Slashdot Mirror
Austin Airport Tracks Cell Phones To Measure Security Line Wait
jfruh writes If you get into the TSA security line at Austin-Bergstrom International Airport, you'll see monitors telling you how long your wait will be — and if you have a phone with Wi-Fi enabled, you're helping the airport come up with that number. A system implemented by Cisco tracks the MAC addresses of phones searching for Wi-Fi networks and sees how long it takes those phones to traverse the line, giving a sense of how quickly things are moving. While this is useful information to have, the privacy implications are a bit unsettling.
Its not like they don't already know where you are when you are entering airport security.
News at 11.
Modern IOS versions randomize the MAC used for passive wifi scans. I'd imagine android is also doing the same.
Don't use the FREE effing wifi, if you don't like it. If you're not paying for the product, you are the product.
Turn off wi-fi. Done.
You can be tracked anywhere anytime you're using a communication radio. Deal with it.
"A plan fiendishly clever in its intricacies"- Homer Simpson
And, it's not like you can opt out .. unless you simply don't fly.
...if you have a phone with Wi-Fi enabled
You could always just, you know, turn off wifi on your phone.
The only thing necessary for evil to triumph is for it to be pitted against a slightly greater evil
I'm a huge privacy advocate... but how far are we going to go with this?
You're in a public place.
You're connecting to their network at various points.
They're using that info to figure out how long it takes for you to get through the line.
How is this any different than them using your check ins with your boarding pass?
"I just dumped the entire contents of my luggage in the middle of food court. I appreciate the offer to help me pick it up bu how dare you invade my privacy!"
How's THAT for an opt out?
I wonder how that works now Apple randomise the MAC address when looking for networks.
Don't the new iOS randomly pick a MAC address when scanning for available networks now? If you don't want to be tracked, don't connect to the airport Wifi.
Magic doesn't work in my presence. My power of disbelief is too strong.
"While this is useful information to have, the privacy implications are a bit unsettling"
We're talking the TSA... which means the DHS... and the NSA... so, imagine, if you will, how much NSAware is being installed in your phone to increase "your" safety.
You can absolutely opt out. Just disable your WIFI and don't connect to a network you don't trust.
Not connecting to a network you don't trust is good advice in general.
If you've got a recent iPhone, it's already randomizing the MAC used for background scans:
Of course, that doesn't work if you are using the phone to read Twitter while waiting in line, because seriously, what else are you expected to do while shuffling along?
While this is useful information to have, the privacy implications are a bit unsettling.
As best I can tell from the description, this sounds similar to what Disney and other themeparks use to track their wait times for rides, except the amusement parks occasionally hand out little RFID "things" to guests at the ride entrance and ask the guest to give it to the operator.
As far as I'm aware, any time you're polling for WiFi networks you're broadcasting your MAC; this just seems like a fairly benign way to get information about a process without getting actual data on an individual.
Granted, you can somewhat reliably tie together a MAC addy's travel path if you have the ability to see all the places that MAC has been, but that was true even without this particular software.
So, yeah, what is the concern about this software in particular? It seems like the complaint is more with how the scanning for networks works.
Sigh. Ok people, let me explain something ... if your cell phone is on, you are being tracked. You always have been. The cell towers have to communicate with your phone, and therefore you are always being tracked.
This particular instance of tracking (by noting with a MAC address enters/leaves an area) is no more invasive than what has been happening at the airport for decades with the cameras that are up at every airport everywhere. Tracking a MAC address doesn't indicate who you are or give them access to any information about you as an individual.
Furthermore, if you have your WiFi on, you are again always locatable. If you really think that someone someone being able to know that MAC 00:11:22:33:44:55:66 has left the building is an invasion of privacy, turn off your phone - or better yet don't have a cell phone, because you are being tracked and inspected in far more invasive ways than that if you have a cell phone.
So all those alerts warning you about broadcasting your IP were right all along!
Anxiety over being late (for work, or for a plane) is a common concern.. this will help alleviate it.
On the freeways where I live are large signs that show transit times to various points-- those are very accurate and very nice to have.If you're concerned about privacy and tracking, don't wear a device that can track you.
But if you're in an airport, you can assume your name and travel details will be reported to the government. Even if your local coffee shop wants to know how many you stop in for a latte, who cares? If you care, wear a tinfoil hat or unplug.
Nobody is forcing you to connect to the airport WIFI network. It's just as disturbing to me that you think you should have the right to data on someone else's network just because you use it. If you were paying for such a right and had a contract in place, I could see that. But you are not, and therefore you have no right to tell them what they can and can not do with that data. It's not just you, people all over are using free services and then claiming they have a right to tell the providers what to do with the data those services collect.
Certainly I don't want them to know I have a cell phone, that would be an invasion of my privacy while I wait in line for my NAKED BODY SCAN, right after I hand them my government-issued ID. There are privacy invasions happening there, but they aren't wifi related.
I don't see the need for a tinfoil hat here. If my phone is actively searching for a network, and the airport is using that information in a way that doesn't identify me, doesn't make my phone think it should be sending any other data, and generally makes my experience better, I don't see a problem. They're even letting me know that they do it.
I love my privacy, but this use seems perfectly sane. Yes, they could hire a Walmart greeter to sit on a stool and watch the line, periodically holding up a chalk board with an estimated wait time. But then we'd be decrying the creepy guy who keeps staring at us in line.
How about we actually see how some innovations play out before deciding that the airport is going to stalk us?
Take it to the limit, everybody to the limit, come on, everybody fhqwhgads.
A bit????
No, the privacy implications of this are downright creepy. Because the most unsettling thing is governments and corporations feel they have a right to this information.
And, it's not like you can opt out .. unless you simply don't fly.
And, then what does Cisco et al do with this information? Oh, right, sell it for profit.
Assholes.
They A) Already know you have a flight booked B) Already know where you are going. C) When you check in, they know you are there. If you want privacy of how long you are waiting in line. Don't broadcast your location over the air waves with a transmitter.
I don't want to do a sig now
Erm... how do you think the traffic apps work on your satnav?
They ask you to "anonymously" contribute statistics, they talk home over 3G to service centres, who spot traffic moving slowly (given speed and position is easy on a satnav), mark those roads with appropriate average speeds and then transmit that out to everyone with traffic services.
Sure, they use roadside monitors and other things as well but the "HD" traffic you might get from any large satnav provider uses exactly the same technology.
The question is not whether this is worrying data to collect, but exactly what portion of the collected data needs to be collected? If they are hashing the MAC's really quickly and then discarding the original MAC data, and only keeping MAC-hash and position data, then there's nothing to worry about.
Or, you know, you could write an inflammatory article about a technology that every satnav, every shopping mall, and even festival organisers have been using for years.
You could always just, you know, turn off wifi on your phone.
Which also gives you better battery life!
You are dumb.
The manufacturer of your phone already knows your mac address. It has no value to anyone else beyond the first network hop. You like the author are an idiot who knows nothing about MAC addresses.
Seriously, all they would need to support this is to collect the MAC's on the individual access points. Note the time the MAC first appears, and the time it leaves any individual access point. There would be no need to record any other information. This sort of information It's already visible in every access point ever made, so whats the big deal? Now if they wanted to do some data mining by associating your phone's MAC to your boarding pass that would be more along the lines that people are complaining about. But really, the government already knows your flying from the time you purchased your ticket.
While it certainly saves the average traveler from having to guess the queue length and service rate for themselves so they can estimate the wait via Little's Law ( http://en.wikipedia.org/wiki/L... )
It is hard to see how it manages to not be confused by people standing around the entrance and then walking away rather than in, or separate those speeding through the Priority or Pre-Check lines from the regular lines.
It would seem a simple electric eye counter or just giving the guy who sorts you into lines a clicker might do just as good a job. So while I don't like hopping into the tin foil hat explanations too quickly it is hard not to suspect that maybe this is just a cover story for the fact that they are indeed using it for surveillance purposes.
But then they already know everything I am doing in the airport tracking my phone doesn't personally make me any more under their eye than I already am. Not that I like them gathering all this data and lying about what they keep, I'm just not sure this actually adds to the degree I have already had my privacy compromised by the government.
-jon
I disagree. Although i do think my phone should change its mac address regularly so that the tracking is at most session based. They know -a phone- was in line for 30 minutes. They don't know the phone is my phone. And when they see a phone a for 30 minutes next week they won't know its the -same phone-.
Also, just a heads up to those excited about Apple's ios mac randomization -- its proving to be not remotely as good as they led us to believe it would be. (It only sends out a random mac when a) not connected to a network, b) AND asleep.
Any time anything wakes up the phone it probes with its real mac. (So for example, if your on cellular data, and twitter or email or something gets a message to your phone, it wakes up and probes wifi with its real mac...) rendering the feature all but useless. Apparently the fake probes also include your recent SSID list too making them even more useless.
http://www.imore.com/closer-lo...
So... not worse than ios7 ... but not exactly useful either.
And on that note, does anyone recommend a good automatic mac randomizer for android?
Well, I fail to see how people taking note of information that you're basically shouting out loud to everyone around you can be considered creepy.
I mean, you phone is basically saying "Hi I'm John Smith the <48 bit MAC ID> and I'm looking for WiFi, anyone offering some?" over and over again.
So you're saying it's not right for someone to overhear it and write that down? "I just heard a John Smith out there".
You must be real fun at parties when people overhear your conversations.
No, the privacy implications of this are downright creepy. Because the most unsettling thing is governments and corporations feel they have a right to this information.
If you are in an airport your are IN PUBLIC. Your privacy rights are significantly reduced when you are in public. You have no legal expectation of privacy in public. There is nothing remotely creepy about this. In fact I actually think this is a fairly clever use of the technology which allows people to easily opt out if desired.
And, it's not like you can opt out .. unless you simply don't fly.
There is an incredibly easy solution. Turn off your Wifi. Tada! Problem solved. If you have Wifi turned on then you are quite literally broadcasting your presence to anyone who cares to listen. It's like shouting at the top of your lungs in the airport and then telling everyone you have no way to opt out. YOU are the one broadcasting. It is YOUR choice. If you don't want people to listen then turn off your radio.
in Massachusetts (and probably other places) use Bluetooth phone tracking: http://www.mass.gov/governor/pressoffice/pressreleases/2014/0411-governor-patrick-announces-go-time-expansion.html
"The GO Time real time traffic system measures travel times between two points by anonymously tracking the Bluetooth enabled devices carried by motorists and their vehicles. The system complies with new federal legislation that requires real time traffic information to be provided to the public."
So what you're saying is:
When you are standing in line... ...at the security checkpoint of an airport... ...it's an invasion of privacy for them to know where you are...?
The guy who said the election was rigged won the presidency with the second-most votes.
Okay, so turn your WiFi off before you walk into the airport. Super secret line monitoring DEFEATED! The TSA will never know where you are in line! You'll be like the Spanish Inquisition.
That's our life, the big wheel of shit. - The Fat Man, Blue Tango Salvage
This made me laugh. I imagined the loud mouth guy from Dilbert doing this.
Before you even get in to the security line you have already given the airport your email, phone number, full name, payment info, and given them permission to look up more information on you for security reasons. You are about to have your belongings and person scanned and possibly searched.
Your MAC address is something you are broadcasting nearly all day. Anyone with the right software can grab it out of the air. The reason they don't is because its nearly useless on its own.
My point is, you have already given the airport a plethora of private information, are you seriously going to freak out that they now collect something that you broadcast publicly almost 24/7? Whats more is the solution is as simple as turning off your WiFi!
Your phone is doing wifi probes, so they can se your MAC even though you are not connected to their wifi
A lot of this would stop if people would get past this idea that disabling SSID broadcast does anything for security.
When you configure your client device to connect to hidden networks, what it's doing is occasionally shouting for that network to see if it's there.
MAC address randomization is currently being argued back and forth in IEEE 802.
It breaks many things. It might work randomizing between sessions on a simple LAN, but in the presence of the the 802.1 network features (bridges, vlans, STP, provider bridges etc. etc.) it simply breaks.
It doesn't sit well with the various authentication schemes that mix the MAC address into the security header and key derivation.
It doesn't sit will with MAC based routing entities that are not on the local segment.
People with a deep knowledge of 802 protocols are looking at this and it isn't simple or easy.
I should use this sig to advertise my book ISBN-13 : 978-1501515132.
No, the privacy implications of this are downright creepy. Because the most unsettling thing is governments and corporations feel they have a right to this information
Yet them rifling thru my stuff, making me take an xray, and removing my cloths just to be on the other side of the line is ok.
Gotcha...
The *WHOLE* TSA is creepy. If they discard the number after say 3 hours I doubt I would care much and think it cool... But being the TSA they probably archive it and keep it forever.
Cattle have had tags that help their handlers track them for decades. You people asked for this so you could feel safe, and you kept asking for it, by voting for the same corporate shills who are delighted that you've been so distracted by "teh terrorists" (and gay marriage, and abortions) that you're not paying attention to what's been happening. No move along, before we get out the prod.
At PDX and other places a TSA guy gives you a little colored card with a number on it.
At the other end of the line a TSA guy takes it from you.
They time of the line is measured by the transit time of the card.
Is this more or less creepy?
I should use this sig to advertise my book ISBN-13 : 978-1501515132.
Me thinks the transit time is the plausible excuse here. They really want to know who is going where so that if they nab you for some 'offense' then they have a history of all the places you were at and security footage as well. 'Free' wifi that really isn't free if you consider the implications.
Of course, there are other instances where Governments have been rather crass about it:
A few years ago I was transiting at Singapore's Changi Airport. They had free WiFi, but subject to me giving them the MAC address of all my devices, the flight I had arrived on and they wanted to record my Passport number as well. The girl behind the counter said, with a big smile and fluttering eyes, everyone gives us those details and the WiFi is really good.
If you find the ignorance of others to be exasperating (as indicated by the "Sigh" at the beginning of your post), then prepare yourself for a lifetime of stress.
New people are born every day, and they don't know anything. Everything you have already learned they will have to eventually learn as well. The experience of learning something new can be surprising, and result in articles like this one. That is simply how humans operate.
I suggest you get used to it.
To get to that point, one has to:
1.) buy airplane tickets, most likely by credit card (I'm sure there's some way to use cash to pay for airplane tickets, but I don't know a single person who's done that in a decade). These tickets give a very good probability as to where you are going to be, when. ...so now they're using the MACs of cell phones to figure out how long people are going to be in the queue, and we're worried about "privacy concerns"? You're in the wrong place if you're worried about privacy in the security line at an airport.
2.) check in - in other words, directly inform the airline that you are at the airport.
3.) get onto a line whose exit involves partial undress (shoes, belts, jackets), placing your personal effects on a conveyor belt to be searched, and an X-Ray of your body.
Its literally no different than somebody watching the airport cameras and counting how many people go through security each hour. Who cares?
GCS/MU/P d- s:- a-- C++++$ UL++ P+ L++ E+ W++ N o K- w--- O M+ V- PS+++ PE Y+ PGP t+ 5- X R++ tv+ b++ DI++ D++ G+ e++ h-
My airline knows I'm there. TSA knows I'm there.
But Cisco and anybody doing marketing? Not likely.
So, if you were in line and someone came up and said "we're doing this mandatory customer survey, we just need you to fill out this form" you'd think it was OK if a TSA agent was standing there to ensure you filled it out? This is about the equivalent for most people.
This crosses the line from me being in a place I need to be, and a private company having access to information they didn't have otherwise. Nobody from Cisco would have previously been in the loop, and except for this special case of a cell phone, there is no way they'd ever know -- it's not like the TSA makes a habit of letting marketers know this shit.
This is why I won't have a cell phone with a data plan, and don't leave wifi on.
But people don't have much of a choice but to be in the security line. Do you think this would be different from putting cameras and other trackers in the bathroom? Because I don't.
Except for official purposes required by law, I think we should have a reasonable expectation of privacy in places like this. It's not like the other people in line with you have any real way of knowing and transmitting your identity.
Lost at C:>. Found at C.
What?! Whoever wrote this (timothy) doesn't understand technology.
Counting unique MAC addresses means nothing.
It is literally just the same as watching the airport cameras and counting the passengers as they move through security.
Do you really honestly think there are no cameras at airports? Are you that clueless?
Your ignorance is a bit unsettling. Put away the tin foil.
GCS/MU/P d- s:- a-- C++++$ UL++ P+ L++ E+ W++ N o K- w--- O M+ V- PS+++ PE Y+ PGP t+ 5- X R++ tv+ b++ DI++ D++ G+ e++ h-
This has nothing to do with reading comprehension, nor with reading the last few sentences of an essay before drawing conclusions about it, so your meta-rant is really bizarre.
Better yet, don't go to the airport. You're probably being tracked on dozens of cameras via your face alone. You could cover your face with something to prevent tracking, but that might cause other problems.
These systems, assuming they are in place, are not active systems. They're passive systems, used to address events after the fact. Somebody jumps the terminal exit? Track them back to when they entered. Somebody caught with a bag that didn't go through security? Track them back to the person who gave it to them. That kind of stuff.
Anyone that paranoid about tracking should basically avoid the larger parts of society. Live out in a cabin in the woods near some small town, or in a trailer park in the middle of nowhere. Hell, that's what most people trying to avoid being tracked already do.
"If a nation expects to be ignorant and free in a state of civilization, it expects what never was and never will be."
... turn on "airplane mode" and/or turn of the phone.
But this involves TECHNOLOGY so it must be evil because without TECHNOLOGY there would be other possible way for the folks at the airport to calculate how long you might be waiting in line.
No siree, no way at all. You standing there, in full view of every person, in a public space. No way to check. None at all.
We will bankrupt ourselves in the vain search for absolute security. -- Dwight D. Eisenhower
How do probes with random macs break it? If a known network it wants to connect to is present it can use its real address.
But for probing -- for determining what available in-range SSIDs are present; so that location services can use the SSID list to assist positioning, and so that it can decide whether it wants to present its real address in a follow up / probe / connection request... that seems like something simple that shouldn't break anything.
And beyond that other than filtering by mac (which is idiotic) even the real mac should be randomizable between sessions with the same network SSID. (And should work with vlans, bridges etc)
People with a deep knowledge of 802 protocols are looking at this and it isn't simple or easy.
probing without connecting should be simple and easy.
I concede that maintaining any sort of connectivity needs some thought.
There are many things I would complain about, but an airport tracking information that you are publicly broadcasting is not one of them. You have 100% control over this. Pretty much the same thing as a server admin logging what IP addresses connect to his servers.
And, then what does Cisco et al do with this information? Oh, right, sell it for profit.
Assholes.
I'm quite sure Cisco (as a company) won't get that data, possibly their consultant is using and getting access to it for the time they do analysis at site, but that's it. My team runs Cisco Prime NCS at work with 8500 series controllers and several hundreds of access points with snooping capabilities (clean air etc). We haven't opted and bought MSE (Mobility Security Engine) yet, it costs quite a bit of money and does take some effort to setup and use efficiently.
There are certainly good, perfectly legal and perfectly fine use from privacy standpoint. Same kind of tracking happens many places today already. Traffic analysis is done in large scale using mobile phones during commuters, they could use if to find those speeding also if needes. When you go to a mall they analyze how crowd traverses trough it, studying the data reveals best and worst shelves, give good ones to good suppliers and worse to bad ones. They can catch lazy workers, lost elderly needing help, thieves or as their pattern is somehow different so why not observing how people behave in queue while waiting Check-In, Security Check or to Gate?
I assume you know that it's not just Wi-Fi, that can be done with Bluetooth, 3G and 4G too, there are MAC-addresses too. And there are protective gear (pouches etc.) available for purchase if this bothers you. (Remember the radio side does not turn ever off with some smartphones unless you run out of battery).
And Cisco, gathering and selling the data, come on -- get a life, man. Their consultants help setting up, but you can be quite sure they do not take the data with them, its their clients (TSA's) and they know that. But I'm not so sure about that but how about where that same kind of data gets from malls.
tl;dr: TSA studying patterns how people move in Security Check queue is minor thing to worry about. The problem is bigger and lies in practise elsewhere.
I don't see a great privacy implication here. WiFi is, again, a broadcast medium. If you've got WiFi turned on, you already know your phone is broadcasting to access points and that those access points know you're inside their range (and with the way modern beam-forming tech works, they have a good idea exactly where you are). If I were interested in privacy, I'd have WiFi turned off so I wasn't broadcasting my presence constantly.
If you are in an airport your are IN PUBLIC. Your privacy rights are significantly reduced when you are in public. You have no legal expectation of privacy in public. There is nothing remotely creepy about this. In fact I actually think this is a fairly clever use of the technology which allows people to easily opt out if desired.
Excuse me... When I'm in a public place, I can see everyone who can see me. It's symmetrical. The other passengers can see me, I can see them.
When someone spies on me electronically, that spy doesn't actually know whether I'm in public or not. Airports have lots of rooms where I could be that are not public. I can't see any justification why the fact that people can see me would mean that people can electronically spy on me.
Oh, and I forgot that when you go to mall there can be tracking chip (wifi-tag) in cart or in basket (bottom or handle) to do exactly same thing there, so even if you have the security pouch that keeps your own devices quiet, tracking will still happne.
Is there a law I'm not aware of that requires you to carry a smart phone with Wifi turned on at all times? If not, you have a choice, and if your paranoid fears take over then you should use a different device...
If it comes to worse, I guess you could also put the tin foil hat on your cellphone and ground the hat. If that helps.
Worrying about this does seem a bit silly, given that it's trivially avoided by turning off WiFi and that by flying you're already participating in one of the most surveilled activities anywhere on the planet. I mean, this is a field where for some reason a lot of people just accept behaviour like strip searches (of the virtual and/or physical variety) and/or pat downs that would get the patter classified as a sex offender under normal conditions and/or pretty much arbitrary confiscation and examination of any property they're carrying with them, not to mention all the pre-travel details you have to provide for checking against who-knows-what databases.
However, the argument that when you're out in public you don't deserve any privacy needs to die. The law in most places may not have kept up with technology and its implications, but this argument is about as sensible as "if you have nothing to hide then you have nothing to fear".
Arguing that the historical privacy situation (if you're out in public, someone you walk past can see you) is like today's privacy situation (you're monitored by numerous cameras and sensors, using unknown automated recognition technologies, connected to unknown databases for future reference by unknown parties for unknown purposes) is a bit like arguing that the historical situation with carrying weapons (if the other guy has a sword in a dodgy area, letting you carry one yourself as well is reasonable) is like today's (where if you replace "sword" with "dirty bomb" then the results are on a rather different scale when someone abuses the system).
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
Anyone that paranoid about tracking should basically avoid the larger parts of society. Live out in a cabin in the woods near some small town, or in a trailer park in the middle of nowhere. Hell, that's what most people trying to avoid being tracked already do.
Because that's acceptable in a supposedly free society? Maybe we should instead change our government (no mass surveillance, no TSA, etc.) and enact sensible privacy laws.
You are taking the logical leap to assuming that Cisco can, are allowed to, and will gather this data and use it commercially. I can't see a mention in the article of Cisco having ownership of the data. Just because they developed the system (did you expect the TSA to do it themselves?) doesn't mean the own the data collected. I understand that a lot of people are cynical about privacy issues, but at least try to base you comments on facts and not mere speculation.
In Copenhagen Airport, passengers have been tracked using Bluetooth for some years. The visible difference for the customers is a display that shows the security waiting time in minutes.
When someone spies on me electronically, that spy doesn't actually know whether I'm in public or not.
Explain how the airport does not know you are in public when you are standing in a security line and broadcasting a radio signal.
Airports have lots of rooms where I could be that are not public.
You are confusing seclusion with the legal concept of privacy. They are not the same thing. The airport is not private property owned by you. Generally speaking you have no objective expectation of privacy anywhere on the airport grounds so long as your Fourth Amendment rights to unreasonable search and seizure are not violated. It does not matter if you are alone in a room or standing in a public area.
I can't see any justification why the fact that people can see me would mean that people can electronically spy on me.
Nobody is spying on you. You are BROADCASTING your presence. Get a clue. If it bothers you then turn your radio off and it won't be a problem for you.
You must be new here. :-P
Nobody reads TFA ... everybody jumps to their own wild speculation and paranoia. Hilarity ensues.
Do I come down heavily on the tin-foil hat/privacy/conspiracy theory end of the spectrum??? Absolutely.
Does that make me wrong? Less often than I'd prefer, actually. It gets a little depressing.
The world continuously reinforces my cynicism by making crazy sounding things come true and become commonplace. This way just saves time.
Lost at C:>. Found at C.
Again, what does any of this have to do with using free services?
There are probably security cameras watching the line already. Use them to count the people. Software for this is available from several suppliers.
Cameras at intersections already do this, as part of traffic signal control. The best systems report things like "3 cars waiting at signal, then a big gap, then more approaching cars". The controller can then let three cars through, then turn the light for that intersection face red and let the other direction go.
However, the argument that when you're out in public you don't deserve any privacy needs to die. The law in most places may not have kept up with technology and its implications
It's not that you have no privacy in public but rather that your expectations of privacy are (and should be) rather limited. You might be noticed or you might not be but you should have no objective legal expectation that your actions will go unnoticed by anyone. As a general practical matter is is basically impossible to provide you with the sort of privacy you might expect in your home when out in public. There are legitimate public safety concerns as well as practical considerations. Are we supposed to avert our eyes because you walked by so that you can pretend you went unnoticed?
The new iPhone os randomized your Mac address daily so ppl can't do long term tracking. It's just one of the privacy improvements. Apple is really awesome about privacy which is one reason I use an iPhone.
And now they can link all that info to a MAC address and trace through every log with that address and link it to your profile. Maybe not the first time, but each time you go through the security lines all the other MACs will be different while yours stays the same. It doesn't need to be perfect, it only needs to be good enough. Few people change their MAC address, even less so on mobile devices.
I'd actually prefer they used a camera system instead. The cameras are already there.
Expect to see this everywhere there are lines, especially amusement parks.
Agreed. This to me actually seems fine. We can't cry foul on everything every time, if so our complaints, even the legitimate ones become noise.
Am I the first to point out iOS8 fixes this.
http://appleinsider.com/articl...
-- I was raised on the command line, bitch
It is very different. The person watching a camera has to identify you based on the clarity of the image among everyone else in the image. You might be "the blonde one over there in that mess of blondes".
If there were any places with a good camera shot of faces, all it would take is a directed MAC scanner to tie the MAC to a face recognized ID. Even agent counters or DIY terminals can ID your face or other unique information and tie to the MAC your phone screams. After this link is made, they can track you individually in a crowd with no further effort. This is the same as online meta-data. Once a link is made, a unique name/number, or a collection of non-unique data that no one else has which makes it unique, can identify and locate you very simply most often.
You might as well have a balloon floating over you with your name and SSN on it in the crowd. Just the same as the internet. With so much variety of personal items, your collection is unique to you most of the time. (The only one with a polka dot shirt and jeans is like the only one without SilverLight but with Adobe Flash mentioned in browser headers.)
You do not have to be paranoid to understand what is happening.
Yep, that's right: tracking by cell tower triangulation, performed by the cell carrier you have contracted to carry your signal and which locates on a precision scale on the order of a half-mile, is exactly analogous to a private party tracking your phone using tech which locates private citizens with orders of magnitude better precision.
Not that I'm freaking out about the MAC tracking being reported here, but your attempt at equating these two entirely unrelated practices is way off -- as well as something that all /.ers already knew.
>How do probes with random macs break it? If a known network it wants to connect to is present it can use its real address.
You can probe with a random mac all you like.
But you can't then connect with a random mac and expect the connectivity to work. Not when the mac is changing faster than the network attachment. If it isn't changing that fast (like in Apple's products) it can work, but it doesn't stop a broad class of tracking.
So yes, you can probe all day with a random mac. Just expect to have to reveal a session-consistent mac when you try to connect.
I asked a friend in the middle of this in 802 and he dumped a pile of documents on me. It was quite an entertaining read.
I should use this sig to advertise my book ISBN-13 : 978-1501515132.
There is an incredibly easy solution. Turn off your Wifi. Tada! Problem solved.
These days, it isn't easy being an electronic ninja. Don't forget to turn off Cell, Bluetooth and NFC, the radios in your glasses, watch, fitness monitor, Tesla fob, headphones, tablet and gameboy, and disable the RFID tags in your wallet, luggage, shoes and clothing.
Some amount of paranoia can be healthy. But youre BSI.
As the other dude said: just turn off your wifi and dont connect.
If they really wanted data on whos going to the airport, there is little to stop Cisco from just partnering with the airlines in the first place.
The guy who said the election was rigged won the presidency with the second-most votes.
I don't know what it is, but slashdot editors just LOVE the hell out of cell phone tracking. I mean, there has probably been a story or two on the subject before now:
http://slashdot.org/story/05/1...
http://slashdot.org/story/05/1...
http://slashdot.org/story/05/1...
http://slashdot.org/story/05/1...
http://slashdot.org/story/02/1...
http://slashdot.org/story/02/0...
http://slashdot.org/story/06/0...
http://slashdot.org/story/07/0...
http://slashdot.org/story/12/1...
http://slashdot.org/story/06/1...
http://slashdot.org/story/02/1...
Everyone go out and find all the cell phone tracking stories you can, and submit every one to /. They love it when you do that!
Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
C) When you check in, they know you are there.
No, they know you've checked in, and they can assume you expect to be there sometime before the flight. They don't know you are there because you don't have to be there to check in.
My airline knows I'm there. TSA knows I'm there.
Your airline doesn't know you are standing in the security line, and it may not even know you are at the airport. The TSA doesn't know you are there until you hit the boarding pass/id check.
It's not like the other people in line with you have any real way of knowing and transmitting your identity.
Your MAC address isn't your identity any more than your IP address is. But yes, they can easily snap a photo of you and send it off to the web.
I believe Apple phones now have a function to periodically change their broadcast MAC for this very reason. Does anyone know of a tool for Android that does the same thing?
This posting is provided 'AS IS' without warranty of any kind, implied or otherwise.
Nuts, sorry, redundant, please mod down. :)
This posting is provided 'AS IS' without warranty of any kind, implied or otherwise.
There's one wait-time display for each line to go through security, so before they get in line, travelers can join the one with the shortest wait. In effect, they do their own load balancing, which can minimize the wait time for everyone.
Based on the airports I typically use I had assumed that all of them used a single line with TSA agents directing people to a particular lane. Wouldn't that be a simpler solution?
You *say* you're wrong less often that you'd prefer, but how can you possibly know that if you make no effort to fit your delusions with reality?
We hope your rules and wisdom choke you / Now we are one in everlasting peace
I agree with you in this case, but not in general. There is a big diffence between a person logging events and it being done via a logging mechanism.
For example, the argument has been used that police should be able to put a tracking device on your car because they could achieve the same thing by following you. Another example would be setting up a license plate scanner on a road and logging every car that passes through.
The fact that a tracking method is using automated technology is not a distinction without a difference - it has huge implications.
How is my comment "flamebait"? This technology doesn't require connection to the free airport WIFI - it uses the WIFI probing that cellphones and tablets broadcast.
I believe some traffic system also use the bluetooth address advertised by cell phones to calculate the traffic speed.
> Its literally no different
The scale is different.
Now I have zero problems with this application, in fact, good idea I'll be sure to leave my wifi on, happy to help.
But anything done "with a computer" has the potential to scale out of control. I like the old saying "To err is human, to really screw up you need a computer".
If this technology jumps from airports to protests for instance. A simple copy/paste and suddenly we have problems.
Has been done in Halifax, Nova Scotia, Canada for some time now.
Probe with random. Connect with real mac. There is a reason why MACs are unique. If two devices have the same MAC, both of their routes will get fucked up.
Anyway, all that is defined in RFCs.
RFCs? That's IEEE 802.
For 802.11, the chicken and egg problem is that you use the MAC in the security association exchange.
For MAC randomization you must do duplicate detection. The recent proposal in IEEE 802.11 by Mathieu Crunche was to send a reverse ARP to probe the MAC you are trying to spoof. Retry until you get no response.
But you can't send that RARP until you've done the security association. So you'd have to invent something else to get around that problem or do it a different way.
I should use this sig to advertise my book ISBN-13 : 978-1501515132.
Many airports, shopping malls, and other areas with large migrations of people in busy areas, do this. The systems are optimized for analyzing passenger and customer flows in order to allocate resources like number of staff at security, gates, etc. The more data points (check-in, security control, duty free, boarding gate), the richer the data. The overhead of doing anything else, like trying to match a device I'd. to an actual person, presents no value but only s bottleneck for providing teal-time analytics. Also, they can get that sort of data more efficiently through things like shopping loyalty schemes: Heathrow Airport practically mandates that every retail outlet scans your boarding pass (probably illegal under EU data protection law) and that they hand over ALL data collected from passengers. Airport security is my least worry
Then they'll know you brought your phone with you on your flight. The implications are shocking!
So yes, you can probe all day with a random mac. Just expect to have to reveal a session-consistent mac when you try to connect.
But that's the use case most of us actually have. If I'm at the mall, I'm not in range of any known network. Of course my phone doesn't know that -- so it needs to probe.
Meanwhile, I'm at the mall, and the mall is very interested in where I am, how long I spend there, how often I come back, etc... so they are tracking those probes, and building a profile on the activity from that MAC.
I'm not actually connected to any network. Nor do I expect to connect to any network.
Therefore the probes should always be random.
Once that's determined that HEY there IS a known network in range, THEN and ONLY THEN it can use a non-random mac. If I connect to a network, then I implicitly submit to some level of tracking -- the network implicitly needs to know where I am and whether I am connected so it can route traffic to me.
How dare they provide me useful info like how long my wait time is in minutes? I hate when people measure anything about me because I'm a privacy obsessed nutcase moron! Also I hate when strangers LOOK AT ME in the airport line, that also gives them information about how fast I'm moving and who I am, which I hate to have strangers know! That's why I always wear an invisibility cloak when I go through the airport security line. People bump into me a lot but it's a small price to pay to get .0001% of my privacy back because THIS part is the MOST IMPORTANT PART of my privacy really.