get themselves a cert with CA powers that was trusted by browsers*. There have also been recent attacks on SSL itself, and attacks on the way browsers combine compression with ssl.

    * http://www.win.tue.nl/hashclash/rogue-ca/

    --
    note: i'm known as plugwash most places but i screwd up registering that here somehow in the past and now can't register