Slashdot Mirror
Austin Airport Tracks Cell Phones To Measure Security Line Wait
jfruh writes If you get into the TSA security line at Austin-Bergstrom International Airport, you'll see monitors telling you how long your wait will be — and if you have a phone with Wi-Fi enabled, you're helping the airport come up with that number. A system implemented by Cisco tracks the MAC addresses of phones searching for Wi-Fi networks and sees how long it takes those phones to traverse the line, giving a sense of how quickly things are moving. While this is useful information to have, the privacy implications are a bit unsettling.
Its not like they don't already know where you are when you are entering airport security.
Modern IOS versions randomize the MAC used for passive wifi scans. I'd imagine android is also doing the same.
Don't use the FREE effing wifi, if you don't like it. If you're not paying for the product, you are the product.
Turn off wi-fi. Done.
You can be tracked anywhere anytime you're using a communication radio. Deal with it.
"A plan fiendishly clever in its intricacies"- Homer Simpson
And, it's not like you can opt out .. unless you simply don't fly.
...if you have a phone with Wi-Fi enabled
You could always just, you know, turn off wifi on your phone.
The only thing necessary for evil to triumph is for it to be pitted against a slightly greater evil
I'm a huge privacy advocate... but how far are we going to go with this?
You're in a public place.
You're connecting to their network at various points.
They're using that info to figure out how long it takes for you to get through the line.
How is this any different than them using your check ins with your boarding pass?
"I just dumped the entire contents of my luggage in the middle of food court. I appreciate the offer to help me pick it up bu how dare you invade my privacy!"
Don't the new iOS randomly pick a MAC address when scanning for available networks now? If you don't want to be tracked, don't connect to the airport Wifi.
Magic doesn't work in my presence. My power of disbelief is too strong.
If you've got a recent iPhone, it's already randomizing the MAC used for background scans:
Of course, that doesn't work if you are using the phone to read Twitter while waiting in line, because seriously, what else are you expected to do while shuffling along?
While this is useful information to have, the privacy implications are a bit unsettling.
As best I can tell from the description, this sounds similar to what Disney and other themeparks use to track their wait times for rides, except the amusement parks occasionally hand out little RFID "things" to guests at the ride entrance and ask the guest to give it to the operator.
As far as I'm aware, any time you're polling for WiFi networks you're broadcasting your MAC; this just seems like a fairly benign way to get information about a process without getting actual data on an individual.
Granted, you can somewhat reliably tie together a MAC addy's travel path if you have the ability to see all the places that MAC has been, but that was true even without this particular software.
So, yeah, what is the concern about this software in particular? It seems like the complaint is more with how the scanning for networks works.
Sigh. Ok people, let me explain something ... if your cell phone is on, you are being tracked. You always have been. The cell towers have to communicate with your phone, and therefore you are always being tracked.
This particular instance of tracking (by noting with a MAC address enters/leaves an area) is no more invasive than what has been happening at the airport for decades with the cameras that are up at every airport everywhere. Tracking a MAC address doesn't indicate who you are or give them access to any information about you as an individual.
Furthermore, if you have your WiFi on, you are again always locatable. If you really think that someone someone being able to know that MAC 00:11:22:33:44:55:66 has left the building is an invasion of privacy, turn off your phone - or better yet don't have a cell phone, because you are being tracked and inspected in far more invasive ways than that if you have a cell phone.
Nobody is forcing you to connect to the airport WIFI network. It's just as disturbing to me that you think you should have the right to data on someone else's network just because you use it. If you were paying for such a right and had a contract in place, I could see that. But you are not, and therefore you have no right to tell them what they can and can not do with that data. It's not just you, people all over are using free services and then claiming they have a right to tell the providers what to do with the data those services collect.
Certainly I don't want them to know I have a cell phone, that would be an invasion of my privacy while I wait in line for my NAKED BODY SCAN, right after I hand them my government-issued ID. There are privacy invasions happening there, but they aren't wifi related.
A bit????
No, the privacy implications of this are downright creepy. Because the most unsettling thing is governments and corporations feel they have a right to this information.
And, it's not like you can opt out .. unless you simply don't fly.
And, then what does Cisco et al do with this information? Oh, right, sell it for profit.
Assholes.
They A) Already know you have a flight booked B) Already know where you are going. C) When you check in, they know you are there. If you want privacy of how long you are waiting in line. Don't broadcast your location over the air waves with a transmitter.
I don't want to do a sig now
You are dumb.
The manufacturer of your phone already knows your mac address. It has no value to anyone else beyond the first network hop. You like the author are an idiot who knows nothing about MAC addresses.
I disagree. Although i do think my phone should change its mac address regularly so that the tracking is at most session based. They know -a phone- was in line for 30 minutes. They don't know the phone is my phone. And when they see a phone a for 30 minutes next week they won't know its the -same phone-.
Also, just a heads up to those excited about Apple's ios mac randomization -- its proving to be not remotely as good as they led us to believe it would be. (It only sends out a random mac when a) not connected to a network, b) AND asleep.
Any time anything wakes up the phone it probes with its real mac. (So for example, if your on cellular data, and twitter or email or something gets a message to your phone, it wakes up and probes wifi with its real mac...) rendering the feature all but useless. Apparently the fake probes also include your recent SSID list too making them even more useless.
http://www.imore.com/closer-lo...
So... not worse than ios7 ... but not exactly useful either.
And on that note, does anyone recommend a good automatic mac randomizer for android?
Well, I fail to see how people taking note of information that you're basically shouting out loud to everyone around you can be considered creepy.
I mean, you phone is basically saying "Hi I'm John Smith the <48 bit MAC ID> and I'm looking for WiFi, anyone offering some?" over and over again.
So you're saying it's not right for someone to overhear it and write that down? "I just heard a John Smith out there".
You must be real fun at parties when people overhear your conversations.
No, the privacy implications of this are downright creepy. Because the most unsettling thing is governments and corporations feel they have a right to this information.
If you are in an airport your are IN PUBLIC. Your privacy rights are significantly reduced when you are in public. You have no legal expectation of privacy in public. There is nothing remotely creepy about this. In fact I actually think this is a fairly clever use of the technology which allows people to easily opt out if desired.
And, it's not like you can opt out .. unless you simply don't fly.
There is an incredibly easy solution. Turn off your Wifi. Tada! Problem solved. If you have Wifi turned on then you are quite literally broadcasting your presence to anyone who cares to listen. It's like shouting at the top of your lungs in the airport and then telling everyone you have no way to opt out. YOU are the one broadcasting. It is YOUR choice. If you don't want people to listen then turn off your radio.
So what you're saying is:
When you are standing in line... ...at the security checkpoint of an airport... ...it's an invasion of privacy for them to know where you are...?
The guy who said the election was rigged won the presidency with the second-most votes.
This made me laugh. I imagined the loud mouth guy from Dilbert doing this.
MAC address randomization is currently being argued back and forth in IEEE 802.
It breaks many things. It might work randomizing between sessions on a simple LAN, but in the presence of the the 802.1 network features (bridges, vlans, STP, provider bridges etc. etc.) it simply breaks.
It doesn't sit well with the various authentication schemes that mix the MAC address into the security header and key derivation.
It doesn't sit will with MAC based routing entities that are not on the local segment.
People with a deep knowledge of 802 protocols are looking at this and it isn't simple or easy.
I should use this sig to advertise my book ISBN-13 : 978-1501515132.
To get to that point, one has to:
1.) buy airplane tickets, most likely by credit card (I'm sure there's some way to use cash to pay for airplane tickets, but I don't know a single person who's done that in a decade). These tickets give a very good probability as to where you are going to be, when. ...so now they're using the MACs of cell phones to figure out how long people are going to be in the queue, and we're worried about "privacy concerns"? You're in the wrong place if you're worried about privacy in the security line at an airport.
2.) check in - in other words, directly inform the airline that you are at the airport.
3.) get onto a line whose exit involves partial undress (shoes, belts, jackets), placing your personal effects on a conveyor belt to be searched, and an X-Ray of your body.
Its literally no different than somebody watching the airport cameras and counting how many people go through security each hour. Who cares?
GCS/MU/P d- s:- a-- C++++$ UL++ P+ L++ E+ W++ N o K- w--- O M+ V- PS+++ PE Y+ PGP t+ 5- X R++ tv+ b++ DI++ D++ G+ e++ h-
In Copenhagen Airport, passengers have been tracked using Bluetooth for some years. The visible difference for the customers is a display that shows the security waiting time in minutes.
However, the argument that when you're out in public you don't deserve any privacy needs to die. The law in most places may not have kept up with technology and its implications
It's not that you have no privacy in public but rather that your expectations of privacy are (and should be) rather limited. You might be noticed or you might not be but you should have no objective legal expectation that your actions will go unnoticed by anyone. As a general practical matter is is basically impossible to provide you with the sort of privacy you might expect in your home when out in public. There are legitimate public safety concerns as well as practical considerations. Are we supposed to avert our eyes because you walked by so that you can pretend you went unnoticed?
>How do probes with random macs break it? If a known network it wants to connect to is present it can use its real address.
You can probe with a random mac all you like.
But you can't then connect with a random mac and expect the connectivity to work. Not when the mac is changing faster than the network attachment. If it isn't changing that fast (like in Apple's products) it can work, but it doesn't stop a broad class of tracking.
So yes, you can probe all day with a random mac. Just expect to have to reveal a session-consistent mac when you try to connect.
I asked a friend in the middle of this in 802 and he dumped a pile of documents on me. It was quite an entertaining read.
I should use this sig to advertise my book ISBN-13 : 978-1501515132.